Fixed terminal issue.
This commit is contained in:
parent
55853846aa
commit
0e69492ba5
|
@ -98,7 +98,7 @@
|
||||||
<Compile Include="amt\amt-xml.js" />
|
<Compile Include="amt\amt-xml.js" />
|
||||||
<Compile Include="amt\amt.js" />
|
<Compile Include="amt\amt.js" />
|
||||||
<Compile Include="exeHandler.js" />
|
<Compile Include="exeHandler.js" />
|
||||||
<Compile Include="amthelloserver.js" />
|
<Compile Include="amtprovisioningserver.js" />
|
||||||
<Compile Include="letsencrypt.js" />
|
<Compile Include="letsencrypt.js" />
|
||||||
<Compile Include="mcrec.js" />
|
<Compile Include="mcrec.js" />
|
||||||
<Compile Include="meshaccelerator.js" />
|
<Compile Include="meshaccelerator.js" />
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
// Construct the Intel AMT hello server. This is used for Intel AMT bare-metal activation on the local LAN.
|
// Construct the Intel AMT hello server. This is used for Intel AMT bare-metal activation on the local LAN.
|
||||||
// This server can receive a notification from Intel AMT and attempt activation.
|
// This server can receive a notification from Intel AMT and attempt activation.
|
||||||
// In Intel documentation, this is called the Setup and Configuration Application (SCA)
|
// In Intel documentation, this is called the Setup and Configuration Application (SCA)
|
||||||
module.exports.CreateAmtHelloServer = function (parent, config) {
|
module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
||||||
var obj = {};
|
var obj = {};
|
||||||
|
|
||||||
// WSMAN stack
|
// WSMAN stack
|
|
@ -355,6 +355,113 @@ module.exports.CertificateOperations = function (parent) {
|
||||||
return AmtSetupBinStack.AmtSetupBinEncode(setupbin);
|
return AmtSetupBinStack.AmtSetupBinEncode(setupbin);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// Get a bare metal setup.bin file
|
||||||
|
obj.GetBareMetalSetupBinFile = function (amtacmactivation, oldmebxpass, newmebxpass, domain, user) {
|
||||||
|
// Create a setup.bin file for our own root cert
|
||||||
|
// Get the wiadcard certificate hash
|
||||||
|
var wildcardCertSha256 = null;
|
||||||
|
for (var i = 0; i < amtacmactivation.acmmatch.length; i++) { if (amtacmactivation.acmmatch[i].cn == '*') { wildcardCertSha256 = amtacmactivation.acmmatch[i].sha256; } }
|
||||||
|
|
||||||
|
// Create the Setup.bin stack
|
||||||
|
const AmtSetupBinStack = require('./amt/amt-setupbin')();
|
||||||
|
var setupbin = AmtSetupBinStack.AmtSetupBinCreate(3, 1); // Version 3, 1 = Records will not be consumed.
|
||||||
|
var certRootName = 'MeshCentral';
|
||||||
|
|
||||||
|
// Figure out what trusted FQDN to use.
|
||||||
|
var trustedFQDN = parent.config.settings.amtprovisioningserver.trustedfqdn
|
||||||
|
|
||||||
|
// Figure out the provisioning server port
|
||||||
|
var port = 9971;
|
||||||
|
if (typeof parent.config.settings.amtprovisioningserver.port == 'number') { port = parent.config.settings.amtprovisioningserver.port; }
|
||||||
|
|
||||||
|
// Figure out the provisioning server IP address
|
||||||
|
var ipaddr = '192.168.2.147'; // TODO
|
||||||
|
if (typeof parent.config.settings.amtprovisioningserver.ip == 'string') { ipaddr = parent.config.settings.amtprovisioningserver.ip; }
|
||||||
|
var ipaddrSplit = ipaddr.split('.');
|
||||||
|
var ipaddrStr = String.fromCharCode(parseInt(ipaddrSplit[3])) + String.fromCharCode(parseInt(ipaddrSplit[2])) + String.fromCharCode(parseInt(ipaddrSplit[1])) + String.fromCharCode(parseInt(ipaddrSplit[0]));
|
||||||
|
|
||||||
|
// Create a new record
|
||||||
|
var r = {};
|
||||||
|
r.typeIdentifier = 1;
|
||||||
|
r.flags = 1; // Valid, unscrambled record.
|
||||||
|
r.chunkCount = 0;
|
||||||
|
r.headerByteCount = 0;
|
||||||
|
r.number = 0;
|
||||||
|
r.variables = [];
|
||||||
|
setupbin.records.push(r);
|
||||||
|
|
||||||
|
// Create "Current MEBx Password" variable
|
||||||
|
var v = {};
|
||||||
|
v.moduleid = 1;
|
||||||
|
v.varid = 1;
|
||||||
|
v.length = -1;
|
||||||
|
v.value = oldmebxpass;
|
||||||
|
setupbin.records[0].variables.push(v);
|
||||||
|
|
||||||
|
// Create "New MEBx Password" variable
|
||||||
|
v = {};
|
||||||
|
v.moduleid = 1;
|
||||||
|
v.varid = 2;
|
||||||
|
v.length = -1;
|
||||||
|
v.value = newmebxpass;
|
||||||
|
setupbin.records[0].variables.push(v);
|
||||||
|
|
||||||
|
// Create "User Defined Certificate Addition" variable
|
||||||
|
v = {};
|
||||||
|
v.moduleid = 2;
|
||||||
|
v.varid = 8;
|
||||||
|
v.length = -1;
|
||||||
|
v.value = String.fromCharCode(2) + Buffer.from(wildcardCertSha256, 'hex').toString('binary') + String.fromCharCode(certRootName.length) + certRootName; // 2 = SHA256 hash type
|
||||||
|
setupbin.records[0].variables.push(v);
|
||||||
|
|
||||||
|
// Create "PKI DNS Suffix" variable
|
||||||
|
v = {};
|
||||||
|
v.moduleid = 2;
|
||||||
|
v.varid = 3;
|
||||||
|
v.length = -1;
|
||||||
|
v.value = trustedFQDN;
|
||||||
|
setupbin.records[0].variables.push(v);
|
||||||
|
|
||||||
|
// Create "Configuration Server FQDN" variable
|
||||||
|
v = {};
|
||||||
|
v.moduleid = 2;
|
||||||
|
v.varid = 4;
|
||||||
|
v.length = -1;
|
||||||
|
v.value = trustedFQDN;
|
||||||
|
setupbin.records[0].variables.push(v);
|
||||||
|
|
||||||
|
// Create "Provisioning Server Address" variable
|
||||||
|
v = {};
|
||||||
|
v.moduleid = 2;
|
||||||
|
v.varid = 17;
|
||||||
|
v.length = -1;
|
||||||
|
v.value = ipaddrStr;
|
||||||
|
setupbin.records[0].variables.push(v);
|
||||||
|
|
||||||
|
// Create "Provisioning Server Port Number" variable
|
||||||
|
v = {};
|
||||||
|
v.moduleid = 2;
|
||||||
|
v.varid = 18;
|
||||||
|
v.length = -1;
|
||||||
|
v.value = port;
|
||||||
|
setupbin.records[0].variables.push(v);
|
||||||
|
|
||||||
|
// Create "Remote Configuration Enabled (RCFG)" variable
|
||||||
|
v = {};
|
||||||
|
v.moduleid = 2;
|
||||||
|
v.varid = 5;
|
||||||
|
v.length = -1;
|
||||||
|
v.value = '1'; // Turn on
|
||||||
|
setupbin.records[0].variables.push(v);
|
||||||
|
|
||||||
|
// Write to log file
|
||||||
|
obj.logAmtActivation(domain, { time: new Date(), action: 'setupbin', domain: domain.id, userid: user._id, oldmebx: oldmebxpass, newmebx: newmebxpass, rootname: certRootName, hash: wildcardCertSha256, dns: 'rootcert.meshcentral.com' });
|
||||||
|
|
||||||
|
// Encode the setup.bin file
|
||||||
|
return AmtSetupBinStack.AmtSetupBinEncode(setupbin);
|
||||||
|
}
|
||||||
|
|
||||||
// Return the certificate of the remote HTTPS server
|
// Return the certificate of the remote HTTPS server
|
||||||
obj.loadPfxCertificate = function (filename, password) {
|
obj.loadPfxCertificate = function (filename, password) {
|
||||||
var r = { certs: [], keys: [] };
|
var r = { certs: [], keys: [] };
|
||||||
|
|
|
@ -1650,8 +1650,8 @@ function CreateMeshCentralServer(config, args) {
|
||||||
});
|
});
|
||||||
|
|
||||||
// Setup Intel AMT hello server
|
// Setup Intel AMT hello server
|
||||||
if ((typeof config.settings.amthelloserver == 'object') && (typeof config.settings.amthelloserver.devicegroup == 'string') && (typeof config.settings.amthelloserver.newmebxpassword == 'string') && (typeof config.settings.amthelloserver.trustedfqdn == 'string')) {
|
if ((typeof config.settings.amtprovisioningserver == 'object') && (typeof config.settings.amtprovisioningserver.devicegroup == 'string') && (typeof config.settings.amtprovisioningserver.newmebxpassword == 'string') && (typeof config.settings.amtprovisioningserver.trustedfqdn == 'string')) {
|
||||||
obj.amthelloserver = require('./amthelloserver').CreateAmtHelloServer(obj, config.settings.amthelloserver);
|
obj.amtProvisioningServer = require('./amtprovisioningserver').CreateAmtProvisioningServer(obj, config.settings.amtprovisioningserver);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Start collecting server stats every 5 minutes
|
// Start collecting server stats every 5 minutes
|
||||||
|
|
11
meshuser.js
11
meshuser.js
|
@ -5283,8 +5283,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||||
case 'amtsetupbin': {
|
case 'amtsetupbin': {
|
||||||
if ((command.oldmebxpass != 'admin') && (common.validateString(command.oldmebxpass, 8, 16) == false)) break; // Check password
|
if ((command.oldmebxpass != 'admin') && (common.validateString(command.oldmebxpass, 8, 16) == false)) break; // Check password
|
||||||
if (common.validateString(command.newmebxpass, 8, 16) == false) break; // Check password
|
if (common.validateString(command.newmebxpass, 8, 16) == false) break; // Check password
|
||||||
var bin = parent.parent.certificateOperations.GetSetupBinFile(domain.amtacmactivation, command.oldmebxpass, command.newmebxpass, domain, user);
|
if ((command.baremetal) && (parent.parent.amtProvisioningServer != null)) {
|
||||||
try { ws.send(JSON.stringify({ action: 'amtsetupbin', file: Buffer.from(bin, 'binary').toString('base64') })); } catch (ex) { }
|
// Create bare metal setup.bin
|
||||||
|
var bin = parent.parent.certificateOperations.GetBareMetalSetupBinFile(domain.amtacmactivation, command.oldmebxpass, command.newmebxpass, domain, user);
|
||||||
|
try { ws.send(JSON.stringify({ action: 'amtsetupbin', file: Buffer.from(bin, 'binary').toString('base64') })); } catch (ex) { }
|
||||||
|
} else {
|
||||||
|
// Create standard setup.bin
|
||||||
|
var bin = parent.parent.certificateOperations.GetSetupBinFile(domain.amtacmactivation, command.oldmebxpass, command.newmebxpass, domain, user);
|
||||||
|
try { ws.send(JSON.stringify({ action: 'amtsetupbin', file: Buffer.from(bin, 'binary').toString('base64') })); } catch (ex) { }
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case 'meshToolInfo': {
|
case 'meshToolInfo': {
|
||||||
|
|
|
@ -172,11 +172,11 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
|
||||||
if (typeof e.data == 'string') {
|
if (typeof e.data == 'string') {
|
||||||
obj.xxOnControlCommand(e.data);
|
obj.xxOnControlCommand(e.data);
|
||||||
} else {
|
} else {
|
||||||
// If only 1 byte
|
|
||||||
if ((cmdAccLen == 0) && (e.data.byteLength == 1)) return; // Ignore single byte data, this is a keep alive.
|
|
||||||
|
|
||||||
// Send the data to the module
|
// Send the data to the module
|
||||||
if (obj.m.ProcessBinaryCommand) {
|
if (obj.m.ProcessBinaryCommand) {
|
||||||
|
// If only 1 byte
|
||||||
|
if ((cmdAccLen == 0) && (e.data.byteLength < 4)) return; // Ignore any commands less than 4 bytes.
|
||||||
|
|
||||||
// Send as Binary Command
|
// Send as Binary Command
|
||||||
if (cmdAccLen != 0) {
|
if (cmdAccLen != 0) {
|
||||||
// Accumulator is active
|
// Accumulator is active
|
||||||
|
|
|
@ -4267,7 +4267,8 @@
|
||||||
x += addHtmlValue("Old Password", '<input id=dp1password0 type=password style=width:230px autocomplete=off maxlength=32 onchange=validateAmtAcmSetupEx() onkeyup=validateAmtAcmSetupEx() />');
|
x += addHtmlValue("Old Password", '<input id=dp1password0 type=password style=width:230px autocomplete=off maxlength=32 onchange=validateAmtAcmSetupEx() onkeyup=validateAmtAcmSetupEx() />');
|
||||||
x += addHtmlValue("New Password*", '<input id=dp1password1 type=password style=width:230px autocomplete=off maxlength=32 onchange=validateAmtAcmSetupEx() onkeyup=validateAmtAcmSetupEx() />');
|
x += addHtmlValue("New Password*", '<input id=dp1password1 type=password style=width:230px autocomplete=off maxlength=32 onchange=validateAmtAcmSetupEx() onkeyup=validateAmtAcmSetupEx() />');
|
||||||
x += addHtmlValue("New Password*", '<input id=dp1password2 type=password style=width:230px autocomplete=off maxlength=32 onchange=validateAmtAcmSetupEx() onkeyup=validateAmtAcmSetupEx() />');
|
x += addHtmlValue("New Password*", '<input id=dp1password2 type=password style=width:230px autocomplete=off maxlength=32 onchange=validateAmtAcmSetupEx() onkeyup=validateAmtAcmSetupEx() />');
|
||||||
x += '<span id=dp10passNotify style="font-size:10px"> ' + "* 8 characters, 1 upper, 1 lower, 1 numeric, 1 non-alpha numeric." + '</span>';
|
if (features2 & 0x00000020) { x += '<label><input id=dp1lanprov type=checkbox /> ' + "Use for bare-metal LAN activation." + '</label>'; } // Intel AMT LAN provisioning server is active.
|
||||||
|
x += '<div><span id=dp10passNotify style="font-size:10px"> ' + "* 8 characters, 1 upper, 1 lower, 1 numeric, 1 non-alpha numeric." + '</span></div>';
|
||||||
setDialogMode(2, "Intel® AMT ACM", 3, showAmtAcmSetupEx, x);
|
setDialogMode(2, "Intel® AMT ACM", 3, showAmtAcmSetupEx, x);
|
||||||
Q('dp1password0').focus();
|
Q('dp1password0').focus();
|
||||||
validateAmtAcmSetupEx();
|
validateAmtAcmSetupEx();
|
||||||
|
@ -4281,7 +4282,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
function showAmtAcmSetupEx() {
|
function showAmtAcmSetupEx() {
|
||||||
meshserver.send({ action: 'amtsetupbin', oldmebxpass: Q('dp1password0').value, newmebxpass: Q('dp1password1').value });
|
meshserver.send({ action: 'amtsetupbin', oldmebxpass: Q('dp1password0').value, newmebxpass: Q('dp1password1').value, baremetal: ((features2 & 0x00000020) && (Q('dp1lanprov').checked)) });
|
||||||
}
|
}
|
||||||
|
|
||||||
// Display the Intel AMT scanning dialog box
|
// Display the Intel AMT scanning dialog box
|
||||||
|
|
|
@ -2476,6 +2476,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||||
if ((obj.parent.firebase != null) && (obj.parent.firebase.pushOnly != true)) { features2 += 0x00000004; } // Indicates the server supports Firebase two-way push messaging
|
if ((obj.parent.firebase != null) && (obj.parent.firebase.pushOnly != true)) { features2 += 0x00000004; } // Indicates the server supports Firebase two-way push messaging
|
||||||
if (obj.parent.webpush != null) { features2 += 0x00000008; } // Indicates web push is enabled
|
if (obj.parent.webpush != null) { features2 += 0x00000008; } // Indicates web push is enabled
|
||||||
if (((obj.args.noagentupdate == 1) || (obj.args.noagentupdate == true))) { features2 += 0x00000010; } // No agent update
|
if (((obj.args.noagentupdate == 1) || (obj.args.noagentupdate == true))) { features2 += 0x00000010; } // No agent update
|
||||||
|
if (parent.amtProvisioningServer != null) { features2 += 0x00000020; } // Intel AMT LAN provisioning server
|
||||||
|
|
||||||
// Create a authentication cookie
|
// Create a authentication cookie
|
||||||
const authCookie = obj.parent.encodeCookie({ userid: dbGetFunc.user._id, domainid: domain.id, ip: req.clientIp }, obj.parent.loginCookieEncryptionKey);
|
const authCookie = obj.parent.encodeCookie({ userid: dbGetFunc.user._id, domainid: domain.id, ip: req.clientIp }, obj.parent.loginCookieEncryptionKey);
|
||||||
|
|
Loading…
Reference in New Issue