mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-23 21:55:52 -05:00
Added --tlsoffload support
This commit is contained in:
parent
ee92143a18
commit
8dbddc60a5
@ -640,6 +640,10 @@ function createMeshCore(agent) {
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'dbkeys': { // Return all data store keys
|
||||
response = JSON.stringify(db.Keys);
|
||||
break;
|
||||
}
|
||||
case 'dbget': { // Return the data store value for a given key
|
||||
if (db == null) { response = 'Database not accessible.'; break; }
|
||||
if (args['_'].length != 1) {
|
||||
|
@ -57,7 +57,7 @@ function CreateMeshCentralServer() {
|
||||
try { require('./pass').hash('test', function () { }); } catch (e) { console.log('Old version of node, must upgrade.'); return; } // TODO: Not sure if this test works or not.
|
||||
|
||||
// Check for invalid arguments
|
||||
var validArguments = ['_', 'notls', 'user', 'port', 'mpsport', 'redirport', 'cert', 'deletedomain', 'deletedefaultdomain', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbimport', 'selfupdate'];
|
||||
var validArguments = ['_', 'notls', 'user', 'port', 'mpsport', 'redirport', 'cert', 'deletedomain', 'deletedefaultdomain', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbimport', 'selfupdate', 'tlsoffload'];
|
||||
for (var arg in obj.args) { if (validArguments.indexOf(arg.toLocaleLowerCase()) == -1) { console.log('Invalid argument "' + arg + '", use --help.'); return; } }
|
||||
if (obj.args.mongodb == true) { console.log('Must specify: --mongodb [connectionstring] \r\nSee https://docs.mongodb.com/manual/reference/connection-string/ for MongoDB connection string.'); return; }
|
||||
|
||||
|
2088
mesherrors.txt
2088
mesherrors.txt
File diff suppressed because it is too large
Load Diff
19
mpsserver.js
19
mpsserver.js
@ -9,14 +9,19 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) {
|
||||
var obj = {};
|
||||
obj.parent = parent;
|
||||
obj.db = db;
|
||||
obj.args = args;
|
||||
obj.certificates = certificates;
|
||||
obj.ciraConnections = {};
|
||||
var common = require('./common.js');
|
||||
var net = require('net');
|
||||
var tls = require('tls');
|
||||
|
||||
obj.server = tls.createServer({ key: certificates.mps.key, cert: certificates.mps.cert, requestCert: true }, onConnection);
|
||||
|
||||
|
||||
if (obj.args.tlsoffload) {
|
||||
obj.server = net.createServer(onConnection);
|
||||
} else {
|
||||
obj.server = tls.createServer({ key: certificates.mps.key, cert: certificates.mps.cert, requestCert: true }, onConnection);
|
||||
}
|
||||
|
||||
obj.server.listen(args.mpsport, function () { console.log('MeshCentral Intel(R) AMT server running on ' + certificates.CommonName + ':' + args.mpsport + '.'); }).on('error', function (err) { console.error('ERROR: MeshCentral Intel(R) AMT server port ' + args.mpsport + ' is not available.'); if (args.exactports) { process.exit(); } });
|
||||
|
||||
var APFProtocol = {
|
||||
@ -79,7 +84,11 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) {
|
||||
}
|
||||
|
||||
function onConnection(socket) {
|
||||
socket.tag = { first: true, clientCert: socket.getPeerCertificate(true), accumulator: "", activetunnels: 0, boundPorts: [], socket: socket, host: null, nextchannelid: 4, channels: {}, nextsourceport: 0 };
|
||||
if (obj.args.tlsoffload) {
|
||||
socket.tag = { first: true, clientCert: null, accumulator: "", activetunnels: 0, boundPorts: [], socket: socket, host: null, nextchannelid: 4, channels: {}, nextsourceport: 0 };
|
||||
} else {
|
||||
socket.tag = { first: true, clientCert: socket.getPeerCertificate(true), accumulator: "", activetunnels: 0, boundPorts: [], socket: socket, host: null, nextchannelid: 4, channels: {}, nextsourceport: 0 };
|
||||
}
|
||||
socket.setEncoding('binary');
|
||||
Debug(1, 'MPS:New CIRA connection');
|
||||
|
||||
@ -91,7 +100,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) {
|
||||
if (socket.tag.first == true) {
|
||||
if (socket.tag.accumulator.length < 3) return;
|
||||
//if (!socket.tag.clientCert.subject) { console.log("MPS Connection, no client cert: " + socket.remoteAddress); socket.write('HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nMeshCentral2 MPS server.\r\nNo client certificate given.'); socket.end(); return; }
|
||||
if (socket.tag.accumulator.substring(0, 3) == 'GET') { console.log("MPS Connection, HTTP GET detected: " + socket.remoteAddress); socket.write('HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nMeshCentral2 MPS server.\r\nIntel(R) AMT computers should connect here.'); socket.end(); return; }
|
||||
if (socket.tag.accumulator.substring(0, 3) == 'GET') { console.log("MPS Connection, HTTP GET detected: " + socket.remoteAddress); socket.write('HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!DOCTYPE html><html><head><meta charset="UTF-8"></head><body>MeshCentral2 MPS server.<br />Intel® AMT computers should connect here.</body></html>'); socket.end(); return; }
|
||||
socket.tag.first = false;
|
||||
|
||||
// Setup this node with certificate authentication
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.0.8-c",
|
||||
"version": "0.0.8-d",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
@ -132,7 +132,7 @@ For the configuration above, the root domain and two other domains will be acces
|
||||
|
||||
When you setup many domains, the server considers each domain seperatly. Each domain has seperate user accounts, administrators, etc. Within each domain, you can put a "title" and "title2" as strings that will show up at the top of the web site. "userQuota" indicates the default maximum amount of data a user can have in it's "My Files" folder. "meshQuota" is the maximum total size of files in each mesh folder. "newAccounts" indicates if new accounts can be created from the login page, 0 if not allowed, 1 if allowed. Note that if a web site has no accounts, the new account option will be available until an account is created and the first account will be the site administrator.
|
||||
|
||||
MeshCentral also supports server peering, add the "peers" section with a list of all peers. If you want to do server peering, make sure all servers are configured to use the same database. Also, the "serverId" value is optional. If it's not specified, the computers hostname is used instead.
|
||||
MeshCentral also supports server peering, add the "peers" section with a list of all peers. If you want to do server peering, make sure all servers are configured to use the same database. Also, the "serverId" value is optional. If it's not specified, the computer hostname is used instead.
|
||||
|
||||
Other Notes
|
||||
-----------
|
||||
|
@ -1380,8 +1380,12 @@
|
||||
var mesh = meshes[meshid];
|
||||
var meshidx = meshid.substring(5);
|
||||
if (meshidx[0] == '/') meshidx = meshidx.substring(1);
|
||||
|
||||
var y = '<select id=dlgAddCiraSel onclick=dlgAddCiraSelClick() style=width:230px><option value=0>MeshCommander Script</option><option value=1>Manual Username/Password</option>';
|
||||
if ((features & 16) == 0) { y += '<option value=2>Manual Certificate</option></select>'; } // Only display this option if Intel AMT CIRA with Mutual-Auth is allowed.
|
||||
|
||||
var x = '';
|
||||
x += addHtmlValue('Setup Method', '<select id=dlgAddCiraSel onclick=dlgAddCiraSelClick() style=width:230px><option value=0>MeshCommander Script</option><option value=1>Manual Username/Password</option><option value=2>Manual Certificate</option></select>');
|
||||
x += addHtmlValue('Setup Method', y);
|
||||
x += '<hr>';
|
||||
|
||||
// Setup CIRA using a MeshCommander script (Pretty Simple)
|
||||
@ -1399,12 +1403,14 @@
|
||||
if (serverinfo != null) { x += addHtmlValue('MPS Server', '<input style=width:230px readonly value="' + EscapeHtml(serverinfo.name) + ':' + serverinfo.mpsport + '" />'); }
|
||||
x += "</div>";
|
||||
|
||||
// Setup CIRA with certificate authentication (Really difficult)
|
||||
x += "<div id=dlgAddCira2 style=display:none>To add a new Intel® AMT device to mesh " + EscapeHtml(mesh.name) + " with CIRA, load the following certificate as trusted root within Intel AMT, authenticate using a client certificate with the following common name and connect to the following server.<br /><br />";
|
||||
x += addHtmlValue('Root Certificate', '<a href="MeshServerRootCert.cer" target="_blank">Root Certificate File</a>');
|
||||
x += addHtmlValue('Organization', '<input style=width:230px readonly value="' + meshidx + '" />');
|
||||
if (serverinfo != null) { x += addHtmlValue('MPS Server', '<input style=width:230px readonly value="' + EscapeHtml(serverinfo.name) + ':' + serverinfo.mpsport + '" />'); }
|
||||
x += "</div>";
|
||||
// Setup CIRA with certificate authentication (Really difficult, only is allowed)
|
||||
if ((features & 16) == 0) {
|
||||
x += "<div id=dlgAddCira2 style=display:none>To add a new Intel® AMT device to mesh " + EscapeHtml(mesh.name) + " with CIRA, load the following certificate as trusted root within Intel AMT, authenticate using a client certificate with the following common name and connect to the following server.<br /><br />";
|
||||
x += addHtmlValue('Root Certificate', '<a href="MeshServerRootCert.cer" target="_blank">Root Certificate File</a>');
|
||||
x += addHtmlValue('Organization', '<input style=width:230px readonly value="' + meshidx + '" />');
|
||||
if (serverinfo != null) { x += addHtmlValue('MPS Server', '<input style=width:230px readonly value="' + EscapeHtml(serverinfo.name) + ':' + serverinfo.mpsport + '" />'); }
|
||||
x += "</div>";
|
||||
}
|
||||
|
||||
setDialogMode(2, "Add Intel® AMT CIRA device", 1, null, x);
|
||||
}
|
||||
|
@ -91,7 +91,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
||||
function EscapeHtml(x) { if (typeof x == "string") return x.replace(/&/g, '&').replace(/>/g, '>').replace(/</g, '<').replace(/"/g, '"').replace(/'/g, '''); if (typeof x == "boolean") return x; if (typeof x == "number") return x; }
|
||||
function EscapeHtmlBreaks(x) { if (typeof x == "string") return x.replace(/&/g, '&').replace(/>/g, '>').replace(/</g, '<').replace(/"/g, '"').replace(/'/g, ''').replace(/\r/g, '<br />').replace(/\n/g, '').replace(/\t/g, ' '); if (typeof x == "boolean") return x; if (typeof x == "number") return x; }
|
||||
|
||||
if (obj.args.notls) {
|
||||
if (obj.args.notls || obj.args.tlsoffload) {
|
||||
// Setup the HTTP server without TLS
|
||||
obj.expressWs = require('express-ws')(obj.app);
|
||||
} else {
|
||||
@ -383,6 +383,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
||||
if (obj.args.lanonly == true) { features += 2; } // LAN-only mode
|
||||
if (obj.args.nousers == true) { features += 4; } // Single user mode
|
||||
if (domain.userQuota == -1) { features += 8; } // No server files mode
|
||||
if (obj.args.tlsoffload == true) { features += 16; } // No mutual-auth CIRA
|
||||
if ((!obj.args.user) && (!obj.args.nousers)) { logoutcontrol += ' <a href=' + domain.url + 'logout?' + Math.random() + ' style=color:white>Logout</a>'; } // If a default user is in use or no user mode, don't display the logout button
|
||||
res.render(obj.path.join(__dirname, 'views/default'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.certificates.CommonName, serverPublicPort: args.port, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, mpspass: args.mpspass });
|
||||
} else {
|
||||
|
Loading…
Reference in New Issue
Block a user