mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-11 15:03:20 -05:00
legacy swarm server connection forwarding and server fixes.
This commit is contained in:
parent
3f31c8b71a
commit
aa35384810
21
meshuser.js
21
meshuser.js
@ -470,7 +470,26 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
|
||||
switch (cmd) {
|
||||
case 'help': {
|
||||
r = 'Available commands: help, args, resetserver, showconfig, usersessions, tasklimiter, setmaxtasks, cores, migrationagents, swarmstats.';
|
||||
r = 'Available commands: help, info, versions, args, resetserver, showconfig, usersessions, tasklimiter, setmaxtasks, cores, migrationagents, swarmstats, nodeconfig.';
|
||||
break;
|
||||
}
|
||||
case 'info': {
|
||||
var info = process.memoryUsage();
|
||||
try { info.platform = process.platform; } catch (ex) { }
|
||||
try { info.arch = process.arch; } catch (ex) { }
|
||||
try { info.pid = process.pid; } catch (ex) { }
|
||||
try { info.uptime = process.uptime(); } catch (ex) { }
|
||||
try { info.version = process.version; } catch (ex) { }
|
||||
try { info.cpuUsage = process.cpuUsage(); } catch (ex) { }
|
||||
r = JSON.stringify(info, null, 4);
|
||||
break;
|
||||
}
|
||||
case 'nodeconfig': {
|
||||
r = JSON.stringify(process.config, null, 4);
|
||||
break;
|
||||
}
|
||||
case 'versions': {
|
||||
r = JSON.stringify(process.versions, null, 4);
|
||||
break;
|
||||
}
|
||||
case 'args': {
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.2.9-p",
|
||||
"version": "0.2.9-q",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
@ -146,54 +146,51 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) {
|
||||
}
|
||||
}
|
||||
|
||||
// Called when a legacy agent connects to this server
|
||||
function onConnection(socket) {
|
||||
// Check for blocked IP address
|
||||
if (checkSwarmIpAddress(socket, obj.args.swarmallowedip) == false) { obj.stats.blockedConnect++; Debug(1, "SWARM:New blocked agent connection"); return; }
|
||||
obj.stats.connectCount++;
|
||||
|
||||
socket.tag = { first: true, clientCert: socket.getPeerCertificate(true), accumulator: "", socket: socket };
|
||||
socket.setEncoding('binary');
|
||||
socket.pingTimer = setInterval(function () { obj.SendCommand(socket, LegacyMeshProtocol.PING); }, 20000);
|
||||
Debug(1, 'SWARM:New legacy agent connection');
|
||||
|
||||
if ((socket.tag.clientCert == null) || (socket.tag.clientCert.subject == null)) { obj.stats.noCertConnectCount++; } else { obj.stats.clientCertConnectCount++; }
|
||||
|
||||
socket.addListener("data", function (data) {
|
||||
function onData(data) {
|
||||
if (this.relaySocket) { var ps = this; try { this.relaySocket.write(data, 'binary', function () { ps.resume(); }); } catch (ex) { } return; }
|
||||
if (args.swarmdebug) { var buf = Buffer.from(data, "binary"); console.log('SWARM <-- (' + buf.length + '):' + buf.toString('hex')); } // Print out received bytes
|
||||
obj.stats.bytesIn += data.length;
|
||||
socket.tag.accumulator += data;
|
||||
this.tag.accumulator += data;
|
||||
|
||||
// Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port.
|
||||
if (socket.tag.first == true) {
|
||||
if (socket.tag.accumulator.length < 3) return;
|
||||
if (socket.tag.accumulator.substring(0, 3) == 'GET') {
|
||||
if (this.tag.first == true) {
|
||||
if (this.tag.accumulator.length < 3) return;
|
||||
if ((this.tag.accumulator.substring(0, 3) == 'GET') || (this.tag.accumulator.substring(0, 3) == 'POS')) {
|
||||
obj.stats.httpGetRequest++;
|
||||
/*console.log("Swarm Connection, HTTP GET detected: " + socket.remoteAddress);*/
|
||||
socket.write('HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!DOCTYPE html><html><head><meta charset="UTF-8"></head><body>MeshCentral2 legacy swarm server.<br />MeshCentral1 mesh agents should connect here for updates.</body></html>');
|
||||
socket.end();
|
||||
//socket.write('HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!DOCTYPE html><html><head><meta charset="UTF-8"></head><body>MeshCentral2 legacy swarm server.<br />MeshCentral1 mesh agents should connect here for updates.</body></html>');
|
||||
//socket.end();
|
||||
|
||||
// Relay this connection to the main TLS port
|
||||
this.pause();
|
||||
var relaySocket = tls.connect(obj.args.port, { rejectUnauthorized: false }, function () { this.write(this.parentSocket.tag.accumulator); this.parentSocket.resume(); });
|
||||
relaySocket.on('data', function (data) { try { var rs = this; this.pause(); this.parentSocket.write(data, 'binary', function () { rs.resume(); }); } catch (ex) { } });
|
||||
relaySocket.on('error', function (err) { try { this.parentSocket.end(); } catch (ex) { } });
|
||||
relaySocket.on('end', function () { try { this.parentSocket.end(); } catch (ex) { } });
|
||||
this.relaySocket = relaySocket;
|
||||
relaySocket.parentSocket = this;
|
||||
return;
|
||||
}
|
||||
socket.tag.first = false;
|
||||
this.tag.first = false;
|
||||
}
|
||||
|
||||
// A client certificate is required
|
||||
if ((socket.tag.clientCert == null) || (socket.tag.clientCert.subject == null)) {
|
||||
if ((this.tag.clientCert == null) || (this.tag.clientCert.subject == null)) {
|
||||
/*console.log("Swarm Connection, no client cert: " + socket.remoteAddress);*/
|
||||
socket.write('HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nMeshCentral2 legacy swarm server.\r\nNo client certificate given.');
|
||||
socket.end();
|
||||
this.write('HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nMeshCentral2 legacy swarm server.\r\nNo client certificate given.');
|
||||
this.end();
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
// Parse all of the agent binary command data we can
|
||||
var l = 0;
|
||||
do { l = ProcessCommand(socket); if (l > 0) { socket.tag.accumulator = socket.tag.accumulator.substring(l); } } while (l > 0);
|
||||
if (l < 0) { socket.end(); }
|
||||
do { l = ProcessCommand(this); if (l > 0) { this.tag.accumulator = this.tag.accumulator.substring(l); } } while (l > 0);
|
||||
if (l < 0) { this.end(); }
|
||||
} catch (e) {
|
||||
console.log(e);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// Process one AFP command
|
||||
function ProcessCommand(socket) {
|
||||
@ -209,6 +206,7 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) {
|
||||
Debug(3, 'Swarm:NODEPUSH');
|
||||
var nodeblock = obj.decodeNodeBlock(data);
|
||||
if ((nodeblock != null) && (nodeblock.agenttype != null) && (nodeblock.agentversion != null)) {
|
||||
if (socket.pingTimer == null) { socket.pingTimer = setInterval(function () { obj.SendCommand(socket, LegacyMeshProtocol.PING); }, 20000); }
|
||||
Debug(3, 'Swarm:NODEPUSH:' + JSON.stringify(nodeblock));
|
||||
|
||||
// Check if this agent is asking of updates over and over again.
|
||||
@ -304,13 +302,27 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) {
|
||||
return len;
|
||||
}
|
||||
|
||||
// Called when a legacy agent connects to this server
|
||||
function onConnection(socket) {
|
||||
// Check for blocked IP address
|
||||
if (checkSwarmIpAddress(socket, obj.args.swarmallowedip) == false) { obj.stats.blockedConnect++; Debug(1, "SWARM:New blocked agent connection"); return; }
|
||||
obj.stats.connectCount++;
|
||||
|
||||
socket.tag = { first: true, clientCert: socket.getPeerCertificate(true), accumulator: "", socket: socket };
|
||||
//socket.pingTimer = setInterval(function () { obj.SendCommand(socket, LegacyMeshProtocol.PING); }, 20000);
|
||||
Debug(1, 'SWARM:New legacy agent connection');
|
||||
|
||||
if ((socket.tag.clientCert == null) || (socket.tag.clientCert.subject == null)) { obj.stats.noCertConnectCount++; } else { obj.stats.clientCertConnectCount++; }
|
||||
|
||||
socket.addListener("data", onData);
|
||||
socket.addListener("close", function () {
|
||||
obj.stats.onclose++;
|
||||
Debug(1, 'Swarm:Connection closed');
|
||||
if (socket.pingTimer != null) { clearInterval(socket.pingTimer); delete socket.pingTimer; }
|
||||
if (socket.tag && (typeof socket.tag.taskid == 'number')) {
|
||||
obj.parent.taskLimiter.completed(socket.tag.taskid); // Indicate this task complete
|
||||
delete socket.tag.taskid;
|
||||
if (this.relaySocket) { try { this.relaySocket.end(); delete this.relaySocket; } catch (ex) { } }
|
||||
if (this.pingTimer != null) { clearInterval(this.pingTimer); delete this.pingTimer; }
|
||||
if (this.tag && (typeof this.tag.taskid == 'number')) {
|
||||
obj.parent.taskLimiter.completed(this.tag.taskid); // Indicate this task complete
|
||||
delete this.tag.taskid;
|
||||
}
|
||||
});
|
||||
|
||||
|
File diff suppressed because one or more lines are too long
@ -3494,7 +3494,7 @@
|
||||
else if ((node.intelamt.ver == null) || (node.intelamt.state == null)) { str += '<i>Unknown Version & State</i>'; }
|
||||
else {
|
||||
str += provisioningStates[node.intelamt.state];
|
||||
if (node.intelamt.flags) { if (node.intelamt.flags & 2) { str += ' <span title="Intel AMT is activated in Client Control Mode">CCM</span>'; } else if (node.intelamt.flags & 4) { str += ' <span title="Intel AMT is activated in Admin Control Mode">ACM</span>'; } }
|
||||
if ((node.intelamt.state == 2) && node.intelamt.flags) { if (node.intelamt.flags & 2) { str += ' <span title="Intel AMT is activated in Client Control Mode">CCM</span>'; } else if (node.intelamt.flags & 4) { str += ' <span title="Intel AMT is activated in Admin Control Mode">ACM</span>'; } }
|
||||
str += (', v' + node.intelamt.ver);
|
||||
}
|
||||
|
||||
|
@ -313,7 +313,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
// Destroy the user's session to log them out will be re-created next request
|
||||
if (req.session.userid) {
|
||||
var user = obj.users[req.session.userid];
|
||||
obj.parent.DispatchEvent(['*'], obj, { etype: 'user', username: user.name, action: 'logout', msg: 'Account logout', domain: domain.id });
|
||||
if (user != null) { obj.parent.DispatchEvent(['*'], obj, { etype: 'user', username: user.name, action: 'logout', msg: 'Account logout', domain: domain.id }); }
|
||||
}
|
||||
req.session = null;
|
||||
res.redirect(domain.url);
|
||||
|
Loading…
Reference in New Issue
Block a user