MeshCentral/meshagent.js

1479 lines
92 KiB
JavaScript
Raw Normal View History

2017-08-28 19:27:45 +03:00
/**
2018-01-04 23:15:21 +03:00
* @description MeshCentral MeshAgent communication module
2017-08-28 19:27:45 +03:00
* @author Ylian Saint-Hilaire & Bryan Roe
2020-01-03 05:30:12 +03:00
* @copyright Intel Corporation 2018-2020
2018-01-04 23:15:21 +03:00
* @license Apache-2.0
2017-08-28 19:27:45 +03:00
* @version v0.0.1
*/
2018-08-30 03:40:30 +03:00
/*xjslint node: true */
/*xjslint plusplus: true */
/*xjslint maxlen: 256 */
/*jshint node: true */
/*jshint strict: false */
/*jshint esversion: 6 */
"use strict";
2018-08-27 22:24:15 +03:00
2017-08-28 19:27:45 +03:00
// Construct a MeshAgent object, called upon connection
module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
2019-03-08 09:47:27 +03:00
const forge = parent.parent.certificateOperations.forge;
const common = parent.parent.common;
2019-05-02 01:02:03 +03:00
parent.agentStats.createMeshAgentCount++;
2019-03-08 09:47:27 +03:00
2017-08-28 19:27:45 +03:00
var obj = {};
obj.domain = domain;
2019-03-08 09:47:27 +03:00
obj.authenticated = 0;
2017-08-28 19:27:45 +03:00
obj.receivedCommands = 0;
obj.agentCoreCheck = 0;
2019-03-08 09:47:27 +03:00
obj.remoteaddr = (req.ip.startsWith('::ffff:')) ? (req.ip.substring(7)) : req.ip;
obj.remoteaddrport = obj.remoteaddr + ':' + ws._socket.remotePort;
obj.nonce = parent.crypto.randomBytes(48).toString('binary');
2019-06-18 01:20:47 +03:00
//ws._socket.setKeepAlive(true, 240000); // Set TCP keep alive, 4 minutes
if (args.agentidletimeout != 0) { ws._socket.setTimeout(args.agentidletimeout, function () { obj.close(1); }); } // Inactivity timeout of 2:30 minutes, by default agent will WebSocket ping every 2 minutes and server will pong back.
2019-03-08 09:47:27 +03:00
//obj.nodeid = null;
//obj.meshid = null;
//obj.dbNodeKey = null;
//obj.dbMeshKey = null;
//obj.connectTime = null;
//obj.agentInfo = null;
2017-08-28 19:27:45 +03:00
// Send a message to the mesh agent
obj.send = function (data, func) { try { if (typeof data == 'string') { ws.send(Buffer.from(data), func); } else { ws.send(data, func); } } catch (e) { } };
obj.sendBinary = function (data, func) { try { if (typeof data == 'string') { ws.send(Buffer.from(data, 'binary'), func); } else { ws.send(data, func); } } catch (e) { } };
2017-08-28 19:27:45 +03:00
// Disconnect this agent
obj.close = function (arg) {
if ((arg == 1) || (arg == null)) { try { ws.close(); if (obj.nodeid != null) { parent.parent.debug('agent', 'Soft disconnect ' + obj.nodeid + ' (' + obj.remoteaddrport + ')'); } } catch (e) { console.log(e); } } // Soft close, close the websocket
if (arg == 2) { try { ws._socket._parent.end(); if (obj.nodeid != null) { parent.parent.debug('agent', 'Hard disconnect ' + obj.nodeid + ' (' + obj.remoteaddrport + ')'); } } catch (e) { console.log(e); } } // Hard close, close the TCP socket
2019-02-26 04:30:19 +03:00
// If arg == 3, don't communicate with this agent anymore, but don't disconnect (Duplicate agent).
2019-04-10 20:41:10 +03:00
// Remove this agent from the webserver list
if (parent.wsagents[obj.dbNodeKey] == obj) {
delete parent.wsagents[obj.dbNodeKey];
parent.parent.ClearConnectivityState(obj.dbMeshKey, obj.dbNodeKey, 1);
}
// Remove this agent from the list of agents with bad web certificates
if (obj.badWebCert) { delete parent.wsagentsWithBadWebCerts[obj.badWebCert]; }
2019-04-10 20:41:10 +03:00
// Get the current mesh
const mesh = parent.meshes[obj.dbMeshKey];
// If this is a temporary or recovery agent, or all devices in this group are temporary, remove the agent (0x20 = Temporary, 0x40 = Recovery)
if (((obj.agentInfo) && (obj.agentInfo.capabilities) && ((obj.agentInfo.capabilities & 0x20) || (obj.agentInfo.capabilities & 0x40))) || ((mesh) && (mesh.flags) && (mesh.flags & 1))) {
// Delete this node including network interface information and events
db.Remove(obj.dbNodeKey); // Remove node with that id
db.Remove('if' + obj.dbNodeKey); // Remove interface information
db.Remove('nt' + obj.dbNodeKey); // Remove notes
db.Remove('lc' + obj.dbNodeKey); // Remove last connect time
db.Remove('si' + obj.dbNodeKey); // Remove system information
2019-04-10 20:41:10 +03:00
db.RemoveSMBIOS(obj.dbNodeKey); // Remove SMBios data
db.RemoveAllNodeEvents(obj.dbNodeKey); // Remove all events for this node
db.removeAllPowerEventsForNode(obj.dbNodeKey); // Remove all power events for this node
// Event node deletion
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(obj.dbMeshKey, [obj.dbNodeKey]), obj, { etype: 'node', action: 'removenode', nodeid: obj.dbNodeKey, domain: domain.id, nolog: 1 });
2019-04-10 20:41:10 +03:00
// Disconnect all connections if needed
const state = parent.parent.GetConnectivityState(obj.dbNodeKey);
if ((state != null) && (state.connectivity != null)) {
if ((state.connectivity & 1) != 0) { parent.wsagents[obj.dbNodeKey].close(); } // Disconnect mesh agent
if ((state.connectivity & 2) != 0) { parent.parent.mpsserver.close(parent.parent.mpsserver.ciraConnections[obj.dbNodeKey]); } // Disconnect CIRA connection
2018-04-12 21:15:01 +03:00
}
2019-04-10 20:41:10 +03:00
} else {
// Update the last connect time
if (obj.authenticated == 2) { db.Set({ _id: 'lc' + obj.dbNodeKey, type: 'lastconnect', domain: domain.id, time: obj.connectTime, addr: obj.remoteaddrport, cause: 1 }); }
2018-04-12 21:15:01 +03:00
}
// Set this agent as no longer authenticated
obj.authenticated = -1;
// If we where updating the agent, clean that up.
if (obj.agentUpdate != null) {
if (obj.agentUpdate.fd) { try { parent.fs.close(obj.agentUpdate.fd); } catch (ex) { } }
parent.parent.taskLimiter.completed(obj.agentUpdate.taskid); // Indicate this task complete
delete obj.agentUpdate.buf;
delete obj.agentUpdate;
}
// Perform timer cleanup
if (obj.pingtimer) { clearInterval(obj.pingtimer); delete obj.pingtimer; }
if (obj.pongtimer) { clearInterval(obj.pongtimer); delete obj.pongtimer; }
// Perform aggressive cleanup
if (obj.nonce) { delete obj.nonce; }
if (obj.nodeid) { delete obj.nodeid; }
if (obj.unauth) { delete obj.unauth; }
if (obj.remoteaddr) { delete obj.remoteaddr; }
if (obj.remoteaddrport) { delete obj.remoteaddrport; }
if (obj.meshid) { delete obj.meshid; }
if (obj.dbNodeKey) { delete obj.dbNodeKey; }
if (obj.dbMeshKey) { delete obj.dbMeshKey; }
if (obj.connectTime) { delete obj.connectTime; }
if (obj.agentInfo) { delete obj.agentInfo; }
if (obj.agentExeInfo) { delete obj.agentExeInfo; }
ws.removeAllListeners(['message', 'close', 'error']);
2018-08-30 03:40:30 +03:00
};
2017-08-28 19:27:45 +03:00
// When data is received from the mesh agent web socket
ws.on('message', function (msg) {
if (msg.length < 2) return;
if (typeof msg == 'object') { msg = msg.toString('binary'); } // TODO: Could change this entire method to use Buffer instead of binary string
2017-08-28 19:27:45 +03:00
if (obj.authenticated == 2) { // We are authenticated
if ((obj.agentUpdate == null) && (msg.charCodeAt(0) == 123)) { processAgentData(msg); } // Only process JSON messages if meshagent update is not in progress
2017-08-28 19:27:45 +03:00
if (msg.length < 2) return;
2019-03-08 09:47:27 +03:00
const cmdid = common.ReadShort(msg, 0);
2017-08-28 19:27:45 +03:00
if (cmdid == 11) { // MeshCommand_CoreModuleHash
if (msg.length == 4) { ChangeAgentCoreInfo({ 'caps': 0 }); } // If the agent indicated that no core is running, clear the core information string.
2017-08-28 19:27:45 +03:00
// Mesh core hash, sent by agent with the hash of the current mesh core.
2019-10-28 20:35:58 +03:00
// If we are performing an agent update, don't update the core.
if (obj.agentUpdate != null) { return; }
// If we are using a custom core, don't try to update it.
if (obj.agentCoreCheck == 1000) {
obj.sendBinary(common.ShortToStr(16) + common.ShortToStr(0)); // MeshCommand_CoreOk. Indicates to the agent that the core is ok. Start it if it's not already started.
agentCoreIsStable();
return;
}
2018-12-30 02:24:33 +03:00
// Get the current meshcore hash
const agentMeshCoreHash = (msg.length == 52) ? msg.substring(4, 52) : null;
2019-03-08 09:47:27 +03:00
// If the agent indicates this is a custom core, we are done.
if ((agentMeshCoreHash != null) && (agentMeshCoreHash == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0')) {
obj.agentCoreCheck = 0;
obj.sendBinary(common.ShortToStr(16) + common.ShortToStr(0)); // MeshCommand_CoreOk. Indicates to the agent that the core is ok. Start it if it's not already started.
agentCoreIsStable();
return;
}
2019-03-08 09:47:27 +03:00
// We need to check if the core is current. Figure out what core we need.
var corename = null;
if (parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId] != null) {
if (obj.agentCoreCheck == 1001) {
// If the user asked, use the recovery core.
corename = parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].rcore;
} else if (obj.agentInfo.capabilities & 0x40) {
// If this is a recovery agent, use the agent recovery core.
corename = parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].arcore;
} else {
// This is the normal core for this agent type.
corename = parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].core;
}
2019-03-08 09:47:27 +03:00
}
// If we have a core, use it.
2018-12-30 02:24:33 +03:00
if (corename != null) {
2019-03-08 09:47:27 +03:00
const meshcorehash = parent.parent.defaultMeshCoresHash[corename];
2018-12-30 02:24:33 +03:00
if (agentMeshCoreHash != meshcorehash) {
2019-01-22 01:05:50 +03:00
if ((obj.agentCoreCheck < 5) || (obj.agentCoreCheck == 1001)) {
2018-12-30 02:24:33 +03:00
if (meshcorehash == null) {
2019-01-18 02:07:34 +03:00
// Clear the core
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0)); // MeshCommand_CoreModule, ask mesh agent to clear the core
2019-05-02 01:02:03 +03:00
parent.agentStats.clearingCoreCount++;
parent.parent.debug('agent', "Clearing core");
2018-12-30 02:24:33 +03:00
} else {
// Update new core
//obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + meshcorehash + parent.parent.defaultMeshCores[corename]); // MeshCommand_CoreModule, start core update
//parent.parent.debug('agent', 'Updating code ' + corename);
2019-02-09 01:17:35 +03:00
// Update new core with task limiting so not to flood the server. This is a high priority task.
obj.agentCoreUpdatePending = true;
2019-03-08 09:47:27 +03:00
parent.parent.taskLimiter.launch(function (argument, taskid, taskLimiterQueue) {
2019-02-26 04:30:19 +03:00
if (obj.authenticated == 2) {
// Send the updated code.
2019-03-08 09:47:27 +03:00
delete obj.agentCoreUpdatePending;
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + argument.hash + argument.core, function () { parent.parent.taskLimiter.completed(taskid); }); // MeshCommand_CoreModule, start core update
2019-05-02 01:02:03 +03:00
parent.agentStats.updatingCoreCount++;
parent.parent.debug('agent', "Updating core " + argument.name);
2019-02-26 04:30:19 +03:00
agentCoreIsStable();
} else {
// This agent is probably disconnected, nothing to do.
2019-03-08 09:47:27 +03:00
parent.parent.taskLimiter.completed(taskid);
2019-02-26 04:30:19 +03:00
}
2019-03-08 09:47:27 +03:00
}, { hash: meshcorehash, core: parent.parent.defaultMeshCores[corename], name: corename }, 0);
2018-12-30 02:24:33 +03:00
}
obj.agentCoreCheck++;
}
} else {
obj.agentCoreCheck = 0;
obj.sendBinary(common.ShortToStr(16) + common.ShortToStr(0)); // MeshCommand_CoreOk. Indicates to the agent that the core is ok. Start it if it's not already started.
agentCoreIsStable(); // No updates needed, agent is ready to go.
2018-12-30 02:24:33 +03:00
}
}
/*
2017-08-28 19:27:45 +03:00
// TODO: Check if we have a mesh specific core. If so, use that.
var agentMeshCoreHash = null;
if (msg.length == 52) { agentMeshCoreHash = msg.substring(4, 52); }
2019-03-08 09:47:27 +03:00
if ((agentMeshCoreHash != parent.parent.defaultMeshCoreHash) && (agentMeshCoreHash != parent.parent.defaultMeshCoreNoMeiHash)) {
2017-08-28 19:27:45 +03:00
if (obj.agentCoreCheck < 5) { // This check is in place to avoid a looping core update.
2019-03-08 09:47:27 +03:00
if (parent.parent.defaultMeshCoreHash == null) {
2017-08-28 19:27:45 +03:00
// Update no core
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0)); // Command 10, ask mesh agent to clear the core
2017-08-28 19:27:45 +03:00
} else {
// Update new core
if ((parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId] != null) && (parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].amt == true)) {
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + parent.parent.defaultMeshCoreHash + parent.parent.defaultMeshCore); // Command 10, ask mesh agent to set the core (with MEI support)
} else {
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + parent.parent.defaultMeshCoreNoMeiHash + parent.parent.defaultMeshCoreNoMei); // Command 10, ask mesh agent to set the core (No MEI)
}
2017-08-28 19:27:45 +03:00
}
obj.agentCoreCheck++;
}
} else {
obj.agentCoreCheck = 0;
}
2018-12-30 02:24:33 +03:00
*/
2017-08-28 19:27:45 +03:00
}
else if (cmdid == 12) { // MeshCommand_AgentHash
if ((msg.length == 52) && (obj.agentExeInfo != null) && (obj.agentExeInfo.update == true)) {
2019-03-08 09:47:27 +03:00
const agenthash = msg.substring(4);
if ((agenthash != obj.agentExeInfo.hash) && (agenthash != '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0')) {
2019-02-09 01:17:35 +03:00
// Mesh agent update required, do it using task limiter so not to flood the network. Medium priority task.
2019-03-08 09:47:27 +03:00
parent.parent.taskLimiter.launch(function (argument, taskid, taskLimiterQueue) {
if (obj.authenticated != 2) { parent.parent.taskLimiter.completed(taskid); return; } // If agent disconnection, complete and exit now.
if (obj.nodeid != null) { parent.parent.debug('agent', "Agent update required, NodeID=0x" + obj.nodeid.substring(0, 16) + ', ' + obj.agentExeInfo.desc); }
parent.agentStats.agentBinaryUpdate++;
if (obj.agentExeInfo.data == null) {
// Read the agent from disk
2019-03-08 09:47:27 +03:00
parent.fs.open(obj.agentExeInfo.path, 'r', function (err, fd) {
if (obj.agentExeInfo == null) return; // Agent disconnected during this call.
2019-10-28 20:35:58 +03:00
if (err) { parent.parent.debug('agentupdate', "ERROR: " + err); return console.error(err); }
obj.agentUpdate = { ptr: 0, buf: Buffer.alloc(parent.parent.agentUpdateBlockSize + 4), fd: fd, taskid: taskid };
// MeshCommand_CoreModule, ask mesh agent to clear the core.
// The new core will only be sent after the agent updates.
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0));
// We got the agent file open on the server side, tell the agent we are sending an update starting with the SHA384 hash of the result
//console.log("Agent update file open.");
obj.sendBinary(common.ShortToStr(13) + common.ShortToStr(0)); // Command 13, start mesh agent download
// Send the first mesh agent update data block
obj.agentUpdate.buf[0] = 0;
obj.agentUpdate.buf[1] = 14;
obj.agentUpdate.buf[2] = 0;
obj.agentUpdate.buf[3] = 1;
parent.fs.read(obj.agentUpdate.fd, obj.agentUpdate.buf, 4, parent.parent.agentUpdateBlockSize, obj.agentUpdate.ptr, function (err, bytesRead, buffer) {
2019-03-08 09:47:27 +03:00
if ((err != null) || (bytesRead == 0)) {
// Error reading the agent file, stop here.
try { parent.fs.close(obj.agentUpdate.fd); } catch (ex) { }
parent.parent.taskLimiter.completed(obj.agentUpdate.taskid); // Indicate this task complete
2019-10-28 20:35:58 +03:00
parent.parent.debug('agentupdate', "ERROR: Unable to read first block of agent binary from disk.");
delete obj.agentUpdate.buf;
2019-03-08 09:47:27 +03:00
delete obj.agentUpdate;
} else {
// Send the first block to the agent
obj.agentUpdate.ptr += bytesRead;
2019-10-28 20:35:58 +03:00
parent.parent.debug('agentupdate', "Sent first block of " + bytesRead + " bytes from disk.");
obj.sendBinary(obj.agentUpdate.buf); // Command 14, mesh agent first data block
2019-03-08 09:47:27 +03:00
}
});
});
} else {
// Send the agent from RAM
obj.agentUpdate = { ptr: 0, buf: Buffer.alloc(parent.parent.agentUpdateBlockSize + 4), taskid: taskid };
// MeshCommand_CoreModule, ask mesh agent to clear the core.
// The new core will only be sent after the agent updates.
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0));
// We got the agent file open on the server side, tell the agent we are sending an update starting with the SHA384 hash of the result
obj.sendBinary(common.ShortToStr(13) + common.ShortToStr(0)); // Command 13, start mesh agent download
// Send the first mesh agent update data block
obj.agentUpdate.buf[0] = 0;
obj.agentUpdate.buf[1] = 14;
obj.agentUpdate.buf[2] = 0;
obj.agentUpdate.buf[3] = 1;
const len = Math.min(parent.parent.agentUpdateBlockSize, obj.agentExeInfo.data.length - obj.agentUpdate.ptr);
if (len > 0) {
// Send the first block
obj.agentExeInfo.data.copy(obj.agentUpdate.buf, 4, obj.agentUpdate.ptr, obj.agentUpdate.ptr + len);
obj.agentUpdate.ptr += len;
obj.sendBinary(obj.agentUpdate.buf); // Command 14, mesh agent first data block
2019-10-28 20:35:58 +03:00
parent.parent.debug('agentupdate', "Sent first block of " + len + " bytes from RAM.");
} else {
// Error
2019-10-28 20:35:58 +03:00
parent.parent.debug('agentupdate', "ERROR: Len of " + len + " is invalid.");
2019-03-08 09:47:27 +03:00
parent.parent.taskLimiter.completed(obj.agentUpdate.taskid); // Indicate this task complete
delete obj.agentUpdate.buf;
2019-03-08 09:47:27 +03:00
delete obj.agentUpdate;
}
}
2019-02-09 01:17:35 +03:00
}, null, 1);
2019-01-22 01:05:50 +03:00
} else {
// Check the mesh core, if the agent is capable of running one
2019-03-08 09:47:27 +03:00
if (((obj.agentInfo.capabilities & 16) != 0) && (parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].core != null)) {
obj.sendBinary(common.ShortToStr(11) + common.ShortToStr(0)); // Command 11, ask for mesh core hash.
}
2017-08-28 19:27:45 +03:00
}
}
}
else if (cmdid == 14) { // MeshCommand_AgentBinaryBlock
if ((msg.length == 4) && (obj.agentUpdate != null)) {
2019-03-08 09:47:27 +03:00
const status = common.ReadShort(msg, 2);
2017-08-28 19:27:45 +03:00
if (status == 1) {
if (obj.agentExeInfo.data == null) {
// Read the agent from disk
parent.fs.read(obj.agentUpdate.fd, obj.agentUpdate.buf, 4, parent.parent.agentUpdateBlockSize, obj.agentUpdate.ptr, function (err, bytesRead, buffer) {
if ((obj.agentExeInfo == null) || (obj.agentUpdate == null)) return; // Agent disconnected during this async call.
2019-03-08 09:47:27 +03:00
if ((err != null) || (bytesRead < 0)) {
// Error reading the agent file, stop here.
2019-10-28 20:35:58 +03:00
parent.parent.debug('agentupdate', "ERROR: Unable to read agent #" + obj.agentExeInfo.id + " binary from disk.");
2019-03-08 09:47:27 +03:00
try { parent.fs.close(obj.agentUpdate.fd); } catch (ex) { }
parent.parent.taskLimiter.completed(obj.agentUpdate.taskid); // Indicate this task complete
delete obj.agentUpdate.buf;
2019-03-08 09:47:27 +03:00
delete obj.agentUpdate;
} else {
// Send the next block to the agent
2019-10-28 20:35:58 +03:00
parent.parent.debug('agentupdate', "Sending disk agent #" + obj.agentExeInfo.id + " block, ptr=" + obj.agentUpdate.ptr + ", len=" + bytesRead + ".");
2019-03-08 09:47:27 +03:00
obj.agentUpdate.ptr += bytesRead;
if (bytesRead == parent.parent.agentUpdateBlockSize) { obj.sendBinary(obj.agentUpdate.buf); } else { obj.sendBinary(obj.agentUpdate.buf.slice(0, bytesRead + 4)); } // Command 14, mesh agent next data block
if ((bytesRead < parent.parent.agentUpdateBlockSize) || (obj.agentUpdate.ptr == obj.agentExeInfo.size)) {
2019-10-28 20:35:58 +03:00
parent.parent.debug('agentupdate', "Completed agent #" + obj.agentExeInfo.id + " update from disk, ptr=" + obj.agentUpdate.ptr + ".");
obj.sendBinary(common.ShortToStr(13) + common.ShortToStr(0) + obj.agentExeInfo.hash); // Command 13, end mesh agent download, send agent SHA384 hash
2019-03-08 09:47:27 +03:00
try { parent.fs.close(obj.agentUpdate.fd); } catch (ex) { }
parent.parent.taskLimiter.completed(obj.agentUpdate.taskid); // Indicate this task complete
delete obj.agentUpdate.buf;
2019-03-08 09:47:27 +03:00
delete obj.agentUpdate;
}
}
2019-03-08 09:47:27 +03:00
});
2017-08-28 19:27:45 +03:00
} else {
// Send the agent from RAM
const len = Math.min(parent.parent.agentUpdateBlockSize, obj.agentExeInfo.data.length - obj.agentUpdate.ptr);
if (len > 0) {
obj.agentExeInfo.data.copy(obj.agentUpdate.buf, 4, obj.agentUpdate.ptr, obj.agentUpdate.ptr + len);
if (len == parent.parent.agentUpdateBlockSize) { obj.sendBinary(obj.agentUpdate.buf); } else { obj.sendBinary(obj.agentUpdate.buf.slice(0, len + 4)); } // Command 14, mesh agent next data block
2019-10-28 20:35:58 +03:00
parent.parent.debug('agentupdate', "Sending RAM agent #" + obj.agentExeInfo.id + " block, ptr=" + obj.agentUpdate.ptr + ", len=" + len + ".");
obj.agentUpdate.ptr += len;
}
2017-08-28 19:27:45 +03:00
if (obj.agentUpdate.ptr == obj.agentExeInfo.data.length) {
2019-10-28 20:35:58 +03:00
parent.parent.debug('agentupdate', "Completed agent #" + obj.agentExeInfo.id + " update from RAM, ptr=" + obj.agentUpdate.ptr + ".");
obj.sendBinary(common.ShortToStr(13) + common.ShortToStr(0) + obj.agentExeInfo.hash); // Command 13, end mesh agent download, send agent SHA384 hash
2019-03-08 09:47:27 +03:00
parent.parent.taskLimiter.completed(obj.agentUpdate.taskid); // Indicate this task complete
delete obj.agentUpdate.buf;
2019-03-08 09:47:27 +03:00
delete obj.agentUpdate;
2017-08-28 19:27:45 +03:00
}
}
}
}
}
else if (cmdid == 15) { // MeshCommand_AgentTag
var tag = msg.substring(2);
while (tag.charCodeAt(tag.length - 1) == 0) { tag = tag.substring(0, tag.length - 1); } // Remove end-of-line zeros.
ChangeAgentTag(tag);
2017-08-28 19:27:45 +03:00
}
} else if (obj.authenticated < 2) { // We are not authenticated
2020-01-30 01:38:41 +03:00
// Check if this is a un-authenticated JSON
if (msg.charCodeAt(0) == 123) {
var str = msg.toString('utf8'), command = null;
if (str[0] == '{') {
try { command = JSON.parse(str); } catch (ex) { } // If the command can't be parsed, ignore it.
if ((command != null) && (command.action === 'agentName') && (typeof command.value == 'string') && (command.value.length > 0) && (command.value.length < 256)) { obj.agentName = command.value; }
}
return;
}
2019-03-08 09:47:27 +03:00
const cmd = common.ReadShort(msg, 0);
2017-08-28 19:27:45 +03:00
if (cmd == 1) {
// Agent authentication request
if ((msg.length != 98) || ((obj.receivedCommands & 1) != 0)) return;
2017-08-28 19:27:45 +03:00
obj.receivedCommands += 1; // Agent can't send the same command twice on the same connection ever. Block DOS attack path.
2019-03-08 09:47:27 +03:00
if (args.ignoreagenthashcheck === true) {
// Send the agent web hash back to the agent
obj.sendBinary(common.ShortToStr(1) + msg.substring(2, 50) + obj.nonce); // Command 1, hash + nonce. Use the web hash given by the agent.
} else {
// Check that the server hash matches our own web certificate hash (SHA384)
2019-03-08 09:47:27 +03:00
if ((getWebCertHash(domain) != msg.substring(2, 50)) && (getWebCertFullHash(domain) != msg.substring(2, 50))) {
if (parent.parent.supportsProxyCertificatesRequest !== false) {
obj.badWebCert = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64');
parent.wsagentsWithBadWebCerts[obj.badWebCert] = obj; // Add this agent to the list of of agents with bad web certificates.
2019-10-30 02:31:03 +03:00
parent.parent.updateProxyCertificates(false);
}
2019-05-02 01:02:03 +03:00
parent.agentStats.agentBadWebCertHashCount++;
2020-03-19 23:42:37 +03:00
console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (Buffer.from(getWebCertHash(domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (Buffer.from(getWebCertFullHash(domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').');
console.log('Agent reported web cert hash:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex')) + '.');
return;
}
}
2017-08-28 19:27:45 +03:00
// Use our server private key to sign the ServerHash + AgentNonce + ServerNonce
obj.agentnonce = msg.substring(50, 98);
// Check if we got the agent auth confirmation
if ((obj.receivedCommands & 8) == 0) {
// If we did not get an indication that the agent already validated this server, send the server signature.
if (obj.useSwarmCert == true) {
// Perform the hash signature using older swarm server certificate
parent.parent.certificateOperations.acceleratorPerformSignature(1, msg.substring(2) + obj.nonce, null, function (tag, signature) {
// Send back our certificate + signature
2019-08-13 23:55:25 +03:00
obj.sendBinary(common.ShortToStr(2) + common.ShortToStr(parent.swarmCertificateAsn1.length) + parent.swarmCertificateAsn1 + signature); // Command 2, certificate + signature
});
} else {
// Perform the hash signature using the server agent certificate
parent.parent.certificateOperations.acceleratorPerformSignature(0, msg.substring(2) + obj.nonce, null, function (tag, signature) {
// Send back our certificate + signature
2019-08-13 23:55:25 +03:00
obj.sendBinary(common.ShortToStr(2) + common.ShortToStr(parent.agentCertificateAsn1.length) + parent.agentCertificateAsn1 + signature); // Command 2, certificate + signature
});
}
}
2017-08-28 19:27:45 +03:00
// Check the agent signature if we can
if (obj.unauthsign != null) {
2019-05-02 01:02:03 +03:00
if (processAgentSignature(obj.unauthsign) == false) {
parent.agentStats.agentBadSignature1Count++;
console.log('Agent connected with bad signature, holding connection (' + obj.remoteaddrport + ').'); return;
} else { completeAgentConnection(); }
2017-08-28 19:27:45 +03:00
}
}
else if (cmd == 2) {
// Agent certificate
if ((msg.length < 4) || ((obj.receivedCommands & 2) != 0)) return;
obj.receivedCommands += 2; // Agent can't send the same command twice on the same connection ever. Block DOS attack path.
// Decode the certificate
2019-03-08 09:47:27 +03:00
const certlen = common.ReadShort(msg, 2);
2017-08-28 19:27:45 +03:00
obj.unauth = {};
2019-03-08 09:47:27 +03:00
try { obj.unauth.nodeid = Buffer.from(forge.pki.getPublicKeyFingerprint(forge.pki.certificateFromAsn1(forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { md: forge.md.sha384.create() }).data, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (ex) { console.log(ex); return; }
obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + Buffer.from(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----';
2017-08-28 19:27:45 +03:00
// Check the agent signature if we can
2019-05-02 01:02:03 +03:00
if (obj.agentnonce == null) { obj.unauthsign = msg.substring(4 + certlen); } else {
if (processAgentSignature(msg.substring(4 + certlen)) == false) {
parent.agentStats.agentBadSignature2Count++;
console.log('Agent connected with bad signature, holding connection (' + obj.remoteaddrport + ').'); return;
}
}
2017-08-28 19:27:45 +03:00
completeAgentConnection();
}
else if (cmd == 3) {
// Agent meshid
2020-01-30 01:38:41 +03:00
if ((msg.length < 70) || ((obj.receivedCommands & 4) != 0)) return;
2017-08-28 19:27:45 +03:00
obj.receivedCommands += 4; // Agent can't send the same command twice on the same connection ever. Block DOS attack path.
// Set the meshid
obj.agentInfo = {};
2019-03-08 09:47:27 +03:00
obj.agentInfo.infoVersion = common.ReadInt(msg, 2);
obj.agentInfo.agentId = common.ReadInt(msg, 6);
obj.agentInfo.agentVersion = common.ReadInt(msg, 10);
obj.agentInfo.platformType = common.ReadInt(msg, 14);
2017-10-17 06:11:03 +03:00
if (obj.agentInfo.platformType > 6 || obj.agentInfo.platformType < 1) { obj.agentInfo.platformType = 1; }
if (msg.substring(50, 66) == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0') {
obj.meshid = Buffer.from(msg.substring(18, 50), 'binary').toString('hex'); // Older HEX MeshID
} else {
obj.meshid = Buffer.from(msg.substring(18, 66), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // New Base64 MeshID
}
//console.log('MeshID', obj.meshid);
2019-03-08 09:47:27 +03:00
obj.agentInfo.capabilities = common.ReadInt(msg, 66);
2020-01-30 01:38:41 +03:00
if (msg.length > 70) {
const computerNameLen = common.ReadShort(msg, 70);
obj.agentInfo.computerName = Buffer.from(msg.substring(72, 72 + computerNameLen), 'binary').toString('utf8');
//console.log('computerName', msg.length, computerNameLen, obj.agentInfo.computerName);
} else {
obj.agentInfo.computerName = '';
//console.log('computerName-none');
}
2019-03-08 09:47:27 +03:00
obj.dbMeshKey = 'mesh/' + domain.id + '/' + obj.meshid;
2017-08-28 19:27:45 +03:00
completeAgentConnection();
} else if (cmd == 4) {
if ((msg.length < 2) || ((obj.receivedCommands & 8) != 0)) return;
obj.receivedCommands += 8; // Agent can't send the same command twice on the same connection ever. Block DOS attack path.
// Agent already authenticated the server, wants to skip the server signature - which is great for server performance.
} else if (cmd == 5) {
// ServerID. Agent is telling us what serverid it expects. Useful if we have many server certificates.
2019-03-08 09:47:27 +03:00
if ((msg.substring(2, 34) == parent.swarmCertificateHash256) || (msg.substring(2, 50) == parent.swarmCertificateHash384)) { obj.useSwarmCert = true; }
2017-08-28 19:27:45 +03:00
}
}
});
// If error, do nothing
ws.on('error', function (err) { console.log('AGENT WSERR: ' + err); obj.close(0); });
2017-08-28 19:27:45 +03:00
// If the mesh agent web socket is closed, clean up.
2019-01-23 04:47:51 +03:00
ws.on('close', function (req) {
parent.agentStats.agentClose++;
2019-01-23 04:47:51 +03:00
if (obj.nodeid != null) {
2019-03-08 09:47:27 +03:00
const agentId = (obj.agentInfo && obj.agentInfo.agentId) ? obj.agentInfo.agentId : 'Unknown';
2019-02-13 00:37:01 +03:00
//console.log('Agent disconnect ' + obj.nodeid + ' (' + obj.remoteaddrport + ') id=' + agentId);
parent.parent.debug('agent', 'Agent disconnect ' + obj.nodeid + ' (' + obj.remoteaddrport + ') id=' + agentId);
// Log the agent disconnection
2019-03-08 09:47:27 +03:00
if (parent.wsagentsDisconnections[obj.nodeid] == null) {
parent.wsagentsDisconnections[obj.nodeid] = 1;
} else {
2019-03-08 09:47:27 +03:00
parent.wsagentsDisconnections[obj.nodeid] = ++parent.wsagentsDisconnections[obj.nodeid];
}
2019-01-23 04:47:51 +03:00
}
obj.close(0);
});
2017-08-28 19:27:45 +03:00
// Start authenticate the mesh agent by sending a auth nonce & server TLS cert hash.
// Send 384 bits SHA384 hash of TLS cert public key + 384 bits nonce
2019-03-08 09:47:27 +03:00
if (args.ignoreagenthashcheck !== true) {
obj.sendBinary(common.ShortToStr(1) + getWebCertHash(domain) + obj.nonce); // Command 1, hash + nonce
}
2017-08-28 19:27:45 +03:00
// Return the mesh for this device, in some cases, we may auto-create the mesh.
function getMeshAutoCreate() {
2019-03-18 05:34:52 +03:00
var mesh = parent.meshes[obj.dbMeshKey];
2019-10-04 21:38:47 +03:00
// If the mesh was not found and we are in LAN mode, check of the domain can be corrected
if ((args.lanonly == true) && (mesh == null)) {
var smesh = obj.dbMeshKey.split('/');
for (var i in parent.parent.config.domains) {
mesh = parent.meshes['mesh/' + i + '/' + smesh[2]];
if (mesh != null) {
obj.domain = domain = parent.parent.config.domains[i];
obj.meshid = smesh[2];
obj.dbMeshKey = 'mesh/' + i + '/' + smesh[2];
obj.dbNodeKey = 'node/' + domain.id + '/' + obj.nodeid;
break;
}
}
}
2019-03-08 09:47:27 +03:00
if ((mesh == null) && (typeof domain.orphanagentuser == 'string')) {
const adminUser = parent.users['user/' + domain.id + '/' + domain.orphanagentuser.toLowerCase()];
if ((adminUser != null) && (adminUser.siteadmin == 0xFFFFFFFF)) {
// Mesh name is hex instead of base64
2019-03-08 09:47:27 +03:00
const meshname = obj.meshid.substring(0, 18);
// Create a new mesh for this device
2019-03-08 09:47:27 +03:00
const links = {};
links[adminUser._id] = { name: adminUser.name, rights: 0xFFFFFFFF };
mesh = { type: 'mesh', _id: obj.dbMeshKey, name: meshname, mtype: 2, desc: '', domain: domain.id, links: links };
db.Set(mesh);
2019-03-08 09:47:27 +03:00
parent.meshes[obj.dbMeshKey] = mesh;
2019-02-15 02:53:22 +03:00
if (adminUser.links == null) adminUser.links = {};
adminUser.links[obj.dbMeshKey] = { rights: 0xFFFFFFFF };
2019-03-08 09:47:27 +03:00
db.SetUser(adminUser);
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(obj.dbMeshKey, [adminUser._id, obj.dbNodeKey]), obj, { etype: 'mesh', username: adminUser.name, meshid: obj.dbMeshKey, name: meshname, mtype: 2, desc: '', action: 'createmesh', links: links, msg: 'Mesh created: ' + obj.meshid, domain: domain.id });
}
2019-02-19 01:32:55 +03:00
} else {
if ((mesh != null) && (mesh.deleted != null) && (mesh.links)) {
2019-02-19 01:32:55 +03:00
// Must un-delete this mesh
var ids = parent.CreateMeshDispatchTargets(mesh._id, [obj.dbNodeKey]);
2019-02-19 01:32:55 +03:00
// See if users still exists, if so, add links to the mesh
for (var userid in mesh.links) {
2019-03-08 09:47:27 +03:00
const user = parent.users[userid];
2019-02-19 01:32:55 +03:00
if (user) {
if (user.links == null) { user.links = {}; }
if (user.links[mesh._id] == null) {
user.links[mesh._id] = { rights: mesh.links[userid].rights };
ids.push(user._id);
2019-03-08 09:47:27 +03:00
db.SetUser(user);
2019-02-19 01:32:55 +03:00
}
}
}
// Send out an event indicating this mesh was "created"
parent.parent.DispatchEvent(ids, obj, { etype: 'mesh', meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'createmesh', links: mesh.links, msg: 'Mesh undeleted: ' + mesh._id, domain: domain.id });
2019-02-19 01:32:55 +03:00
// Mark the mesh as active
delete mesh.deleted;
db.Set(mesh);
2019-02-19 01:32:55 +03:00
}
}
return mesh;
}
// Send a PING/PONG message
function sendPing() { obj.send('{"action":"ping"}'); }
function sendPong() { obj.send('{"action":"pong"}'); }
2017-08-28 19:27:45 +03:00
// Once we get all the information about an agent, run this to hook everything up to the server
function completeAgentConnection() {
2019-03-10 21:47:03 +03:00
if ((obj.authenticated != 1) || (obj.meshid == null) || obj.pendingCompleteAgentConnection || (obj.agentInfo == null)) { return; }
obj.pendingCompleteAgentConnection = true;
// Setup the agent PING/PONG timers
if ((typeof args.agentping == 'number') && (obj.pingtimer == null)) { obj.pingtimer = setInterval(sendPing, args.agentping * 1000); }
else if ((typeof args.agentpong == 'number') && (obj.pongtimer == null)) { obj.pongtimer = setInterval(sendPong, args.agentpong * 1000); }
2019-04-10 20:41:10 +03:00
// If this is a recovery agent
2019-04-10 01:51:05 +03:00
if (obj.agentInfo.capabilities & 0x40) {
2019-04-10 20:41:10 +03:00
// Inform mesh agent that it's authenticated.
delete obj.pendingCompleteAgentConnection;
obj.authenticated = 2;
obj.sendBinary(common.ShortToStr(4));
2019-04-10 20:41:10 +03:00
// Ask for mesh core hash.
obj.sendBinary(common.ShortToStr(11) + common.ShortToStr(0));
2019-04-10 01:51:05 +03:00
return;
}
// Check if we have too many agent sessions
if (typeof domain.limits.maxagentsessions == 'number') {
// Count the number of agent sessions for this domain
var domainAgentSessionCount = 0;
2019-03-08 09:47:27 +03:00
for (var i in parent.wsagents) { if (parent.wsagents[i].domain.id == domain.id) { domainAgentSessionCount++; } }
// Check if we have too many user sessions
2019-05-02 01:02:03 +03:00
if (domainAgentSessionCount >= domain.limits.maxagentsessions) {
// Too many, hold the connection.
parent.agentStats.agentMaxSessionHoldCount++;
return;
}
}
/*
2017-08-28 19:27:45 +03:00
// Check that the mesh exists
2019-03-08 09:47:27 +03:00
var mesh = parent.meshes[obj.dbMeshKey];
if (mesh == null) {
var holdConnection = true;
2019-03-08 09:47:27 +03:00
if (typeof domain.orphanagentuser == 'string') {
var adminUser = parent.users['user/' + domain.id + '/' + args.orphanagentuser];
if ((adminUser != null) && (adminUser.siteadmin == 0xFFFFFFFF)) {
// Create a new mesh for this device
holdConnection = false;
var links = {};
links[user._id] = { name: adminUser.name, rights: 0xFFFFFFFF };
mesh = { type: 'mesh', _id: obj.dbMeshKey, name: obj.meshid, mtype: 2, desc: '', domain: domain.id, links: links };
db.Set(mesh);
2019-03-08 09:47:27 +03:00
parent.meshes[obj.meshid] = mesh;
parent.parent.AddEventDispatch(parent.CreateMeshDispatchTargets(obj.meshid, [obj.dbNodeKey]), ws);
if (adminUser.links == null) user.links = {};
adminUser.links[obj.meshid] = { rights: 0xFFFFFFFF };
2019-03-08 09:47:27 +03:00
//adminUser.subscriptions = parent.subscribe(adminUser._id, ws);
db.SetUser(user);
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(meshid, [user._id, obj.dbNodeKey]), obj, { etype: 'mesh', username: user.name, meshid: obj.meshid, name: obj.meshid, mtype: 2, desc: '', action: 'createmesh', links: links, msg: 'Mesh created: ' + obj.meshid, domain: domain.id });
}
}
if (holdConnection == true) {
// If we disconnect, the agent will just reconnect. We need to log this or tell agent to connect in a few hours.
console.log('Agent connected with invalid domain/mesh, holding connection (' + obj.remoteaddrport + ', ' + obj.dbMeshKey + ').');
return;
}
}
2018-11-02 01:01:21 +03:00
if (mesh.mtype != 2) { console.log('Agent connected with invalid mesh type, holding connection (' + obj.remoteaddrport + ').'); return; } // If we disconnect, the agnet will just reconnect. We need to log this or tell agent to connect in a few hours.
*/
// Check that the node exists
2019-03-08 09:47:27 +03:00
db.Get(obj.dbNodeKey, function (err, nodes) {
2019-03-10 21:47:03 +03:00
if (obj.agentInfo == null) { return; }
var device, mesh;
// See if this node exists in the database
2019-05-21 04:03:14 +03:00
if ((nodes == null) || (nodes.length == 0)) {
// This device does not exist, use the meshid given by the device
// Check if we already have too many devices for this domain
if (domain.limits && (typeof domain.limits.maxdevices == 'number')) {
db.isMaxType(domain.limits.maxdevices, 'node', domain.id, function (ismax, count) {
if (ismax == true) {
// Too many devices in this domain.
parent.agentStats.maxDomainDevicesReached++;
} else {
// We are under the limit, create the new device.
completeAgentConnection2();
}
});
2017-08-28 19:27:45 +03:00
} else {
completeAgentConnection2();
2017-08-28 19:27:45 +03:00
}
return;
} else {
device = nodes[0];
// This device exists, meshid given by the device must be ignored, use the server side one.
if (device.meshid != obj.dbMeshKey) {
obj.dbMeshKey = device.meshid;
obj.meshid = device.meshid.split('/')[2];
}
// See if this mesh exists, if it does not we may want to create it.
mesh = getMeshAutoCreate();
// Check if the mesh exists
if (mesh == null) {
// If we disconnect, the agent will just reconnect. We need to log this or tell agent to connect in a few hours.
2019-05-02 01:02:03 +03:00
parent.agentStats.invalidDomainMesh2Count++;
console.log('Agent connected with invalid domain/mesh, holding connection (' + obj.remoteaddrport + ', ' + obj.dbMeshKey + ').');
return;
}
// Check if the mesh is the right type
if (mesh.mtype != 2) {
// If we disconnect, the agent will just reconnect. We need to log this or tell agent to connect in a few hours.
2019-05-02 01:02:03 +03:00
parent.agentStats.invalidMeshType2Count++;
console.log('Agent connected with invalid mesh type, holding connection (' + obj.remoteaddrport + ').');
return;
}
// Mark when this device connected
obj.connectTime = Date.now();
db.Set({ _id: 'lc' + obj.dbNodeKey, type: 'lastconnect', domain: domain.id, time: obj.connectTime, addr: obj.remoteaddrport, cause: 1 });
// Device already exists, look if changes have occured
2018-08-30 03:40:30 +03:00
var changes = [], change = 0, log = 0;
if (device.agent == null) { device.agent = { ver: obj.agentInfo.agentVersion, id: obj.agentInfo.agentId, caps: obj.agentInfo.capabilities }; change = 1; }
if (device.rname != obj.agentInfo.computerName) { device.rname = obj.agentInfo.computerName; change = 1; changes.push('computer name'); }
if (device.agent.ver != obj.agentInfo.agentVersion) { device.agent.ver = obj.agentInfo.agentVersion; change = 1; changes.push('agent version'); }
if (device.agent.id != obj.agentInfo.agentId) { device.agent.id = obj.agentInfo.agentId; change = 1; changes.push('agent type'); }
if ((device.agent.caps & 24) != (obj.agentInfo.capabilities & 24)) { device.agent.caps = obj.agentInfo.capabilities; change = 1; changes.push('agent capabilities'); } // If agent console or javascript support changes, update capabilities
if (mesh.flags && (mesh.flags & 2) && (device.name != obj.agentInfo.computerName)) { device.name = obj.agentInfo.computerName; change = 1; } // We want the server name to be sync'ed to the hostname
2018-08-30 03:40:30 +03:00
if (change == 1) {
2019-04-10 20:41:10 +03:00
// Do some clean up if needed, these values should not be in the database.
if (device.conn != null) { delete device.conn; }
if (device.pwr != null) { delete device.pwr; }
if (device.agct != null) { delete device.agct; }
if (device.cict != null) { delete device.cict; }
// Save the updated device in the database
2019-03-08 09:47:27 +03:00
db.Set(device);
2018-08-30 03:40:30 +03:00
// If this is a temporary device, don't log changes
if (obj.agentInfo.capabilities & 0x20) { log = 0; }
// Event the node change
2019-10-11 21:16:36 +03:00
var event = { etype: 'node', action: 'changenode', nodeid: obj.dbNodeKey, domain: domain.id, node: parent.CloneSafeNode(device) };
if (log == 0) { event.nolog = 1; } else { event.msg = 'Changed device ' + device.name + ' from group ' + mesh.name + ': ' + changes.join(', '); }
2019-05-29 03:25:23 +03:00
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the node. Another event will come.
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(device.meshid, [obj.dbNodeKey]), obj, event);
}
}
2017-08-28 19:27:45 +03:00
2019-06-07 19:44:39 +03:00
completeAgentConnection3(device, mesh);
});
}
2019-06-07 19:44:39 +03:00
function completeAgentConnection2() {
// See if this mesh exists, if it does not we may want to create it.
var mesh = getMeshAutoCreate();
// Check if the mesh exists
if (mesh == null) {
// If we disconnect, the agent will just reconnect. We need to log this or tell agent to connect in a few hours.
parent.agentStats.invalidDomainMeshCount++;
console.log('Agent connected with invalid domain/mesh, holding connection (' + obj.remoteaddrport + ', ' + obj.dbMeshKey + ').');
return;
}
// Check if the mesh is the right type
if (mesh.mtype != 2) {
// If we disconnect, the agent will just reconnect. We need to log this or tell agent to connect in a few hours.
parent.agentStats.invalidMeshTypeCount++;
console.log('Agent connected with invalid mesh type, holding connection (' + obj.remoteaddrport + ').');
return;
}
// Mark when this device connected
obj.connectTime = Date.now();
db.Set({ _id: 'lc' + obj.dbNodeKey, type: 'lastconnect', domain: domain.id, time: obj.connectTime, addr: obj.remoteaddrport, cause: 1 });
// This node does not exist, create it.
2020-01-30 01:38:41 +03:00
var agentName = obj.agentName ? obj.agentName : obj.agentInfo.computerName;
var device = { type: 'node', mtype: mesh.mtype, _id: obj.dbNodeKey, icon: obj.agentInfo.platformType, meshid: obj.dbMeshKey, name: agentName, rname: obj.agentInfo.computerName, domain: domain.id, agent: { ver: obj.agentInfo.agentVersion, id: obj.agentInfo.agentId, caps: obj.agentInfo.capabilities }, host: null };
db.Set(device);
// Event the new node
if (obj.agentInfo.capabilities & 0x20) {
// This is a temporary agent, don't log.
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(obj.dbMeshKey, [obj.dbNodeKey]), obj, { etype: 'node', action: 'addnode', node: device, domain: domain.id, nolog: 1 });
} else {
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(obj.dbMeshKey, [obj.dbNodeKey]), obj, { etype: 'node', action: 'addnode', node: device, msg: ('Added device ' + obj.agentInfo.computerName + ' to mesh ' + mesh.name), domain: domain.id });
}
2019-06-07 19:44:39 +03:00
completeAgentConnection3(device, mesh);
}
2019-06-07 19:44:39 +03:00
function completeAgentConnection3(device, mesh) {
// Check if this agent is already connected
const dupAgent = parent.wsagents[obj.dbNodeKey];
parent.wsagents[obj.dbNodeKey] = obj;
if (dupAgent) {
// Record duplicate agents
if (parent.duplicateAgentsLog[obj.dbNodeKey] == null) {
if (dupAgent.remoteaddr == obj.remoteaddr) {
parent.duplicateAgentsLog[obj.dbNodeKey] = { name: device.name, group: mesh.name, ip: [obj.remoteaddr], count: 1 };
} else {
parent.duplicateAgentsLog[obj.dbNodeKey] = { name: device.name, group: mesh.name, ip: [obj.remoteaddr, dupAgent.remoteaddr], count: 1 };
}
} else {
parent.duplicateAgentsLog[obj.dbNodeKey].name = device.name;
parent.duplicateAgentsLog[obj.dbNodeKey].group = mesh.name;
parent.duplicateAgentsLog[obj.dbNodeKey].count++;
if (parent.duplicateAgentsLog[obj.dbNodeKey].ip.indexOf(obj.remoteaddr) == -1) { parent.duplicateAgentsLog[obj.dbNodeKey].ip.push(obj.remoteaddr); }
}
2017-09-06 03:19:28 +03:00
// Close the duplicate agent
parent.agentStats.duplicateAgentCount++;
if (obj.nodeid != null) { parent.parent.debug('agent', 'Duplicate agent ' + obj.nodeid + ' (' + obj.remoteaddrport + ')'); }
dupAgent.close(3);
} else {
// Indicate the agent is connected
parent.parent.SetConnectivityState(obj.dbMeshKey, obj.dbNodeKey, obj.connectTime, 1, 1);
}
// We are done, ready to communicate with this agent
delete obj.pendingCompleteAgentConnection;
obj.authenticated = 2;
// Check how many times this agent disconnected in the last few minutes.
const disconnectCount = parent.wsagentsDisconnections[obj.nodeid];
if (disconnectCount > 6) {
console.log('Agent in big trouble: NodeId=' + obj.nodeid + ', IP=' + obj.remoteaddrport + ', Agent=' + obj.agentInfo.agentId + '.');
// TODO: Log or do something to recover?
return;
}
// Command 4, inform mesh agent that it's authenticated.
obj.sendBinary(common.ShortToStr(4));
if (disconnectCount > 4) {
// Too many disconnections, this agent has issues. Just clear the core.
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0));
//console.log('Agent in trouble: NodeId=' + obj.nodeid + ', IP=' + obj.remoteaddrport + ', Agent=' + obj.agentInfo.agentId + '.');
// TODO: Log or do something to recover?
return;
}
2019-03-11 21:18:50 +03:00
// Not sure why, but in rare cases, obj.agentInfo is undefined here.
if ((obj.agentInfo == null) || (typeof obj.agentInfo.capabilities != 'number')) { return; } // This is an odd case.
2019-04-10 01:51:05 +03:00
// Check if we need to make an native update check
obj.agentExeInfo = parent.parent.meshAgentBinaries[obj.agentInfo.agentId];
2019-06-18 01:20:47 +03:00
var corename = null;
if (parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId] != null) {
corename = parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].core;
} else {
// MeshCommand_CoreModule, ask mesh agent to clear the core
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0));
2019-06-18 01:20:47 +03:00
}
if ((obj.agentExeInfo != null) && (obj.agentExeInfo.update == true)) {
// Ask the agent for it's executable binary hash
obj.sendBinary(common.ShortToStr(12) + common.ShortToStr(0));
} else {
// Check the mesh core, if the agent is capable of running one
if (((obj.agentInfo.capabilities & 16) != 0) && (corename != null)) {
obj.sendBinary(common.ShortToStr(11) + common.ShortToStr(0)); // Command 11, ask for mesh core hash.
2019-01-22 01:05:50 +03:00
} else {
agentCoreIsStable(); // No updates needed, agent is ready to go.
2019-01-22 01:05:50 +03:00
}
}
}
2019-01-22 01:05:50 +03:00
// Take a basic Intel AMT policy and add all server information to it, making it ready to send to this agent.
function completeIntelAmtPolicy(amtPolicy) {
var r = amtPolicy;
if (amtPolicy == null) return null;
if (amtPolicy.type == 2) {
// CCM - Add server root certificate
if (parent.parent.certificates.rootex == null) { parent.parent.certificates.rootex = parent.parent.certificates.root.cert.split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join('').split('\r').join('').split('\n').join(''); }
r.rootcert = parent.parent.certificates.rootex;
if ((amtPolicy.cirasetup == 2) && (parent.parent.mpsserver != null) && (parent.parent.certificates.AmtMpsName != null) && (args.lanonly != true) && (args.mpsport != 0)) {
// Add server CIRA settings
r.ciraserver = {
name: parent.parent.certificates.AmtMpsName,
port: (typeof args.mpsaliasport == 'number' ? args.mpsaliasport : args.mpsport),
user: obj.meshid.replace(/\@/g, 'X').replace(/\$/g, 'X').substring(0, 16),
pass: args.mpspass ? args.mpspass : 'A@xew9rt', // If the MPS password is not set, just use anything. TODO: Use the password as an agent identifier?
home: ['sdlwerulis3wpj95dfj'] // Use a random FQDN to not have any home network.
};
if (Array.isArray(args.ciralocalfqdn)) { r.ciraserver.home = args.ciralocalfqdn; }
}
} else if ((amtPolicy.type == 3) && (domain.amtacmactivation.acmmatch)) {
// ACM - In this mode, don't send much to Intel AMT. Just indicate ACM policy and let the agent try activation when possible.
r = { type: 3, match: domain.amtacmactivation.acmmatch };
}
return r;
}
// Send Intel AMT policy
obj.sendUpdatedIntelAmtPolicy = function (policy) {
if (obj.agentExeInfo && (obj.agentExeInfo.amt == true)) { // Only send Intel AMT policy to agents what could have AMT.
if (policy == null) { var mesh = parent.meshes[obj.dbMeshKey]; if (mesh == null) return; policy = mesh.amt; }
2019-03-11 21:18:50 +03:00
if (policy != null) { try { obj.send(JSON.stringify({ action: 'amtPolicy', amtPolicy: completeIntelAmtPolicy(common.Clone(policy)) })); } catch (ex) { } }
}
}
2019-04-10 01:51:05 +03:00
function recoveryAgentCoreIsStable(mesh) {
2019-05-02 01:02:03 +03:00
parent.agentStats.recoveryCoreIsStableCount++;
2019-04-10 01:51:05 +03:00
// Recovery agent is doing ok, lets perform main agent checking.
//console.log('recoveryAgentCoreIsStable()');
// Fetch the the real agent nodeid
db.Get('da' + obj.dbNodeKey, function (err, nodes, self)
{
2019-05-21 04:03:14 +03:00
if ((nodes != null) && (nodes.length == 1))
{
self.realNodeKey = nodes[0].raid;
// Get agent connection state
var agentConnected = false;
var state = parent.parent.GetConnectivityState(self.realNodeKey);
if (state) { agentConnected = ((state.connectivity & 1) != 0) }
self.send(JSON.stringify({ action: 'diagnostic', value: { command: 'query', value: self.realNodeKey, agent: agentConnected } }));
} else
{
self.send(JSON.stringify({ action: 'diagnostic', value: { command: 'query', value: null } }));
2019-04-10 01:51:05 +03:00
}
}, obj);
2019-04-10 01:51:05 +03:00
}
function agentCoreIsStable() {
2019-05-02 01:02:03 +03:00
parent.agentStats.coreIsStableCount++;
// Check that the mesh exists
2019-03-08 09:47:27 +03:00
const mesh = parent.meshes[obj.dbMeshKey];
if (mesh == null) {
2019-05-02 01:02:03 +03:00
parent.agentStats.meshDoesNotExistCount++;
// TODO: Mark this agent as part of a mesh that does not exists.
return; // Probably not worth doing anything else. Hold this agent.
}
2019-04-10 20:41:10 +03:00
// Check if this is a recovery agent
if (obj.agentInfo.capabilities & 0x40) {
recoveryAgentCoreIsStable(mesh);
return;
}
2019-05-02 01:02:03 +03:00
// Fetch the the diagnostic agent nodeid
2019-04-10 01:51:05 +03:00
db.Get('ra' + obj.dbNodeKey, function (err, nodes) {
2019-05-21 04:03:14 +03:00
if ((nodes != null) && (nodes.length == 1)) {
2019-04-10 01:51:05 +03:00
obj.diagnosticNodeKey = nodes[0].daid;
obj.send(JSON.stringify({ action: 'diagnostic', value: { command: 'query', value: obj.diagnosticNodeKey } }));
}
});
// Send Intel AMT policy
2019-03-11 21:18:50 +03:00
if (obj.agentExeInfo && (obj.agentExeInfo.amt == true) && (mesh.amt != null)) { // Only send Intel AMT policy to agents what could have AMT.
try { obj.send(JSON.stringify({ action: 'amtPolicy', amtPolicy: completeIntelAmtPolicy(common.Clone(mesh.amt)) })); } catch (ex) { }
}
2019-08-08 02:37:45 +03:00
// Fetch system information
db.GetHash('si' + obj.dbNodeKey, function (err, results) {
if ((results != null) && (results.length == 1)) { obj.send(JSON.stringify({ action: 'sysinfo', hash: results[0].hash })); } else { obj.send(JSON.stringify({ action: 'sysinfo' })); }
});
// Do this if IP location is enabled on this domain TODO: Set IP location per device group?
if (domain.iplocation == true) {
// Check if we already have IP location information for this node
2019-03-08 09:47:27 +03:00
db.Get('iploc_' + obj.remoteaddr, function (err, iplocs) {
2019-05-21 04:03:14 +03:00
if ((iplocs != null) && (iplocs.length == 1)) {
// We have a location in the database for this remote IP
2019-03-08 09:47:27 +03:00
const iploc = nodes[0], x = {};
if ((iploc != null) && (iploc.ip != null) && (iploc.loc != null)) {
x.publicip = iploc.ip;
x.iploc = iploc.loc + ',' + (Math.floor((new Date(iploc.date)) / 1000));
ChangeAgentLocationInfo(x);
}
} else {
// Check if we need to ask for the IP location
var doIpLocation = 0;
if (device.iploc == null) {
doIpLocation = 1;
2017-09-06 03:19:28 +03:00
} else {
2019-03-08 09:47:27 +03:00
const loc = device.iploc.split(',');
if (loc.length < 3) {
doIpLocation = 2;
} else {
var t = new Date((parseFloat(loc[2]) * 1000)), now = Date.now();
t.setDate(t.getDate() + 20);
if (t < now) { doIpLocation = 3; }
}
}
2017-09-06 03:19:28 +03:00
// If we need to ask for IP location, see if we have the quota to do it.
if (doIpLocation > 0) {
2019-03-08 09:47:27 +03:00
db.getValueOfTheDay('ipLocationRequestLimitor', 10, function (ipLocationLimitor) {
2019-05-21 04:03:14 +03:00
if ((ipLocationLimitor != null) && (ipLocationLimitor.value > 0)) {
ipLocationLimitor.value--;
2019-03-08 09:47:27 +03:00
db.Set(ipLocationLimitor);
obj.send(JSON.stringify({ action: 'iplocation' }));
}
});
}
}
});
}
if (parent.parent.pluginHandler != null) {
parent.parent.pluginHandler.callHook('hook_agentCoreIsStable', obj, parent);
}
2017-08-28 19:27:45 +03:00
}
2018-01-03 03:52:49 +03:00
// Get the web certificate private key hash for the specified domain
2018-01-03 03:52:49 +03:00
function getWebCertHash(domain) {
2019-03-08 09:47:27 +03:00
const hash = parent.webCertificateHashs[domain.id];
if (hash != null) return hash;
2019-03-08 09:47:27 +03:00
return parent.webCertificateHash;
2018-01-03 03:52:49 +03:00
}
// Get the web certificate hash for the specified domain
function getWebCertFullHash(domain) {
2019-03-08 09:47:27 +03:00
const hash = parent.webCertificateFullHashs[domain.id];
if (hash != null) return hash;
2019-03-08 09:47:27 +03:00
return parent.webCertificateFullHash;
}
2017-08-28 19:27:45 +03:00
// Verify the agent signature
function processAgentSignature(msg) {
2019-03-08 09:47:27 +03:00
if (args.ignoreagenthashcheck !== true) {
2019-01-11 21:02:54 +03:00
var verified = false;
if (msg.length != 384) {
// Verify a PKCS7 signature.
var msgDer = null;
2019-03-08 09:47:27 +03:00
try { msgDer = forge.asn1.fromDer(forge.util.createBuffer(msg, 'binary')); } catch (ex) { }
2019-01-11 21:02:54 +03:00
if (msgDer != null) {
try {
2019-03-08 09:47:27 +03:00
var p7 = forge.pkcs7.messageFromAsn1(msgDer);
2019-01-11 21:02:54 +03:00
var sig = p7.rawCapture.signature;
// Verify with key hash
2019-03-08 09:47:27 +03:00
var buf = Buffer.from(getWebCertHash(domain) + obj.nonce + obj.agentnonce, 'binary');
var verifier = parent.crypto.createVerify('RSA-SHA384');
2019-01-11 21:02:54 +03:00
verifier.update(buf);
verified = verifier.verify(obj.unauth.nodeCertPem, sig, 'binary');
if (verified == false) {
// Verify with full hash
2019-03-08 09:47:27 +03:00
buf = Buffer.from(getWebCertFullHash(domain) + obj.nonce + obj.agentnonce, 'binary');
verifier = parent.crypto.createVerify('RSA-SHA384');
2019-01-11 21:02:54 +03:00
verifier.update(buf);
verified = verifier.verify(obj.unauth.nodeCertPem, sig, 'binary');
}
2019-05-02 01:02:03 +03:00
if (verified == false) {
// Not a valid signature
parent.agentStats.invalidPkcsSignatureCount++;
return false;
}
2019-01-11 21:02:54 +03:00
} catch (ex) { };
}
}
if (verified == false) {
// Verify the RSA signature. This is the fast way, without using forge.
2019-03-08 09:47:27 +03:00
const verify = parent.crypto.createVerify('SHA384');
verify.end(Buffer.from(getWebCertHash(domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the private key hash
2019-01-11 21:02:54 +03:00
if (verify.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) {
2019-03-08 09:47:27 +03:00
const verify2 = parent.crypto.createVerify('SHA384');
verify2.end(Buffer.from(getWebCertFullHash(domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the full cert hash
2019-05-02 01:02:03 +03:00
if (verify2.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) {
parent.agentStats.invalidRsaSignatureCount++;
return false;
}
2019-01-11 21:02:54 +03:00
}
}
}
2017-08-28 19:27:45 +03:00
// Connection is a success, clean up
obj.nodeid = obj.unauth.nodeid;
2017-08-28 19:27:45 +03:00
obj.dbNodeKey = 'node/' + domain.id + '/' + obj.nodeid;
delete obj.nonce;
delete obj.agentnonce;
delete obj.unauth;
2019-03-08 09:47:27 +03:00
delete obj.receivedCommands;
2017-08-28 19:27:45 +03:00
if (obj.unauthsign) delete obj.unauthsign;
2019-05-02 01:02:03 +03:00
parent.agentStats.verifiedAgentConnectionCount++;
parent.parent.debug('agent', 'Verified agent connection to ' + obj.nodeid + ' (' + obj.remoteaddrport + ').');
2017-08-28 19:27:45 +03:00
obj.authenticated = 1;
return true;
}
// Process incoming agent JSON data
function processAgentData(msg) {
2019-03-08 09:47:27 +03:00
var i, str = msg.toString('utf8'), command = null;
2017-08-28 19:27:45 +03:00
if (str[0] == '{') {
2019-05-02 01:02:03 +03:00
try { command = JSON.parse(str); } catch (ex) { parent.agentStats.invalidJsonCount++; console.log('Unable to parse agent JSON (' + obj.remoteaddrport + '): ' + str, ex); return; } // If the command can't be parsed, ignore it.
2018-08-27 22:24:15 +03:00
if (typeof command != 'object') { return; }
2017-08-28 19:27:45 +03:00
switch (command.action) {
case 'msg':
{
// Route a message
parent.routeAgentCommand(command, obj.domain.id, obj.dbNodeKey, obj.dbMeshKey);
2017-08-28 19:27:45 +03:00
break;
}
case 'coreinfo':
{
// Sent by the agent to update agent information
ChangeAgentCoreInfo(command);
2018-09-28 02:17:05 +03:00
break;
}
case 'smbios':
{
// Store the RAW SMBios table of this computer
2019-12-09 22:30:08 +03:00
// Perform sanity checks before storing
2019-02-26 00:14:04 +03:00
try {
2019-12-09 22:30:08 +03:00
for (var i in command.value) { var k = parseInt(i); if ((k != i) || (i > 255) || (typeof command.value[i] != 'object') || (command.value[i].length == null) || (command.value[i].length > 1024) || (command.value[i].length < 0)) { delete command.value[i]; } }
db.SetSMBIOS({ _id: obj.dbNodeKey, domain: domain.id, time: new Date(), value: command.value });
2019-02-26 00:14:04 +03:00
} catch (ex) { }
2018-09-28 02:17:05 +03:00
// Event the node interface information change (This is a lot of traffic, probably don't need this).
//parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(obj.meshid, [obj.dbNodeKey]), obj, { action: 'smBiosChange', nodeid: obj.dbNodeKey, domain: domain.id, smbios: command.value, nolog: 1 });
2018-09-28 02:17:05 +03:00
2017-08-28 19:27:45 +03:00
break;
}
case 'netinfo':
{
// Sent by the agent to update agent network interface information
delete command.action;
command.updateTime = Date.now();
command._id = 'if' + obj.dbNodeKey;
command.type = 'ifinfo';
2019-03-08 09:47:27 +03:00
db.Set(command);
2017-08-28 19:27:45 +03:00
// Event the node interface information change
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(obj.meshid, [obj.dbNodeKey]), obj, { action: 'ifchange', nodeid: obj.dbNodeKey, domain: domain.id, nolog: 1 });
2017-08-28 19:27:45 +03:00
break;
}
2017-09-06 03:19:28 +03:00
case 'iplocation':
{
// Sent by the agent to update location information
2017-08-30 23:52:56 +03:00
if ((command.type == 'publicip') && (command.value != null) && (typeof command.value == 'object') && (command.value.ip) && (command.value.loc)) {
2017-08-29 01:06:29 +03:00
var x = {};
x.publicip = command.value.ip;
2018-08-30 03:40:30 +03:00
x.iploc = command.value.loc + ',' + (Math.floor(Date.now() / 1000));
2017-08-29 01:06:29 +03:00
ChangeAgentLocationInfo(x);
command.value._id = 'iploc_' + command.value.ip;
command.value.type = 'iploc';
command.value.date = Date.now();
2019-03-08 09:47:27 +03:00
db.Set(command.value); // Store the IP to location data in the database
// Sample Value: { ip: '192.55.64.246', city: 'Hillsboro', region: 'Oregon', country: 'US', loc: '45.4443,-122.9663', org: 'AS4983 Intel Corporation', postal: '97123' }
2017-08-29 01:06:29 +03:00
}
2017-08-28 19:27:45 +03:00
break;
}
case 'mc1migration':
{
if (command.oldnodeid.length != 64) break;
2019-03-08 09:47:27 +03:00
const oldNodeKey = 'node//' + command.oldnodeid.toLowerCase();
db.Get(oldNodeKey, function (err, nodes) {
2019-05-21 04:03:14 +03:00
if ((nodes != null) && (nodes.length != 1)) return;
2019-03-08 09:47:27 +03:00
const node = nodes[0];
if (node.meshid == obj.dbMeshKey) {
// Update the device name & host
2019-03-08 09:47:27 +03:00
const newNode = { "name": node.name };
if (node.intelamt != null) { newNode.intelamt = node.intelamt; }
ChangeAgentCoreInfo(newNode);
// Delete this node including network interface information and events
2019-03-08 09:47:27 +03:00
db.Remove(node._id);
db.Remove('if' + node._id);
// Event node deletion
2019-03-08 09:47:27 +03:00
const change = 'Migrated device ' + node.name;
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(node.meshid, [obj.dbNodeKey]), obj, { etype: 'node', action: 'removenode', nodeid: node._id, msg: change, domain: node.domain });
}
});
break;
}
case 'openUrl':
{
// Sent by the agent to return the status of a open URL action.
// Nothing is done right now.
break;
}
2019-07-30 02:35:48 +03:00
case 'log':
{
// Log a value in the event log
if ((typeof command.msg == 'string') && (command.msg.length < 4096)) {
var event = { etype: 'node', action: 'agentlog', nodeid: obj.dbNodeKey, domain: domain.id, msg: command.msg };
var targets = parent.CreateMeshDispatchTargets(obj.dbMeshKey, [obj.dbNodeKey]);
2019-07-30 02:35:48 +03:00
if (typeof command.userid == 'string') {
var loguser = parent.users[command.userid];
if (loguser) { event.userid = command.userid; event.username = loguser.name; targets.push(command.userid); }
2019-07-30 02:35:48 +03:00
}
if ((typeof command.sessionid == 'string') && (command.sessionid.length < 500)) { event.sessionid = command.sessionid; }
parent.parent.DispatchEvent(targets, obj, event);
2019-07-30 02:35:48 +03:00
}
break;
}
case 'ping': { sendPong(); break; }
case 'pong': { break; }
case 'getScript':
{
// Used by the agent to get configuration scripts.
if (command.type == 1) {
2019-03-08 09:47:27 +03:00
parent.getCiraConfigurationScript(obj.dbMeshKey, function (script) {
obj.send(JSON.stringify({ action: 'getScript', type: 1, script: script.toString() }));
});
} else if (command.type == 2) {
2019-03-08 09:47:27 +03:00
parent.getCiraCleanupScript(function (script) {
obj.send(JSON.stringify({ action: 'getScript', type: 2, script: script.toString() }));
});
}
break;
}
2019-06-15 02:33:53 +03:00
case 'acmactivate':
{
2019-06-21 00:27:57 +03:00
if (obj.agentInfo.capabilities & 0x20) return; // If this is a temporary device, don't do ACM activation.
// Get the current Intel AMT policy
var mesh = parent.meshes[obj.dbMeshKey];
if ((mesh == null) || (mesh.amt == null) || (mesh.amt.type != 3) || (domain.amtacmactivation == null) || (domain.amtacmactivation.acmmatch == null) || (mesh.amt.password == null)) break; // If this is not the right policy, ignore this.
// Get the Intel AMT admin password, randomize if needed.
var amtpassword = ((mesh.amt.password == '') ? getRandomAmtPassword() : mesh.amt.password);
if (checkAmtPassword(amtpassword) == false) return; // Invalid Intel AMT password, this should never happen.
2019-06-15 02:33:53 +03:00
// Agent is asking the server to sign an Intel AMT ACM activation request
2019-06-21 00:27:57 +03:00
var signResponse = parent.parent.certificateOperations.signAcmRequest(domain, command, 'admin', amtpassword, obj.remoteaddrport, obj.dbNodeKey, obj.dbMeshKey, obj.agentInfo.computerName, obj.agentInfo.agentId); // TODO: Place account credentials!!!
if ((signResponse != null) && (signResponse.error == null)) {
2019-06-21 00:27:57 +03:00
// Log this activation event
var event = { etype: 'node', action: 'amtactivate', nodeid: obj.dbNodeKey, domain: domain.id, msg: 'Device requested Intel AMT ACM activation, FQDN: ' + command.fqdn, ip: obj.remoteaddrport };
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the node. Another event will come.
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(obj.dbMeshKey, [obj.dbNodeKey]), obj, event);
2019-06-21 00:27:57 +03:00
// Update the device Intel AMT information
ChangeAgentCoreInfo({ "intelamt": { user: 'admin', pass: amtpassword, uuid: command.uuid, realm: command.realm } });
// Send the activation response
2019-06-25 04:56:14 +03:00
obj.send(JSON.stringify(signResponse));
2019-06-21 00:27:57 +03:00
}
2019-06-15 02:33:53 +03:00
break;
}
2019-04-10 01:51:05 +03:00
case 'diagnostic':
{
if (typeof command.value == 'object') {
switch (command.value.command) {
case 'register': {
// Only main agent can do this
if (((obj.agentInfo.capabilities & 0x40) == 0) && (typeof command.value.value == 'string') && (command.value.value.length == 64))
{
2019-04-10 01:51:05 +03:00
// Store links to diagnostic agent id
var daNodeKey = 'node/' + domain.id + '/' + db.escapeBase64(command.value.value);
2019-04-10 01:51:05 +03:00
db.Set({ _id: 'da' + daNodeKey, domain: domain.id, time: obj.connectTime, raid: obj.dbNodeKey }); // DiagnosticAgent --> Agent
db.Set({ _id: 'ra' + obj.dbNodeKey, domain: domain.id, time: obj.connectTime, daid: daNodeKey }); // Agent --> DiagnosticAgent
}
break;
}
case 'query': {
// Only the diagnostic agent can do
if ((obj.agentInfo.capabilities & 0x40) != 0) {
// Return nodeid of main agent + connection status
db.Get('da' + obj.dbNodeKey, function (err, nodes) {
if (nodes.length == 1) {
obj.realNodeKey = nodes[0].raid;
// Get agent connection state
var agentConnected = false;
var state = parent.parent.GetConnectivityState(obj.realNodeKey);
if (state) { agentConnected = ((state.connectivity & 1) != 0) }
obj.send(JSON.stringify({ action: 'diagnostic', value: { command: 'query', value: obj.realNodeKey, agent: agentConnected } }));
2019-04-10 01:51:05 +03:00
} else {
obj.send(JSON.stringify({ action: 'diagnostic', value: { command: 'query', value: null } }));
}
});
}
break;
}
case 'log': {
2019-07-30 02:35:48 +03:00
if (((obj.agentInfo.capabilities & 0x40) != 0) && (typeof command.value.value == 'string') && (command.value.value.length < 256)) {
// If this is a diagnostic agent, log the event in the log of the main agent
var event = { etype: 'node', action: 'diagnostic', nodeid: obj.realNodeKey, domain: domain.id, msg: command.value.value };
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(obj.dbMeshKey, [obj.dbNodeKey]), obj, event);
2019-04-10 01:51:05 +03:00
}
break;
}
}
}
break;
}
case 'sysinfo': {
if ((typeof command.data == 'object') && (typeof command.data.hash == 'string')) {
command.data._id = 'si' + obj.dbNodeKey;
command.data.type = 'sysinfo';
command.data.domain = domain.id;
command.data.time = Date.now();
db.Set(command.data); // Update system information in the database.
// Event the new sysinfo hash, this will notify everyone that the sysinfo document was changed
var event = { etype: 'node', action: 'sysinfohash', nodeid: obj.dbNodeKey, domain: domain.id, hash: command.data.hash, nolog: 1 };
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(obj.dbMeshKey, [obj.dbNodeKey]), obj, event);
}
break;
}
case 'sysinfocheck': {
// Check system information update
db.GetHash('si' + obj.dbNodeKey, function (err, results) {
if ((results != null) && (results.length == 1)) { obj.send(JSON.stringify({ action: 'sysinfo', hash: results[0].hash })); } else { obj.send(JSON.stringify({ action: 'sysinfo' })); }
});
break;
}
case 'plugin': {
2019-10-28 19:21:12 +03:00
if ((parent.parent.pluginHandler == null) || (typeof command.plugin != 'string')) break;
2019-10-10 21:13:25 +03:00
try {
2019-11-01 23:49:18 +03:00
parent.parent.pluginHandler.plugins[command.plugin].serveraction(command, obj, parent);
2019-10-10 21:13:25 +03:00
} catch (e) {
console.log('Error loading plugin handler (' + e + ')');
}
break;
}
2019-01-05 04:59:13 +03:00
default: {
2019-05-02 01:02:03 +03:00
parent.agentStats.unknownAgentActionCount++;
2019-01-05 04:59:13 +03:00
console.log('Unknown agent action (' + obj.remoteaddrport + '): ' + command.action + '.');
break;
}
2017-08-28 19:27:45 +03:00
}
if (parent.parent.pluginHandler != null) {
parent.parent.pluginHandler.callHook('hook_processAgentData', command, obj, parent);
}
2017-08-28 19:27:45 +03:00
}
}
// Change the current core information string and event it
function ChangeAgentCoreInfo(command) {
2019-04-10 01:51:05 +03:00
if (obj.agentInfo.capabilities & 0x40) return;
if ((command == null) || (command == null)) return; // Safety, should never happen.
2017-08-28 19:27:45 +03:00
// Check that the mesh exists
2019-03-08 09:47:27 +03:00
const mesh = parent.meshes[obj.dbMeshKey];
if (mesh == null) return;
// Get the node and change it if needed
2019-03-08 09:47:27 +03:00
db.Get(obj.dbNodeKey, function (err, nodes) { // TODO: THIS IS A BIG RACE CONDITION HERE, WE NEED TO FIX THAT. If this call is made twice at the same time on the same device, data will be missed.
2019-05-21 04:03:14 +03:00
if ((nodes == null) || (nodes.length != 1)) return;
2019-03-08 09:47:27 +03:00
const device = nodes[0];
if (device.agent) {
var changes = [], change = 0, log = 0;
2018-09-22 02:34:35 +03:00
//if (command.users) { console.log(command.users); }
// Check if anything changes
if (command.name && (typeof command.name == 'string') && (command.name != device.name)) { change = 1; log = 1; device.name = command.name; changes.push('name'); }
if ((command.caps != null) && (device.agent.core != command.value)) { if ((command.value == null) && (device.agent.core != null)) { delete device.agent.core; } else { device.agent.core = command.value; } change = 1; } // Don't save this as an event to the db.
if ((command.caps != null) && ((device.agent.caps & 0xFFFFFFE7) != (command.caps & 0xFFFFFFE7))) { device.agent.caps = ((device.agent.caps & 24) + (command.caps & 0xFFFFFFE7)); change = 1; } // Allow Javascript on the agent to change all capabilities except console and javascript support, Don't save this as an event to the db.
if ((command.osdesc != null) && (typeof command.osdesc == 'string') && (device.osdesc != command.osdesc)) { device.osdesc = command.osdesc; change = 1; changes.push('os desc'); } // Don't save this as an event to the db.
if (device.ip != obj.remoteaddr) { device.ip = obj.remoteaddr; change = 1; }
if (command.intelamt) {
if (!device.intelamt) { device.intelamt = {}; }
if ((command.intelamt.ver != null) && (typeof command.intelamt.ver == 'string') && (command.intelamt.ver.length < 12) && (device.intelamt.ver != command.intelamt.ver)) { changes.push('AMT version'); device.intelamt.ver = command.intelamt.ver; change = 1; log = 1; }
if ((command.intelamt.sku != null) && (typeof command.intelamt.sku == 'number') && (device.intelamt.sku !== command.intelamt.sku)) { changes.push('AMT SKU'); device.intelamt.sku = command.intelamt.sku; change = 1; log = 1; }
if ((command.intelamt.state != null) && (typeof command.intelamt.state == 'number') && (device.intelamt.state != command.intelamt.state)) { changes.push('AMT state'); device.intelamt.state = command.intelamt.state; change = 1; log = 1; }
if ((command.intelamt.flags != null) && (typeof command.intelamt.flags == 'number') && (device.intelamt.flags != command.intelamt.flags)) {
2018-09-22 02:34:35 +03:00
if (device.intelamt.flags) { changes.push('AMT flags (' + device.intelamt.flags + ' --> ' + command.intelamt.flags + ')'); } else { changes.push('AMT flags (' + command.intelamt.flags + ')'); }
device.intelamt.flags = command.intelamt.flags; change = 1; log = 1;
2018-09-22 02:34:35 +03:00
}
if ((command.intelamt.realm != null) && (typeof command.intelamt.realm == 'string') && (device.intelamt.realm != command.intelamt.realm)) { changes.push('AMT realm'); device.intelamt.realm = command.intelamt.realm; change = 1; log = 1; }
if ((command.intelamt.host != null) && (typeof command.intelamt.host == 'string') && (device.intelamt.host != command.intelamt.host)) { changes.push('AMT host'); device.intelamt.host = command.intelamt.host; change = 1; log = 1; }
if ((command.intelamt.uuid != null) && (typeof command.intelamt.uuid == 'string') && (device.intelamt.uuid != command.intelamt.uuid)) { changes.push('AMT uuid'); device.intelamt.uuid = command.intelamt.uuid; change = 1; log = 1; }
if ((command.intelamt.user != null) && (typeof command.intelamt.user == 'string') && (device.intelamt.user != command.intelamt.user)) { changes.push('AMT user'); device.intelamt.user = command.intelamt.user; change = 1; log = 1; }
if ((command.intelamt.pass != null) && (typeof command.intelamt.pass == 'string') && (device.intelamt.pass != command.intelamt.pass)) { changes.push('AMT pass'); device.intelamt.pass = command.intelamt.pass; change = 1; log = 1; }
}
2019-08-02 21:35:59 +03:00
if (command.av) {
if (!device.av) { device.av = []; }
if ((command.av != null) && (JSON.stringify(device.av) != JSON.stringify(command.av))) { /*changes.push('AV status');*/ device.av = command.av; change = 1; log = 1; }
2019-08-02 21:35:59 +03:00
}
if ((command.users != null) && (device.users != command.users)) { device.users = command.users; change = 1; } // Don't save this to the db.
2019-03-08 09:47:27 +03:00
if ((mesh.mtype == 2) && (!args.wanonly)) {
2019-02-21 02:26:27 +03:00
// In WAN mode, the hostname of a computer is not important. Don't log hostname changes.
if (device.host != obj.remoteaddr) { device.host = obj.remoteaddr; change = 1; changes.push('host'); }
// TODO: Check that the agent has an interface that is the same as the one we got this websocket connection on. Only set if we have a match.
}
2017-08-28 19:27:45 +03:00
2018-09-22 02:34:35 +03:00
// If there are changes, event the new device
if (change == 1) {
2019-04-10 20:41:10 +03:00
// Do some clean up if needed, these values should not be in the database.
if (device.conn != null) { delete device.conn; }
if (device.pwr != null) { delete device.pwr; }
if (device.agct != null) { delete device.agct; }
if (device.cict != null) { delete device.cict; }
2018-09-22 02:34:35 +03:00
// Save to the database
2019-03-08 09:47:27 +03:00
db.Set(device);
2017-08-28 19:27:45 +03:00
// Event the node change
2019-10-11 21:16:36 +03:00
var event = { etype: 'node', action: 'changenode', nodeid: obj.dbNodeKey, domain: domain.id, node: parent.CloneSafeNode(device) };
if (changes.length > 0) { event.msg = 'Changed device ' + device.name + ' from group ' + mesh.name + ': ' + changes.join(', '); }
if ((log == 0) || ((obj.agentInfo) && (obj.agentInfo.capabilities) && (obj.agentInfo.capabilities & 0x20)) || (changes.length == 0)) { event.nolog = 1; } // If this is a temporary device, don't log changes
2019-05-29 03:25:23 +03:00
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the node. Another event will come.
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(device.meshid, [obj.dbNodeKey]), obj, event);
2017-08-28 19:27:45 +03:00
}
}
2017-08-28 19:27:45 +03:00
});
}
2017-08-29 01:06:29 +03:00
// Change the current core information string and event it
function ChangeAgentLocationInfo(command) {
2019-04-10 01:51:05 +03:00
if (obj.agentInfo.capabilities & 0x40) return;
if ((command == null) || (command == null)) { return; } // Safety, should never happen.
2017-08-29 01:06:29 +03:00
// Check that the mesh exists
2019-03-08 09:47:27 +03:00
const mesh = parent.meshes[obj.dbMeshKey];
if (mesh == null) return;
// Get the node and change it if needed
2019-03-08 09:47:27 +03:00
db.Get(obj.dbNodeKey, function (err, nodes) {
2019-05-21 04:03:14 +03:00
if ((nodes == null) || (nodes.length != 1)) { return; }
2019-03-08 09:47:27 +03:00
const device = nodes[0];
if (device.agent) {
var changes = [], change = 0;
// Check if anything changes
if ((command.publicip) && (device.publicip != command.publicip)) { device.publicip = command.publicip; change = 1; changes.push('public ip'); }
if ((command.iploc) && (device.iploc != command.iploc)) { device.iploc = command.iploc; change = 1; changes.push('ip location'); }
// If there are changes, save and event
if (change == 1) {
2019-04-10 20:41:10 +03:00
// Do some clean up if needed, these values should not be in the database.
if (device.conn != null) { delete device.conn; }
if (device.pwr != null) { delete device.pwr; }
if (device.agct != null) { delete device.agct; }
if (device.cict != null) { delete device.cict; }
// Save the device
2019-03-08 09:47:27 +03:00
db.Set(device);
2017-08-29 01:06:29 +03:00
// Event the node change
2019-10-11 21:16:36 +03:00
var event = { etype: 'node', action: 'changenode', nodeid: obj.dbNodeKey, domain: domain.id, node: parent.CloneSafeNode(device), msg: 'Changed device ' + device.name + ' from group ' + mesh.name + ': ' + changes.join(', ') };
if (obj.agentInfo.capabilities & 0x20) { event.nolog = 1; } // If this is a temporary device, don't log changes
2019-05-29 03:25:23 +03:00
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the node. Another event will come.
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(device.meshid, [obj.dbNodeKey]), obj, event);
2017-08-29 01:06:29 +03:00
}
}
2017-08-29 01:06:29 +03:00
});
}
2017-08-28 19:27:45 +03:00
// Update the mesh agent tab in the database
function ChangeAgentTag(tag) {
2019-04-10 01:51:05 +03:00
if (obj.agentInfo.capabilities & 0x40) return;
if (tag.length == 0) { tag = null; }
2017-08-28 19:27:45 +03:00
// Get the node and change it if needed
2019-03-08 09:47:27 +03:00
db.Get(obj.dbNodeKey, function (err, nodes) {
2019-05-21 04:03:14 +03:00
if ((nodes == null) || (nodes.length != 1)) return;
2019-03-08 09:47:27 +03:00
const device = nodes[0];
2017-08-28 19:27:45 +03:00
if (device.agent) {
if (device.agent.tag != tag) {
2019-04-10 20:41:10 +03:00
// Do some clean up if needed, these values should not be in the database.
if (device.conn != null) { delete device.conn; }
if (device.pwr != null) { delete device.pwr; }
if (device.agct != null) { delete device.agct; }
if (device.cict != null) { delete device.cict; }
// Set the new tag
2017-08-28 19:27:45 +03:00
device.agent.tag = tag;
2019-03-08 09:47:27 +03:00
db.Set(device);
2017-08-28 19:27:45 +03:00
// Event the node change
2019-10-11 21:16:36 +03:00
var event = { etype: 'node', action: 'changenode', nodeid: obj.dbNodeKey, domain: domain.id, node: parent.CloneSafeNode(device), nolog: 1 };
2019-05-29 03:25:23 +03:00
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the node. Another event will come.
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(device.meshid, [obj.dbNodeKey]), obj, event);
2017-08-28 19:27:45 +03:00
}
}
});
}
2019-06-21 00:27:57 +03:00
// Generate a random Intel AMT password
function checkAmtPassword(p) { return (p.length > 7) && (/\d/.test(p)) && (/[a-z]/.test(p)) && (/[A-Z]/.test(p)) && (/\W/.test(p)); }
function getRandomAmtPassword() { var p; do { p = Buffer.from(parent.crypto.randomBytes(9), 'binary').toString('base64').split('/').join('@'); } while (checkAmtPassword(p) == false); return p; }
2017-08-28 19:27:45 +03:00
return obj;
2018-08-30 03:40:30 +03:00
};