mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-23 20:53:15 -05:00
More Intel AMT CCM improvements.
This commit is contained in:
parent
3b355e197f
commit
820868bd6e
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -537,64 +537,66 @@ function run(argv) {
|
|||||||
var amtMeiModule, amtMei;
|
var amtMeiModule, amtMei;
|
||||||
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { console.log(ex); exit(1); return; }
|
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { console.log(ex); exit(1); return; }
|
||||||
amtMei.on('error', function (e) { console.log('ERROR: ' + e); exit(1); return; });
|
amtMei.on('error', function (e) { console.log('ERROR: ' + e); exit(1); return; });
|
||||||
amtMei.getVersion(function (result) {
|
try {
|
||||||
if (result) {
|
amtMei.getVersion(function (result) {
|
||||||
for (var version in result.Versions) {
|
if (result) {
|
||||||
if (result.Versions[version].Description == 'AMT') { mestate.ver = result.Versions[version].Version; }
|
for (var version in result.Versions) {
|
||||||
if (result.Versions[version].Description == 'Sku') { mestate.sku = parseInt(result.Versions[version].Version); }
|
if (result.Versions[version].Description == 'AMT') { mestate.ver = result.Versions[version].Version; }
|
||||||
}
|
if (result.Versions[version].Description == 'Sku') { mestate.sku = parseInt(result.Versions[version].Version); }
|
||||||
}
|
|
||||||
});
|
|
||||||
amtMei.getProvisioningState(function (result) { if (result) { mestate.ProvisioningState = result; } });
|
|
||||||
amtMei.getProvisioningMode(function (result) { if (result) { mestate.ProvisioningMode = result; } });
|
|
||||||
amtMei.getEHBCState(function (result) { if (result) { mestate.ehbc = result; } });
|
|
||||||
amtMei.getControlMode(function (result) { if (result) { mestate.controlmode = result; } });
|
|
||||||
amtMei.getMACAddresses(function (result) { if (result) { mestate.mac = result; } });
|
|
||||||
amtMei.getLanInterfaceSettings(0, function (result) { if (result) { mestate.net0 = result; } });
|
|
||||||
amtMei.getLanInterfaceSettings(1, function (result) { if (result) { mestate.net1 = result; } });
|
|
||||||
amtMei.getUuid(function (result) { if ((result != null) && (result.uuid != null)) { mestate.uuid = result.uuid; } });
|
|
||||||
amtMei.getDnsSuffix(function (result) {
|
|
||||||
if (result) { mestate.dns = result; }
|
|
||||||
if (mestate.ver && mestate.ProvisioningState && mestate.ProvisioningMode) {
|
|
||||||
var str = 'Intel ME v' + mestate.ver;
|
|
||||||
if (mestate.sku & 8) { str = 'Intel AMT v' + mestate.ver }
|
|
||||||
else if (mestate.sku & 16) { str = 'Intel SM v' + mestate.ver }
|
|
||||||
if (mestate.ProvisioningState.stateStr == 'PRE') { str += ', pre-provisioning state'; }
|
|
||||||
else if (mestate.ProvisioningState.stateStr == 'IN') { str += ', in-provisioning state'; }
|
|
||||||
else if (mestate.ProvisioningState.stateStr == 'POST') {
|
|
||||||
if (mestate.ProvisioningMode) {
|
|
||||||
if (mestate.controlmode) {
|
|
||||||
if (mestate.ProvisioningMode.modeStr == 'ENTERPRISE') { str += ', activated in ' + ["none", "client control mode", "admin control mode", "remote assistance mode"][mestate.controlmode.controlMode]; } else { str += ', activated in ' + mestate.ProvisioningMode.modeStr; }
|
|
||||||
} else {
|
|
||||||
str += ', activated in ' + mestate.ProvisioningMode.modeStr;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ((mestate.ehbc) && (mestate.ehbc.EHBC == true)) { str += ', EHBC enabled'; }
|
});
|
||||||
str += '.';
|
amtMei.getProvisioningState(function (result) { if (result) { mestate.ProvisioningState = result; } });
|
||||||
if (mestate.net0 != null) { str += '\r\nWired ' + ((mestate.net0.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net0.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net0.mac + (mestate.net0.address == '0.0.0.0' ? '' : (', ' + mestate.net0.address)); }
|
amtMei.getProvisioningMode(function (result) { if (result) { mestate.ProvisioningMode = result; } });
|
||||||
if (mestate.net1 != null) { str += '\r\nWireless ' + ((mestate.net1.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net1.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net1.mac + (mestate.net1.address == '0.0.0.0' ? '' : (', ' + mestate.net1.address)); }
|
amtMei.getEHBCState(function (result) { if (result) { mestate.ehbc = result; } });
|
||||||
if ((mestate.ProvisioningState.stateStr != 'POST') && (mestate.net0 != null) && (mestate.net0.enabled == 1)) {
|
amtMei.getControlMode(function (result) { if (result) { mestate.controlmode = result; } });
|
||||||
if (mestate.dns != null) {
|
amtMei.getMACAddresses(function (result) { if (result) { mestate.mac = result; } });
|
||||||
// Intel AMT has a trusted DNS suffix set, use that one.
|
amtMei.getLanInterfaceSettings(0, function (result) { if (result) { mestate.net0 = result; } });
|
||||||
str += '\r\nTrusted DNS suffix: ' + mestate.dns;
|
amtMei.getLanInterfaceSettings(1, function (result) { if (result) { mestate.net1 = result; } });
|
||||||
} else {
|
amtMei.getUuid(function (result) { if ((result != null) && (result.uuid != null)) { mestate.uuid = result.uuid; } });
|
||||||
// Look for the DNS suffix for the Intel AMT Ethernet interface
|
amtMei.getDnsSuffix(function (result) {
|
||||||
var fqdn = null, interfaces = require('os').networkInterfaces();
|
if (result) { mestate.dns = result; }
|
||||||
for (var i in interfaces) {
|
if (mestate.ver && mestate.ProvisioningState && mestate.ProvisioningMode) {
|
||||||
for (var j in interfaces[i]) {
|
var str = 'Intel ME v' + mestate.ver;
|
||||||
if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { fqdn = interfaces[i][j].fqdn; }
|
if (mestate.sku & 8) { str = 'Intel AMT v' + mestate.ver }
|
||||||
|
else if (mestate.sku & 16) { str = 'Intel SM v' + mestate.ver }
|
||||||
|
if (mestate.ProvisioningState.stateStr == 'PRE') { str += ', pre-provisioning state'; }
|
||||||
|
else if (mestate.ProvisioningState.stateStr == 'IN') { str += ', in-provisioning state'; }
|
||||||
|
else if (mestate.ProvisioningState.stateStr == 'POST') {
|
||||||
|
if (mestate.ProvisioningMode) {
|
||||||
|
if (mestate.controlmode) {
|
||||||
|
if (mestate.ProvisioningMode.modeStr == 'ENTERPRISE') { str += ', activated in ' + ["none", "client control mode", "admin control mode", "remote assistance mode"][mestate.controlmode.controlMode]; } else { str += ', activated in ' + mestate.ProvisioningMode.modeStr; }
|
||||||
|
} else {
|
||||||
|
str += ', activated in ' + mestate.ProvisioningMode.modeStr;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (fqdn != null) { str += '\r\nDNS suffix: ' + fqdn; }
|
|
||||||
}
|
}
|
||||||
|
if ((mestate.ehbc) && (mestate.ehbc.EHBC == true)) { str += ', EHBC enabled'; }
|
||||||
|
str += '.';
|
||||||
|
if (mestate.net0 != null) { str += '\r\nWired ' + ((mestate.net0.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net0.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net0.mac + (mestate.net0.address == '0.0.0.0' ? '' : (', ' + mestate.net0.address)); }
|
||||||
|
if (mestate.net1 != null) { str += '\r\nWireless ' + ((mestate.net1.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net1.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net1.mac + (mestate.net1.address == '0.0.0.0' ? '' : (', ' + mestate.net1.address)); }
|
||||||
|
if ((mestate.ProvisioningState.stateStr != 'POST') && (mestate.net0 != null) && (mestate.net0.enabled == 1)) {
|
||||||
|
if (mestate.dns != null) {
|
||||||
|
// Intel AMT has a trusted DNS suffix set, use that one.
|
||||||
|
str += '\r\nTrusted DNS suffix: ' + mestate.dns;
|
||||||
|
} else {
|
||||||
|
// Look for the DNS suffix for the Intel AMT Ethernet interface
|
||||||
|
var fqdn = null, interfaces = require('os').networkInterfaces();
|
||||||
|
for (var i in interfaces) {
|
||||||
|
for (var j in interfaces[i]) {
|
||||||
|
if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { fqdn = interfaces[i][j].fqdn; }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (fqdn != null) { str += '\r\nDNS suffix: ' + fqdn; }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
console.log(str + '.');
|
||||||
|
} else {
|
||||||
|
console.log('Intel(R) AMT not supported.');
|
||||||
}
|
}
|
||||||
console.log(str + '.');
|
exit(1);
|
||||||
} else {
|
});
|
||||||
console.log('Intel(R) AMT not supported.');
|
} catch (ex) { console.log("Unable to perform MEI operations, try running as administrator."); exit(1); return; }
|
||||||
}
|
|
||||||
exit(1);
|
|
||||||
});
|
|
||||||
} else if (settings.action == 'amtinfodebug') {
|
} else if (settings.action == 'amtinfodebug') {
|
||||||
// Display Intel AMT version and activation state
|
// Display Intel AMT version and activation state
|
||||||
getMeiState(15, function (state) { console.log(JSON.stringify(state, null, 2)); exit(1); }); // Flags: 1 = Versions, 2 = OsAdmin, 4 = Hashes, 8 = Network
|
getMeiState(15, function (state) { console.log(JSON.stringify(state, null, 2)); exit(1); }); // Flags: 1 = Versions, 2 = OsAdmin, 4 = Hashes, 8 = Network
|
||||||
@ -1133,20 +1135,23 @@ function startMeshCommander() {
|
|||||||
//
|
//
|
||||||
|
|
||||||
function configureAmt() {
|
function configureAmt() {
|
||||||
console.log('Starting Intel AMT configuration...');
|
|
||||||
settings.noconsole = true;
|
settings.noconsole = true;
|
||||||
startLms(configureAmt2, amtMei);
|
startLms(configureAmt2, amtMei);
|
||||||
}
|
}
|
||||||
|
|
||||||
function configureAmt2() {
|
function configureAmt2() {
|
||||||
getMeiState(15, function (state) { // Flags: 1 = Versions, 2 = OsAdmin, 4 = Hashes, 8 = Network
|
getMeiState(15, function (state) { // Flags: 1 = Versions, 2 = OsAdmin, 4 = Hashes, 8 = Network
|
||||||
|
if (state == null) { console.log('Unable to get Intel AMT state, try running as administrator.'); exit(1); return; }
|
||||||
|
if (state.ProvisioningState == null) { console.log('Intel AMT not ready for configuration.'); exit(1); return; }
|
||||||
|
console.log('Starting Intel AMT configuration...');
|
||||||
|
|
||||||
// Connect to MPS and start APF relay
|
// Connect to MPS and start APF relay
|
||||||
var apfarg = {
|
var apfarg = {
|
||||||
mpsurl: settings.url,
|
mpsurl: settings.url,
|
||||||
mpsuser: settings.id.substring(0, 16),
|
mpsuser: settings.id.substring(0, 16),
|
||||||
mpspass: settings.id.substring(0, 16),
|
mpspass: settings.id.substring(0, 16),
|
||||||
mpskeepalive: 60000,
|
mpskeepalive: 60000,
|
||||||
clientname: require('os').hostname(),
|
clientname: state.OsHostname,
|
||||||
clientaddress: '127.0.0.1',
|
clientaddress: '127.0.0.1',
|
||||||
clientuuid: state.UUID,
|
clientuuid: state.UUID,
|
||||||
conntype: 2, // 0 = CIRA, 1 = Relay, 2 = LMS. The correct value is 2 since we are performing an LMS relay.
|
conntype: 2, // 0 = CIRA, 1 = Relay, 2 = LMS. The correct value is 2 since we are performing an LMS relay.
|
||||||
@ -1306,36 +1311,38 @@ function activeToACM() {
|
|||||||
var amtMeiModule, amtMei;
|
var amtMeiModule, amtMei;
|
||||||
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { console.log(ex); exit(1); return; }
|
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { console.log(ex); exit(1); return; }
|
||||||
amtMei.on('error', function (e) { console.log('ERROR: ' + e); exit(1); return; });
|
amtMei.on('error', function (e) { console.log('ERROR: ' + e); exit(1); return; });
|
||||||
amtMei.getProvisioningState(function (result) { if (result) { mestate.ProvisioningState = result; } });
|
try {
|
||||||
amtMei.getVersion(function (val) { mestate.vers = {}; if (val != null) { for (var version in val.Versions) { mestate.vers[val.Versions[version].Description] = val.Versions[version].Version; } } });
|
amtMei.getProvisioningState(function (result) { if (result) { mestate.ProvisioningState = result; } });
|
||||||
amtMei.getLanInterfaceSettings(0, function (result) { if (result) { mestate.net0 = result; } });
|
amtMei.getVersion(function (val) { mestate.vers = {}; if (val != null) { for (var version in val.Versions) { mestate.vers[val.Versions[version].Description] = val.Versions[version].Version; } } });
|
||||||
amtMei.getUuid(function (result) { if ((result != null) && (result.uuid != null)) { mestate.uuid = result.uuid; } });
|
amtMei.getLanInterfaceSettings(0, function (result) { if (result) { mestate.net0 = result; } });
|
||||||
amtMei.getControlMode(function (result) { if (result != null) { mestate.controlMode = result.controlMode; } }); // controlMode: 0 = NoActivated, 1 = CCM, 2 = ACM
|
amtMei.getUuid(function (result) { if ((result != null) && (result.uuid != null)) { mestate.uuid = result.uuid; } });
|
||||||
amtMei.getDnsSuffix(function (result) {
|
amtMei.getControlMode(function (result) { if (result != null) { mestate.controlMode = result.controlMode; } }); // controlMode: 0 = NoActivated, 1 = CCM, 2 = ACM
|
||||||
if ((mestate.vers == null) || (mestate.vers['AMT'] == null)) { console.log("Unable to get Intel AMT version."); exit(100); return; }
|
amtMei.getDnsSuffix(function (result) {
|
||||||
if (mestate.ProvisioningState == null) { console.log("Unable to read Intel AMT activation state."); exit(100); return; }
|
if ((mestate.vers == null) || (mestate.vers['AMT'] == null)) { console.log("Unable to get Intel AMT version."); exit(100); return; }
|
||||||
if ((settings.action != 'amtdiscover') && (mestate.controlMode == 2)) { console.log("Intel AMT already activation in admin control mode."); exit(100); return; }
|
if (mestate.ProvisioningState == null) { console.log("Unable to read Intel AMT activation state."); exit(100); return; }
|
||||||
if (mestate.uuid == null) { console.log("Unable to get Intel AMT UUID."); exit(100); return; }
|
if ((settings.action != 'amtdiscover') && (mestate.controlMode == 2)) { console.log("Intel AMT already activation in admin control mode."); exit(100); return; }
|
||||||
var fqdn = null;
|
if (mestate.uuid == null) { console.log("Unable to get Intel AMT UUID."); exit(100); return; }
|
||||||
if ((mestate.net0 == null) && (meinfo.net0.enabled != 0)) { console.log("No Intel AMT wired interface, can't perform ACM activation."); exit(100); return; }
|
var fqdn = null;
|
||||||
if (result) { fqdn = result; } // If Intel AMT has a trusted DNS suffix set, use that one.
|
if ((mestate.net0 == null) && (meinfo.net0.enabled != 0)) { console.log("No Intel AMT wired interface, can't perform ACM activation."); exit(100); return; }
|
||||||
else {
|
if (result) { fqdn = result; } // If Intel AMT has a trusted DNS suffix set, use that one.
|
||||||
// Look for the DNS suffix for the Intel AMT Ethernet interface
|
else {
|
||||||
var interfaces = require('os').networkInterfaces();
|
// Look for the DNS suffix for the Intel AMT Ethernet interface
|
||||||
for (var i in interfaces) {
|
var interfaces = require('os').networkInterfaces();
|
||||||
for (var j in interfaces[i]) {
|
for (var i in interfaces) {
|
||||||
if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { fqdn = interfaces[i][j].fqdn; }
|
for (var j in interfaces[i]) {
|
||||||
|
if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { fqdn = interfaces[i][j].fqdn; }
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
if (fqdn != null) {
|
||||||
if (fqdn != null) {
|
settings.fqdn = fqdn;
|
||||||
settings.fqdn = fqdn;
|
settings.uuid = mestate.uuid;
|
||||||
settings.uuid = mestate.uuid;
|
getTrustedHashes(amtMei, function () { startLms(getFwNonce, amtMei); });
|
||||||
getTrustedHashes(amtMei, function () { startLms(getFwNonce, amtMei); });
|
} else {
|
||||||
} else {
|
console.log("Trusted DNS suffix not set, can't perform ACM activation."); exit(100); return;
|
||||||
console.log("Trusted DNS suffix not set, can't perform ACM activation."); exit(100); return;
|
}
|
||||||
}
|
});
|
||||||
});
|
} catch (ex) { console.log("Unable to perform MEI operations, try running as administrator."); exit(1); return; }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Gets the FWNonce from AMT and saves it to a file.
|
// Gets the FWNonce from AMT and saves it to a file.
|
||||||
@ -1719,7 +1726,7 @@ function startLms(func, lmscommander, tag) {
|
|||||||
//console.log("PTHI Connected.");
|
//console.log("PTHI Connected.");
|
||||||
|
|
||||||
console.log('Setting up LME...');
|
console.log('Setting up LME...');
|
||||||
amtLms = new lme_heci({ debug: settings.lmsdebug });
|
try { amtLms = new lme_heci({ debug: settings.lmsdebug }); } catch (ex) { if (func != null) { func(0, tag); } return; }
|
||||||
amtLms.promise = ret;
|
amtLms.promise = ret;
|
||||||
amtLms.on('error', function (e) {
|
amtLms.on('error', function (e) {
|
||||||
//console.log('LME connection failed', e);
|
//console.log('LME connection failed', e);
|
||||||
@ -1835,6 +1842,7 @@ function setupMeiOsAdmin(func, state, tag) {
|
|||||||
if (func) { func(state, tag); }
|
if (func) { func(state, tag); }
|
||||||
} else {
|
} else {
|
||||||
amtMei.getLocalSystemAccount(function (x) {
|
amtMei.getLocalSystemAccount(function (x) {
|
||||||
|
if ((x == null) || (x.user == null) || (x.pass == null)) { if (func) { func(state, tag); } return; } // No OsAdmin, stop here.
|
||||||
var transport = require('amt-wsman-duk');
|
var transport = require('amt-wsman-duk');
|
||||||
var wsman = require('amt-wsman');
|
var wsman = require('amt-wsman');
|
||||||
var amt = require('amt');
|
var amt = require('amt');
|
||||||
@ -2957,7 +2965,7 @@ function getMeiState(flags, func) {
|
|||||||
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { func(null); return; }
|
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { func(null); return; }
|
||||||
amtMei.on('error', function (e) { func(null); return; });
|
amtMei.on('error', function (e) { func(null); return; });
|
||||||
try {
|
try {
|
||||||
var amtMeiTmpState = { Flags: 0 }; // Flags: 1=EHBC, 2=CCM, 4=ACM
|
var amtMeiTmpState = { OsHostname: require('os').hostname(), Flags: 0 }; // Flags: 1=EHBC, 2=CCM, 4=ACM
|
||||||
amtMei.getProtocolVersion(function (result) { if (result != null) { amtMeiTmpState.MeiVersion = result; } });
|
amtMei.getProtocolVersion(function (result) { if (result != null) { amtMeiTmpState.MeiVersion = result; } });
|
||||||
if ((flags & 1) != 0) { amtMei.getVersion(function (result) { if (result) { amtMeiTmpState.Versions = {}; for (var version in result.Versions) { amtMeiTmpState.Versions[result.Versions[version].Description] = result.Versions[version].Version; } } }); }
|
if ((flags & 1) != 0) { amtMei.getVersion(function (result) { if (result) { amtMeiTmpState.Versions = {}; for (var version in result.Versions) { amtMeiTmpState.Versions[result.Versions[version].Description] = result.Versions[version].Version; } } }); }
|
||||||
amtMei.getProvisioningMode(function (result) { if (result) { amtMeiTmpState.ProvisioningMode = result.mode; } });
|
amtMei.getProvisioningMode(function (result) { if (result) { amtMeiTmpState.ProvisioningMode = result.mode; } });
|
||||||
@ -2980,7 +2988,7 @@ function getMeiState(flags, func) {
|
|||||||
amtMei.getDnsSuffix(function (result) { if (result != null) { amtMeiTmpState.DnsSuffix = result; } if ((flags & 4) == 0) { if (func != null) { func(amtMeiTmpState); } } });
|
amtMei.getDnsSuffix(function (result) { if (result != null) { amtMeiTmpState.DnsSuffix = result; } if ((flags & 4) == 0) { if (func != null) { func(amtMeiTmpState); } } });
|
||||||
if ((flags & 4) != 0) {
|
if ((flags & 4) != 0) {
|
||||||
amtMei.getHashHandles(function (handles) {
|
amtMei.getHashHandles(function (handles) {
|
||||||
if (handles != null) { amtMeiTmpState.Hashes = []; } else { func(amtMeiTmpState); }
|
if ((handles != null) && (handles.length > 0)) { amtMeiTmpState.Hashes = []; } else { func(amtMeiTmpState); }
|
||||||
var exitOnCount = handles.length;
|
var exitOnCount = handles.length;
|
||||||
for (var i = 0; i < handles.length; ++i) { this.getCertHashEntry(handles[i], function (hashresult) { amtMeiTmpState.Hashes.push(hashresult); if (--exitOnCount == 0) { if (func != null) { func(amtMeiTmpState); } } }); }
|
for (var i = 0; i < handles.length; ++i) { this.getCertHashEntry(handles[i], function (hashresult) { amtMeiTmpState.Hashes.push(hashresult); if (--exitOnCount == 0) { if (func != null) { func(amtMeiTmpState); } } }); }
|
||||||
});
|
});
|
||||||
|
@ -3545,32 +3545,34 @@ function createMeshCore(agent) {
|
|||||||
if (amt == null) { response = "No Intel AMT support delected"; break; }
|
if (amt == null) { response = "No Intel AMT support delected"; break; }
|
||||||
getMeiState(15, function (state) {
|
getMeiState(15, function (state) {
|
||||||
var rx = '';
|
var rx = '';
|
||||||
var apfarg = {
|
if ((state == null) || (state.ProvisioningState == null)) { rx = "Intel AMT not ready for configuration."; } else {
|
||||||
mpsurl: mesh.ServerUrl.replace('agent.ashx', 'apf.ashx'),
|
var apfarg = {
|
||||||
mpsuser: Buffer.from(mesh.ServerInfo.MeshID, 'hex').toString('base64').substring(0, 16),
|
mpsurl: mesh.ServerUrl.replace('agent.ashx', 'apf.ashx'),
|
||||||
mpspass: Buffer.from(mesh.ServerInfo.MeshID, 'hex').toString('base64').substring(0, 16),
|
mpsuser: Buffer.from(mesh.ServerInfo.MeshID, 'hex').toString('base64').substring(0, 16),
|
||||||
mpskeepalive: 60000,
|
mpspass: Buffer.from(mesh.ServerInfo.MeshID, 'hex').toString('base64').substring(0, 16),
|
||||||
clientname: require('os').hostname(),
|
mpskeepalive: 60000,
|
||||||
clientaddress: '127.0.0.1',
|
clientname: state.OsHostname,
|
||||||
clientuuid: state.UUID,
|
clientaddress: '127.0.0.1',
|
||||||
conntype: 2, // 0 = CIRA, 1 = Relay, 2 = LMS. The correct value is 2 since we are performing an LMS relay, other values for testing.
|
clientuuid: state.UUID,
|
||||||
meiState: state // MEI state will be passed to MPS server
|
conntype: 2, // 0 = CIRA, 1 = Relay, 2 = LMS. The correct value is 2 since we are performing an LMS relay, other values for testing.
|
||||||
};
|
meiState: state // MEI state will be passed to MPS server
|
||||||
if ((state.UUID == null) || (state.UUID.length != 36)) {
|
};
|
||||||
rx = "Unable to get Intel AMT UUID";
|
if ((state.UUID == null) || (state.UUID.length != 36)) {
|
||||||
} else {
|
rx = "Unable to get Intel AMT UUID";
|
||||||
apftunnel = require('apfclient')({ debug: false }, apfarg);
|
} else {
|
||||||
apftunnel.onJsonControl = function (data) {
|
apftunnel = require('apfclient')({ debug: false }, apfarg);
|
||||||
if (data.action == 'console') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); } // Display a console message
|
apftunnel.onJsonControl = function (data) {
|
||||||
if (data.action == 'mestate') { getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state
|
if (data.action == 'console') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); } // Display a console message
|
||||||
if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection
|
if (data.action == 'mestate') { getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state
|
||||||
}
|
if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection
|
||||||
apftunnel.onChannelClosed = function () { apftunnel = null; }
|
}
|
||||||
try {
|
apftunnel.onChannelClosed = function () { apftunnel = null; }
|
||||||
apftunnel.connect();
|
try {
|
||||||
rx = "Started Intel AMT configuration";
|
apftunnel.connect();
|
||||||
} catch (ex) {
|
rx = "Started Intel AMT configuration";
|
||||||
rx = JSON.stringify(ex);
|
} catch (ex) {
|
||||||
|
rx = JSON.stringify(ex);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (rx != '') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: rx }); }
|
if (rx != '') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: rx }); }
|
||||||
@ -3840,7 +3842,7 @@ function createMeshCore(agent) {
|
|||||||
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { func(null); return; }
|
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { func(null); return; }
|
||||||
amtMei.on('error', function (e) { func(null); return; });
|
amtMei.on('error', function (e) { func(null); return; });
|
||||||
try {
|
try {
|
||||||
var amtMeiTmpState = { Flags: 0 }; // Flags: 1=EHBC, 2=CCM, 4=ACM
|
var amtMeiTmpState = { OsHostname: require('os').hostname(), Flags: 0 }; // Flags: 1=EHBC, 2=CCM, 4=ACM
|
||||||
amtMei.getProtocolVersion(function (result) { if (result != null) { amtMeiTmpState.MeiVersion = result; } });
|
amtMei.getProtocolVersion(function (result) { if (result != null) { amtMeiTmpState.MeiVersion = result; } });
|
||||||
if ((flags & 1) != 0) { amtMei.getVersion(function (result) { if (result) { amtMeiTmpState.Versions = {}; for (var version in result.Versions) { amtMeiTmpState.Versions[result.Versions[version].Description] = result.Versions[version].Version; } } }); }
|
if ((flags & 1) != 0) { amtMei.getVersion(function (result) { if (result) { amtMeiTmpState.Versions = {}; for (var version in result.Versions) { amtMeiTmpState.Versions[result.Versions[version].Description] = result.Versions[version].Version; } } }); }
|
||||||
amtMei.getProvisioningMode(function (result) { if (result) { amtMeiTmpState.ProvisioningMode = result.mode; } });
|
amtMei.getProvisioningMode(function (result) { if (result) { amtMeiTmpState.ProvisioningMode = result.mode; } });
|
||||||
@ -3863,7 +3865,7 @@ function createMeshCore(agent) {
|
|||||||
amtMei.getDnsSuffix(function (result) { if (result != null) { amtMeiTmpState.DnsSuffix = result; } if ((flags & 4) == 0) { if (func != null) { func(amtMeiTmpState); } } });
|
amtMei.getDnsSuffix(function (result) { if (result != null) { amtMeiTmpState.DnsSuffix = result; } if ((flags & 4) == 0) { if (func != null) { func(amtMeiTmpState); } } });
|
||||||
if ((flags & 4) != 0) {
|
if ((flags & 4) != 0) {
|
||||||
amtMei.getHashHandles(function (handles) {
|
amtMei.getHashHandles(function (handles) {
|
||||||
if (handles != null) { amtMeiTmpState.Hashes = []; } else { func(amtMeiTmpState); }
|
if ((handles != null) && (handles.length > 0)) { amtMeiTmpState.Hashes = []; } else { func(amtMeiTmpState); }
|
||||||
var exitOnCount = handles.length;
|
var exitOnCount = handles.length;
|
||||||
for (var i = 0; i < handles.length; ++i) { this.getCertHashEntry(handles[i], function (hashresult) { amtMeiTmpState.Hashes.push(hashresult); if (--exitOnCount == 0) { if (func != null) { func(amtMeiTmpState); } } }); }
|
for (var i = 0; i < handles.length; ++i) { this.getCertHashEntry(handles[i], function (hashresult) { amtMeiTmpState.Hashes.push(hashresult); if (--exitOnCount == 0) { if (func != null) { func(amtMeiTmpState); } } }); }
|
||||||
});
|
});
|
||||||
|
@ -443,6 +443,7 @@ module.exports.CreateAmtManager = function(parent) {
|
|||||||
if (dev.aquired.version && (typeof dev.aquired.version == 'string') && (dev.aquired.version != device.intelamt.ver)) { change = 1; log = 1; device.intelamt.ver = dev.aquired.version; changes.push('AMT version'); }
|
if (dev.aquired.version && (typeof dev.aquired.version == 'string') && (dev.aquired.version != device.intelamt.ver)) { change = 1; log = 1; device.intelamt.ver = dev.aquired.version; changes.push('AMT version'); }
|
||||||
if (dev.aquired.user && (typeof dev.aquired.user == 'string') && (dev.aquired.user != device.intelamt.user)) { change = 1; log = 1; device.intelamt.user = dev.aquired.user; changes.push('AMT user'); }
|
if (dev.aquired.user && (typeof dev.aquired.user == 'string') && (dev.aquired.user != device.intelamt.user)) { change = 1; log = 1; device.intelamt.user = dev.aquired.user; changes.push('AMT user'); }
|
||||||
if (dev.aquired.pass && (typeof dev.aquired.pass == 'string') && (dev.aquired.pass != device.intelamt.pass)) { change = 1; log = 1; device.intelamt.pass = dev.aquired.pass; changes.push('AMT pass'); }
|
if (dev.aquired.pass && (typeof dev.aquired.pass == 'string') && (dev.aquired.pass != device.intelamt.pass)) { change = 1; log = 1; device.intelamt.pass = dev.aquired.pass; changes.push('AMT pass'); }
|
||||||
|
if (dev.aquired.host && (typeof dev.aquired.host == 'string') && (dev.aquired.host != device.host)) { change = 1; log = 1; device.host = dev.aquired.host; changes.push('host'); }
|
||||||
if (dev.aquired.realm && (typeof dev.aquired.realm == 'string') && (dev.aquired.realm != device.intelamt.realm)) { change = 1; log = 1; device.intelamt.realm = dev.aquired.realm; changes.push('AMT realm'); }
|
if (dev.aquired.realm && (typeof dev.aquired.realm == 'string') && (dev.aquired.realm != device.intelamt.realm)) { change = 1; log = 1; device.intelamt.realm = dev.aquired.realm; changes.push('AMT realm'); }
|
||||||
if (dev.aquired.hash && (typeof dev.aquired.hash == 'string') && (dev.aquired.hash != device.intelamt.hash)) { change = 1; log = 1; device.intelamt.hash = dev.aquired.hash; changes.push('AMT hash'); }
|
if (dev.aquired.hash && (typeof dev.aquired.hash == 'string') && (dev.aquired.hash != device.intelamt.hash)) { change = 1; log = 1; device.intelamt.hash = dev.aquired.hash; changes.push('AMT hash'); }
|
||||||
if (dev.aquired.tls && (typeof dev.aquired.tls == 'number') && (dev.aquired.tls != device.intelamt.tls)) { change = 1; log = 1; device.intelamt.tls = dev.aquired.tls; changes.push('AMT TLS'); }
|
if (dev.aquired.tls && (typeof dev.aquired.tls == 'number') && (dev.aquired.tls != device.intelamt.tls)) { change = 1; log = 1; device.intelamt.tls = dev.aquired.tls; changes.push('AMT TLS'); }
|
||||||
@ -469,7 +470,6 @@ module.exports.CreateAmtManager = function(parent) {
|
|||||||
if (parent.db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the node. Another event will come.
|
if (parent.db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the node. Another event will come.
|
||||||
parent.DispatchEvent(parent.webserver.CreateMeshDispatchTargets(device.meshid, [device._id]), obj, event);
|
parent.DispatchEvent(parent.webserver.CreateMeshDispatchTargets(device.meshid, [device._id]), obj, event);
|
||||||
}
|
}
|
||||||
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -703,7 +703,7 @@ module.exports.CreateAmtManager = function(parent) {
|
|||||||
const domain = parent.config.domains[dev.domainid];
|
const domain = parent.config.domains[dev.domainid];
|
||||||
var serverName = 'MeshCentral';
|
var serverName = 'MeshCentral';
|
||||||
if ((domain != null) && (domain.title != null)) { serverName = domain.title; }
|
if ((domain != null) && (domain.title != null)) { serverName = domain.title; }
|
||||||
const certattributes = { 'CN': commonName, 'O': serverName, 'ST': serverName, 'C': serverName };
|
const certattributes = { 'CN': commonName, 'O': serverName, 'ST': 'MC', 'C': 'MC' };
|
||||||
const issuerattributes = { 'CN': obj.rootCertCN };
|
const issuerattributes = { 'CN': obj.rootCertCN };
|
||||||
const xxCaPrivateKey = obj.parent.certificates.root.key;
|
const xxCaPrivateKey = obj.parent.certificates.root.key;
|
||||||
|
|
||||||
@ -781,7 +781,7 @@ module.exports.CreateAmtManager = function(parent) {
|
|||||||
const dev = stack.dev;
|
const dev = stack.dev;
|
||||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||||
if (status != 200) { dev.consoleMsg("Failed perform commit (" + status + ")."); removeAmtDevice(dev); return; }
|
if (status != 200) { dev.consoleMsg("Failed perform commit (" + status + ")."); removeAmtDevice(dev); return; }
|
||||||
dev.consoleMsg("Enabled TLS");
|
dev.consoleMsg("Enabled TLS.");
|
||||||
|
|
||||||
// Update device in the database
|
// Update device in the database
|
||||||
dev.aquired.tls = 1;
|
dev.aquired.tls = 1;
|
||||||
@ -1205,7 +1205,7 @@ module.exports.CreateAmtManager = function(parent) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function activateIntelAmtCcm(dev, password) {
|
function activateIntelAmtCcm(dev, password) {
|
||||||
console.log('Intel AMT CCM Activation Required: ' + dev.name, dev.nodeid);
|
// Generate a random Intel AMT password if needed
|
||||||
if ((password == null) || (password == '')) { password = getRandomAmtPassword(); }
|
if ((password == null) || (password == '')) { password = getRandomAmtPassword(); }
|
||||||
dev.temp = { pass: password };
|
dev.temp = { pass: password };
|
||||||
|
|
||||||
@ -1229,13 +1229,15 @@ module.exports.CreateAmtManager = function(parent) {
|
|||||||
const dev = stack.dev;
|
const dev = stack.dev;
|
||||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||||
if (status != 200) { dev.consoleMsg("Failed to activate Intel AMT to CCM."); removeAmtDevice(dev); return; }
|
if (status != 200) { dev.consoleMsg("Failed to activate Intel AMT to CCM."); removeAmtDevice(dev); return; }
|
||||||
obj.parent.mpsserver.SendJsonControl(dev.mpsConnection, { action: 'mestate' }); // Request an MEI state refresh
|
|
||||||
|
|
||||||
// Update the device
|
// Update the device
|
||||||
dev.aquired = {};
|
dev.aquired = {};
|
||||||
dev.aquired.controlMode = 1; // 1 = CCM, 2 = ACM
|
dev.aquired.controlMode = 1; // 1 = CCM, 2 = ACM
|
||||||
var verSplit = dev.amtstack.wsman.comm.amtVersion.split('.');
|
var verSplit = dev.amtstack.wsman.comm.amtVersion.split('.');
|
||||||
if (verSplit.length >= 3) { dev.aquired.version = verSplit[0] + '.' + verSplit[1] + '.' + verSplit[2]; dev.aquired.majorver = parseInt(verSplit[0]); dev.aquired.minorver = parseInt(verSplit[1]); }
|
if (verSplit.length >= 3) { dev.aquired.version = verSplit[0] + '.' + verSplit[1] + '.' + verSplit[2]; dev.aquired.majorver = parseInt(verSplit[0]); dev.aquired.minorver = parseInt(verSplit[1]); }
|
||||||
|
if ((typeof dev.mpsConnection.tag.meiState.OsHostname == 'string') && (typeof dev.mpsConnection.tag.meiState.OsDnsSuffix == 'string')) {
|
||||||
|
dev.aquired.host = dev.mpsConnection.tag.meiState.OsHostname + '.' + dev.mpsConnection.tag.meiState.OsDnsSuffix;
|
||||||
|
}
|
||||||
dev.aquired.realm = dev.amtstack.wsman.comm.digestRealm;
|
dev.aquired.realm = dev.amtstack.wsman.comm.digestRealm;
|
||||||
dev.aquired.user = 'admin';
|
dev.aquired.user = 'admin';
|
||||||
dev.aquired.pass = dev.temp.pass;
|
dev.aquired.pass = dev.temp.pass;
|
||||||
@ -1244,6 +1246,7 @@ module.exports.CreateAmtManager = function(parent) {
|
|||||||
UpdateDevice(dev);
|
UpdateDevice(dev);
|
||||||
|
|
||||||
// Success, switch to managing this device
|
// Success, switch to managing this device
|
||||||
|
obj.parent.mpsserver.SendJsonControl(dev.mpsConnection, { action: 'mestate' }); // Request an MEI state refresh
|
||||||
dev.consoleMsg("Succesfully activated Intel AMT in CCM mode.");
|
dev.consoleMsg("Succesfully activated Intel AMT in CCM mode.");
|
||||||
|
|
||||||
// Wait 8 seconds before attempting to manage this device in CCM
|
// Wait 8 seconds before attempting to manage this device in CCM
|
||||||
|
Loading…
x
Reference in New Issue
Block a user