From b7117641a058d2bf3d559975075486084b49a78d Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Mon, 22 Feb 2021 12:08:58 -0800 Subject: [PATCH] Improved AmtManager, Fixed missing image-size. --- amtmanager.js | 31 +++++++++++++++---------------- meshcentral-config-schema.json | 12 ++++++------ meshcentral.js | 6 +++--- meshuser.js | 11 +++++++++-- views/default-mobile.handlebars | 17 +++++++++++------ views/default.handlebars | 17 +++++++++++------ 6 files changed, 55 insertions(+), 39 deletions(-) diff --git a/amtmanager.js b/amtmanager.js index 7b9008bb..fb73bb27 100644 --- a/amtmanager.js +++ b/amtmanager.js @@ -255,6 +255,7 @@ module.exports.CreateAmtManager = function (parent) { // Handle server events // Make sure to only manage devices with connections to this server. In a multi-server setup, we don't want multiple managers talking to the same device. obj.HandleEvent = function (source, event, ids, id) { + if (event.noact == 1) return; // Take no action on these events. We are likely in peering mode and need to only act when the database signals the change in state. switch (event.action) { case 'removenode': { // React to node being removed removeDevice(event.nodeid); @@ -266,22 +267,21 @@ module.exports.CreateAmtManager = function (parent) { } case 'changenode': { // React to changes in a device var devices = obj.amtDevices[event.nodeid]; - if (devices = null) break; // We are not managing this device - if (event.amtchange === 1) { - // TODO - } else { - /* - var dev = obj.amtDevices[event.nodeid]; - if (dev != null) { - var amtchange = 0; - if (dev.name != event.node.name) { dev.name = event.node.name; } - if (dev.host != event.node.host) { - dev.host = event.node.host; - // The host has changed, if we are connected to this device locally, we need to reset. - if ((dev.conn & 4) != 0) { removeDevice(dev.nodeid); return; } // We are going to wait for the AMT scanned to find this device again. - } + if (devices == null) break; // We are not managing this device + for (var i in devices) { + var dev = devices[i]; + if (dev.name != event.node.name) { + //console.log('device name change'); + dev.name = event.node.name; + } + if (event.node.intelamt != null) { + dev.intelamt = event.node.intelamt; + } + if ((dev.connType == 3) && (dev.host != event.node.host)) { + //console.log('device host change', dev.host, event.node.host); + dev.host = event.node.host; // The host has changed, if we are connected to this device locally, we need to reset. + removeAmtDevice(dev); // We are going to wait for the AMT scanned to find this device again. } - */ } break; } @@ -486,7 +486,6 @@ module.exports.CreateAmtManager = function (parent) { dev.amtstack.dev = dev; obj.activeLocalConnections[dev.host] = dev; dev.amtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], attemptLocalConnectResponse); - dev.conntype = 1; // LOCAL } break; } diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index e7625324..724f1fd7 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -336,16 +336,16 @@ } }, "urlSwitching": { "type": "boolean", "default": true, "description": "When users navigate thru the web interface, the URL on top will change to point to the current screen. This allows a user to refresh or bookmark the URL and come back to the correct screen. Setting false here will disable this feature." }, - "desktopPrivacyBarText": { "type": "string" }, + "desktopPrivacyBarText": { "type": "string", "description": "This is the text that will be shown in the remote desktop privacy bar. You can use {0} to display the account realname or {1} to display the account identifier in the string." }, "limits": { "type": "object", "additionalProperties": false, "properties": { - "MaxDevices": { "type": "integer" }, - "MaxUserAccounts": { "type": "integer" }, - "MaxUserSessions": { "type": "integer" }, - "MaxAgentSessions": { "type": "integer" }, - "MaxSingleUserSessions": { "type": "integer" } + "MaxDevices": { "type": "integer", "default": null, "description": "Maximum number of devices in this domain." }, + "MaxUserAccounts": { "type": "integer", "default": null, "description": "Maximum number of devices in this domain." }, + "MaxUserSessions": { "type": "integer", "default": null, "description": "Maximum number of user sessions that can connect to this server for this domain." }, + "MaxAgentSessions": { "type": "integer", "default": null, "description": "Maximum number of agents that can connect to this server for this domain." }, + "MaxSingleUserSessions": { "type": "integer", "default": null, "description": "Maximum number of sessions a single user can have. Each time a user opens a new browser tab or opens a new browser on a different computer, a new user session is created." } } }, "terminal": { diff --git a/meshcentral.js b/meshcentral.js index 8108845c..6aa3b6a8 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -3039,7 +3039,7 @@ function mainStart() { var allsspi = true; var yubikey = false; var mstsc = false; - var recordingIndex = false; + var sessionRecording = false; var domainCount = 0; var wildleek = false; var nodemailer = false; @@ -3062,7 +3062,7 @@ function mainStart() { if ((typeof config.domains[i].authstrategies.azure == 'object') && (typeof config.domains[i].authstrategies.azure.clientid == 'string') && (typeof config.domains[i].authstrategies.azure.clientsecret == 'string') && (typeof config.domains[i].authstrategies.azure.tenantid == 'string') && (passport.indexOf('passport-azure-oauth2') == -1)) { passport.push('passport-azure-oauth2'); passport.push('jwt-simple'); } if ((typeof config.domains[i].authstrategies.saml == 'object') || (typeof config.domains[i].authstrategies.jumpcloud == 'object')) { passport.push('passport-saml'); } } - if ((config.domains[i].sessionrecording != null) && (config.domains[i].sessionrecording.index == true)) { recordingIndex = true; } + if (config.domains[i].sessionrecording != null) { sessionRecording = true; } if ((config.domains[i].passwordrequirements != null) && (config.domains[i].passwordrequirements.bancommonpasswords == true)) { if (nodeVersion < 8) { config.domains[i].passwordrequirements = false; addServerWarning('Common password checking requires NodeJS v8 or above.'); } else { wildleek = true; } } } @@ -3072,7 +3072,7 @@ function mainStart() { if (ldap == true) { modules.push('ldapauth-fork'); } if (mstsc == true) { modules.push('node-rdpjs-2'); } if (passport != null) { modules.push(...passport); } - if (recordingIndex == true) { modules.push('image-size'); } // Need to get the remote desktop JPEG sizes to index the recodring file. + if (sessionRecording == true) { modules.push('image-size'); } // Need to get the remote desktop JPEG sizes to index the recodring file. if (config.letsencrypt != null) { if (nodeVersion < 8) { addServerWarning("Let's Encrypt support requires Node v8.x or higher.", !args.launch); } else { modules.push('acme-client'); } } // Add acme-client module if (config.settings.mqtt != null) { modules.push('aedes'); } // Add MQTT Modules if (config.settings.mysql != null) { modules.push('mysql'); } // Add MySQL, official driver. diff --git a/meshuser.js b/meshuser.js index 48de10b5..428ae120 100644 --- a/meshuser.js +++ b/meshuser.js @@ -4047,8 +4047,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use } if (command.desc != null && (command.desc != node.desc)) { change = 1; node.desc = command.desc; changes.push('description'); } if (command.intelamt != null) { - if ((parent.parent.amtManager == null) || (node.intelamt.user == null) || (node.intelamt.user == '') || ((node.intelamt.warn != null) && ((node.intelamt.warn) & 1 != 0))) { // Only allow changes to Intel AMT credentials if AMT manager is not running, or manager warned of unknown credentials. - if ((command.intelamt.user != null) && (command.intelamt.pass != null) && ((command.intelamt.user != node.intelamt.user) || (command.intelamt.pass != node.intelamt.pass))) { change = 1; node.intelamt.user = command.intelamt.user; node.intelamt.pass = command.intelamt.pass; changes.push('Intel AMT credentials'); amtchange = 1; } + if ((parent.parent.amtManager == null) || (node.intelamt.user == null) || (node.intelamt.user == '') || ((node.intelamt.warn != null) && ((node.intelamt.warn) & 3 != 0))) { // Only allow changes to Intel AMT credentials if AMT manager is not running, or manager warned of unknown/trying credentials. + if ((command.intelamt.user != null) && (command.intelamt.pass != null) && ((command.intelamt.user != node.intelamt.user) || (command.intelamt.pass != node.intelamt.pass))) { + change = 1; + node.intelamt.user = command.intelamt.user; + node.intelamt.pass = command.intelamt.pass; + node.intelamt.warn = 2; // Change warning to "Trying". Bit flags: 0 = Valid credentials, 1 = Invalid credentials, 2 = Trying new credentials. + changes.push('Intel AMT credentials'); + amtchange = 1; + } } // Only allow the user to set Intel AMT TLS state if AMT Manager is not active. AMT manager will auto-detect TLS state. if ((parent.parent.amtManager != null) && (command.intelamt.tls != null) && (command.intelamt.tls != node.intelamt.tls)) { change = 1; node.intelamt.tls = command.intelamt.tls; changes.push('Intel AMT TLS'); } diff --git a/views/default-mobile.handlebars b/views/default-mobile.handlebars index c436007b..49de7955 100644 --- a/views/default-mobile.handlebars +++ b/views/default-mobile.handlebars @@ -3125,12 +3125,17 @@ } else { str += ', ' + "No Credentials" + ''; } - } else if (((features2 & 1) != 0) && (node.intelamt.warn != null) && ((node.intelamt.warn & 1) != 0)) { // If AMT manager is running and warned of invalid credentials, allow setting them. - if ((meshrights & 4) != 0) { - str += ', ' + "Invalid Credentials" + ''; - editUserCredentialsIcon = true; - } else { - str += ', ' + "Invalid Credentials" + ''; + } else if (((features2 & 1) != 0) && (node.intelamt.warn != null)) { // If AMT manager is running and warned of invalid credentials, allow setting them. + var warn = null; + if ((node.intelamt.warn & 1) != 0) { warn = "Invalid Credentials"; } + if ((node.intelamt.warn & 2) != 0) { warn = "Trying Credentials"; } + if (warn != null) { + if ((meshrights & 4) != 0) { + str += ', ' + warn + ''; + editUserCredentialsIcon = true; + } else { + str += ', ' + warn + ''; + } } } diff --git a/views/default.handlebars b/views/default.handlebars index fc4d6e51..e6d2d279 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -5924,12 +5924,17 @@ } else { str += ', ' + "No Credentials" + ''; } - } else if (((features2 & 1) != 0) && (node.intelamt.warn != null) && ((node.intelamt.warn & 1) != 0)) { // If AMT manager is running and warned of invalid credentials, allow setting them. - if ((meshrights & 4) != 0) { - str += ', ' + "Invalid Credentials" + ''; - editUserCredentialsIcon = true; - } else { - str += ', ' + "Invalid Credentials" + ''; + } else if (((features2 & 1) != 0) && (node.intelamt.warn != null)) { // If AMT manager is running and warned of invalid credentials, allow setting them. + var warn = null; + if ((node.intelamt.warn & 1) != 0) { warn = "Invalid Credentials"; } + if ((node.intelamt.warn & 2) != 0) { warn = "Trying Credentials"; } + if (warn != null) { + if ((meshrights & 4) != 0) { + str += ', ' + warn + ''; + editUserCredentialsIcon = true; + } else { + str += ', ' + warn + ''; + } } }