AMT manager improvements.

This commit is contained in:
Ylian Saint-Hilaire 2020-10-07 23:13:45 -07:00
parent a435d57be5
commit bd61bfe2d0
3 changed files with 30 additions and 27 deletions

View File

@ -1,11 +1,11 @@
/** /** m
* @description Intel(r) AMT WSMAN communication using Node.js TLS * @description Intel(r) AMT WSMAN communication using Node.js TLS
* @author Ylian Saint-Hilaire/Joko Sastriawan * @author Ylian Saint-Hilaire/Joko Sastriawan
* @version v0.2.0b * @version v0.2.0b
*/ */
// Construct a MeshServer object // Construct a MeshServer object
var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mode) { var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, transportServer) {
//console.log('CreateWsmanComm', host, port, user, pass, tls, tlsoptions); //console.log('CreateWsmanComm', host, port, user, pass, tls, tlsoptions);
var obj = {}; var obj = {};
@ -38,7 +38,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mode) {
obj.pass = pass; obj.pass = pass;
obj.xtls = tls; obj.xtls = tls;
obj.xtlsoptions = tlsoptions; obj.xtlsoptions = tlsoptions;
obj.mode = mode; // 1 = Direct, 2 = CIRA, 3 = APF relay obj.transportServer = transportServer; // This can be a CIRA or APF server, if null, local sockets are used as transport.
obj.xtlsFingerprint; obj.xtlsFingerprint;
obj.xtlsCertificate = null; obj.xtlsCertificate = null;
obj.xtlsCheck = 0; // 0 = No TLS, 1 = CA Checked, 2 = Pinned, 3 = Untrusted obj.xtlsCheck = 0; // 0 = No TLS, 1 = CA Checked, 2 = Pinned, 3 = Untrusted
@ -166,34 +166,32 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mode) {
obj.socketState = 1; obj.socketState = 1;
obj.kerberosDone = 0; obj.kerberosDone = 0;
if ((obj.parent != null) && ((obj.mode === 2) || (obj.mode === 3))) { // CIRA and APF if (obj.transportServer != null) {
if (obj.mode == 2) { // CIRA // CIRA or APF server
var ciraconn = obj.parent.mpsserver.ciraConnections[obj.host]; obj.socket = obj.transportServer.SetupCiraChannelToHost(obj.host, obj.port);
obj.socket = obj.parent.mpsserver.SetupCiraChannel(ciraconn, obj.port); if (obj.socket == null) {
} else { // APF try { obj.xxOnSocketClosed(); } catch (e) { }
var apfconn = obj.parent.apfserver.apfConnections[obj.host]; } else {
obj.socket = obj.parent.apfserver.SetupCiraChannel(apfconn, obj.port); obj.socket.onData = function (ccon, data) { obj.xxOnSocketData(data); }
} obj.socket.onStateChange = function (ccon, state) {
obj.socket.onData = function (ccon, data) { obj.xxOnSocketData(data); } if (state == 0) {
obj.socket.onStateChange = function (ccon, state) { // Channel closed
if (state == 0) {
try {
obj.socketParseState = 0; obj.socketParseState = 0;
obj.socketAccumulator = ''; obj.socketAccumulator = '';
obj.socketHeader = null; obj.socketHeader = null;
obj.socketData = ''; obj.socketData = '';
obj.socketState = 0; obj.socketState = 0;
obj.xxOnSocketClosed(); try { obj.xxOnSocketClosed(); } catch (e) { }
} catch (e) { } } else if (state == 2) {
} else if (state == 2) { // Channel open success
// channel open success obj.xxOnSocketConnected();
obj.xxOnSocketConnected(); }
} }
} }
} else { } else {
// Direct connection // Direct connection
if (obj.xtls != 1) { if (obj.xtls != 1) {
// Connect without TLS // Direct connect without TLS
obj.socket = new obj.net.Socket(); obj.socket = new obj.net.Socket();
obj.socket.setEncoding('binary'); obj.socket.setEncoding('binary');
obj.socket.setTimeout(6000); // Set socket idle timeout obj.socket.setTimeout(6000); // Set socket idle timeout
@ -203,7 +201,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mode) {
obj.socket.on('error', obj.xxOnSocketClosed); obj.socket.on('error', obj.xxOnSocketClosed);
obj.socket.connect(obj.port, obj.host, obj.xxOnSocketConnected); obj.socket.connect(obj.port, obj.host, obj.xxOnSocketConnected);
} else { } else {
// Connect with TLS // Direct connect with TLS
var options = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false }; var options = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
if (obj.xtlsMethod != 0) { options.secureProtocol = 'TLSv1_method'; } if (obj.xtlsMethod != 0) { options.secureProtocol = 'TLSv1_method'; }
if (obj.xtlsoptions) { if (obj.xtlsoptions) {
@ -231,7 +229,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mode) {
obj.xxOnSocketConnected = function () { obj.xxOnSocketConnected = function () {
if (obj.socket == null) return; if (obj.socket == null) return;
// check TLS certificate for webrelay and direct only // check TLS certificate for webrelay and direct only
if (((obj.mode == null) || (obj.mode < 2)) && (obj.xtls == 1)) { if ((obj.transportServer == null) && (obj.xtls == 1)) {
obj.xtlsCertificate = obj.socket.getPeerCertificate(); obj.xtlsCertificate = obj.socket.getPeerCertificate();
// ###BEGIN###{Certificates} // ###BEGIN###{Certificates}
@ -350,7 +348,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mode) {
if (isNaN(s)) s = 500; if (isNaN(s)) s = 500;
if (s == 401 && ++(obj.authcounter) < 3) { if (s == 401 && ++(obj.authcounter) < 3) {
obj.challengeParams = obj.parseDigest(header['www-authenticate']); // Set the digest parameters, after this, the socket will close and we will auto-retry obj.challengeParams = obj.parseDigest(header['www-authenticate']); // Set the digest parameters, after this, the socket will close and we will auto-retry
if (obj.mode == 1) { obj.socket.end(); } if (obj.transportServer == null) { obj.socket.end(); }
} else { } else {
var r = obj.pendingAjaxCall.shift(); var r = obj.pendingAjaxCall.shift();
if (r == null || r.length < 1) { console.log("pendingAjaxCall error, " + r); return; } if (r == null || r.length < 1) { console.log("pendingAjaxCall error, " + r); return; }
@ -366,7 +364,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mode) {
obj.xxOnSocketClosed = function () { obj.xxOnSocketClosed = function () {
//obj.Debug("xxOnSocketClosed"); //obj.Debug("xxOnSocketClosed");
obj.socketState = 0; obj.socketState = 0;
if (((obj.mode == null) || (obj.mode == 1)) && (obj.socket != null)) { obj.socket.destroy(); obj.socket = null; } if ((obj.transportServer == null) && (obj.socket != null)) { obj.socket.destroy(); obj.socket = null; }
if (obj.pendingAjaxCall.length > 0) { if (obj.pendingAjaxCall.length > 0) {
var r = obj.pendingAjaxCall.shift(), retry = r[5]; var r = obj.pendingAjaxCall.shift(), retry = r[5];
setTimeout(function () { obj.PerformAjaxExNodeJS2(r[0], r[1], r[2], r[3], r[4], --retry) }, 500); // Wait half a second and try again setTimeout(function () { obj.PerformAjaxExNodeJS2(r[0], r[1], r[2], r[3], r[4], --retry) }, 500); // Wait half a second and try again
@ -374,7 +372,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mode) {
} }
obj.xxOnSocketTimeout = function () { obj.xxOnSocketTimeout = function () {
if (((obj.mode == null) || (obj.mode == 1)) && (obj.socket != null)) { obj.socket.destroy(); obj.socket = null; } if ((obj.transportServer == null) && (obj.socket != null)) { obj.socket.destroy(); obj.socket = null; }
} }
// NODE.js specific private method // NODE.js specific private method

View File

@ -30,7 +30,6 @@ function WsmanStackCreateService(comm)
obj.Address = '/wsman'; obj.Address = '/wsman';
obj.xmlParser = require('./amt-xml.js'); obj.xmlParser = require('./amt-xml.js');
obj.comm = comm; obj.comm = comm;
obj.comm.parent = obj;
obj.PerformAjax = function PerformAjax(postdata, callback, tag, pri, namespaces) { obj.PerformAjax = function PerformAjax(postdata, callback, tag, pri, namespaces) {
if (namespaces == null) namespaces = ''; if (namespaces == null) namespaces = '';

View File

@ -866,6 +866,12 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) {
} }
} }
obj.SetupCiraChannelToHost = function (host, targetport) {
var ciraconn = obj.parent.mpsserver.ciraConnections[host];
if (ciraconn == null) return null;
return obj.SetupCiraChannel(ciraconn, targetport);
}
obj.SetupCiraChannel = function (socket, targetport) { obj.SetupCiraChannel = function (socket, targetport) {
var sourceport = (socket.tag.nextsourceport++ % 30000) + 1024; var sourceport = (socket.tag.nextsourceport++ % 30000) + 1024;
var cirachannel = { targetport: targetport, channelid: socket.tag.nextchannelid++, socket: socket, state: 1, sendcredits: 0, amtpendingcredits: 0, amtCiraWindow: 0, ciraWindow: 32768 }; var cirachannel = { targetport: targetport, channelid: socket.tag.nextchannelid++, socket: socket, state: 1, sendcredits: 0, amtpendingcredits: 0, amtCiraWindow: 0, ciraWindow: 32768 };