mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-22 04:33:16 +03:00
fix: AMT Direct TLS connection and Digest authentication
- fix: ensure TLS is used when TLS is enabled - add constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION for TLS client connection for newer Nodejs - ensure nc of AMT redirection Digest authentication to have at 8 bytes length
This commit is contained in:
parent
270b34a068
commit
b5338b746a
@ -395,7 +395,7 @@ module.exports.CreateRedirInterceptor = function (args) {
|
|||||||
if (obj.amt.digestRealm) {
|
if (obj.amt.digestRealm) {
|
||||||
// Replace this authentication digest with a server created one
|
// Replace this authentication digest with a server created one
|
||||||
// We have everything we need to authenticate
|
// We have everything we need to authenticate
|
||||||
var nc = obj.ws.authCNonceCount;
|
var nc = '0'+ (10000000 + obj.ws.authCNonceCount).toString().substring(1);// set NC at least 8 bytes
|
||||||
obj.ws.authCNonceCount++;
|
obj.ws.authCNonceCount++;
|
||||||
var digest = obj.ComputeDigesthash(obj.args.user, obj.args.pass, obj.amt.digestRealm, 'POST', authurl, obj.amt.digestQOP, obj.amt.digestNonce, nc, obj.ws.authCNonce);
|
var digest = obj.ComputeDigesthash(obj.args.user, obj.args.pass, obj.amt.digestRealm, 'POST', authurl, obj.amt.digestQOP, obj.amt.digestNonce, nc, obj.ws.authCNonce);
|
||||||
|
|
||||||
|
@ -4173,7 +4173,12 @@
|
|||||||
desktop.m.useZRLE = (desktopsettings.encoding < 3);
|
desktop.m.useZRLE = (desktopsettings.encoding < 3);
|
||||||
desktop.m.showmouse = true;
|
desktop.m.showmouse = true;
|
||||||
desktop.m.onScreenSizeChange = function (o, x, y) { if (fullscreen) { QS('deskarea3').width = (x * fullscreenzoom) + 'px'; QS('deskarea3').height = (y * fullscreenzoom) + 'px'; } deskAdjust(); }
|
desktop.m.onScreenSizeChange = function (o, x, y) { if (fullscreen) { QS('deskarea3').width = (x * fullscreenzoom) + 'px'; QS('deskarea3').height = (y * fullscreenzoom) + 'px'; } deskAdjust(); }
|
||||||
|
// Use TLS if TLS is set
|
||||||
|
if (desktopNode.conn==4 && desktopNode.intelamt!=null && desktopNode.intelamt.tls==1) {
|
||||||
|
desktop.Start(desktopNode._id, 16995, '*', '*', 1);
|
||||||
|
} else {
|
||||||
desktop.Start(desktopNode._id, 16994, '*', '*', 0);
|
desktop.Start(desktopNode._id, 16994, '*', '*', 0);
|
||||||
|
}
|
||||||
desktop.contype = 2;
|
desktop.contype = 2;
|
||||||
} else if ((contype == null) || (contype == 1) || ((contype == 3) && (currentNode.agent.id > 4))) {
|
} else if ((contype == null) || (contype == 1) || ((contype == 3) && (currentNode.agent.id > 4))) {
|
||||||
// Setup the Mesh Agent remote desktop
|
// Setup the Mesh Agent remote desktop
|
||||||
|
@ -8904,7 +8904,12 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
// Use TLS if TLS is set
|
||||||
|
if (desktopNode.conn==4 && desktopNode.intelamt!=null && desktopNode.intelamt.tls==1) {
|
||||||
|
desktop.Start(desktopNode._id, 16995, '*', '*', 1);
|
||||||
|
} else {
|
||||||
desktop.Start(desktopNode._id, 16994, '*', '*', 0);
|
desktop.Start(desktopNode._id, 16994, '*', '*', 0);
|
||||||
|
}
|
||||||
desktop.contype = 2;
|
desktop.contype = 2;
|
||||||
} else if ((contype == null) || (contype == 1) || ((contype == 3) && ((currentNode.agent.id > 4) && ((debugmode == null))))) {
|
} else if ((contype == null) || (contype == 1) || ((contype == 3) && ((currentNode.agent.id > 4) && ((debugmode == null))))) {
|
||||||
// Setup the Mesh Agent remote desktop
|
// Setup the Mesh Agent remote desktop
|
||||||
|
@ -4826,7 +4826,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||||||
ws._socket.resume();
|
ws._socket.resume();
|
||||||
} else {
|
} else {
|
||||||
// If TLS is going to be used, setup a TLS socket
|
// If TLS is going to be used, setup a TLS socket
|
||||||
var tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
|
var tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
|
||||||
if (req.query.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
|
if (req.query.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
|
||||||
ws.forwardclient = obj.tls.connect(port, node.host, tlsoptions, function () {
|
ws.forwardclient = obj.tls.connect(port, node.host, tlsoptions, function () {
|
||||||
// The TLS connection method is the same as TCP, but located a bit differently.
|
// The TLS connection method is the same as TCP, but located a bit differently.
|
||||||
|
Loading…
Reference in New Issue
Block a user