Merge branch 'master' of https://github.com/Ylianst/MeshCentral into master

2025-03-09 15:40:18 +00:00 · 2021-01-14 17:08:40 -08:00 · 2021-01-14 17:08:40 -08:00 · f00e565d8b
commit f00e565d8b
parent 522836eacc 2f5482e230
10 changed files with 49 additions and 17 deletions
--- a/agents/MeshCmd-signed.exe
+++ b/agents/MeshCmd-signed.exe
--- a/agents/MeshCmd64-signed.exe
+++ b/agents/MeshCmd64-signed.exe
--- a/agents/MeshService-signed.exe
+++ b/agents/MeshService-signed.exe
--- a/agents/MeshService.exe
+++ b/agents/MeshService.exe
--- a/agents/MeshService64-signed.exe
+++ b/agents/MeshService64-signed.exe
--- a/agents/MeshService64.exe
+++ b/agents/MeshService64.exe
--- a/agents/hashagents.txt
+++ b/agents/hashagents.txt
@ -1,7 +1,7 @@
 3: MeshService-signed.exe
-16BA1ABBE4B84FC9A478E75361CF164FCEA4D4F53EC55BA7678696115C62CD1BB385E07FA7A5359F8600C0B0957D392A
+6FF49B8B81A503262F8CEB34A576862D9ED1F4B0F5FBB669887583C6CA5FF9D8581C900F6747755A45EE3E30E9F7E2D1
 4: MeshService64-signed.exe
-DBEF331A4332EBC3A3EFB9536DF39DBDBBB31650FD8502236753961F7CF2F3B4F36A897AB752D5181CDDEDD1EFB93297
+F51ADCD0AC511927BD3C18325FDD3750763A007A52AAF694E576B11F4D0FBEE06586179BED1AB7BA3BA7063BD2034B9C
 5: meshagent_x86
 08554B5CD498718781371208D91BA42B41A92E704D14F1A4352B9A12BF73426368A6C542362372AD80EC80631D644434
 6: meshagent_x86-64
--- a/agents/recoverycore.js
+++ b/agents/recoverycore.js
@ -287,7 +287,7 @@ function getServerTargetUrlEx(url) {

 require('MeshAgent').on('Connected', function () {
    require('os').name().then(function (v) {
-        sendConsoleText("Mesh Agent Receovery Console, OS: " + v);
+        //sendConsoleText("Mesh Agent Receovery Console, OS: " + v);
        require('MeshAgent').SendCommand(meshCoreObj);
    });
 });
--- a/meshagent.js
+++ b/meshagent.js
@ -167,7 +167,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
                // If we have a core, use it.
                if (corename != null) {
                    const meshcorehash = parent.parent.defaultMeshCoresHash[corename];
-                    if (agentMeshCoreHash != meshcorehash) {
+                    if ((agentMeshCoreHash != meshcorehash) || (obj.agentCoreUpdate === true)) {
                        if ((obj.agentCoreCheck < 5) || (obj.agentCoreCheck == 1001)) {
                            if (meshcorehash == null) {
                                // Clear the core
@ -187,7 +187,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
                                obj.agentCoreUpdatePending = true;
                                parent.parent.taskLimiter.launch(function (argument, taskid, taskLimiterQueue) {
                                    if (obj.authenticated == 2) {
-                                        // Send the updated code.
+                                        // Send the updated core.
                                        delete obj.agentCoreUpdatePending;
                                        obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + argument.hash + argument.core, function () { parent.parent.taskLimiter.completed(taskid); }); // MeshCommand_CoreModule, start core update
                                        parent.agentStats.updatingCoreCount++;
@ -234,7 +234,15 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
            else if (cmdid == 12) { // MeshCommand_AgentHash
                if ((msg.length == 52) && (obj.agentExeInfo != null) && (obj.agentExeInfo.update == true)) {
                    const agenthash = msg.substring(4);
-                    if (compareAgentBinaryHash(obj.agentExeInfo, agenthash)) {
+                    const agentUpdateMethod = compareAgentBinaryHash(obj.agentExeInfo, agenthash)
+                    if (agentUpdateMethod === 2) { // Use meshcore agent update system
+                        // Send the recovery core to the agent, if the agent is capable of running one
+                        if (((obj.agentInfo.capabilities & 16) != 0) && (parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].core != null)) {
+                            obj.agentCoreCheck = 1001;
+                            obj.agentCoreUpdate = true;
+                            obj.sendBinary(common.ShortToStr(11) + common.ShortToStr(0)); // Command 11, ask for mesh core hash.
+                        }
+                    } else if (agentUpdateMethod === 1) { // Use native agent update system
                        // Mesh agent update required, do it using task limiter so not to flood the network. Medium priority task.
                        parent.parent.taskLimiter.launch(function (argument, taskid, taskLimiterQueue) {
                            if (obj.authenticated != 2) { parent.parent.taskLimiter.completed(taskid); return; } // If agent disconnection, complete and exit now.
@ -516,6 +524,9 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
            } else if (cmd == 5) {
                // ServerID. Agent is telling us what serverid it expects. Useful if we have many server certificates.
                if ((msg.substring(2, 34) == parent.swarmCertificateHash256) || (msg.substring(2, 50) == parent.swarmCertificateHash384)) { obj.useSwarmCert = true; }
+            } else if (cmd == 30) {
+                // Agent Commit Date. This is future proofing. Can be used to change server behavior depending on the date range of the agent.
+                //console.log('Connected Agent Commit Date: ' + msg.substring(2) + ", " + Date.parse(msg.substring(2)));
            }
        }
    });
@ -531,11 +542,13 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
            //console.log('Agent disconnect ' + obj.nodeid + ' (' + obj.remoteaddrport + ') id=' + agentId);
            parent.parent.debug('agent', 'Agent disconnect ' + obj.nodeid + ' (' + obj.remoteaddrport + ') id=' + agentId);

-            // Log the agent disconnection
-            if (parent.wsagentsDisconnections[obj.nodeid] == null) {
-                parent.wsagentsDisconnections[obj.nodeid] = 1;
-            } else {
-                parent.wsagentsDisconnections[obj.nodeid] = ++parent.wsagentsDisconnections[obj.nodeid];
+            // Log the agent disconnection if we are not testing agent update
+            if (args.agentupdatetest !== true) {
+                if (parent.wsagentsDisconnections[obj.nodeid] == null) {
+                    parent.wsagentsDisconnections[obj.nodeid] = 1;
+                } else {
+                    parent.wsagentsDisconnections[obj.nodeid] = ++parent.wsagentsDisconnections[obj.nodeid];
+                }
            }
        }
        obj.close(0);
@ -1135,8 +1148,21 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
                    }
                case 'coreinfo':
                    {
-                        // Sent by the agent to update agent information
-                        ChangeAgentCoreInfo(command);
+                        if ((obj.agentCoreUpdate === true) && (obj.agentExeInfo != null)) {
+                            // Agent update. The recovery core was loaded in the agent, send a command to update the agent
+                            var cmd = { action: 'agentUpdate', url: obj.agentExeInfo.url, hash: obj.agentExeInfo.hashhex };
+                            // Add server TLS cert hash
+                            if (parent.parent.args.ignoreagenthashcheck !== true) {
+                                const tlsCertHash = parent.webCertificateFullHashs[domain.id];
+                                if (tlsCertHash != null) { cmd.servertlshash = Buffer.from(tlsCertHash, 'binary').toString('hex'); }
+                            }
+                            // Send the agent update command
+                            obj.send(JSON.stringify(cmd));
+                            delete obj.agentCoreUpdate;
+                        } else {
+                            // Sent by the agent to update agent information
+                            ChangeAgentCoreInfo(command);
+                        }
                        break;
                    }
                case 'smbios':
@ -1664,13 +1690,19 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
    }

    // Check if we need to update this agent, return true if agent binary update required.
+    // Return 0 is no update needed, 1 update using native system, 2 update using meshcore system
    function compareAgentBinaryHash(agentExeInfo, agentHash) {
+        // If we are testing the agent update system, always return true
+        if ((args.agentupdatetest === true) || (args.agentupdatetest === 1)) return 1;
+        if (args.agentupdatetest === 2) return 2;
        // If the hash matches or is null, no update required.
-        if ((agentExeInfo.hash == agentHash) || (agentHash == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0')) return false;
+        if ((agentExeInfo.hash == agentHash) || (agentHash == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0')) return 0;
        // If this is a macOS x86 or ARM agent type and it matched the universal binary, no update required.
-        if (((agentExeInfo.id == 16) || (agentExeInfo.id == 29)) && (parent.parent.meshAgentBinaries[10005].hash == agentHash)) return false;
+        if (((agentExeInfo.id == 16) || (agentExeInfo.id == 29)) && (parent.parent.meshAgentBinaries[10005].hash == agentHash)) return 0;
+
        // No match, update the agent.
-        return true;
+        if ((agentExeInfo.id == 3) && (agentExeInfo.id == 4)) return 2; // For Windows agents, use the meshcore update technique.
+        return 1; // For all other agents, use the native update technique.
    }

    // Request that the core dump file on this agent be uploaded to the server
--- a/meshcentral.js
+++ b/meshcentral.js
@ -138,7 +138,7 @@ function CreateMeshCentralServer(config, args) {
        try { require('./pass').hash('test', function () { }, 0); } catch (e) { console.log('Old version of node, must upgrade.'); return; } // TODO: Not sure if this test works or not.

        // Check for invalid arguments
-        var validArguments = ['_', 'user', 'port', 'aliasport', 'mpsport', 'mpsaliasport', 'redirport', 'rediraliasport', 'cert', 'mpscert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'showitem', 'listuserids', 'showusergroups', 'shownodes', 'showallmeshes', 'showmeshes', 'showevents', 'showsmbios', 'showpower', 'clearpower', 'showiplocations', 'help', 'exactports', 'xinstall', 'xuninstall', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbexportmin', 'dbimport', 'dbmerge', 'dbfix', 'dbencryptkey', 'selfupdate', 'tlsoffload', 'userallowedip', 'userblockedip', 'swarmallowedip', 'agentallowedip', 'agentblockedip', 'fastcert', 'swarmport', 'logintoken', 'logintokenkey', 'logintokengen', 'mailtokengen', 'admin', 'unadmin', 'sessionkey', 'sessiontime', 'minify', 'minifycore', 'dblistconfigfiles', 'dbshowconfigfile', 'dbpushconfigfiles', 'dbpullconfigfiles', 'dbdeleteconfigfiles', 'vaultpushconfigfiles', 'vaultpullconfigfiles', 'vaultdeleteconfigfiles', 'configkey', 'loadconfigfromdb', 'npmpath', 'serverid', 'recordencryptionrecode', 'vault', 'token', 'unsealkey', 'name', 'log', 'dbstats', 'translate', 'createaccount', 'resetaccount', 'pass', 'adminaccount', 'removeaccount', 'domain', 'email', 'configfile', 'maintenancemode', 'nedbtodb', 'removetestagents'];
+        var validArguments = ['_', 'user', 'port', 'aliasport', 'mpsport', 'mpsaliasport', 'redirport', 'rediraliasport', 'cert', 'mpscert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'showitem', 'listuserids', 'showusergroups', 'shownodes', 'showallmeshes', 'showmeshes', 'showevents', 'showsmbios', 'showpower', 'clearpower', 'showiplocations', 'help', 'exactports', 'xinstall', 'xuninstall', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbexportmin', 'dbimport', 'dbmerge', 'dbfix', 'dbencryptkey', 'selfupdate', 'tlsoffload', 'userallowedip', 'userblockedip', 'swarmallowedip', 'agentallowedip', 'agentblockedip', 'fastcert', 'swarmport', 'logintoken', 'logintokenkey', 'logintokengen', 'mailtokengen', 'admin', 'unadmin', 'sessionkey', 'sessiontime', 'minify', 'minifycore', 'dblistconfigfiles', 'dbshowconfigfile', 'dbpushconfigfiles', 'dbpullconfigfiles', 'dbdeleteconfigfiles', 'vaultpushconfigfiles', 'vaultpullconfigfiles', 'vaultdeleteconfigfiles', 'configkey', 'loadconfigfromdb', 'npmpath', 'serverid', 'recordencryptionrecode', 'vault', 'token', 'unsealkey', 'name', 'log', 'dbstats', 'translate', 'createaccount', 'resetaccount', 'pass', 'adminaccount', 'removeaccount', 'domain', 'email', 'configfile', 'maintenancemode', 'nedbtodb', 'removetestagents', 'agentupdatetest'];
        for (var arg in obj.args) { obj.args[arg.toLocaleLowerCase()] = obj.args[arg]; if (validArguments.indexOf(arg.toLocaleLowerCase()) == -1) { console.log('Invalid argument "' + arg + '", use --help.'); return; } }
        if (obj.args.mongodb == true) { console.log('Must specify: --mongodb [connectionstring] \r\nSee https://docs.mongodb.com/manual/reference/connection-string/ for MongoDB connection string.'); return; }
        for (i in obj.config.settings) { obj.args[i] = obj.config.settings[i]; } // Place all settings into arguments, arguments have already been placed into settings so arguments take precedence.