More work on Intel AMT ACM activation.
This commit is contained in:
parent
0b92b1fc32
commit
5a4223e5a6
|
@ -24,8 +24,10 @@
|
|||
<Compile Include="agents\meshcmd.min.js" />
|
||||
<Compile Include="agents\meshcore.js" />
|
||||
<Compile Include="agents\meshcore.min.js" />
|
||||
<Compile Include="agents\modules_meshcmd\amt-ider.js" />
|
||||
<Compile Include="agents\modules_meshcmd\amt-lme.js" />
|
||||
<Compile Include="agents\modules_meshcmd\amt-mei.js" />
|
||||
<Compile Include="agents\modules_meshcmd\amt-redir-duk.js" />
|
||||
<Compile Include="agents\modules_meshcmd\amt-scanner.js" />
|
||||
<Compile Include="agents\modules_meshcmd\amt-script.js" />
|
||||
<Compile Include="agents\modules_meshcmd\amt-wsman-duk.js" />
|
||||
|
|
|
@ -1832,11 +1832,25 @@ function createMeshCore(agent) {
|
|||
try {
|
||||
if (meinfo == null) return;
|
||||
var intelamt = {}, p = false;
|
||||
if (meinfo.Versions && meinfo.Versions.AMT) { intelamt.ver = meinfo.Versions.AMT; p = true; }
|
||||
if (meinfo.ProvisioningState) { intelamt.state = meinfo.ProvisioningState; p = true; }
|
||||
if (meinfo.Flags) { intelamt.flags = meinfo.Flags; p = true; }
|
||||
if (meinfo.OsHostname) { intelamt.host = meinfo.OsHostname; p = true; }
|
||||
if (meinfo.UUID) { intelamt.uuid = meinfo.UUID; p = true; }
|
||||
if ((meinfo.Versions != null) && (meinfo.Versions.AMT != null)) { intelamt.ver = meinfo.Versions.AMT; p = true; }
|
||||
if (meinfo.ProvisioningState != null) { intelamt.state = meinfo.ProvisioningState; p = true; }
|
||||
if (meinfo.Flags != null) { intelamt.flags = meinfo.Flags; p = true; }
|
||||
if (meinfo.OsHostname != null) { intelamt.host = meinfo.OsHostname; p = true; }
|
||||
if (meinfo.UUID != null) { intelamt.uuid = meinfo.UUID; p = true; }
|
||||
if ((meinfo.ProvisioningState == 0) && (meinfo.net0 != null) && (meinfo.net0.enabled == 1)) { // If not activated, look to see if we have wired net working.
|
||||
// Not activated and we have wired ethernet, look for the trusted DNS
|
||||
var dns = meinfo.dns;
|
||||
if (dns == null) {
|
||||
// Trusted DNS not set, let's look for the OS network DNS suffix
|
||||
var interfaces = require('os').networkInterfaces();
|
||||
for (var i in interfaces) {
|
||||
for (var j in interfaces[i]) {
|
||||
if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { dns = interfaces[i][j].fqdn; }
|
||||
}
|
||||
}
|
||||
}
|
||||
if (intelamt.dns != dns) { intelamt.dns = dns; p = true; }
|
||||
} else { if (intelamt.dns != null) { delete intelamt.dns; p = true; } }
|
||||
if (p == true) {
|
||||
var meInfoStr = JSON.stringify(intelamt);
|
||||
if (meInfoStr != lastMeInfo) {
|
||||
|
|
|
@ -516,6 +516,15 @@ function AmtManager(agent, db, isdebug) {
|
|||
var wsmanQuery = ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService', '*AMT_RedirectionService', '*CIM_KVMRedirectionSAP', 'AMT_PublicKeyCertificate', '*AMT_EnvironmentDetectionSettingData'];
|
||||
if (amtpolicy.cirasetup == 2) { wsmanQuery.push("AMT_ManagementPresenceRemoteSAP", "AMT_RemoteAccessCredentialContext", "AMT_RemoteAccessPolicyAppliesToMPS", "AMT_RemoteAccessPolicyRule", "*AMT_UserInitiatedConnectionService", "AMT_MPSUsernamePassword"); }
|
||||
try { amtstack.BatchEnum(null, wsmanQuery, wsmanPassTestResponse); } catch (ex) { debug(ex); }
|
||||
} else if ((amtpolicy.type == 3) && (meinfo.ProvisioningState == 0)) {
|
||||
// ACM Activation Policy
|
||||
// TODO: Check that we have wired ethernet enabled and that the DNS domain suffix matches a server certificate...
|
||||
|
||||
// TODO: Check that a trusted hash matches the server cert root hash...
|
||||
|
||||
// TODO: Fetch Intel AMT Realm and Nonce and get ready to ACM activation...
|
||||
|
||||
//console.log(meinfo);
|
||||
} else {
|
||||
// Other possible cases...
|
||||
}
|
||||
|
|
|
@ -1018,7 +1018,9 @@ function CreateMeshCentralServer(config, args) {
|
|||
for (var i in obj.eventsDispatch[id]) {
|
||||
if (targets.indexOf(obj.eventsDispatch[id][i]) == -1) { // Check if we already displatched to this target
|
||||
targets.push(obj.eventsDispatch[id][i]);
|
||||
obj.eventsDispatch[id][i].HandleEvent(source, event);
|
||||
try { obj.eventsDispatch[id][i].HandleEvent(source, event); } catch (ex) {
|
||||
console.log(ex, obj.eventsDispatch[id][i]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,6 +14,8 @@
|
|||
/*jshint esversion: 6 */
|
||||
"use strict";
|
||||
|
||||
// TODO: Add NTML support with "nodemailer-ntlm-auth" https://github.com/nodemailer/nodemailer-ntlm-auth
|
||||
|
||||
// Construct a MeshAgent object, called upon connection
|
||||
module.exports.CreateMeshMail = function (parent) {
|
||||
var obj = {};
|
||||
|
|
20
meshuser.js
20
meshuser.js
|
@ -1395,20 +1395,33 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
// We only create Agent-less Intel AMT mesh (Type1), or Agent mesh (Type2)
|
||||
if ((command.meshtype == 1) || (command.meshtype == 2)) {
|
||||
parent.crypto.randomBytes(48, function (err, buf) {
|
||||
// Create new device group identifier
|
||||
meshid = 'mesh/' + domain.id + '/' + buf.toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
|
||||
|
||||
// Create the new device group
|
||||
var links = {};
|
||||
links[user._id] = { name: user.name, rights: 0xFFFFFFFF };
|
||||
mesh = { type: 'mesh', _id: meshid, name: command.meshname, mtype: command.meshtype, desc: command.desc, domain: domain.id, links: links };
|
||||
db.Set(common.escapeLinksFieldName(mesh));
|
||||
parent.meshes[meshid] = mesh;
|
||||
parent.parent.AddEventDispatch([meshid], ws);
|
||||
|
||||
// Change the user to make him administration of the new device group
|
||||
if (user.links == null) user.links = {};
|
||||
user.links[meshid] = { rights: 0xFFFFFFFF };
|
||||
user.subscriptions = parent.subscribe(user._id, ws);
|
||||
db.SetUser(user);
|
||||
|
||||
// Event the user change
|
||||
var targets = ['*', 'server-users', user._id];
|
||||
if (user.groups) { for (var i in user.groups) { targets.push('server-users:' + i); } }
|
||||
var event = { etype: 'user', username: user.name, account: parent.CloneSafeUser(user), action: 'accountchange', domain: domain.id, nolog: 1 };
|
||||
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the user. Another event will come.
|
||||
parent.parent.DispatchEvent(targets, obj, event);
|
||||
|
||||
// Event the device group creation
|
||||
var event = { etype: 'mesh', username: user.name, meshid: meshid, name: command.meshname, mtype: command.meshtype, desc: command.desc, action: 'createmesh', links: links, msg: 'Mesh created: ' + command.meshname, domain: domain.id };
|
||||
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to create the mesh. Another event will come.
|
||||
parent.parent.DispatchEvent(['*', meshid, user._id], obj, event);
|
||||
parent.parent.DispatchEvent(['*', meshid, user._id], obj, event); // Even if DB change stream is active, this event must be acted upon.
|
||||
});
|
||||
}
|
||||
break;
|
||||
|
@ -1427,8 +1440,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
|
||||
// Fire the removal event first, because after this, the event will not route
|
||||
var event = { etype: 'mesh', username: user.name, meshid: command.meshid, name: command.meshname, action: 'deletemesh', msg: 'Mesh deleted: ' + command.meshname, domain: domain.id };
|
||||
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to remove the mesh. Another event will come.
|
||||
parent.parent.DispatchEvent(['*', command.meshid], obj, event);
|
||||
parent.parent.DispatchEvent(['*', command.meshid], obj, event); // Even if DB change stream is active, this event need to be acted on.
|
||||
|
||||
// Remove all user links to this mesh
|
||||
for (i in meshes) {
|
||||
|
|
|
@ -1302,6 +1302,7 @@
|
|||
}
|
||||
|
||||
function onMessage(server, message) {
|
||||
if (args.trace == 1) { console.log('MSG:', message); }
|
||||
switch (message.action) {
|
||||
case 'serverstats': {
|
||||
updateGeneralServerStats(message);
|
||||
|
|
Loading…
Reference in New Issue