MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Intel AMT ACM activation fully working.

This commit is contained in:
Ylian Saint-Hilaire 2019-06-20 18:23:52 -07:00
parent 56637d4d58
commit 57b4b6cde2
6 changed files with 39 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
certoperations.js
View File

@ -83,11 +83,28 @@ module.exports.CertificateOperations = function (parent) {
var acmCerts = [], acmmatch = []; var acmCerts = [], acmmatch = [];
if (amtacmactivation.certs != null) { if (amtacmactivation.certs != null) {
for (var j in amtacmactivation.certs) { for (var j in amtacmactivation.certs) {
var acmconfig = amtacmactivation.certs[j]; var acmconfig = amtacmactivation.certs[j], r = null;
if (typeof acmconfig.cert != 'string') continue;
var r = null; if ((typeof acmconfig.certpfx == 'string') && (typeof acmconfig.certpfxpass == 'string')) {
try { r = obj.loadPfxCertificate(obj.parent.path.join(obj.parent.datapath, acmconfig.cert), acmconfig.certpass); } catch (ex) { console.log(ex); } // P12 format, certpfx and certpfxpass
if ((r == null) || (r.certs == null) || (r.keys == null) || (r.certs.length < 2) || (r.keys.length != 1)) continue; try { r = obj.loadPfxCertificate(obj.parent.path.join(obj.parent.datapath, acmconfig.certpfx), acmconfig.certpfxpass); } catch (ex) { console.log(ex); }
if ((r == null) || (r.certs == null) || (r.keys == null) || (r.certs.length < 2) || (r.keys.length != 1)) continue;
} else if ((typeof acmconfig.certfiles == 'object') && (typeof acmconfig.keyfile == 'string')) {
// PEM format, certfiles and keyfile
r = { certs: [], keys: [] };
for (var k in acmconfig.certfiles) { r.certs.push(obj.pki.certificateFromPem(obj.fs.readFileSync(obj.parent.path.join(obj.parent.datapath, acmconfig.certfiles[k])))); }
r.keys.push(obj.pki.privateKeyFromPem(obj.fs.readFileSync(obj.parent.path.join(obj.parent.datapath, acmconfig.keyfile))));
if ((r.certs.length < 2) || (r.keys.length != 1)) continue;
}
/*
// Debug: Display all certs & key as PEM
for (var k in r.certs) {
var cn = r.certs[k].subject.getField('CN');
if (cn != null) { console.log(cn.value + '\r\n' + obj.pki.certificateToPem(r.certs[k])); } else { console.log(obj.pki.certificateToPem(r.certs[k])); }
}
console.log(obj.pki.privateKeyToPem(r.keys[0]));
*/
// Check if the right OU or OID is present for Intel AMT activation // Check if the right OU or OID is present for Intel AMT activation
var validActivationCert = false; var validActivationCert = false;
@ -164,14 +181,13 @@ module.exports.CertificateOperations = function (parent) {
// Return the certificate of the remote HTTPS server // Return the certificate of the remote HTTPS server
obj.loadPfxCertificate = function (filename, password) { obj.loadPfxCertificate = function (filename, password) {
var r = { certs: [], keys: [] }; var r = { certs: [], keys: [] };
var pfxbuf = obj.fs.readFileSync(filename); var pfxb64 = Buffer.from(obj.fs.readFileSync(filename)).toString('base64');
var pfxb64 = Buffer.from(pfxbuf).toString('base64'); var pfx = obj.forge.pkcs12.pkcs12FromAsn1(obj.forge.asn1.fromDer(obj.forge.util.decode64(pfxb64)), true, password);
var pfxder = obj.forge.util.decode64(pfxb64);
var asn = obj.forge.asn1.fromDer(pfxder);
var pfx = obj.forge.pkcs12.pkcs12FromAsn1(asn, true, password);
// Get the certs from certbags // Get the certs from certbags
var bags = pfx.getBags({ bagType: obj.forge.pki.oids.certBag }); var bags = pfx.getBags({ bagType: obj.forge.pki.oids.certBag });
for (var i = 0; i < bags[obj.forge.pki.oids.certBag].length; i++) { r.certs.push(bags[obj.forge.pki.oids.certBag][i].cert); } for (var i = 0; i < bags[obj.forge.pki.oids.certBag].length; i++) { r.certs.push(bags[obj.forge.pki.oids.certBag][i].cert); }
// Get shrouded key from key bags // Get shrouded key from key bags
bags = pfx.getBags({ bagType: obj.forge.pki.oids.pkcs8ShroudedKeyBag }); bags = pfx.getBags({ bagType: obj.forge.pki.oids.pkcs8ShroudedKeyBag });
for (var i = 0; i < bags[obj.forge.pki.oids.pkcs8ShroudedKeyBag].length; i++) { r.keys.push(bags[obj.forge.pki.oids.pkcs8ShroudedKeyBag][i].key); } for (var i = 0; i < bags[obj.forge.pki.oids.pkcs8ShroudedKeyBag].length; i++) { r.keys.push(bags[obj.forge.pki.oids.pkcs8ShroudedKeyBag][i].key); }

2
meshagent.js
View File

@ -1232,7 +1232,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
ChangeAgentCoreInfo({ "intelamt": { user: 'admin', pass: amtpassword, uuid: command.uuid, realm: command.realm } }); ChangeAgentCoreInfo({ "intelamt": { user: 'admin', pass: amtpassword, uuid: command.uuid, realm: command.realm } });
// Send the activation response // Send the activation response
//obj.send(JSON.stringify(signResponse)); obj.send(JSON.stringify(signResponse));
} }
break; break;
} }

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.3.6-r", "version": "0.3.6-s",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",

9
sample-config.json
View File

@ -82,6 +82,15 @@
"_MaxAgentSessions": 100, "_MaxAgentSessions": 100,
"MaxSingleUserSessions": 10 "MaxSingleUserSessions": 10
}, },
"_AmtAcmActivation": {
"log": "amtactivation.log",
"certs": {
"mycertname": {
"certfiles": [ "amtacm-leafcert.crt", "amtacm-intermediate1.crt", "amtacm-intermediate2.crt", "amtacm-rootcert.crt" ],
"keyfile": "amtacm-leafcert.key"
}
}
},
"_Redirects": { "_Redirects": {
"meshcommander": "https://www.meshcommander.com/" "meshcommander": "https://www.meshcommander.com/"
}, },

2
views/default-min.handlebars
View File

@ -9885,7 +9885,7 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
} }
// Attribute: Mesh Agent // Attribute: Mesh Agent
var agentsStr = ['Unknown', 'Windows 32bit console', 'Windows 64bit console', 'Windows 32bit service', 'Windows 64bit service', 'Linux 32bit', 'Linux 64bit', 'MIPS', 'XENx86', 'Android ARM', 'Linux ARM', 'MacOS 32bit', 'Android x86', 'PogoPlug ARM', 'Android APK', 'Linux Poky x86-32bit', 'MacOS 64bit', 'ChromeOS', 'Linux Poky x86-64bit', 'Linux NoKVM x86-32bit', 'Linux NoKVM x86-64bit', 'Windows MinCore console', 'Windows MinCore service', 'NodeJS', 'ARM-Linaro', 'ARMv6l / ARMv7l', 'ARMv8 64bit']; var agentsStr = ['Unknown', 'Windows 32bit console', 'Windows 64bit console', 'Windows 32bit service', 'Windows 64bit service', 'Linux 32bit', 'Linux 64bit', 'MIPS', 'XENx86', 'Android ARM', 'Linux ARM', 'MacOS 32bit', 'Android x86', 'PogoPlug ARM', 'Android APK', 'Linux Poky x86-32bit', 'MacOS 64bit', 'ChromeOS', 'Linux Poky x86-64bit', 'Linux NoKVM x86-32bit', 'Linux NoKVM x86-64bit', 'Windows MinCore console', 'Windows MinCore service', 'NodeJS', 'ARM-Linaro', 'ARMv6l / ARMv7l', 'ARMv8 64bit', 'Unknown', 'Unknown', 'Unknown', 'FreeBSD x86-64'];
if ((node.agent != null) && (node.agent.id != null) && (node.agent.ver != null)) { if ((node.agent != null) && (node.agent.id != null) && (node.agent.ver != null)) {
var str = ''; var str = '';
if (node.agent.id <= agentsStr.length) { str = agentsStr[node.agent.id]; } else { str = agentsStr[0]; } if (node.agent.id <= agentsStr.length) { str = agentsStr[node.agent.id]; } else { str = agentsStr[0]; }

2
views/default.handlebars
View File

@ -3830,7 +3830,7 @@
} }
// Attribute: Mesh Agent // Attribute: Mesh Agent
var agentsStr = ['Unknown', 'Windows 32bit console', 'Windows 64bit console', 'Windows 32bit service', 'Windows 64bit service', 'Linux 32bit', 'Linux 64bit', 'MIPS', 'XENx86', 'Android ARM', 'Linux ARM', 'MacOS 32bit', 'Android x86', 'PogoPlug ARM', 'Android APK', 'Linux Poky x86-32bit', 'MacOS 64bit', 'ChromeOS', 'Linux Poky x86-64bit', 'Linux NoKVM x86-32bit', 'Linux NoKVM x86-64bit', 'Windows MinCore console', 'Windows MinCore service', 'NodeJS', 'ARM-Linaro', 'ARMv6l / ARMv7l', 'ARMv8 64bit']; var agentsStr = ['Unknown', 'Windows 32bit console', 'Windows 64bit console', 'Windows 32bit service', 'Windows 64bit service', 'Linux 32bit', 'Linux 64bit', 'MIPS', 'XENx86', 'Android ARM', 'Linux ARM', 'MacOS 32bit', 'Android x86', 'PogoPlug ARM', 'Android APK', 'Linux Poky x86-32bit', 'MacOS 64bit', 'ChromeOS', 'Linux Poky x86-64bit', 'Linux NoKVM x86-32bit', 'Linux NoKVM x86-64bit', 'Windows MinCore console', 'Windows MinCore service', 'NodeJS', 'ARM-Linaro', 'ARMv6l / ARMv7l', 'ARMv8 64bit', 'Unknown', 'Unknown', 'Unknown', 'FreeBSD x86-64'];
if ((node.agent != null) && (node.agent.id != null) && (node.agent.ver != null)) { if ((node.agent != null) && (node.agent.id != null) && (node.agent.ver != null)) {
var str = ''; var str = '';
if (node.agent.id <= agentsStr.length) { str = agentsStr[node.agent.id]; } else { str = agentsStr[0]; } if (node.agent.id <= agentsStr.length) { str = agentsStr[node.agent.id]; } else { str = agentsStr[0]; }