MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-01-12 15:33:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

Intel AMT improvements.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2020-11-24 23:17:54 -08:00
parent 39541f8755
commit 52114da91c
9 changed files with 794 additions and 748 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
agents/MeshCmd-signed.exe
View File

Binary file not shown.

BIN
agents/MeshCmd64-signed.exe
View File

Binary file not shown.

8
agents/meshcmd.js
View File

@ -534,6 +534,7 @@ function run(argv) {
amtMei.getLanInterfaceSettings(0, function (result) { if (result) { mestate.net0 = result; } });
amtMei.getLanInterfaceSettings(1, function (result) { if (result) { mestate.net1 = result; } });
amtMei.getUuid(function (result) { if ((result != null) && (result.uuid != null)) { mestate.uuid = result.uuid; } });
amtMei.getRemoteAccessConnectionStatus(function (result) { if ((result != null) && (result.status == 0)) { mestate.networkStatus = result.networkStatus; mestate.remoteAccessStatus = result.remoteAccessStatus; mestate.remoteAccessTrigger = result.remoteAccessTrigger; mestate.mpsHostname = result.mpsHostname; } });
amtMei.getDnsSuffix(function (result) {
if (result) { mestate.dns = result; }
if (mestate.ver && mestate.ProvisioningState && mestate.ProvisioningMode) {
@ -570,6 +571,13 @@ function run(argv) {
if (fqdn != null) { str += '\r\nDNS suffix: ' + fqdn; }
}
}
if (typeof mestate.networkStatus == 'number') {
str += '\r\nConnection Status: ' + ['Direct', 'VPN', 'Outside'][mestate.networkStatus];
str += ', CIRA: ' + ['Disconnected', 'Connecting', 'Connected'][mestate.remoteAccessStatus];
if ((mestate.remoteAccessStatus > 0) && (mestate.mpsHostname != null) && (mestate.mpsHostname.length > 0)) {
str += ' to ' + mestate.mpsHostname + ', ' + ['User initiated', 'Alert', 'Periodic', 'Provisioning'][mestate.remoteAccessTrigger];
}
}
console.log(str + '.');
} else {
console.log('Intel(R) AMT not supported.');

2
agents/modules_meshcmd/amt-mei.js
View File

@ -390,7 +390,7 @@ function amt_heci() {
for (var i = 1; i < arguments.length; ++i) { optional.push(arguments[i]); }
this.sendCommand(0x46, null, function (header, fn, opt) {
if (header.Status == 0) {
var hostname = v.slice(14, header.Data.readUInt16LE(12) + 14).toString()
var hostname = header.Data.slice(14, header.Data.readUInt16LE(12) + 14).toString()
opt.unshift({ status: header.Status, networkStatus: header.Data.readUInt32LE(0), remoteAccessStatus: header.Data.readUInt32LE(4), remoteAccessTrigger: header.Data.readUInt32LE(8), mpsHostname: hostname, raw: header.Data });
} else {
opt.unshift({ status: header.Status });

2
agents/modules_meshcore/amt-mei.js
View File

@ -390,7 +390,7 @@ function amt_heci() {
for (var i = 1; i < arguments.length; ++i) { optional.push(arguments[i]); }
this.sendCommand(0x46, null, function (header, fn, opt) {
if (header.Status == 0) {
var hostname = v.slice(14, header.Data.readUInt16LE(12) + 14).toString()
var hostname = header.Data.slice(14, header.Data.readUInt16LE(12) + 14).toString()
opt.unshift({ status: header.Status, networkStatus: header.Data.readUInt32LE(0), remoteAccessStatus: header.Data.readUInt32LE(4), remoteAccessTrigger: header.Data.readUInt32LE(8), mpsHostname: hostname, raw: header.Data });
} else {
opt.unshift({ status: header.Status });

16
amtmanager.js
View File

@ -1619,17 +1619,23 @@ module.exports.CreateAmtManager = function (parent) {
const mesh = parent.webserver.meshes[dev.meshid];
if (mesh == null) { dev.consoleMsg("Unable to find device group."); removeAmtDevice(dev); return false; }
var amtPolicy = 0; // 0 = Do nothing, 1 = Deactivate CCM, 2 = CCM, 3 = ACM
if (mesh.amt != null) { if (mesh.amt.type) { amtPolicy = mesh.amt.type; } }
var ccmPolicy = 0; // Only used when in ACM policy: 0 = Do nothing, 1 = Deactivate CCM, 2 = CCM is ACM fails
if (mesh.amt != null) { if (typeof mesh.amt.type == 'number') { amtPolicy = mesh.amt.type; } if (typeof mesh.amt.ccm == 'number') { ccmPolicy = mesh.amt.ccm; } }
if ((typeof dev.mpsConnection.tag.meiState.OsAdmin != 'object') || (typeof dev.mpsConnection.tag.meiState.OsAdmin.user != 'string') || (typeof dev.mpsConnection.tag.meiState.OsAdmin.pass != 'string')) { amtPolicy = 0; }
if (amtPolicy == 0) { removeAmtDevice(dev); return false; } // Do nothing, we should not have gotten this CIRA-LMS connection.
if (amtPolicy == 2) { activateIntelAmtCcm(dev, mesh.amt.password); } // Activate to CCM policy
if ((amtPolicy == 3) || (amtPolicy == 4)) { // Activate to ACM policy
var acminfo = checkAcmActivation(dev);
if (acminfo == null) {
// No opportunity to activate to ACM, check if we are already in CCM
if ((dev.mpsConnection.tag.meiState.Flags & 2) != 0) return true; // We are in CCM, keep going
// We are not already in CCM, go to CCM now
activateIntelAmtCcm(dev, mesh.amt.password);
// No opportunity to activate to ACM, check if we are in CCM
if ((dev.mpsConnection.tag.meiState.Flags & 2) != 0) {
if ((amtPolicy == 3) && (ccmPolicy == 1)) { deactivateIntelAmtCCM(dev); } // If we are in ACM policy and CCM is not allowed, deactivate it now.
else { return true; } // We are in CCM, keep going
} else {
// We are not in CCM, go to CCM now
if ((amtPolicy == 4) || ((amtPolicy == 3) && (ccmPolicy == 2))) { activateIntelAmtCcm(dev, mesh.amt.password); } // If we are in full automatic or ACM with CCM allowed, setup CCM.
else { removeAmtDevice(dev); return false; } // We are not in CCM and policy restricts use of CCM, so exit now.
}
} else {
// Found a certificate to activate to ACM.
if ((dev.mpsConnection.tag.meiState.Flags & 2) != 0) {

3
meshuser.js
View File

@ -3329,8 +3329,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} else if (command.amtpolicy.type === 3) {
if ((command.amtpolicy.password != null) && (common.validateString(command.amtpolicy.password, 0, 32) == false)) break; // Check the amtpolicy.password
if ((command.amtpolicy.badpass != null) && common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
if ((command.amtpolicy.ccm != null) && common.validateInt(command.amtpolicy.ccm, 0, 2) == false) break; // Check the amtpolicy.ccm
if (common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
}
mesh = parent.meshes[command.meshid];
change = '';
if (mesh) {
@ -3345,6 +3347,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
var amtpolicy = { type: command.amtpolicy.type };
if ((command.amtpolicy.type === 2) || (command.amtpolicy.type === 3)) {
amtpolicy = { type: command.amtpolicy.type, badpass: command.amtpolicy.badpass, cirasetup: command.amtpolicy.cirasetup };
if (command.amtpolicy.type === 3) { amtpolicy.ccm = command.amtpolicy.ccm; }
if ((command.amtpolicy.password == null) && (mesh.amt != null) && (typeof mesh.amt.password == 'string')) { amtpolicy.password = mesh.amt.password; } // Keep the last password
if ((typeof command.amtpolicy.password == 'string') && (command.amtpolicy.password.length >= 8)) { amtpolicy.password = command.amtpolicy.password; } // Set a new password
}

1504
translate/translate.json
View File

File diff suppressed because it is too large Load Diff

7
views/default.handlebars
View File

@ -9838,6 +9838,7 @@
Q('dp20amtpolicypass').value = currentMesh.amt.password;
if ((currentMesh.amt.type == 2) || (currentMesh.amt.type == 3)) {
if (currentMesh.amt.badpass != null) { Q('dp20amtbadpass').value = currentMesh.amt.badpass; }
if ((currentMesh.amt.type == 3) && (currentMesh.amt.ccm != null)) { Q('dp20amtccmmode').value = currentMesh.amt.ccm; }
}
if ((features & 0x400) == 0) { Q('dp20amtcira').value = currentMesh.amt.cirasetup; }
}
@ -9854,7 +9855,10 @@
x += addHtmlValue("New password*", '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
x += addHtmlValue("New password*", '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
x += '</div>';
if (ptype == 3) { x += addHtmlValue("CCM mode", '<select id=dp20amtccmmode style=width:230px onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy()><option value=0>' + "Don't change, keep CCM if setup" + '</option><option value=1>' + "Deactivate CCM if setup" + '</option><option value=2>' + "Activate to CCM, if ACM fails" + '</option></select>'); }
x += '<div id=dp20amtbadpassdiv style=display:none>';
x += addHtmlValue("Unknown password", '<select id=dp20amtbadpass style=width:230px><option value=0>' + "Do nothing" + '</option><option value=1>' + "If in CCM, reactivate Intel&reg; AMT" + '</option></select>');
x += '</div>';
if ((features & 0x400) == 0) { x += addHtmlValue('<span title="' + "Client Initiated Remote Access" + '">' + "CIRA setup" + '</span>', '<select id=dp20amtcira style=width:230px><option value=0>' + "Do nothing" + '</option><option value=1>' + "Don't connect to server" + '</option><option value=2>' + "Connect to server" + '</option></select>'); }
x += '<span id=dp10passNotify style="font-size:10px"> ' + "* 8 characters, 1 upper, 1 lower, 1 numeric, 1 non-alpha numeric." + '</span>';
if ((currentMesh.mtype == 2) && (ptype == 2)) { x += '<span style="font-size:10px"> ' + "This policy will not impact devices with Intel&reg; AMT in ACM mode." + '</span>'; }
@ -9875,6 +9879,7 @@
QE('idx_dlgOkButton', ok);
if ((ptype == 2) || (ptype == 3)) { QV('dp20amtpassdiv', Q('dp20amtpass').value == 2); }
QV('dp10passNotify', ((ptype == 2) || (ptype == 3)) && (Q('dp20amtpass').value == 2));
QV('dp20amtbadpassdiv', (ptype == 2) || ((ptype == 3) && (Q('dp20amtccmmode').value != 1)));
}
function p20editMeshAmtEx() {
@ -9889,7 +9894,7 @@
amtpolicy = { type: ptype, password: password, badpass: parseInt(Q('dp20amtbadpass').value) };
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
} else if (ptype == 3) { // ACM policy
amtpolicy = { type: ptype, password: password, badpass: parseInt(Q('dp20amtbadpass').value) };
amtpolicy = { type: ptype, password: password, badpass: parseInt(Q('dp20amtbadpass').value), ccm: parseInt(Q('dp20amtccmmode').value) };
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
} else if (ptype == 4) { // Fully automatic policy
amtpolicy = { type: ptype };