From 60bce86622b6b04476c8292eb7abd8e23a76d1f4 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Mon, 23 Sep 2019 11:45:10 -0700 Subject: [PATCH] Session IP binding, MeshCtrl Invite Link --- agents/modules_meshcmd/sysinfo.js | 4 +- agents/modules_meshcmd_min/sysinfo.min.js | 1 + .../modules_meshcmd_min/user-sessions.min.js | 1 + meshctrl.js | 32 +++++++++- meshuser.js | 64 ++++++++++++------- package.json | 2 +- webserver.js | 7 +- 7 files changed, 77 insertions(+), 34 deletions(-) create mode 100644 agents/modules_meshcmd_min/sysinfo.min.js create mode 100644 agents/modules_meshcmd_min/user-sessions.min.js diff --git a/agents/modules_meshcmd/sysinfo.js b/agents/modules_meshcmd/sysinfo.js index 5b73b4fb..4fc1869b 100644 --- a/agents/modules_meshcmd/sysinfo.js +++ b/agents/modules_meshcmd/sysinfo.js @@ -14,8 +14,8 @@ See the License for the specific language governing permissions and limitations under the License. */ -const PDH_FMT_LONG = 0x00000100; -const PDH_FMT_DOUBLE = 0x00000200; +var PDH_FMT_LONG = 0x00000100; +var PDH_FMT_DOUBLE = 0x00000200; var promise = require('promise'); if (process.platform == 'win32') diff --git a/agents/modules_meshcmd_min/sysinfo.min.js b/agents/modules_meshcmd_min/sysinfo.min.js new file mode 100644 index 00000000..9230bd6b --- /dev/null +++ b/agents/modules_meshcmd_min/sysinfo.min.js @@ -0,0 +1 @@ +var PDH_FMT_LONG=256;var PDH_FMT_DOUBLE=512;var promise=require("promise");if(process.platform=="win32"){var GM=require("_GenericMarshal");GM.kernel32=GM.CreateNativeProxy("kernel32.dll");GM.kernel32.CreateMethod("GlobalMemoryStatusEx");GM.pdh=GM.CreateNativeProxy("pdh.dll");GM.pdh.CreateMethod("PdhAddEnglishCounterA");GM.pdh.CreateMethod("PdhCloseQuery");GM.pdh.CreateMethod("PdhCollectQueryData");GM.pdh.CreateMethod("PdhGetFormattedCounterValue");GM.pdh.CreateMethod("PdhGetFormattedCounterArrayA");GM.pdh.CreateMethod("PdhOpenQueryA");GM.pdh.CreateMethod("PdhRemoveCounter")}function windows_cpuUtilization(){var b=new promise(function(d,c){this._res=d;this._rej=c});b.counter=GM.CreateVariable(16);b.cpu=GM.CreatePointer();b.cpuTotal=GM.CreatePointer();var a=0;if((a=GM.pdh.PdhOpenQueryA(0,0,b.cpu).Val)!=0){b._rej(a);return}if((a=GM.pdh.PdhAddEnglishCounterA(b.cpu.Deref(),GM.CreateVariable("\\Processor(*)\\% Processor Time"),0,b.cpuTotal).Val)!=0){b._rej(a);return}if((a=GM.pdh.PdhCollectQueryData(b.cpu.Deref()).Val!=0)){b._rej(a);return}b._timeout=setTimeout(function(k){var m={cpus:[]};var d=GM.CreateVariable(4);var j=GM.CreateVariable(4);var c,l,h;var f;if((f=GM.pdh.PdhCollectQueryData(k.cpu.Deref()).Val!=0)){k._rej(f);return}if((f=GM.pdh.PdhGetFormattedCounterArrayA(k.cpuTotal.Deref(),PDH_FMT_DOUBLE,d,j,0).Val)==-2147481646){c=GM.CreateVariable(d.toBuffer().readUInt32LE())}else{k._rej(f);return}if((f=GM.pdh.PdhGetFormattedCounterArrayA(k.cpuTotal.Deref(),PDH_FMT_DOUBLE,d,j,c).Val)!=0){k._rej(f);return}for(var g=0;g0){var f=c[0].split(":")[1];var a=f.split(",");var e=parseFloat(a[0].split("%")[0].trim())+parseFloat(a[1].split("%")[0].trim());d._res({total:e,cpus:[]})}else{d._rej("parse error")}return(d)}function macos_memUtilization(){var d={};var e=new promise(function(h,g){this._res=h;this._rej=g});var b=require("child_process").execFile("/bin/sh",["sh"]);b.stdout.str="";b.stdout.on("data",function(g){this.str+=g.toString()});b.stdin.write('top -l 1 | grep -E "^Phys"\nexit\n');b.waitExit();var c=b.stdout.str.split("\n");if(c[0].length>0){var f=c[0].split(":")[1];var a=f.split(",");d.MemTotal=parseInt(a[0].trim().split(" ")[0]);d.MemFree=parseInt(a[1].trim().split(" ")[0]);d.percentFree=((d.MemFree/d.MemTotal)*100).toFixed(2);d.percentConsumed=(((d.MemTotal-d.MemFree)/d.MemTotal)*100).toFixed(2);return(d)}else{throw ("Parse Error")}}switch(process.platform){case"linux":module.exports={cpuUtilization:linux_cpuUtilization,memUtilization:linux_memUtilization};break;case"win32":module.exports={cpuUtilization:windows_cpuUtilization,memUtilization:windows_memUtilization};break;case"darwin":module.exports={cpuUtilization:macos_cpuUtilization,memUtilization:macos_memUtilization};break}; \ No newline at end of file diff --git a/agents/modules_meshcmd_min/user-sessions.min.js b/agents/modules_meshcmd_min/user-sessions.min.js new file mode 100644 index 00000000..a059a1fc --- /dev/null +++ b/agents/modules_meshcmd_min/user-sessions.min.js @@ -0,0 +1 @@ +var NOTIFY_FOR_THIS_SESSION=0;var NOTIFY_FOR_ALL_SESSIONS=1;var WM_WTSSESSION_CHANGE=689;var WM_POWERBROADCAST=536;var PBT_POWERSETTINGCHANGE=32787;var PBT_APMSUSPEND=4;var PBT_APMRESUMESUSPEND=7;var PBT_APMRESUMEAUTOMATIC=18;var PBT_APMPOWERSTATUSCHANGE=10;var WTS_CONSOLE_CONNECT=(1);var WTS_CONSOLE_DISCONNECT=(2);var WTS_REMOTE_CONNECT=(3);var WTS_REMOTE_DISCONNECT=(4);var WTS_SESSION_LOGON=(5);var WTS_SESSION_LOGOFF=(6);var WTS_SESSION_LOCK=(7);var WTS_SESSION_UNLOCK=(8);var WTS_SESSION_REMOTE_CONTROL=(9);var WTS_SESSION_CREATE=(10);var WTS_SESSION_TERMINATE=(11);var GUID_ACDC_POWER_SOURCE;var GUID_BATTERY_PERCENTAGE_REMAINING;var GUID_CONSOLE_DISPLAY_STATE;function UserSessions(){this._ObjectID="user-sessions";require("events").EventEmitter.call(this,true).createEvent("changed").createEvent("locked").createEvent("unlocked");this.enumerateUsers=function h(){var s=require("promise");var r=new s(function(t,p){this.__resolver=t;this.__rejector=p});r.__handler=function o(p){r.__resolver(p)};try{this.Current(r.__handler)}catch(q){r.__rejector(q)}r.parent=this;return(r)};if(process.platform=="win32"){this._serviceHooked=false;this._marshal=require("_GenericMarshal");this._kernel32=this._marshal.CreateNativeProxy("Kernel32.dll");this._kernel32.CreateMethod("GetLastError");try{this._wts=this._marshal.CreateNativeProxy("Wtsapi32.dll");this._wts.CreateMethod("WTSEnumerateSessionsA");this._wts.CreateMethod("WTSQuerySessionInformationA");this._wts.CreateMethod("WTSRegisterSessionNotification");this._wts.CreateMethod("WTSUnRegisterSessionNotification");this._wts.CreateMethod("WTSFreeMemory")}catch(i){}this._advapi=this._marshal.CreateNativeProxy("Advapi32.dll");this._advapi.CreateMethod("AllocateAndInitializeSid");this._advapi.CreateMethod("CheckTokenMembership");this._advapi.CreateMethod("FreeSid");this._user32=this._marshal.CreateNativeProxy("user32.dll");this._user32.CreateMethod({method:"RegisterPowerSettingNotification",threadDispatch:1});this._user32.CreateMethod("UnregisterPowerSettingNotification");this._rpcrt=this._marshal.CreateNativeProxy("Rpcrt4.dll");this._rpcrt.CreateMethod("UuidFromStringA");this._rpcrt.StringToUUID=function n(o){var p=n.us._marshal.CreateVariable(16);if(n.us._rpcrt.UuidFromStringA(n.us._marshal.CreateVariable(o),p).Val==0){return(p)}else{throw ("Could not convert string to UUID")}};this._rpcrt.StringToUUID.us=this;GUID_ACDC_POWER_SOURCE=this._rpcrt.StringToUUID("5d3e9a59-e9D5-4b00-a6bd-ff34ff516548");GUID_BATTERY_PERCENTAGE_REMAINING=this._rpcrt.StringToUUID("a7ad8041-b45a-4cae-87a3-eecbb468a9e1");GUID_CONSOLE_DISPLAY_STATE=this._rpcrt.StringToUUID("6fe69556-704a-47a0-8f24-c28d936fda47");this.SessionStates=["Active","Connected","ConnectQuery","Shadow","Disconnected","Idle","Listening","Reset","Down","Init"];this.InfoClass={WTSInitialProgram:0,WTSApplicationName:1,WTSWorkingDirectory:2,WTSOEMId:3,WTSSessionId:4,WTSUserName:5,WTSWinStationName:6,WTSDomainName:7,WTSConnectState:8,WTSClientBuildNumber:9,WTSClientName:10,WTSClientDirectory:11,WTSClientProductId:12,WTSClientHardwareId:13,WTSClientAddress:14,WTSClientDisplay:15,WTSClientProtocolType:16,WTSIdleTime:17,WTSLogonTime:18,WTSIncomingBytes:19,WTSOutgoingBytes:20,WTSIncomingFrames:21,WTSOutgoingFrames:22,WTSClientInfo:23,WTSSessionInfo:24,WTSSessionInfoEx:25,WTSConfigInfo:26,WTSValidationInfo:27,WTSSessionAddressV4:28,WTSIsRemoteSession:29};this.isRoot=function k(){var r=this._marshal.CreateVariable(6);r.toBuffer().writeInt8(5,5);var p=this._marshal.CreatePointer();var o=false;if(this._advapi.AllocateAndInitializeSid(r,2,32,544,0,0,0,0,0,0,p).Val!=0){var q=this._marshal.CreateInteger();if(this._advapi.CheckTokenMembership(0,p.Deref(),q).Val!=0){if(q.toBuffer().readUInt32LE()!=0){o=true}}this._advapi.FreeSid(p.Deref())}return o};this.getSessionAttribute=function j(s,o){var p=this._marshal.CreatePointer();var q=this._marshal.CreateVariable(4);if(this._wts.WTSQuerySessionInformationA(0,s,o,p,q).Val==0){throw ("Error calling WTSQuerySessionInformation: "+this._kernel32.GetLastError.Val)}var r=p.Deref().String;this._wts.WTSFreeMemory(p.Deref());return(r)};this.Current=function f(o){var u={};var t=this._marshal.CreatePointer();var p=this._marshal.CreateVariable(4);if(this._wts.WTSEnumerateSessionsA(0,0,1,t,p).Val==0){throw ("Error calling WTSEnumerateSessionsA: "+this._kernel32.GetLastError().Val)}for(var q=0;q= 0) {printf \"%s:%s\\n\", $1, $3}' /etc/passwd\nexit\n");o.waitExit();var p=o.stdout.str.split("\n");var r={},s;for(var q in p){s=p[q].split(":");if(s[0]){r[s[0]]=s[1]}}return(r)};this._uids=function c(){var o=require("child_process").execFile("/bin/sh",["sh"]);o.stdout.str="";o.stdout.on("data",function(t){this.str+=t.toString()});o.stdin.write("awk -F: '($3 >= 0) {printf \"%s:%s\\n\", $1, $3}' /etc/passwd\nexit\n");o.waitExit();var p=o.stdout.str.split("\n");var r={},s;for(var q in p){s=p[q].split(":");if(s[0]){r[s[1]]=s[0]}}return(r)};this.Self=function m(){var q=require("promise");var o=new q(function(r,p){this.__resolver=r;this.__rejector=p;this.__child=require("child_process").execFile("/usr/bin/id",["id","-u"]);this.__child.promise=this;this.__child.stdout._txt="";this.__child.stdout.on("data",function(s){this._txt+=s.toString()});this.__child.on("exit",function(s){try{parseInt(this.stdout._txt)}catch(t){this.promise.__rejector("invalid uid");return}var u=parseInt(this.stdout._txt);this.promise.__resolver(u)})});return(o)};this.Current=function f(o){var p={};p._ObjectID="UserSession";Object.defineProperty(p,"_callback",{value:o});Object.defineProperty(p,"_child",{value:require("child_process").execFile("/usr/bin/last",["last","-f","/var/run/utmp"])});p._child.Parent=p;p._child._txt="";p._child.on("exit",function(q){var u=this._txt.split("\n");var A=[];var D={};for(var t in u){if(u[t]){var B=getTokens(u[t]);var z={Username:B[0],SessionId:B[1]};if(B[3].includes("still logged in")){z.State="Active"}else{z.LastActive=B[3]}A.push(z)}}A.pop();var C={};var y=[];for(var t in A){if(A[t].Username!="reboot"){D[A[t].SessionId]=A[t];if(C[A[t].Username]==null){C[A[t].Username]=-1}}}try{require("promise")}catch(r){Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(this.Parent._callback){this.Parent._callback.call(this.Parent,D)}return}var x=require("promise");for(var v in C){var w=new x(function(E,s){this.__username=v;this.__resolver=E;this.__rejector=s;this.__child=require("child_process").execFile("/usr/bin/id",["id","-u",v]);this.__child.promise=this;this.__child.stdout._txt="";this.__child.stdout.on("data",function(F){this._txt+=F.toString()});this.__child.on("exit",function(F){try{parseInt(this.stdout._txt)}catch(G){this.promise.__rejector("invalid uid");return}var H=parseInt(this.stdout._txt);this.promise.__resolver(H)})});y.push(w)}x.all(y).then(function(E){var F={};for(var s in E){F[E[s].__username]=E[s]._internal.completedArgs[0]}for(var s in D){D[s].uid=F[D[s].Username]}Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(p._callback){p._callback.call(p,D)}},function(s){Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(p._callback){p._callback.call(p,D)}})});p._child.stdout.Parent=p._child;p._child.stdout.on("data",function(q){this.Parent._txt+=q.toString()});return(p)};this._recheckLoggedInUsers=function a(){this.enumerateUsers().then(function(o){if(o.Active.length>0){if(this.parent._linux_lock_watcher!=null&&this.parent._linux_lock_watcher.uid!=o.Active[0].uid){delete this.parent._linux_lock_watcher}this.parent._linux_lock_watcher=new g(process.env.XDG_CURRENT_DESKTOP=="Unity"?"com.ubuntu.Upstart0_6":"org.gnome.ScreenSaver",o.Active[0].uid);this.parent._linux_lock_watcher.user_session=this.parent;this.parent._linux_lock_watcher.on("signal",function(r){var q=this.user_session.enumerateUsers();q.signalData=r.data[0];q.then(function(p){switch(this.signalData){case true:case"desktop-lock":this.parent.emit("locked",p.Active[0]);break;case false:case"desktop-unlock":this.parent.emit("unlocked",p.Active[0]);break}})})}else{if(this.parent._linux_lock_watcher!=null){delete this.parent._linux_lock_watcher}}})};this.on("changed",this._recheckLoggedInUsers);this._recheckLoggedInUsers()}else{if(process.platform=="darwin"){this._users=function(){var o=require("child_process").execFile("/usr/bin/dscl",["dscl",".","list","/Users","UniqueID"]);o.stdout.str="";o.stdout.on("data",function(t){this.str+=t.toString()});o.stdin.write("exit\n");o.waitExit();var q=o.stdout.str.split("\n");var r,p;var s={};for(p=0;p0;++r){if(!u[s[r].split(" ")[0]]){try{u[s[r].split(" ")[0]]={Username:s[r].split(" ")[0],State:s[r].split("still logged in").length>1?"Active":"Inactive",uid:t.uid[s[r].split(" ")[0]]}}catch(q){}}else{if(u[s[r].split(" ")[0]].State!="Active"&&s[r].split("still logged in").length>1){u[s[r].split(" ")[0]].State="Active"}}}Object.defineProperty(u,"Active",{value:showActiveOnly(u)});if(o){o.call(this,u)}}}}}if(process.platform=="linux"||process.platform=="darwin"){this._self=function b(){var o=require("child_process").execFile("/usr/bin/id",["id","-u"]);o.stdout.str="";o.stdout.on("data",function(p){this.str+=p.toString()});o.waitExit();return(parseInt(o.stdout.str))};this.isRoot=function k(){return(this._self()==0)};this.consoleUid=function e(){var o=process.platform=="darwin"?"console":((process.env.DISPLAY)?process.env.DISPLAY:":0");var p=require("child_process").execFile("/bin/sh",["sh"]);p.stdout.str="";p.stdout.on("data",function(u){this.str+=u.toString()});p.stdin.write("who\nexit\n");p.waitExit();var s=p.stdout.str.split("\n");var t,q,r;for(q in s){t=s[q].split(" ");for(r=1;r0){return(parseInt(this._users()[t[0]]))}}}throw ("nobody logged into console")}}}function showActiveOnly(c){var b=[];var e={};var f=[];var d;for(var a in c){if(c[a].State=="Active"){b.push(c[a]);d=(c[a].Domain?(c[a].Domain+"\\"):"")+c[a].Username;if(!e[d]){e[d]=d}}}for(var a in e){f.push(a)}Object.defineProperty(b,"usernames",{value:f});return(b)}function getTokens(d){var a=[];var b;a.push(d.substring(0,(b=d.indexOf(" "))));while(d[++b]==" "){}a.push(d.substring(b,(b=d.substring(b).indexOf(" ")+b)));while(d[++b]==" "){}a.push(d.substring(b,(b=d.substring(b).indexOf(" ")+b)));while(d[++b]==" "){}var c=d.substring(b).trim();a.push(c);return(a)}module.exports=new UserSessions(); \ No newline at end of file diff --git a/meshctrl.js b/meshctrl.js index 6e6a04b8..63fa68c7 100644 --- a/meshctrl.js +++ b/meshctrl.js @@ -3,7 +3,7 @@ const crypto = require('crypto'); var settings = {}; const args = require('minimist')(process.argv.slice(2)); -const possibleCommands = ['listusers', 'listdevicegroups', 'listdevices', 'listusersofdevicegroup', 'serverinfo', 'userinfo', 'adduser', 'removeuser', 'adddevicegroup', 'removedevicegroup', 'broadcast', 'addusertodevicegroup', 'removeuserfromdevicegroup', 'sendinviteemail']; +const possibleCommands = ['listusers', 'listdevicegroups', 'listdevices', 'listusersofdevicegroup', 'serverinfo', 'userinfo', 'adduser', 'removeuser', 'adddevicegroup', 'removedevicegroup', 'broadcast', 'addusertodevicegroup', 'removeuserfromdevicegroup', 'sendinviteemail', 'generateinvitelink']; //console.log(args); if (args['_'].length == 0) { @@ -25,6 +25,7 @@ if (args['_'].length == 0) { console.log(" AddUserToDeviceGroup - Add a user to a device group."); console.log(" RemoveUserFromDeviceGroup - Remove a user from a device group."); console.log(" SendInviteEmail - Send an agent install invitation email."); + console.log(" GenerateInviteLink - Create an invitation link."); console.log(" Broadcast - Display a message to all online users."); console.log("\r\nSupported login arguments:"); console.log(" --url [wss://server] - Server url, wss://localhost:443 is default."); @@ -96,6 +97,12 @@ if (args['_'].length == 0) { else { ok = true; } break; } + case 'generateinvitelink': { + if (args.id == null) { console.log("Device group identifier id missing, use --id [groupid]"); } + else if (args.hours == null) { console.log("Invitation validity period missing, use --hours [hours]"); } + else { ok = true; } + break; + } case 'help': { if (args['_'].length < 2) { console.log("Get help on an action. Type:\r\n\r\n help [action]\r\n\r\nPossible actions are: " + possibleCommands.join(', ') + '.'); @@ -109,6 +116,15 @@ if (args['_'].length == 0) { console.log(" --email [email] - Email address."); break; } + case 'generateinvitelink': { + console.log("Generate a agent invitation URL for a given group. Example usage:\r\n"); + console.log(" MeshCtrl GenerateInviteLink --id devicegroupid --hours 24"); + console.log(" MeshCtrl GenerateInviteLink --id devicegroupid --hours 0"); + console.log("\r\nRequired arguments:\r\n"); + console.log(" --id [groupid] - Device group identifier."); + console.log(" --hours [hours] - Validity period in hours or 0 for infinit."); + break; + } case 'serverinfo': { console.log("Get information on the MeshCentral server, Example usages:\r\n"); console.log(" MeshCtrl ServerInfo --loginuser myaccountname --loginpass mypassword"); @@ -395,6 +411,11 @@ function serverConnect() { ws.send(JSON.stringify(op)); break; } + case 'generateinvitelink': { + var op = { action: "createInviteLink", meshid: args.id, expire: args.hours, flags: 0, responseid: 'meshctrl' } + ws.send(JSON.stringify(op)); + break; + } case 'broadcast': { var op = { action: 'userbroadcast', msg: args.msg, responseid: 'meshctrl' }; ws.send(JSON.stringify(op)); @@ -439,7 +460,7 @@ function serverConnect() { case 'deletemesh': // REMOVEDEVICEGROUP case 'addmeshuser': // case 'removemeshuser': // - case 'inviteAgent': + case 'inviteAgent': // case 'userbroadcast': { // BROADCAST if (data.responseid == 'meshctrl') { if (data.meshid) { console.log(data.result, data.meshid); } @@ -449,6 +470,13 @@ function serverConnect() { } break; } + case 'createInviteLink': + if (data.responseid == 'meshctrl') { + if (data.url) { console.log(data.url); } + else console.log(data.result); + process.exit(); + } + break; case 'users': { // LISTUSERS if (args.json) { console.log(JSON.stringify(data.users, ' ', 2)); diff --git a/meshuser.js b/meshuser.js index 629b316d..b9eb046a 100644 --- a/meshuser.js +++ b/meshuser.js @@ -48,10 +48,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use obj.user = user; obj.domain = domain; - // Server side amt stack - var WsmanComm = require('./amt/amt-wsman-comm.js'); - var Wsman = require('./amt/amt-wsman.js'); - var Amt = require('./amt/amt.js'); + // Server side Intel AMT stack + const WsmanComm = require('./amt/amt-wsman-comm.js'); + const Wsman = require('./amt/amt-wsman.js'); + const Amt = require('./amt/amt.js'); // Send a message to the user //obj.send = function (data) { try { if (typeof data == 'string') { ws.send(Buffer.from(data, 'binary')); } else { ws.send(data); } } catch (e) { } } @@ -2772,14 +2772,32 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use break; } case 'createInviteLink': { - if (common.validateString(command.meshid, 8, 128) == false) break; // Check the meshid - if (common.validateInt(command.expire, 0, 99999) == false) break; // Check the expire time in hours - if (common.validateInt(command.flags, 0, 256) == false) break; // Check the flags + var err = null; + if (common.validateString(command.meshid, 8, 128) == false) { err = 'Invalid group id'; } // Check the meshid + else if (common.validateInt(command.expire, 0, 99999) == false) { err = 'Invalid expire time'; } // Check the expire time in hours + else if (common.validateInt(command.flags, 0, 256) == false) { err = 'Invalid flags'; }; // Check the flags + if (command.meshid.split('/').length == 1) { command.meshid = 'mesh/' + domain.id + '/' + command.meshid; } + var smesh = command.meshid.split('/'); + if ((smesh.length != 3) || (smesh[0] != 'mesh') || (smesh[1] != domain.id)) { err = 'Invalid group id'; } + + // Handle any errors + if (err != null) { + if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'createInviteLink', responseid: command.responseid, result: err })); } catch (ex) { } } + break; + } + mesh = parent.meshes[command.meshid]; - if (mesh == null) break; + if (mesh == null) { if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'createInviteLink', responseid: command.responseid, result: 'Unable to find this device group id' })); } catch (ex) { } } break; } const inviteCookie = parent.parent.encodeCookie({ a: 4, mid: command.meshid, f: command.flags, expire: command.expire * 60 }, parent.parent.invitationLinkEncryptionKey); - if (inviteCookie == null) break; - ws.send(JSON.stringify({ action: 'createInviteLink', meshid: command.meshid, expire: command.expire, cookie: inviteCookie })); + if (inviteCookie == null) { if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'createInviteLink', responseid: command.responseid, result: 'Unable to generate invitation cookie' })); } catch (ex) { } } break; } + + // Create the server url + var httpsPort = ((args.aliasport == null) ? args.port : args.aliasport); // Use HTTPS alias port is specified + var xdomain = (domain.dns == null) ? domain.id : ''; + if (xdomain != '') xdomain += "/"; + var url = "http" + (args.notls ? '' : 's') + "://" + parent.getWebServerName(domain) + ":" + httpsPort + "/" + xdomain + "agentinvite?c=" + inviteCookie; + + ws.send(JSON.stringify({ action: 'createInviteLink', meshid: command.meshid, url: url, expire: command.expire, cookie: inviteCookie, responseid: command.responseid, tag: command.tag })); break; } case 'traceinfo': { @@ -2792,9 +2810,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use case 'amt': { if (common.validateString(command.nodeid, 1, 1024) == false) break; // Check nodeid if (common.validateInt(command.mode, 0, 3) == false) break; // Check connection mode - // validate if communication mode is possible + // Validate if communication mode is possible if (command.mode == null || command.mode==0) { - break;//unsupported + break; //unsupported } else if (command.mode == 1) { var state = parent.parent.GetConnectivityState(command.nodeid); if ( (state == null) || (state.connectivity & 4)==0 ) break; @@ -2811,7 +2829,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use var node = nodes[0]; // Get the mesh for this device - mesh = parent.meshes[node.meshid]; + var mesh = parent.meshes[node.meshid]; if (mesh) { // Check if this user has rights to do this if (mesh.links[user._id] != null && ((mesh.links[user._id].rights & 8) != 0)) { // "Remote Control permission" @@ -2951,29 +2969,27 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use function getRandomPassword() { return Buffer.from(parent.crypto.randomBytes(9), 'binary').toString('base64').split('/').join('@'); } function handleAmtCommand(cmd, node) { - if (cmd==null) return; + if (cmd == null) return; var host = cmd.nodeid; - if (cmd.mode==1) { - host = node.host; - } + if (cmd.mode == 1) { host = node.host; } var tlsoptions = null; - var wsman = new Wsman(WsmanComm, host, node.intelamt.tls? 16993: 16992, node.intelamt.user, node.intelamt.pass, - node.intelamt.tls,tlsoptions, parent.parent, cmd.mode); + var wsman = new Wsman(WsmanComm, host, node.intelamt.tls ? 16993 : 16992, node.intelamt.user, node.intelamt.pass, + node.intelamt.tls, tlsoptions, parent.parent, cmd.mode); var amt = new Amt(wsman); switch (cmd.command) { case "Get-GeneralSettings": { - amt.Get("AMT_GeneralSettings", function(obj, name, response, status) { - if (status==200) { - var resp = { action: 'amt', nodeid: cmd.nodeid, command: 'Get-GeneralSettings', value: response.Body} + amt.Get("AMT_GeneralSettings", function (obj, name, response, status) { + if (status == 200) { + var resp = { action: 'amt', nodeid: cmd.nodeid, command: 'Get-GeneralSettings', value: response.Body } ws.send(JSON.stringify(resp)); } else { - ws.send(JSON.stringify({"error": error})); + ws.send(JSON.stringify({ "error": error })); } }); break; } default: { - // do nothing + // Do nothing } } } diff --git a/package.json b/package.json index cb44578e..d2a0037b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.4.1-b", + "version": "0.4.1-c", "keywords": [ "Remote Management", "Intel AMT", diff --git a/webserver.js b/webserver.js index abb0759b..adfcff26 100644 --- a/webserver.js +++ b/webserver.js @@ -3173,9 +3173,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // { 'Referrer-Policy': 'no-referrer', 'x-frame-options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "default-src http: ws: data: 'self';script-src http: 'unsafe-inline';style-src http: 'unsafe-inline'" }; if ((domain != null) && (domain.httpheaders != null) && (typeof domain.httpheaders == 'object')) { res.set(domain.httpheaders); - } - /* - else { + } else { // Use default security headers res.set({ "X-Frame-Options": "sameorigin", @@ -3185,10 +3183,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { "Content-Security-Policy": "default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-src 'self'; media-src 'self'" }); } - */ // Check the session if bound to the external IP address - //if ((req.session.ip != null) && (req.ip != null) && (req.session.ip != req.ip)) { req.session = {}; } + if ((req.session.ip != null) && (req.ip != null) && (req.session.ip != req.ip)) { req.session = {}; } // Detect if this is a file sharing domain, if so, just share files. if ((domain != null) && (domain.share != null)) {