diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe index 99272875..a2d1c4ac 100644 Binary files a/agents/MeshCmd-signed.exe and b/agents/MeshCmd-signed.exe differ diff --git a/agents/MeshCmd64-signed.exe b/agents/MeshCmd64-signed.exe index 22628b31..aa399cf2 100644 Binary files a/agents/MeshCmd64-signed.exe and b/agents/MeshCmd64-signed.exe differ diff --git a/agents/MeshService-signed.exe b/agents/MeshService-signed.exe index bd153d66..44f3efd1 100644 Binary files a/agents/MeshService-signed.exe and b/agents/MeshService-signed.exe differ diff --git a/agents/MeshService.exe b/agents/MeshService.exe index 749efce1..e147c080 100644 Binary files a/agents/MeshService.exe and b/agents/MeshService.exe differ diff --git a/agents/MeshService64-signed.exe b/agents/MeshService64-signed.exe index 95786b41..bfc0fadc 100644 Binary files a/agents/MeshService64-signed.exe and b/agents/MeshService64-signed.exe differ diff --git a/agents/MeshService64.exe b/agents/MeshService64.exe index 1b75648c..33aa1e24 100644 Binary files a/agents/MeshService64.exe and b/agents/MeshService64.exe differ diff --git a/agents/hashagents.txt b/agents/hashagents.txt index 455defee..545683ba 100644 --- a/agents/hashagents.txt +++ b/agents/hashagents.txt @@ -1,7 +1,7 @@ 3: MeshService-signed.exe -16BA1ABBE4B84FC9A478E75361CF164FCEA4D4F53EC55BA7678696115C62CD1BB385E07FA7A5359F8600C0B0957D392A +6FF49B8B81A503262F8CEB34A576862D9ED1F4B0F5FBB669887583C6CA5FF9D8581C900F6747755A45EE3E30E9F7E2D1 4: MeshService64-signed.exe -DBEF331A4332EBC3A3EFB9536DF39DBDBBB31650FD8502236753961F7CF2F3B4F36A897AB752D5181CDDEDD1EFB93297 +F51ADCD0AC511927BD3C18325FDD3750763A007A52AAF694E576B11F4D0FBEE06586179BED1AB7BA3BA7063BD2034B9C 5: meshagent_x86 08554B5CD498718781371208D91BA42B41A92E704D14F1A4352B9A12BF73426368A6C542362372AD80EC80631D644434 6: meshagent_x86-64 diff --git a/agents/recoverycore.js b/agents/recoverycore.js index c14d570d..093114ac 100644 --- a/agents/recoverycore.js +++ b/agents/recoverycore.js @@ -287,7 +287,7 @@ function getServerTargetUrlEx(url) { require('MeshAgent').on('Connected', function () { require('os').name().then(function (v) { - sendConsoleText("Mesh Agent Receovery Console, OS: " + v); + //sendConsoleText("Mesh Agent Receovery Console, OS: " + v); require('MeshAgent').SendCommand(meshCoreObj); }); }); diff --git a/meshagent.js b/meshagent.js index 44315624..a7d86e67 100644 --- a/meshagent.js +++ b/meshagent.js @@ -167,7 +167,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { // If we have a core, use it. if (corename != null) { const meshcorehash = parent.parent.defaultMeshCoresHash[corename]; - if (agentMeshCoreHash != meshcorehash) { + if ((agentMeshCoreHash != meshcorehash) || (obj.agentCoreUpdate === true)) { if ((obj.agentCoreCheck < 5) || (obj.agentCoreCheck == 1001)) { if (meshcorehash == null) { // Clear the core @@ -187,7 +187,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { obj.agentCoreUpdatePending = true; parent.parent.taskLimiter.launch(function (argument, taskid, taskLimiterQueue) { if (obj.authenticated == 2) { - // Send the updated code. + // Send the updated core. delete obj.agentCoreUpdatePending; obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + argument.hash + argument.core, function () { parent.parent.taskLimiter.completed(taskid); }); // MeshCommand_CoreModule, start core update parent.agentStats.updatingCoreCount++; @@ -234,7 +234,15 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { else if (cmdid == 12) { // MeshCommand_AgentHash if ((msg.length == 52) && (obj.agentExeInfo != null) && (obj.agentExeInfo.update == true)) { const agenthash = msg.substring(4); - if (compareAgentBinaryHash(obj.agentExeInfo, agenthash)) { + const agentUpdateMethod = compareAgentBinaryHash(obj.agentExeInfo, agenthash) + if (agentUpdateMethod === 2) { // Use meshcore agent update system + // Send the recovery core to the agent, if the agent is capable of running one + if (((obj.agentInfo.capabilities & 16) != 0) && (parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].core != null)) { + obj.agentCoreCheck = 1001; + obj.agentCoreUpdate = true; + obj.sendBinary(common.ShortToStr(11) + common.ShortToStr(0)); // Command 11, ask for mesh core hash. + } + } else if (agentUpdateMethod === 1) { // Use native agent update system // Mesh agent update required, do it using task limiter so not to flood the network. Medium priority task. parent.parent.taskLimiter.launch(function (argument, taskid, taskLimiterQueue) { if (obj.authenticated != 2) { parent.parent.taskLimiter.completed(taskid); return; } // If agent disconnection, complete and exit now. @@ -516,6 +524,9 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { } else if (cmd == 5) { // ServerID. Agent is telling us what serverid it expects. Useful if we have many server certificates. if ((msg.substring(2, 34) == parent.swarmCertificateHash256) || (msg.substring(2, 50) == parent.swarmCertificateHash384)) { obj.useSwarmCert = true; } + } else if (cmd == 30) { + // Agent Commit Date. This is future proofing. Can be used to change server behavior depending on the date range of the agent. + //console.log('Connected Agent Commit Date: ' + msg.substring(2) + ", " + Date.parse(msg.substring(2))); } } }); @@ -531,11 +542,13 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { //console.log('Agent disconnect ' + obj.nodeid + ' (' + obj.remoteaddrport + ') id=' + agentId); parent.parent.debug('agent', 'Agent disconnect ' + obj.nodeid + ' (' + obj.remoteaddrport + ') id=' + agentId); - // Log the agent disconnection - if (parent.wsagentsDisconnections[obj.nodeid] == null) { - parent.wsagentsDisconnections[obj.nodeid] = 1; - } else { - parent.wsagentsDisconnections[obj.nodeid] = ++parent.wsagentsDisconnections[obj.nodeid]; + // Log the agent disconnection if we are not testing agent update + if (args.agentupdatetest !== true) { + if (parent.wsagentsDisconnections[obj.nodeid] == null) { + parent.wsagentsDisconnections[obj.nodeid] = 1; + } else { + parent.wsagentsDisconnections[obj.nodeid] = ++parent.wsagentsDisconnections[obj.nodeid]; + } } } obj.close(0); @@ -1135,8 +1148,21 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { } case 'coreinfo': { - // Sent by the agent to update agent information - ChangeAgentCoreInfo(command); + if ((obj.agentCoreUpdate === true) && (obj.agentExeInfo != null)) { + // Agent update. The recovery core was loaded in the agent, send a command to update the agent + var cmd = { action: 'agentUpdate', url: obj.agentExeInfo.url, hash: obj.agentExeInfo.hashhex }; + // Add server TLS cert hash + if (parent.parent.args.ignoreagenthashcheck !== true) { + const tlsCertHash = parent.webCertificateFullHashs[domain.id]; + if (tlsCertHash != null) { cmd.servertlshash = Buffer.from(tlsCertHash, 'binary').toString('hex'); } + } + // Send the agent update command + obj.send(JSON.stringify(cmd)); + delete obj.agentCoreUpdate; + } else { + // Sent by the agent to update agent information + ChangeAgentCoreInfo(command); + } break; } case 'smbios': @@ -1664,13 +1690,19 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { } // Check if we need to update this agent, return true if agent binary update required. + // Return 0 is no update needed, 1 update using native system, 2 update using meshcore system function compareAgentBinaryHash(agentExeInfo, agentHash) { + // If we are testing the agent update system, always return true + if ((args.agentupdatetest === true) || (args.agentupdatetest === 1)) return 1; + if (args.agentupdatetest === 2) return 2; // If the hash matches or is null, no update required. - if ((agentExeInfo.hash == agentHash) || (agentHash == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0')) return false; + if ((agentExeInfo.hash == agentHash) || (agentHash == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0')) return 0; // If this is a macOS x86 or ARM agent type and it matched the universal binary, no update required. - if (((agentExeInfo.id == 16) || (agentExeInfo.id == 29)) && (parent.parent.meshAgentBinaries[10005].hash == agentHash)) return false; + if (((agentExeInfo.id == 16) || (agentExeInfo.id == 29)) && (parent.parent.meshAgentBinaries[10005].hash == agentHash)) return 0; + // No match, update the agent. - return true; + if ((agentExeInfo.id == 3) && (agentExeInfo.id == 4)) return 2; // For Windows agents, use the meshcore update technique. + return 1; // For all other agents, use the native update technique. } // Request that the core dump file on this agent be uploaded to the server diff --git a/meshcentral.js b/meshcentral.js index 357952c4..c68fd834 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -138,7 +138,7 @@ function CreateMeshCentralServer(config, args) { try { require('./pass').hash('test', function () { }, 0); } catch (e) { console.log('Old version of node, must upgrade.'); return; } // TODO: Not sure if this test works or not. // Check for invalid arguments - var validArguments = ['_', 'user', 'port', 'aliasport', 'mpsport', 'mpsaliasport', 'redirport', 'rediraliasport', 'cert', 'mpscert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'showitem', 'listuserids', 'showusergroups', 'shownodes', 'showallmeshes', 'showmeshes', 'showevents', 'showsmbios', 'showpower', 'clearpower', 'showiplocations', 'help', 'exactports', 'xinstall', 'xuninstall', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbexportmin', 'dbimport', 'dbmerge', 'dbfix', 'dbencryptkey', 'selfupdate', 'tlsoffload', 'userallowedip', 'userblockedip', 'swarmallowedip', 'agentallowedip', 'agentblockedip', 'fastcert', 'swarmport', 'logintoken', 'logintokenkey', 'logintokengen', 'mailtokengen', 'admin', 'unadmin', 'sessionkey', 'sessiontime', 'minify', 'minifycore', 'dblistconfigfiles', 'dbshowconfigfile', 'dbpushconfigfiles', 'dbpullconfigfiles', 'dbdeleteconfigfiles', 'vaultpushconfigfiles', 'vaultpullconfigfiles', 'vaultdeleteconfigfiles', 'configkey', 'loadconfigfromdb', 'npmpath', 'serverid', 'recordencryptionrecode', 'vault', 'token', 'unsealkey', 'name', 'log', 'dbstats', 'translate', 'createaccount', 'resetaccount', 'pass', 'adminaccount', 'removeaccount', 'domain', 'email', 'configfile', 'maintenancemode', 'nedbtodb', 'removetestagents']; + var validArguments = ['_', 'user', 'port', 'aliasport', 'mpsport', 'mpsaliasport', 'redirport', 'rediraliasport', 'cert', 'mpscert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'showitem', 'listuserids', 'showusergroups', 'shownodes', 'showallmeshes', 'showmeshes', 'showevents', 'showsmbios', 'showpower', 'clearpower', 'showiplocations', 'help', 'exactports', 'xinstall', 'xuninstall', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbexportmin', 'dbimport', 'dbmerge', 'dbfix', 'dbencryptkey', 'selfupdate', 'tlsoffload', 'userallowedip', 'userblockedip', 'swarmallowedip', 'agentallowedip', 'agentblockedip', 'fastcert', 'swarmport', 'logintoken', 'logintokenkey', 'logintokengen', 'mailtokengen', 'admin', 'unadmin', 'sessionkey', 'sessiontime', 'minify', 'minifycore', 'dblistconfigfiles', 'dbshowconfigfile', 'dbpushconfigfiles', 'dbpullconfigfiles', 'dbdeleteconfigfiles', 'vaultpushconfigfiles', 'vaultpullconfigfiles', 'vaultdeleteconfigfiles', 'configkey', 'loadconfigfromdb', 'npmpath', 'serverid', 'recordencryptionrecode', 'vault', 'token', 'unsealkey', 'name', 'log', 'dbstats', 'translate', 'createaccount', 'resetaccount', 'pass', 'adminaccount', 'removeaccount', 'domain', 'email', 'configfile', 'maintenancemode', 'nedbtodb', 'removetestagents', 'agentupdatetest']; for (var arg in obj.args) { obj.args[arg.toLocaleLowerCase()] = obj.args[arg]; if (validArguments.indexOf(arg.toLocaleLowerCase()) == -1) { console.log('Invalid argument "' + arg + '", use --help.'); return; } } if (obj.args.mongodb == true) { console.log('Must specify: --mongodb [connectionstring] \r\nSee https://docs.mongodb.com/manual/reference/connection-string/ for MongoDB connection string.'); return; } for (i in obj.config.settings) { obj.args[i] = obj.config.settings[i]; } // Place all settings into arguments, arguments have already been placed into settings so arguments take precedence.