mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-26 23:25:53 -05:00
More Intel AMT ACM improvements.
This commit is contained in:
parent
e45a919c6e
commit
56637d4d58
@ -754,7 +754,7 @@ function createMeshCore(agent)
|
|||||||
// Store the latest Intel AMT policy
|
// Store the latest Intel AMT policy
|
||||||
amtPolicy = data.amtPolicy;
|
amtPolicy = data.amtPolicy;
|
||||||
if (data.amtPolicy != null) { db.Put('amtPolicy', JSON.stringify(data.amtPolicy)); } else { db.Put('amtPolicy', null); }
|
if (data.amtPolicy != null) { db.Put('amtPolicy', JSON.stringify(data.amtPolicy)); } else { db.Put('amtPolicy', null); }
|
||||||
if (amt != null) { amt.setPolicy(amtPolicy); }
|
if (amt != null) { amt.setPolicy(amtPolicy, true); }
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case 'getScript': {
|
case 'getScript': {
|
||||||
@ -1533,7 +1533,7 @@ function createMeshCore(agent)
|
|||||||
var response = null;
|
var response = null;
|
||||||
switch (cmd) {
|
switch (cmd) {
|
||||||
case 'help': { // Displays available commands
|
case 'help': { // Displays available commands
|
||||||
response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtacm, amtdeactivate,\r\namtpolicy, getscript, getclip, setclip.';
|
response = 'Available commands: help, info, osinfo, args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtacm,\r\namtdeactivate, amtpolicy, getscript, getclip, setclip.';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
|
4
agents/meshcore.min.js
vendored
4
agents/meshcore.min.js
vendored
@ -754,7 +754,7 @@ function createMeshCore(agent)
|
|||||||
// Store the latest Intel AMT policy
|
// Store the latest Intel AMT policy
|
||||||
amtPolicy = data.amtPolicy;
|
amtPolicy = data.amtPolicy;
|
||||||
if (data.amtPolicy != null) { db.Put('amtPolicy', JSON.stringify(data.amtPolicy)); } else { db.Put('amtPolicy', null); }
|
if (data.amtPolicy != null) { db.Put('amtPolicy', JSON.stringify(data.amtPolicy)); } else { db.Put('amtPolicy', null); }
|
||||||
if (amt != null) { amt.setPolicy(amtPolicy); }
|
if (amt != null) { amt.setPolicy(amtPolicy, true); }
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case 'getScript': {
|
case 'getScript': {
|
||||||
@ -1533,7 +1533,7 @@ function createMeshCore(agent)
|
|||||||
var response = null;
|
var response = null;
|
||||||
switch (cmd) {
|
switch (cmd) {
|
||||||
case 'help': { // Displays available commands
|
case 'help': { // Displays available commands
|
||||||
response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtacm, amtdeactivate,\r\namtpolicy, getscript, getclip, setclip.';
|
response = 'Available commands: help, info, osinfo, args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtacm,\r\namtdeactivate, amtpolicy, getscript, getclip, setclip.';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
|
@ -42,10 +42,10 @@ function AmtManager(agent, db, isdebug) {
|
|||||||
obj.setDebug = function (x) { isdebug = x; }
|
obj.setDebug = function (x) { isdebug = x; }
|
||||||
|
|
||||||
// Set current Intel AMT activation policy
|
// Set current Intel AMT activation policy
|
||||||
obj.setPolicy = function (policy) {
|
obj.setPolicy = function (policy, forceApply) {
|
||||||
if (JSON.stringify(amtpolicy) != JSON.stringify(policy)) {
|
if (forceApply || (JSON.stringify(amtpolicy) != JSON.stringify(policy))) {
|
||||||
amtpolicy = policy;
|
amtpolicy = policy;
|
||||||
if (applyPolicyTimer == null) { obj.applyPolicy(); }
|
if (applyPolicyTimer == null) { applyPolicyTimer = setTimeout(obj.applyPolicy, 8000); }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -58,7 +58,7 @@ function AmtManager(agent, db, isdebug) {
|
|||||||
try {
|
try {
|
||||||
var amtMeiLib = require('amt-mei');
|
var amtMeiLib = require('amt-mei');
|
||||||
amtMei = new amtMeiLib();
|
amtMei = new amtMeiLib();
|
||||||
amtMei.on('error', function (e) { debug('MEI error'); amtMei = null; amtMeiState = -1; obj.state = -1; obj.onStateChange(amtMeiState); });
|
amtMei.on('error', function (e) { debug('MEI error'); amtMei = null; amtMeiState = -1; obj.state = -1; if (obj.onStateChange != null) { obj.onStateChange(amtMeiState); } });
|
||||||
amtMei.getVersion(function (result) {
|
amtMei.getVersion(function (result) {
|
||||||
if (result == null) {
|
if (result == null) {
|
||||||
amtMeiState = -1;
|
amtMeiState = -1;
|
||||||
@ -455,11 +455,8 @@ function AmtManager(agent, db, isdebug) {
|
|||||||
//
|
//
|
||||||
|
|
||||||
obj.activeToACM = function (mestate) {
|
obj.activeToACM = function (mestate) {
|
||||||
//debug('TrustedHashes: ' + JSON.stringify(trustedHashes));
|
|
||||||
//debug('ProvisioningState: ' + JSON.stringify(mestate.ProvisioningState));
|
|
||||||
if ((mestate.ProvisioningState != 0) || (amtpolicy == null) || (amtpolicy.match == null)) return; // Can't activate unless in "PRE" activation mode & policy is present.
|
if ((mestate.ProvisioningState != 0) || (amtpolicy == null) || (amtpolicy.match == null)) return; // Can't activate unless in "PRE" activation mode & policy is present.
|
||||||
var trustedFqdn = null;
|
var trustedFqdn = null;
|
||||||
//debug('Wired Interface: ' + JSON.stringify(mestate.net0));
|
|
||||||
if ((mestate.net0 == null) && (mestate.net0.enabled != 0)) return; // Can't activate unless wired interface is active
|
if ((mestate.net0 == null) && (mestate.net0.enabled != 0)) return; // Can't activate unless wired interface is active
|
||||||
if (mestate.DNS) { trustedFqdn = mestate.DNS; } // If Intel AMT has a trusted DNS suffix set, use that one.
|
if (mestate.DNS) { trustedFqdn = mestate.DNS; } // If Intel AMT has a trusted DNS suffix set, use that one.
|
||||||
else {
|
else {
|
||||||
@ -471,41 +468,31 @@ function AmtManager(agent, db, isdebug) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//debug('TrustedFqdn: ' + trustedFqdn);
|
|
||||||
if (trustedFqdn == null) return; // No trusted DNS suffix.
|
if (trustedFqdn == null) return; // No trusted DNS suffix.
|
||||||
|
|
||||||
// Check if we have a ACM policy match
|
// Check if we have a ACM policy match
|
||||||
var hashMatch = null;
|
var hashMatch = null;
|
||||||
for (var i in amtpolicy.match) { var m = amtpolicy.match[i]; if (m.cn == trustedFqdn) { for (var j in trustedHashes) { if ((trustedHashes[j] == m.sha256) || (trustedHashes[j] == m.sha1)) { hashMatch = trustedHashes[j]; } } } }
|
for (var i in amtpolicy.match) { var m = amtpolicy.match[i]; if (m.cn == trustedFqdn) { for (var j in trustedHashes) { if ((trustedHashes[j] == m.sha256) || (trustedHashes[j] == m.sha1)) { hashMatch = trustedHashes[j]; } } } }
|
||||||
if (hashMatch == null) return; // No certificate / FQDN match
|
if (hashMatch == null) return; // No certificate / FQDN match
|
||||||
//debug('Policy: ' + JSON.stringify(amtpolicy));
|
|
||||||
//debug('HashMatch: ' + hashMatch);
|
|
||||||
|
|
||||||
// Fetch Intel AMT realm and activation nonce and get ready to ACM activation...
|
// Fetch Intel AMT realm and activation nonce and get ready to ACM activation...
|
||||||
if (osamtstack != null) {
|
if (osamtstack != null) {
|
||||||
//debug('Trying to get Intel AMT activation information (1)...');
|
|
||||||
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToACM2, { fqdn: trustedFqdn, hash: hashMatch, uuid: mestate.UUID });
|
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToACM2, { fqdn: trustedFqdn, hash: hashMatch, uuid: mestate.UUID });
|
||||||
} else {
|
} else {
|
||||||
//debug('ACM Activation: Trying to get local account info...');
|
|
||||||
amtMei.getLocalSystemAccount(function (x) {
|
amtMei.getLocalSystemAccount(function (x) {
|
||||||
if ((x != null) && x.user && x.pass) {
|
if ((x != null) && x.user && x.pass) {
|
||||||
//debug('Intel AMT local account info: User=' + x.user + ', Pass=' + x.pass + '.');
|
|
||||||
var transport = require('amt-wsman-duk');
|
var transport = require('amt-wsman-duk');
|
||||||
var wsman = require('amt-wsman');
|
var wsman = require('amt-wsman');
|
||||||
var amt = require('amt');
|
var amt = require('amt');
|
||||||
oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
|
oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
|
||||||
osamtstack = new amt(oswsstack);
|
osamtstack = new amt(oswsstack);
|
||||||
//debug('Trying to get Intel AMT activation information (2)...');
|
|
||||||
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToACM2, { fqdn: trustedFqdn, hash: hashMatch, uuid: mestate.UUID });
|
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToACM2, { fqdn: trustedFqdn, hash: hashMatch, uuid: mestate.UUID });
|
||||||
} else {
|
|
||||||
//debug('Unable to get $$OsAdmin password.');
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function activeToACM2(stack, name, responses, status, tag) {
|
function activeToACM2(stack, name, responses, status, tag) {
|
||||||
//debug('activeToACM2 status=' + status);
|
|
||||||
if (status != 200) return;
|
if (status != 200) return;
|
||||||
var fwNonce = responses['IPS_HostBasedSetupService'].response['ConfigurationNonce'];
|
var fwNonce = responses['IPS_HostBasedSetupService'].response['ConfigurationNonce'];
|
||||||
var digestRealm = responses['AMT_GeneralSettings'].response['DigestRealm'];
|
var digestRealm = responses['AMT_GeneralSettings'].response['DigestRealm'];
|
||||||
@ -513,29 +500,24 @@ function AmtManager(agent, db, isdebug) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Called when the server responds with a ACM activation signature.
|
// Called when the server responds with a ACM activation signature.
|
||||||
obj.setAcmResponse = function (acmdata) {
|
obj.setAcmResponse = function (acmdata) { acmdata.index = 0; performAcmActivation(acmdata); }
|
||||||
//debug('setAcmResponse=' + JSON.stringify(acmdata));
|
|
||||||
acmdata.index = 0;
|
|
||||||
performAcmActivation(acmdata);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Recursive function to inject the provisioning certificates into AMT in the proper order and completes ACM activation
|
// Recursive function to inject the provisioning certificates into AMT in the proper order and completes ACM activation
|
||||||
function performAcmActivation(acmdata) {
|
function performAcmActivation(acmdata) {
|
||||||
//debug('performAcmActivation(' + JSON.stringify(acmdata) + ')');
|
|
||||||
var leaf = (acmdata.index == 0), root = (acmdata.index == (acmdata.certs.length - 1));
|
var leaf = (acmdata.index == 0), root = (acmdata.index == (acmdata.certs.length - 1));
|
||||||
if ((acmdata.index < acmdata.certs.length) && (acmdata.certs[acmdata.index] != null)) {
|
if ((acmdata.index < acmdata.certs.length) && (acmdata.certs[acmdata.index] != null)) {
|
||||||
//debug('Calling AddNextCertInChain(' + acmdata.index + ', ' + acmdata.certs[acmdata.index] + ')');
|
|
||||||
osamtstack.IPS_HostBasedSetupService_AddNextCertInChain(acmdata.certs[acmdata.index], leaf, root, function (stack, name, responses, status) {
|
osamtstack.IPS_HostBasedSetupService_AddNextCertInChain(acmdata.certs[acmdata.index], leaf, root, function (stack, name, responses, status) {
|
||||||
if (status !== 200) { debug('AddNextCertInChain status=' + status); return; }
|
if (status !== 200) { debug('AddNextCertInChain status=' + status); return; }
|
||||||
else if (responses['Body']['ReturnValue'] !== 0) { debug('AddNextCertInChain error=' + responses['Body']['ReturnValue']); return; }
|
else if (responses['Body']['ReturnValue'] !== 0) { debug('AddNextCertInChain error=' + responses['Body']['ReturnValue']); return; }
|
||||||
else { acmdata.index++; performAcmActivation(acmdata); }
|
else { acmdata.index++; performAcmActivation(acmdata); }
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
debug('Calling AdminSetup() ' + JSON.stringify(acmdata));
|
|
||||||
osamtstack.IPS_HostBasedSetupService_AdminSetup(2, acmdata.password, acmdata.nonce, 2, acmdata.signature,
|
osamtstack.IPS_HostBasedSetupService_AdminSetup(2, acmdata.password, acmdata.nonce, 2, acmdata.signature,
|
||||||
function (stack, name, responses, status) {
|
function (stack, name, responses, status) {
|
||||||
debug('AdminSetup Status: ' + status);
|
if ((status == 200) && (responses['Body']['ReturnValue'] == 0)) {
|
||||||
if (status == 200) { debug('AdminSetup ReturnValue: ' + responses['Body']['ReturnValue']); }
|
// ACM activation success, force an update to the server so it can get our new state.
|
||||||
|
if (obj.onStateChange != null) { obj.onStateChange(2); }
|
||||||
|
}
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -628,7 +610,7 @@ function AmtManager(agent, db, isdebug) {
|
|||||||
var wsmanQuery = ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService', '*AMT_RedirectionService', '*CIM_KVMRedirectionSAP', 'AMT_PublicKeyCertificate', '*AMT_EnvironmentDetectionSettingData'];
|
var wsmanQuery = ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService', '*AMT_RedirectionService', '*CIM_KVMRedirectionSAP', 'AMT_PublicKeyCertificate', '*AMT_EnvironmentDetectionSettingData'];
|
||||||
if (amtpolicy.cirasetup == 2) { wsmanQuery.push("AMT_ManagementPresenceRemoteSAP", "AMT_RemoteAccessCredentialContext", "AMT_RemoteAccessPolicyAppliesToMPS", "AMT_RemoteAccessPolicyRule", "*AMT_UserInitiatedConnectionService", "AMT_MPSUsernamePassword"); }
|
if (amtpolicy.cirasetup == 2) { wsmanQuery.push("AMT_ManagementPresenceRemoteSAP", "AMT_RemoteAccessCredentialContext", "AMT_RemoteAccessPolicyAppliesToMPS", "AMT_RemoteAccessPolicyRule", "*AMT_UserInitiatedConnectionService", "AMT_MPSUsernamePassword"); }
|
||||||
try { amtstack.BatchEnum(null, wsmanQuery, wsmanPassTestResponse); } catch (ex) { debug(ex); }
|
try { amtstack.BatchEnum(null, wsmanQuery, wsmanPassTestResponse); } catch (ex) { debug(ex); }
|
||||||
} else if ((amtpolicy.type == 3) && (meinfo.ProvisioningState == 0)) {
|
} else if ((amtpolicy.type == 3) && (meinfo.ProvisioningState == 0) && (agent.isControlChannelConnected)) {
|
||||||
// ACM Activation Policy
|
// ACM Activation Policy
|
||||||
obj.getTrustedHashes(obj.activeToACM, meinfo);
|
obj.getTrustedHashes(obj.activeToACM, meinfo);
|
||||||
} else {
|
} else {
|
||||||
|
File diff suppressed because one or more lines are too long
@ -12417,7 +12417,8 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
|||||||
function p20editMeshAmtChange() {
|
function p20editMeshAmtChange() {
|
||||||
var ptype = Q('dp20amtpolicy').value, x = '';
|
var ptype = Q('dp20amtpolicy').value, x = '';
|
||||||
if (ptype >= 2) {
|
if (ptype >= 2) {
|
||||||
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||||
|
x += addHtmlValue('Password*', '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||||
if (ptype == 2) { x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>"); }
|
if (ptype == 2) { x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>"); }
|
||||||
if ((features & 0x400) == 0) {
|
if ((features & 0x400) == 0) {
|
||||||
if (ptype == 2) {
|
if (ptype == 2) {
|
||||||
@ -12439,7 +12440,10 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
|||||||
|
|
||||||
function dp20amtValidatePolicy() {
|
function dp20amtValidatePolicy() {
|
||||||
var ok = true, ptype = Q('dp20amtpolicy').value;
|
var ok = true, ptype = Q('dp20amtpolicy').value;
|
||||||
if (ptype == 2) { var pass = Q('dp20amtpolicypass').value; ok = (pass == '') ? true : passwordcheck(pass); }
|
if ((ptype == 2) || (ptype == 3)) {
|
||||||
|
var pass = Q('dp20amtpolicypass').value, pass2 = Q('dp20amtpolicypass2').value;
|
||||||
|
ok = ((pass === pass2) && ((pass === '') ? true : passwordcheck(pass)));
|
||||||
|
}
|
||||||
QE('idx_dlgOkButton', ok);
|
QE('idx_dlgOkButton', ok);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -6362,7 +6362,8 @@
|
|||||||
function p20editMeshAmtChange() {
|
function p20editMeshAmtChange() {
|
||||||
var ptype = Q('dp20amtpolicy').value, x = '';
|
var ptype = Q('dp20amtpolicy').value, x = '';
|
||||||
if (ptype >= 2) {
|
if (ptype >= 2) {
|
||||||
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||||
|
x += addHtmlValue('Password*', '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||||
if (ptype == 2) { x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>"); }
|
if (ptype == 2) { x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>"); }
|
||||||
if ((features & 0x400) == 0) {
|
if ((features & 0x400) == 0) {
|
||||||
if (ptype == 2) {
|
if (ptype == 2) {
|
||||||
@ -6384,7 +6385,10 @@
|
|||||||
|
|
||||||
function dp20amtValidatePolicy() {
|
function dp20amtValidatePolicy() {
|
||||||
var ok = true, ptype = Q('dp20amtpolicy').value;
|
var ok = true, ptype = Q('dp20amtpolicy').value;
|
||||||
if (ptype == 2) { var pass = Q('dp20amtpolicypass').value; ok = (pass == '') ? true : passwordcheck(pass); }
|
if ((ptype == 2) || (ptype == 3)) {
|
||||||
|
var pass = Q('dp20amtpolicypass').value, pass2 = Q('dp20amtpolicypass2').value;
|
||||||
|
ok = ((pass === pass2) && ((pass === '') ? true : passwordcheck(pass)));
|
||||||
|
}
|
||||||
QE('idx_dlgOkButton', ok);
|
QE('idx_dlgOkButton', ok);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user