Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-11-25 20:51:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor code signing improvements and clean up.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2022-06-18 21:47:44 -07:00
parent a429a42ecf
commit fa13239d46
3 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
authenticode.js
View File

@ -1240,7 +1240,7 @@ function createAuthenticodeHandler(path) {
if ((typeof args.desc == 'string') || (typeof args.url == 'string')) { if ((typeof args.desc == 'string') || (typeof args.url == 'string')) {
var codeSigningAttributes = { 'tagClass': 0, 'type': 16, 'constructed': true, 'composed': true, 'value': [] }; var codeSigningAttributes = { 'tagClass': 0, 'type': 16, 'constructed': true, 'composed': true, 'value': [] };
if (args.desc != null) { // Encode description as big-endian unicode. if (args.desc != null) { // Encode description as big-endian unicode.
var desc = "", ucs = Buffer.from(args.desc, 'ucs2').toString() var desc = '', ucs = Buffer.from(args.desc, 'ucs2').toString()
for (var k = 0; k < ucs.length; k += 2) { desc += String.fromCharCode(ucs.charCodeAt(k + 1), ucs.charCodeAt(k)); } for (var k = 0; k < ucs.length; k += 2) { desc += String.fromCharCode(ucs.charCodeAt(k + 1), ucs.charCodeAt(k)); }
codeSigningAttributes.value.push({ 'tagClass': 128, 'type': 0, 'constructed': true, 'composed': true, 'value': [{ 'tagClass': 128, 'type': 0, 'constructed': false, 'composed': false, 'value': desc }] }); codeSigningAttributes.value.push({ 'tagClass': 128, 'type': 0, 'constructed': true, 'composed': true, 'value': [{ 'tagClass': 128, 'type': 0, 'constructed': false, 'composed': false, 'value': desc }] });
} }

31
meshcentral.js
View File

@ -2867,22 +2867,19 @@ function CreateMeshCentralServer(config, args) {
if (domain.id == '') { objx = obj; } else { suffix = '-' + domain.id; objx.meshAgentBinaries = {}; } if (domain.id == '') { objx = obj; } else { suffix = '-' + domain.id; objx.meshAgentBinaries = {}; }
// Generate the agent signature description and URL // Generate the agent signature description and URL
var serverSignedAgentsPath, signDesc, signUrl; const serverSignedAgentsPath = obj.path.join(obj.datapath, 'signedagents' + suffix);
if (agentSignCertInfo != null) { const signDesc = (domain.title ? domain.title : agentSignCertInfo.cert.subject.hash);
serverSignedAgentsPath = obj.path.join(obj.datapath, 'signedagents' + suffix); const httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
signDesc = (domain.title ? domain.title : agentSignCertInfo.cert.subject.hash); var httpsHost = ((domain.dns != null) ? domain.dns : obj.certificates.CommonName);
var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified if (obj.args.agentaliasdns != null) { httpsHost = obj.args.agentaliasdns; }
var httpsHost = ((domain.dns != null) ? domain.dns : obj.certificates.CommonName); var signUrl = 'https://' + httpsHost;
if (obj.args.agentaliasdns != null) { httpsHost = obj.args.agentaliasdns; } if (httpsPort != 443) { signUrl += ':' + httpsPort; }
signUrl = 'https://' + httpsHost; var xdomain = (domain.dns == null) ? domain.id : '';
if (httpsPort != 443) { signUrl += ':' + httpsPort; } if (xdomain != '') xdomain += '/';
var xdomain = (domain.dns == null) ? domain.id : ''; signUrl += '/' + xdomain;
if (xdomain != '') xdomain += '/';
signUrl += '/' + xdomain;
// If requested, lock the agent to this server // If requested, lock the agent to this server
if (obj.config.settings.agentsignlock) { signUrl += '?ServerID=' + obj.certificateOperations.getPublicKeyHash(obj.certificates.agent.cert).toUpperCase(); } if (obj.config.settings.agentsignlock) { signUrl += '?ServerID=' + obj.certificateOperations.getPublicKeyHash(obj.certificates.agent.cert).toUpperCase(); }
}
// Setup the time server // Setup the time server
var timeStampUrl = 'http://timestamp.comodoca.com/authenticode'; var timeStampUrl = 'http://timestamp.comodoca.com/authenticode';
@ -2930,7 +2927,8 @@ function CreateMeshCentralServer(config, args) {
// Agent was signed succesfuly // Agent was signed succesfuly
console.log(obj.common.format('Code signed agent {0}.', agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname)); console.log(obj.common.format('Code signed agent {0}.', agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname));
} else { } else {
console.log(obj.common.format('Failed to sign agent {0}: ' + err, agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname)); // Failed to sign agent
addServerWarning('Failed to sign agent \"' + agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname + '\": ' + err, 22, [ agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname, err ]);
} }
if (--pendingOperations === 0) { agentSignedFunc.func(); } if (--pendingOperations === 0) { agentSignedFunc.func(); }
} }
@ -2939,6 +2937,7 @@ function CreateMeshCentralServer(config, args) {
xagentSignedFunc.objx = objx; xagentSignedFunc.objx = objx;
xagentSignedFunc.archid = archid; xagentSignedFunc.archid = archid;
xagentSignedFunc.signeedagentpath = signeedagentpath; xagentSignedFunc.signeedagentpath = signeedagentpath;
obj.debug('main', "Code signing agent with arguments: " + JSON.stringify({ out: signeedagentpath, desc: signDesc, url: signUrl, time: timeStampUrl }));
originalAgent.sign(agentSignCertInfo, { out: signeedagentpath, desc: signDesc, url: signUrl, time: timeStampUrl }, xagentSignedFunc); originalAgent.sign(agentSignCertInfo, { out: signeedagentpath, desc: signDesc, url: signUrl, time: timeStampUrl }, xagentSignedFunc);
} else { } else {
// Signed agent is already ok, use it. // Signed agent is already ok, use it.

5
views/default.handlebars
View File

@ -2316,7 +2316,8 @@
18: "SMTP server has limited use in LAN mode.", 18: "SMTP server has limited use in LAN mode.",
19: "SMS gateway has limited use in LAN mode.", 19: "SMS gateway has limited use in LAN mode.",
20: "Invalid \"LoginCookieEncryptionKey\" in config.json.", 20: "Invalid \"LoginCookieEncryptionKey\" in config.json.",
21: "Backup path can't be set within meshcentral-data folder, backup settings ignored." 21: "Backup path can't be set within meshcentral-data folder, backup settings ignored.",
22: "Failed to sign agent {0}: {1}"
}; };
var x = ''; var x = '';
for (var i in message.warnings) { for (var i in message.warnings) {
@ -2325,7 +2326,7 @@
x += '<div style=color:red;padding-bottom:6px><b>' + "WARNING: " + y + '</b></div>'; x += '<div style=color:red;padding-bottom:6px><b>' + "WARNING: " + y + '</b></div>';
} else { } else {
var z = ServerWarnings[y.id]; var z = ServerWarnings[y.id];
if (z == null) { z = y.msg; } else { z = format(z, y.args); } if (z == null) { z = y.msg; } else { z = format(z, ...y.args); }
x += '<div style=color:red;padding-bottom:6px><b>' + "WARNING: " + z + '</b></div>'; x += '<div style=color:red;padding-bottom:6px><b>' + "WARNING: " + z + '</b></div>';
} }
} }