mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-23 04:33:14 -05:00
Added server-side Intel AMT configuration options.
This commit is contained in:
parent
aa440da880
commit
3910eba2eb
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -95,6 +95,7 @@ function createMeshCore(agent) {
|
||||
var nextTunnelIndex = 1;
|
||||
var oswsstack = null;
|
||||
var osamtstack = null;
|
||||
var amtPolicy = null;
|
||||
|
||||
// If we are running in Duktape, agent will be null
|
||||
if (agent == null) {
|
||||
@ -174,7 +175,10 @@ function createMeshCore(agent) {
|
||||
wifiScanner.on('accessPoint', function (data) { sendConsoleText(data); });
|
||||
} catch (ex) { wifiScannerLib = null; wifiScanner = null; }
|
||||
|
||||
// Try to load up the MEI module
|
||||
// Try to load Intel AMT policy
|
||||
try { amtPolicy = JSON.parse(db.Get('amtPolicy')); } catch (ex) { amtPolicy = null; }
|
||||
|
||||
// Try to load up the MEI module
|
||||
function resetMei() {
|
||||
try {
|
||||
var amtMeiLib = require('amt-mei');
|
||||
@ -502,6 +506,12 @@ function createMeshCore(agent) {
|
||||
if (data.url) { mesh.SendCommand({ "action": "openUrl", "url": data.url, "sessionid": data.sessionid, "success": (openUserDesktopUrl(data.url) != null) }); }
|
||||
break;
|
||||
}
|
||||
case 'amtPolicy': {
|
||||
// Store the latest Intel AMT policy
|
||||
amtPolicy = data.amtPolicy;
|
||||
if (data.amtPolicy != null) { db.Put('amtPolicy', JSON.stringify(data.amtPolicy)); } else { db.Put('amtPolicy', null); }
|
||||
break;
|
||||
}
|
||||
default:
|
||||
// Unknown action, ignore it.
|
||||
break;
|
||||
@ -1093,7 +1103,7 @@ function createMeshCore(agent) {
|
||||
var response = null;
|
||||
switch (cmd) {
|
||||
case 'help': { // Displays available commands
|
||||
response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtdeactivate.';
|
||||
response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtdeactivate, amtpolicy.';
|
||||
break;
|
||||
}
|
||||
/*
|
||||
@ -1132,6 +1142,14 @@ function createMeshCore(agent) {
|
||||
if (amtMei == null) { response = 'Intel AMT not supported.'; } else { deactivateCCM(); }
|
||||
break;
|
||||
}
|
||||
case 'amtpolicy': {
|
||||
if (amtPolicy == null) {
|
||||
response = 'No Intel(R) AMT policy.';
|
||||
} else {
|
||||
response = JSON.stringify(amtPolicy);
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'openurl': {
|
||||
if (args['_'].length != 1) { response = 'Proper usage: openurl (url)'; } // Display usage
|
||||
else { if (openUserDesktopUrl(args['_'][0]) == null) { response = 'Failed.'; } else { response = 'Success.'; } }
|
||||
@ -2004,13 +2022,16 @@ function createMeshCore(agent) {
|
||||
//
|
||||
|
||||
function activeToCCM(adminpass) {
|
||||
sendConsoleText('Trying to get local account info...');
|
||||
amtMei.getLocalSystemAccount(function (x) {
|
||||
if (x.user && x.pass) {
|
||||
sendConsoleText('Intel AMT local account info: User=' + x.user + ', Pass=' + x.pass + '.');
|
||||
var transport = require('amt-wsman-duk');
|
||||
var wsman = require('amt-wsman');
|
||||
var amt = require('amt');
|
||||
oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
|
||||
osamtstack = new amt(oswsstack);
|
||||
sendConsoleText('Trying to get Intel AMT activation information...');
|
||||
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToCCMEx2, adminpass);
|
||||
} else {
|
||||
sendConsoleText('Unable to get $$OsAdmin password.');
|
||||
@ -2019,7 +2040,7 @@ function createMeshCore(agent) {
|
||||
}
|
||||
|
||||
function activeToCCMEx2(stack, name, responses, status, adminpass) {
|
||||
if (status != 200) { sendConsoleText('Failed to fetch activation status, status ' + status); }
|
||||
if (status != 200) { sendConsoleText('Failed to fetch activation information, status ' + status); }
|
||||
else if (responses['IPS_HostBasedSetupService'].response['AllowedControlModes'].length != 2) { sendConsoleText('Client control mode activation not allowed'); }
|
||||
else { stack.IPS_HostBasedSetupService_Setup(2, md5hex('admin:' + responses['AMT_GeneralSettings'].response['DigestRealm'] + ':' + adminpass).substring(0, 32), null, null, null, null, activeToCCMEx3); }
|
||||
}
|
||||
|
2
agents/meshcore.min.js
vendored
2
agents/meshcore.min.js
vendored
File diff suppressed because one or more lines are too long
99
meshagent.js
99
meshagent.js
@ -129,6 +129,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
|
||||
obj.parent.parent.taskLimiter.launch(function (argument, taskid, taskLimiterQueue) {
|
||||
obj.send(obj.common.ShortToStr(10) + obj.common.ShortToStr(0) + argument.hash + argument.core, function () { obj.parent.parent.taskLimiter.completed(taskid); }); // MeshCommand_CoreModule, start core update
|
||||
obj.parent.parent.debug(1, 'Updating code ' + argument.name);
|
||||
agentCoreIsStable();
|
||||
}, { hash: meshcorehash, core: obj.parent.parent.defaultMeshCores[corename], name: corename });
|
||||
}
|
||||
obj.agentCoreCheck++;
|
||||
@ -136,6 +137,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
|
||||
} else {
|
||||
obj.agentCoreCheck = 0;
|
||||
obj.send(obj.common.ShortToStr(16) + obj.common.ShortToStr(0)); // MeshCommand_CoreOk. Indicates to the agent that the core is ok. Start it if it's not already started.
|
||||
agentCoreIsStable(); // No updates needed, agent is ready to go.
|
||||
}
|
||||
}
|
||||
|
||||
@ -463,52 +465,69 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
|
||||
obj.send(obj.common.ShortToStr(12) + obj.common.ShortToStr(0));
|
||||
} else {
|
||||
// Check the mesh core, if the agent is capable of running one
|
||||
if (((obj.agentInfo.capabilities & 16) != 0) && (corename != null)) { obj.send(obj.common.ShortToStr(11) + obj.common.ShortToStr(0)); } // Command 11, ask for mesh core hash.
|
||||
if (((obj.agentInfo.capabilities & 16) != 0) && (corename != null)) {
|
||||
obj.send(obj.common.ShortToStr(11) + obj.common.ShortToStr(0)); // Command 11, ask for mesh core hash.
|
||||
} else {
|
||||
agentCoreIsStable(); // No updates needed, agent is ready to go.
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// Do this if IP location is enabled on this domain TODO: Set IP location per device group?
|
||||
if (domain.iplocation == true) {
|
||||
// Check if we already have IP location information for this node
|
||||
obj.db.Get('iploc_' + obj.remoteaddr, function (err, iplocs) {
|
||||
if (iplocs.length == 1) {
|
||||
// We have a location in the database for this remote IP
|
||||
var iploc = nodes[0], x = {};
|
||||
if ((iploc != null) && (iploc.ip != null) && (iploc.loc != null)) {
|
||||
x.publicip = iploc.ip;
|
||||
x.iploc = iploc.loc + ',' + (Math.floor((new Date(iploc.date)) / 1000));
|
||||
ChangeAgentLocationInfo(x);
|
||||
}
|
||||
function agentCoreIsStable() {
|
||||
// Check that the mesh exists
|
||||
var mesh = obj.parent.meshes[obj.dbMeshKey];
|
||||
if (mesh == null) {
|
||||
// TODO: Mark this agent as part of a mesh that does not exists.
|
||||
return; // Probably not worth doing anything else. Hold this agent.
|
||||
}
|
||||
|
||||
// Send Intel AMT policy
|
||||
var amtPolicy = null;
|
||||
if (mesh.amt != null) { amtPolicy = mesh.amt; }
|
||||
obj.send(JSON.stringify({ action: 'amtPolicy', amtPolicy: amtPolicy }));
|
||||
|
||||
// Do this if IP location is enabled on this domain TODO: Set IP location per device group?
|
||||
if (domain.iplocation == true) {
|
||||
// Check if we already have IP location information for this node
|
||||
obj.db.Get('iploc_' + obj.remoteaddr, function (err, iplocs) {
|
||||
if (iplocs.length == 1) {
|
||||
// We have a location in the database for this remote IP
|
||||
var iploc = nodes[0], x = {};
|
||||
if ((iploc != null) && (iploc.ip != null) && (iploc.loc != null)) {
|
||||
x.publicip = iploc.ip;
|
||||
x.iploc = iploc.loc + ',' + (Math.floor((new Date(iploc.date)) / 1000));
|
||||
ChangeAgentLocationInfo(x);
|
||||
}
|
||||
} else {
|
||||
// Check if we need to ask for the IP location
|
||||
var doIpLocation = 0;
|
||||
if (device.iploc == null) {
|
||||
doIpLocation = 1;
|
||||
} else {
|
||||
// Check if we need to ask for the IP location
|
||||
var doIpLocation = 0;
|
||||
if (device.iploc == null) {
|
||||
doIpLocation = 1;
|
||||
var loc = device.iploc.split(',');
|
||||
if (loc.length < 3) {
|
||||
doIpLocation = 2;
|
||||
} else {
|
||||
var loc = device.iploc.split(',');
|
||||
if (loc.length < 3) {
|
||||
doIpLocation = 2;
|
||||
} else {
|
||||
var t = new Date((parseFloat(loc[2]) * 1000)), now = Date.now();
|
||||
t.setDate(t.getDate() + 20);
|
||||
if (t < now) { doIpLocation = 3; }
|
||||
}
|
||||
}
|
||||
|
||||
// If we need to ask for IP location, see if we have the quota to do it.
|
||||
if (doIpLocation > 0) {
|
||||
obj.db.getValueOfTheDay('ipLocationRequestLimitor', 10, function (ipLocationLimitor) {
|
||||
if (ipLocationLimitor.value > 0) {
|
||||
ipLocationLimitor.value--;
|
||||
obj.db.Set(ipLocationLimitor);
|
||||
obj.send(JSON.stringify({ action: 'iplocation' }));
|
||||
}
|
||||
});
|
||||
var t = new Date((parseFloat(loc[2]) * 1000)), now = Date.now();
|
||||
t.setDate(t.getDate() + 20);
|
||||
if (t < now) { doIpLocation = 3; }
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
// If we need to ask for IP location, see if we have the quota to do it.
|
||||
if (doIpLocation > 0) {
|
||||
obj.db.getValueOfTheDay('ipLocationRequestLimitor', 10, function (ipLocationLimitor) {
|
||||
if (ipLocationLimitor.value > 0) {
|
||||
ipLocationLimitor.value--;
|
||||
obj.db.Set(ipLocationLimitor);
|
||||
obj.send(JSON.stringify({ action: 'iplocation' }));
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
// Get the web certificate private key hash for the specified domain
|
||||
|
46
meshuser.js
46
meshuser.js
@ -110,6 +110,19 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
return true;
|
||||
}
|
||||
|
||||
// Route a command to all targets in a mesh
|
||||
function routeCommandToMesh(meshid, command) {
|
||||
// Send the request to all peer servers
|
||||
// TODO !!!!
|
||||
|
||||
// See if the node is connected
|
||||
for (var nodeid in obj.parent.wsagents) {
|
||||
var agent = obj.parent.wsagents[nodeid];
|
||||
if (agent.dbMeshKey == meshid) { try { agent.send(JSON.stringify(command)); } catch (ex) { } }
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
try {
|
||||
// Check if the user is logged in
|
||||
if (user == null) { try { obj.ws.close(); } catch (e) { } return; }
|
||||
@ -917,6 +930,39 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'meshamtpolicy':
|
||||
{
|
||||
// Change a mesh Intel AMT policy
|
||||
if (obj.common.validateString(command.meshid, 1, 1024) == false) break; // Check the meshid
|
||||
if (obj.common.validateObject(command.amtpolicy) == false) break; // Check the amtpolicy
|
||||
if (obj.common.validateInt(command.amtpolicy.type, 0, 2) == false) break; // Check the amtpolicy.type
|
||||
if (command.amtpolicy.type === 2) {
|
||||
if (obj.common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
|
||||
if (obj.common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
|
||||
if (obj.common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
|
||||
}
|
||||
mesh = obj.parent.meshes[command.meshid];
|
||||
change = '';
|
||||
if (mesh) {
|
||||
// Check if this user has rights to do this
|
||||
if ((mesh.links[user._id] == null) || (mesh.links[user._id].rights != 0xFFFFFFFF)) return;
|
||||
if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
|
||||
|
||||
// TODO: Check if this is a change from the existing policy
|
||||
|
||||
// Perform the Intel AMT policy change
|
||||
change = 'Intel AMT policy change';
|
||||
var amtpolicy = { type: command.amtpolicy.type };
|
||||
if (command.amtpolicy.type === 2) { amtpolicy = { type: command.amtpolicy.type, password: command.amtpolicy.password, badpass: command.amtpolicy.badpass, cirasetup: command.amtpolicy.cirasetup }; }
|
||||
mesh.amt = amtpolicy;
|
||||
obj.db.Set(obj.common.escapeLinksFieldName(mesh));
|
||||
obj.parent.parent.DispatchEvent(['*', mesh._id, user._id], obj, { etype: 'mesh', username: user.name, meshid: mesh._id, amt: amtpolicy, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id });
|
||||
|
||||
// Send new policy to all computers on this mesh
|
||||
routeCommandToMesh(command.meshid, { action: 'amtPolicy', amtPolicy: amtpolicy });
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'addamtdevice':
|
||||
{
|
||||
if (obj.args.wanonly == true) return; // This is a WAN-only server, local Intel AMT computers can't be added
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.2.7-m",
|
||||
"version": "0.2.7-n",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
@ -177,7 +177,12 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) {
|
||||
|
||||
obj.ProcessData = function (str) {
|
||||
var ptr = 0;
|
||||
while (ptr < str.length) { ptr += obj.ProcessDataEx(str.substring(ptr)); }
|
||||
//console.log('x0', str.length);
|
||||
while (ptr < str.length) {
|
||||
//console.log('x1', ptr, str.length);
|
||||
ptr += obj.ProcessDataEx(str.substring(ptr));
|
||||
//console.log('x2', ptr, str.length);
|
||||
}
|
||||
}
|
||||
|
||||
obj.ProcessDataEx = function (str) {
|
||||
@ -194,7 +199,7 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) {
|
||||
if (str.length < 12) return;
|
||||
command = ReadShort(str, 8)
|
||||
cmdsize = ReadInt(str, 4);
|
||||
console.log('JUMBO cmd=' + command + ', cmdsize=' + cmdsize + ', data received=' + str.length);
|
||||
//console.log('JUMBO cmd=' + command + ', cmdsize=' + cmdsize + ', data received=' + str.length);
|
||||
if ((cmdsize + 8) > str.length) {
|
||||
console.log('KVM accumulator set to ' + str.length + ' bytes, need ' + cmdsize + ' bytes.');
|
||||
obj.accumulator = str;
|
||||
@ -204,7 +209,7 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) {
|
||||
jumboAdd = 8;
|
||||
}
|
||||
if ((cmdsize != str.length) && (obj.debugmode > 0)) { console.log(cmdsize, str.length, cmdsize == str.length); }
|
||||
if ((command >= 18) && (command != 65)) { console.error("Invalid KVM command " + command + " of size " + cmdsize); console.log("Invalid KVM data", str.length, str, rstr2hex(str)); return; }
|
||||
if ((command >= 18) && (command != 65)) { console.error("Invalid KVM command " + command + " of size " + cmdsize); console.log("Invalid KVM data", str.length, rstr2hex(str.substring(0, 40)) + '...'); return; }
|
||||
if (cmdsize > str.length) {
|
||||
console.log('KVM accumulator set to ' + str.length + ' bytes, need ' + cmdsize + ' bytes.');
|
||||
obj.accumulator = str;
|
||||
|
@ -38,6 +38,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
|
||||
obj.socket = new WebSocket(url);
|
||||
obj.socket.onopen = obj.xxOnSocketConnected;
|
||||
obj.socket.onmessage = obj.xxOnMessage;
|
||||
//obj.socket.onmessage = function (e) { console.log('Websocket data', e.data); obj.xxOnMessage(e); }
|
||||
obj.socket.onerror = function (e) { console.error(e); }
|
||||
obj.socket.onclose = obj.xxOnSocketClosed;
|
||||
obj.xxStateChange(1);
|
||||
@ -84,7 +85,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
|
||||
}
|
||||
|
||||
obj.xxOnMessage = function (e) {
|
||||
//console.log('Recv', e.data, obj.State);
|
||||
//console.log('Recv', e.data, e.data.byteLength, obj.State);
|
||||
if (obj.State < 3) {
|
||||
if (e.data == 'c') {
|
||||
try { obj.socket.send(obj.protocol); } catch (ex) { }
|
||||
@ -97,7 +98,8 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
|
||||
else if (typeof webkitRTCPeerConnection !== 'undefined') { obj.webrtc = new webkitRTCPeerConnection(configuration); }
|
||||
if (obj.webrtc != null) {
|
||||
obj.webchannel = obj.webrtc.createDataChannel("DataChannel", {}); // { ordered: false, maxRetransmits: 2 }
|
||||
obj.webchannel.onmessage = function (event) { obj.xxOnMessage({ data: event.data }); };
|
||||
obj.webchannel.onmessage = obj.xxOnMessage;
|
||||
//obj.webchannel.onmessage = function (e) { console.log('WebRTC data', e.data); obj.xxOnMessage(e); }
|
||||
obj.webchannel.onopen = function () { obj.webRtcActive = true; performWebRtcSwitch(); };
|
||||
obj.webchannel.onclose = function (event) { if (obj.webRtcActive) { obj.Stop(); } }
|
||||
obj.webrtc.onicecandidate = function (e) {
|
||||
@ -130,6 +132,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
if (typeof e.data == 'object') {
|
||||
var f = new FileReader();
|
||||
if (f.readAsBinaryString) {
|
||||
@ -152,8 +155,41 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
|
||||
// If we get a string object, it maybe the WebRTC confirm. Ignore it.
|
||||
obj.xxOnSocketData(e.data);
|
||||
}
|
||||
*/
|
||||
|
||||
if (typeof e.data == 'object') {
|
||||
if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; }
|
||||
if (fileReader.readAsBinaryString) {
|
||||
// Chrome & Firefox (Draft)
|
||||
fileReaderInuse = true;
|
||||
fileReader.readAsBinaryString(new Blob([e.data]));
|
||||
} else if (fileReader.readAsArrayBuffer) {
|
||||
// Chrome & Firefox (Spec)
|
||||
fileReaderInuse = true;
|
||||
fileReader.readAsArrayBuffer(e.data);
|
||||
} else {
|
||||
// IE10, readAsBinaryString does not exist, use an alternative.
|
||||
var binary = "", bytes = new Uint8Array(e.data), length = bytes.byteLength;
|
||||
for (var i = 0; i < length; i++) { binary += String.fromCharCode(bytes[i]); }
|
||||
obj.xxOnSocketData(binary);
|
||||
}
|
||||
} else {
|
||||
// If we get a string object, it maybe the WebRTC confirm. Ignore it.
|
||||
obj.xxOnSocketData(e.data);
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
// Setup the file reader
|
||||
var fileReader = new FileReader();
|
||||
var fileReaderInuse = false, fileReaderAcc = [];
|
||||
if (fileReader.readAsBinaryString) {
|
||||
// Chrome & Firefox (Draft)
|
||||
fileReader.onload = function (e) { obj.xxOnSocketData(e.target.result); if (fileReaderAcc.length == 0) { fileReaderInuse = false; } else { fileReader.readAsBinaryString(new Blob([fileReaderAcc.shift()])); } }
|
||||
} else if (fileReader.readAsArrayBuffer) {
|
||||
// Chrome & Firefox (Spec)
|
||||
fileReader.onloadend = function (e) { obj.xxOnSocketData(e.target.result); if (fileReaderAcc.length == 0) { fileReaderInuse = false; } else { fileReader.readAsArrayBuffer(fileReaderAcc.shift()); } }
|
||||
}
|
||||
|
||||
obj.xxOnSocketData = function (data) {
|
||||
if (!data || obj.connectstate == -1) return;
|
||||
if (typeof data === 'object') {
|
||||
|
@ -74,9 +74,11 @@ var CreateAmtRemoteIder = function (serverurl) {
|
||||
if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; }
|
||||
if (fileReader.readAsBinaryString) {
|
||||
// Chrome & Firefox (Draft)
|
||||
fileReaderInuse = true;
|
||||
fileReader.readAsBinaryString(new Blob([e.data]));
|
||||
} else if (fileReader.readAsArrayBuffer) {
|
||||
// Chrome & Firefox (Spec)
|
||||
fileReaderInuse = true;
|
||||
fileReader.readAsArrayBuffer(e.data);
|
||||
} else {
|
||||
// IE10, readAsBinaryString does not exist, use an alternative.
|
||||
|
@ -146,9 +146,11 @@ var CreateWsmanComm = function (host, port, user, pass, tls) {
|
||||
if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; }
|
||||
if (fileReader.readAsBinaryString) {
|
||||
// Chrome & Firefox (Draft)
|
||||
fileReaderInuse = true;
|
||||
fileReader.readAsBinaryString(new Blob([e.data]));
|
||||
} else if (fileReader.readAsArrayBuffer) {
|
||||
// Chrome & Firefox (Spec)
|
||||
fileReaderInuse = true;
|
||||
fileReader.readAsArrayBuffer(e.data);
|
||||
} else {
|
||||
// IE10, readAsBinaryString does not exist, use an alternative.
|
||||
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -1486,10 +1486,11 @@
|
||||
meshserver.send({ action: 'nodes' }); // Request a refresh of all nodes (TODO: We could optimize this to only request nodes for the new mesh).
|
||||
} else {
|
||||
// This is an existing mesh
|
||||
meshes[message.event.meshid].name = message.event.name;
|
||||
meshes[message.event.meshid].desc = message.event.desc;
|
||||
meshes[message.event.meshid].flags = message.event.flags;
|
||||
meshes[message.event.meshid].links = message.event.links;
|
||||
if (message.event.name) { meshes[message.event.meshid].name = message.event.name; }
|
||||
if (message.event.desc) { meshes[message.event.meshid].desc = message.event.desc; }
|
||||
if (message.event.flags) { meshes[message.event.meshid].flags = message.event.flags; }
|
||||
if (message.event.links) { meshes[message.event.meshid].links = message.event.links; }
|
||||
if (message.event.amt) { meshes[message.event.meshid].amt = message.event.amt; }
|
||||
|
||||
// Check if we lost rights to this mesh in this change.
|
||||
if (meshes[message.event.meshid].links['user/' + domain + '/' + userinfo.name.toLowerCase()] == null) {
|
||||
@ -1506,7 +1507,7 @@
|
||||
}
|
||||
}
|
||||
masterUpdate(4 + 128);
|
||||
meshserver.send({ action: 'files' });
|
||||
//meshserver.send({ action: 'files' }); // TODO: Why do we need to do this??
|
||||
|
||||
// If we are looking at a mesh that is now deleted, move back to "My Account"
|
||||
if (xxcurrentView == 20 && currentMesh._id == message.event.meshid) { p20updateMesh(); }
|
||||
@ -5473,6 +5474,19 @@
|
||||
x += addHtmlValue('Type', meshtype);
|
||||
//x += addHtmlValue('Identifier', currentMesh._id.split('/')[2]);
|
||||
|
||||
// Intel AMT setup
|
||||
if (currentMesh.mtype == 2) {
|
||||
var intelAmtPolicy = 'No Policy';
|
||||
if (currentMesh.amt) {
|
||||
if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate Client Control Mode (CCM)'; }
|
||||
else if (currentMesh.amt.type == 2) {
|
||||
intelAmtPolicy = 'Simple Client Control Mode (CCM)';
|
||||
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
|
||||
}
|
||||
}
|
||||
x += addHtmlValue('Intel® AMT', addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', (meshrights & 0xFFFFFFFF) != 0));
|
||||
}
|
||||
|
||||
// Display group note support
|
||||
if (meshrights & 1) { x += '<br><input type=button value=Notes title="View notes about this device group" onclick=showNotes(false,"' + encodeURIComponent(currentMesh._id) + '") />'; }
|
||||
|
||||
@ -5532,6 +5546,50 @@
|
||||
QH('p20info', x);
|
||||
}
|
||||
|
||||
function p20editMeshAmt() {
|
||||
if (xxdialogMode) return;
|
||||
var x = '';
|
||||
x += addHtmlValue('Type', '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>No Policy</option><option value=1>Deactivate Client Control Mode (CCM)</option><option value=2>Simple Client Control Mode (CCM)</option></select>');
|
||||
x += '<div id=dp20amtpolicydiv></div>';
|
||||
setDialogMode(2, "Intel® AMT Policy", 3, p20editMeshAmtEx, x);
|
||||
if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; }
|
||||
p20editMeshAmtChange();
|
||||
|
||||
// Set the current Intel AMT policy
|
||||
if (currentMesh.amt && currentMesh.amt.type == 2) {
|
||||
Q('dp20amtpolicypass').value = currentMesh.amt.password;
|
||||
Q('dp20amtbadpass').value = currentMesh.amt.badpass;
|
||||
Q('dp20amtcira').value = currentMesh.amt.cirasetup;
|
||||
}
|
||||
|
||||
dp20amtValidatePolicy();
|
||||
}
|
||||
|
||||
function p20editMeshAmtChange() {
|
||||
var ptype = Q('dp20amtpolicy').value, x = '';
|
||||
if (ptype == 2) {
|
||||
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||
x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>");
|
||||
x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=1>Don't connect to server</option><option value=2>Connect to server</option></select>");
|
||||
x += '<br/><span style="font-size:10px">* Recommanded, leave blank to assign a random password to each device.</span><br/>';
|
||||
x += '<span style="font-size:10px">This policy will not impact devices with Intel® AMT in ACM mode.</span><br/>';
|
||||
x += '<span style="font-size:10px">This is not a secure policy as agents will be performing activation.</span>';
|
||||
}
|
||||
QH('dp20amtpolicydiv', x);
|
||||
}
|
||||
|
||||
function dp20amtValidatePolicy() {
|
||||
var ok = true, ptype = Q('dp20amtpolicy').value;
|
||||
if (ptype == 2) { var pass = Q('dp20amtpolicypass').value; ok = (pass == '') ? true : passwordcheck(pass); }
|
||||
QE('idx_dlgOkButton', ok);
|
||||
}
|
||||
|
||||
function p20editMeshAmtEx() {
|
||||
var ptype = parseInt(Q('dp20amtpolicy').value), amtpolicy = { type: ptype };
|
||||
if (ptype == 2) { amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value), cirasetup: parseInt(Q('dp20amtcira').value) }; }
|
||||
meshserver.send({ action: 'meshamtpolicy', meshid: currentMesh._id, amtpolicy: amtpolicy });
|
||||
}
|
||||
|
||||
function p20showDeleteMeshDialog() {
|
||||
if (xxdialogMode) return;
|
||||
var x = "Are you sure you want to delete mesh \"" + EscapeHtml(currentMesh.name) + "\"? Deleting the mesh will also delete all information about computers within this mesh.<br /><br />";
|
||||
|
@ -140,7 +140,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
}
|
||||
|
||||
// Main lists
|
||||
obj.wsagents = {};
|
||||
obj.wsagents = {}; // NodeId --> Agent
|
||||
obj.wsagentsDisconnections = {};
|
||||
obj.wsagentsDisconnectionsTimer = null;
|
||||
obj.wssessions = {}; // UserId --> Array Of Sessions
|
||||
@ -933,14 +933,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
|
||||
// Returns the mesh server root certificate
|
||||
function handleRootCertRequest(req, res) {
|
||||
if (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false) { return; } // Check server-wide IP filter only.
|
||||
if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false)) { return; } // Check server-wide IP filter only.
|
||||
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + certificates.RootName + '.cer' });
|
||||
res.send(Buffer.from(getRootCertBase64(), 'base64'));
|
||||
}
|
||||
|
||||
// Returns an mescript for Intel AMT configuration
|
||||
function handleMeScriptRequest(req, res) {
|
||||
if (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false) { return; } // Check server-wide IP filter only.
|
||||
if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false)) { return; } // Check server-wide IP filter only.
|
||||
if (req.query.type == 1) {
|
||||
var filename = 'cira_setup.mescript';
|
||||
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + filename });
|
||||
|
Loading…
x
Reference in New Issue
Block a user