From 607cdf888fbcbd13ddd3f637dec6aa39a20b37cf Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Mon, 2 Mar 2020 12:36:52 -0800 Subject: [PATCH] MeshRouter now supports new icon, fixed server crash when running on single CPU, Removed Let's Encrypt wildcard altname being added by GreenLock. --- agents/MeshCentralRouter.exe | Bin 1406104 -> 1411224 bytes certoperations.js | 2 +- letsEncrypt.js | 19 +++++++++++- meshcentral.js | 1 + package.json | 2 +- public/scripts/amt-0.2.0.js | 3 +- public/scripts/amt-wsman-ws-0.2.0.js | 42 +++++++++++++++------------ redirserver.js | 10 ++++++- 8 files changed, 55 insertions(+), 24 deletions(-) diff --git a/agents/MeshCentralRouter.exe b/agents/MeshCentralRouter.exe index 56ce7aae1a5741b22a6ec443528f9fec98d72e13..579538dd68d4cede8f7559af4614afc805f208c5 100644 GIT binary patch delta 15447 zcmbt*30#y_7x%pb48zQ@48y>HAe(Fo3W%nKxeG3dulrJDYUY;UXlX(YxbLZtIj-fN z3YmsFmcFLuzGqry?kgrPS(=u~_doYOgQ)fXzVG+p@1EzLbI-l!f0ldiGb7Bs(P{3? z&NC)#h_3)>)6H3}? zuGsj9k~;6Lb~EQq1^S%d7}JN^Mg+0k96eX=_(my@N96Ds%AgNYlz#7yP^=?;_*x}y zWFNj+nL2X4_6Rg>mz1V?LuL1OWousT1R?dYvfOwJXL}m3} zt)Uqe0L(g*&g^CKvaN%rh*MG^xIHfJ<;N6*X_R-&J@@Q#dXwH(s?@Q+%uAKGMw?rC zgTGs$@;1ul!)@>n(mzQW3a`yRCZEI*W+GJ~BqS?xNOdPv<$!yLa@gKl;}fEU6r=?{ zoohCkX|6wz{HgRQ=*DA}Z3StWrO%q&MJBDLpy#1{>yn3txPl@e?k0JVEjC0Mk{^_` z5Lqz?n}QR=nOG$D8Rd8+U;p7AffQ4eQHAjU@mXPKo~Ar0>?Pt5#P2E}jILSj_-=q|JFcvmHPyA(N){@5joc`AmEw=v zYXYjwnq%c{mEbvPLD^MU?$VebOq*_%9H zNnaHQ{OPN#O8zQe_%L-!1cHVa1ei74tqy)AbEPeWKL*3Vh-o z_=Jm{iR*_kPupf?;d(2SH?Hr-Pbj`$rfGE1O7kzzde@6adEiRb$7*bCm0Bh5*2;&3 z0BQ1YCA!C7KuD+*<_K{x#J@ikhuG#Q2TL-o|29Xdv7uU{`DEe@MK)|2Wh5rhc2Bh- z9mAUiipy$~?qYLRayP{GSovtfSNy8da^p|INik}$ZUMve{uNt(l=8}^`xKH?XG+=! zP|8_>HErY2iyw|&4IV@nNumXrokl_d$70sjE5=0$v* z(($Wy{Bz~CLzyqFk7c=@f%9`d!%|FVBLkj673>ZgwW@58*`r1irZsuYN1hHH>R2-3 z>t$}Hr(2DZLS>V7&Wh@k(diNhM|bfIby9RQ^m2xz0Kv zEdX{kULk6vQCO8Gps>V*FjZP>~FiiVDay#7JvVCd~&6t&eI}XA=9w4sqX$c zh$+gNT}@v=(OY@4D=4X=QbnX*sMJdF3$cBpG}-;d3)qSiT+t}0wWkxODjmN!rOyAT z(ptC*2)2M*IouDGvb`^cD_#lNH~9tl!<3EtHvUTxHz|etcZf@?^6IQcNyh^Z`Tt+d zmmE6e#g%49qDuZa+}}O8V-3clJ9S{oXE5f6lt*WDYS|3W4J98OKd-g7(sP!R&=&Mu zXnW9If({7ljD8o^9kf@iY|!hXpUO$nS&Y6X`lH3@3ele~`tBOixf$9E^iM&@1^%lQ zJCy!k&0MV27qg@pX;PYzCc}mK7hPJ!24L3CKmzwy;9$_*SjWzp^hx?Bp@jPn#jrVy z;!zMZ0(6TZ4^;Z`TVetFm-OR6o5f88?c+Zc^py~zrHMp$B@5Av1k~$owxNEIA^J8%2;;2%0KF8YJjBk!cyT6JpdL zR*>bwa4rifLrC95aGE`t24Sg5J!U#m%gz7!MY3Dy1~pF@&b z^-Iud!A?*c+X~uF^tH7}Uxt_FYS|g2Ov~CN5%qK%2bw1O=iNzi*=q-AwZz?^rbzpK zJdP)kQW7$%WjpX> z{ZE17M%CWKkCu23RLcxNEj@Du_AL?2&VuTzK8;ysB>9&n=x3<>XQOyLA^=v>wZR50 z``kdYhJ`@i&U9YH_zK#NMC!1V>~yEmcZ~!><}5pzByx#uVbou2C7S0=ThtsC1~W2c z7Llf-B4zhQ`dW(`dRf#>v8XM(RIPmW$%7)RRumSh58Amvhr;Pxa1*iVTyRj(_XJ(0 zAxU-7Um@sOAsGm2VrPTn3???&mP}cO-B)F{dUA6aeiMAWp9Xde4+c%UF)|+N0RNHs0P1Rkwh(< zl0wOvf!)zA0=JNsjknH^YNmX5zIpFf1`Ugdgpd`o7>_J)%cCUsVVD-5^5;fNF5ffD z;Le6rlN_^Tp``Lv?$>}UgN{v5xkb>_v)L*))FVsz;6eg#rYyVAp++l%A2zsLqdu(p zvCPz`*8Ev|?Fws3xSP5i((xgTPtXSD#l_Q%WY=p{@&G#7Uz00lvn)dz3vDa8 z+bm02eTfj)WBpXwB~u^6%WQ?pWgtrFY=g?(GG`fHW&6Z;gN3Y4K$i0Nr4IHiLsK?I zd=ELEm4*#6G-o>nSIEkt-+~=eITO~(WMywk+vWtDp%n}5DY@P8HbWcMPUZdt*OrY{ zxr^Z1v0W;63Tw7!7ges@v$NgMvBF?9Omt><)WNn$cvr^WV)!X!W^movUn&zJ=rjo+XBsAtcw}~D+1Vu6{};tG0(d%+o!U#ELlpAD;s^Y47qIc zEV=YvL@E4gxP60z_&LlwWxe}*tW@P5CnvcNXNhy=SiXBp_YrKX%GHb?X&A{K3T`~( z)eFGQm`9r9*^>k<8^zA3+?E*P>dlv9>F$2u#x4<@Zl}j&gPm=)tL#az1?+dpvCq6Y zB9p#UsxHyaFpOryRBi*fF|1hS+G^(*#kb`aAzc5T^ zq3a}PPx{(0lg$;}OzYyP+8Tu&l4Clp_FIF(+}8_DT`0KOEM0JO7$xmvc1Vt~1Bv?$ z4z?Iya*_Er{QcNMb{8D%7c$zxi`eV)ewizTd` zQ*u4r&Ks7p4HevV!*XWbOk*!|LBSCE+X6`URWp@e<+wVd}Q_R&UmS8(=S z$f$)mSv-9s4i7yOwQMs>`-V8_#b(w3XU@c}tXOF7(h2k1*cIiQ(jdFmD5R`_&51CE_#3|^6oOl+uVUO+!F7s?Fz#m$ z#qb<9I;9%8diX+@;mw@#e&Crttxko6IZ5koDmngSDLsNMqC?}Gm5c% zmAi&j?1x#g%6=q6X9b@ZM?o?DN`;Hw~xnH9!;7V0akIFjE>gW$h^N}d6<1AcqB5U8X zc)`gN;Ct3ca0(mX-&*m!nZVmADK`u4`9gY)(;;=0F??f88=7|eRn|`Bb|v;OUSs_Z z(^w&^hYelE0**?~6WlGf;TUn_*$-Zq-EOl}Dz_ip9rjpog)9M@cbWBjIq#ZfrtVj! zYjIMtY2p2h_gL2-C08vx*La^TSGikNKQKOG6Hm#pX5M3re=_4w#Eoa+)&1BLc1jsu z7UMh9$T>;f*dE?izeFi2OYn6X11ib3E0@b&vL7|#|0YzuX8M`BXg=sP@iGY2`0GCt zH=gZEJZ-GT$5wEq#sprhax-f_FxKQ{XGv3rB$fYuUUC$Y+Pvc>$&uS>eCuV&!EL*) z4u2h?ritWsT^?U5IdZ!`Z}W@f$n6F^`KIK^?N@n6!Hs8Y-MM!Yz7XG7(kj;tGj%O^ zsrYuQkhON3smtJ}Zp*P&;4=B_JH*Muslo0 z4np2T(B5o~9ioBkgm-_ofbH~|Bxtl|3XAiJ#${DYAFUY*+Ek@eSU;cMqCZKq4Dv}r zXOgCf9rRf(B&&sFH6+J<_6x~=A=wYfPd+z<FSjCg*(X6r z5`-i{NEUk&i0y(hAL>U4+DOozf-V+xyPy{YWxk|Y;74?^pauS8(BEMu$qsWKtLk&H zm0&Ikh6m6951@fU(JvJJC8EDX_Jc@gNf7A-YBKd!w5n)PnoNh2^D!Pry>56tax~QN z#&&}@W7U$0_6_$1on^FuE)A>#`ehW+M-kzmzi^@+jOc?fqJEY!zbpbJ5Q*! zC)C=83X-uwk@)Udb_LbzhYI!?nPZ7NH#gAh`v#LvHV)zT-ZKkLnM*kCr4C9{{Dr`z%) zX1}gY-Zqym`X+O9X{aN2;AJo8=3acCm#5a#&3}+a_96bm;I$4dhVhoX zjfQhi&N%*ykNY|H9n-h4A7{Lr+o_e~C6U+TZ}Jk}f}i8~s(ljUBl$o+iJQ>8`7Iv9 z7w{aZJBIN*^zZWeJejBRH9T18tcLDM-d5_^8UHUI4r{OSVUW#68_HYp)!c$6*X-)U ztMi2r1Hb`BX2lemMh*OODg6&XeazeQhrBx$YQ>9$K@$vH1i-^QN%SA^&a~DxN1gBV zO`E1m?|gVoJ{gKrc>=Ju;AK2gpe3)Cb0fdbL-}FU8R?L$7WDrsL4E1S`%a(Nx~^QP z9e-IUtP$`{6%!~#%ejuP-~qrE!>0gEKghg!EI-7<_yH^&#Cs63RgOpB=~s71mJ60Z zoh*_&2can4@mAww;kyw%9nkLKR%9ZHYq2QtnRwp9ll0s1x)iL%j%CO7-@jR1E=+Nt zgz(zosjnq*aho#8`wKxHfG7*eGlJ6!y1OYzBhtF^hIiWXm zdz7p)R|QtKL;e16syE_6p%-Jq9@S$@tm(2vG0VcbRHOYc>l$oNMt>4!AH=g8e}`O~ zDsBD2v-uAwGHOo8Nxc`hhf*C675JVKe%)C5Bdadw@O|XzBkXntPCX6Wr;jmp(1DkG+J0B z%dU0+mVQB^Zvp|ua~z&4d5Y*0ABRRyLedI3q}@t;B?0~Vh>$x%G}ih3kNW1^?oTzA zhiw#7VZI+sQF8^PGL)-;P?=M7c0UKn1&^Y$A0}=B z7Rg+&Xg*aNK|747b%1p`(^^8`1H9D(onlP9gJ2y&QxD2f&i<$M?{K?b!W)94kl@kM zau=E^HVj3~1#cJNxlGHXJcZ(tyPj)Aw4{qgh*%NI=qS+8X*n5g5WEP2M;&VY0k1tW zOGobs`0#}1W@ zHJoxyxVuQ_ZuH65`-nNV(EHAf=k&w5UBhs`yu+^|=>#hS8WTly!XTCB6hWb)Sb=dD ztmmK4LzA$>cn$2^>IhaTZnpkduRqqWJU5*VUkd*bz@-bi7!$}?6kyW^p-QA9fr_3M zt#nV@oJkk-?+O=uk(=dka1YFk#SFTx=wPDV`wk)}`*c`&i))H*pvo|w?~|qLI2HC` zy}fE%37&2wPoQ0f%kXN2JCqR8d((R+R-gr_#o1#&WrJlTjnzP%V(&}>6e{VySTzf| zb_MnMCzbqeAR<)cip++*^(e!nPbE(U+l=n5=iO-aoEt7z=zem!LQg8Vg*>Og`Nmbf z2e%ugE0i5NzaHSND;YDW;5=btH?lwlvkMmKC>V=yt-x*460XweRM`zW;}0QBMQG&m zRk*PR*_80f1$w2T7Xv!EVnoIpksD*Mcq}Gl!a(IrRL6wYQ0xH69mT!Y3YSM)ae2LZ2Z#C2wh`%a_9bkWn5;C!Gj27kWZXb<|NsPUu}8R8Giwo;TT1=eqtQ zd*V|MXqRljA$$vH;t?$ihZqPLdOFtN+d}N?M5lD&8M1fP2)o&8#93jp`qwxU% zMaM5aCt(hG;3}y!iZ!)q2$>7*KRsROQ9?5ud#~%8+FyNkGuV)rB5VfQa%7ppLXG0s z0v50E*HB}1z{}G(1Bj_lF{YDQ%Ds`hNW2DG)kY^dod=}nB^uQ`h1mX2D4&-RYE(-( zYb?Po#Lf-EUTX*WNdTrWO+dQ}V50%A5%z0i^mpLJu8#;;umC6v!39EmMzdF(JhW|T z3sV^rN>4ng5K?jMJP+vK_#S*tw>L)E zV$`q^N-BV-p}ht`bf#QK>9>T3G=3c$TIM^34?;oEo}vi-8z>sX=Ztdv-GKnK2Ot*n z_wkv*&cC$_L@j})IYLO4X{yLKRU#RrLy!)xIP@txBquR{?;oo};j~iQBUg##T5?TOh2%kpepoT|4iB zs+a|%5u{0Sz0luEf)5$|O1AU;$z#?AY z>ELm_MUc_T4Ti-fAj02479o9j9}C-dGLFK)dn<-Pe?soaP*>pYrZxgWjZ#4cNCy+W zanZ+~)_78gD;uOfc~4u{H71P1dpzmYhHT>Z0=(Xh4%;|L2p0Z=?r+A@og~D6<-g~O4Ml8Do88=pwqz z*o*xe^(p7Sxd{#Qey!+TKvG=N?Yv<{zkvJ7J~YSZ%kjmZr{qEJ;`e0AabVNTCm7*k z#LhJ3$ZtbTAYnKOHINY~cz73M;TYSlF7*&R1xk(@TBF0wmSOIjd3@U;Yl-S z%vT+|>rNI5Fw&5QE?~&*=@8T(<8vMNRTkqeN8^M|0GkkDl40VK(NIhG_%(1sOK zPkz^f@h4*3rOAaXA2Ls&XTJayQmZEx5NhCZ(X42dc|Y*!WDw7MG~z?S6C{{cB}Pcd zB*ET}XENmOkbwhal9K)im(dw`1G1<2q8dIaaOS5H?rUkG>bMldS-mqqv=dof=q z;}ejG2KpD_!x)N;sT>y$p8r<7Lhj^s4P89k@Rj+5F0UBSjA-6yK4`vZerP5%e`l9h z%x6a>y8gru--k2&ffJjHzqy-x*v#5@Xx3p-&3Q)_+#B9x!_S6sNj-L?ID39=)^Xo6 z>L1t9*ZB|1%#LGQHNl$FGRLef=6uJxzdbS}xo}()>-5=b?yd3A1h9Tu$2kv+)j55e zxrbJx3vk}tWqzRXz^^iua!1>Aj6B(E{+VmM1DrqaH`nDJz5#5NkDOEUpm~9hCM>{t z@F(*ookwf{+ozRtKDlJxqUA}>?l;WCJ$UMbcTe+mC@K%`H9L`E*D3R+fYOBS&m&OB18D&7M&F zo;ahYb69K30B)+y>f&Ebmcr_@G**u#JMXlyDE}aLC~Yk-Szl16c(J>)oR`{K!o9sN zn8n{X>KZtf{O!@XQrwE8Al;Ws8GI+tWyy#15kcrWhs^-up?xcO-CyuIIFHtPAp zTH5SUEz+hvST~~g=+qV$_Dl%AF|Eh+X%RQ_o+SO@IG1agWdAyBZB}VP^o6vO>yBP* z(tUzybgwF({nkBqj91nBi}P$VlSWTCKQz8}onu=6F7vnjvV4L6dHt|!1G3iFd{95} z8^`ay?Y6wp=C}v{dD2(I77kogH!}AA<)gvt0{7<5)+Ky%_VP{JTS-4v(LC%ByJ+6& zIHSc!d2{-iHg2EaO&+Wq{7GjYGC$fm*YW<(-M6&%IJ&&spJTR`y_PlP_XSllGsX{( zJ29~C*atp2ZQV|VC2dWq+1|O*RJ0#*}FoCa}VY|8ow&Jbdl%Vx<Di5) z+E^ykeYA3I;HV69m z^XkTT(*|7(a_k@WTFOy#r@z|FuA=EapH0b}>%D()*5G>|3|!p$qA}+6%eF;j{koJE z#nn6g^@x>!9h`XTY{Pl8xBcgEna`;E?aTHboZEcw`)O-tED7#>@a=w8#P1rg{{!JY B5KsUB delta 10388 zcmbVS2Ut{B)1Gs;uxtUAWtXK%7f?`Cj1U{KAeJcDH7aV1u?Dii5B0laPcG9jGyAtCDGol>-2G=~H_vY7ce z`CGc3_&VYg76JOvizFaqF-r`8;_(td0p3*rv%UskvA)2(3g;4-9`DM0hZQ9V*DPdE zQR6XdWc1Pa*{4k?yHv{%|^;_y5zPiqv$ zrH@e+Y9ye>fN8l{0*l!UDakik5hOu84Nnht;MNn&bngN;Ix5{=m~WkXD4c zS;@F_%Y)69u5^4}aOm50L-`C3A#EGZSRU+YNum4l>XKCYFt0iJg4VY+Bb(?bTQA*d zG;|VuTFw@g+m;YlCcnp85hS0}L-XT+H#M0qpEwwG3Ob$`6ucr!kz3K9=L$K6`z78dE^tZ3ilio$; z`7LB5ojMmZBy(u1g2rSQ9beEAH+Tn1qUfE1!^VEKu;?wZ=pcB84&--BIz7DdJ?F8g zaZjFv@ih*X`?aXosy6;=Ur4E|u*^`frI{^GNS6nD2+5gfC6*^+RWOEMwJQJRF5%hd zMax!)5)-XjorL)(6oz2_358}luh1FSkY8AzlyW@H@fyb$3dAsrm zDm`e`ItQWBkM3P(B$agJI={x?FS$x(PZ4+30$nk&EO`cofI0w%NCDWV4t`qcQCW)? zuQNH+VkWbSDOqP=Zb>|olK3L$^%^2J>?hRkn>nwPSm($}{M|R5{-wn7S4#ZN9y4vV z!IQ)l_1_RnaDSI>>^!6xL-O9fi>)IWn=L6X`?WXml6YaIRx%XrA!8_FSf<0>nxn3TFA720tmVCNtvl)#KZtg?A zrGZ<~M4y(?I0_wyqq@YMeR6~waf8P&Ay3C>P)4t3M~!6}U1!e_ZUxhb z9g9f_J+xy98BK@nOdt#Bpd<0VU)F{c2h*bD)#wUT78bz4y@sx#e!JXB3avcSy=d01 z6*B$b&mF5LYm3-D|G&0qh%HgMr!yg^Y5ig&`Hr?N9zlxfredRaO(RsZ_IPDqu@UIy zVxx~}fE)i$1HSQwy#w^@JQLDXL^?Vx3YxWd=Nr-`_{trD=A5ZtUuC#Lg0iQQk7=!ZDC{y@ZE__!fqlAc^UhL5wjb|oLr;bXbLZ0>juLHv{BRMWpk zv7*s`8|HHTVK_?+BZd^ih#`G>_&1ld1V-Vk5)(`AnJEQvANsKp5Z5HGPfW$vbquNv zKCB)Y?)bYu?AA;~6xZ=vcovSYsHY*e3CTem;yMShsVBpm;S5V787`^A@N(^3L@}ZD zBoD{A@D<_%_k1<6LT6ZsWF#5 zcz{?g@5J#i*DmJT8C+Y$<==C())rWpA?_^vZC;jSzKh#M7r^%MKx6YedTFGk#^#k{L7@#1gyTZ^&8?(wtoB0uDgTJ!OZdMu$We8QL9bhzh6 zlr*fh6*0(TC!z)RASUp!vOcpH%gg2};XH1c5;{dNbdXI$jN;=3Ky=bgv*Im|hg3#n;aE%}ny0dx%hNfs7E?;i^+fRi z-JMqchB#aKM6HM2wLqzd!yMh}JVW`|$ZEum3Yi8iLmUu);+P)Dnz2c^79|}KvHyn< zJ(AxL6Emocb^8Y{%*7Z)C1@~fab+(HJBSyvCr5RyziSrn&(;^kaW!`S>s37AXTm7W zlwKMoe4}BrQa#b$3MxlNoH-^ik)#$SC32=6tz}7wdp01FNkkWWeAqbO%rH&I9#KPp zFNP7f%*eOtIN!2IeET}`9(tGe&3fKjR?+m;vrjxIy3`LsM=^*!GgR0(Ju~iLZF*)L z<~WAq3V})L@bOBH7r103q8=`IglY7UqpgRS;@Aki1%auOU#{It*^0kOo z*0KLNWOF?a8Gcv_uY_K>$9R-tV-lEyO{8?$TN^jdWg|oA&$nZv>SwvqWw(k+iXE^U zTw35JDq&^=wpsJ==}7RyPa!2_n->Md(d(DmI(O0t;OCD*$b?`;B8{o^ib>SS;nN^d z2F65eo^**lbW7BzV4B31I3#M+@P))a!`ZVd!|<;cdu2ED>w=H6=pzO-9+$m(Bx+p2 z93{#MeU#w#S`@d}qL^TaWZ4d*nBfzNv6!APUScffjLXUG5;Xy^_&w2cI9de3Dv2$@ zIJIB%T>G`Cp|DS~^j7tzEw8kV8K}Xu-xqz2b0^RM#!Jjyk*H}1>m@b-5;ala-C4A} z4~g`aCM`9#weN;u1eYP64oa*65DS3KNJ5@Q>}QZ*gGd!Weng{EpcL4w5oMAjLmNbEAQ z1SpkQ1^Vm?mnBy1(A%o%UK217L-d3PlCm?lL2rOTfIpdFK-L$YNo**xexMyJ>dxT2 z0q~K;iZR4MNR`-bv>Xh*q!O61fJ0!tr27!(>4w4qiOx4B(&TH~up%k2W4`FR3{5QX zl(SO!OKXHwh@_&rZHoOSKqjC})km&AUC9BMlwMk^w zh;KEyFom;RbACW0fx-?^r&22SX(&`l%p2JkU=7{OCguU#wFR()vurpNepq9JS@<4` zh41g`0*m21XPLmB_$3gJZ=9I!lUj`BbCwB7VW%`ppkO=GWkMV-Vi`2Ei|hm0WzBNP zuVJ?|1t7QXU`nz0t00xL{ZOE{kySA3HQmDhpxeZCxlr5lp=K3S)XaOLSq2uZ5*r$5L^e!fy2ysG6Q+I-RyI-P7imQL>W9Ft*ACHdVIiL= zhTj9_oQdK25HcXoZ<1N1{hMh$-LyZjytrnC%yO_Lvm z1c_}3U~D{NR-E|Aua)*F6iUh)gs}>V5nxPJCWiRchp}jhX}NBg#BOje3nlggw>%)R zF(x+esl+~#F&4_pVWp~aZrYnuWZ^8g42d=8nHF-Er&?bp9w!!amaXchZ4F1^io^zL z39_dW3qaj5@I1)U&Q?XD?ifT$EG4)h9EYwVv#O>98<7r^l+#>oq#SZ2wg?}*a#$>} zihzdjBkYmb!vG_)Qxa2Svz>s)67$DqI{}(QJUrjDlimM!3FDz3zmO zuC(o)OzSW%zCqZzbsg@C4*2tb9h%`wUtA58hWFRrfbK^b%YtX_W5>?XS@0XORW@TC|T~ zp2Y6eO4I%UsTHEGjc%&;Pk72%Hu%f9cBI_v2Rkb6f_eItLSv<*jz?gVm6@}lg z&|5>)Di|dTM@*45KundrgE*d#(`8L@oFR)voFZ$BIGxL9p}ZbwAWByc4A30W3;H1j z!bga8VIpE9j!j`Qj$3niNB9EA-MIV%jvvB$D~d+KY29%63QC=3a10b?LYPw^ettDj z2MV7dww7=vjBxspk7o!gP(Fj(%n;VWQKvOrvW836pyZU(K`uGSB?nP*&gmAH+~Sg3 zD4D3UI?9+MM;Qy|C|d{Dox->zj7!3}BwxppDCP)GZ0yG|mg7K<`5cQmR&oSqW|`r_ zFrQtr17H89CuLmK!wUGBiiWlo42QxG?%$mHWpK3>Mh%fzuevsvcOY)nE2wHdEk zcm)U@Y=;S%toYIKj^i_1H-Wro)#(6&A{h?#)g#W=x+5+(`5fO{E^{@lTmi zOcFr)e)zA}8>g;AZvJ-+I;mMua-x_E9n=m_johztfO-08x{4nY6|ciHn4 zWN>@COBYgVaJg+gIbij<9<6sIw)?G7dRdA6+F)|P(NX0fcO4}NuAkeBMiF1dwCB|V zUNXGo_UF}#1aBt6kt}r1v`*eiyd3aS;pJ%Wd-{Rwqz95~x-C)8;;klFg5RIedV zZGBFuPm;T~nLnxjAUEvSPpb`tT(f^vq4px=qW#Gkbpt}q+t-~_wTcpOtw*gp78Jr@T?+mheat((8PlK*yG&tCSYdUZ#uwwhEq!~ce| zYBE{H=L?AVZlanzB~~Iy1RyQZ;sw^;SClbCsV_>4QR;x)iox-gfno=A@&fNfGJYxp zB4dv6Ze>Z5Dmfs}K;H5tN6m9N5NFOSapX&$B0AJ?)F8(q;(Vq@jRHMMj5$V{!YC8t z6)BBVaP0Dyak?aDVK7yRy$~5G#yj(XE5tO}QkWg{k0WtG$g7-jA;=sAYc;9FHS_i1 z+Hj1;d5*<#7OQ|V##+j&$uw4r|8=YWZG+waMPYB>UeikQnenCjUg8;uB0iEz0JDuGo*bDS27v+}86C zU9Y?OO2EP>78G|3aFf_NC!prVIm0<3+%wqET`;^u6b}qg=p@dmcggUTlkk_p ze)yhYyGo&Sg9A!&&eF$*-Abaf_x;N-PN8#kgQq6`n+@hNZEpdw?=2AiGzmAu>}NfU z_FzR9BNV#W?pGMh_6;qKU%8Nh_6`X~o1cLG6LfhN8 zv{FUiJ3Qmo;3 zoG-Y)egC5&-D@p<=(*|4y=Izr6GA?pKdg(^t$(X&`rUVz%{uV?XLCO-P>ij2|M-Sq z+Z}U`-O~P~)3Fy#cbBz3W7s_1qxp(SbAMhapRlg-X~@xi8(T;1y%-f~+xc^OVXJRb zlJ0lxmlKlrbg@v_)b??<@fT}@n8?NrV;VMyiiwKs8yTo{tdkv|{X|C`M(l$Et|wg2SUzFQ-8HAaLeK%PaQ(a{B~S2|xG7xHZh2uapyDP%!w_36`59DX?OhCvI(6&9(%s~*K@{Qt&%I7^xIT2$bVkJZ^Q34toY^0 zp{5@vm05Pj<+VO)Sn=b-MV}6mRV{oTv7|*=`?Q2Zh3Kb#uv7&~nx|C= 0) { leok = false; addServerWarning("Invalid Let's Encrypt names, can't contain a *."); } else if (obj.config.letsencrypt.email.split('@').length != 2) { leok = false; addServerWarning("Invalid Let's Encrypt email address."); } else if (obj.config.letsencrypt.email.trim() !== obj.config.letsencrypt.email) { leok = false; addServerWarning("Invalid Let's Encrypt email address."); } else { diff --git a/package.json b/package.json index deab06d3..fe4e8505 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.4.9-o", + "version": "0.4.9-q", "keywords": [ "Remote Management", "Intel AMT", diff --git a/public/scripts/amt-0.2.0.js b/public/scripts/amt-0.2.0.js index 9fefec20..4cce0d0f 100644 --- a/public/scripts/amt-0.2.0.js +++ b/public/scripts/amt-0.2.0.js @@ -760,7 +760,7 @@ function AmtStackCreateService(wsmanStack) { // ###BEGIN###{Certificates} // Forge MD5 -function hex_md5(str) { return forge.md.md5.create().update(str).digest().toHex(); } +function hex_md5(str) { if (str == null) { str = ''; } return forge.md.md5.create().update(str).digest().toHex(); } // ###END###{Certificates} @@ -774,6 +774,7 @@ for (var i = 0; i < 64;) { md5_k[i] = 0 | (Math.abs(Math.sin(++i)) * 4294967296) // Perform MD5 on raw string and return hex function hex_md5(str) { + if (str == null) { str = ''; } var b, c, d, j, x = [], str2 = unescape(encodeURI(str)), diff --git a/public/scripts/amt-wsman-ws-0.2.0.js b/public/scripts/amt-wsman-ws-0.2.0.js index 05c15369..b74a0a08 100644 --- a/public/scripts/amt-wsman-ws-0.2.0.js +++ b/public/scripts/amt-wsman-ws-0.2.0.js @@ -80,12 +80,12 @@ var CreateWsmanComm = function (host, port, user, pass, tls) { // Websocket relay specific private method (Content Length Encoding) obj.sendRequest = function (postdata, url, action) { - url = url ? url : "/wsman"; - action = action ? action : "POST"; - var h = action + " " + url + " HTTP/1.1\r\n"; + url = url ? url : '/wsman'; + action = action ? action : 'POST'; + var h = action + ' ' + url + ' HTTP/1.1\r\n'; if (obj.challengeParams != null) { - var response = hex_md5(hex_md5(obj.user + ':' + obj.challengeParams["realm"] + ':' + obj.pass) + ':' + obj.challengeParams["nonce"] + ':' + obj.noncecounter + ':' + obj.cnonce + ':' + obj.challengeParams["qop"] + ':' + hex_md5(action + ':' + url)); - h += 'Authorization: ' + obj.renderDigest({ "username": obj.user, "realm": obj.challengeParams["realm"], "nonce": obj.challengeParams["nonce"], "uri": url, "qop": obj.challengeParams["qop"], "response": response, "nc": obj.noncecounter++, "cnonce": obj.cnonce }) + '\r\n'; + var response = hex_md5(hex_md5(obj.user + ':' + obj.challengeParams['realm'] + ':' + obj.pass) + ':' + obj.challengeParams['nonce'] + ':' + obj.noncecounter + ':' + obj.cnonce + ':' + obj.challengeParams['qop'] + ':' + hex_md5(action + ':' + url + ((obj.challengeParams['qop'] == 'auth-int') ? (':' + hex_md5(postdata)) : ''))); + h += 'Authorization: ' + obj.renderDigest({ 'username': obj.user, 'realm': obj.challengeParams['realm'], 'nonce': obj.challengeParams['nonce'], 'uri': url, 'qop': obj.challengeParams['qop'], 'response': response, 'nc': obj.noncecounter++, 'cnonce': obj.cnonce }) + '\r\n'; } //h += 'Host: ' + obj.host + ':' + obj.port + '\r\nContent-Length: ' + postdata.length + '\r\n\r\n' + postdata; // Use Content-Length h += 'Host: ' + obj.host + ':' + obj.port + '\r\nTransfer-Encoding: chunked\r\n\r\n' + postdata.length.toString(16).toUpperCase() + '\r\n' + postdata + '\r\n0\r\n\r\n'; // Use Chunked-Encoding @@ -93,12 +93,11 @@ var CreateWsmanComm = function (host, port, user, pass, tls) { //obj.Debug("SEND: " + h); // Display send packet } - // Websocket relay specific private method - obj.parseDigest = function (header) { - var t = header.substring(7).split(','); - for (i in t) t[i] = t[i].trim(); - return t.reduce(function (obj, s) { var parts = s.split('='); obj[parts[0]] = parts[1].replace(/"/g, ''); return obj; }, {}) - } + // Parse the HTTP digest header and return a list of key & values. + obj.parseDigest = function (header) { return correctedQuoteSplit(header.substring(7)).reduce(function (obj, s) { var parts = s.trim().split('='); obj[parts[0]] = parts[1].replace(new RegExp('\"', 'g'), ''); return obj; }, {}) } + + // Split a string on quotes but do not do it when in quotes + function correctedQuoteSplit(str) { return str.split(',').reduce(function (a, c) { if (a.ic) { a.st[a.st.length - 1] += ',' + c } else { a.st.push(c) } if (c.split('"').length % 2 == 0) { a.ic = !a.ic } return a; }, { st: [], ic: false }).st } // Websocket relay specific private method obj.renderDigest = function (params) { @@ -117,7 +116,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls) { obj.socketState = 1; console.log(obj.tlsv1only); - obj.socket = new WebSocket(window.location.protocol.replace("http", "ws") + "//" + window.location.host + window.location.pathname.substring(0, window.location.pathname.lastIndexOf('/')) + "/webrelay.ashx?p=1&host=" + obj.host + "&port=" + obj.port + "&tls=" + obj.tls + "&tlsv1only=" + obj.tlsv1only + ((user == '*') ? "&serverauth=1" : "") + ((typeof pass === "undefined") ? ("&serverauth=1&user=" + user) : "")); // The "p=1" indicates to the relay that this is a WSMAN session + obj.socket = new WebSocket(window.location.protocol.replace('http', 'ws') + '//' + window.location.host + window.location.pathname.substring(0, window.location.pathname.lastIndexOf('/')) + '/webrelay.ashx?p=1&host=' + obj.host + '&port=' + obj.port + '&tls=' + obj.tls + '&tlsv1only=' + obj.tlsv1only + ((user == '*') ? '&serverauth=1' : '') + ((typeof pass === 'undefined') ? ('&serverauth=1&user=' + user) : '')); // The "p=1" indicates to the relay that this is a WSMAN session obj.socket.onopen = _OnSocketConnected; obj.socket.onmessage = _OnMessage; obj.socket.onclose = _OnSocketClosed; @@ -154,7 +153,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls) { fileReader.readAsArrayBuffer(e.data); } else { // IE10, readAsBinaryString does not exist, use an alternative. - var binary = "", bytes = new Uint8Array(e.data), length = bytes.byteLength; + var binary = '', bytes = new Uint8Array(e.data), length = bytes.byteLength; for (var i = 0; i < length; i++) { binary += String.fromCharCode(bytes[i]); } _OnSocketData(binary); } @@ -169,7 +168,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls) { if (typeof data === 'object') { // This is an ArrayBuffer, convert it to a string array (used in IE) - var binary = "", bytes = new Uint8Array(data), length = bytes.byteLength; + var binary = '', bytes = new Uint8Array(data), length = bytes.byteLength; for (var i = 0; i < length; i++) { binary += String.fromCharCode(bytes[i]); } data = binary; } @@ -180,10 +179,10 @@ var CreateWsmanComm = function (host, port, user, pass, tls) { obj.socketAccumulator += data; while (true) { if (obj.socketParseState == 0) { - var headersize = obj.socketAccumulator.indexOf("\r\n\r\n"); + var headersize = obj.socketAccumulator.indexOf('\r\n\r\n'); if (headersize < 0) return; //obj.Debug(obj.socketAccumulator.substring(0, headersize)); // Display received HTTP header - obj.socketHeader = obj.socketAccumulator.substring(0, headersize).split("\r\n"); + obj.socketHeader = obj.socketAccumulator.substring(0, headersize).split('\r\n'); obj.socketAccumulator = obj.socketAccumulator.substring(headersize + 4); obj.socketParseState = 1; obj.socketData = ''; @@ -197,12 +196,12 @@ var CreateWsmanComm = function (host, port, user, pass, tls) { } if (obj.socketParseState == 1) { var csize = -1; - if ((obj.socketXHeader["connection"] != undefined) && (obj.socketXHeader["connection"].toLowerCase() == 'close') && ((obj.socketXHeader["transfer-encoding"] == undefined) || (obj.socketXHeader["transfer-encoding"].toLowerCase() != 'chunked'))) { + if ((obj.socketXHeader['connection'] != undefined) && (obj.socketXHeader['connection'].toLowerCase() == 'close') && ((obj.socketXHeader["transfer-encoding"] == undefined) || (obj.socketXHeader["transfer-encoding"].toLowerCase() != 'chunked'))) { // The body ends with a close, in this case, we will only process the header csize = 0; - } else if (obj.socketXHeader["content-length"] != undefined) { + } else if (obj.socketXHeader['content-length'] != undefined) { // The body length is specified by the content-length - csize = parseInt(obj.socketXHeader["content-length"]); + csize = parseInt(obj.socketXHeader['content-length']); if (obj.socketAccumulator.length < csize) return; var data = obj.socketAccumulator.substring(0, csize); obj.socketAccumulator = obj.socketAccumulator.substring(csize); @@ -239,6 +238,11 @@ var CreateWsmanComm = function (host, port, user, pass, tls) { if (isNaN(s)) s = 602; if (s == 401 && ++(obj.authcounter) < 3) { obj.challengeParams = obj.parseDigest(header['www-authenticate']); // Set the digest parameters, after this, the socket will close and we will auto-retry + if (obj.challengeParams['qop'] != null) { + var qopList = obj.challengeParams['qop'].split(','); + for (var i in qopList) { qopList[i] = qopList[i].trim(); } + if (qopList.indexOf('auth-int') >= 0) { obj.challengeParams['qop'] = 'auth-int'; } else { obj.challengeParams['qop'] = 'auth'; } + } } else { var r = obj.pendingAjaxCall.shift(); // if (s != 200) { obj.Debug("Error, status=" + s + "\r\n\r\nreq=" + r[0] + "\r\n\r\nresp=" + data); } // Debug: Display the request & response if something did not work. diff --git a/redirserver.js b/redirserver.js index 720b5e7e..884bda73 100644 --- a/redirserver.js +++ b/redirserver.js @@ -75,7 +75,15 @@ module.exports.CreateRedirServer = function (parent, db, args, func) { parent.letsencrypt.challenge(req.url.slice(leChallengePrefix.length), getCleanHostname(req), function (response) { if (response == null) { res.sendStatus(404); } else { res.send(response); } }); } else { // Everything else - res.set({ 'strict-transport-security': "max-age=60000; includeSubDomains", "Referrer-Policy": "no-referrer", "x-frame-options": "SAMEORIGIN", "X-XSS-Protection": "1; mode=block", "X-Content-Type-Options": "nosniff", "Content-Security-Policy": "default-src http: ws: \"self\" \"unsafe-inline\"" }); + var selfurl = ((args.notls !== true) ? (' wss://' + req.headers.host) : (' ws://' + req.headers.host)); + res.set({ + 'strict-transport-security': 'max-age=60000; includeSubDomains', + 'Referrer-Policy': 'no-referrer', + 'x-frame-options': 'SAMEORIGIN', + 'X-XSS-Protection': '1; mode=block', + 'X-Content-Type-Options': 'nosniff', + 'Content-Security-Policy': "default-src 'none'; style-src 'self' 'unsafe-inline';" + }); return next(); } });