From 7fc98cc80499578a506b1733d38acfc41077e652 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Wed, 7 Oct 2020 12:30:29 -0700 Subject: [PATCH] AMT manager will now clear device credentials if they don't work. --- amtmanager.js | 41 ++++++++++++++++++++++++++++++++++++++-- views/default.handlebars | 2 +- 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/amtmanager.js b/amtmanager.js index 39811ad1..07260ab0 100644 --- a/amtmanager.js +++ b/amtmanager.js @@ -88,8 +88,6 @@ module.exports.CreateAmtManager = function(parent) { if (dev == null) { dev = obj.amtDevices[nodeid]; } if (dev == null) return; - //if (dev.host != '192.168.2.136') return; - if ((dev.acctry == null) && ((typeof dev.intelamt.user != 'string') || (typeof dev.intelamt.pass != 'string'))) { if (obj.amtAdminAccounts.length > 0) { dev.acctry = 0; } else { return; } } @@ -155,6 +153,9 @@ module.exports.CreateAmtManager = function(parent) { // Authentication error, see if we can use alternative credentials if ((dev.acctry == null) && (obj.amtAdminAccounts.length > 0)) { dev.acctry = 0; attemptInitialContact(dev.nodeid, dev); return; } if ((dev.acctry != null) && (obj.amtAdminAccounts.length > (dev.acctry + 1))) { dev.acctry++; attemptInitialContact(dev.nodeid, dev); return; } + + // We are unable to authenticate to this device, clear Intel AMT credentials. + ClearDeviceCredentials(dev); } //console.log(dev.nodeid, dev.name, dev.host, status, 'Bad response'); removeDevice(dev.nodeid); @@ -210,6 +211,42 @@ module.exports.CreateAmtManager = function(parent) { }); } + // Change the current core information string and event it + function ClearDeviceCredentials(dev) { + if (obj.amtDevices[dev.nodeid] == null) return; // Device no longer exists, ignore this request. + + // Check that the mesh exists + const mesh = parent.webserver.meshes[dev.meshid]; + if (mesh == null) { removeDevice(dev.nodeid); return; } + + // Get the node and change it if needed + parent.db.Get(dev.nodeid, function (err, nodes) { + if ((nodes == null) || (nodes.length != 1)) return; + const device = nodes[0]; + var changes = [], change = 0, log = 0; + var domain = parent.config.domains[device.domain]; + if (domain == null) return; + + // Check if anything changes + if (device.intelamt == null) return; + if (device.intelamt.user != null) { change = 1; log = 1; delete device.intelamt.user; changes.push('AMT user'); } + if (device.intelamt.pass != null) { change = 1; log = 1; delete device.intelamt.pass; changes.push('AMT pass'); } + + // If there are changes, event the new device + if (change == 1) { + // Save to the database + parent.db.Set(device); + + // Event the node change + var event = { etype: 'node', action: 'changenode', nodeid: device._id, domain: domain.id, node: parent.webserver.CloneSafeNode(device) }; + if (changes.length > 0) { event.msg = 'Changed device ' + device.name + ' from group ' + mesh.name + ': ' + changes.join(', '); } + if ((log == 0) || ((obj.agentInfo) && (obj.agentInfo.capabilities) && (obj.agentInfo.capabilities & 0x20)) || (changes.length == 0)) { event.nolog = 1; } // If this is a temporary device, don't log changes + if (parent.db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the node. Another event will come. + parent.DispatchEvent(parent.webserver.CreateMeshDispatchTargets(device.meshid, [device._id]), obj, event); + } + }); + } + function attemptFetchHardwareInventory(dev) { if (obj.amtDevices[dev.nodeid] == null) return false; // Device no longer exists, ignore this request. const mesh = parent.webserver.meshes[dev.meshid]; diff --git a/views/default.handlebars b/views/default.handlebars index 7cbcca02..0c49f443 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -2777,7 +2777,7 @@ if (node.intelamt == null) node.intelamt = {}; if (message.event.node.intelamt.state != null) { node.intelamt.state = message.event.node.intelamt.state; } if (message.event.node.intelamt.host != null) { node.intelamt.user = message.event.node.intelamt.host; } - if (message.event.node.intelamt.user != null) { node.intelamt.user = message.event.node.intelamt.user; } + if (message.event.node.intelamt.user != null) { node.intelamt.user = message.event.node.intelamt.user; } else { delete node.intelamt.user; } if (message.event.node.intelamt.tls != null) { node.intelamt.tls = message.event.node.intelamt.tls; } if (message.event.node.intelamt.ver != null) { node.intelamt.ver = message.event.node.intelamt.ver; } if (message.event.node.intelamt.tag != null) { node.intelamt.tag = message.event.node.intelamt.tag; }