Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-12-22 21:31:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Security improvements.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2020-09-22 14:25:22 -07:00
parent fcf7e3eaaf
commit c65098c6fa
7 changed files with 40 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agents/meshcore.js
View File

@ -3067,7 +3067,7 @@ function createMeshCore(agent) {
if (args['_'].length < 1) {
response = 'Proper usage: eval "JavaScript code"'; // Display correct command usage
} else {
response = JSON.stringify(mesh.eval(args['_'][0]));
response = JSON.stringify(mesh.eval(args['_'][0])); // This can only be run by trusted administrator.
}
break;
}

9
agents/modules_meshcore/amt-manage.js
View File

@ -560,14 +560,15 @@ function AmtManager(agent, db, isdebug) {
// Activate Intel AMT to CCM
//
function makePass(length) {
var text = "", possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for (var i = 0; i < length; i++) { text += possible.charAt(Math.floor(Math.random() * possible.length)); }
obj.makePass = function(length) {
var buf = Buffer.alloc(length), text = "", possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
buf.randomFill(); // Fills buffer with secure random from OpenSSL.
for (var i = 0; i < length; i++) { text += possible.charAt(buf[i] % possible.length); }
return text;
}
obj.activeToCCM = function (adminpass) {
if ((adminpass == null) || (adminpass == '')) { adminpass = 'P@0s' + makePass(23); }
if ((adminpass == null) || (adminpass == '')) { adminpass = 'P@0s' + obj.makePass(23); }
intelAmtAdminPass = adminpass;
if (osamtstack != null) {
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToCCMEx2, adminpass);

12
amt/amt-wsman-comm.js
View File

@ -17,12 +17,6 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, parent,
obj.noncecounter = 1;
obj.authcounter = 0;
obj.Address = '/wsman';
obj.challengeParams = null;
obj.noncecounter = 1;
obj.authcounter = 0;
obj.cnonce = Math.random().toString(36).substring(7); // Generate a random client nonce
obj.net = require('net');
obj.tls = require('tls');
obj.crypto = require('crypto');
@ -32,6 +26,12 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, parent,
obj.kerberosDone = 0;
obj.amtVersion = null;
obj.Address = '/wsman';
obj.challengeParams = null;
obj.noncecounter = 1;
obj.authcounter = 0;
obj.cnonce = obj.crypto.randomBytes(16).toString('hex'); // Generate a random client nonce
obj.host = host;
obj.port = port;
obj.user = user;

4
certoperations.js
View File

@ -307,7 +307,7 @@ module.exports.CertificateOperations = function (parent) {
var keys = obj.pki.rsa.generateKeyPair({ bits: (strong == true) ? 3072 : 2048, e: 0x10001 });
var cert = obj.pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = String(Math.floor((Math.random() * 100000) + 1));
cert.serialNumber = require('crypto').randomInt(1, 100000);
cert.validity.notBefore = new Date(2018, 0, 1);
cert.validity.notAfter = new Date(2049, 11, 31);
if (addThumbPrintToName === true) { commonName += '-' + obj.pki.getPublicKeyFingerprint(cert.publicKey, { encoding: 'hex' }).substring(0, 6); }
@ -329,7 +329,7 @@ module.exports.CertificateOperations = function (parent) {
var keys = obj.pki.rsa.generateKeyPair({ bits: (strong == true) ? 3072 : 2048, e: 0x10001 });
var cert = obj.pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = String(Math.floor((Math.random() * 100000) + 1));
cert.serialNumber = require('crypto').randomInt(1, 100000);
cert.validity.notBefore = new Date(2018, 0, 1);
cert.validity.notAfter = new Date(2049, 11, 31);
if (addThumbPrintToName === true) { commonName += "-" + obj.pki.getPublicKeyFingerprint(cert.publicKey, { encoding: 'hex' }).substring(0, 6); }

9
common.js
View File

@ -96,7 +96,7 @@ module.exports.data2blob = function (data) {
};
// Generate random numbers
module.exports.random = function (max) { return Math.floor(Math.random() * max); };
module.exports.random = function (max) { require('crypto').randomInt(0, max); };
// Split a comma seperated string, ignoring commas in quotes.
module.exports.quoteSplit = function (str) {
@ -187,13 +187,6 @@ module.exports.checkPasswordRequirements = function(password, requirements) {
// Limits the number of tasks running to a fixed limit placing the rest in a pending queue.
// This is useful to limit the number of agents upgrading at the same time, to not swamp
// the network with traffic.
// taskLimiterQueue.launch(somethingToDo, argument, priority);
//
// function somethingToDo(argument, taskid, taskLimiterQueue) {
// setTimeout(function () { taskLimiterQueue.completed(taskid); }, Math.random() * 2000);
// }
module.exports.createTaskLimiterQueue = function (maxTasks, maxTaskTime, cleaningInterval) {
var obj = { maxTasks: maxTasks, maxTaskTime: (maxTaskTime * 1000), nextTaskId: 0, currentCount: 0, current: {}, pending: [[], [], []], timer: null };

2
multiserver.js
View File

@ -172,7 +172,7 @@ module.exports.CreateMultiServer = function (parent, args) {
// Get the next retry time in milliseconds
function getConnectRetryTime() {
if (obj.retryBackoff < 30000) { obj.retryBackoff += Math.floor((Math.random() * 3000) + 1000); }
if (obj.retryBackoff < 30000) { obj.retryBackoff += require('crypto').randomInt(1000, 4000); }
return obj.retryBackoff;
}

50
views/default.handlebars
View File

@ -2301,27 +2301,23 @@
if (message.trustedCert == true) {
// Trusted certificate, use HTTPS port.
var rdpurl = window.location.origin + domainUrl + 'clickonce/minirouter/MeshMiniRouter.application?WS=wss%3A%2F%2F' + window.location.hostname + '%2Fmeshrelay.ashx%3Fauth=' + message.cookie + '&CH={{{webcerthash}}}&AP=' + message.protocol + ((debugmode == 1) ? '' : '&HOL=1');
var newWindow = window.open(rdpurl, '_blank');
newWindow.opener = null;
safeNewWindow(rdpurl, '_blank');
} else {
// Not a trusted certificate, use HTTP port.
var basicPort = ('{{{serverRedirPort}}}'.toLowerCase() == '') ? '{{{serverPublicPort}}}' : '{{{serverRedirPort}}}';
var rdpurl = 'http://' + window.location.hostname + ':' + basicPort + domainUrl + 'clickonce/minirouter/MeshMiniRouter.application?WS=wss%3A%2F%2F' + window.location.hostname + '%2Fmeshrelay.ashx%3Fauth=' + message.cookie + '&CH={{{webcerthash}}}&AP=' + message.protocol + ((debugmode == 1) ? '' : '&HOL=1');
var newWindow = window.open(rdpurl, '_blank');
newWindow.opener = null;
safeNewWindow(rdpurl, '_blank');
}
} else if (message.tag == 'novnc') {
var vncurl = window.location.origin + domainUrl + 'novnc/vnc.html?ws=wss%3A%2F%2F' + window.location.host + encodeURIComponentEx(domainUrl) + 'meshrelay.ashx%3Fauth%3D' + message.cookie + '&show_dot=1' + (urlargs.key?('&key=' + urlargs.key):'') + '&l={{{lang}}}';
var node = getNodeFromId(message.nodeid);
if (node != null) { vncurl += '&name=' + encodeURIComponentEx(node.name); }
var newWindow = window.open(vncurl, 'mcnovnc/' + message.nodeid);
newWindow.opener = null;
safeNewWindow(vncurl, 'mcnovnc/' + message.nodeid);
} else if (message.tag == 'mstsc') {
var rdpurl = window.location.origin + domainUrl + 'mstsc.html?ws=' + message.cookie + (urlargs.key?('&key=' + urlargs.key):'');
var node = getNodeFromId(message.nodeid);
if (node != null) { rdpurl += '&name=' + encodeURIComponentEx(node.name); }
var newWindow = window.open(rdpurl, 'mcmstsc/' + message.nodeid);
newWindow.opener = null;
safeNewWindow(rdpurl, 'mcmstsc/' + message.nodeid);
}
break;
}
@ -3014,7 +3010,7 @@
if (message.consent & 64) { y.push("Privacy bar"); }
if (y.length == 0) { y.push("None"); }
x += addHtmlValue("User Consent", y.join(', '));
x += '<div id=agentInvitationLinkDiv style="text-align:center;font-size:large;margin:16px"><a href="' + message.url + '" id=agentInvitationLink target="_blank" style=cursor:pointer>' + "Remote Desktop Link" + '</a> <img src=images/link4.png height=10 width=10 title="' + "Copy link to clipboard" + '" style=cursor:pointer onclick=d2CopyInviteToClip()></div></div>';
x += '<div id=agentInvitationLinkDiv style="text-align:center;font-size:large;margin:16px"><a href="' + message.url + '" id=agentInvitationLink rel="noreferrer noopener" target="_blank" style=cursor:pointer>' + "Remote Desktop Link" + '</a> <img src=images/link4.png height=10 width=10 title="' + "Copy link to clipboard" + '" style=cursor:pointer onclick=d2CopyInviteToClip()></div></div>';
setDialogMode(2, "Share Device", 1, null, x);
break;
}
@ -4133,7 +4129,7 @@
x += '<div id=urlInviteDiv>' + format("Invite someone to install the mesh agent by sharing an invitation link. This link points the user to installation instructions for the \"{0}\" device group. The link is public and no account for this server is needed.", EscapeHtml(mesh.name)) + '<br /><br />';
x += addHtmlValue("Link Expiration", '<select id=d2inviteExpire style=width:236px onchange=d2RequestInvitationLink()><option value=1>' + "1 hour" + '</option><option value=8>' + "8 hours" + '</option><option value=24>' + "1 day" + '</option><option value=168>' + "1 week" + '</option><option value=5040>' + "1 month" + '</option><option value=0>' + "Unlimited" + '</option></select>');
x += addHtmlValue("Installation Type", '<select id=d2agentInviteType style=width:236px onchange=d2RequestInvitationLink()><option value=0>' + "Background and interactive" + '</option><option value=2>' + "Background only" + '</option><option value=1>' + "Interactive only" + '</option></select>');
x += '<div id=agentInvitationLinkDiv style="text-align:center;font-size:large;margin:16px;display:none"><a href=# id=agentInvitationLink target="_blank" style=cursor:pointer></a> <img src=images/link4.png height=10 width=10 title="' + "Copy link to clipboard" + '" style=cursor:pointer onclick=d2CopyInviteToClip()></div></div>';
x += '<div id=agentInvitationLinkDiv style="text-align:center;font-size:large;margin:16px;display:none"><a href=# id=agentInvitationLink rel="noreferrer noopener" target="_blank" style=cursor:pointer></a> <img src=images/link4.png height=10 width=10 title="' + "Copy link to clipboard" + '" style=cursor:pointer onclick=d2CopyInviteToClip()></div></div>';
setDialogMode(2, "Invite", 3, performAgentInvite, x, meshid);
if (features & 64) { Q('d2InviteType').focus(); d2ChangedInviteType(); } else { Q('d2inviteExpire').focus(); validateAgentInvite(); }
d2RequestInvitationLink();
@ -4710,7 +4706,7 @@
var panel = [0, 10, 12, 11, 13, 16, 17, 15, 19][action]; // (invalid), General, Desktop, Terminal, Files, Events, Console, Plugin
if (event && (event.shiftKey == true)) {
// Open the device in a different tab
window.open(window.location.origin + '?node=' + nodeid.split('/')[2] + '&viewmode=' + panel + '&hide=16', 'meshcentral:' + nodeid);
safeNewWindow(window.location.origin + '?node=' + nodeid.split('/')[2] + '&viewmode=' + panel + '&hide=16', 'meshcentral:' + nodeid);
} else {
// Go to the right panel
gotoDevice(nodeid, panel);
@ -4810,7 +4806,7 @@
function cmdeskplayeraction(action) {
if (xxdialogMode) return;
window.open(window.location.origin + '{{{domainurl}}}player.htm', 'meshcentral-deskplayer');
safeNewWindow(window.location.origin + '{{{domainurl}}}player.htm', 'meshcentral-deskplayer');
}
function p13deletefileCm(b, file) {
@ -5471,7 +5467,7 @@
if (event && (event.shiftKey == true)) {
// Open the device in a different tab
window.open(window.location.origin + '?node=' + nodeid.split('/')[2] + '&viewmode=10&hide=16', 'meshcentral:' + nodeid);
safeNewWindow(window.location.origin + '?node=' + nodeid.split('/')[2] + '&viewmode=10&hide=16', 'meshcentral:' + nodeid);
return;
}
@ -5972,9 +5968,9 @@
var url = '/messenger?id=meshmessenger/' + encodeURIComponentEx(currentNode._id) + '/' + encodeURIComponentEx(userinfo._id) + '&title=' + currentNode.name;
if ((authCookie != null) && (authCookie != '')) { url += '&auth=' + authCookie; }
if (e && (e.shiftKey == true)) {
window.open(url, 'meshmessenger:' + currentNode._id);
safeNewWindow(url, 'meshmessenger:' + currentNode._id);
} else {
window.open(url, 'meshmessenger:' + currentNode._id, 'directories=no,titlebar=no,toolbar=no,location=no,status=no,menubar=no,scrollbars=no,resizable=no,width=400,height=560');
safeNewWindow(url, 'meshmessenger:' + currentNode._id, 'directories=no,titlebar=no,toolbar=no,location=no,status=no,menubar=no,scrollbars=no,resizable=no,width=400,height=560');
}
meshserver.send({ action: 'meshmessenger', nodeid: decodeURIComponent(currentNode._id) });
}
@ -6386,7 +6382,7 @@
var node = getNodeFromId(nodeid);
if (node == null) return;
if ([1, 2, 3, 4, 21, 22].indexOf(node.agent.id) >= 0) { url += '&os=win'; } else { url += '&os=linux'; }
window.open(url, 'xterm:' + nodeid);
safeNewWindow(url, 'xterm:' + nodeid);
return false;
}
@ -10060,7 +10056,7 @@
if (meshrights & 1) {
// We can edit the mesh invite codes
var x = "When enabled, invitation codes can be used by anyone to join devices to this device group using the following public link:" + '<br /><br />';
x += '<div style=width:100%;text-align:center><a target=_blank href="' + url + '">' + url + '</a></div><br />';
x += '<div style=width:100%;text-align:center><a rel="noreferrer noopener" target=_blank href="' + url + '">' + url + '</a></div><br />';
x += '<div style=margin-bottom:5px><label><input id=agentJoinCheck type=checkbox onclick=p20editmeshInviteCodeValidate() />' + "Enable Invite Codes" + '</label></div>';
x += addHtmlValue("Invite Codes", '<input id=agentInviteCode style=width:236px onkeyup=p20editmeshInviteCodeValidate() placeholder="code1, code2, code3" />');
x += addHtmlValue("Installation Type", '<select id=agentInviteType style=width:236px><option value=0>' + "Background and interactive" + '</option><option value=2>' + "Background only" + '</option><option value=1>' + "Interactive only" + '</option></select>');
@ -10074,7 +10070,7 @@
} else {
// View codes only
var x = "Invitation codes can be used by anyone to join devices to this device group using the following public link:" + '<br /><br />';
x += '<div style=width:100%;text-align:center><a target=_blank href="' + url + '">' + url + '</a></div><br />';
x += '<div style=width:100%;text-align:center><a rel="noreferrer noopener" target=_blank href="' + url + '">' + url + '</a></div><br />';
x += addHtmlValue("Invite Codes", currentMesh.invite.codes.join(', '));
x += addHtmlValue("Installation Type", ["Background and interactive", "Background only", "Interactive only"][currentMesh.invite.flags & 3]);
setDialogMode(2, "Invite Codes", 1, null, x);
@ -11057,7 +11053,7 @@
haltEvent(e);
var url = '/messenger?id=meshmessenger/' + userid + '/' + encodeURIComponentEx(userinfo._id) + '&title=' + name;
if ((authCookie != null) && (authCookie != '')) { url += '&auth=' + authCookie; }
window.open(url, 'meshmessenger:' + userid);
safeNewWindow(url, 'meshmessenger:' + userid);
meshserver.send({ action: 'meshmessenger', userid: decodeURIComponent(userid) });
return false;
}
@ -12408,7 +12404,7 @@
}
function refreshRecodings() { meshserver.send({ action: 'recordings', limit: 1000 }); }
function openRecodringPlayer() { if (!xxdialogMode) window.open(window.location.origin + '{{{domainurl}}}player.htm', 'meshcentral-deskplayer'); }
function openRecodringPlayer() { if (!xxdialogMode) safeNewWindow(window.location.origin + '{{{domainurl}}}player.htm', 'meshcentral-deskplayer'); }
function p52updateInfo() {
var elements = document.getElementsByClassName('RecordingCheckbox'), checkcount = 0;
for (var i=0;i<elements.length;i++) { if (elements[i].checked === true) { checkcount++; } }
@ -12582,7 +12578,7 @@
else gotoDevice(n.nodeid, 10); // General
} else {
if ((n.tag != null) && n.tag.startsWith('meshmessenger/')) {
window.open('/messenger?id=' + n.tag + '&title=' + encodeURIComponentEx(n.username), n.tag.split('/')[2]);
safeNewWindow('/messenger?id=' + n.tag + '&title=' + encodeURIComponentEx(n.username), n.tag.split('/')[2]);
notificationDelete(id);
}
}
@ -13007,15 +13003,15 @@
if (event && (event.shiftKey == true) && (x != 15) && ('{{{currentNode}}}'.toLowerCase() == '')) {
// Open the device in a different tab
if ((x >= 10) && (x <= 19)) {
if (currentNode) { window.open(window.location.origin + '{{{domainurl}}}' + '?gotonode=' + currentNode._id.split('/')[2] + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentNode._id); }
if (currentNode) { safeNewWindow(window.location.origin + '{{{domainurl}}}' + '?gotonode=' + currentNode._id.split('/')[2] + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentNode._id); }
} else if ((x >= 20) && (x <= 29)) {
if (currentMesh) { window.open(window.location.origin + '{{{domainurl}}}' + '?gotomesh=' + currentMesh._id.split('/')[2] + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentMesh._id); }
if (currentMesh) { safeNewWindow(window.location.origin + '{{{domainurl}}}' + '?gotomesh=' + currentMesh._id.split('/')[2] + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentMesh._id); }
} else if ((x >= 30) && (x <= 39)) {
if (currentUser) { window.open(window.location.origin + '{{{domainurl}}}' + '?gotouser=' + ((serverinfo.crossDomain)?currentUser._id:currentUser._id.split('/')[2]) + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentUser._id); }
if (currentUser) { safeNewWindow(window.location.origin + '{{{domainurl}}}' + '?gotouser=' + ((serverinfo.crossDomain)?currentUser._id:currentUser._id.split('/')[2]) + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentUser._id); }
} else if ((x >= 50) && (x <= 59)) {
if (currentUserGroup) { window.open(window.location.origin + '{{{domainurl}}}' + '?gotougrp=' + ((serverinfo.crossDomain)?currentUserGroup._id:currentUserGroup._id.split('/')[2]) + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentUserGroup._id); }
if (currentUserGroup) { safeNewWindow(window.location.origin + '{{{domainurl}}}' + '?gotougrp=' + ((serverinfo.crossDomain)?currentUserGroup._id:currentUserGroup._id.split('/')[2]) + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentUserGroup._id); }
} else { // if (x < 10))
window.open(window.location.origin + '{{{domainurl}}}' + '?viewmode=' + x + '&hide=0', 'meshcentral:' + x);
safeNewWindow(window.location.origin + '{{{domainurl}}}' + '?viewmode=' + x + '&hide=0', 'meshcentral:' + x);
}
return;
}
@ -13542,6 +13538,8 @@
function encodeURIComponentEx(txt) { return encodeURIComponent(txt).replace(/'/g,'%27'); };
function getUserName(userid) { if (users && users[userid] != null) return users[userid].name; return userid.split('/')[2]; }
function round(value, precision) { var multiplier = Math.pow(10, precision || 0); return Math.round(value * multiplier) / multiplier; }
function safeNewWindow(url, target) { var newWindow = window.open(url, target, 'noopener,noreferrer'); if (newWindow) { newWindow.opener = null; } }
</script>
</body>
</html>