MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-07-16 12:21:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'Ylianst:master' into dockerrewrite

Browse Source
This commit is contained in:
dselen 2025-05-09 09:35:48 +02:00 committed by GitHub
commit 59ca8b0815
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
14 changed files with 5945 additions and 5880 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
SECURITY.md
View File

@ -11,8 +11,9 @@ Any version of MeshCentral 1.x.x is supported.
## Reporting a Vulnerability
Please report any concerns or security issue to Ylian Saint-Hilaire (ylianst@gmail.com). If needed, use my PGP key below.
Please report any concerns or security issue to Ylian Saint-Hilaire (ylianst@gmail.com) and Simon Smith (simonsmith5521@gmail.com).
Ylian Saint-Hilaire (ylianst@gmail.com) PGP key below.
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.56
@ -47,3 +48,58 @@ oZ2hPP2gU9w=
=roW4
-----END PGP PUBLIC KEY BLOCK-----
```
Simon Smith (simonsmith5521@gmail.com) PGP key below.
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGgUVVwBEADVReB3GclVt2B9928Cs2XVXc0BW/AcKP4XOdrWHE0u9dTtozrM
EI2azZI+tcyGDVGdNJlYF2FQUTnnVcazm+IUskZJ0mgL+TQ2k+bRmQXj1ZRKrTk5
5qOjPCxP0jCHbxHIlh9ecO3NsHHj1+MFRDzGBvOyiJzVxn2xmg8+r7okcnRZj7Wj
0K4EwM33/Xdanl8IXahwaQH3rQrn5gjunLB2vFvrC6sxpU8Q9etEwUc7/D8zfH9f
9K11hESeQvMVkfv/QGrO0X5nhDEYiH4aJA7SqvC6xhIqjyNfAqRoMpUDGwP/JB6B
3WHyhUfkNDT9gfn064BF90NZQgr318Z0uzuwC4NHvptVz5pFJYpUz9KBkkn8p+Mq
j82IwHeMXyvO4nzBxfmqDYfN4vrnbVJmcMNtQUe2G9ekKHTO7UHW1gH4ls68tzNA
COexEBfTKpPqboK1yM8wwycvyXuX8DEVZtbiKXNcUPSOdmUx1ZXtO6YHfSDiRWgu
HxCN+LoWujbI22ry9YZcOHkG6c45vmavw/7ebB7XVl4yQeneZVxxH3nFSccPrBFg
NYROw/j0yeeNu2CATsutJSblQqQuROYdUhkJACnpF6mE60eUs+Slk1C0OQZfUm/z
kpJP5dXRm+AhzoprmSLl0umMdcyBhZHTk27pkt/yVFNxAxMwMOsLj1NeXQARAQAB
tCZTaW1vbiBTbWl0aCA8c2ltb25zbWl0aDU1MjFAZ21haWwuY29tPokCVAQTAQgA
PhYhBEwpnGdhitVYgbKU3iDv9oNlI537BQJoFFVcAhsDBQkHhh9kBQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJECDv9oNlI537fqYP/1l27lv+/jEnhPfMYmy0TXAV
RQES7afzNRH9bbVW4RMrVito5PtUJ71KAP0UznYHUuo2hVZeuBRDqgVBreeb/KHZ
ERz8UgTJhE/FBhBGKKgHGtPWwCuQs2owGCePQHweFUVh5O5NWjXPBrZ6s1GipDwC
Gi6UG9pgKcs7iGc2hIwV/EF06QgKmKhyL1twpmu4wzjdRoja0Xp3GFjgqcQG82bP
OGxA4znyzXoNQAWPUr4PW+cGDSGPar3BUnQhHCssQTYbjQHeaW7VH9pvv217a/Yh
sUgzp0KMhyp8ShBrhJJJdddWxaPuDhip5ABK2lCRqK1utCpBCZ2CjmAd5RtkVuwF
DLMDa5siiO844n8Hc1MQ+P1k6iNi8JlPcwSLiKn9jeP+/UfFQbCzx3Fhx+6NVOGQ
k9JqhyQPvEl4F1RUqjlhFmebFiXt4PnhZct3MO1CfNCsaYUkulCbzzoQV54qHDvY
z2GQ5G3mV6CExWuVAnPq/GqOnyVP/4bmnWF/wkYZDzMfSws9kNgMoRD7UZ5PQS1U
lpg8HCiyMR64ZeFZxb6tjc0jbuxafYe402QEUIfyLt2iHW5Jb1ksld+ncE5WYOIq
jtC+MN1txhJgmgXWvvmSH+R42Q9PwEvtzKDksZGqNhlu/R5kHVrMN9OW8q5b2r6q
04Q95ICfI8OSUUT7J3o3uQINBGgUVVwBEADcTCtuskpBj002JvF02gvLUB0tAzQJ
sv4PtPZlUvV8BbzfpvPEW5xB2MjUbyhFqJTJj9wDr+ELx+hE1X/GzgfGNDvXSCnq
0E8KEWS++CmYAL0HdZx9nJiXet7FGE90FTuZMWrS1Rojs2vMZESN/hqBP8kuWK9x
z+Bq/xiRHeFM5zUXTUfVghZSUOv/mpCU9tN/h//yI8Ltnke3Xk4m6OSDfQKinmZY
ynhZFrWmhwcAm7DzNZIJ8P5fvOmJlrQQbsGYUqLUNNFSgmW/+bNnOyB5+oBLV3ou
6OhMDhoEdwLaGr9/W+Wxc5hYyM455rgO3NIVg/js244shJrz58xo3Ral0P7xZt2O
hSyNtFOVZboFxRV4ESCSVS3oB4K/aC76WHzhTcxhWkRmM6Q8nWhqS2A5dhZeWWK6
RmHMqqirSwd0IeFQq8rpUSPaXoU6cfoT5Zv/VXr3hP+Tdd/m8rMqMF/5tqerGP79
ofqGE89ydulP+dr+jJNPaiJ8Alx7hszuB1PTFMZMvlHMWPhx0xXjTjGaJt4y551y
8XyvEeAZ9u58UHhT9gquumu4sh55Rw0PMp23BUsNBHSq+0VMQBoZlxJa3w7QC7i/
TM1NRtsAJAoM0ocyca7EztDLoSsCi9j8nedzhiH3dB0U+ma5dtRWrVSSc1NV09po
Og5aJdav2YW33QARAQABiQI8BBgBCAAmFiEETCmcZ2GK1ViBspTeIO/2g2UjnfsF
AmgUVVwCGwwFCQeGH2QACgkQIO/2g2UjnfuCaA//Z+Ur69OnOxIqY0makkJFnQO6
I4657VNuE9dMWtQwQA7nn/Rxxqk0hAuEPF6uyX4sZ20SK5LUQQyhyz3fwYiNm9Rr
iYkTmPiMgx7CPsRVXBPjRWow+z5Li/RYPMlYNwKJ2h8z/+w2VHaA/WkkfLQKeWQq
T5Hr7+5WQzOOHcntESBI5mZw/4CPEaWJEIWWrD7TtsWiYfRnOHlB/GvDQcaXxKVa
Gp1rsmOh5t/prdG/F4jLSsYvpXLY618t3Zn1SJYhWub6h8OtF3Mrao7Wm/HSwcwM
0IWAnDYB1K70MvPLEifqcyeYZFZE8gFuOU/WpyHHUSpVvGJ6fhL6sKWmCRJGR4UJ
3kepyYspshMVZRwJkll8UdrKHcAsUnOML25JX712BDNNHsJTcMf1i9BhIwlxk2yN
BspmWe7JJHD28FCoQ3tpvf+iN5uILO/QrtYkiigppfpP56ZFdTVtk/LdnTfh5gPl
FIOJKHXZKEM9zbhW/ntnXDKQjnWw/3EuFvmmqOqEtHF+pRDZiRjzptJIOdg392h8
GM8EnU927FMbtnpysQu9sxUGxMDZ9GMEOnFpAtg2LV4bnHx+K6g3JL07BdB3gdmX
SieMJS9Az3lcIqzMqtmyti7S2eP+0aduXOmxE1QtPuzs5X7a0XXSvBAoI79Az10V
z1Ncl3xSEOPFKUIvLck=
=yUbV
-----END PGP PUBLIC KEY BLOCK-----
```

16
amt/amt-redir-mesh.js
View File

@ -170,8 +170,12 @@ module.exports.CreateAmtRedirect = function (module, domain, user, webserver, me
// TLSSocket to encapsulate TLS communication, which then tunneled via SerialTunnel an then wrapped through CIRA APF
const TLSSocket = require('tls').TLSSocket;
const tlsoptions = { minVersion: 'TLSv1', ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
// if (obj.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
const tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
if (obj.tls1only == 1) {
tlsoptions.secureProtocol = 'TLSv1_method';
} else {
tlsoptions.minVersion = 'TLSv1';
}
const tlsock = new TLSSocket(ser, tlsoptions);
tlsock.on('error', function (err) { Debug(1, "CIRA TLS Connection Error ", err); });
tlsock.on('secureConnect', function () { Debug(2, "CIRA Secure TLS Connection"); ws._socket.resume(); });
@ -228,8 +232,12 @@ module.exports.CreateAmtRedirect = function (module, domain, user, webserver, me
obj.forwardclient.setEncoding('binary');
} else {
// If TLS is going to be used, setup a TLS socket
var tlsoptions = { minVersion: 'TLSv1', ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
// if (obj.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
var tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
if (obj.tls1only == 1) {
tlsoptions.secureProtocol = 'TLSv1_method';
} else {
tlsoptions.minVersion = 'TLSv1';
}
obj.forwardclient = obj.tls.connect(port, node.host, tlsoptions, function () {
// The TLS connection method is the same as TCP, but located a bit differently.
Debug(2, 'TLS Intel AMT transport connected to ' + node.host + ':' + port + '.');

18
amt/amt-wsman-comm.js
View File

@ -236,8 +236,12 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
if (state == 0) { obj.xxOnSocketClosed(); }
if (state == 2) {
// TLSSocket to encapsulate TLS communication, which then tunneled via SerialTunnel an then wrapped through CIRA APF
var options = { minVersion: 'TLSv1', socket: ser, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE | obj.constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
// if (obj.xtlsMethod == 1) { options.secureProtocol = 'TLSv1_method'; }
var options = { socket: ser, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE | obj.constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
if (obj.xtlsMethod == 1) {
options.secureProtocol = 'TLSv1_method';
} else {
options.minVersion = 'TLSv1';
}
if (obj.xtlsoptions) {
if (obj.xtlsoptions.ca) { options.ca = obj.xtlsoptions.ca; }
if (obj.xtlsoptions.cert) { options.cert = obj.xtlsoptions.cert; }
@ -274,8 +278,12 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
obj.socket.connect(obj.port, obj.host, obj.xxOnSocketConnected);
} else {
// Direct connect with TLS
var options = { minVersion: 'TLSv1', ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE | obj.constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
// if (obj.xtlsMethod != 0) { options.secureProtocol = 'TLSv1_method'; }
var options = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE | obj.constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
if (obj.xtlsMethod == 1) {
options.secureProtocol = 'TLSv1_method';
} else {
options.minVersion = 'TLSv1';
}
if (obj.xtlsoptions) {
if (obj.xtlsoptions.ca) { options.ca = obj.xtlsoptions.ca; }
if (obj.xtlsoptions.cert) { options.cert = obj.xtlsoptions.cert; }
@ -283,7 +291,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
}
obj.socket = obj.tls.connect(obj.port, obj.host, options, obj.xxOnSocketConnected);
obj.socket.setEncoding('binary');
obj.socket.setTimeout(60000); // Set socket idle timeout
obj.socket.setTimeout(28000); // Set socket idle timeout of 28 seconds
obj.socket.on('data', obj.xxOnSocketData);
obj.socket.on('close', obj.xxOnSocketClosed);
obj.socket.on('timeout', obj.destroy);

4
amtmanager.js
View File

@ -638,7 +638,7 @@ module.exports.CreateAmtManager = function (parent) {
// Connect now
var comm;
if ((dev.tlsfail !== true) && (parent.config.domains[dev.domainid].amtmanager.tlsconnections !== false)) {
if ((dev.tlsfail !== true) && (parent.config.domains[dev.domainid].amtmanager.tlsconnections !== false) && (dev.intelamt.tls == 1)) {
parent.debug('amt', dev.name, (dev.connType == 1) ? 'Relay-Connect' : 'LMS-Connect', "TLS", user);
comm = CreateWsmanComm(dev.nodeid, 16993, user, pass, 1, null, ciraconn); // Perform TLS
comm.xtlsFingerprint = 0; // Perform no certificate checking
@ -670,7 +670,7 @@ module.exports.CreateAmtManager = function (parent) {
// Connect now
var comm;
if ((dev.tlsfail !== true) && (parent.config.domains[dev.domainid].amtmanager.tlsconnections !== false)) {
if ((dev.tlsfail !== true) && (parent.config.domains[dev.domainid].amtmanager.tlsconnections !== false) && (dev.intelamt.tls == 1)) {
parent.debug('amt', dev.name, 'Direct-Connect', "TLS", dev.host, user);
comm = CreateWsmanComm(dev.host, 16993, user, pass, 1); // Always try with TLS first
comm.xtlsFingerprint = 0; // Perform no certificate checking

8
amtscanner.js
View File

@ -387,8 +387,12 @@ module.exports.CreateAmtScanner = function (parent) {
} else {
// Connect using TLS, we will switch from default TLS to TLS1-only and back if we get a connection error to support older Intel AMT.
if (scaninfo.tlsoption == null) { scaninfo.tlsoption = 0; }
const tlsOptions = { minVersion: 'TLSv1', rejectUnauthorized: false, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION };
// if (scaninfo.tlsoption == 1) { tlsOptions.secureProtocol = 'TLSv1_method'; }
const tlsOptions = { rejectUnauthorized: false, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION };
if (scaninfo.tlsoption == 1) {
tlsOptions.secureProtocol = 'TLSv1_method';
} else {
tlsOptions.minVersion = 'TLSv1';
}
client = obj.tls.connect(port, host, tlsOptions, function () { this.write('GET / HTTP/1.1\r\nhost: ' + host + '\r\n\r\n'); });
}
client.scaninfo = scaninfo;

3
meshcentral.js
View File

@ -2095,7 +2095,8 @@ function CreateMeshCentralServer(config, args) {
for (var i in obj.mpsserver.ciraConnections) { data.conn.amc += obj.mpsserver.ciraConnections[i].length; }
}
for (var i in obj.connectivityByNode) {
if (obj.connectivityByNode[i].connectivity == 4) { data.conn.am++; }
const node = obj.connectivityByNode[i];
if (node && typeof node.connectivity !== 'undefined' && node.connectivity === 4) { data.conn.am++; }
}
if (obj.firstStats === true) { delete obj.firstStats; data.first = true; }
if (obj.multiServer != null) { data.s = obj.multiServer.serverid; }

3
meshuser.js
View File

@ -512,7 +512,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
for (var i in parent.parent.mpsserver.ciraConnections) { serverStats.ConnectedIntelAMTCira += parent.parent.mpsserver.ciraConnections[i].length; }
}
for (var i in parent.parent.connectivityByNode) {
if (parent.parent.connectivityByNode[i].connectivity == 4) { serverStats.ConnectedIntelAMT++; }
const node = parent.parent.connectivityByNode[i];
if (node && typeof node.connectivity !== 'undefined' && node.connectivity === 4) { serverStats.ConnectedIntelAMT++; }
}
// Take a look at agent errors

2
public/commander.htm
View File

@ -1155,7 +1155,7 @@ function addWifiProfile(){var b,c,a,d={__parameterType:"instance",__namespace:am
32769==c25.value)b={__parameterType:"instance",__namespace:amtstack.CompleteName("CIM_IEEE8021xSettings"),ElementName:"8021x-"+c22.value,InstanceID:"8021x-"+c22.value,ActiveInS0:1==Q("c54").value,AuthenticationProtocol:Q("c32").value},""!=Q("c44").value&&(b.RoamingIdentity=Q("c44").value),""!=Q("c34").value&&(b.ServerCertificateName=Q("c34").value,b.ServerCertificateNameComparison=Q("c36").value),
""!=Q("c40").value&&(b.Username=Q("c40").value),""!=Q("c42").value&&(b.Password=Q("c42").value),""!=Q("c38").value&&(b.Domain=Q("c38").value),3<Q("c32").value&&(b.ProtectedAccessCredential=Q("c46").value,b.PACPassword=Q("c48").value),0<=parseInt(Q("c50").value)&&(c='<Address xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://schemas.xmlsoap.org/ws/2004/08/addressing</Address><ReferenceParameters xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ResourceURI xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd">http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate</ResourceURI><SelectorSet xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"><Selector Name="InstanceID">'+
xxCertificates[parseInt(Q("c50").value)].InstanceID+"</Selector></SelectorSet></ReferenceParameters>"),0<=parseInt(Q("c52").value)&&(a='<Address xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://schemas.xmlsoap.org/ws/2004/08/addressing</Address><ReferenceParameters xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ResourceURI xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd">http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate</ResourceURI><SelectorSet xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"><Selector Name="InstanceID">'+
xxCertificates[parseInt(Q("c52").value)].InstanceID+"</Selector></SelectorSet></ReferenceParameters>");console.log("wifiepsettinginput",JSON.sstringify(d,null,2));console.log("netAuthProfile",JSON.sstringify(b,null,2));console.log("netAuthSettingsClientCert",c);console.log("netAuthSettingsServerCaCert",a);amtstack.AMT_WiFiPortConfigurationService_AddWiFiSettings({__parameterType:"reference",__resourceUri:amtstack.CompleteName("CIM_WiFiEndpoint"),Name:"WiFi Endpoint 0"},d,b,c,a,removeWifiEntryResponse)}
xxCertificates[parseInt(Q("c52").value)].InstanceID+"</Selector></SelectorSet></ReferenceParameters>");console.log("wifiepsettinginput",JSON.stringify(d,null,2));console.log("netAuthProfile",JSON.stringify(b,null,2));console.log("netAuthSettingsClientCert",c);console.log("netAuthSettingsServerCaCert",a);amtstack.AMT_WiFiPortConfigurationService_AddWiFiSettings({__parameterType:"reference",__resourceUri:amtstack.CompleteName("CIM_WiFiEndpoint"),Name:"WiFi Endpoint 0"},d,b,c,a,removeWifiEntryResponse)}
function updateWifiDialog(){var b=!0,c=c25.value,a=c26.value;4>c&&(3==a||4==a)&&(c26.value=2);3<c&&(2==a||5==a)&&(c26.value=3);if(32768==c||32769==c)c26.value=4;QV("c27",4==c||6==c);QV("c30",5==c||7==c||32768==c||32769==c);for(var d in xxWireless.CIM_WiFiEndpointSettings.responses)xxWireless.CIM_WiFiEndpointSettings.responses[d].ElementName==c22.value&&(b=!1);0==c22.value.length&&0==c23.value.length&&(b=!1);4!=c&&6!=c||
!(8>c28.value.length||63<c28.value.length||c28.value!=c29.value)||(b=!1);QE("c106",b);updateNetAuthDialog()}function updateNetAuth2Dialog(){QV("c35",""!=Q("c33").value);QV("c45",3<Q("c32").value);QV("c47",3<Q("c32").value)}
function editNetAuthProfile(){if(!xxdialogMode){var b="<option value=-1>"+EscapeHtml("None")+"</option>",c="<option value=-1>"+EscapeHtml("None")+"</option>",a;for(a in xxCertificates)xxCertificates[a].TrustedRootCertficate?c+='<option value="'+a+'">'+EscapeHtml(xxCertificates[a].XSubject.CN)+"</option>":xxCertificates[a].XPrivateKey&&(b+='<option value="'+a+'">'+EscapeHtml(xxCertificates[a].XSubject.CN)+"</option>");QH("c98",b);QH("c100",c);b=amtsysstate.AMT_8021XProfile.responses.Body;

2
public/scripts/amt-redir-ws-0.1.0-min.js vendored
View File

File diff suppressed because one or more lines are too long

1
public/scripts/amt-redir-ws-0.1.0.js
View File

@ -36,6 +36,7 @@ var CreateAmtRedirect = function (module, authCookie) {
obj.port = port;
obj.user = user;
obj.pass = pass;
obj.tls = tls;
obj.connectstate = 0;
obj.inDataCount = 0;
var url = window.location.protocol.replace('http', 'ws') + '//' + window.location.host + window.location.pathname.substring(0, window.location.pathname.lastIndexOf('/')) + '/webrelay.ashx?p=2&host=' + host + '&port=' + port + '&tls=' + tls + ((user == '*') ? '&serverauth=1' : '') + ((typeof pass === 'undefined') ? ('&serverauth=1&user=' + user) : ''); // The 'p=2' indicates to the relay that this is a REDIRECTION session

11686
translate/translate.json
View File

File diff suppressed because it is too large Load Diff

4
views/default.handlebars
View File

@ -5188,7 +5188,7 @@
su = EscapeHtml(su);
if (su.length > 15) { su = su.substring(0, 14) + '&#8230;'; }
if (node.lusers && node.lusers.length > 0) {
return addKeyLinkConditional(EscapeHtml(su), EscapeHtml(u) + " " + "(" + "Locked" + ")", (node.lusers && node.lusers.indexOf(u) >= 0));
return addKeyLinkConditional(su, EscapeHtml(u) + ' (' + "Locked" + ')', (node.lusers && node.lusers.indexOf(u) >= 0));
} else {
return '<span title="' + EscapeHtml(u) + '">' + su + '</span>';
}
@ -11344,7 +11344,7 @@
h += '<input file=999 style=float:left name=fd class=fcb type=checkbox onchange=p13setActions() value=\'' + f.nx + '\'>&nbsp;<span style=float:right title="' + title + '">' + right + '</span>';
h += '<span><div class=fileIcon' + (f.dt == 'REMOVABLE' ? 5 : (f.dt == 'CDROM' ? 6 : f.t)) + ' onclick=p13folderset("' + encodeURIComponentEx(f.nx) + '")></div><a href=# style=cursor:pointer onclick=\'return p13folderset("' + encodeURIComponentEx(f.nx) + '")\'>';
if (isWindowsNode(currentNode) && f.dt && currentNode.volumes && currentNode.volumes[shortname.charAt(0).toUpperCase()] && currentNode.volumes[shortname.charAt(0).toUpperCase()].name) {
h += currentNode.volumes[shortname.charAt(0).toUpperCase()].name + " (" + shortname + ")";
h += currentNode.volumes[shortname.charAt(0).toUpperCase()].name + ' (' + shortname + ')';
} else {
h += shortname;
}

4
views/default3.handlebars
View File

@ -5697,7 +5697,7 @@
su = EscapeHtml(su);
if (su.length > 15) { su = su.substring(0, 14) + '&#8230;'; }
if (node.lusers && node.lusers.length > 0) {
return addKeyLinkConditional(EscapeHtml(su), EscapeHtml(u) + " " + "(" + "Locked" + ")", (node.lusers && node.lusers.indexOf(u) >= 0));
return addKeyLinkConditional(su, EscapeHtml(u) + ' (' + "Locked" + ')', (node.lusers && node.lusers.indexOf(u) >= 0));
} else {
return '<span title="' + EscapeHtml(u) + '">' + su + '</span>';
}
@ -12141,7 +12141,7 @@
h += '<input file=999 style=float:left name=fd class=fcb type=checkbox class="form-check-input me-2" onchange=p13setActions() value=\'' + f.nx + '\'>&nbsp;<span style=float:right title="' + title + '">' + right + '</span>';
h += '<span><div class=fileIcon' + (f.dt == 'REMOVABLE' ? 5 : (f.dt == 'CDROM' ? 6 : f.t)) + ' onclick=p13folderset("' + encodeURIComponentEx(f.nx) + '")></div><a href=# style=cursor:pointer onclick=\'return p13folderset("' + encodeURIComponentEx(f.nx) + '")\'>';
if (isWindowsNode(currentNode) && f.dt && currentNode.volumes && currentNode.volumes[shortname.charAt(0).toUpperCase()] && currentNode.volumes[shortname.charAt(0).toUpperCase()].name) {
h += currentNode.volumes[shortname.charAt(0).toUpperCase()].name + " (" + shortname + ")";
h += currentNode.volumes[shortname.charAt(0).toUpperCase()].name + ' (' + shortname + ')';
} else {
h += shortname;
}

16
webserver.js
View File

@ -4854,8 +4854,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if (state == 0) { try { ws.close(); } catch (e) { } }
if (state == 2) {
// TLSSocket to encapsulate TLS communication, which then tunneled via SerialTunnel an then wrapped through CIRA APF
const tlsoptions = { minVersion: 'TLSv1', socket: ser, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
// if (req.query.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
const tlsoptions = { socket: ser, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
if (req.query.tls1only == 1) {
tlsoptions.secureProtocol = 'TLSv1_method';
} else {
tlsoptions.minVersion = 'TLSv1';
}
var tlsock = obj.tls.connect(tlsoptions, function () { parent.debug('webrelay', "CIRA Secure TLS Connection"); ws._socket.resume(); });
tlsock.chnl = chnl;
tlsock.setEncoding('binary');
@ -5177,8 +5181,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
ws._socket.resume();
} else {
// If TLS is going to be used, setup a TLS socket
var tlsoptions = { minVersion: 'TLSv1', ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
// if (req.query.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
var tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
if (req.query.tls1only == 1) {
tlsoptions.secureProtocol = 'TLSv1_method';
} else {
tlsoptions.minVersion = 'TLSv1';
}
ws.forwardclient = obj.tls.connect(port, node.host, tlsoptions, function () {
// The TLS connection method is the same as TCP, but located a bit differently.
parent.debug('webrelay', user.name + ' - TLS connected to ' + node.host + ':' + port + '.');