Merge pull request #4766 from jsastriawan/kvm_non_tls

Fixes on AMT KVM for newer AMT firmware and newer Node JS TLS compatibility fix
This commit is contained in:
Ylian Saint-Hilaire 2022-11-16 16:58:21 -08:00 committed by GitHub
commit 4e28672b0a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 15 additions and 5 deletions

View File

@ -274,7 +274,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
obj.socket.connect(obj.port, obj.host, obj.xxOnSocketConnected); obj.socket.connect(obj.port, obj.host, obj.xxOnSocketConnected);
} else { } else {
// Direct connect with TLS // Direct connect with TLS
var options = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false }; var options = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE | obj.constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
if (obj.xtlsMethod != 0) { options.secureProtocol = 'TLSv1_method'; } if (obj.xtlsMethod != 0) { options.secureProtocol = 'TLSv1_method'; }
if (obj.xtlsoptions) { if (obj.xtlsoptions) {
if (obj.xtlsoptions.ca) { options.ca = obj.xtlsoptions.ca; } if (obj.xtlsoptions.ca) { options.ca = obj.xtlsoptions.ca; }

View File

@ -395,7 +395,7 @@ module.exports.CreateRedirInterceptor = function (args) {
if (obj.amt.digestRealm) { if (obj.amt.digestRealm) {
// Replace this authentication digest with a server created one // Replace this authentication digest with a server created one
// We have everything we need to authenticate // We have everything we need to authenticate
var nc = obj.ws.authCNonceCount; var nc = '0'+ (10000000 + obj.ws.authCNonceCount).toString().substring(1);// set NC at least 8 bytes
obj.ws.authCNonceCount++; obj.ws.authCNonceCount++;
var digest = obj.ComputeDigesthash(obj.args.user, obj.args.pass, obj.amt.digestRealm, 'POST', authurl, obj.amt.digestQOP, obj.amt.digestNonce, nc, obj.ws.authCNonce); var digest = obj.ComputeDigesthash(obj.args.user, obj.args.pass, obj.amt.digestRealm, 'POST', authurl, obj.amt.digestQOP, obj.amt.digestNonce, nc, obj.ws.authCNonce);

View File

@ -4173,7 +4173,12 @@
desktop.m.useZRLE = (desktopsettings.encoding < 3); desktop.m.useZRLE = (desktopsettings.encoding < 3);
desktop.m.showmouse = true; desktop.m.showmouse = true;
desktop.m.onScreenSizeChange = function (o, x, y) { if (fullscreen) { QS('deskarea3').width = (x * fullscreenzoom) + 'px'; QS('deskarea3').height = (y * fullscreenzoom) + 'px'; } deskAdjust(); } desktop.m.onScreenSizeChange = function (o, x, y) { if (fullscreen) { QS('deskarea3').width = (x * fullscreenzoom) + 'px'; QS('deskarea3').height = (y * fullscreenzoom) + 'px'; } deskAdjust(); }
desktop.Start(desktopNode._id, 16994, '*', '*', 0); // Use TLS if TLS is set
if (desktopNode.conn==4 && desktopNode.intelamt!=null && desktopNode.intelamt.tls==1) {
desktop.Start(desktopNode._id, 16995, '*', '*', 1);
} else {
desktop.Start(desktopNode._id, 16994, '*', '*', 0);
}
desktop.contype = 2; desktop.contype = 2;
} else if ((contype == null) || (contype == 1) || ((contype == 3) && (currentNode.agent.id > 4))) { } else if ((contype == null) || (contype == 1) || ((contype == 3) && (currentNode.agent.id > 4))) {
// Setup the Mesh Agent remote desktop // Setup the Mesh Agent remote desktop

View File

@ -8904,7 +8904,12 @@
} }
} }
}; };
desktop.Start(desktopNode._id, 16994, '*', '*', 0); // Use TLS if TLS is set
if (desktopNode.conn==4 && desktopNode.intelamt!=null && desktopNode.intelamt.tls==1) {
desktop.Start(desktopNode._id, 16995, '*', '*', 1);
} else {
desktop.Start(desktopNode._id, 16994, '*', '*', 0);
}
desktop.contype = 2; desktop.contype = 2;
} else if ((contype == null) || (contype == 1) || ((contype == 3) && ((currentNode.agent.id > 4) && ((debugmode == null))))) { } else if ((contype == null) || (contype == 1) || ((contype == 3) && ((currentNode.agent.id > 4) && ((debugmode == null))))) {
// Setup the Mesh Agent remote desktop // Setup the Mesh Agent remote desktop

View File

@ -4826,7 +4826,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
ws._socket.resume(); ws._socket.resume();
} else { } else {
// If TLS is going to be used, setup a TLS socket // If TLS is going to be used, setup a TLS socket
var tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false }; var tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
if (req.query.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; } if (req.query.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
ws.forwardclient = obj.tls.connect(port, node.host, tlsoptions, function () { ws.forwardclient = obj.tls.connect(port, node.host, tlsoptions, function () {
// The TLS connection method is the same as TCP, but located a bit differently. // The TLS connection method is the same as TCP, but located a bit differently.