mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-24 13:13:13 -05:00
Improved support for provisioning certificates with different length chains
This commit is contained in:
parent
d9ff504676
commit
8d2e87685c
@ -833,37 +833,35 @@ function activeToACMEx(fwNonce) {
|
|||||||
if (message.provCertObj !== undefined) {
|
if (message.provCertObj !== undefined) {
|
||||||
activeToACMEx1(message, function (stack, name, responses, status, message) {
|
activeToACMEx1(message, function (stack, name, responses, status, message) {
|
||||||
if (status !== 200) {
|
if (status !== 200) {
|
||||||
if (status == 2) {
|
if (status == 2) {
|
||||||
console.log((new Date()) + ' AMT already provisioned.Exiting ' + status);
|
console.log((new Date()) + ' AMT already provisioned.Exiting ' + status);
|
||||||
socket.write({ "Type": "finish", "Body": "failed" });
|
socket.write({ "Type": "finish", "Body": "failed" });
|
||||||
} else {
|
}
|
||||||
console.log((new Date()) + ' Failed to fetch activation status, status ' + status);
|
else {
|
||||||
socket.write({ "Type": "finish", "Body": "failed" });
|
console.log((new Date()) + ' Failed to fetch activation status, status ' + status);
|
||||||
|
socket.write({ "Type": "finish", "Body": "failed" });
|
||||||
}
|
}
|
||||||
socket.end();
|
socket.end();
|
||||||
exit(status);
|
exit(status);
|
||||||
}
|
} else if (responses['IPS_HostBasedSetupService'].response['AllowedControlModes'].length != 2) {
|
||||||
else if (responses['IPS_HostBasedSetupService'].response['AllowedControlModes'].length != 2) {
|
console.log((new Date()) + ' Admin control mode activation not allowed');
|
||||||
console.log((new Date()) + ' Admin control mode activation not allowed');
|
|
||||||
socket.write({ "Type": "finish", "Body": "failed" });
|
socket.write({ "Type": "finish", "Body": "failed" });
|
||||||
socket.end();
|
socket.end();
|
||||||
exit(status);
|
exit(status);
|
||||||
} else {
|
} else {
|
||||||
console.log((new Date()) + ' Certificate Injection Successful');
|
console.log((new Date()) + ' Certificate Injection Successful');
|
||||||
activeToACMEx2(message.digitalSignature, message.mcNonce, message.amtPassword, responses, function(stack, name, responses, status){
|
activeToACMEx2(message.digitalSignature, message.mcNonce, message.amtPassword, responses, function(stack, name, responses, status){
|
||||||
if (status != 200) {
|
if (status != 200) {
|
||||||
console.log((new Date()) + ' Failed to activate, status ' + status);
|
console.log((new Date()) + ' Failed to activate, status ' + status);
|
||||||
console.log(JSON.stringify(responses));
|
console.log(JSON.stringify(responses));
|
||||||
socket.write({ "Type": "finish", "Body": "failed" });
|
socket.write({ "Type": "finish", "Body": "failed" });
|
||||||
}
|
} else if (responses.Body.ReturnValue != 0) {
|
||||||
else if (responses.Body.ReturnValue != 0) {
|
|
||||||
console.log((new Date()) + ' Admin control mode activation failed: ' + responses.Body.ReturnValueStr);
|
console.log((new Date()) + ' Admin control mode activation failed: ' + responses.Body.ReturnValueStr);
|
||||||
socket.write({ "Type": "finish", "Body": "failed" });
|
socket.write({ "Type": "finish", "Body": "failed" });
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
console.log((new Date()) + ' AMT Provisioning Success');
|
console.log((new Date()) + ' AMT Provisioning Success');
|
||||||
socket.write({"Type":"finish", "Body": "success"});
|
socket.write({"Type":"finish", "Body": "success"});
|
||||||
socket.end();
|
socket.end();
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
socket.end();
|
socket.end();
|
||||||
@ -888,36 +886,14 @@ function activeToACMEx(fwNonce) {
|
|||||||
// Detects AMT provisioning state and injects the certificate chain into AMT firmware
|
// Detects AMT provisioning state and injects the certificate chain into AMT firmware
|
||||||
function activeToACMEx1(data, callback) {
|
function activeToACMEx1(data, callback) {
|
||||||
if (mestate.ProvisioningState.state == 0) {
|
if (mestate.ProvisioningState.state == 0) {
|
||||||
console.log((new Date()) + ' Performing full provisioning flow.');
|
console.log((new Date()) + ' Performing ACM provisioning.');
|
||||||
// Perform full provisioning -- AMT was fully unprovisioned
|
// Perform full provisioning -- AMT was fully unprovisioned
|
||||||
osamtstack.IPS_HostBasedSetupService_AddNextCertInChain(data.provCertObj.leaf, true, false, function (stack, name, responses, status) {
|
injectCert(0, data, function (stack, name, responses, status, data) {
|
||||||
if (status !== 200) { exit(status); return; }
|
if (status !== 200) { exit(status); return; }
|
||||||
else if (responses['Body']['ReturnValue'] !== 0) { exit(responses['Body']['ReturnValueStr']); return; }
|
else if (responses['Body']['ReturnValue'] !== 0) { exit(responses['Body']['ReturnValueStr']); return; }
|
||||||
else if (responses['Body']['ReturnValue'] == 0) {
|
else if (responses['Body']['ReturnValue'] == 0) {
|
||||||
console.log((new Date()) + ' Leaf Cert Injection: ' + responses['Body']['ReturnValueStr']);
|
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], function (stack, name, responses, status) {
|
||||||
osamtstack.IPS_HostBasedSetupService_AddNextCertInChain(data.provCertObj.inter3, false, false, function (stack, name, responses, status) {
|
callback(stack, name, responses, status, data);
|
||||||
if (status !== 200) { exit(status); return; }
|
|
||||||
else if (responses['Body']['ReturnValue'] !== 0) { exit(responses['Body']['ReturnValueStr']); return; }
|
|
||||||
else if (responses['Body']['ReturnValue'] == 0) {
|
|
||||||
console.log((new Date()) + ' Intermediate 3 Cert Injection: ' + responses['Body']['ReturnValueStr']);
|
|
||||||
osamtstack.IPS_HostBasedSetupService_AddNextCertInChain(data.provCertObj.inter2, false, false, function (stack, name, responses, status) {
|
|
||||||
if (status !== 200) { exit(status); return; }
|
|
||||||
else if (responses['Body']['ReturnValue'] !== 0) { exit(responses['Body']['ReturnValueStr']); return; }
|
|
||||||
else if (responses['Body']['ReturnValue'] == 0) {
|
|
||||||
console.log((new Date()) + ' Intermediate 2 Cert Injection: ' + responses['Body']['ReturnValueStr']);
|
|
||||||
osamtstack.IPS_HostBasedSetupService_AddNextCertInChain(data.provCertObj.root, false, true, function (stack, name, responses, status) {
|
|
||||||
if (status !== 200) { exit(status); return; }
|
|
||||||
else if (responses['Body']['ReturnValue'] !== 0) { exit(responses['Body']['ReturnValueStr']); return; }
|
|
||||||
else if (responses['Body']['ReturnValue'] == 0) {
|
|
||||||
console.log((new Date()) + ' Root Cert Injection: ' + responses['Body']['ReturnValueStr']);
|
|
||||||
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], function(stack, name, responses, status){
|
|
||||||
callback(stack, name, responses, status, data);
|
|
||||||
});
|
|
||||||
} else { console.log((new Date()) + ' Oops, I fell through the world!'); exit(1); }
|
|
||||||
});
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
@ -934,6 +910,25 @@ function activeToACMEx1(data, callback) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function injectCert(index, cert, callback, stack, name, responses, status) {
|
||||||
|
var leaf = false;
|
||||||
|
var root = false;
|
||||||
|
if (index == 0) { leaf = true; }
|
||||||
|
if (index == cert.provCertObj.certChain.length - 1) { root = true; }
|
||||||
|
if (index < cert.provCertObj.certChain.length){
|
||||||
|
if (cert.provCertObj.certChain[index] !== undefined){
|
||||||
|
osamtstack.IPS_HostBasedSetupService_AddNextCertInChain(cert.provCertObj.certChain[index], leaf, root, function (stack, name, responses, status) {
|
||||||
|
if (status !== 200) { exit(status); return; }
|
||||||
|
else if (responses['Body']['ReturnValue'] !== 0) { exit(responses['Body']['ReturnValueStr']); return; }
|
||||||
|
else if (responses['Body']['ReturnValue'] == 0) {
|
||||||
|
index++;
|
||||||
|
injectCert(index, cert, callback, stack, name, responses, status);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
} else { callback(stack, name, responses, status, cert); }
|
||||||
|
}
|
||||||
|
|
||||||
// Sends the password hash, mcnonce, and digital signature to complete the admin control mode provisioning
|
// Sends the password hash, mcnonce, and digital signature to complete the admin control mode provisioning
|
||||||
function activeToACMEx2(signature, mcnonce, amtpassword, responses, callback) {
|
function activeToACMEx2(signature, mcnonce, amtpassword, responses, callback) {
|
||||||
var passwordhash = md5hex('admin:' + responses['AMT_GeneralSettings'].response['DigestRealm'] + ':' + amtpassword).substring(0, 32);
|
var passwordhash = md5hex('admin:' + responses['AMT_GeneralSettings'].response['DigestRealm'] + ':' + amtpassword).substring(0, 32);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user