MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Started work MeshCentral2 legacy update path.

This commit is contained in:
Ylian Saint-Hilaire 2017-11-03 17:01:30 -07:00
parent a550e9cf94
commit 3a5af0a1c9
5 changed files with 241 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
MeshCentralServer.njsproj
View File

@ -35,6 +35,7 @@
<Compile Include="meshrelay.js" />
<Compile Include="meshuser.js" />
<Compile Include="mpsserver.js" />
<Compile Include="swarmserver.js" />
<Compile Include="multiserver.js" />
<Compile Include="pass.js" />
<Compile Include="public\relay.js" />

13
certoperations.js
View File

@ -185,6 +185,19 @@ module.exports.CertificateOperations = function () {
rcount++;
}
// If the swarm server certificate exist, load it (This is an optional certificate)
if (obj.fileExists(directory + '/swarmserver-cert-public.crt') && obj.fileExists(directory + '/swarmserver-cert-private.key')) {
var swarmServerCertificate = obj.fs.readFileSync(directory + '/swarmserver-cert-public.crt', 'utf8');
var swarmServerPrivateKey = obj.fs.readFileSync(directory + '/swarmserver-cert-private.key', 'utf8');
r.swarmserver = { cert: swarmServerCertificate, key: swarmServerPrivateKey };
}
// If the swarm server root certificate exist, load it (This is an optional certificate)
if (obj.fileExists(directory + '/swarmserverroot-cert-public.crt')) {
var swarmServerRootCertificate = obj.fs.readFileSync(directory + '/swarmserverroot-cert-public.crt', 'utf8');
r.swarmserverroot = { cert: swarmServerRootCertificate };
}
// If CA certificates are present, load them
var caok, caindex = 1, calist = [];
do {

26
meshcentral.js
View File

@ -10,6 +10,7 @@ function CreateMeshCentralServer() {
obj.webserver;
obj.redirserver;
obj.mpsserver;
obj.swarmserver;
obj.amtEventHandler;
obj.amtScanner;
obj.meshScanner;
@ -64,7 +65,7 @@ function CreateMeshCentralServer() {
try { require('./pass').hash('test', function () { }); } catch (e) { console.log('Old version of node, must upgrade.'); return; } // TODO: Not sure if this test works or not.
// Check for invalid arguments
var validArguments = ['_', 'notls', 'user', 'port', 'mpsport', 'redirport', 'cert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbimport', 'selfupdate', 'tlsoffload', 'userallowedip', 'fastcert'];
var validArguments = ['_', 'notls', 'user', 'port', 'mpsport', 'redirport', 'cert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbimport', 'selfupdate', 'tlsoffload', 'userallowedip', 'fastcert', 'swarmport', 'swarmdebug'];
for (var arg in obj.args) { obj.args[arg.toLocaleLowerCase()] = obj.args[arg]; if (validArguments.indexOf(arg.toLocaleLowerCase()) == -1) { console.log('Invalid argument "' + arg + '", use --help.'); return; } }
if (obj.args.mongodb == true) { console.log('Must specify: --mongodb [connectionstring] \r\nSee https://docs.mongodb.com/manual/reference/connection-string/ for MongoDB connection string.'); return; }
@ -232,18 +233,21 @@ function CreateMeshCentralServer() {
if (obj.args.showiplocations) { obj.db.GetAllType('iploc', function (err, docs) { console.log(docs); process.exit(); }); return; }
if (obj.args.dbexport) {
// Export the entire database to a JSON file
if (obj.args.dbexport == true) { console.log('Use --dbexport [filename]'); process.exit(); } else { obj.db.GetAll(function (err, docs) { obj.fs.writeFileSync(obj.args.dbexport, JSON.stringify(docs)); console.log('Exported ' + docs.length + ' objects(s).'); process.exit(); }); }
if (obj.args.dbexport == true) { obj.args.dbexport = obj.path.join(obj.datapath, 'meshcentral.db.json'); }
obj.db.GetAll(function (err, docs) {
obj.fs.writeFileSync(obj.args.dbexport, JSON.stringify(docs));
console.log('Exported ' + docs.length + ' objects(s) to ' + obj.args.dbexport + '.'); process.exit();
});
return;
}
if (obj.args.dbimport) {
// Import the entire database from a JSON file
if (obj.args.dbimport == true) { console.log('Use --dbimport [filename]'); process.exit(); } else {
if (obj.args.dbimport == true) { obj.args.dbimport = obj.path.join(obj.datapath, 'meshcentral.db.json'); }
var json = null;
try { json = obj.fs.readFileSync(obj.args.dbimport); } catch (e) { console.log('Invalid JSON file'); process.exit(); }
try { json = JSON.parse(json); } catch (e) { console.log('Invalid JSON format'); process.exit(); }
if ((json == null) || (typeof json.length != 'number') || (json.length < 1)) { console.log('Invalid JSON format'); }
obj.db.RemoveAll(function () { obj.db.InsertMany(json, function () { console.log('Imported ' + json.length + ' objects(s)'); process.exit(); }); });
}
try { json = obj.fs.readFileSync(obj.args.dbimport); } catch (e) { console.log('Invalid JSON file: ' + obj.args.dbimport + '.'); process.exit(); }
try { json = JSON.parse(json); } catch (e) { console.log('Invalid JSON format: ' + obj.args.dbimport + '.'); process.exit(); }
if ((json == null) || (typeof json.length != 'number') || (json.length < 1)) { console.log('Invalid JSON format: ' + obj.args.dbimport + '.'); }
obj.db.RemoveAll(function () { obj.db.InsertMany(json, function () { console.log('Imported ' + json.length + ' objects(s) from ' + obj.args.dbimport + '.'); process.exit(); }); });
return;
}
@ -338,6 +342,12 @@ function CreateMeshCentralServer() {
obj.mpsserver = require('./mpsserver.js').CreateMpsServer(obj, obj.db, obj.args, obj.certificates);
}
// Setup and start the legacy swarm server
if (obj.certificates.swarmserver != null) {
if (obj.args.swarmport == null) { obj.args.swarmport = 8080; }
obj.swarmserver = require('./swarmserver.js').CreateSwarmServer(obj, obj.db, obj.args, obj.certificates);
}
// Start periodic maintenance
obj.maintenanceTimer = setInterval(obj.maintenanceActions, 1000 * 60 * 60); // Run this every hour

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.1.0-f",
"version": "0.1.0-g",
"keywords": [
"Remote Management",
"Intel AMT",

207
swarmserver.js Normal file
View File

@ -0,0 +1,207 @@
/**
* @description Meshcentral1 legacy swarm server, used to update agents and get them on MeshCentral2
* @author Ylian Saint-Hilaire
* @version v0.0.1
*/
// Construct a legacy Swarm Server server object
module.exports.CreateSwarmServer = function (parent, db, args, certificates) {
var obj = {};
obj.parent = parent;
obj.db = db;
obj.args = args;
obj.certificates = certificates;
//obj.legacyAgentConnections = {};
var common = require('./common.js');
var net = require('net');
var tls = require('tls');
var LegacyMeshProtocol = {
NODEPUSH: 1, // Used to send a node block to another peer.
NODEPULL: 2, // Used to send a pull block to another peer.
NODENOTIFY: 3, // Used to indicate the node ID to other peers.
NODECHALLENGE: 4, // Used to challenge a node identity.
NODECRESPONSE: 5, // Used to respond to a node challenge.
TARGETSTATUS: 6, // Used to send the peer connection status list.
LOCALEVENT: 7, // Used to send local events to subscribers.
AESCRYPTO: 8, // Used to send an encrypted block of data.
SESSIONKEY: 9, // Used to send a session key to a remote node.
SYNCSTART: 10, // Used to send kick off the SYNC request, send the start NodeID.
SYNCMETADATA: 11, // Used to send a sequence of NodeID & serial numbers.
SYNCREQUEST: 12, // Used to send a sequence of NodeID's to request.
NODEID: 13, // Used to send the NodeID in the clear. Used for multicast.
AGENTID: 14, // Used to send the AgentID & version to the other node.
PING: 15, // Used to query a target for the presence of the mesh agent (PB_NODEID response expected).
SETUPADMIN: 16, // Used to set the trusted mesh identifier, this code can only be used from local settings file.
POLICY: 17, // Used to send a policy block to another peer.
POLICYSECRET: 18, // Used to encode the PKCS12 private key of a policy block.
EVENTMASK: 19, // Used by the mesh service to change the event mask.
RECONNECT: 20, // Used by the mesh service to indicate disconnect & reconnection after n seconds.
GETSTATE: 21, // Used by the mesh service to obtain agent state.
CERTENCRYPTED: 22, // Used to send a certificate encrypted message to a node.
GETCOOKIE: 23, // Used to request a certificate encryption anti-replay cookie.
COOKIE: 24, // Used to carry an anti-replay cookie to a requestor.
SESSIONCKEY: 25, // Used to send a session key to a remote console.
INTERFACE: 26, // Used to send a local interface blob to a management console.
MULTICAST: 27, // Used by the mesh service to cause the agent to send a multicast.
SELFEXE: 28, // Used to transfer our own agent executable.
LEADERBADGE: 29, // User to send a leadership badge.
NODEINFO: 30, // Used to indicate a block information update to the web service.
TARGETEVENT: 31, // Used to send a single target update event.
DEBUG: 33, // Used to send debug information to web service.
TCPRELAY: 34, // Used to operate mesh leader TCP relay sockets
CERTSIGNED: 35, // Used to send a certificate signed message to a node.
ERRORCODE: 36, // Used to notify of an error.
MESSAGE: 37, // Used to route messages between nodes.
CMESSAGE: 38, // Used to embed a interface identifier along with a PB_MESSAGE.
EMESSAGE: 39, // Used to embed a target encryption certificate along with a MESSAGE or CMESSAGE.
SEARCH: 40, // Used to send a custom search to one or more remote nodes.
MESSAGERELAY: 41, // Used by no-certificate consoles to send hopping messages to nodes.
USERINPUT: 42, // Used to send user keyboard input to a target computer
APPID: 43, // Used to send a block of data to a specific application identifier.
APPSUBSCRIBE: 44, // Used to perform local app subscription to an agent.
APPDIRECT: 45, // Used to send message directly to remote applications.
APPREQACK: 46, // Used to request an ack message.
APPACK: 47, // Used to ack a received message.
SERVERECHO: 48, // Server will echo this message, used for testing.
KVMINFO: 49, // Used to send local KVM slave process information to mesh agent.
REMOTEWAKE: 50, // Used to send remote wake information to server.
NEWCONNECTTOKEN: 51, // Used to send a new connection token to the Swarm Server.
WIFISCAN: 52, // Used to send visible WIFI AP's to the server.
AMTPROVISIONING: 53, // Used by the agent to send Intel AMT provisioning information to the server.
ANDROIDCOMMAND: 54, // Send a Android OS specific command (Android only).
NODEAPPDATA: 55, // Used to send application specific data block to the server for storage.
PROXY: 56, // Used to indicate the currently used proxy setting string.
FILEOPERATION: 57, // Used to perform short file operations.
APPSUBSCRIBERS: 58, // Used request and send to the mesh server the list of subscribed applications
CUSTOM: 100, // Message containing application specific data.
USERAUTH: 1000, // Authenticate a user to the swarm server.
USERMESH: 1001, // Request or return the mesh list for this console.
USERMESHS: 1002, // Send mesh overview information to the console.
USERNODES: 1003, // Send node overview information to the console.
JUSERMESHS: 1004, // Send mesh overview information to the console in JSON format.
JUSERNODES: 1005, // Send node overview information to the console in JSON format.
USERPOWERSTATE: 1006, // Used to send a power command from the console to the server.
JMESHPOWERTIMELINE: 1007, // Send the power timeline for all nodes in a mesh.
JMESHPOWERSUMMARY: 1008, // Send the power summary for sum of all nodes in a mesh.
USERCOMMAND: 1009, // Send a user admin text command to and from the server.
POWERBLOCK: 1010, // Request/Response of block of power state information.
MESHACCESSCHANGE: 1011, // Notify a console of a change in accessible meshes.
COOKIEAUTH: 1012, // Authenticate a user using a crypto cookie.
NODESTATECHANGE: 1013, // Indicates a node has changed power state.
JUSERNODE: 1014, // Send node overview information to the console in JSON format.
AMTWSMANEVENT: 1015, // Intel AMT WSMAN event sent to consoles.
ROUTINGCOOKIE: 1016, // Used by a console to request a routing cookie.
JCOLLABORATION: 1017, // Request/send back JSON collaboration state.
JRELATIONS: 1018, // Request/send back JSON relations state.
SETCOLLABSTATE: 1019, // Set the collaboration state for this session.
ADDRELATION: 1020, // Request that a new relation be added.
DELETERELATION: 1021, // Request a relation be deleted.
ACCEPTRELATION: 1022, // Request relation invitation be accepted.
RELATIONCHANGEEVENT: 1023, // Notify that a relation has changed.
COLLBCHANGEEVENT: 1024, // Notify that a collaboration state has change.
MULTICONSOLEMESSAGE: 1025, // Send a message to one or more console id's.
CONSOLEID: 1026, // Notify a console of it's console id.
CHANGERELATIONDATA: 1027, // Request that relation data be changed.
SETUSERDATA: 1028, // Set user data
GETUSERDATA: 1029, // Get user data
SERVERAUTH: 1030, // Used to verify the certificate of the server
USERAUTH2: 1031, // Authenticate a user to the swarm server (Uses SHA1 SALT)
GUESTREMOTEDESKTOP: 2001, // Guest usage: Remote Desktop
GUESTWEBRTCMESH: 2002 // Guest usage: WebRTC Mesh
}
obj.server = tls.createServer({ key: certificates.swarmserver.key, cert: certificates.swarmserver.cert, requestCert: true }, onConnection);
obj.server.listen(args.swarmport, function () { console.log('MeshCentral Legacy Swarm Server running on ' + certificates.CommonName + ':' + args.swarmport + '.'); }).on('error', function (err) { console.error('ERROR: MeshCentral Swarm Server server port ' + args.swarmport + ' is not available.'); if (args.exactports) { process.exit(); } });
function onConnection(socket) {
socket.tag = { first: true, clientCert: socket.getPeerCertificate(true), accumulator: "", socket: socket };
socket.setEncoding('binary');
Debug(1, 'SWARM:New legacy agent connection');
socket.addListener("data", function (data) {
if (args.swarmdebug) { var buf = new Buffer(data, "binary"); console.log('SWARM <-- (' + buf.length + '):' + buf.toString('hex')); } // Print out received bytes
socket.tag.accumulator += data;
// Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port.
if (socket.tag.first == true) {
if (socket.tag.accumulator.length < 3) return;
if (socket.tag.accumulator.substring(0, 3) == 'GET') { console.log("Swarm Connection, HTTP GET detected: " + socket.remoteAddress); socket.write('HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!DOCTYPE html><html><head><meta charset="UTF-8"></head><body>MeshCentral2 legacy swarm server.<br />MeshCentral1 mesh agents should connect here for updates.</body></html>'); socket.end(); return; }
socket.tag.first = false;
}
// A client certificate is required
if (!socket.tag.clientCert.subject) { console.log("Swarm Connection, no client cert: " + socket.remoteAddress); socket.write('HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nMeshCentral2 legacy swarm server.\r\nNo client certificate given.'); socket.end(); return; }
try {
// Parse all of the APF data we can
var l = 0;
do { l = ProcessCommand(socket); if (l > 0) { socket.tag.accumulator = socket.tag.accumulator.substring(l); } } while (l > 0);
if (l < 0) { socket.end(); }
} catch (e) {
console.log(e);
}
});
// Process one AFP command
function ProcessCommand(socket) {
if (socket.tag.accumulator.length < 4) return 0;
var cmd = common.ReadShort(socket.tag.accumulator, 0);
var len = common.ReadShort(socket.tag.accumulator, 2);
if (len > socket.tag.accumulator.length) return 0;
console.log('Swarm: Cmd=' + cmd + ', Len=' + len + '.');
switch (cmd) {
case LegacyMeshProtocol.NODEPUSH: {
Debug(3, 'Swarm:NODEPUSH');
}
default: {
Debug(1, 'Swarm:Unknown command: ' + cmd + ' of len ' + len + '.');
}
}
return len;
}
socket.addListener("close", function () {
Debug(1, 'Swarm:Connection closed');
try { delete obj.ciraConnections[socket.tag.nodeid]; } catch (e) { }
obj.parent.ClearConnectivityState(socket.tag.meshid, socket.tag.nodeid, 2);
});
socket.addListener("error", function () {
//console.log("Swarm Error: " + socket.remoteAddress);
});
}
// Disconnect legacy agent connection
obj.close = function (socket) {
try { socket.close(); } catch (e) { }
try { delete obj.ciraConnections[socket.tag.nodeid]; } catch (e) { }
obj.parent.ClearConnectivityState(socket.tag.meshid, socket.tag.nodeid, 2);
}
function Write(socket, data) {
if (args.swarmdebug) {
// Print out sent bytes
var buf = new Buffer(data, "binary");
console.log('Swarm --> (' + buf.length + '):' + buf.toString('hex'));
socket.write(buf);
} else {
socket.write(new Buffer(data, "binary"));
}
}
// Debug
function Debug(lvl) {
if (lvl > obj.parent.debugLevel) return;
if (arguments.length == 2) { console.log(arguments[1]); }
else if (arguments.length == 3) { console.log(arguments[1], arguments[2]); }
else if (arguments.length == 4) { console.log(arguments[1], arguments[2], arguments[3]); }
else if (arguments.length == 5) { console.log(arguments[1], arguments[2], arguments[3], arguments[4]); }
else if (arguments.length == 6) { console.log(arguments[1], arguments[2], arguments[3], arguments[4], arguments[5]); }
else if (arguments.length == 7) { console.log(arguments[1], arguments[2], arguments[3], arguments[4], arguments[5], arguments[6]); }
}
return obj;
}