MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed terminal issue.

This commit is contained in:
Ylian Saint-Hilaire 2021-03-12 13:44:42 -08:00
parent 55853846aa
commit 0e69492ba5
8 changed files with 127 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
MeshCentralServer.njsproj
View File

@ -98,7 +98,7 @@
<Compile Include="amt\amt-xml.js" />
<Compile Include="amt\amt.js" />
<Compile Include="exeHandler.js" />
<Compile Include="amthelloserver.js" />
<Compile Include="amtprovisioningserver.js" />
<Compile Include="letsencrypt.js" />
<Compile Include="mcrec.js" />
<Compile Include="meshaccelerator.js" />

2
amthelloserver.js → amtprovisioningserver.js
View File

@ -17,7 +17,7 @@
// Construct the Intel AMT hello server. This is used for Intel AMT bare-metal activation on the local LAN.
// This server can receive a notification from Intel AMT and attempt activation.
// In Intel documentation, this is called the Setup and Configuration Application (SCA)
module.exports.CreateAmtHelloServer = function (parent, config) {
module.exports.CreateAmtProvisioningServer = function (parent, config) {
var obj = {};
// WSMAN stack

107
certoperations.js
View File

@ -355,6 +355,113 @@ module.exports.CertificateOperations = function (parent) {
return AmtSetupBinStack.AmtSetupBinEncode(setupbin);
}
// Get a bare metal setup.bin file
obj.GetBareMetalSetupBinFile = function (amtacmactivation, oldmebxpass, newmebxpass, domain, user) {
// Create a setup.bin file for our own root cert
// Get the wiadcard certificate hash
var wildcardCertSha256 = null;
for (var i = 0; i < amtacmactivation.acmmatch.length; i++) { if (amtacmactivation.acmmatch[i].cn == '*') { wildcardCertSha256 = amtacmactivation.acmmatch[i].sha256; } }
// Create the Setup.bin stack
const AmtSetupBinStack = require('./amt/amt-setupbin')();
var setupbin = AmtSetupBinStack.AmtSetupBinCreate(3, 1); // Version 3, 1 = Records will not be consumed.
var certRootName = 'MeshCentral';
// Figure out what trusted FQDN to use.
var trustedFQDN = parent.config.settings.amtprovisioningserver.trustedfqdn
// Figure out the provisioning server port
var port = 9971;
if (typeof parent.config.settings.amtprovisioningserver.port == 'number') { port = parent.config.settings.amtprovisioningserver.port; }
// Figure out the provisioning server IP address
var ipaddr = '192.168.2.147'; // TODO
if (typeof parent.config.settings.amtprovisioningserver.ip == 'string') { ipaddr = parent.config.settings.amtprovisioningserver.ip; }
var ipaddrSplit = ipaddr.split('.');
var ipaddrStr = String.fromCharCode(parseInt(ipaddrSplit[3])) + String.fromCharCode(parseInt(ipaddrSplit[2])) + String.fromCharCode(parseInt(ipaddrSplit[1])) + String.fromCharCode(parseInt(ipaddrSplit[0]));
// Create a new record
var r = {};
r.typeIdentifier = 1;
r.flags = 1; // Valid, unscrambled record.
r.chunkCount = 0;
r.headerByteCount = 0;
r.number = 0;
r.variables = [];
setupbin.records.push(r);
// Create "Current MEBx Password" variable
var v = {};
v.moduleid = 1;
v.varid = 1;
v.length = -1;
v.value = oldmebxpass;
setupbin.records[0].variables.push(v);
// Create "New MEBx Password" variable
v = {};
v.moduleid = 1;
v.varid = 2;
v.length = -1;
v.value = newmebxpass;
setupbin.records[0].variables.push(v);
// Create "User Defined Certificate Addition" variable
v = {};
v.moduleid = 2;
v.varid = 8;
v.length = -1;
v.value = String.fromCharCode(2) + Buffer.from(wildcardCertSha256, 'hex').toString('binary') + String.fromCharCode(certRootName.length) + certRootName; // 2 = SHA256 hash type
setupbin.records[0].variables.push(v);
// Create "PKI DNS Suffix" variable
v = {};
v.moduleid = 2;
v.varid = 3;
v.length = -1;
v.value = trustedFQDN;
setupbin.records[0].variables.push(v);
// Create "Configuration Server FQDN" variable
v = {};
v.moduleid = 2;
v.varid = 4;
v.length = -1;
v.value = trustedFQDN;
setupbin.records[0].variables.push(v);
// Create "Provisioning Server Address" variable
v = {};
v.moduleid = 2;
v.varid = 17;
v.length = -1;
v.value = ipaddrStr;
setupbin.records[0].variables.push(v);
// Create "Provisioning Server Port Number" variable
v = {};
v.moduleid = 2;
v.varid = 18;
v.length = -1;
v.value = port;
setupbin.records[0].variables.push(v);
// Create "Remote Configuration Enabled (RCFG)" variable
v = {};
v.moduleid = 2;
v.varid = 5;
v.length = -1;
v.value = '1'; // Turn on
setupbin.records[0].variables.push(v);
// Write to log file
obj.logAmtActivation(domain, { time: new Date(), action: 'setupbin', domain: domain.id, userid: user._id, oldmebx: oldmebxpass, newmebx: newmebxpass, rootname: certRootName, hash: wildcardCertSha256, dns: 'rootcert.meshcentral.com' });
// Encode the setup.bin file
return AmtSetupBinStack.AmtSetupBinEncode(setupbin);
}
// Return the certificate of the remote HTTPS server
obj.loadPfxCertificate = function (filename, password) {
var r = { certs: [], keys: [] };

4
meshcentral.js
View File

@ -1650,8 +1650,8 @@ function CreateMeshCentralServer(config, args) {
});
// Setup Intel AMT hello server
if ((typeof config.settings.amthelloserver == 'object') && (typeof config.settings.amthelloserver.devicegroup == 'string') && (typeof config.settings.amthelloserver.newmebxpassword == 'string') && (typeof config.settings.amthelloserver.trustedfqdn == 'string')) {
obj.amthelloserver = require('./amthelloserver').CreateAmtHelloServer(obj, config.settings.amthelloserver);
if ((typeof config.settings.amtprovisioningserver == 'object') && (typeof config.settings.amtprovisioningserver.devicegroup == 'string') && (typeof config.settings.amtprovisioningserver.newmebxpassword == 'string') && (typeof config.settings.amtprovisioningserver.trustedfqdn == 'string')) {
obj.amtProvisioningServer = require('./amtprovisioningserver').CreateAmtProvisioningServer(obj, config.settings.amtprovisioningserver);
}
// Start collecting server stats every 5 minutes

11
meshuser.js
View File

@ -5283,8 +5283,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
case 'amtsetupbin': {
if ((command.oldmebxpass != 'admin') && (common.validateString(command.oldmebxpass, 8, 16) == false)) break; // Check password
if (common.validateString(command.newmebxpass, 8, 16) == false) break; // Check password
var bin = parent.parent.certificateOperations.GetSetupBinFile(domain.amtacmactivation, command.oldmebxpass, command.newmebxpass, domain, user);
try { ws.send(JSON.stringify({ action: 'amtsetupbin', file: Buffer.from(bin, 'binary').toString('base64') })); } catch (ex) { }
if ((command.baremetal) && (parent.parent.amtProvisioningServer != null)) {
// Create bare metal setup.bin
var bin = parent.parent.certificateOperations.GetBareMetalSetupBinFile(domain.amtacmactivation, command.oldmebxpass, command.newmebxpass, domain, user);
try { ws.send(JSON.stringify({ action: 'amtsetupbin', file: Buffer.from(bin, 'binary').toString('base64') })); } catch (ex) { }
} else {
// Create standard setup.bin
var bin = parent.parent.certificateOperations.GetSetupBinFile(domain.amtacmactivation, command.oldmebxpass, command.newmebxpass, domain, user);
try { ws.send(JSON.stringify({ action: 'amtsetupbin', file: Buffer.from(bin, 'binary').toString('base64') })); } catch (ex) { }
}
break;
}
case 'meshToolInfo': {

6
public/scripts/agent-redir-ws-0.1.1.js
View File

@ -172,11 +172,11 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
if (typeof e.data == 'string') {
obj.xxOnControlCommand(e.data);
} else {
// If only 1 byte
if ((cmdAccLen == 0) && (e.data.byteLength == 1)) return; // Ignore single byte data, this is a keep alive.
// Send the data to the module
if (obj.m.ProcessBinaryCommand) {
// If only 1 byte
if ((cmdAccLen == 0) && (e.data.byteLength < 4)) return; // Ignore any commands less than 4 bytes.
// Send as Binary Command
if (cmdAccLen != 0) {
// Accumulator is active

5
views/default.handlebars
View File

@ -4267,7 +4267,8 @@
x += addHtmlValue("Old Password", '<input id=dp1password0 type=password style=width:230px autocomplete=off maxlength=32 onchange=validateAmtAcmSetupEx() onkeyup=validateAmtAcmSetupEx() />');
x += addHtmlValue("New Password*", '<input id=dp1password1 type=password style=width:230px autocomplete=off maxlength=32 onchange=validateAmtAcmSetupEx() onkeyup=validateAmtAcmSetupEx() />');
x += addHtmlValue("New Password*", '<input id=dp1password2 type=password style=width:230px autocomplete=off maxlength=32 onchange=validateAmtAcmSetupEx() onkeyup=validateAmtAcmSetupEx() />');
x += '<span id=dp10passNotify style="font-size:10px"> ' + "* 8 characters, 1 upper, 1 lower, 1 numeric, 1 non-alpha numeric." + '</span>';
if (features2 & 0x00000020) { x += '<label><input id=dp1lanprov type=checkbox /> ' + "Use for bare-metal LAN activation." + '</label>'; } // Intel AMT LAN provisioning server is active.
x += '<div><span id=dp10passNotify style="font-size:10px"> ' + "* 8 characters, 1 upper, 1 lower, 1 numeric, 1 non-alpha numeric." + '</span></div>';
setDialogMode(2, "Intel&reg; AMT ACM", 3, showAmtAcmSetupEx, x);
Q('dp1password0').focus();
validateAmtAcmSetupEx();
@ -4281,7 +4282,7 @@
}
function showAmtAcmSetupEx() {
meshserver.send({ action: 'amtsetupbin', oldmebxpass: Q('dp1password0').value, newmebxpass: Q('dp1password1').value });
meshserver.send({ action: 'amtsetupbin', oldmebxpass: Q('dp1password0').value, newmebxpass: Q('dp1password1').value, baremetal: ((features2 & 0x00000020) && (Q('dp1lanprov').checked)) });
}
// Display the Intel AMT scanning dialog box

1
webserver.js
View File

@ -2476,6 +2476,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((obj.parent.firebase != null) && (obj.parent.firebase.pushOnly != true)) { features2 += 0x00000004; } // Indicates the server supports Firebase two-way push messaging
if (obj.parent.webpush != null) { features2 += 0x00000008; } // Indicates web push is enabled
if (((obj.args.noagentupdate == 1) || (obj.args.noagentupdate == true))) { features2 += 0x00000010; } // No agent update
if (parent.amtProvisioningServer != null) { features2 += 0x00000020; } // Intel AMT LAN provisioning server
// Create a authentication cookie
const authCookie = obj.parent.encodeCookie({ userid: dbGetFunc.user._id, domainid: domain.id, ip: req.clientIp }, obj.parent.loginCookieEncryptionKey);