external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

AMT Manager improvements.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2021-02-22 14:41:54 -08:00
parent b7117641a0
commit 5298d1c5c9
6 changed files with 48 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

4
meshagent.js
View file

@ -439,6 +439,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
parent.parent.debug('agent', 'Agent reported web cert hash:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex')) + '.');
console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (Buffer.from(getWebCertHash(domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (Buffer.from(getWebCertFullHash(domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').');
console.log('Agent reported web cert hash:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex')) + '.');
delete obj.agentSeenCerthash;
return;
} else {
// The hash matched one of the acceptable values, send the agent web hash back to the agent
@ -1078,6 +1079,9 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
if (isIgnoreHashCheck() == false) {
var verified = false;
// This agent did not report a valid TLS certificate hash, fail now.
if (obj.agentSeenCerthash == null) return false;
// Raw RSA signatures have an exact length of 256 or 384. PKCS7 is larger.
if ((msg.length != 384) && (msg.length != 256)) {
// Verify a PKCS7 signature.