diff --git a/agents/MeshService.exe b/agents/MeshService.exe index 7c2f3064..61cd8e71 100644 Binary files a/agents/MeshService.exe and b/agents/MeshService.exe differ diff --git a/agents/meshcore.js b/agents/meshcore.js index 4e9a6190..df5338b4 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -668,7 +668,9 @@ function createMeshCore(agent) { break; } case 'info': { // Return information about the agent and agent core module - response = 'Current Core: ' + obj.meshCoreInfo + '.\r\nAgent Time: ' + Date() + '.\r\nUser Rights: 0x' + rights.toString(16) + '.\r\nPlatform Info: ' + process.platform + '.\r\nCapabilities: ' + obj.meshCoreCapabilities + '.\r\nNative Pipes: ' + obj.useNativePipes + '.\r\nServer URL: ' + mesh.ServerUrl + '.'; + response = 'Current Core: ' + obj.meshCoreInfo + '.\r\nAgent Time: ' + Date() + '.\r\nUser Rights: 0x' + rights.toString(16) + '.\r\nPlatform Info: ' + process.platform + '.\r\nCapabilities: ' + obj.meshCoreCapabilities + '.\r\nNative Pipes: ' + obj.useNativePipes + '.\r\nServer URL: ' + mesh.ServerUrl + '.\r\n'; + var oldNodeId = db.Get('OldNodeId'); + if (oldNodeId != null) { response += 'OldNodeID: ' + oldNodeId + '.\r\n'; } break; } case 'selfinfo': { // Return self information block @@ -934,6 +936,8 @@ function createMeshCore(agent) { lastSelfInfo = null; } else { // Server connected, send mesh core information + var oldNodeId = db.Get('OldNodeId'); + if (oldNodeId != null) { mesh.SendCommand({ action: 'mc1migration', oldnodeid: oldNodeId }); } sendPeriodicServerUpdate(true); if (selfInfoUpdateTimer == null) { selfInfoUpdateTimer = setInterval(sendPeriodicServerUpdate, 60000); } // Should be a long time, like 20 minutes. For now, 1 minute. } diff --git a/meshagent.js b/meshagent.js index 624edaf2..b3e520c3 100644 --- a/meshagent.js +++ b/meshagent.js @@ -155,18 +155,27 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { if (obj.parent.webCertificateHash != msg.substring(2, 50)) { console.log('Agent connected with bad web certificate hash, holding connection (' + obj.remoteaddr + ').'); return; } // Use our server private key to sign the ServerHash + AgentNonce + ServerNonce - var privateKey = obj.forge.pki.privateKeyFromPem(obj.parent.certificates.agent.key); + var privateKey, certasn1; + if (obj.useSwarmCert == true) { + // Use older SwarmServer certificate of MC1 + certasn1 = obj.parent.swarmCertificateAsn1; + privateKey = obj.forge.pki.privateKeyFromPem(obj.parent.certificates.swarmserver.key); + } else { + // Use new MC2 certificate + certasn1 = obj.parent.agentCertificateAsn1; + privateKey = obj.forge.pki.privateKeyFromPem(obj.parent.certificates.agent.key); + } var md = obj.forge.md.sha384.create(); md.update(msg.substring(2), 'binary'); md.update(obj.nonce, 'binary'); obj.agentnonce = msg.substring(50); // Send back our certificate + signature - obj.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(parent.agentCertificateAsn1.length) + parent.agentCertificateAsn1 + privateKey.sign(md)); // Command 2, certificate + signature + obj.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(certasn1.length) + certasn1 + privateKey.sign(md)); // Command 2, certificate + signature // Check the agent signature if we can if (obj.unauthsign != null) { - if (processAgentSignature(obj.unauthsign) == false) { console.log('Agent connected with bad signature, holding connection (' + obj.remoteaddr + ').'); return; } else { completeAgentConnection(); } + if (processAgentSignature(obj.unauthsign) == false) { console.log('Agent connected with bad signature, holding connection (' + obj.remoteaddr + ').'); return; } else { completeAgentConnection(); } } } else if (cmd == 2) { @@ -197,12 +206,20 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { obj.agentInfo.agentVersion = obj.common.ReadInt(msg, 10); obj.agentInfo.platformType = obj.common.ReadInt(msg, 14); if (obj.agentInfo.platformType > 6 || obj.agentInfo.platformType < 1) { obj.agentInfo.platformType = 1; } - obj.meshid = new Buffer(msg.substring(18, 66), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$');; + if (msg.substring(50, 66) == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0') { + obj.meshid = new Buffer(msg.substring(18, 50), 'binary').toString('hex'); // Older HEX MeshID + } else { + obj.meshid = new Buffer(msg.substring(18, 66), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // New Base64 MeshID + } + //console.log('MeshID', obj.meshid); obj.agentInfo.capabilities = obj.common.ReadInt(msg, 66); var computerNameLen = obj.common.ReadShort(msg, 70); obj.agentInfo.computerName = msg.substring(72, 72 + computerNameLen); obj.dbMeshKey = 'mesh/' + obj.domain.id + '/' + obj.meshid; completeAgentConnection(); + } else if (cmd == 5) { + // ServerID. Agent is telling us what serverid it expects. Useful if we have many server certificates. + if ((msg.substring(2, 34) == obj.parent.swarmCertificateHash256) || (msg.substring(2, 50) == obj.parent.swarmCertificateHash384)) { obj.useSwarmCert = true; } } } }); @@ -463,6 +480,28 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { } break; } + case 'mc1migration': + { + if (command.oldnodeid.length != 64) break; + var oldNodeKey = 'node//' + command.oldnodeid.toLowerCase(); + obj.db.Get(oldNodeKey, function (err, nodes) { + if (nodes.length != 1) return; + var node = nodes[0]; + if (node.meshid == obj.dbMeshKey) { + // Update the device name & host + ChangeAgentCoreInfo({ name: node.name }); + + // Delete this node including network interface information and events + obj.db.Remove(node._id); + obj.db.Remove('if' + node._id); + + // Event node deletion + var change = 'Migrated device ' + node.name; + obj.parent.parent.DispatchEvent(['*', node.meshid], obj, { etype: 'node', action: 'removenode', nodeid: node._id, msg: change, domain: node.domain }) + } + }); + break; + } } } } @@ -486,6 +525,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { var changes = [], change = 0; // Check if anything changes + if (command.name && (command.name != device.name)) { change = 1; device.name = command.name; changes.push('name'); } if (device.agent.core != command.value) { if ((command.value == null) && (device.agent.core != null)) { delete device.agent.core; } else { device.agent.core = command.value; } change = 1; changes.push('agent core'); } if ((device.agent.caps & 0xFFFFFFE7) != (command.caps & 0xFFFFFFE7)) { device.agent.caps = ((device.agent.caps & 24) + (command.caps & 0xFFFFFFE7)); change = 1; changes.push('agent capabilities'); } // Allow Javascript on the agent to change all capabilities except console and javascript support if (command.intelamt) { diff --git a/swarmserver.js b/swarmserver.js index 4fb4bc70..e2ed5fd8 100644 --- a/swarmserver.js +++ b/swarmserver.js @@ -184,15 +184,19 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) { Debug(3, 'Swarm:NODEPUSH:' + JSON.stringify(nodeblock)); // Figure out what is the next agent version we need. - var nextAgentVersion = 200; // TODO + var nextAgentVersion = 0; + if (nodeblock.agentversion < 200) { nextAgentVersion = 200; } // If less then 200, move to transitional MC1 agent. + if (nodeblock.agentversion == 200) { nextAgentVersion = 201; } // If at 200, move to first MC2 agent. // See if we need to start the agent update - if ((obj.migrationAgents[nodeblock.agenttype] != null) && (obj.migrationAgents[nodeblock.agenttype][nextAgentVersion] != null)) { + if ((nextAgentVersion > 0) && (obj.migrationAgents[nodeblock.agenttype] != null) && (obj.migrationAgents[nodeblock.agenttype][nextAgentVersion] != null)) { // Start the update socket.tag.update = obj.migrationAgents[nodeblock.agenttype][nextAgentVersion]; socket.tag.updatePtr = 0; console.log('Performing legacy agent update from ' + nodeblock.agentversion + '.' + nodeblock.agenttype + ' to ' + socket.tag.update.ver + '.' + socket.tag.update.arch + ' on ' + nodeblock.agentname + '.'); obj.SendCommand(socket, LegacyMeshProtocol.GETSTATE, common.IntToStr(5) + common.IntToStr(0)); // agent.SendQuery(5, 0); // Start the agent download + } else { + console.log('No legacy agent update for ' + nodeblock.agentversion + '.' + nodeblock.agenttype + ' on ' + nodeblock.agentname + '.'); } } break; diff --git a/webserver.js b/webserver.js index a6c059ee..3d534110 100644 --- a/webserver.js +++ b/webserver.js @@ -90,6 +90,11 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate obj.agentCertificateHashHex = parent.certificateOperations.forge.pki.getPublicKeyFingerprint(parent.certificateOperations.forge.pki.certificateFromPem(obj.certificates.agent.cert).publicKey, { md: parent.certificateOperations.forge.md.sha384.create(), encoding: 'hex' }); obj.agentCertificateHashBase64 = new Buffer(parent.certificateOperations.forge.pki.getPublicKeyFingerprint(parent.certificateOperations.forge.pki.certificateFromPem(obj.certificates.agent.cert).publicKey, { md: parent.certificateOperations.forge.md.sha384.create(), encoding: 'binary' }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); obj.agentCertificateAsn1 = parent.certificateOperations.forge.asn1.toDer(parent.certificateOperations.forge.pki.certificateToAsn1(parent.certificateOperations.forge.pki.certificateFromPem(parent.certificates.agent.cert))).getBytes(); + if (parent.certificates.swarmserver != null) { + obj.swarmCertificateAsn1 = parent.certificateOperations.forge.asn1.toDer(parent.certificateOperations.forge.pki.certificateToAsn1(parent.certificateOperations.forge.pki.certificateFromPem(parent.certificates.swarmserver.cert))).getBytes(); + obj.swarmCertificateHash384 = parent.certificateOperations.forge.pki.getPublicKeyFingerprint(parent.certificateOperations.forge.pki.certificateFromPem(obj.certificates.swarmserver.cert).publicKey, { md: parent.certificateOperations.forge.md.sha384.create(), encoding: 'binary' }); + obj.swarmCertificateHash256 = parent.certificateOperations.forge.pki.getPublicKeyFingerprint(parent.certificateOperations.forge.pki.certificateFromPem(obj.certificates.swarmserver.cert).publicKey, { md: parent.certificateOperations.forge.md.sha256.create(), encoding: 'binary' }); + } // Main lists obj.wsagents = {};