From b907100d8b53e71caf40bc3270b3fe4016b3995b Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Fri, 10 Jan 2020 11:19:23 -0800 Subject: [PATCH] Improved IP blocking, improved relay tunnel error in meshcore.js --- agents/meshcore.js | 4 ++-- package.json | 2 +- webserver.js | 23 ++++++++++++++--------- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/agents/meshcore.js b/agents/meshcore.js index c8e0ca10..97100784 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -629,7 +629,7 @@ function createMeshCore(agent) { //sendConsoleText('TUNNEL: ' + JSON.stringify(data)); var tunnel = http.request(woptions); tunnel.upgrade = onTunnelUpgrade; - tunnel.on('error', function (e) { sendConsoleText("ERROR: " + JSON.stringify(e)); }); + tunnel.on('error', function (e) { sendConsoleText("ERROR: Unable to connect relay tunnel to: " + this.url + ", " + JSON.stringify(e)); }); tunnel.sessionid = data.sessionid; tunnel.rights = data.rights; tunnel.consent = data.consent; @@ -2428,7 +2428,7 @@ function createMeshCore(agent) { } catch (e) { response = 'Invalid HTTP websocket request'; } if (httprequest != null) { httprequest.upgrade = onWebSocketUpgrade; - httprequest.on('error', function (e) { sendConsoleText('ERROR: ' + JSON.stringify(e)); }); + httprequest.on('error', function (e) { sendConsoleText("ERROR: Unable to connect to: " + this.url + ", " + JSON.stringify(e)); }); var index = 1; while (consoleWebSockets[index]) { index++; } diff --git a/package.json b/package.json index 78cc93ac..d77bcf02 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.4.7-f", + "version": "0.4.7-h", "keywords": [ "Remote Management", "Intel AMT", diff --git a/webserver.js b/webserver.js index 1c769868..a91d2477 100644 --- a/webserver.js +++ b/webserver.js @@ -85,6 +85,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { obj.dnsDomains = {}; obj.relaySessionCount = 0; obj.relaySessionErrorCount = 0; + obj.blockedUsers = 0; + obj.blockedAgents = 0; obj.renderPages = null; obj.renderLanguages = []; @@ -247,7 +249,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { sessionsCount: Object.keys(obj.sessionsCount).length, wsrelays: Object.keys(obj.wsrelays).length, wsPeerRelays: Object.keys(obj.wsPeerRelays).length, - tlsSessionStore: Object.keys(tlsSessionStore).length + tlsSessionStore: Object.keys(tlsSessionStore).length, + blockedUsers: obj.blockedUsers, + blockedAgents: obj.blockedAgents }; } @@ -453,6 +457,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { var ip; if (req.connection) { // HTTP(S) request ip = req.ip; + if (ip) { for (var i = 0; i < ipList.length; i++) { if (require('ipcheck').match(ip, ipList[i])) { if (closeIfThis === true) { res.sendStatus(401); } return true; } } } if (closeIfThis === false) { res.sendStatus(401); } } else if (req._socket) { // WebSocket request @@ -472,21 +477,21 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Check if the source IP address is allowed, return domain if allowed function checkUserIpAddress(req, res) { - if ((obj.userBlockedIp != null) && (checkIpAddressEx(req, res, obj.userBlockedIp, true) == true)) { return null; } - if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) == false)) { return null; } + if ((parent.config.settings.userblockedip != null) && (checkIpAddressEx(req, res, parent.config.settings.userblockedip, true) == true)) { obj.blockedUsers++; return null; } + if ((parent.config.settings.userallowedip != null) && (checkIpAddressEx(req, res, parent.config.settings.userallowedip, false) == false)) { obj.blockedUsers++; return null; } const domain = (req.url ? getDomain(req) : getDomain(res)); - if ((domain.userblockedip != null) && (checkIpAddressEx(req, res, domain.userblockedip, true) == true)) { return null; } - if ((domain.userallowedip != null) && (checkIpAddressEx(req, res, domain.userallowedip, false) == false)) { return null; } + if ((domain.userblockedip != null) && (checkIpAddressEx(req, res, domain.userblockedip, true) == true)) { obj.blockedUsers++; return null; } + if ((domain.userallowedip != null) && (checkIpAddressEx(req, res, domain.userallowedip, false) == false)) { obj.blockedUsers++; return null; } return domain; } // Check if the source IP address is allowed, return domain if allowed function checkAgentIpAddress(req, res) { - if ((obj.agentBlockedIp != null) && (checkIpAddressEx(req, res, obj.agentBlockedIp, null) == true)) { return null; } - if ((obj.agentAllowedIp != null) && (checkIpAddressEx(req, res, obj.agentAllowedIp, null) == false)) { return null; } + if ((parent.config.settings.agentblockedip != null) && (checkIpAddressEx(req, res, parent.config.settings.agentblockedip, true) == true)) { obj.blockedAgents++; return null; } + if ((parent.config.settings.agentallowedip != null) && (checkIpAddressEx(req, res, parent.config.settings.agentallowedip, false) == false)) { obj.blockedAgents++; return null; } const domain = (req.url ? getDomain(req) : getDomain(res)); - if ((domain.agentblockedip != null) && (checkIpAddressEx(req, res, domain.agentblockedip, null) == true)) { return null; } - if ((domain.agentallowedip != null) && (checkIpAddressEx(req, res, domain.agentallowedip, null) == false)) { return null; } + if ((domain.agentblockedip != null) && (checkIpAddressEx(req, res, domain.agentblockedip, null) == true)) { obj.blockedAgents++; return null; } + if ((domain.agentallowedip != null) && (checkIpAddressEx(req, res, domain.agentallowedip, null) == false)) { obj.blockedAgents++; return null; } return domain; }