mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-11 15:03:20 -05:00
Improved CIRA setup when MPS is not running.
This commit is contained in:
parent
2dbd723993
commit
05ebe75074
@ -302,10 +302,17 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
var amtPolicy = 0, ciraPolicy = 0, badPass = 0, password = null;
|
||||
if (mesh.amt != null) {
|
||||
if (mesh.amt.type) { amtPolicy = mesh.amt.type; }
|
||||
if (mesh.amt.type == 4) {
|
||||
// Fully automatic policy
|
||||
ciraPolicy = 2; // CIRA will be setup
|
||||
badPass = 1; // Automatically re-active CCM
|
||||
password = null; // Randomize the password.
|
||||
} else {
|
||||
if (mesh.amt.cirasetup) { ciraPolicy = mesh.amt.cirasetup; }
|
||||
if (mesh.amt.badpass) { badPass = mesh.amt.badpass; }
|
||||
if ((typeof mesh.amt.password == 'string') && (mesh.amt.password != '')) { password = mesh.amt.password; }
|
||||
}
|
||||
}
|
||||
if (amtPolicy < 2) { ciraPolicy = 0; }
|
||||
dev.policy = { amtPolicy: amtPolicy, ciraPolicy: ciraPolicy, badPass: badPass, password: password };
|
||||
|
||||
@ -343,7 +350,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
// Attempt to perform initial contact with Intel AMT
|
||||
function attemptInitialContact(dev) {
|
||||
delete dev.amtstack; // If there is a WSMAn stack setup, clean it up now.
|
||||
parent.debug('amt', "Attempt Initial Contact", dev.name, dev.connType);
|
||||
parent.debug('amt', "Attempt Initial Contact", dev.name, ["CIRA", "CIRA-Relay", "CIRA-LMS", "Local"][dev.connType]);
|
||||
|
||||
// Check Intel AMT policy when CIRA-LMS connection is in use.
|
||||
if ((dev.connType == 2) && (dev.mpsConnection != null) && (dev.mpsConnection.tag != null) && (dev.mpsConnection.tag.meiState != null)) {
|
||||
@ -354,7 +361,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
return;
|
||||
}
|
||||
// Check if we have an ACM activation policy, but the device is in CCM
|
||||
if ((dev.policy.amtPolicy == 3) && ((dev.mpsConnection.tag.meiState.Flags & 2) != 0)) {
|
||||
if (((dev.policy.amtPolicy == 3) || (dev.policy.amtPolicy == 4)) && ((dev.mpsConnection.tag.meiState.Flags & 2) != 0)) {
|
||||
// This device in is CCM, check if we can upgrade to ACM
|
||||
if (activateIntelAmt(dev) == false) return; // If this return true, the platform is in CCM and can't go to ACM, keep going with management.
|
||||
}
|
||||
@ -562,7 +569,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
dev.tlsfail = true; attemptInitialContact(dev); return;
|
||||
} else if (status == 401) {
|
||||
// Authentication error, see if we can use alternative credentials
|
||||
if ((dev.acctry == null) && (dev.policy.password != null)) { dev.acctry = 'policy'; attemptInitialContact(dev); return; }
|
||||
if ((dev.acctry == null) && (typeof dev.policy.password == 'string') && (dev.policy.password != '')) { dev.acctry = 'policy'; attemptInitialContact(dev); return; }
|
||||
if ((dev.acctry == null) || (dev.acctry == 'policy') && (obj.amtAdminAccounts[dev.domainid] != null) && (obj.amtAdminAccounts[dev.domainid].length > 0)) { dev.acctry = 0; attemptInitialContact(dev); return; }
|
||||
if ((dev.acctry != null) && (obj.amtAdminAccounts[dev.domainid] != null) && (obj.amtAdminAccounts[dev.domainid].length > (dev.acctry + 1))) { dev.acctry++; attemptInitialContact(dev); return; }
|
||||
|
||||
@ -1070,7 +1077,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
// Check if Intel AMT has the server root certificate
|
||||
function attemptRootCertSync(dev, func) {
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
if ((dev.connType != 2) || (dev.policy.ciraPolicy != 2)) { func(dev); return; } // Server root certificate does not need to be present is CIRA is not needed
|
||||
if ((dev.connType != 2) || (dev.policy.ciraPolicy != 2) || (parent.mpsserver.server == null)) { func(dev); return; } // Server root certificate does not need to be present is CIRA is not needed
|
||||
|
||||
// Find the current TLS certificate & MeshCentral root certificate
|
||||
var xxMeshCentralRoot = null;
|
||||
@ -1150,7 +1157,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
// Fetch the server's CIRA settings
|
||||
dev.cira.mpsPresent = null;
|
||||
dev.cira.mpsPolicy = false;
|
||||
if (dev.policy.ciraPolicy == 2) {
|
||||
if ((dev.policy.ciraPolicy == 2) && (parent.mpsserver.server != null)) { // parent.mpsserver.server is not null if the MPS server is listening for TCP/TLS connections
|
||||
dev.cira.meshidx = dev.meshid.split('/')[2].replace(/\@/g, 'X').replace(/\$/g, 'X').substring(0, 16);
|
||||
dev.cira.mpsName = parent.webserver.certificates.AmtMpsName;
|
||||
var serverNameSplit = dev.cira.mpsName.split('.');
|
||||
@ -1190,7 +1197,8 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
}
|
||||
|
||||
// If we need to setup CIRA, start by checking the MPS server
|
||||
if (dev.policy.ciraPolicy == 2) { addMpsServer(dev); } else { checkEnvironmentDetection(dev); }
|
||||
// parent.mpsserver.server is not null if the MPS server is listening for TCP/TLS connections
|
||||
if ((dev.policy.ciraPolicy == 2) && (parent.mpsserver.server != null)) { addMpsServer(dev); } else { checkEnvironmentDetection(dev); }
|
||||
});
|
||||
}
|
||||
|
||||
@ -1202,6 +1210,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
if (status != 200) { dev.consoleMsg("Failed to create new MPS server (" + status + ")."); removeAmtDevice(dev); return; }
|
||||
dev.cira.mpsPresent = getItem(response.Body.MpServer.ReferenceParameters.SelectorSet.Selector, '@Name', 'Name').Value;
|
||||
console.log(dev.cira.mpsPresent);
|
||||
dev.consoleMsg("Created new MPS server.");
|
||||
addMpsPolicy(dev);
|
||||
});
|
||||
@ -1251,7 +1260,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
var currentEnvDetect = dev.cira.xxEnvironementDetection['DetectionStrings'];
|
||||
if (currentEnvDetect == null) { currentEnvDetect = []; }
|
||||
|
||||
if (dev.policy.ciraPolicy == 2) { // ciraPolicy: 0 = Do Nothing, 1 = Clear, 2 = Set
|
||||
if ((dev.policy.ciraPolicy == 2) && (parent.mpsserver.server != null)) { // ciraPolicy: 0 = Do Nothing, 1 = Clear, 2 = Set
|
||||
const newEnvDetect = parent.config.domains[dev.domainid].amtmanager.environmentdetection;
|
||||
if (newEnvDetect == null) {
|
||||
// If no environment detection is specified in the config.json, check that we have a random environment detection
|
||||
@ -1270,7 +1279,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
if (mismatch == true) { editEnvironmentDetectionTmp = newEnvDetect; changes = true; }
|
||||
}
|
||||
|
||||
} else if (dev.policy.ciraPolicy == 1) {
|
||||
} else if ((dev.policy.ciraPolicy == 1) || (parent.mpsserver.server == null)) {
|
||||
// Check environment detection is clear
|
||||
if (currentEnvDetect.length != 0) { editEnvironmentDetectionTmp = []; changes = true; }
|
||||
}
|
||||
@ -1589,7 +1598,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
if ((typeof dev.mpsConnection.tag.meiState.OsAdmin != 'object') || (typeof dev.mpsConnection.tag.meiState.OsAdmin.user != 'string') || (typeof dev.mpsConnection.tag.meiState.OsAdmin.pass != 'string')) { amtPolicy = 0; }
|
||||
if (amtPolicy == 0) { removeAmtDevice(dev); return false; } // Do nothing, we should not have gotten this CIRA-LMS connection.
|
||||
if (amtPolicy == 2) { activateIntelAmtCcm(dev, mesh.amt.password); } // Activate to CCM policy
|
||||
if (amtPolicy == 3) { // Activate to ACM policy
|
||||
if ((amtPolicy == 3) || (amtPolicy == 4)) { // Activate to ACM policy
|
||||
var acminfo = checkAcmActivation(dev);
|
||||
if (acminfo == null) {
|
||||
// No opportunity to activate to ACM, check if we are already in CCM
|
||||
|
@ -3301,7 +3301,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
// Change a mesh Intel AMT policy
|
||||
if (common.validateString(command.meshid, 1, 1024) == false) break; // Check the meshid
|
||||
if (common.validateObject(command.amtpolicy) == false) break; // Check the amtpolicy
|
||||
if (common.validateInt(command.amtpolicy.type, 0, 3) == false) break; // Check the amtpolicy.type
|
||||
if (common.validateInt(command.amtpolicy.type, 0, 4) == false) break; // Check the amtpolicy.type
|
||||
if (command.amtpolicy.type === 2) {
|
||||
if (common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
|
||||
if ((command.amtpolicy.badpass != null) && common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
|
||||
|
BIN
public/images/checkbox60.png
Normal file
BIN
public/images/checkbox60.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.4 KiB |
@ -9428,6 +9428,8 @@
|
||||
} else if (currentMesh.amt.type == 3) {
|
||||
intelAmtPolicy = "Simple Admin Control Mode (ACM)";
|
||||
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += " + CIRA"; }
|
||||
} else if (currentMesh.amt.type == 4) {
|
||||
intelAmtPolicy = "Fully Automatic";
|
||||
}
|
||||
}
|
||||
x += addHtmlValue("Intel® AMT", addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', meshrights & 1));
|
||||
@ -9517,7 +9519,7 @@
|
||||
if (xxdialogMode) return;
|
||||
var x = '', acmoption = '';
|
||||
if ((features & 0x100000) != 0) { acmoption = '<option value=3>' + "Simple Admin Control Mode (ACM)" + '</option>'; }
|
||||
x += addHtmlValue("Type", '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>' + "No Policy" + '</option><option value=1>' + "Deactivate Client Control Mode (CCM)" + '</option><option value=2>' + "Simple Client Control Mode (CCM)" + '</option>' + acmoption + '</select>');
|
||||
x += addHtmlValue("Type", '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>' + "No Policy" + '</option><option value=1>' + "Deactivate Client Control Mode (CCM)" + '</option><option value=2>' + "Simple Client Control Mode (CCM)" + '</option>' + acmoption + '<option value=4>' + "Fully Automatic" + '</option></select>');
|
||||
x += '<div id=dp20amtpolicydiv></div>';
|
||||
setDialogMode(2, "Intel® AMT Policy", 3, p20editMeshAmtEx, x);
|
||||
if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; }
|
||||
@ -9535,7 +9537,7 @@
|
||||
|
||||
function p20editMeshAmtChange() {
|
||||
var ptype = Q('dp20amtpolicy').value, x = '';
|
||||
if (ptype >= 2) {
|
||||
if ((ptype >= 2) && (ptype < 4)) {
|
||||
x = addHtmlValue("Password*", '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
|
||||
x += addHtmlValue("Password*", '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
|
||||
x += addHtmlValue("Password mismatch", '<select id=dp20amtbadpass style=width:230px><option value=0>' + "Do nothing" + '</option><option value=1>' + "Reactivate Intel® AMT" + '</option></select>');
|
||||
@ -9550,6 +9552,7 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ptype == 4) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/checkbox60.png width=60 height=60><td>' + "This is the recommanded policy type. Intel® AMT activation and management is completely automated." + '</table>'; }
|
||||
QH('dp20amtpolicydiv', x);
|
||||
setTimeout(dp20amtValidatePolicy, 1);
|
||||
}
|
||||
@ -9565,12 +9568,14 @@
|
||||
|
||||
function p20editMeshAmtEx() {
|
||||
var ptype = parseInt(Q('dp20amtpolicy').value), amtpolicy = { type: ptype };
|
||||
if (ptype == 2) {
|
||||
if (ptype == 2) { // CCM policy
|
||||
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
|
||||
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
|
||||
} else if (ptype == 3) {
|
||||
} else if (ptype == 3) { // ACM policy
|
||||
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
|
||||
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
|
||||
} else if (ptype == 4) { // Fully automatic policy
|
||||
amtpolicy = { type: ptype };
|
||||
}
|
||||
meshserver.send({ action: 'meshamtpolicy', meshid: currentMesh._id, amtpolicy: amtpolicy });
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user