Started work on Intel AMT ACM activation.
This commit is contained in:
parent
feb3542e8b
commit
53b3845624
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -26,6 +26,23 @@ module.exports.CertificateOperations = function (parent) {
|
||||||
obj.dirExists = function (filePath) { try { return obj.fs.statSync(filePath).isDirectory(); } catch (err) { return false; } };
|
obj.dirExists = function (filePath) { try { return obj.fs.statSync(filePath).isDirectory(); } catch (err) { return false; } };
|
||||||
obj.getFilesizeInBytes = function (filename) { try { return obj.fs.statSync(filename).size; } catch (err) { return -1; } };
|
obj.getFilesizeInBytes = function (filename) { try { return obj.fs.statSync(filename).size; } catch (err) { return -1; } };
|
||||||
|
|
||||||
|
// Return the certificate of the remote HTTPS server
|
||||||
|
obj.loadPfxCertificate = function (filename, password) {
|
||||||
|
var r = { certs: [], keys: [] };
|
||||||
|
var pfxbuf = obj.fs.readFileSync(filename);
|
||||||
|
var pfxb64 = Buffer.from(pfxbuf).toString('base64');
|
||||||
|
var pfxder = obj.forge.util.decode64(pfxb64);
|
||||||
|
var asn = obj.forge.asn1.fromDer(pfxder);
|
||||||
|
var pfx = obj.forge.pkcs12.pkcs12FromAsn1(asn, true, password);
|
||||||
|
// Get the certs from certbags
|
||||||
|
var bags = pfx.getBags({ bagType: obj.forge.pki.oids.certBag });
|
||||||
|
for (var i = 0; i < bags[obj.forge.pki.oids.certBag].length; i++) { r.certs.push(bags[obj.forge.pki.oids.certBag][i].cert); }
|
||||||
|
// Get shrouded key from key bags
|
||||||
|
bags = pfx.getBags({ bagType: obj.forge.pki.oids.pkcs8ShroudedKeyBag });
|
||||||
|
for (var i = 0; i < bags[obj.forge.pki.oids.pkcs8ShroudedKeyBag].length; i++) { r.keys.push(bags[obj.forge.pki.oids.pkcs8ShroudedKeyBag][i].key); }
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
// Return the certificate of the remote HTTPS server
|
// Return the certificate of the remote HTTPS server
|
||||||
obj.loadCertificate = function (url, tag, func) {
|
obj.loadCertificate = function (url, tag, func) {
|
||||||
const u = require('url').parse(url);
|
const u = require('url').parse(url);
|
||||||
|
|
16
meshagent.js
16
meshagent.js
|
@ -813,24 +813,28 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
|
||||||
|
|
||||||
// Take a basic Intel AMT policy and add all server information to it, making it ready to send to this agent.
|
// Take a basic Intel AMT policy and add all server information to it, making it ready to send to this agent.
|
||||||
function completeIntelAmtPolicy(amtPolicy) {
|
function completeIntelAmtPolicy(amtPolicy) {
|
||||||
|
var r = amtPolicy;
|
||||||
if (amtPolicy == null) return null;
|
if (amtPolicy == null) return null;
|
||||||
if (amtPolicy.type == 2) {
|
if (amtPolicy.type == 2) {
|
||||||
// Add server root certificate
|
// CCM - Add server root certificate
|
||||||
if (parent.parent.certificates.rootex == null) { parent.parent.certificates.rootex = parent.parent.certificates.root.cert.split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join('').split('\r').join('').split('\n').join(''); }
|
if (parent.parent.certificates.rootex == null) { parent.parent.certificates.rootex = parent.parent.certificates.root.cert.split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join('').split('\r').join('').split('\n').join(''); }
|
||||||
amtPolicy.rootcert = parent.parent.certificates.rootex;
|
r.rootcert = parent.parent.certificates.rootex;
|
||||||
|
} else if ((amtPolicy.type == 3) && (domain.amtacmactivation.dnsmatch)) {
|
||||||
|
// ACM - In this mode, don't send much to Intel AMT. Just indicate ACM policy and let the agent try activation when possible.
|
||||||
|
r = { type: 3, dnsmatch: domain.amtacmactivation.dnsmatch };
|
||||||
}
|
}
|
||||||
if ((amtPolicy.cirasetup == 2) && (parent.parent.mpsserver != null) && (parent.parent.certificates.AmtMpsName != null) && (args.lanonly != true) && (args.mpsport != 0)) {
|
if (((amtPolicy.cirasetup == 2) || (amtPolicy.cirasetup == 3)) && (parent.parent.mpsserver != null) && (parent.parent.certificates.AmtMpsName != null) && (args.lanonly != true) && (args.mpsport != 0)) {
|
||||||
// Add server CIRA settings
|
// Add server CIRA settings
|
||||||
amtPolicy.ciraserver = {
|
r.ciraserver = {
|
||||||
name: parent.parent.certificates.AmtMpsName,
|
name: parent.parent.certificates.AmtMpsName,
|
||||||
port: (typeof args.mpsaliasport == 'number' ? args.mpsaliasport : args.mpsport),
|
port: (typeof args.mpsaliasport == 'number' ? args.mpsaliasport : args.mpsport),
|
||||||
user: obj.meshid.replace(/\@/g, 'X').replace(/\$/g, 'X').substring(0, 16),
|
user: obj.meshid.replace(/\@/g, 'X').replace(/\$/g, 'X').substring(0, 16),
|
||||||
pass: args.mpspass ? args.mpspass : 'A@xew9rt', // If the MPS password is not set, just use anything. TODO: Use the password as an agent identifier?
|
pass: args.mpspass ? args.mpspass : 'A@xew9rt', // If the MPS password is not set, just use anything. TODO: Use the password as an agent identifier?
|
||||||
home: ['sdlwerulis3wpj95dfj'] // Use a random FQDN to not have any home network.
|
home: ['sdlwerulis3wpj95dfj'] // Use a random FQDN to not have any home network.
|
||||||
};
|
};
|
||||||
if (Array.isArray(args.ciralocalfqdn)) { amtPolicy.ciraserver.home = args.ciralocalfqdn; }
|
if (Array.isArray(args.ciralocalfqdn)) { r.ciraserver.home = args.ciralocalfqdn; }
|
||||||
}
|
}
|
||||||
return amtPolicy;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Send Intel AMT policy
|
// Send Intel AMT policy
|
||||||
|
|
|
@ -714,6 +714,30 @@ function CreateMeshCentralServer(config, args) {
|
||||||
|
|
||||||
// Load any domain web certificates
|
// Load any domain web certificates
|
||||||
for (i in obj.config.domains) {
|
for (i in obj.config.domains) {
|
||||||
|
// Load any Intel AMT ACM activation certificates
|
||||||
|
if (obj.config.domains[i].amtacmactivation && obj.config.domains[i].amtacmactivation.certs) {
|
||||||
|
var badAcmConfigs = [], dnsmatch = [], amtAcmCertCount = 0;
|
||||||
|
for (var j in obj.config.domains[i].amtacmactivation.certs) {
|
||||||
|
var acmconfig = obj.config.domains[i].amtacmactivation.certs[j];
|
||||||
|
if (acmconfig.dnsmatch == null) { acmconfig.dnsmatch = [ j ]; }
|
||||||
|
if (typeof acmconfig.dnsmatch == 'string') { acmconfig.dnsmatch = [ acmconfig.dnsmatch ]; }
|
||||||
|
if (typeof acmconfig.dnsmatch.length == 0) { badAcmConfigs.push(j); continue; }
|
||||||
|
if (typeof acmconfig.cert != 'string') { badAcmConfigs.push(j); continue; }
|
||||||
|
var r = null;
|
||||||
|
try { r = obj.certificateOperations.loadPfxCertificate(obj.path.join(obj.datapath, acmconfig.cert), acmconfig.certpass); } catch (ex) { console.log(ex); }
|
||||||
|
if ((r == null) || (r.certs == null) || (r.keys == null) || (r.certs.length < 2) || (r.keys.length == 0)) { badAcmConfigs.push(j); continue; }
|
||||||
|
delete acmconfig.cert;
|
||||||
|
delete acmconfig.certpass;
|
||||||
|
acmconfig.certs = r.certs;
|
||||||
|
acmconfig.keys = r.keys;
|
||||||
|
for (var k in acmconfig.dnsmatch) { if (dnsmatch.indexOf(acmconfig.dnsmatch[k]) == -1) { dnsmatch.push(acmconfig.dnsmatch[k]); } }
|
||||||
|
amtAcmCertCount++;
|
||||||
|
}
|
||||||
|
// Remove all bad configurations
|
||||||
|
for (var j in badAcmConfigs) { console.log('WARNING: Incorrect Intel AMT ACM configuration "' + i + (i == '' ? '' : '/') + badAcmConfigs[j] + '".'); delete obj.config.domains[i].amtacmactivationcerts[j]; }
|
||||||
|
if (amtAcmCertCount == 0) { delete obj.config.domains[i].amtacmactivation; } else { obj.config.domains[i].amtacmactivation.dnsmatch = dnsmatch; }
|
||||||
|
}
|
||||||
|
|
||||||
if (obj.config.domains[i].certurl != null) {
|
if (obj.config.domains[i].certurl != null) {
|
||||||
// Fix the URL and add 'https://' if needed
|
// Fix the URL and add 'https://' if needed
|
||||||
if (obj.config.domains[i].certurl.indexOf('://') < 0) { obj.config.domains[i].certurl = 'https://' + obj.config.domains[i].certurl; }
|
if (obj.config.domains[i].certurl.indexOf('://') < 0) { obj.config.domains[i].certurl = 'https://' + obj.config.domains[i].certurl; }
|
||||||
|
|
|
@ -1579,12 +1579,16 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||||
// Change a mesh Intel AMT policy
|
// Change a mesh Intel AMT policy
|
||||||
if (common.validateString(command.meshid, 1, 1024) == false) break; // Check the meshid
|
if (common.validateString(command.meshid, 1, 1024) == false) break; // Check the meshid
|
||||||
if (common.validateObject(command.amtpolicy) == false) break; // Check the amtpolicy
|
if (common.validateObject(command.amtpolicy) == false) break; // Check the amtpolicy
|
||||||
if (common.validateInt(command.amtpolicy.type, 0, 2) == false) break; // Check the amtpolicy.type
|
if (common.validateInt(command.amtpolicy.type, 0, 3) == false) break; // Check the amtpolicy.type
|
||||||
if (command.amtpolicy.type === 2) {
|
if (command.amtpolicy.type === 2) {
|
||||||
if (common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
|
if (common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
|
||||||
if (common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
|
if (common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
|
||||||
if (common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
|
if (common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
|
||||||
|
} else if (command.amtpolicy.type === 3) {
|
||||||
|
if (common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
|
||||||
|
if (common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
|
||||||
}
|
}
|
||||||
|
console.log('meshamtpolicy', command);
|
||||||
mesh = parent.meshes[command.meshid];
|
mesh = parent.meshes[command.meshid];
|
||||||
change = '';
|
change = '';
|
||||||
if (mesh) {
|
if (mesh) {
|
||||||
|
@ -1598,6 +1602,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||||
change = 'Intel AMT policy change';
|
change = 'Intel AMT policy change';
|
||||||
var amtpolicy = { type: command.amtpolicy.type };
|
var amtpolicy = { type: command.amtpolicy.type };
|
||||||
if (command.amtpolicy.type === 2) { amtpolicy = { type: command.amtpolicy.type, password: command.amtpolicy.password, badpass: command.amtpolicy.badpass, cirasetup: command.amtpolicy.cirasetup }; }
|
if (command.amtpolicy.type === 2) { amtpolicy = { type: command.amtpolicy.type, password: command.amtpolicy.password, badpass: command.amtpolicy.badpass, cirasetup: command.amtpolicy.cirasetup }; }
|
||||||
|
else if (command.amtpolicy.type === 3) { amtpolicy = { type: command.amtpolicy.type, password: command.amtpolicy.password, cirasetup: command.amtpolicy.cirasetup }; }
|
||||||
mesh.amt = amtpolicy;
|
mesh.amt = amtpolicy;
|
||||||
db.Set(common.escapeLinksFieldName(mesh));
|
db.Set(common.escapeLinksFieldName(mesh));
|
||||||
var event = { etype: 'mesh', username: user.name, meshid: mesh._id, amt: amtpolicy, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id };
|
var event = { etype: 'mesh', username: user.name, meshid: mesh._id, amt: amtpolicy, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id };
|
||||||
|
|
|
@ -8758,7 +8758,10 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
||||||
x += "<div id=emailInviteDiv style=display:none>Invite someone to install the mesh agent. An email with be sent with the link to the mesh agent installation for the \"" + EscapeHtml(mesh.name) + "\" device group.<br /><br />";
|
x += "<div id=emailInviteDiv style=display:none>Invite someone to install the mesh agent. An email with be sent with the link to the mesh agent installation for the \"" + EscapeHtml(mesh.name) + "\" device group.<br /><br />";
|
||||||
x += addHtmlValue('Name (optional)', '<input id=agentInviteName value="" style=width:230px maxlength=64 />');
|
x += addHtmlValue('Name (optional)', '<input id=agentInviteName value="" style=width:230px maxlength=64 />');
|
||||||
x += addHtmlValue('Email', '<input id=agentInviteEmail style=width:230px placeholder="example@email.com" onkeyup=validateAgentInvite()></input>');
|
x += addHtmlValue('Email', '<input id=agentInviteEmail style=width:230px placeholder="example@email.com" onkeyup=validateAgentInvite()></input>');
|
||||||
x += addHtmlValue('Operating System', '<select id=agentInviteNameOs style=width:236px><option value=0>Any supported</option><option value=1>Windows only</option><option value=3>Apple MacOS only</option><option value=2>Linux only</option></select>');
|
x += addHtmlValue('Operating System', '<select id=agentInviteNameOs onchange=d2ChangedInviteType() style=width:236px><option value=4>Send installation link</option><option value=0 selected>Any supported</option><option value=1>Windows only</option><option value=3>Apple MacOS only</option><option value=2>Linux only</option></select>');
|
||||||
|
x += '<div id=d2agentexpirediv>';
|
||||||
|
x += addHtmlValue('Link Expiration', '<select id=agentInviteExpire style=width:236px><option value=1>1 hour</option><option value=8>8 hours</option><option value=24>1 day</option><option value=168>1 week</option><option value=5040>1 month</option><option value=0>Unlimited</option></select>');
|
||||||
|
x += '</div>';
|
||||||
x += addHtmlValue('Installation Type', '<select id=agentInviteType style=width:236px><option value=0>Background and interactive</option><option value=2>Background only</option><option value=1>Interactive only</option></select>');
|
x += addHtmlValue('Installation Type', '<select id=agentInviteType style=width:236px><option value=0>Background and interactive</option><option value=2>Background only</option><option value=1>Interactive only</option></select>');
|
||||||
x += addHtmlValue('Message<br />(optional)', '<textarea id=agentInviteMessage value="" style=width:230px;height:100px;resize:none maxlength=1024 /></textarea>');
|
x += addHtmlValue('Message<br />(optional)', '<textarea id=agentInviteMessage value="" style=width:230px;height:100px;resize:none maxlength=1024 /></textarea>');
|
||||||
x += '</div>';
|
x += '</div>';
|
||||||
|
@ -8767,6 +8770,7 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
||||||
x += addHtmlValue('Link Expiration', '<select id=d2inviteExpire style=width:236px onchange=d2RequestInvitationLink()><option value=1>1 hour</option><option value=8>8 hours</option><option value=24>1 day</option><option value=168>1 week</option><option value=5040>1 month</option><option value=0>Unlimited</option></select>');
|
x += addHtmlValue('Link Expiration', '<select id=d2inviteExpire style=width:236px onchange=d2RequestInvitationLink()><option value=1>1 hour</option><option value=8>8 hours</option><option value=24>1 day</option><option value=168>1 week</option><option value=5040>1 month</option><option value=0>Unlimited</option></select>');
|
||||||
x += '<div id=agentInvitationLinkDiv style="text-align:center;font-size:large;margin:16px;display:none"><a id=agentInvitationLink target="_blank" href="" style=cursor:pointer></a> <img src=images/link4.png height=10 width=10 title="Copy link to clipboard" style=cursor:pointer onclick=d2CopyInviteToClip()></div></div>';
|
x += '<div id=agentInvitationLinkDiv style="text-align:center;font-size:large;margin:16px;display:none"><a id=agentInvitationLink target="_blank" href="" style=cursor:pointer></a> <img src=images/link4.png height=10 width=10 title="Copy link to clipboard" style=cursor:pointer onclick=d2CopyInviteToClip()></div></div>';
|
||||||
setDialogMode(2, "Invite", 3, performAgentInvite, x, meshid);
|
setDialogMode(2, "Invite", 3, performAgentInvite, x, meshid);
|
||||||
|
d2ChangedInviteType();
|
||||||
validateAgentInvite();
|
validateAgentInvite();
|
||||||
d2RequestInvitationLink();
|
d2RequestInvitationLink();
|
||||||
}
|
}
|
||||||
|
@ -8777,6 +8781,7 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
||||||
|
|
||||||
function d2ChangedInviteType() {
|
function d2ChangedInviteType() {
|
||||||
QV('urlInviteDiv', Q('d2InviteType').value == 0);
|
QV('urlInviteDiv', Q('d2InviteType').value == 0);
|
||||||
|
QV('d2agentexpirediv', Q('agentInviteNameOs').value == 4);
|
||||||
if (features & 64) { QV('emailInviteDiv', Q('d2InviteType').value == 1); }
|
if (features & 64) { QV('emailInviteDiv', Q('d2InviteType').value == 1); }
|
||||||
validateAgentInvite();
|
validateAgentInvite();
|
||||||
}
|
}
|
||||||
|
@ -8795,7 +8800,7 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
||||||
|
|
||||||
function performAgentInvite(button, meshid) {
|
function performAgentInvite(button, meshid) {
|
||||||
if ((features & 64) && (Q('d2InviteType').value == 1)) {
|
if ((features & 64) && (Q('d2InviteType').value == 1)) {
|
||||||
meshserver.send({ action: 'inviteAgent', meshid: meshid, email: Q('agentInviteEmail').value, name: Q('agentInviteName').value, os: Q('agentInviteNameOs').value, flags: Q('agentInviteType').value, msg: Q('agentInviteMessage').value });
|
meshserver.send({ action: 'inviteAgent', meshid: meshid, email: Q('agentInviteEmail').value, name: Q('agentInviteName').value, os: Q('agentInviteNameOs').value, flags: Q('agentInviteType').value, msg: Q('agentInviteMessage').value, expire: parseInt(Q('agentInviteExpire').value) });
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -12299,6 +12304,9 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
||||||
else if (currentMesh.amt.type == 2) {
|
else if (currentMesh.amt.type == 2) {
|
||||||
intelAmtPolicy = 'Simple Client Control Mode (CCM)';
|
intelAmtPolicy = 'Simple Client Control Mode (CCM)';
|
||||||
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
|
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
|
||||||
|
} else if (currentMesh.amt.type == 3) {
|
||||||
|
intelAmtPolicy = 'Simple Admin Control Mode (ACM)';
|
||||||
|
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
x += addHtmlValue('Intel® AMT', addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', meshrights & 1));
|
x += addHtmlValue('Intel® AMT', addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', meshrights & 1));
|
||||||
|
@ -12368,17 +12376,18 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
||||||
|
|
||||||
function p20editMeshAmt() {
|
function p20editMeshAmt() {
|
||||||
if (xxdialogMode) return;
|
if (xxdialogMode) return;
|
||||||
var x = '';
|
var x = '', acmoption = '';
|
||||||
x += addHtmlValue('Type', '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>No Policy</option><option value=1>Deactivate Client Control Mode (CCM)</option><option value=2>Simple Client Control Mode (CCM)</option></select>');
|
if ((features & 0x100000) != 0) { acmoption = '<option value=3>Simple Admin Control Mode (ACM)</option>'; }
|
||||||
|
x += addHtmlValue('Type', '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>No Policy</option><option value=1>Deactivate Client Control Mode (CCM)</option><option value=2>Simple Client Control Mode (CCM)</option>' + acmoption + '</select>');
|
||||||
x += '<div id=dp20amtpolicydiv></div>';
|
x += '<div id=dp20amtpolicydiv></div>';
|
||||||
setDialogMode(2, "Intel® AMT Policy", 3, p20editMeshAmtEx, x);
|
setDialogMode(2, "Intel® AMT Policy", 3, p20editMeshAmtEx, x);
|
||||||
if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; }
|
if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; }
|
||||||
p20editMeshAmtChange();
|
p20editMeshAmtChange();
|
||||||
|
|
||||||
// Set the current Intel AMT policy
|
// Set the current Intel AMT policy
|
||||||
if (currentMesh.amt && currentMesh.amt.type == 2) {
|
if (currentMesh.amt && (currentMesh.amt.type == 2) || (currentMesh.amt.type == 3)) {
|
||||||
Q('dp20amtpolicypass').value = currentMesh.amt.password;
|
Q('dp20amtpolicypass').value = currentMesh.amt.password;
|
||||||
Q('dp20amtbadpass').value = currentMesh.amt.badpass;
|
if (currentMesh.amt.type == 2) { Q('dp20amtbadpass').value = currentMesh.amt.badpass; }
|
||||||
if ((features & 0x400) == 0) { Q('dp20amtcira').value = currentMesh.amt.cirasetup; }
|
if ((features & 0x400) == 0) { Q('dp20amtcira').value = currentMesh.amt.cirasetup; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -12387,13 +12396,23 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
||||||
|
|
||||||
function p20editMeshAmtChange() {
|
function p20editMeshAmtChange() {
|
||||||
var ptype = Q('dp20amtpolicy').value, x = '';
|
var ptype = Q('dp20amtpolicy').value, x = '';
|
||||||
if (ptype == 2) {
|
if (ptype >= 2) {
|
||||||
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||||
x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>");
|
if (ptype == 2) { x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>"); }
|
||||||
if ((features & 0x400) == 0) { x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=1>Don't connect to server</option><option value=2>Connect to server</option></select>"); }
|
if ((features & 0x400) == 0) {
|
||||||
|
if (ptype == 2) {
|
||||||
|
x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=1>Don't connect to server</option><option value=2>Connect to server</option></select>");
|
||||||
|
} else {
|
||||||
|
x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=2>Connect to server</option></select>");
|
||||||
|
}
|
||||||
|
}
|
||||||
x += '<br/><span style="font-size:10px">* Recommanded, leave blank to assign a random password to each device.</span><br/>';
|
x += '<br/><span style="font-size:10px">* Recommanded, leave blank to assign a random password to each device.</span><br/>';
|
||||||
|
if (ptype == 2) {
|
||||||
x += '<span style="font-size:10px">This policy will not impact devices with Intel® AMT in ACM mode.</span><br/>';
|
x += '<span style="font-size:10px">This policy will not impact devices with Intel® AMT in ACM mode.</span><br/>';
|
||||||
x += '<span style="font-size:10px">This is not a secure policy as agents will be performing activation.</span>';
|
x += '<span style="font-size:10px">This is not a secure policy as agents will be performing activation.</span>';
|
||||||
|
} else {
|
||||||
|
x += '<span style="font-size:10px">During activation, the agent will have access to admin password infomation.</span>';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
QH('dp20amtpolicydiv', x);
|
QH('dp20amtpolicydiv', x);
|
||||||
}
|
}
|
||||||
|
@ -12409,6 +12428,9 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
||||||
if (ptype == 2) {
|
if (ptype == 2) {
|
||||||
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
|
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
|
||||||
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
|
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
|
||||||
|
} else if (ptype == 3) {
|
||||||
|
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value };
|
||||||
|
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
|
||||||
}
|
}
|
||||||
meshserver.send({ action: 'meshamtpolicy', meshid: currentMesh._id, amtpolicy: amtpolicy });
|
meshserver.send({ action: 'meshamtpolicy', meshid: currentMesh._id, amtpolicy: amtpolicy });
|
||||||
}
|
}
|
||||||
|
|
|
@ -6256,6 +6256,9 @@
|
||||||
else if (currentMesh.amt.type == 2) {
|
else if (currentMesh.amt.type == 2) {
|
||||||
intelAmtPolicy = 'Simple Client Control Mode (CCM)';
|
intelAmtPolicy = 'Simple Client Control Mode (CCM)';
|
||||||
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
|
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
|
||||||
|
} else if (currentMesh.amt.type == 3) {
|
||||||
|
intelAmtPolicy = 'Simple Admin Control Mode (ACM)';
|
||||||
|
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
x += addHtmlValue('Intel® AMT', addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', meshrights & 1));
|
x += addHtmlValue('Intel® AMT', addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', meshrights & 1));
|
||||||
|
@ -6325,17 +6328,18 @@
|
||||||
|
|
||||||
function p20editMeshAmt() {
|
function p20editMeshAmt() {
|
||||||
if (xxdialogMode) return;
|
if (xxdialogMode) return;
|
||||||
var x = '';
|
var x = '', acmoption = '';
|
||||||
x += addHtmlValue('Type', '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>No Policy</option><option value=1>Deactivate Client Control Mode (CCM)</option><option value=2>Simple Client Control Mode (CCM)</option></select>');
|
if ((features & 0x100000) != 0) { acmoption = '<option value=3>Simple Admin Control Mode (ACM)</option>'; }
|
||||||
|
x += addHtmlValue('Type', '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>No Policy</option><option value=1>Deactivate Client Control Mode (CCM)</option><option value=2>Simple Client Control Mode (CCM)</option>' + acmoption + '</select>');
|
||||||
x += '<div id=dp20amtpolicydiv></div>';
|
x += '<div id=dp20amtpolicydiv></div>';
|
||||||
setDialogMode(2, "Intel® AMT Policy", 3, p20editMeshAmtEx, x);
|
setDialogMode(2, "Intel® AMT Policy", 3, p20editMeshAmtEx, x);
|
||||||
if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; }
|
if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; }
|
||||||
p20editMeshAmtChange();
|
p20editMeshAmtChange();
|
||||||
|
|
||||||
// Set the current Intel AMT policy
|
// Set the current Intel AMT policy
|
||||||
if (currentMesh.amt && currentMesh.amt.type == 2) {
|
if (currentMesh.amt && (currentMesh.amt.type == 2) || (currentMesh.amt.type == 3)) {
|
||||||
Q('dp20amtpolicypass').value = currentMesh.amt.password;
|
Q('dp20amtpolicypass').value = currentMesh.amt.password;
|
||||||
Q('dp20amtbadpass').value = currentMesh.amt.badpass;
|
if (currentMesh.amt.type == 2) { Q('dp20amtbadpass').value = currentMesh.amt.badpass; }
|
||||||
if ((features & 0x400) == 0) { Q('dp20amtcira').value = currentMesh.amt.cirasetup; }
|
if ((features & 0x400) == 0) { Q('dp20amtcira').value = currentMesh.amt.cirasetup; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -6344,13 +6348,23 @@
|
||||||
|
|
||||||
function p20editMeshAmtChange() {
|
function p20editMeshAmtChange() {
|
||||||
var ptype = Q('dp20amtpolicy').value, x = '';
|
var ptype = Q('dp20amtpolicy').value, x = '';
|
||||||
if (ptype == 2) {
|
if (ptype >= 2) {
|
||||||
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||||
x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>");
|
if (ptype == 2) { x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>"); }
|
||||||
if ((features & 0x400) == 0) { x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=1>Don't connect to server</option><option value=2>Connect to server</option></select>"); }
|
if ((features & 0x400) == 0) {
|
||||||
|
if (ptype == 2) {
|
||||||
|
x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=1>Don't connect to server</option><option value=2>Connect to server</option></select>");
|
||||||
|
} else {
|
||||||
|
x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=2>Connect to server</option></select>");
|
||||||
|
}
|
||||||
|
}
|
||||||
x += '<br/><span style="font-size:10px">* Recommanded, leave blank to assign a random password to each device.</span><br/>';
|
x += '<br/><span style="font-size:10px">* Recommanded, leave blank to assign a random password to each device.</span><br/>';
|
||||||
|
if (ptype == 2) {
|
||||||
x += '<span style="font-size:10px">This policy will not impact devices with Intel® AMT in ACM mode.</span><br/>';
|
x += '<span style="font-size:10px">This policy will not impact devices with Intel® AMT in ACM mode.</span><br/>';
|
||||||
x += '<span style="font-size:10px">This is not a secure policy as agents will be performing activation.</span>';
|
x += '<span style="font-size:10px">This is not a secure policy as agents will be performing activation.</span>';
|
||||||
|
} else {
|
||||||
|
x += '<span style="font-size:10px">During activation, the agent will have access to admin password infomation.</span>';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
QH('dp20amtpolicydiv', x);
|
QH('dp20amtpolicydiv', x);
|
||||||
}
|
}
|
||||||
|
@ -6366,6 +6380,9 @@
|
||||||
if (ptype == 2) {
|
if (ptype == 2) {
|
||||||
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
|
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
|
||||||
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
|
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
|
||||||
|
} else if (ptype == 3) {
|
||||||
|
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value };
|
||||||
|
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
|
||||||
}
|
}
|
||||||
meshserver.send({ action: 'meshamtpolicy', meshid: currentMesh._id, amtpolicy: amtpolicy });
|
meshserver.send({ action: 'meshamtpolicy', meshid: currentMesh._id, amtpolicy: amtpolicy });
|
||||||
}
|
}
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1353,6 +1353,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||||
if (parent.config.settings.no2factorauth !== true) { features += 0x00020000; } // Enable WebAuthn/FIDO2 support
|
if (parent.config.settings.no2factorauth !== true) { features += 0x00020000; } // Enable WebAuthn/FIDO2 support
|
||||||
if ((obj.args.nousers != true) && (domain.passwordrequirements != null) && (domain.passwordrequirements.force2factor === true)) { features += 0x00040000; } // Force 2-factor auth
|
if ((obj.args.nousers != true) && (domain.passwordrequirements != null) && (domain.passwordrequirements.force2factor === true)) { features += 0x00040000; } // Force 2-factor auth
|
||||||
if ((domain.auth == 'sspi') || (domain.auth == 'ldap')) { features += 0x00080000; } // LDAP or SSPI in use, warn that users must login first before adding a user to a group.
|
if ((domain.auth == 'sspi') || (domain.auth == 'ldap')) { features += 0x00080000; } // LDAP or SSPI in use, warn that users must login first before adding a user to a group.
|
||||||
|
if (domain.amtacmactivation) { features += 0x00100000; } // Intel AMT ACM activation/upgrade is possible
|
||||||
|
|
||||||
// Create a authentication cookie
|
// Create a authentication cookie
|
||||||
const authCookie = obj.parent.encodeCookie({ userid: user._id, domainid: domain.id }, obj.parent.loginCookieEncryptionKey);
|
const authCookie = obj.parent.encodeCookie({ userid: user._id, domainid: domain.id }, obj.parent.loginCookieEncryptionKey);
|
||||||
|
|
Loading…
Reference in New Issue