MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added server-side Intel AMT configuration options.

This commit is contained in:
Ylian Saint-Hilaire 2019-02-07 15:00:10 -08:00
parent c3a49807dc
commit 28d13d6995
19 changed files with 250 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
agents/MeshCmd-signed.exe
View File

Binary file not shown.

BIN
agents/MeshCmd64-signed.exe
View File

Binary file not shown.

BIN
agents/MeshService-signed.exe
View File

Binary file not shown.

BIN
agents/MeshService.exe
View File

Binary file not shown.

BIN
agents/MeshService64-signed.exe
View File

Binary file not shown.

BIN
agents/MeshService64.exe
View File

Binary file not shown.

27
agents/meshcore.js
View File

@ -95,6 +95,7 @@ function createMeshCore(agent) {
var nextTunnelIndex = 1;
var oswsstack = null;
var osamtstack = null;
var amtPolicy = null;
// If we are running in Duktape, agent will be null
if (agent == null) {
@ -174,7 +175,10 @@ function createMeshCore(agent) {
wifiScanner.on('accessPoint', function (data) { sendConsoleText(data); });
} catch (ex) { wifiScannerLib = null; wifiScanner = null; }
// Try to load up the MEI module
// Try to load Intel AMT policy
try { amtPolicy = JSON.parse(db.Get('amtPolicy')); } catch (ex) { amtPolicy = null; }
// Try to load up the MEI module
function resetMei() {
try {
var amtMeiLib = require('amt-mei');
@ -502,6 +506,12 @@ function createMeshCore(agent) {
if (data.url) { mesh.SendCommand({ "action": "openUrl", "url": data.url, "sessionid": data.sessionid, "success": (openUserDesktopUrl(data.url) != null) }); }
break;
}
case 'amtPolicy': {
// Store the latest Intel AMT policy
amtPolicy = data.amtPolicy;
if (data.amtPolicy != null) { db.Put('amtPolicy', JSON.stringify(data.amtPolicy)); } else { db.Put('amtPolicy', null); }
break;
}
default:
// Unknown action, ignore it.
break;
@ -1093,7 +1103,7 @@ function createMeshCore(agent) {
var response = null;
switch (cmd) {
case 'help': { // Displays available commands
response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtdeactivate.';
response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtdeactivate, amtpolicy.';
break;
}
/*
@ -1132,6 +1142,14 @@ function createMeshCore(agent) {
if (amtMei == null) { response = 'Intel AMT not supported.'; } else { deactivateCCM(); }
break;
}
case 'amtpolicy': {
if (amtPolicy == null) {
response = 'No Intel(R) AMT policy.';
} else {
response = JSON.stringify(amtPolicy);
}
break;
}
case 'openurl': {
if (args['_'].length != 1) { response = 'Proper usage: openurl (url)'; } // Display usage
else { if (openUserDesktopUrl(args['_'][0]) == null) { response = 'Failed.'; } else { response = 'Success.'; } }
@ -2004,13 +2022,16 @@ function createMeshCore(agent) {
//
function activeToCCM(adminpass) {
sendConsoleText('Trying to get local account info...');
amtMei.getLocalSystemAccount(function (x) {
if (x.user && x.pass) {
sendConsoleText('Intel AMT local account info: User=' + x.user + ', Pass=' + x.pass + '.');
var transport = require('amt-wsman-duk');
var wsman = require('amt-wsman');
var amt = require('amt');
oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
osamtstack = new amt(oswsstack);
sendConsoleText('Trying to get Intel AMT activation information...');
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToCCMEx2, adminpass);
} else {
sendConsoleText('Unable to get $$OsAdmin password.');
@ -2019,7 +2040,7 @@ function createMeshCore(agent) {
}
function activeToCCMEx2(stack, name, responses, status, adminpass) {
if (status != 200) { sendConsoleText('Failed to fetch activation status, status ' + status); }
if (status != 200) { sendConsoleText('Failed to fetch activation information, status ' + status); }
else if (responses['IPS_HostBasedSetupService'].response['AllowedControlModes'].length != 2) { sendConsoleText('Client control mode activation not allowed'); }
else { stack.IPS_HostBasedSetupService_Setup(2, md5hex('admin:' + responses['AMT_GeneralSettings'].response['DigestRealm'] + ':' + adminpass).substring(0, 32), null, null, null, null, activeToCCMEx3); }
}

2
agents/meshcore.min.js vendored
View File

File diff suppressed because one or more lines are too long

99
meshagent.js
View File

@ -129,6 +129,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
obj.parent.parent.taskLimiter.launch(function (argument, taskid, taskLimiterQueue) {
obj.send(obj.common.ShortToStr(10) + obj.common.ShortToStr(0) + argument.hash + argument.core, function () { obj.parent.parent.taskLimiter.completed(taskid); }); // MeshCommand_CoreModule, start core update
obj.parent.parent.debug(1, 'Updating code ' + argument.name);
agentCoreIsStable();
}, { hash: meshcorehash, core: obj.parent.parent.defaultMeshCores[corename], name: corename });
}
obj.agentCoreCheck++;
@ -136,6 +137,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
} else {
obj.agentCoreCheck = 0;
obj.send(obj.common.ShortToStr(16) + obj.common.ShortToStr(0)); // MeshCommand_CoreOk. Indicates to the agent that the core is ok. Start it if it's not already started.
agentCoreIsStable(); // No updates needed, agent is ready to go.
}
}
@ -463,52 +465,69 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
obj.send(obj.common.ShortToStr(12) + obj.common.ShortToStr(0));
} else {
// Check the mesh core, if the agent is capable of running one
if (((obj.agentInfo.capabilities & 16) != 0) && (corename != null)) { obj.send(obj.common.ShortToStr(11) + obj.common.ShortToStr(0)); } // Command 11, ask for mesh core hash.
if (((obj.agentInfo.capabilities & 16) != 0) && (corename != null)) {
obj.send(obj.common.ShortToStr(11) + obj.common.ShortToStr(0)); // Command 11, ask for mesh core hash.
} else {
agentCoreIsStable(); // No updates needed, agent is ready to go.
}
}
});
}
// Do this if IP location is enabled on this domain TODO: Set IP location per device group?
if (domain.iplocation == true) {
// Check if we already have IP location information for this node
obj.db.Get('iploc_' + obj.remoteaddr, function (err, iplocs) {
if (iplocs.length == 1) {
// We have a location in the database for this remote IP
var iploc = nodes[0], x = {};
if ((iploc != null) && (iploc.ip != null) && (iploc.loc != null)) {
x.publicip = iploc.ip;
x.iploc = iploc.loc + ',' + (Math.floor((new Date(iploc.date)) / 1000));
ChangeAgentLocationInfo(x);
}
function agentCoreIsStable() {
// Check that the mesh exists
var mesh = obj.parent.meshes[obj.dbMeshKey];
if (mesh == null) {
// TODO: Mark this agent as part of a mesh that does not exists.
return; // Probably not worth doing anything else. Hold this agent.
}
// Send Intel AMT policy
var amtPolicy = null;
if (mesh.amt != null) { amtPolicy = mesh.amt; }
obj.send(JSON.stringify({ action: 'amtPolicy', amtPolicy: amtPolicy }));
// Do this if IP location is enabled on this domain TODO: Set IP location per device group?
if (domain.iplocation == true) {
// Check if we already have IP location information for this node
obj.db.Get('iploc_' + obj.remoteaddr, function (err, iplocs) {
if (iplocs.length == 1) {
// We have a location in the database for this remote IP
var iploc = nodes[0], x = {};
if ((iploc != null) && (iploc.ip != null) && (iploc.loc != null)) {
x.publicip = iploc.ip;
x.iploc = iploc.loc + ',' + (Math.floor((new Date(iploc.date)) / 1000));
ChangeAgentLocationInfo(x);
}
} else {
// Check if we need to ask for the IP location
var doIpLocation = 0;
if (device.iploc == null) {
doIpLocation = 1;
} else {
// Check if we need to ask for the IP location
var doIpLocation = 0;
if (device.iploc == null) {
doIpLocation = 1;
var loc = device.iploc.split(',');
if (loc.length < 3) {
doIpLocation = 2;
} else {
var loc = device.iploc.split(',');
if (loc.length < 3) {
doIpLocation = 2;
} else {
var t = new Date((parseFloat(loc[2]) * 1000)), now = Date.now();
t.setDate(t.getDate() + 20);
if (t < now) { doIpLocation = 3; }
}
}
// If we need to ask for IP location, see if we have the quota to do it.
if (doIpLocation > 0) {
obj.db.getValueOfTheDay('ipLocationRequestLimitor', 10, function (ipLocationLimitor) {
if (ipLocationLimitor.value > 0) {
ipLocationLimitor.value--;
obj.db.Set(ipLocationLimitor);
obj.send(JSON.stringify({ action: 'iplocation' }));
}
});
var t = new Date((parseFloat(loc[2]) * 1000)), now = Date.now();
t.setDate(t.getDate() + 20);
if (t < now) { doIpLocation = 3; }
}
}
});
}
});
// If we need to ask for IP location, see if we have the quota to do it.
if (doIpLocation > 0) {
obj.db.getValueOfTheDay('ipLocationRequestLimitor', 10, function (ipLocationLimitor) {
if (ipLocationLimitor.value > 0) {
ipLocationLimitor.value--;
obj.db.Set(ipLocationLimitor);
obj.send(JSON.stringify({ action: 'iplocation' }));
}
});
}
}
});
}
}
// Get the web certificate private key hash for the specified domain

46
meshuser.js
View File

@ -110,6 +110,19 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
return true;
}
// Route a command to all targets in a mesh
function routeCommandToMesh(meshid, command) {
// Send the request to all peer servers
// TODO !!!!
// See if the node is connected
for (var nodeid in obj.parent.wsagents) {
var agent = obj.parent.wsagents[nodeid];
if (agent.dbMeshKey == meshid) { try { agent.send(JSON.stringify(command)); } catch (ex) { } }
}
return true;
}
try {
// Check if the user is logged in
if (user == null) { try { obj.ws.close(); } catch (e) { } return; }
@ -917,6 +930,39 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
}
break;
}
case 'meshamtpolicy':
{
// Change a mesh Intel AMT policy
if (obj.common.validateString(command.meshid, 1, 1024) == false) break; // Check the meshid
if (obj.common.validateObject(command.amtpolicy) == false) break; // Check the amtpolicy
if (obj.common.validateInt(command.amtpolicy.type, 0, 2) == false) break; // Check the amtpolicy.type
if (command.amtpolicy.type === 2) {
if (obj.common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
if (obj.common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
if (obj.common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
}
mesh = obj.parent.meshes[command.meshid];
change = '';
if (mesh) {
// Check if this user has rights to do this
if ((mesh.links[user._id] == null) || (mesh.links[user._id].rights != 0xFFFFFFFF)) return;
if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
// TODO: Check if this is a change from the existing policy
// Perform the Intel AMT policy change
change = 'Intel AMT policy change';
var amtpolicy = { type: command.amtpolicy.type };
if (command.amtpolicy.type === 2) { amtpolicy = { type: command.amtpolicy.type, password: command.amtpolicy.password, badpass: command.amtpolicy.badpass, cirasetup: command.amtpolicy.cirasetup }; }
mesh.amt = amtpolicy;
obj.db.Set(obj.common.escapeLinksFieldName(mesh));
obj.parent.parent.DispatchEvent(['*', mesh._id, user._id], obj, { etype: 'mesh', username: user.name, meshid: mesh._id, amt: amtpolicy, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id });
// Send new policy to all computers on this mesh
routeCommandToMesh(command.meshid, { action: 'amtPolicy', amtPolicy: amtpolicy });
}
break;
}
case 'addamtdevice':
{
if (obj.args.wanonly == true) return; // This is a WAN-only server, local Intel AMT computers can't be added

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.2.7-m",
"version": "0.2.7-n",
"keywords": [
"Remote Management",
"Intel AMT",

11
public/scripts/agent-desktop-0.0.2.js
View File

@ -177,7 +177,12 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) {
obj.ProcessData = function (str) {
var ptr = 0;
while (ptr < str.length) { ptr += obj.ProcessDataEx(str.substring(ptr)); }
//console.log('x0', str.length);
while (ptr < str.length) {
//console.log('x1', ptr, str.length);
ptr += obj.ProcessDataEx(str.substring(ptr));
//console.log('x2', ptr, str.length);
}
}
obj.ProcessDataEx = function (str) {
@ -194,7 +199,7 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) {
if (str.length < 12) return;
command = ReadShort(str, 8)
cmdsize = ReadInt(str, 4);
console.log('JUMBO cmd=' + command + ', cmdsize=' + cmdsize + ', data received=' + str.length);
//console.log('JUMBO cmd=' + command + ', cmdsize=' + cmdsize + ', data received=' + str.length);
if ((cmdsize + 8) > str.length) {
console.log('KVM accumulator set to ' + str.length + ' bytes, need ' + cmdsize + ' bytes.');
obj.accumulator = str;
@ -204,7 +209,7 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) {
jumboAdd = 8;
}
if ((cmdsize != str.length) && (obj.debugmode > 0)) { console.log(cmdsize, str.length, cmdsize == str.length); }
if ((command >= 18) && (command != 65)) { console.error("Invalid KVM command " + command + " of size " + cmdsize); console.log("Invalid KVM data", str.length, str, rstr2hex(str)); return; }
if ((command >= 18) && (command != 65)) { console.error("Invalid KVM command " + command + " of size " + cmdsize); console.log("Invalid KVM data", str.length, rstr2hex(str.substring(0, 40)) + '...'); return; }
if (cmdsize > str.length) {
console.log('KVM accumulator set to ' + str.length + ' bytes, need ' + cmdsize + ' bytes.');
obj.accumulator = str;

42
public/scripts/agent-redir-ws-0.1.0.js
View File

@ -38,6 +38,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
obj.socket = new WebSocket(url);
obj.socket.onopen = obj.xxOnSocketConnected;
obj.socket.onmessage = obj.xxOnMessage;
//obj.socket.onmessage = function (e) { console.log('Websocket data', e.data); obj.xxOnMessage(e); }
obj.socket.onerror = function (e) { console.error(e); }
obj.socket.onclose = obj.xxOnSocketClosed;
obj.xxStateChange(1);
@ -84,7 +85,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
}
obj.xxOnMessage = function (e) {
//console.log('Recv', e.data, obj.State);
//console.log('Recv', e.data, e.data.byteLength, obj.State);
if (obj.State < 3) {
if (e.data == 'c') {
try { obj.socket.send(obj.protocol); } catch (ex) { }
@ -97,7 +98,8 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
else if (typeof webkitRTCPeerConnection !== 'undefined') { obj.webrtc = new webkitRTCPeerConnection(configuration); }
if (obj.webrtc != null) {
obj.webchannel = obj.webrtc.createDataChannel("DataChannel", {}); // { ordered: false, maxRetransmits: 2 }
obj.webchannel.onmessage = function (event) { obj.xxOnMessage({ data: event.data }); };
obj.webchannel.onmessage = obj.xxOnMessage;
//obj.webchannel.onmessage = function (e) { console.log('WebRTC data', e.data); obj.xxOnMessage(e); }
obj.webchannel.onopen = function () { obj.webRtcActive = true; performWebRtcSwitch(); };
obj.webchannel.onclose = function (event) { if (obj.webRtcActive) { obj.Stop(); } }
obj.webrtc.onicecandidate = function (e) {
@ -130,6 +132,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
return;
}
/*
if (typeof e.data == 'object') {
var f = new FileReader();
if (f.readAsBinaryString) {
@ -152,8 +155,41 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
// If we get a string object, it maybe the WebRTC confirm. Ignore it.
obj.xxOnSocketData(e.data);
}
*/
if (typeof e.data == 'object') {
if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; }
if (fileReader.readAsBinaryString) {
// Chrome & Firefox (Draft)
fileReaderInuse = true;
fileReader.readAsBinaryString(new Blob([e.data]));
} else if (fileReader.readAsArrayBuffer) {
// Chrome & Firefox (Spec)
fileReaderInuse = true;
fileReader.readAsArrayBuffer(e.data);
} else {
// IE10, readAsBinaryString does not exist, use an alternative.
var binary = "", bytes = new Uint8Array(e.data), length = bytes.byteLength;
for (var i = 0; i < length; i++) { binary += String.fromCharCode(bytes[i]); }
obj.xxOnSocketData(binary);
}
} else {
// If we get a string object, it maybe the WebRTC confirm. Ignore it.
obj.xxOnSocketData(e.data);
}
};
// Setup the file reader
var fileReader = new FileReader();
var fileReaderInuse = false, fileReaderAcc = [];
if (fileReader.readAsBinaryString) {
// Chrome & Firefox (Draft)
fileReader.onload = function (e) { obj.xxOnSocketData(e.target.result); if (fileReaderAcc.length == 0) { fileReaderInuse = false; } else { fileReader.readAsBinaryString(new Blob([fileReaderAcc.shift()])); } }
} else if (fileReader.readAsArrayBuffer) {
// Chrome & Firefox (Spec)
fileReader.onloadend = function (e) { obj.xxOnSocketData(e.target.result); if (fileReaderAcc.length == 0) { fileReaderInuse = false; } else { fileReader.readAsArrayBuffer(fileReaderAcc.shift()); } }
}
obj.xxOnSocketData = function (data) {
if (!data || obj.connectstate == -1) return;
if (typeof data === 'object') {

2
public/scripts/amt-ider-ws-0.0.1.js
View File

@ -74,9 +74,11 @@ var CreateAmtRemoteIder = function (serverurl) {
if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; }
if (fileReader.readAsBinaryString) {
// Chrome & Firefox (Draft)
fileReaderInuse = true;
fileReader.readAsBinaryString(new Blob([e.data]));
} else if (fileReader.readAsArrayBuffer) {
// Chrome & Firefox (Spec)
fileReaderInuse = true;
fileReader.readAsArrayBuffer(e.data);
} else {
// IE10, readAsBinaryString does not exist, use an alternative.

2
public/scripts/amt-wsman-ws-0.2.0.js
View File

@ -146,9 +146,11 @@ var CreateWsmanComm = function (host, port, user, pass, tls) {
if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; }
if (fileReader.readAsBinaryString) {
// Chrome & Firefox (Draft)
fileReaderInuse = true;
fileReader.readAsBinaryString(new Blob([e.data]));
} else if (fileReader.readAsArrayBuffer) {
// Chrome & Firefox (Spec)
fileReaderInuse = true;
fileReader.readAsArrayBuffer(e.data);
} else {
// IE10, readAsBinaryString does not exist, use an alternative.

2
views/default-min.handlebars
View File

File diff suppressed because one or more lines are too long

2
views/default-mobile-min.handlebars
View File

File diff suppressed because one or more lines are too long

68
views/default.handlebars
View File

@ -1486,10 +1486,11 @@
meshserver.send({ action: 'nodes' }); // Request a refresh of all nodes (TODO: We could optimize this to only request nodes for the new mesh).
} else {
// This is an existing mesh
meshes[message.event.meshid].name = message.event.name;
meshes[message.event.meshid].desc = message.event.desc;
meshes[message.event.meshid].flags = message.event.flags;
meshes[message.event.meshid].links = message.event.links;
if (message.event.name) { meshes[message.event.meshid].name = message.event.name; }
if (message.event.desc) { meshes[message.event.meshid].desc = message.event.desc; }
if (message.event.flags) { meshes[message.event.meshid].flags = message.event.flags; }
if (message.event.links) { meshes[message.event.meshid].links = message.event.links; }
if (message.event.amt) { meshes[message.event.meshid].amt = message.event.amt; }
// Check if we lost rights to this mesh in this change.
if (meshes[message.event.meshid].links['user/' + domain + '/' + userinfo.name.toLowerCase()] == null) {
@ -1506,7 +1507,7 @@
}
}
masterUpdate(4 + 128);
meshserver.send({ action: 'files' });
//meshserver.send({ action: 'files' }); // TODO: Why do we need to do this??
// If we are looking at a mesh that is now deleted, move back to "My Account"
if (xxcurrentView == 20 && currentMesh._id == message.event.meshid) { p20updateMesh(); }
@ -5473,6 +5474,19 @@
x += addHtmlValue('Type', meshtype);
//x += addHtmlValue('Identifier', currentMesh._id.split('/')[2]);
// Intel AMT setup
if (currentMesh.mtype == 2) {
var intelAmtPolicy = 'No Policy';
if (currentMesh.amt) {
if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate Client Control Mode (CCM)'; }
else if (currentMesh.amt.type == 2) {
intelAmtPolicy = 'Simple Client Control Mode (CCM)';
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
}
}
x += addHtmlValue('Intel&reg; AMT', addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', (meshrights & 0xFFFFFFFF) != 0));
}
// Display group note support
if (meshrights & 1) { x += '<br><input type=button value=Notes title="View notes about this device group" onclick=showNotes(false,"' + encodeURIComponent(currentMesh._id) + '") />'; }
@ -5532,6 +5546,50 @@
QH('p20info', x);
}
function p20editMeshAmt() {
if (xxdialogMode) return;
var x = '';
x += addHtmlValue('Type', '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>No Policy</option><option value=1>Deactivate Client Control Mode (CCM)</option><option value=2>Simple Client Control Mode (CCM)</option></select>');
x += '<div id=dp20amtpolicydiv></div>';
setDialogMode(2, "Intel&reg; AMT Policy", 3, p20editMeshAmtEx, x);
if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; }
p20editMeshAmtChange();
// Set the current Intel AMT policy
if (currentMesh.amt && currentMesh.amt.type == 2) {
Q('dp20amtpolicypass').value = currentMesh.amt.password;
Q('dp20amtbadpass').value = currentMesh.amt.badpass;
Q('dp20amtcira').value = currentMesh.amt.cirasetup;
}
dp20amtValidatePolicy();
}
function p20editMeshAmtChange() {
var ptype = Q('dp20amtpolicy').value, x = '';
if (ptype == 2) {
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel&reg; AMT</option></select>");
x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=1>Don't connect to server</option><option value=2>Connect to server</option></select>");
x += '<br/><span style="font-size:10px">* Recommanded, leave blank to assign a random password to each device.</span><br/>';
x += '<span style="font-size:10px">This policy will not impact devices with Intel&reg; AMT in ACM mode.</span><br/>';
x += '<span style="font-size:10px">This is not a secure policy as agents will be performing activation.</span>';
}
QH('dp20amtpolicydiv', x);
}
function dp20amtValidatePolicy() {
var ok = true, ptype = Q('dp20amtpolicy').value;
if (ptype == 2) { var pass = Q('dp20amtpolicypass').value; ok = (pass == '') ? true : passwordcheck(pass); }
QE('idx_dlgOkButton', ok);
}
function p20editMeshAmtEx() {
var ptype = parseInt(Q('dp20amtpolicy').value), amtpolicy = { type: ptype };
if (ptype == 2) { amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value), cirasetup: parseInt(Q('dp20amtcira').value) }; }
meshserver.send({ action: 'meshamtpolicy', meshid: currentMesh._id, amtpolicy: amtpolicy });
}
function p20showDeleteMeshDialog() {
if (xxdialogMode) return;
var x = "Are you sure you want to delete mesh \"" + EscapeHtml(currentMesh.name) + "\"? Deleting the mesh will also delete all information about computers within this mesh.<br /><br />";

6
webserver.js
View File

@ -140,7 +140,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
// Main lists
obj.wsagents = {};
obj.wsagents = {}; // NodeId --> Agent
obj.wsagentsDisconnections = {};
obj.wsagentsDisconnectionsTimer = null;
obj.wssessions = {}; // UserId --> Array Of Sessions
@ -933,14 +933,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Returns the mesh server root certificate
function handleRootCertRequest(req, res) {
if (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false) { return; } // Check server-wide IP filter only.
if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false)) { return; } // Check server-wide IP filter only.
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + certificates.RootName + '.cer' });
res.send(Buffer.from(getRootCertBase64(), 'base64'));
}
// Returns an mescript for Intel AMT configuration
function handleMeScriptRequest(req, res) {
if (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false) { return; } // Check server-wide IP filter only.
if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false)) { return; } // Check server-wide IP filter only.
if (req.query.type == 1) {
var filename = 'cira_setup.mescript';
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + filename });