external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-12 11:01:52 +00:00
Code Issues Releases Wiki Activity

Improved AmtManager, Fixed missing image-size.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2021-02-22 12:08:58 -08:00
parent 66061120ea
commit b7117641a0
6 changed files with 55 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
amtmanager.js
View file

@ -255,6 +255,7 @@ module.exports.CreateAmtManager = function (parent) {
// Handle server events // Handle server events
// Make sure to only manage devices with connections to this server. In a multi-server setup, we don't want multiple managers talking to the same device. // Make sure to only manage devices with connections to this server. In a multi-server setup, we don't want multiple managers talking to the same device.
obj.HandleEvent = function (source, event, ids, id) { obj.HandleEvent = function (source, event, ids, id) {
if (event.noact == 1) return; // Take no action on these events. We are likely in peering mode and need to only act when the database signals the change in state.
switch (event.action) { switch (event.action) {
case 'removenode': { // React to node being removed case 'removenode': { // React to node being removed
removeDevice(event.nodeid); removeDevice(event.nodeid);
@ -266,22 +267,21 @@ module.exports.CreateAmtManager = function (parent) {
} }
case 'changenode': { // React to changes in a device case 'changenode': { // React to changes in a device
var devices = obj.amtDevices[event.nodeid]; var devices = obj.amtDevices[event.nodeid];
if (devices = null) break; // We are not managing this device if (devices == null) break; // We are not managing this device
if (event.amtchange === 1) { for (var i in devices) {
// TODO var dev = devices[i];
} else { if (dev.name != event.node.name) {
/* //console.log('device name change');
var dev = obj.amtDevices[event.nodeid]; dev.name = event.node.name;
if (dev != null) { }
var amtchange = 0; if (event.node.intelamt != null) {
if (dev.name != event.node.name) { dev.name = event.node.name; } dev.intelamt = event.node.intelamt;
if (dev.host != event.node.host) { }
dev.host = event.node.host; if ((dev.connType == 3) && (dev.host != event.node.host)) {
// The host has changed, if we are connected to this device locally, we need to reset. //console.log('device host change', dev.host, event.node.host);
if ((dev.conn & 4) != 0) { removeDevice(dev.nodeid); return; } // We are going to wait for the AMT scanned to find this device again. dev.host = event.node.host; // The host has changed, if we are connected to this device locally, we need to reset.
} removeAmtDevice(dev); // We are going to wait for the AMT scanned to find this device again.
} }
*/
} }
break; break;
} }
@ -486,7 +486,6 @@ module.exports.CreateAmtManager = function (parent) {
dev.amtstack.dev = dev; dev.amtstack.dev = dev;
obj.activeLocalConnections[dev.host] = dev; obj.activeLocalConnections[dev.host] = dev;
dev.amtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], attemptLocalConnectResponse); dev.amtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], attemptLocalConnectResponse);
dev.conntype = 1; // LOCAL
} }
break; break;
} }

12
meshcentral-config-schema.json
View file

@ -336,16 +336,16 @@
} }
}, },
"urlSwitching": { "type": "boolean", "default": true, "description": "When users navigate thru the web interface, the URL on top will change to point to the current screen. This allows a user to refresh or bookmark the URL and come back to the correct screen. Setting false here will disable this feature." }, "urlSwitching": { "type": "boolean", "default": true, "description": "When users navigate thru the web interface, the URL on top will change to point to the current screen. This allows a user to refresh or bookmark the URL and come back to the correct screen. Setting false here will disable this feature." },
"desktopPrivacyBarText": { "type": "string" }, "desktopPrivacyBarText": { "type": "string", "description": "This is the text that will be shown in the remote desktop privacy bar. You can use {0} to display the account realname or {1} to display the account identifier in the string." },
"limits": { "limits": {
"type": "object", "type": "object",
"additionalProperties": false, "additionalProperties": false,
"properties": { "properties": {
"MaxDevices": { "type": "integer" }, "MaxDevices": { "type": "integer", "default": null, "description": "Maximum number of devices in this domain." },
"MaxUserAccounts": { "type": "integer" }, "MaxUserAccounts": { "type": "integer", "default": null, "description": "Maximum number of devices in this domain." },
"MaxUserSessions": { "type": "integer" }, "MaxUserSessions": { "type": "integer", "default": null, "description": "Maximum number of user sessions that can connect to this server for this domain." },
"MaxAgentSessions": { "type": "integer" }, "MaxAgentSessions": { "type": "integer", "default": null, "description": "Maximum number of agents that can connect to this server for this domain." },
"MaxSingleUserSessions": { "type": "integer" } "MaxSingleUserSessions": { "type": "integer", "default": null, "description": "Maximum number of sessions a single user can have. Each time a user opens a new browser tab or opens a new browser on a different computer, a new user session is created." }
} }
}, },
"terminal": { "terminal": {

6
meshcentral.js
View file

@ -3039,7 +3039,7 @@ function mainStart() {
var allsspi = true; var allsspi = true;
var yubikey = false; var yubikey = false;
var mstsc = false; var mstsc = false;
var recordingIndex = false; var sessionRecording = false;
var domainCount = 0; var domainCount = 0;
var wildleek = false; var wildleek = false;
var nodemailer = false; var nodemailer = false;
@ -3062,7 +3062,7 @@ function mainStart() {
if ((typeof config.domains[i].authstrategies.azure == 'object') && (typeof config.domains[i].authstrategies.azure.clientid == 'string') && (typeof config.domains[i].authstrategies.azure.clientsecret == 'string') && (typeof config.domains[i].authstrategies.azure.tenantid == 'string') && (passport.indexOf('passport-azure-oauth2') == -1)) { passport.push('passport-azure-oauth2'); passport.push('jwt-simple'); } if ((typeof config.domains[i].authstrategies.azure == 'object') && (typeof config.domains[i].authstrategies.azure.clientid == 'string') && (typeof config.domains[i].authstrategies.azure.clientsecret == 'string') && (typeof config.domains[i].authstrategies.azure.tenantid == 'string') && (passport.indexOf('passport-azure-oauth2') == -1)) { passport.push('passport-azure-oauth2'); passport.push('jwt-simple'); }
if ((typeof config.domains[i].authstrategies.saml == 'object') || (typeof config.domains[i].authstrategies.jumpcloud == 'object')) { passport.push('passport-saml'); } if ((typeof config.domains[i].authstrategies.saml == 'object') || (typeof config.domains[i].authstrategies.jumpcloud == 'object')) { passport.push('passport-saml'); }
} }
if ((config.domains[i].sessionrecording != null) && (config.domains[i].sessionrecording.index == true)) { recordingIndex = true; } if (config.domains[i].sessionrecording != null) { sessionRecording = true; }
if ((config.domains[i].passwordrequirements != null) && (config.domains[i].passwordrequirements.bancommonpasswords == true)) { if (nodeVersion < 8) { config.domains[i].passwordrequirements = false; addServerWarning('Common password checking requires NodeJS v8 or above.'); } else { wildleek = true; } } if ((config.domains[i].passwordrequirements != null) && (config.domains[i].passwordrequirements.bancommonpasswords == true)) { if (nodeVersion < 8) { config.domains[i].passwordrequirements = false; addServerWarning('Common password checking requires NodeJS v8 or above.'); } else { wildleek = true; } }
} }
@ -3072,7 +3072,7 @@ function mainStart() {
if (ldap == true) { modules.push('ldapauth-fork'); } if (ldap == true) { modules.push('ldapauth-fork'); }
if (mstsc == true) { modules.push('node-rdpjs-2'); } if (mstsc == true) { modules.push('node-rdpjs-2'); }
if (passport != null) { modules.push(...passport); } if (passport != null) { modules.push(...passport); }
if (recordingIndex == true) { modules.push('image-size'); } // Need to get the remote desktop JPEG sizes to index the recodring file. if (sessionRecording == true) { modules.push('image-size'); } // Need to get the remote desktop JPEG sizes to index the recodring file.
if (config.letsencrypt != null) { if (nodeVersion < 8) { addServerWarning("Let's Encrypt support requires Node v8.x or higher.", !args.launch); } else { modules.push('acme-client'); } } // Add acme-client module if (config.letsencrypt != null) { if (nodeVersion < 8) { addServerWarning("Let's Encrypt support requires Node v8.x or higher.", !args.launch); } else { modules.push('acme-client'); } } // Add acme-client module
if (config.settings.mqtt != null) { modules.push('aedes'); } // Add MQTT Modules if (config.settings.mqtt != null) { modules.push('aedes'); } // Add MQTT Modules
if (config.settings.mysql != null) { modules.push('mysql'); } // Add MySQL, official driver. if (config.settings.mysql != null) { modules.push('mysql'); } // Add MySQL, official driver.

11
meshuser.js
View file

@ -4047,8 +4047,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} }
if (command.desc != null && (command.desc != node.desc)) { change = 1; node.desc = command.desc; changes.push('description'); } if (command.desc != null && (command.desc != node.desc)) { change = 1; node.desc = command.desc; changes.push('description'); }
if (command.intelamt != null) { if (command.intelamt != null) {
if ((parent.parent.amtManager == null) || (node.intelamt.user == null) || (node.intelamt.user == '') || ((node.intelamt.warn != null) && ((node.intelamt.warn) & 1 != 0))) { // Only allow changes to Intel AMT credentials if AMT manager is not running, or manager warned of unknown credentials. if ((parent.parent.amtManager == null) || (node.intelamt.user == null) || (node.intelamt.user == '') || ((node.intelamt.warn != null) && ((node.intelamt.warn) & 3 != 0))) { // Only allow changes to Intel AMT credentials if AMT manager is not running, or manager warned of unknown/trying credentials.
if ((command.intelamt.user != null) && (command.intelamt.pass != null) && ((command.intelamt.user != node.intelamt.user) || (command.intelamt.pass != node.intelamt.pass))) { change = 1; node.intelamt.user = command.intelamt.user; node.intelamt.pass = command.intelamt.pass; changes.push('Intel AMT credentials'); amtchange = 1; } if ((command.intelamt.user != null) && (command.intelamt.pass != null) && ((command.intelamt.user != node.intelamt.user) || (command.intelamt.pass != node.intelamt.pass))) {
change = 1;
node.intelamt.user = command.intelamt.user;
node.intelamt.pass = command.intelamt.pass;
node.intelamt.warn = 2; // Change warning to "Trying". Bit flags: 0 = Valid credentials, 1 = Invalid credentials, 2 = Trying new credentials.
changes.push('Intel AMT credentials');
amtchange = 1;
}
} }
// Only allow the user to set Intel AMT TLS state if AMT Manager is not active. AMT manager will auto-detect TLS state. // Only allow the user to set Intel AMT TLS state if AMT Manager is not active. AMT manager will auto-detect TLS state.
if ((parent.parent.amtManager != null) && (command.intelamt.tls != null) && (command.intelamt.tls != node.intelamt.tls)) { change = 1; node.intelamt.tls = command.intelamt.tls; changes.push('Intel AMT TLS'); } if ((parent.parent.amtManager != null) && (command.intelamt.tls != null) && (command.intelamt.tls != node.intelamt.tls)) { change = 1; node.intelamt.tls = command.intelamt.tls; changes.push('Intel AMT TLS'); }

17
views/default-mobile.handlebars
View file

@ -3125,12 +3125,17 @@
} else { } else {
str += ', <i style=color:#FF0000>' + "No Credentials" + '</i>'; str += ', <i style=color:#FF0000>' + "No Credentials" + '</i>';
} }
} else if (((features2 & 1) != 0) && (node.intelamt.warn != null) && ((node.intelamt.warn & 1) != 0)) { // If AMT manager is running and warned of invalid credentials, allow setting them. } else if (((features2 & 1) != 0) && (node.intelamt.warn != null)) { // If AMT manager is running and warned of invalid credentials, allow setting them.
if ((meshrights & 4) != 0) { var warn = null;
str += ', <i style=color:#FF0000;cursor:pointer title="' + "Edit Intel&reg; AMT credentials" + '" onclick=editDeviceAmtSettings("' + node._id + '")>' + "Invalid Credentials" + '</i>'; if ((node.intelamt.warn & 1) != 0) { warn = "Invalid Credentials"; }
editUserCredentialsIcon = true; if ((node.intelamt.warn & 2) != 0) { warn = "Trying Credentials"; }
} else { if (warn != null) {
str += ', <i style=color:#FF0000>' + "Invalid Credentials" + '</i>'; if ((meshrights & 4) != 0) {
str += ', <i style=color:#FF0000;cursor:pointer title="' + "Edit Intel&reg; AMT credentials" + '" onclick=editDeviceAmtSettings("' + node._id + '")>' + warn + '</i>';
editUserCredentialsIcon = true;
} else {
str += ', <i style=color:#FF0000>' + warn + '</i>';
}
} }
} }

17
views/default.handlebars
View file

@ -5924,12 +5924,17 @@
} else { } else {
str += ', <i style=color:#FF0000>' + "No Credentials" + '</i>'; str += ', <i style=color:#FF0000>' + "No Credentials" + '</i>';
} }
} else if (((features2 & 1) != 0) && (node.intelamt.warn != null) && ((node.intelamt.warn & 1) != 0)) { // If AMT manager is running and warned of invalid credentials, allow setting them. } else if (((features2 & 1) != 0) && (node.intelamt.warn != null)) { // If AMT manager is running and warned of invalid credentials, allow setting them.
if ((meshrights & 4) != 0) { var warn = null;
str += ', <i style=color:#FF0000;cursor:pointer title="' + "Edit Intel&reg; AMT credentials" + '" onclick=editDeviceAmtSettings("' + node._id + '")>' + "Invalid Credentials" + '</i>'; if ((node.intelamt.warn & 1) != 0) { warn = "Invalid Credentials"; }
editUserCredentialsIcon = true; if ((node.intelamt.warn & 2) != 0) { warn = "Trying Credentials"; }
} else { if (warn != null) {
str += ', <i style=color:#FF0000>' + "Invalid Credentials" + '</i>'; if ((meshrights & 4) != 0) {
str += ', <i style=color:#FF0000;cursor:pointer title="' + "Edit Intel&reg; AMT credentials" + '" onclick=editDeviceAmtSettings("' + node._id + '")>' + warn + '</i>';
editUserCredentialsIcon = true;
} else {
str += ', <i style=color:#FF0000>' + warn + '</i>';
}
} }
} }