diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe index 65370b1f..264b804a 100644 Binary files a/agents/MeshCmd-signed.exe and b/agents/MeshCmd-signed.exe differ diff --git a/agents/MeshCmd64-signed.exe b/agents/MeshCmd64-signed.exe index 49c6d07d..88f45b81 100644 Binary files a/agents/MeshCmd64-signed.exe and b/agents/MeshCmd64-signed.exe differ diff --git a/agents/MeshService-signed.exe b/agents/MeshService-signed.exe index 3facec82..e6d1e470 100644 Binary files a/agents/MeshService-signed.exe and b/agents/MeshService-signed.exe differ diff --git a/agents/MeshService64-signed.exe b/agents/MeshService64-signed.exe index 8cbffe73..bad916a9 100644 Binary files a/agents/MeshService64-signed.exe and b/agents/MeshService64-signed.exe differ diff --git a/agents/meshcmd.js b/agents/meshcmd.js index b07c7c1f..cb238b4b 100644 --- a/agents/meshcmd.js +++ b/agents/meshcmd.js @@ -559,55 +559,60 @@ function run(argv) { amtMei.getRemoteAccessConnectionStatus(function (result) { if ((result != null) && (result.status == 0)) { mestate.networkStatus = result.networkStatus; mestate.remoteAccessStatus = result.remoteAccessStatus; mestate.remoteAccessTrigger = result.remoteAccessTrigger; mestate.mpsHostname = result.mpsHostname; } }); amtMei.getDnsSuffix(function (result) { if (result) { mestate.DnsSuffix = result; } - if (args.json) { - console.log(JSON.stringify(mestate, null, 2)); - } else if (mestate.ver && mestate.ProvisioningState && mestate.ProvisioningMode) { - var str = 'Intel ME v' + mestate.ver; - if (mestate.sku & 8) { str = 'Intel AMT v' + mestate.ver } - else if (mestate.sku & 16) { str = 'Intel SM v' + mestate.ver } - if (mestate.ProvisioningState.stateStr == 'PRE') { str += ', pre-provisioning state'; } - else if (mestate.ProvisioningState.stateStr == 'IN') { str += ', in-provisioning state'; } - else if (mestate.ProvisioningState.stateStr == 'POST') { - if (mestate.ProvisioningMode) { - if (mestate.controlmode) { - if (mestate.ProvisioningMode.modeStr == 'ENTERPRISE') { str += ', activated in ' + ["none", "Client Control Mode (CCM)", "Admin Control Mode (ACM)", "remote assistance mode"][mestate.controlmode.controlMode]; } else { str += ', activated in ' + mestate.ProvisioningMode.modeStr; } - } else { - str += ', activated in ' + mestate.ProvisioningMode.modeStr; - } - } - } - if (mestate.ehbc) { str += ', EHBC enabled'; } - str += '.'; - if (mestate.net0 != null) { str += '\r\nWired ' + ((mestate.net0.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net0.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net0.mac + (mestate.net0.address == '0.0.0.0' ? '' : (', ' + mestate.net0.address)); } - if (mestate.net1 != null) { str += '\r\nWireless ' + ((mestate.net1.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net1.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net1.mac + (mestate.net1.address == '0.0.0.0' ? '' : (', ' + mestate.net1.address)); } - if ((mestate.net0 != null) && (mestate.net0.enabled == 1)) { - if (mestate.DnsSuffix != null) { - // Intel AMT has a trusted DNS suffix set, use that one. - str += '\r\nTrusted DNS suffix: ' + mestate.DnsSuffix; - } else { - // Look for the DNS suffix for the Intel AMT Ethernet interface - var fqdn = null, interfaces = require('os').networkInterfaces(); - for (var i in interfaces) { - for (var j in interfaces[i]) { - if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { fqdn = interfaces[i][j].fqdn; } + getAmtOsDnsSuffix(mestate, function() { + if (args.json) { + console.log(JSON.stringify(mestate, null, 2)); + } else if (mestate.ver && mestate.ProvisioningState && mestate.ProvisioningMode) { + var str = 'Intel ME v' + mestate.ver; + if (mestate.sku & 8) { str = 'Intel AMT v' + mestate.ver } + else if (mestate.sku & 16) { str = 'Intel SM v' + mestate.ver } + if (mestate.ProvisioningState.stateStr == 'PRE') { str += ', pre-provisioning state'; } + else if (mestate.ProvisioningState.stateStr == 'IN') { str += ', in-provisioning state'; } + else if (mestate.ProvisioningState.stateStr == 'POST') { + if (mestate.ProvisioningMode) { + if (mestate.controlmode) { + if (mestate.ProvisioningMode.modeStr == 'ENTERPRISE') { str += ', activated in ' + ["none", "Client Control Mode (CCM)", "Admin Control Mode (ACM)", "remote assistance mode"][mestate.controlmode.controlMode]; } else { str += ', activated in ' + mestate.ProvisioningMode.modeStr; } + } else { + str += ', activated in ' + mestate.ProvisioningMode.modeStr; } } - if (fqdn != null) { str += '\r\nDNS suffix: ' + fqdn; } } - } - if (typeof mestate.networkStatus == 'number') { - str += '\r\nConnection Status: ' + ['Direct', 'VPN', 'Outside', 'Unknown'][mestate.networkStatus]; - str += ', CIRA: ' + ['Disconnected', 'Connecting', 'Connected'][mestate.remoteAccessStatus]; - if ((mestate.remoteAccessStatus > 0) && (mestate.mpsHostname != null) && (mestate.mpsHostname.length > 0)) { - str += ' to ' + mestate.mpsHostname + ', ' + ['User initiated', 'Alert', 'Periodic', 'Provisioning'][mestate.remoteAccessTrigger]; + if (mestate.ehbc) { str += ', EHBC enabled'; } + str += '.'; + if (mestate.net0 != null) { str += '\r\nWired ' + ((mestate.net0.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net0.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net0.mac + (mestate.net0.address == '0.0.0.0' ? '' : (', ' + mestate.net0.address)); } + if (mestate.net1 != null) { str += '\r\nWireless ' + ((mestate.net1.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net1.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net1.mac + (mestate.net1.address == '0.0.0.0' ? '' : (', ' + mestate.net1.address)); } + if ((mestate.net0 != null) && (mestate.net0.enabled == 1)) { + if (mestate.DnsSuffix != null) { + // Intel AMT has a trusted DNS suffix set, use that one. + str += '\r\nTrusted DNS suffix: ' + mestate.DnsSuffix; + } else if (mestate.OsDnsSuffix != null) { + // Already found the DNS suffix for the wired interface + str += '\r\nDNS suffix: ' + mestate.OsDnsSuffix; + } else { + // Look for the DNS suffix for the Intel AMT Ethernet interface + var fqdn = null, interfaces = require('os').networkInterfaces(); + for (var i in interfaces) { + for (var j in interfaces[i]) { + if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { fqdn = interfaces[i][j].fqdn; } + } + } + if (fqdn != null) { str += '\r\nDNS suffix: ' + fqdn; } + } } + if (typeof mestate.networkStatus == 'number') { + str += '\r\nConnection Status: ' + ['Direct', 'VPN', 'Outside', 'Unknown'][mestate.networkStatus]; + str += ', CIRA: ' + ['Disconnected', 'Connecting', 'Connected'][mestate.remoteAccessStatus]; + if ((mestate.remoteAccessStatus > 0) && (mestate.mpsHostname != null) && (mestate.mpsHostname.length > 0)) { + str += ' to ' + mestate.mpsHostname + ', ' + ['User initiated', 'Alert', 'Periodic', 'Provisioning'][mestate.remoteAccessTrigger]; + } + } + console.log(str + '.'); + exit(0); + } else { + console.log('Intel(R) AMT not supported.'); + exit(1); } - console.log(str + '.'); - exit(0); - } else { - console.log('Intel(R) AMT not supported.'); - exit(1); - } + }); }); } else { console.log("Unable to perform MEI operations, try running as " + ((process.platform == 'win32')?"administrator.":"root.")); @@ -1184,7 +1189,7 @@ function configureAmt() { getMeiState(15, function (state) { // Flags: 1 = Versions, 2 = OsAdmin, 4 = Hashes, 8 = Network if (state == null) { console.log("Unable to get Intel AMT state, try running as " + ((process.platform == 'win32')?"administrator.":"root.")); exit(1); return; } if (state.ProvisioningState == null) { console.log('Intel AMT not ready for configuration.'); exit(1); return; } - startLms(configureAmt2, false, state); + getAmtOsDnsSuffix(state, function() { startLms(configureAmt2, false, state); }); }); } @@ -2987,6 +2992,19 @@ function getMeiState(flags, func) { } catch (e) { if (func != null) { func(null); } return; } } +// On non-Windows platforms, we need to query the DHCP server for the DNS suffix +function getAmtOsDnsSuffix(mestate, func) { + if ((process.platform == 'win32') || (mestate.net0 == null) || (mestate.net0.mac == null)) { func(mestate); return; } + try { require('linux-dhcp') } catch (ex) { func(mestate); return; } + require('linux-dhcp').client.info(mestate.net0.mac).then(function(d) { + if ((typeof d.options == 'object') && (typeof d.options.domainname == 'string')) { mestate.OsDnsSuffix = d.options.domainname; } + func(mestate); + }, function(e) { + console.log('DHCP error', e); + func(mestate); + }); +} + // // Startup diff --git a/amtmanager.js b/amtmanager.js index 9e8eb2cf..778a6d6b 100644 --- a/amtmanager.js +++ b/amtmanager.js @@ -1897,7 +1897,7 @@ module.exports.CreateAmtManager = function (parent) { var trustedFqdn = null; if (dev.mpsConnection.tag.meiState.OsDnsSuffix != null) { trustedFqdn = dev.mpsConnection.tag.meiState.OsDnsSuffix; } if (dev.mpsConnection.tag.meiState.DnsSuffix != null) { trustedFqdn = dev.mpsConnection.tag.meiState.DnsSuffix; } - dev.consoleMsg("No opportunity for ACM activation, trusted FQDN: " + ((trustedFqdn == null) ? "(Not Set)" : (trustedFqdn + ", HEX: " + Buffer.from(trustedFqdn).toString('hex')))); + dev.consoleMsg("No opportunity for ACM activation, trusted FQDN: " + ((trustedFqdn == null) ? "(Not Set)" : trustedFqdn)); removeAmtDevice(dev, 38); return false; // We are not in CCM and policy restricts use of CCM, so exit now. } diff --git a/webserver.js b/webserver.js index da433499..c2a35e16 100644 --- a/webserver.js +++ b/webserver.js @@ -5721,20 +5721,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (obj.parent.config.firebase.relayserver) { parent.debug('email', 'Firebase-relay-handler'); obj.app.ws(url + 'firebaserelay.aspx', handleFirebaseRelayRequest); } } - /* - // Testing code only, display a POST and return 200 OK - obj.app.post(url + 'post.aspx', function (req, res) { - var body = []; - req.on('data', function(chunk) { - body.push(chunk); - }).on('end', () => { - body = Buffer.concat(body).toString(); - console.log(body); - res.sendStatus(200); - }); - }); - */ - // Setup auth strategies using passport if needed if (typeof domain.authstrategies == 'object') { const passport = domain.passport = require('passport');