More work on Intel AMT ACM activation.

MeshCentralServer.njsproj

@@ -24,8 +24,10 @@
     <Compile Include="agents\meshcmd.min.js" />
     <Compile Include="agents\meshcore.js" />
     <Compile Include="agents\meshcore.min.js" />
+    <Compile Include="agents\modules_meshcmd\amt-ider.js" />
     <Compile Include="agents\modules_meshcmd\amt-lme.js" />
     <Compile Include="agents\modules_meshcmd\amt-mei.js" />
+    <Compile Include="agents\modules_meshcmd\amt-redir-duk.js" />
     <Compile Include="agents\modules_meshcmd\amt-scanner.js" />
     <Compile Include="agents\modules_meshcmd\amt-script.js" />
     <Compile Include="agents\modules_meshcmd\amt-wsman-duk.js" />

agents/meshcore.js

@@ -1832,11 +1832,25 @@ function createMeshCore(agent) {
                 try {
                     if (meinfo == null) return;
                     var intelamt = {}, p = false;
-                    if (meinfo.Versions && meinfo.Versions.AMT) { intelamt.ver = meinfo.Versions.AMT; p = true; }
+                    if ((meinfo.Versions != null) && (meinfo.Versions.AMT != null)) { intelamt.ver = meinfo.Versions.AMT; p = true; }
-                    if (meinfo.ProvisioningState) { intelamt.state = meinfo.ProvisioningState; p = true; }
+                    if (meinfo.ProvisioningState != null) { intelamt.state = meinfo.ProvisioningState; p = true; }
-                    if (meinfo.Flags) { intelamt.flags = meinfo.Flags; p = true; }
+                    if (meinfo.Flags != null) { intelamt.flags = meinfo.Flags; p = true; }
-                    if (meinfo.OsHostname) { intelamt.host = meinfo.OsHostname; p = true; }
+                    if (meinfo.OsHostname != null) { intelamt.host = meinfo.OsHostname; p = true; }
-                    if (meinfo.UUID) { intelamt.uuid = meinfo.UUID; p = true; }
+                    if (meinfo.UUID != null) { intelamt.uuid = meinfo.UUID; p = true; }
+                    if ((meinfo.ProvisioningState == 0) && (meinfo.net0 != null) && (meinfo.net0.enabled == 1)) { // If not activated, look to see if we have wired net working.
+                        // Not activated and we have wired ethernet, look for the trusted DNS
+                        var dns = meinfo.dns;
+                        if (dns == null) {
+                            // Trusted DNS not set, let's look for the OS network DNS suffix
+                            var interfaces = require('os').networkInterfaces();
+                            for (var i in interfaces) {
+                                for (var j in interfaces[i]) {
+                                    if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { dns = interfaces[i][j].fqdn; }
+                                }
+                            }
+                        }
+                        if (intelamt.dns != dns) { intelamt.dns = dns; p = true; }
+                    } else { if (intelamt.dns != null) { delete intelamt.dns; p = true; } }
                     if (p == true) {
                         var meInfoStr = JSON.stringify(intelamt);
                         if (meInfoStr != lastMeInfo) {

agents/modules_meshcore/amt-manage.js

@@ -516,6 +516,15 @@ function AmtManager(agent, db, isdebug) {
                 var wsmanQuery = ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService', '*AMT_RedirectionService', '*CIM_KVMRedirectionSAP', 'AMT_PublicKeyCertificate', '*AMT_EnvironmentDetectionSettingData'];
                 if (amtpolicy.cirasetup == 2) { wsmanQuery.push("AMT_ManagementPresenceRemoteSAP", "AMT_RemoteAccessCredentialContext", "AMT_RemoteAccessPolicyAppliesToMPS", "AMT_RemoteAccessPolicyRule", "*AMT_UserInitiatedConnectionService", "AMT_MPSUsernamePassword"); }
                 try { amtstack.BatchEnum(null, wsmanQuery, wsmanPassTestResponse); } catch (ex) { debug(ex); }
+            } else if ((amtpolicy.type == 3) && (meinfo.ProvisioningState == 0)) {
+                // ACM Activation Policy
+                // TODO: Check that we have wired ethernet enabled and that the DNS domain suffix matches a server certificate...
+
+                // TODO: Check that a trusted hash matches the server cert root hash...
+
+                // TODO: Fetch Intel AMT Realm and Nonce and get ready to ACM activation...
+
+                //console.log(meinfo);
             } else {
                 // Other possible cases...
             }

meshcentral.js

@@ -1018,7 +1018,9 @@ function CreateMeshCentralServer(config, args) {
                 for (var i in obj.eventsDispatch[id]) {
                     if (targets.indexOf(obj.eventsDispatch[id][i]) == -1) { // Check if we already displatched to this target
                         targets.push(obj.eventsDispatch[id][i]);
-                        obj.eventsDispatch[id][i].HandleEvent(source, event);
+                        try { obj.eventsDispatch[id][i].HandleEvent(source, event); } catch (ex) {
+                            console.log(ex, obj.eventsDispatch[id][i]);
+                        }
                     }
                 }
             }

meshmail.js

@@ -14,6 +14,8 @@
 /*jshint esversion: 6 */
 "use strict";
 
+// TODO: Add NTML support with "nodemailer-ntlm-auth" https://github.com/nodemailer/nodemailer-ntlm-auth
+
 // Construct a MeshAgent object, called upon connection
 module.exports.CreateMeshMail = function (parent) {
     var obj = {};

meshuser.js

@@ -1395,20 +1395,33 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                     // We only create Agent-less Intel AMT mesh (Type1), or Agent mesh (Type2)
                     if ((command.meshtype == 1) || (command.meshtype == 2)) {
                         parent.crypto.randomBytes(48, function (err, buf) {
+                            // Create new device group identifier
                             meshid = 'mesh/' + domain.id + '/' + buf.toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
+
+                            // Create the new device group
                             var links = {};
                             links[user._id] = { name: user.name, rights: 0xFFFFFFFF };
                             mesh = { type: 'mesh', _id: meshid, name: command.meshname, mtype: command.meshtype, desc: command.desc, domain: domain.id, links: links };
                             db.Set(common.escapeLinksFieldName(mesh));
                             parent.meshes[meshid] = mesh;
                             parent.parent.AddEventDispatch([meshid], ws);
+
+                            // Change the user to make him administration of the new device group
                             if (user.links == null) user.links = {};
                             user.links[meshid] = { rights: 0xFFFFFFFF };
                             user.subscriptions = parent.subscribe(user._id, ws);
                             db.SetUser(user);
+
+                            // Event the user change
+                            var targets = ['*', 'server-users', user._id];
+                            if (user.groups) { for (var i in user.groups) { targets.push('server-users:' + i); } }
+                            var event = { etype: 'user', username: user.name, account: parent.CloneSafeUser(user), action: 'accountchange', domain: domain.id, nolog: 1 };
+                            if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the user. Another event will come.
+                            parent.parent.DispatchEvent(targets, obj, event);
+
+                            // Event the device group creation
                             var event = { etype: 'mesh', username: user.name, meshid: meshid, name: command.meshname, mtype: command.meshtype, desc: command.desc, action: 'createmesh', links: links, msg: 'Mesh created: ' + command.meshname, domain: domain.id };
-                            if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to create the mesh. Another event will come.
+                            parent.parent.DispatchEvent(['*', meshid, user._id], obj, event); // Even if DB change stream is active, this event must be acted upon.
-                            parent.parent.DispatchEvent(['*', meshid, user._id], obj, event);
                         });
                     }
                     break;
@@ -1427,8 +1440,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
 
                         // Fire the removal event first, because after this, the event will not route
                         var event = { etype: 'mesh', username: user.name, meshid: command.meshid, name: command.meshname, action: 'deletemesh', msg: 'Mesh deleted: ' + command.meshname, domain: domain.id };
-                        if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to remove the mesh. Another event will come.
+                        parent.parent.DispatchEvent(['*', command.meshid], obj, event); // Even if DB change stream is active, this event need to be acted on.
-                        parent.parent.DispatchEvent(['*', command.meshid], obj, event);
 
                         // Remove all user links to this mesh
                         for (i in meshes) {

views/default.handlebars

@@ -1302,6 +1302,7 @@
         }
 
         function onMessage(server, message) {
+            if (args.trace == 1) { console.log('MSG:', message); }
             switch (message.action) {
                 case 'serverstats': {
                     updateGeneralServerStats(message);