MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More work on Intel AMT ACM activation.

This commit is contained in:
Ylian Saint-Hilaire 2019-06-13 16:39:21 -07:00
parent 6850822f88
commit 9c2da0696f
7 changed files with 52 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
MeshCentralServer.njsproj
View File

@ -24,8 +24,10 @@
<Compile Include="agents\meshcmd.min.js" />
<Compile Include="agents\meshcore.js" />
<Compile Include="agents\meshcore.min.js" />
<Compile Include="agents\modules_meshcmd\amt-ider.js" />
<Compile Include="agents\modules_meshcmd\amt-lme.js" />
<Compile Include="agents\modules_meshcmd\amt-mei.js" />
<Compile Include="agents\modules_meshcmd\amt-redir-duk.js" />
<Compile Include="agents\modules_meshcmd\amt-scanner.js" />
<Compile Include="agents\modules_meshcmd\amt-script.js" />
<Compile Include="agents\modules_meshcmd\amt-wsman-duk.js" />

24
agents/meshcore.js
View File

@ -1832,11 +1832,25 @@ function createMeshCore(agent) {
try {
if (meinfo == null) return;
var intelamt = {}, p = false;
if (meinfo.Versions && meinfo.Versions.AMT) { intelamt.ver = meinfo.Versions.AMT; p = true; }
if (meinfo.ProvisioningState) { intelamt.state = meinfo.ProvisioningState; p = true; }
if (meinfo.Flags) { intelamt.flags = meinfo.Flags; p = true; }
if (meinfo.OsHostname) { intelamt.host = meinfo.OsHostname; p = true; }
if (meinfo.UUID) { intelamt.uuid = meinfo.UUID; p = true; }
if ((meinfo.Versions != null) && (meinfo.Versions.AMT != null)) { intelamt.ver = meinfo.Versions.AMT; p = true; }
if (meinfo.ProvisioningState != null) { intelamt.state = meinfo.ProvisioningState; p = true; }
if (meinfo.Flags != null) { intelamt.flags = meinfo.Flags; p = true; }
if (meinfo.OsHostname != null) { intelamt.host = meinfo.OsHostname; p = true; }
if (meinfo.UUID != null) { intelamt.uuid = meinfo.UUID; p = true; }
if ((meinfo.ProvisioningState == 0) && (meinfo.net0 != null) && (meinfo.net0.enabled == 1)) { // If not activated, look to see if we have wired net working.
// Not activated and we have wired ethernet, look for the trusted DNS
var dns = meinfo.dns;
if (dns == null) {
// Trusted DNS not set, let's look for the OS network DNS suffix
var interfaces = require('os').networkInterfaces();
for (var i in interfaces) {
for (var j in interfaces[i]) {
if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { dns = interfaces[i][j].fqdn; }
}
}
}
if (intelamt.dns != dns) { intelamt.dns = dns; p = true; }
} else { if (intelamt.dns != null) { delete intelamt.dns; p = true; } }
if (p == true) {
var meInfoStr = JSON.stringify(intelamt);
if (meInfoStr != lastMeInfo) {

9
agents/modules_meshcore/amt-manage.js
View File

@ -516,6 +516,15 @@ function AmtManager(agent, db, isdebug) {
var wsmanQuery = ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService', '*AMT_RedirectionService', '*CIM_KVMRedirectionSAP', 'AMT_PublicKeyCertificate', '*AMT_EnvironmentDetectionSettingData'];
if (amtpolicy.cirasetup == 2) { wsmanQuery.push("AMT_ManagementPresenceRemoteSAP", "AMT_RemoteAccessCredentialContext", "AMT_RemoteAccessPolicyAppliesToMPS", "AMT_RemoteAccessPolicyRule", "*AMT_UserInitiatedConnectionService", "AMT_MPSUsernamePassword"); }
try { amtstack.BatchEnum(null, wsmanQuery, wsmanPassTestResponse); } catch (ex) { debug(ex); }
} else if ((amtpolicy.type == 3) && (meinfo.ProvisioningState == 0)) {
// ACM Activation Policy
// TODO: Check that we have wired ethernet enabled and that the DNS domain suffix matches a server certificate...
// TODO: Check that a trusted hash matches the server cert root hash...
// TODO: Fetch Intel AMT Realm and Nonce and get ready to ACM activation...
//console.log(meinfo);
} else {
// Other possible cases...
}

4
meshcentral.js
View File

@ -1018,7 +1018,9 @@ function CreateMeshCentralServer(config, args) {
for (var i in obj.eventsDispatch[id]) {
if (targets.indexOf(obj.eventsDispatch[id][i]) == -1) { // Check if we already displatched to this target
targets.push(obj.eventsDispatch[id][i]);
obj.eventsDispatch[id][i].HandleEvent(source, event);
try { obj.eventsDispatch[id][i].HandleEvent(source, event); } catch (ex) {
console.log(ex, obj.eventsDispatch[id][i]);
}
}
}
}

2
meshmail.js
View File

@ -14,6 +14,8 @@
/*jshint esversion: 6 */
"use strict";
// TODO: Add NTML support with "nodemailer-ntlm-auth" https://github.com/nodemailer/nodemailer-ntlm-auth
// Construct a MeshAgent object, called upon connection
module.exports.CreateMeshMail = function (parent) {
var obj = {};

20
meshuser.js
View File

@ -1395,20 +1395,33 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// We only create Agent-less Intel AMT mesh (Type1), or Agent mesh (Type2)
if ((command.meshtype == 1) || (command.meshtype == 2)) {
parent.crypto.randomBytes(48, function (err, buf) {
// Create new device group identifier
meshid = 'mesh/' + domain.id + '/' + buf.toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
// Create the new device group
var links = {};
links[user._id] = { name: user.name, rights: 0xFFFFFFFF };
mesh = { type: 'mesh', _id: meshid, name: command.meshname, mtype: command.meshtype, desc: command.desc, domain: domain.id, links: links };
db.Set(common.escapeLinksFieldName(mesh));
parent.meshes[meshid] = mesh;
parent.parent.AddEventDispatch([meshid], ws);
// Change the user to make him administration of the new device group
if (user.links == null) user.links = {};
user.links[meshid] = { rights: 0xFFFFFFFF };
user.subscriptions = parent.subscribe(user._id, ws);
db.SetUser(user);
// Event the user change
var targets = ['*', 'server-users', user._id];
if (user.groups) { for (var i in user.groups) { targets.push('server-users:' + i); } }
var event = { etype: 'user', username: user.name, account: parent.CloneSafeUser(user), action: 'accountchange', domain: domain.id, nolog: 1 };
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the user. Another event will come.
parent.parent.DispatchEvent(targets, obj, event);
// Event the device group creation
var event = { etype: 'mesh', username: user.name, meshid: meshid, name: command.meshname, mtype: command.meshtype, desc: command.desc, action: 'createmesh', links: links, msg: 'Mesh created: ' + command.meshname, domain: domain.id };
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to create the mesh. Another event will come.
parent.parent.DispatchEvent(['*', meshid, user._id], obj, event);
parent.parent.DispatchEvent(['*', meshid, user._id], obj, event); // Even if DB change stream is active, this event must be acted upon.
});
}
break;
@ -1427,8 +1440,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Fire the removal event first, because after this, the event will not route
var event = { etype: 'mesh', username: user.name, meshid: command.meshid, name: command.meshname, action: 'deletemesh', msg: 'Mesh deleted: ' + command.meshname, domain: domain.id };
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to remove the mesh. Another event will come.
parent.parent.DispatchEvent(['*', command.meshid], obj, event);
parent.parent.DispatchEvent(['*', command.meshid], obj, event); // Even if DB change stream is active, this event need to be acted on.
// Remove all user links to this mesh
for (i in meshes) {

1
views/default.handlebars
View File

@ -1302,6 +1302,7 @@
}
function onMessage(server, message) {
if (args.trace == 1) { console.log('MSG:', message); }
switch (message.action) {
case 'serverstats': {
updateGeneralServerStats(message);