mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-29 09:43:56 +03:00
Minor code signing improvements and clean up.
This commit is contained in:
parent
a429a42ecf
commit
fa13239d46
@ -1240,7 +1240,7 @@ function createAuthenticodeHandler(path) {
|
|||||||
if ((typeof args.desc == 'string') || (typeof args.url == 'string')) {
|
if ((typeof args.desc == 'string') || (typeof args.url == 'string')) {
|
||||||
var codeSigningAttributes = { 'tagClass': 0, 'type': 16, 'constructed': true, 'composed': true, 'value': [] };
|
var codeSigningAttributes = { 'tagClass': 0, 'type': 16, 'constructed': true, 'composed': true, 'value': [] };
|
||||||
if (args.desc != null) { // Encode description as big-endian unicode.
|
if (args.desc != null) { // Encode description as big-endian unicode.
|
||||||
var desc = "", ucs = Buffer.from(args.desc, 'ucs2').toString()
|
var desc = '', ucs = Buffer.from(args.desc, 'ucs2').toString()
|
||||||
for (var k = 0; k < ucs.length; k += 2) { desc += String.fromCharCode(ucs.charCodeAt(k + 1), ucs.charCodeAt(k)); }
|
for (var k = 0; k < ucs.length; k += 2) { desc += String.fromCharCode(ucs.charCodeAt(k + 1), ucs.charCodeAt(k)); }
|
||||||
codeSigningAttributes.value.push({ 'tagClass': 128, 'type': 0, 'constructed': true, 'composed': true, 'value': [{ 'tagClass': 128, 'type': 0, 'constructed': false, 'composed': false, 'value': desc }] });
|
codeSigningAttributes.value.push({ 'tagClass': 128, 'type': 0, 'constructed': true, 'composed': true, 'value': [{ 'tagClass': 128, 'type': 0, 'constructed': false, 'composed': false, 'value': desc }] });
|
||||||
}
|
}
|
||||||
|
@ -2867,22 +2867,19 @@ function CreateMeshCentralServer(config, args) {
|
|||||||
if (domain.id == '') { objx = obj; } else { suffix = '-' + domain.id; objx.meshAgentBinaries = {}; }
|
if (domain.id == '') { objx = obj; } else { suffix = '-' + domain.id; objx.meshAgentBinaries = {}; }
|
||||||
|
|
||||||
// Generate the agent signature description and URL
|
// Generate the agent signature description and URL
|
||||||
var serverSignedAgentsPath, signDesc, signUrl;
|
const serverSignedAgentsPath = obj.path.join(obj.datapath, 'signedagents' + suffix);
|
||||||
if (agentSignCertInfo != null) {
|
const signDesc = (domain.title ? domain.title : agentSignCertInfo.cert.subject.hash);
|
||||||
serverSignedAgentsPath = obj.path.join(obj.datapath, 'signedagents' + suffix);
|
const httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
|
||||||
signDesc = (domain.title ? domain.title : agentSignCertInfo.cert.subject.hash);
|
var httpsHost = ((domain.dns != null) ? domain.dns : obj.certificates.CommonName);
|
||||||
var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
|
if (obj.args.agentaliasdns != null) { httpsHost = obj.args.agentaliasdns; }
|
||||||
var httpsHost = ((domain.dns != null) ? domain.dns : obj.certificates.CommonName);
|
var signUrl = 'https://' + httpsHost;
|
||||||
if (obj.args.agentaliasdns != null) { httpsHost = obj.args.agentaliasdns; }
|
if (httpsPort != 443) { signUrl += ':' + httpsPort; }
|
||||||
signUrl = 'https://' + httpsHost;
|
var xdomain = (domain.dns == null) ? domain.id : '';
|
||||||
if (httpsPort != 443) { signUrl += ':' + httpsPort; }
|
if (xdomain != '') xdomain += '/';
|
||||||
var xdomain = (domain.dns == null) ? domain.id : '';
|
signUrl += '/' + xdomain;
|
||||||
if (xdomain != '') xdomain += '/';
|
|
||||||
signUrl += '/' + xdomain;
|
|
||||||
|
|
||||||
// If requested, lock the agent to this server
|
// If requested, lock the agent to this server
|
||||||
if (obj.config.settings.agentsignlock) { signUrl += '?ServerID=' + obj.certificateOperations.getPublicKeyHash(obj.certificates.agent.cert).toUpperCase(); }
|
if (obj.config.settings.agentsignlock) { signUrl += '?ServerID=' + obj.certificateOperations.getPublicKeyHash(obj.certificates.agent.cert).toUpperCase(); }
|
||||||
}
|
|
||||||
|
|
||||||
// Setup the time server
|
// Setup the time server
|
||||||
var timeStampUrl = 'http://timestamp.comodoca.com/authenticode';
|
var timeStampUrl = 'http://timestamp.comodoca.com/authenticode';
|
||||||
@ -2930,7 +2927,8 @@ function CreateMeshCentralServer(config, args) {
|
|||||||
// Agent was signed succesfuly
|
// Agent was signed succesfuly
|
||||||
console.log(obj.common.format('Code signed agent {0}.', agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname));
|
console.log(obj.common.format('Code signed agent {0}.', agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname));
|
||||||
} else {
|
} else {
|
||||||
console.log(obj.common.format('Failed to sign agent {0}: ' + err, agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname));
|
// Failed to sign agent
|
||||||
|
addServerWarning('Failed to sign agent \"' + agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname + '\": ' + err, 22, [ agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname, err ]);
|
||||||
}
|
}
|
||||||
if (--pendingOperations === 0) { agentSignedFunc.func(); }
|
if (--pendingOperations === 0) { agentSignedFunc.func(); }
|
||||||
}
|
}
|
||||||
@ -2939,6 +2937,7 @@ function CreateMeshCentralServer(config, args) {
|
|||||||
xagentSignedFunc.objx = objx;
|
xagentSignedFunc.objx = objx;
|
||||||
xagentSignedFunc.archid = archid;
|
xagentSignedFunc.archid = archid;
|
||||||
xagentSignedFunc.signeedagentpath = signeedagentpath;
|
xagentSignedFunc.signeedagentpath = signeedagentpath;
|
||||||
|
obj.debug('main', "Code signing agent with arguments: " + JSON.stringify({ out: signeedagentpath, desc: signDesc, url: signUrl, time: timeStampUrl }));
|
||||||
originalAgent.sign(agentSignCertInfo, { out: signeedagentpath, desc: signDesc, url: signUrl, time: timeStampUrl }, xagentSignedFunc);
|
originalAgent.sign(agentSignCertInfo, { out: signeedagentpath, desc: signDesc, url: signUrl, time: timeStampUrl }, xagentSignedFunc);
|
||||||
} else {
|
} else {
|
||||||
// Signed agent is already ok, use it.
|
// Signed agent is already ok, use it.
|
||||||
|
@ -2316,7 +2316,8 @@
|
|||||||
18: "SMTP server has limited use in LAN mode.",
|
18: "SMTP server has limited use in LAN mode.",
|
||||||
19: "SMS gateway has limited use in LAN mode.",
|
19: "SMS gateway has limited use in LAN mode.",
|
||||||
20: "Invalid \"LoginCookieEncryptionKey\" in config.json.",
|
20: "Invalid \"LoginCookieEncryptionKey\" in config.json.",
|
||||||
21: "Backup path can't be set within meshcentral-data folder, backup settings ignored."
|
21: "Backup path can't be set within meshcentral-data folder, backup settings ignored.",
|
||||||
|
22: "Failed to sign agent {0}: {1}"
|
||||||
};
|
};
|
||||||
var x = '';
|
var x = '';
|
||||||
for (var i in message.warnings) {
|
for (var i in message.warnings) {
|
||||||
@ -2325,7 +2326,7 @@
|
|||||||
x += '<div style=color:red;padding-bottom:6px><b>' + "WARNING: " + y + '</b></div>';
|
x += '<div style=color:red;padding-bottom:6px><b>' + "WARNING: " + y + '</b></div>';
|
||||||
} else {
|
} else {
|
||||||
var z = ServerWarnings[y.id];
|
var z = ServerWarnings[y.id];
|
||||||
if (z == null) { z = y.msg; } else { z = format(z, y.args); }
|
if (z == null) { z = y.msg; } else { z = format(z, ...y.args); }
|
||||||
x += '<div style=color:red;padding-bottom:6px><b>' + "WARNING: " + z + '</b></div>';
|
x += '<div style=color:red;padding-bottom:6px><b>' + "WARNING: " + z + '</b></div>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user