From c53d51175a904dde26882d37c6af1a98acb4942a Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Tue, 9 Jan 2018 20:13:41 -0800 Subject: [PATCH] Faster RSA signatures. --- MeshCentralServer.njsproj | 2 + agents/meshcore.js | 58 ++++++++++++++++- agents/modules_meshcmd/amt-scanner.js | 89 +++++++++++++++++++++++++ agents/modules_meshcore/amt-scanner.js | 90 ++++++++++++++++++++++++++ certoperations.js | 47 ++++++++++++++ meshaccelerator.js | 28 ++++++++ meshagent.js | 31 ++++----- meshcentral.js | 9 ++- multiserver.js | 8 +-- package.json | 2 +- public/scripts/agent-desktop-0.0.2.js | 5 +- public/scripts/agent-redir-ws-0.1.0.js | 23 +++++-- public/scripts/amt-redir-ws-0.1.0.js | 18 ++++-- views/default.handlebars | 25 ++++--- views/login.handlebars | 4 +- webserver.js | 40 ++++++++---- 16 files changed, 419 insertions(+), 60 deletions(-) create mode 100644 agents/modules_meshcmd/amt-scanner.js create mode 100644 agents/modules_meshcore/amt-scanner.js create mode 100644 meshaccelerator.js diff --git a/MeshCentralServer.njsproj b/MeshCentralServer.njsproj index b9ffaa85..50b7b4e6 100644 --- a/MeshCentralServer.njsproj +++ b/MeshCentralServer.njsproj @@ -190,6 +190,7 @@ + @@ -198,6 +199,7 @@ + diff --git a/agents/meshcore.js b/agents/meshcore.js index e533ecbb..92113ee2 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -36,7 +36,24 @@ function createMeshCore(agent) { var wifiScannerLib = null; var wifiScanner = null; var networkMonitor = null; - + var amtscanner = null; + + /* + var AMTScanner = require("AMTScanner"); + var scan = new AMTScanner(); + + scan.on("found", function (data) { + if (typeof data === 'string') { + console.log(data); + } else { + console.log(JSON.stringify(data, null, " ")); + } + }); + scan.scan("10.2.55.140", 1000); + scan.scan("10.2.55.139-10.2.55.145", 1000); + scan.scan("10.2.55.128/25", 2000); + */ + // Try to load up the network monitor try { networkMonitor = require('NetworkMonitor'); @@ -44,6 +61,13 @@ function createMeshCore(agent) { networkMonitor.on('add', function (addr) { sendNetworkUpdateNagle(); }); networkMonitor.on('remove', function (addr) { sendNetworkUpdateNagle(); }); } catch (e) { networkMonitor = null; } + + // Try to load up the Intel AMT scanner + try { + var AMTScannerModule = require('amt-scanner'); + amtscanner = new AMTScannerModule(); + //amtscanner.on('found', function (data) { if (typeof data != 'string') { data = JSON.stringify(data, null, " "); } sendConsoleText(data); }); + } catch (e) { amtscanner = null; } // Try to load up the MEI module try { @@ -693,7 +717,7 @@ function createMeshCore(agent) { var response = null; switch (cmd) { case 'help': { // Displays available commands - response = 'Available commands: help, info, args, print, type, dbget, dbset, dbcompact, parseuri, httpget, wslist, wsconnect, wssend, wsclose, notify, ls, amt, netinfo, location, power, wakeonlan, scanwifi.'; + response = 'Available commands: help, info, args, print, type, dbget, dbset, dbcompact, parseuri, httpget, wslist,\r\nwsconnect, wssend, wsclose, notify, ls, amt, netinfo, location, power, wakeonlan, scanwifi, scanamt.'; break; } case 'notify': { // Send a notification message to the mesh @@ -947,6 +971,36 @@ function createMeshCore(agent) { } else { response = "Wifi module not present."; } break; } + case 'scanamt': { + if (amtscanner != null) { + if (args['_'].length != 1) { + response = 'Usage examples:\r\n scanamt 1.2.3.4\r\n scanamt 1.2.3.0-1.2.3.255\r\n scanamt 1.2.3.0/24\r\n'; // Display correct command usage + } else { + response = 'Scanning: ' + args['_'][0] + '...'; + amtscanner.scan(args['_'][0], 2000, function (data) { + if (data.length > 0) { + var r = '', pstates = ['NotActivated', 'InActivation', 'Activated']; + for (var i in data) { + var x = data[i]; + if (r != '') { r += '\r\n'; } + r += x.address + ' - Intel AMT v' + x.majorVersion + '.' + x.minorVersion; + if (x.provisioningState < 3) { r += (', ' + pstates[x.provisioningState]); } + if (x.provisioningState == 2) { r += (', ' + x.openPorts.join(', ')); } + r += '.'; + } + } else { + r = 'No Intel AMT found.'; + } + sendConsoleText(r); + }); + } + } else { response = "Intel AMT scanner module not present."; } + break; + } + case 'modules': { + response = JSON.stringify(addedModules); + break; + } default: { // This is an unknown command, return an error message response = 'Unknown command \"' + cmd + '\", type \"help\" for list of avaialble commands.'; break; diff --git a/agents/modules_meshcmd/amt-scanner.js b/agents/modules_meshcmd/amt-scanner.js new file mode 100644 index 00000000..91d7dae4 --- /dev/null +++ b/agents/modules_meshcmd/amt-scanner.js @@ -0,0 +1,89 @@ +/** +* @description Meshcentral Intel AMT Local Scanner +* @author Ylian Saint-Hilaire & Joko Sastriawan +* @version v0.0.1 +*/ + +// Construct a Intel AMT Scanner object + +function AMTScanner() { + var emitterUtils = require('events').inherits(this); + emitterUtils.createEvent('found'); + + this.dgram = require('dgram'); + + this.buildRmcpPing = function (tag) { + var packet = Buffer.from('06000006000011BE80000000', 'hex'); + packet[9] = tag; + return packet; + }; + + this.parseRmcpPacket = function (server, data, rinfo, func) { + if (data == null || data.length < 20) return; + var res = {}; + if (((data[12] == 0) || (data[13] != 0) || (data[14] != 1) || (data[15] != 0x57)) && (data[21] & 32)) { + res.servertag = data[9]; + res.minorVersion = data[18] & 0x0F; + res.majorVersion = (data[18] >> 4) & 0x0F; + res.provisioningState = data[19] & 0x03; // Pre = 0, In = 1, Post = 2 + + var openPort = (data[16] * 256) + data[17]; + var dualPorts = ((data[19] & 0x04) != 0) ? true : false; + res.openPorts = [openPort]; + res.address = rinfo.address; + if (dualPorts == true) { res.openPorts = [16992, 16993]; } + if (func !== undefined) { + func(server, res); + } + } + } + + this.parseIPv4Range = function (range) { + if (range == undefined || range == null) return null; + var x = range.split('-'); + if (x.length == 2) { return { min: this.parseIpv4Addr(x[0]), max: this.parseIpv4Addr(x[1]) }; } + x = range.split('/'); + if (x.length == 2) { + var ip = this.parseIpv4Addr(x[0]), masknum = parseInt(x[1]), mask = 0; + if (masknum <= 16 || masknum > 32) return null; + masknum = 32 - masknum; + for (var i = 0; i < masknum; i++) { mask = (mask << 1); mask++; } + return { min: ip & (0xFFFFFFFF - mask), max: (ip & (0xFFFFFFFF - mask)) + mask }; + } + x = this.parseIpv4Addr(range); + if (x == null) return null; + return { min: x, max: x }; + }; + + // Parse IP address. Takes a + this.parseIpv4Addr = function (addr) { + var x = addr.split('.'); + if (x.length == 4) { return (parseInt(x[0]) << 24) + (parseInt(x[1]) << 16) + (parseInt(x[2]) << 8) + (parseInt(x[3]) << 0); } + return null; + } + + // IP address number to string + this.IPv4NumToStr = function (num) { + return ((num >> 24) & 0xFF) + '.' + ((num >> 16) & 0xFF) + '.' + ((num >> 8) & 0xFF) + '.' + (num & 0xFF); + } + + this.scan = function (rangestr, timeout) { + var iprange = this.parseIPv4Range(rangestr); + var rmcp = this.buildRmcpPing(0); + var server = this.dgram.createSocket({ type: 'udp4' }); + server.parent = this; + server.scanResults = []; + server.on('error', function (err) { console.log('Error:' + err); }); + server.on('message', function (msg, rinfo) { if (rinfo.size > 4) { this.parent.parseRmcpPacket(this, msg, rinfo, function (s, res) { s.scanResults.push(res); }) }; }); + server.on('listening', function () { for (var i = iprange.min; i <= iprange.max; i++) { server.send(rmcp, 623, server.parent.IPv4NumToStr(i)); } }); + server.bind({ address: '0.0.0.0', port: 0, exclusive: true }); + var tmout = setTimeout(function cb() { + //console.log("Server closed"); + //server.close(); + server.parent.emit('found', server.scanResults); + delete server; + }, timeout); + }; +} + +module.exports = AMTScanner; diff --git a/agents/modules_meshcore/amt-scanner.js b/agents/modules_meshcore/amt-scanner.js new file mode 100644 index 00000000..f8c34278 --- /dev/null +++ b/agents/modules_meshcore/amt-scanner.js @@ -0,0 +1,90 @@ +/** +* @description Meshcentral Intel AMT Local Scanner +* @author Ylian Saint-Hilaire & Joko Sastriawan +* @version v0.0.1 +*/ + +// Construct a Intel AMT Scanner object + +function AMTScanner() { + var emitterUtils = require('events').inherits(this); + emitterUtils.createEvent('found'); + + this.dgram = require('dgram'); + + this.buildRmcpPing = function (tag) { + var packet = Buffer.from('06000006000011BE80000000', 'hex'); + packet[9] = tag; + return packet; + }; + + this.parseRmcpPacket = function (server, data, rinfo, func) { + if (data == null || data.length < 20) return; + var res = {}; + if (((data[12] == 0) || (data[13] != 0) || (data[14] != 1) || (data[15] != 0x57)) && (data[21] & 32)) { + res.servertag = data[9]; + res.minorVersion = data[18] & 0x0F; + res.majorVersion = (data[18] >> 4) & 0x0F; + res.provisioningState = data[19] & 0x03; // Pre = 0, In = 1, Post = 2 + + var openPort = (data[16] * 256) + data[17]; + var dualPorts = ((data[19] & 0x04) != 0) ? true : false; + res.openPorts = [openPort]; + res.address = rinfo.address; + if (dualPorts == true) { res.openPorts = [16992, 16993]; } + if (func !== undefined) { + func(server, res); + } + } + } + + this.parseIPv4Range = function (range) { + if (range == undefined || range == null) return null; + var x = range.split('-'); + if (x.length == 2) { return { min: this.parseIpv4Addr(x[0]), max: this.parseIpv4Addr(x[1]) }; } + x = range.split('/'); + if (x.length == 2) { + var ip = this.parseIpv4Addr(x[0]), masknum = parseInt(x[1]), mask = 0; + if (masknum <= 16 || masknum > 32) return null; + masknum = 32 - masknum; + for (var i = 0; i < masknum; i++) { mask = (mask << 1); mask++; } + return { min: ip & (0xFFFFFFFF - mask), max: (ip & (0xFFFFFFFF - mask)) + mask }; + } + x = this.parseIpv4Addr(range); + if (x == null) return null; + return { min: x, max: x }; + }; + + // Parse IP address. Takes a + this.parseIpv4Addr = function (addr) { + var x = addr.split('.'); + if (x.length == 4) { return (parseInt(x[0]) << 24) + (parseInt(x[1]) << 16) + (parseInt(x[2]) << 8) + (parseInt(x[3]) << 0); } + return null; + } + + // IP address number to string + this.IPv4NumToStr = function (num) { + return ((num >> 24) & 0xFF) + '.' + ((num >> 16) & 0xFF) + '.' + ((num >> 8) & 0xFF) + '.' + (num & 0xFF); + } + + this.scan = function (rangestr, timeout, func) { + var iprange = this.parseIPv4Range(rangestr); + var rmcp = this.buildRmcpPing(0); + var server = this.dgram.createSocket({ type: 'udp4' }); + server.parent = this; + server.scanResults = []; + server.on('error', function (err) { console.log('Error:' + err); }); + server.on('message', function (msg, rinfo) { if (rinfo.size > 4) { this.parent.parseRmcpPacket(this, msg, rinfo, function (s, res) { s.scanResults.push(res); }) }; }); + server.on('listening', function () { for (var i = iprange.min; i <= iprange.max; i++) { server.send(rmcp, 623, server.parent.IPv4NumToStr(i)); } }); + server.bind({ address: '0.0.0.0', port: 0, exclusive: true }); + var tmout = setTimeout(function cb() { + //console.log("Server closed"); + //server.close(); + server.parent.emit('found', server.scanResults); + if (func != null) { func(server.scanResults); } + delete server; + }, timeout); + }; +} + +module.exports = AMTScanner; diff --git a/certoperations.js b/certoperations.js index 522c1f2f..d0625ff3 100644 --- a/certoperations.js +++ b/certoperations.js @@ -412,5 +412,52 @@ module.exports.CertificateOperations = function () { return r; } + // Start accelerators + const fork = require('child_process').fork; + const program = require('path').resolve('meshaccelerator.js'); + const acceleratorCreateCount = require('os').cpus().length; + var freeAccelerators = []; + + // Create a new accelerator module + obj.getAccelerator = function() { + if (freeAccelerators.length > 0) { return freeAccelerators.pop(); } + if (acceleratorCreateCount > 0) { + var accelerator = fork(program, [], { stdio: ['pipe', 'pipe', 'pipe', 'ipc'] }); + accelerator.on('message', function (message) { this.func(message); freeAccelerators.push(this); }); + if (obj.acceleratorCertStore != null) { accelerator.send({ action: 'setState', certs: obj.acceleratorCertStore }); } + return accelerator; + } + return null; + } + + // Set the state of the accelerators. This way, we don't have to send certificate & keys to them each time. + obj.acceleratorCertStore = null; + obj.acceleratorPerformSetState = function (certificates) { + obj.acceleratorCertStore = [{ cert: certificates.agent.cert, key: certificates.agent.key }]; + if (certificates.swarmserver != null) { obj.acceleratorCertStore.push({ cert: certificates.swarmserver.cert, key: certificates.swarmserver.key }); } + } + + // Perform any RSA signature, just pass in the private key and data. + obj.acceleratorPerformSignature = function (privatekey, data, func) { + var acc = obj.getAccelerator(); + if (acc == null) { + // No accelerators available + if (typeof privatekey == 'number') { privatekey = obj.acceleratorCertStore[privatekey].key; } + const sign = crypto.createSign('SHA384'); + sign.end(new Buffer(data, 'binary')); + func(sign.sign(privatekey).toString('binary')); + } else { + // Use the accelerator + acc.func = func; + acc.send({ action: 'sign', key: privatekey, data: data }); + } + } + + // Perform a RSA signature. This is time consuming + obj.acceleratorPerformVerify = function (publickey, data, msg, func) { + console.log('Performing verification...'); + func(publickey.verify(data, msg)); + } + return obj; }; diff --git a/meshaccelerator.js b/meshaccelerator.js new file mode 100644 index 00000000..19a9d41e --- /dev/null +++ b/meshaccelerator.js @@ -0,0 +1,28 @@ +/** +* @description MeshCentral accelerator +* @author Ylian Saint-Hilaire +* @copyright Intel Corporation 2018 +* @license Apache-2.0 +* @version v0.0.1 +*/ + +const crypto = require('crypto'); +var certStore = null; + +process.on('message', function (message) { + switch (message.action) { + case 'sign': { + if (typeof message.key == 'number') { message.key = certStore[message.key].key; } + try { + const sign = crypto.createSign('SHA384'); + sign.end(new Buffer(message.data, 'binary')); + process.send(sign.sign(message.key).toString('binary')); + } catch (e) { process.send(null); } + break; + } + case 'setState': { + certStore = message.certs; + break; + } + } +}); \ No newline at end of file diff --git a/meshagent.js b/meshagent.js index 1245cdf5..009bdba4 100644 --- a/meshagent.js +++ b/meshagent.js @@ -162,23 +162,20 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { if (getWebCertHash(obj.domain) != msg.substring(2, 50)) { console.log('Agent connected with bad web certificate hash, holding connection (' + obj.remoteaddr + ').'); return; } // Use our server private key to sign the ServerHash + AgentNonce + ServerNonce - var privateKey, certasn1; - if (obj.useSwarmCert == true) { - // Use older SwarmServer certificate of MC1 - certasn1 = obj.parent.swarmCertificateAsn1; - privateKey = obj.forge.pki.privateKeyFromPem(obj.parent.certificates.swarmserver.key); - } else { - // Use new MC2 certificate - certasn1 = obj.parent.agentCertificateAsn1; - privateKey = obj.forge.pki.privateKeyFromPem(obj.parent.certificates.agent.key); - } - var md = obj.forge.md.sha384.create(); - md.update(msg.substring(2), 'binary'); - md.update(obj.nonce, 'binary'); obj.agentnonce = msg.substring(50); - - // Send back our certificate + signature - obj.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(certasn1.length) + certasn1 + privateKey.sign(md)); // Command 2, certificate + signature + if (obj.useSwarmCert == true) { + // Perform the hash signature using older swarm server certificate + obj.parent.parent.certificateOperations.acceleratorPerformSignature(1, msg.substring(2) + obj.nonce, function (signature) { + // Send back our certificate + signature + obj.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(obj.parent.swarmCertificateAsn1.length) + obj.parent.swarmCertificateAsn1 + signature); // Command 2, certificate + signature + }); + } else { + // Perform the hash signature using new server agent certificate + obj.parent.parent.certificateOperations.acceleratorPerformSignature(0, msg.substring(2) + obj.nonce, function (signature) { + // Send back our certificate + signature + obj.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(obj.parent.agentCertificateAsn1.length) + obj.parent.agentCertificateAsn1 + signature); // Command 2, certificate + signature + }); + } // Check the agent signature if we can if (obj.unauthsign != null) { @@ -371,7 +368,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { md.update(getWebCertHash(obj.domain), 'binary'); md.update(obj.nonce, 'binary'); md.update(obj.agentnonce, 'binary'); - if (obj.unauth.nodeCert.publicKey.verify(md.digest().bytes(), msg) == false) { return false; } + if (obj.unauth.nodeCert.publicKey.verify(md.digest().bytes(), msg) == false) { return false; } // TODO: Check if this is slow or not. May n // Connection is a success, clean up obj.nodeid = obj.unauth.nodeid; diff --git a/meshcentral.js b/meshcentral.js index 641ca31b..351fd41e 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -6,6 +6,9 @@ * @version v0.0.1 */ +// If app metrics is available +if (process.argv[2] == '--launch') { try { require('appmetrics-dash').monitor({ url: '/', title: 'MeshCentral', port: 88, host: '127.0.0.1' }); } catch (e) { } } + function CreateMeshCentralServer() { var obj = {}; obj.db; @@ -30,7 +33,7 @@ function CreateMeshCentralServer() { obj.debugLevel = 0; obj.config = {}; // Configuration file obj.dbconfig = {}; // Persistance values, loaded from database - obj.certificateOperations = require('./certoperations.js').CertificateOperations(); + obj.certificateOperations = null; obj.defaultMeshCmd = null; obj.defaultMeshCore = null; obj.defaultMeshCoreHash = null; @@ -308,8 +311,10 @@ function CreateMeshCentralServer() { obj.updateMeshCmd(); // Load server certificates + obj.certificateOperations = require('./certoperations.js').CertificateOperations() obj.certificateOperations.GetMeshServerCertificate(obj.datapath, obj.args, obj.config, function (certs) { obj.certificates = certs; + obj.certificateOperations.acceleratorPerformSetState(certs); // Set the state of the accelerators // If the certificate is un-configured, force LAN-only mode if (obj.certificates.CommonName == 'un-configured') { console.log('Server name not configured, running in LAN-only mode.'); obj.args.lanonly = true; } @@ -719,7 +724,7 @@ function CreateMeshCentralServer() { var moduleName = modulesDir[i].substring(0, modulesDir[i].length - 3); var moduleDataB64 = obj.fs.readFileSync(obj.path.join(meshcorePath, 'modules_meshcore', modulesDir[i])).toString('base64'); moduleAdditions += 'try { addModule("' + moduleName + '", Buffer.from("' + moduleDataB64 + '", "base64")); addedModules.push("' + moduleName + '"); } catch (e) { }\r\n'; - if ((moduleName != 'amt_heci') && (moduleName != 'lme_heci')) { + if ((moduleName != 'amt_heci') && (moduleName != 'lme_heci') && (moduleName != 'amt-0.2.0.js') && (moduleName != 'amt-script-0.2.0.js') && (moduleName != 'amt-wsman-0.2.0.js') && (moduleName != 'amt-wsman-duk-0.2.0.js')) { moduleAdditionsNoMei += 'try { addModule("' + moduleName + '", Buffer.from("' + moduleDataB64 + '", "base64")); addedModules.push("' + moduleName + '"); } catch (e) { }\r\n'; } } diff --git a/multiserver.js b/multiserver.js index 939baca2..59501978 100644 --- a/multiserver.js +++ b/multiserver.js @@ -95,14 +95,13 @@ module.exports.CreateMultiServer = function (parent, args) { obj.servernonce = msg.substring(50); // Use our agent certificate root private key to sign the ServerHash + ServerNonce + PeerNonce - var privateKey = obj.forge.pki.privateKeyFromPem(obj.certificates.agent.key); var md = obj.forge.md.sha384.create(); md.update(msg.substring(2), 'binary'); md.update(obj.nonce, 'binary'); // Send back our certificate + signature - agentRootCertificateAsn1 = obj.forge.asn1.toDer(obj.forge.pki.certificateToAsn1(obj.forge.pki.certificateFromPem(obj.certificates.agent.cert))).getBytes(); - obj.ws.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(agentRootCertificateAsn1.length) + agentRootCertificatAsn1 + privateKey.sign(md)); // Command 3, signature + agentRootCertificateAsn1 = obj.forge.asn1.toDer(obj.forge.pki.certificateToAsn1(obj.certificates.agent.fcert)).getBytes(); + obj.ws.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(agentRootCertificateAsn1.length) + agentRootCertificatAsn1 + obj.certificates.agent.fkey.sign(md)); // Command 3, signature break; } case 2: { @@ -261,14 +260,13 @@ module.exports.CreateMultiServer = function (parent, args) { if (obj.webCertificateHash != msg.substring(2, 50)) { obj.close(); return; } // Use our server private key to sign the ServerHash + PeerNonce + ServerNonce - var privateKey = obj.forge.pki.privateKeyFromPem(obj.parent.parent.certificates.agent.key); var md = obj.forge.md.sha384.create(); md.update(msg.substring(2), 'binary'); md.update(obj.nonce, 'binary'); obj.peernonce = msg.substring(50); // Send back our certificate + signature - obj.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(obj.agentCertificateAsn1.length) + obj.agentCertificateAsn1 + privateKey.sign(md)); // Command 2, certificate + signature + obj.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(obj.agentCertificateAsn1.length) + obj.agentCertificateAsn1 + obj.parent.parent.certificates.agent.fkey.sign(md)); // Command 2, certificate + signature // Check the peer server signature if we can if (obj.unauthsign != null) { diff --git a/package.json b/package.json index 16a9198e..98826d00 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.1.1-v", + "version": "0.1.2-b", "keywords": [ "Remote Management", "Intel AMT", diff --git a/public/scripts/agent-desktop-0.0.2.js b/public/scripts/agent-desktop-0.0.2.js index e0b98be6..916caacf 100644 --- a/public/scripts/agent-desktop-0.0.2.js +++ b/public/scripts/agent-desktop-0.0.2.js @@ -28,6 +28,7 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) { obj.connectioncount = 0; obj.rotation = 0; obj.protocol = 2; // KVM + obj.debugmode = 0; obj.sessionid = 0; obj.username; @@ -169,13 +170,15 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) { if (str.length < 4) return; var cmdmsg = null, X = 0, Y = 0, command = ReadShort(str, 0), cmdsize = ReadShort(str, 2); if (command >= 18) { console.error("Invalid KVM command " + command + " of size " + cmdsize); obj.parent.Stop(); return; } - if (cmdsize > str.length) return; + if (cmdsize > str.length) { console.error("KVM invalid command size", cmdsize, str.length); return; } //meshOnDebug("KVM Command: " + command + " Len:" + cmdsize); + if (obj.debugmode == 1) { console.log("KVM Command: " + command + " Len:" + cmdsize); } if (command == 3 || command == 4 || command == 7) { cmdmsg = str.substring(4, cmdsize); X = ((cmdmsg.charCodeAt(0) & 0xFF) << 8) + (cmdmsg.charCodeAt(1) & 0xFF); Y = ((cmdmsg.charCodeAt(2) & 0xFF) << 8) + (cmdmsg.charCodeAt(3) & 0xFF); + //if (obj.debugmode == 1) { console.log("X=" + X + " Y=" + Y); } } switch (command) { diff --git a/public/scripts/agent-redir-ws-0.1.0.js b/public/scripts/agent-redir-ws-0.1.0.js index 42a741e1..94dd52f5 100644 --- a/public/scripts/agent-redir-ws-0.1.0.js +++ b/public/scripts/agent-redir-ws-0.1.0.js @@ -20,6 +20,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort) { obj.webrtc = null; obj.webchannel = null; obj.onStateChanged = null; + obj.debugmode = 0; // Private method //obj.debug = function (msg) { console.log(msg); } @@ -41,6 +42,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort) { } obj.xxOnSocketConnected = function () { + if (obj.debugmode == 1) { console.log('onSocketConnected'); } //obj.debug("Agent Redir Socket Connected"); obj.xxStateChange(2); } @@ -63,6 +65,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort) { } obj.xxOnMessage = function (e) { + if (obj.debugmode == 1) { console.log('Recv', e.data); } if (obj.State < 3) { if (e.data == 'c') { obj.socket.send(obj.protocol); @@ -156,10 +159,18 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort) { //obj.debug("Agent Redir Send(" + x.length + "): " + rstr2hex(x)); if (obj.socket != null && obj.socket.readyState == WebSocket.OPEN) { if (typeof x == 'string') { - var b = new Uint8Array(x.length); - for (var i = 0; i < x.length; ++i) { b[i] = x.charCodeAt(i); } - obj.socket.send(b.buffer); + if (obj.debugmode == 1) { + var b = new Uint8Array(x.length), c = []; + for (var i = 0; i < x.length; ++i) { b[i] = x.charCodeAt(i); c.push(x.charCodeAt(i)); } + obj.socket.send(b.buffer); + console.log('Send', c); + } else { + var b = new Uint8Array(x.length); + for (var i = 0; i < x.length; ++i) { b[i] = x.charCodeAt(i); } + obj.socket.send(b.buffer); + } } else { + if (obj.debugmode == 1) { console.log('Send', x); } obj.socket.send(x); } } @@ -167,7 +178,8 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort) { obj.xxOnSocketClosed = function () { //obj.debug("Agent Redir Socket Closed"); - obj.Stop(); + if (obj.debugmode == 1) { console.log('onSocketClosed'); } + obj.Stop(1); } obj.xxStateChange = function(newstate) { @@ -177,7 +189,8 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort) { if (obj.onStateChanged != null) obj.onStateChanged(obj, obj.State); } - obj.Stop = function () { + obj.Stop = function (x) { + if (obj.debugmode == 1) { console.log('stop', x); } //obj.debug("Agent Redir Socket Stopped"); obj.xxStateChange(0); obj.connectstate = -1; diff --git a/public/scripts/amt-redir-ws-0.1.0.js b/public/scripts/amt-redir-ws-0.1.0.js index 9a2778d3..8718ad6f 100644 --- a/public/scripts/amt-redir-ws-0.1.0.js +++ b/public/scripts/amt-redir-ws-0.1.0.js @@ -22,6 +22,7 @@ var CreateAmtRedirect = function (module) { // ###END###{!Mode-Firmware} obj.connectstate = 0; obj.protocol = module.protocol; // 1 = SOL, 2 = KVM, 3 = IDER + obj.debugmode = 0; obj.amtaccumulator = ""; obj.amtsequence = 1; @@ -48,6 +49,7 @@ var CreateAmtRedirect = function (module) { obj.xxOnSocketConnected = function () { //obj.Debug("Redir Socket Connected"); + if (obj.debugmode == 1) { console.log('onSocketConnected'); } obj.xxStateChange(2); if (obj.protocol == 1) obj.xxSend(obj.RedirectStartSol); // TODO: Put these strings in higher level module to tighten code if (obj.protocol == 2) obj.xxSend(obj.RedirectStartKvm); // Don't need these is the feature is not compiled-in. @@ -55,6 +57,7 @@ var CreateAmtRedirect = function (module) { } obj.xxOnMessage = function (e) { + if (obj.debugmode == 1) { console.log('Recv', e.data); } obj.inDataCount++; if (typeof e.data == 'object') { var f = new FileReader(); @@ -113,7 +116,7 @@ var CreateAmtRedirect = function (module) { cmdsize = (13 + oemlen); break; default: - obj.Stop(); + obj.Stop(1); break; } break; @@ -141,7 +144,7 @@ var CreateAmtRedirect = function (module) { // Basic Auth (Probably a good idea to not support this unless this is an old version of Intel AMT) obj.xxSend(String.fromCharCode(0x13, 0x00, 0x00, 0x00, 0x01) + IntToStrX(obj.user.length + obj.pass.length + 2) + String.fromCharCode(obj.user.length) + obj.user + String.fromCharCode(obj.pass.length) + obj.pass); } - else obj.Stop(); + else obj.Stop(2); } else if ((authType == 3 || authType == 4) && status == 1) { var curptr = 0; @@ -197,7 +200,7 @@ var CreateAmtRedirect = function (module) { obj.connectstate = 1; obj.xxStateChange(3); } - } else obj.Stop(); + } else obj.Stop(3); break; case 0x21: // Response to settings (33) if (obj.amtaccumulator.length < 23) break; @@ -232,7 +235,7 @@ var CreateAmtRedirect = function (module) { break; default: console.log("Unknown Intel AMT command: " + obj.amtaccumulator.charCodeAt(0) + " acclen=" + obj.amtaccumulator.length); - obj.Stop(); + obj.Stop(4); return; } if (cmdsize == 0) return; @@ -243,6 +246,7 @@ var CreateAmtRedirect = function (module) { obj.xxSend = function (x) { //obj.Debug("Redir Send(" + x.length + "): " + rstr2hex(x)); if (obj.socket != null && obj.socket.readyState == WebSocket.OPEN) { + if (obj.debugmode == 1) { console.log('Send', x); } var b = new Uint8Array(x.length); for (var i = 0; i < x.length; ++i) { b[i] = x.charCodeAt(i); } obj.socket.send(b.buffer); @@ -267,6 +271,7 @@ var CreateAmtRedirect = function (module) { } obj.xxOnSocketClosed = function () { + if (obj.debugmode == 1) { console.log('onSocketClosed'); } //obj.Debug("Redir Socket Closed"); if ((obj.inDataCount == 0) && (obj.tlsv1only == 0)) { obj.tlsv1only = 1; @@ -275,7 +280,7 @@ var CreateAmtRedirect = function (module) { obj.socket.onmessage = obj.xxOnMessage; obj.socket.onclose = obj.xxOnSocketClosed; } else { - obj.Stop(); + obj.Stop(5); } } @@ -286,7 +291,8 @@ var CreateAmtRedirect = function (module) { if (obj.onStateChanged != null) obj.onStateChanged(obj, obj.State); } - obj.Stop = function () { + obj.Stop = function (x) { + if (obj.debugmode == 1) { console.log('onSocketStop', x); } //obj.Debug("Redir Socket Stopped"); obj.xxStateChange(0); obj.connectstate = -1; diff --git a/views/default.handlebars b/views/default.handlebars index 68c01aaa..054f9040 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -482,7 +482,7 @@ -
+
@@ -509,7 +509,9 @@