mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-11 23:13:21 -05:00
Server peering fixes.
This commit is contained in:
parent
7386a3f8c2
commit
a3d712d207
8
db.js
8
db.js
@ -448,7 +448,7 @@ module.exports.CreateDB = function (parent, func) {
|
|||||||
} else {
|
} else {
|
||||||
obj.fileChangeStream = obj.file.watch([{ $match: { $or: [{ 'fullDocument.type': { $in: ['node', 'mesh', 'user', 'ugrp'] } }, { 'operationType': 'delete' }] } }], { fullDocument: 'updateLookup' });
|
obj.fileChangeStream = obj.file.watch([{ $match: { $or: [{ 'fullDocument.type': { $in: ['node', 'mesh', 'user', 'ugrp'] } }, { 'operationType': 'delete' }] } }], { fullDocument: 'updateLookup' });
|
||||||
obj.fileChangeStream.on('change', function (change) {
|
obj.fileChangeStream.on('change', function (change) {
|
||||||
if (change.operationType == 'update') {
|
if ((change.operationType == 'update') || (change.operationType == 'replace')) {
|
||||||
switch (change.fullDocument.type) {
|
switch (change.fullDocument.type) {
|
||||||
case 'node': { dbNodeChange(change, false); break; } // A node has changed
|
case 'node': { dbNodeChange(change, false); break; } // A node has changed
|
||||||
case 'mesh': { dbMeshChange(change, false); break; } // A device group has changed
|
case 'mesh': { dbMeshChange(change, false); break; } // A device group has changed
|
||||||
@ -1579,7 +1579,7 @@ module.exports.CreateDB = function (parent, func) {
|
|||||||
// Called when a node has changed
|
// Called when a node has changed
|
||||||
function dbNodeChange(nodeChange, added) {
|
function dbNodeChange(nodeChange, added) {
|
||||||
common.unEscapeLinksFieldName(nodeChange.fullDocument);
|
common.unEscapeLinksFieldName(nodeChange.fullDocument);
|
||||||
const node = nodeChange.fullDocument;
|
const node = performTypedRecordDecrypt([nodeChange.fullDocument])[0];
|
||||||
if (node.intelamt != null) { // Remove the Intel AMT password and MPS password before eventing this.
|
if (node.intelamt != null) { // Remove the Intel AMT password and MPS password before eventing this.
|
||||||
if (node.intelamt.pass != null) { node.intelamt.pass = 1; }
|
if (node.intelamt.pass != null) { node.intelamt.pass = 1; }
|
||||||
if (node.intelamt.mpspass != null) { node.intelamt.mpspass = 1; }
|
if (node.intelamt.mpspass != null) { node.intelamt.mpspass = 1; }
|
||||||
@ -1591,7 +1591,7 @@ module.exports.CreateDB = function (parent, func) {
|
|||||||
function dbMeshChange(meshChange, added) {
|
function dbMeshChange(meshChange, added) {
|
||||||
if (parent.webserver == null) return;
|
if (parent.webserver == null) return;
|
||||||
common.unEscapeLinksFieldName(meshChange.fullDocument);
|
common.unEscapeLinksFieldName(meshChange.fullDocument);
|
||||||
const mesh = meshChange.fullDocument;
|
const mesh = performTypedRecordDecrypt([meshChange.fullDocument])[0];
|
||||||
|
|
||||||
// Update the mesh object in memory
|
// Update the mesh object in memory
|
||||||
const mmesh = parent.webserver.meshes[mesh._id];
|
const mmesh = parent.webserver.meshes[mesh._id];
|
||||||
@ -1613,7 +1613,7 @@ module.exports.CreateDB = function (parent, func) {
|
|||||||
// Called when a user account has changed
|
// Called when a user account has changed
|
||||||
function dbUserChange(userChange, added) {
|
function dbUserChange(userChange, added) {
|
||||||
if (parent.webserver == null) return;
|
if (parent.webserver == null) return;
|
||||||
const user = userChange.fullDocument;
|
const user = performTypedRecordDecrypt([userChange.fullDocument])[0];
|
||||||
|
|
||||||
// Update the user object in memory
|
// Update the user object in memory
|
||||||
const muser = parent.webserver.users[user._id];
|
const muser = parent.webserver.users[user._id];
|
||||||
|
@ -624,12 +624,14 @@ module.exports.CreateMultiServer = function (parent, args) {
|
|||||||
peerTunnel.ws2.on('open', function () {
|
peerTunnel.ws2.on('open', function () {
|
||||||
peerTunnel.parent.parent.debug('peer', 'FTunnel ' + peerTunnel.serverid + ': Connected');
|
peerTunnel.parent.parent.debug('peer', 'FTunnel ' + peerTunnel.serverid + ': Connected');
|
||||||
|
|
||||||
// Get the peer server's certificate and compute the server public key hash
|
if (peerTunnel.ws2._socket.getPeerCertificate != null) {
|
||||||
var serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(peerTunnel.ws2._socket.getPeerCertificate().raw.toString('binary')));
|
// Get the peer server's certificate and compute the server public key hash
|
||||||
var serverCertHashHex = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
|
var serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(peerTunnel.ws2._socket.getPeerCertificate().raw.toString('binary')));
|
||||||
|
var serverCertHashHex = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
|
||||||
|
|
||||||
// Check if the peer certificate is the expected one for this serverid
|
// Check if the peer certificate is the expected one for this serverid
|
||||||
if ((obj.peerServers[serverid] == null) || (obj.peerServers[serverid].serverCertHash != serverCertHashHex)) { console.log('ERROR: Outer certificate hash mismatch (1). (' + peerTunnel.url + ', ' + peerTunnel.serverid + ').'); peerTunnel.close(); return; }
|
if ((obj.peerServers[serverid] == null) || (obj.peerServers[serverid].serverCertHash != serverCertHashHex)) { console.log('ERROR: Outer certificate hash mismatch (1). (' + peerTunnel.url + ', ' + peerTunnel.serverid + ').'); peerTunnel.close(); return; }
|
||||||
|
}
|
||||||
|
|
||||||
// Connection accepted, resume the web socket to start the data flow
|
// Connection accepted, resume the web socket to start the data flow
|
||||||
peerTunnel.ws1._socket.resume();
|
peerTunnel.ws1._socket.resume();
|
||||||
|
Loading…
Reference in New Issue
Block a user