external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Can now specify IP and IP range for ignoreAgentHashCheck.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2020-12-30 16:54:02 -08:00
parent b7591dc5bb
commit e8fccb984c
4 changed files with 30 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

23
meshagent.js
View file

@ -402,7 +402,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
if ((msg.length != 98) || ((obj.receivedCommands & 1) != 0)) return;
obj.receivedCommands += 1; // Agent can't send the same command twice on the same connection ever. Block DOS attack path.
if ((args.ignoreagenthashcheck === true) || (domain.ignoreagenthashcheck === true)) {
if (isIgnoreHashCheck()) {
// Send the agent web hash back to the agent
// Send 384 bits SHA384 hash of TLS cert + 384 bits nonce
obj.sendBinary(common.ShortToStr(1) + msg.substring(2, 50) + obj.nonce); // Command 1, hash + nonce. Use the web hash given by the agent.
@ -1680,6 +1680,27 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
obj.send('{"action":"msg","type":"tunnel","value":"*/' + (((domain.dns == null) && (domain.id != '')) ? (domain.id + '/') : '') + 'agenttransfer.ashx?c=' + cookie + '","rights":"4294967295"}');
}
// Return true if we need to ignore the agent hash check
function isIgnoreHashCheck() {
if ((args.ignoreagenthashcheck === true) || (domain.ignoreagenthashcheck === true)) return true;
// Check site wide exceptions
if (Array.isArray(args.ignoreagenthashcheck)) {
for (var i = 0; i < args.ignoreagenthashcheck.length; i++) {
if (require('ipcheck').match(obj.remoteaddr, args.ignoreagenthashcheck[i])) return true;
}
}
// Check domain wide exceptions
if (Array.isArray(domain.ignoreagenthashcheck)) {
for (var i = 0; i < domain.ignoreagenthashcheck.length; i++) {
if (require('ipcheck').match(obj.remoteaddr, domain.ignoreagenthashcheck[i])) return true;
}
}
return false;
}
// Generate a random Intel AMT password
function checkAmtPassword(p) { return (p.length > 7) && (/\d/.test(p)) && (/[a-z]/.test(p)) && (/[A-Z]/.test(p)) && (/\W/.test(p)); }
function getRandomAmtPassword() { var p; do { p = Buffer.from(parent.crypto.randomBytes(9), 'binary').toString('base64').split('/').join('@'); } while (checkAmtPassword(p) == false); return p; }