Removed mescript support.

This commit is contained in:
Ylian Saint-Hilaire 2020-10-22 15:18:56 -07:00
parent f6e64b66a7
commit 0e7eef6e2e
4 changed files with 1805 additions and 2035 deletions

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

View File

@ -4089,57 +4089,6 @@
QE('idx_dlgOkButton', checkcount > 0);
}
function addCiraDeviceToMesh(meshid) {
if (xxdialogMode) return false;
var mesh = meshes[meshid];
// Replace non alphabetic characters (@ and $) with 'X' because MPS username cannot accept it.
var meshidx = meshid.split('/')[2].replace(/\@/g, 'X').replace(/\$/g, 'X');
var y = '<select id=dlgAddCiraSel onclick=dlgAddCiraSelClick() style=width:230px><option value=0>' + "MeshCommander Script" + '</option><option value=1>' + "Manual Username/Password" + '</option>';
if ((features & 16) == 0) { y += ('<option value=2>' + "Manual Certificate" + '</option></select>'); } // Only display this option if Intel AMT CIRA with Mutual-Auth is allowed.
var x = '';
x += addHtmlValue("Setup Method", y);
x += '<hr>';
// Setup CIRA using a MeshCommander script (Pretty Simple)
x += '<div id=dlgAddCira0>' + format("To add a new Intel&reg; AMT device to device group \"{0}\" with CIRA, download the following script files and use <a href='http://meshcommander.com' rel='noreferrer noopener' target='_blank'>MeshCommander</a> to run the script to configure computers.", EscapeHtml(mesh.name)) + '<br /><br />';
//x += addHtmlValue('Setup CIRA', '<a href="mescript.ashx?type=1' + (urlargs.key?('&key=' + urlargs.key):'') + '&meshid=' + meshidx.substring(0, 16) + '" download>cira_setup.mescript</a>');
x += addHtmlValue("Setup CIRA", '<a onclick=downloadFile("mescript.ashx?type=1' + (urlargs.key?('&key=' + urlargs.key):'') + '&meshid=' + meshid + '")>cira_setup.mescript</a>');
x += addHtmlValue("Cleanup CIRA", '<a onclick=downloadFile("mescript.ashx?type=2' + (urlargs.key?('&key=' + urlargs.key):'') + '")>cira_clean.mescript</a>');
x += '</div>';
// Setup CIRA with user/pass authentication (Somewhat difficult)
x += '<div id=dlgAddCira1 style=display:none>' + format("To add a new Intel&reg; AMT device to device group \"{0}\" with CIRA, load the following certificate as trusted root within Intel&reg; AMT", EscapeHtml(mesh.name));
if (serverinfo.mpspass) { x += (" and authenticate to the server using this username and password." + '<br /><br />'); } else { x += (" and authenticate to the server using this username and any password." + '<br /><br />'); }
x += addHtmlValue("Root Certificate", '<a onclick=downloadFile("' + "MeshServerRootCert.cer" + (urlargs.key?('?key=' + urlargs.key):'') + '")>' + "Root Certificate File" + '</a>');
x += addHtmlValue("Username", '<input style=width:230px readonly value="' + meshidx.substring(0, 16) + '" />');
if (serverinfo.mpspass) { x += addHtmlValue("Password", '<input style=width:230px readonly value="' + EscapeHtml(serverinfo.mpspass) + '" />'); }
if (serverinfo != null) { x += addHtmlValue("MPS Server", '<input style=width:230px readonly value="' + EscapeHtml(serverinfo.mpsname) + ':' + serverinfo.mpsport + '" />'); }
x += '</div>';
// Setup CIRA with certificate authentication (Really difficult, only if TLS offload is not used)
if ((features & 16) == 0) {
x += '<div id=dlgAddCira2 style=display:none>' + format("To add a new Intel&reg; AMT device to device group \"{0}\" with CIRA, load the following certificate as trusted root within Intel&reg; AMT, authenticate using a client certificate with the following common name and connect to the following server.", EscapeHtml(mesh.name)) + '<br /><br />';
x += addHtmlValue("Root Certificate", '<a onclick=downloadFile("' + "MeshServerRootCert.cer" + (urlargs.key?('?key=' + urlargs.key):'') + '")>' + "Root Certificate File" + '</a>');
x += addHtmlValue("Organization", '<input style=width:230px readonly value="' + meshidx + '" />');
if (serverinfo != null) { x += addHtmlValue("MPS Server", '<input style=width:230px readonly value="' + EscapeHtml(serverinfo.mpsname) + ':' + serverinfo.mpsport + '" />'); }
x += '</div>';
}
setDialogMode(2, "Add Intel&reg; AMT CIRA device", 2, null, x, 'fileDownload');
Q('dlgAddCiraSel').focus();
return false;
}
function dlgAddCiraSelClick() {
var val = Q('dlgAddCiraSel').value;
QV('dlgAddCira0', val == 0);
QV('dlgAddCira1', val == 1);
QV('dlgAddCira2', val == 2);
}
// Return true is the input string looks like an email address
function checkEmail(str) {
var x = str.split('@');

View File

@ -2669,127 +2669,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
res.send(Buffer.from(getRootCertBase64(), 'base64'));
}
// Return the CIRA configuration script
obj.getCiraCleanupScript = function (func) {
obj.fs.readFile(obj.parent.path.join(obj.parent.webPublicPath, 'scripts/cira_cleanup.mescript'), 'utf8', function (err, data) {
if (err != null) { func(null); return; }
func(Buffer.from(data));
});
}
// Return the CIRA configuration script
obj.getCiraConfigurationScript = function (meshid, func) {
var meshidx = meshid.split('/')[2].replace(/\@/g, 'X').replace(/\$/g, 'X').substring(0, 16);
var serverNameSplit = obj.certificates.AmtMpsName.split('.');
// Figure out the MPS port, use the alias if set
var mpsport = ((obj.args.mpsaliasport != null) ? obj.args.mpsaliasport : obj.args.mpsport);
if ((serverNameSplit.length == 4) && (parseInt(serverNameSplit[0]) == serverNameSplit[0]) && (parseInt(serverNameSplit[1]) == serverNameSplit[1]) && (parseInt(serverNameSplit[2]) == serverNameSplit[2]) && (parseInt(serverNameSplit[3]) == serverNameSplit[3])) {
// Server name is an IPv4 address
obj.fs.readFile(obj.parent.path.join(obj.parent.webPublicPath, 'scripts/cira_setup_script_ip.mescript'), 'utf8', function (err, data) {
if (err != null) { func(null); return; }
// Randomize the environement detection
var randomDnsName;
do { randomDnsName = getRandomLowerCase(14); } while (randomDnsName == 'aabbccddeeffgg');
while (data.indexOf('aabbccddeeffgg') >= 0) { data = data.replace('aabbccddeeffgg', randomDnsName); }
var scriptFile = JSON.parse(data);
// Change a few things in the script
scriptFile.scriptBlocks[2].vars.CertBin.value = getRootCertBase64(); // Set the root certificate
scriptFile.scriptBlocks[3].vars.IP.value = obj.certificates.AmtMpsName; // Set the server IPv4 address name
scriptFile.scriptBlocks[3].vars.ServerName.value = obj.certificates.AmtMpsName; // Set the server certificate name
scriptFile.scriptBlocks[3].vars.Port.value = mpsport; // Set the server MPS port
scriptFile.scriptBlocks[3].vars.username.value = meshidx; // Set the username
scriptFile.scriptBlocks[3].vars.password.value = obj.args.mpspass ? obj.args.mpspass : 'A@xew9rt'; // Set the password
scriptFile.scriptBlocks[4].vars.AccessInfo1.value = obj.certificates.AmtMpsName + ':' + mpsport; // Set the primary server name:port to set periodic timer
//scriptFile.scriptBlocks[4].vars.AccessInfo2.value = obj.certificates.AmtMpsName + ':' + mpsport; // Set the secondary server name:port to set periodic timer
if (obj.args.ciralocalfqdn != null) { scriptFile.scriptBlocks[6].vars.DetectionStrings.value = obj.args.ciralocalfqdn; } // Set the environment detection local FQDN's
// Compile the script
var scriptEngine = require('./amtscript.js').CreateAmtScriptEngine();
var runscript = scriptEngine.script_blocksToScript(scriptFile.blocks, scriptFile.scriptBlocks);
scriptFile.mescript = Buffer.from(scriptEngine.script_compile(runscript), 'binary').toString('base64');
scriptFile.scriptText = runscript;
// Send the script
func(Buffer.from(JSON.stringify(scriptFile, null, ' ')));
});
} else {
// Server name is a hostname
obj.fs.readFile(obj.parent.path.join(obj.parent.webPublicPath, 'scripts/cira_setup_script_dns.mescript'), 'utf8', function (err, data) {
if (err != null) { res.sendStatus(404); return; }
// Randomize the environement detection
var randomDnsName;
do { randomDnsName = getRandomLowerCase(14); } while (randomDnsName == 'aabbccddeeffgg');
while (data.indexOf('aabbccddeeffgg') >= 0) { data = data.replace('aabbccddeeffgg', randomDnsName); }
var scriptFile = JSON.parse(data);
// Change a few things in the script
scriptFile.scriptBlocks[2].vars.CertBin.value = getRootCertBase64(); // Set the root certificate
scriptFile.scriptBlocks[3].vars.FQDN.value = obj.certificates.AmtMpsName; // Set the server DNS name
scriptFile.scriptBlocks[3].vars.Port.value = mpsport; // Set the server MPS port
scriptFile.scriptBlocks[3].vars.username.value = meshidx; // Set the username
scriptFile.scriptBlocks[3].vars.password.value = obj.args.mpspass ? obj.args.mpspass : 'A@xew9rt'; // Set the password
scriptFile.scriptBlocks[4].vars.AccessInfo1.value = obj.certificates.AmtMpsName + ':' + mpsport; // Set the primary server name:port to set periodic timer
//scriptFile.scriptBlocks[4].vars.AccessInfo2.value = obj.certificates.AmtMpsName + ':' + mpsport; // Set the secondary server name:port to set periodic timer
if (obj.args.ciralocalfqdn != null) { scriptFile.scriptBlocks[6].vars.DetectionStrings.value = obj.args.ciralocalfqdn; } // Set the environment detection local FQDN's
// Compile the script
var scriptEngine = require('./amtscript.js').CreateAmtScriptEngine();
var runscript = scriptEngine.script_blocksToScript(scriptFile.blocks, scriptFile.scriptBlocks);
scriptFile.mescript = Buffer.from(scriptEngine.script_compile(runscript), 'binary').toString('base64');
scriptFile.scriptText = runscript;
// Send the script
func(Buffer.from(JSON.stringify(scriptFile, null, ' ')));
});
}
}
// Returns an mescript for Intel AMT configuration
function handleMeScriptRequest(req, res) {
const domain = getDomain(req);
if (domain == null) { parent.debug('web', 'handleMeScriptRequest: no domain'); res.sendStatus(404); return; }
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false)) { return; } // Check server-wide IP filter only.
// Get the user and check user rights
var authUserid = null;
if ((req.session != null) && (typeof req.session.userid == 'string')) { authUserid = req.session.userid; }
if (authUserid == null) { res.sendStatus(401); return; }
const user = obj.users[authUserid];
if (user == null) { res.sendStatus(401); return; }
if ((req.query.type == 1) && (req.query.meshid != null)) {
// Get the CIRA install script
if (obj.IsMeshViewable(user, req.query.meshid) == false) { res.sendStatus(404); return; }
obj.getCiraConfigurationScript(req.query.meshid, function (script) {
if (script == null) { res.sendStatus(404); } else {
try {
var cirafilename = obj.meshes[req.query.meshid].name.split('\\').join('').split('/').join('').split(':').join('').split('*').join('').split('?').join('').split('"').join('').split('<').join('').split('>').join('').split('|').join('').split(' ').join('').split('\'').join('');
res.set({ 'Cache-Control': 'no-store', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="cira_setup_' + cirafilename + '.mescript"' });
} catch (ex) {
res.set({ 'Cache-Control': 'no-store', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="cira_setup.mescript"' });
}
res.send(script);
}
});
} else if (req.query.type == 2) {
// Get the CIRA cleanup script
obj.getCiraCleanupScript(function (script) {
if (script == null) { res.sendStatus(404); } else {
res.set({ 'Cache-Control': 'no-store', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="cira_cleanup.mescript"' });
res.send(script);
}
});
} else {
res.sendStatus(404);
}
}
// Handle user public file downloads
function handleDownloadUserFiles(req, res) {
const domain = checkUserIpAddress(req, res);
@ -4831,7 +4710,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.app.post(url + 'tokenlogin', handleLoginRequest);
obj.app.get(url + 'logout', handleLogoutRequest);
obj.app.get(url + 'MeshServerRootCert.cer', handleRootCertRequest);
obj.app.get(url + 'mescript.ashx', handleMeScriptRequest);
obj.app.post(url + 'changepassword', handlePasswordChangeRequest);
obj.app.post(url + 'deleteaccount', handleDeleteAccountRequest);
obj.app.post(url + 'createaccount', handleCreateAccountRequest);