mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-26 07:05:52 -05:00
More Intel AMT ACM improvements.
This commit is contained in:
parent
e45a919c6e
commit
56637d4d58
@ -754,7 +754,7 @@ function createMeshCore(agent)
|
||||
// Store the latest Intel AMT policy
|
||||
amtPolicy = data.amtPolicy;
|
||||
if (data.amtPolicy != null) { db.Put('amtPolicy', JSON.stringify(data.amtPolicy)); } else { db.Put('amtPolicy', null); }
|
||||
if (amt != null) { amt.setPolicy(amtPolicy); }
|
||||
if (amt != null) { amt.setPolicy(amtPolicy, true); }
|
||||
break;
|
||||
}
|
||||
case 'getScript': {
|
||||
@ -1533,7 +1533,7 @@ function createMeshCore(agent)
|
||||
var response = null;
|
||||
switch (cmd) {
|
||||
case 'help': { // Displays available commands
|
||||
response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtacm, amtdeactivate,\r\namtpolicy, getscript, getclip, setclip.';
|
||||
response = 'Available commands: help, info, osinfo, args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtacm,\r\namtdeactivate, amtpolicy, getscript, getclip, setclip.';
|
||||
break;
|
||||
}
|
||||
/*
|
||||
@ -2067,7 +2067,7 @@ function createMeshCore(agent)
|
||||
if (typeof text == 'object') { text = JSON.stringify(text); }
|
||||
mesh.SendCommand({ "action": "msg", "type": "console", "value": text, "sessionid": sessionid });
|
||||
}
|
||||
|
||||
|
||||
// Called before the process exits
|
||||
//process.exit = function (code) { console.log("Exit with code: " + code.toString()); }
|
||||
|
||||
|
6
agents/meshcore.min.js
vendored
6
agents/meshcore.min.js
vendored
@ -754,7 +754,7 @@ function createMeshCore(agent)
|
||||
// Store the latest Intel AMT policy
|
||||
amtPolicy = data.amtPolicy;
|
||||
if (data.amtPolicy != null) { db.Put('amtPolicy', JSON.stringify(data.amtPolicy)); } else { db.Put('amtPolicy', null); }
|
||||
if (amt != null) { amt.setPolicy(amtPolicy); }
|
||||
if (amt != null) { amt.setPolicy(amtPolicy, true); }
|
||||
break;
|
||||
}
|
||||
case 'getScript': {
|
||||
@ -1533,7 +1533,7 @@ function createMeshCore(agent)
|
||||
var response = null;
|
||||
switch (cmd) {
|
||||
case 'help': { // Displays available commands
|
||||
response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtacm, amtdeactivate,\r\namtpolicy, getscript, getclip, setclip.';
|
||||
response = 'Available commands: help, info, osinfo, args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtacm,\r\namtdeactivate, amtpolicy, getscript, getclip, setclip.';
|
||||
break;
|
||||
}
|
||||
/*
|
||||
@ -2067,7 +2067,7 @@ function createMeshCore(agent)
|
||||
if (typeof text == 'object') { text = JSON.stringify(text); }
|
||||
mesh.SendCommand({ "action": "msg", "type": "console", "value": text, "sessionid": sessionid });
|
||||
}
|
||||
|
||||
|
||||
// Called before the process exits
|
||||
//process.exit = function (code) { console.log("Exit with code: " + code.toString()); }
|
||||
|
||||
|
@ -42,10 +42,10 @@ function AmtManager(agent, db, isdebug) {
|
||||
obj.setDebug = function (x) { isdebug = x; }
|
||||
|
||||
// Set current Intel AMT activation policy
|
||||
obj.setPolicy = function (policy) {
|
||||
if (JSON.stringify(amtpolicy) != JSON.stringify(policy)) {
|
||||
obj.setPolicy = function (policy, forceApply) {
|
||||
if (forceApply || (JSON.stringify(amtpolicy) != JSON.stringify(policy))) {
|
||||
amtpolicy = policy;
|
||||
if (applyPolicyTimer == null) { obj.applyPolicy(); }
|
||||
if (applyPolicyTimer == null) { applyPolicyTimer = setTimeout(obj.applyPolicy, 8000); }
|
||||
}
|
||||
}
|
||||
|
||||
@ -58,7 +58,7 @@ function AmtManager(agent, db, isdebug) {
|
||||
try {
|
||||
var amtMeiLib = require('amt-mei');
|
||||
amtMei = new amtMeiLib();
|
||||
amtMei.on('error', function (e) { debug('MEI error'); amtMei = null; amtMeiState = -1; obj.state = -1; obj.onStateChange(amtMeiState); });
|
||||
amtMei.on('error', function (e) { debug('MEI error'); amtMei = null; amtMeiState = -1; obj.state = -1; if (obj.onStateChange != null) { obj.onStateChange(amtMeiState); } });
|
||||
amtMei.getVersion(function (result) {
|
||||
if (result == null) {
|
||||
amtMeiState = -1;
|
||||
@ -455,11 +455,8 @@ function AmtManager(agent, db, isdebug) {
|
||||
//
|
||||
|
||||
obj.activeToACM = function (mestate) {
|
||||
//debug('TrustedHashes: ' + JSON.stringify(trustedHashes));
|
||||
//debug('ProvisioningState: ' + JSON.stringify(mestate.ProvisioningState));
|
||||
if ((mestate.ProvisioningState != 0) || (amtpolicy == null) || (amtpolicy.match == null)) return; // Can't activate unless in "PRE" activation mode & policy is present.
|
||||
var trustedFqdn = null;
|
||||
//debug('Wired Interface: ' + JSON.stringify(mestate.net0));
|
||||
if ((mestate.net0 == null) && (mestate.net0.enabled != 0)) return; // Can't activate unless wired interface is active
|
||||
if (mestate.DNS) { trustedFqdn = mestate.DNS; } // If Intel AMT has a trusted DNS suffix set, use that one.
|
||||
else {
|
||||
@ -471,41 +468,31 @@ function AmtManager(agent, db, isdebug) {
|
||||
}
|
||||
}
|
||||
}
|
||||
//debug('TrustedFqdn: ' + trustedFqdn);
|
||||
if (trustedFqdn == null) return; // No trusted DNS suffix.
|
||||
|
||||
// Check if we have a ACM policy match
|
||||
var hashMatch = null;
|
||||
for (var i in amtpolicy.match) { var m = amtpolicy.match[i]; if (m.cn == trustedFqdn) { for (var j in trustedHashes) { if ((trustedHashes[j] == m.sha256) || (trustedHashes[j] == m.sha1)) { hashMatch = trustedHashes[j]; } } } }
|
||||
if (hashMatch == null) return; // No certificate / FQDN match
|
||||
//debug('Policy: ' + JSON.stringify(amtpolicy));
|
||||
//debug('HashMatch: ' + hashMatch);
|
||||
|
||||
// Fetch Intel AMT realm and activation nonce and get ready to ACM activation...
|
||||
if (osamtstack != null) {
|
||||
//debug('Trying to get Intel AMT activation information (1)...');
|
||||
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToACM2, { fqdn: trustedFqdn, hash: hashMatch, uuid: mestate.UUID });
|
||||
} else {
|
||||
//debug('ACM Activation: Trying to get local account info...');
|
||||
amtMei.getLocalSystemAccount(function (x) {
|
||||
if ((x != null) && x.user && x.pass) {
|
||||
//debug('Intel AMT local account info: User=' + x.user + ', Pass=' + x.pass + '.');
|
||||
var transport = require('amt-wsman-duk');
|
||||
var wsman = require('amt-wsman');
|
||||
var amt = require('amt');
|
||||
oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
|
||||
osamtstack = new amt(oswsstack);
|
||||
//debug('Trying to get Intel AMT activation information (2)...');
|
||||
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToACM2, { fqdn: trustedFqdn, hash: hashMatch, uuid: mestate.UUID });
|
||||
} else {
|
||||
//debug('Unable to get $$OsAdmin password.');
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
function activeToACM2(stack, name, responses, status, tag) {
|
||||
//debug('activeToACM2 status=' + status);
|
||||
if (status != 200) return;
|
||||
var fwNonce = responses['IPS_HostBasedSetupService'].response['ConfigurationNonce'];
|
||||
var digestRealm = responses['AMT_GeneralSettings'].response['DigestRealm'];
|
||||
@ -513,29 +500,24 @@ function AmtManager(agent, db, isdebug) {
|
||||
}
|
||||
|
||||
// Called when the server responds with a ACM activation signature.
|
||||
obj.setAcmResponse = function (acmdata) {
|
||||
//debug('setAcmResponse=' + JSON.stringify(acmdata));
|
||||
acmdata.index = 0;
|
||||
performAcmActivation(acmdata);
|
||||
}
|
||||
obj.setAcmResponse = function (acmdata) { acmdata.index = 0; performAcmActivation(acmdata); }
|
||||
|
||||
// Recursive function to inject the provisioning certificates into AMT in the proper order and completes ACM activation
|
||||
function performAcmActivation(acmdata) {
|
||||
//debug('performAcmActivation(' + JSON.stringify(acmdata) + ')');
|
||||
var leaf = (acmdata.index == 0), root = (acmdata.index == (acmdata.certs.length - 1));
|
||||
if ((acmdata.index < acmdata.certs.length) && (acmdata.certs[acmdata.index] != null)) {
|
||||
//debug('Calling AddNextCertInChain(' + acmdata.index + ', ' + acmdata.certs[acmdata.index] + ')');
|
||||
osamtstack.IPS_HostBasedSetupService_AddNextCertInChain(acmdata.certs[acmdata.index], leaf, root, function (stack, name, responses, status) {
|
||||
if (status !== 200) { debug('AddNextCertInChain status=' + status); return; }
|
||||
else if (responses['Body']['ReturnValue'] !== 0) { debug('AddNextCertInChain error=' + responses['Body']['ReturnValue']); return; }
|
||||
else { acmdata.index++; performAcmActivation(acmdata); }
|
||||
});
|
||||
} else {
|
||||
debug('Calling AdminSetup() ' + JSON.stringify(acmdata));
|
||||
osamtstack.IPS_HostBasedSetupService_AdminSetup(2, acmdata.password, acmdata.nonce, 2, acmdata.signature,
|
||||
function (stack, name, responses, status) {
|
||||
debug('AdminSetup Status: ' + status);
|
||||
if (status == 200) { debug('AdminSetup ReturnValue: ' + responses['Body']['ReturnValue']); }
|
||||
if ((status == 200) && (responses['Body']['ReturnValue'] == 0)) {
|
||||
// ACM activation success, force an update to the server so it can get our new state.
|
||||
if (obj.onStateChange != null) { obj.onStateChange(2); }
|
||||
}
|
||||
}
|
||||
);
|
||||
}
|
||||
@ -628,7 +610,7 @@ function AmtManager(agent, db, isdebug) {
|
||||
var wsmanQuery = ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService', '*AMT_RedirectionService', '*CIM_KVMRedirectionSAP', 'AMT_PublicKeyCertificate', '*AMT_EnvironmentDetectionSettingData'];
|
||||
if (amtpolicy.cirasetup == 2) { wsmanQuery.push("AMT_ManagementPresenceRemoteSAP", "AMT_RemoteAccessCredentialContext", "AMT_RemoteAccessPolicyAppliesToMPS", "AMT_RemoteAccessPolicyRule", "*AMT_UserInitiatedConnectionService", "AMT_MPSUsernamePassword"); }
|
||||
try { amtstack.BatchEnum(null, wsmanQuery, wsmanPassTestResponse); } catch (ex) { debug(ex); }
|
||||
} else if ((amtpolicy.type == 3) && (meinfo.ProvisioningState == 0)) {
|
||||
} else if ((amtpolicy.type == 3) && (meinfo.ProvisioningState == 0) && (agent.isControlChannelConnected)) {
|
||||
// ACM Activation Policy
|
||||
obj.getTrustedHashes(obj.activeToACM, meinfo);
|
||||
} else {
|
||||
|
File diff suppressed because one or more lines are too long
@ -12417,7 +12417,8 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
||||
function p20editMeshAmtChange() {
|
||||
var ptype = Q('dp20amtpolicy').value, x = '';
|
||||
if (ptype >= 2) {
|
||||
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||
x += addHtmlValue('Password*', '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||
if (ptype == 2) { x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>"); }
|
||||
if ((features & 0x400) == 0) {
|
||||
if (ptype == 2) {
|
||||
@ -12439,7 +12440,10 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
|
||||
|
||||
function dp20amtValidatePolicy() {
|
||||
var ok = true, ptype = Q('dp20amtpolicy').value;
|
||||
if (ptype == 2) { var pass = Q('dp20amtpolicypass').value; ok = (pass == '') ? true : passwordcheck(pass); }
|
||||
if ((ptype == 2) || (ptype == 3)) {
|
||||
var pass = Q('dp20amtpolicypass').value, pass2 = Q('dp20amtpolicypass2').value;
|
||||
ok = ((pass === pass2) && ((pass === '') ? true : passwordcheck(pass)));
|
||||
}
|
||||
QE('idx_dlgOkButton', ok);
|
||||
}
|
||||
|
||||
|
@ -6362,7 +6362,8 @@
|
||||
function p20editMeshAmtChange() {
|
||||
var ptype = Q('dp20amtpolicy').value, x = '';
|
||||
if (ptype >= 2) {
|
||||
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||
x += addHtmlValue('Password*', '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
|
||||
if (ptype == 2) { x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel® AMT</option></select>"); }
|
||||
if ((features & 0x400) == 0) {
|
||||
if (ptype == 2) {
|
||||
@ -6384,7 +6385,10 @@
|
||||
|
||||
function dp20amtValidatePolicy() {
|
||||
var ok = true, ptype = Q('dp20amtpolicy').value;
|
||||
if (ptype == 2) { var pass = Q('dp20amtpolicypass').value; ok = (pass == '') ? true : passwordcheck(pass); }
|
||||
if ((ptype == 2) || (ptype == 3)) {
|
||||
var pass = Q('dp20amtpolicypass').value, pass2 = Q('dp20amtpolicypass2').value;
|
||||
ok = ((pass === pass2) && ((pass === '') ? true : passwordcheck(pass)));
|
||||
}
|
||||
QE('idx_dlgOkButton', ok);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user