mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 06:05:53 -05:00
Added preparations for Intel AMT 802.1x support.
This commit is contained in:
parent
8968048377
commit
a1943e3df1
@ -64,30 +64,61 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
}
|
||||
|
||||
// Check WIFI profiles
|
||||
//var wifiAuthMethod = { 1: "Other", 2: "Open", 3: "Shared Key", 4: "WPA PSK", 5: "WPA 802.1x", 6: "WPA2 PSK", 7: "WPA2 802.1x", 32768: "WPA3 802.1x" };
|
||||
//var wifiAuthMethod = { 1: "Other", 2: "Open", 3: "Shared Key", 4: "WPA PSK", 5: "WPA 802.1x", 6: "WPA2 PSK", 7: "WPA2 802.1x", 32768: "WPA3 SAE IEEE 802.1x", 32769: "WPA3 OWE IEEE 802.1x" };
|
||||
//var wifiEncMethod = { 1: "Other", 2: "WEP", 3: "TKIP", 4: "CCMP", 5: "None" }
|
||||
if (Array.isArray(domain.amtmanager.wifiprofiles) == true) {
|
||||
var goodWifiProfiles = [];
|
||||
for (var i = 0; i < domain.amtmanager.wifiprofiles.length; i++) {
|
||||
var wifiProfile = domain.amtmanager.wifiprofiles[i];
|
||||
if ((typeof wifiProfile.ssid == 'string') && (wifiProfile.ssid != '') && (typeof wifiProfile.password == 'string') && (wifiProfile.password != '')) {
|
||||
if ((typeof wifiProfile.ssid == 'string') && (wifiProfile.ssid != '') && (((typeof wifiProfile.password == 'string') && (wifiProfile.password != '')) || ((typeof wifiProfile['802.1x'] == 'object') && (wifiProfile['802.1x'] != null)))) {
|
||||
if ((wifiProfile.name == null) || (wifiProfile.name == '')) { wifiProfile.name = wifiProfile.ssid; }
|
||||
if (typeof wifiProfile.authentication == 'string') {
|
||||
// Authentication
|
||||
if (typeof wifiProfile.authentication == 'string') { wifiProfile.authentication = wifiProfile.authentication.toLowerCase(); }
|
||||
if (wifiProfile.authentication == 'wpa-psk') { wifiProfile.authentication = 4; }
|
||||
if (wifiProfile.authentication == 'wpa2-psk') { wifiProfile.authentication = 6; }
|
||||
if (typeof wifiProfile.authentication != 'number') { wifiProfile.authentication = 6; } // Default to WPA2-PSK
|
||||
|
||||
// Encyption
|
||||
if (typeof wifiProfile.encryption == 'string') { wifiProfile.encryption = wifiProfile.encryption.toLowerCase(); }
|
||||
if ((wifiProfile.encryption == 'ccmp-aes') || (wifiProfile.encryption == 'ccmp')) { wifiProfile.encryption = 4; }
|
||||
if ((wifiProfile.encryption == 'tkip-rc4') || (wifiProfile.encryption == 'tkip')) { wifiProfile.encryption = 3; }
|
||||
if (typeof wifiProfile.encryption != 'number') { wifiProfile.encryption = 4; } // Default to CCMP-AES
|
||||
// Authentication
|
||||
if (typeof wifiProfile.authentication == 'string') { wifiProfile.authentication = wifiProfile.authentication.toLowerCase(); }
|
||||
if (wifiProfile.authentication == 'wpa-psk') { wifiProfile.authentication = 4; }
|
||||
if (wifiProfile.authentication == 'wpa2-psk') { wifiProfile.authentication = 6; }
|
||||
if (wifiProfile.authentication == 'wpa-8021x') { wifiProfile.authentication = 5; }
|
||||
if (wifiProfile.authentication == 'wpa2-802.1x') { wifiProfile.authentication = 7; }
|
||||
if (wifiProfile.authentication == 'wpa3-sae-802.1x') { wifiProfile.authentication = 32768; }
|
||||
if (wifiProfile.authentication == 'wpa3-owe-802.1x') { wifiProfile.authentication = 32769; }
|
||||
if (typeof wifiProfile.authentication != 'number') {
|
||||
if (wifiProfile['802.1x']) { wifiProfile.authentication = 7; } // Default to WPA2-802.1x
|
||||
else { wifiProfile.authentication = 6; } // Default to WPA2-PSK
|
||||
}
|
||||
|
||||
// Type
|
||||
wifiProfile.type = 3; // Infrastructure
|
||||
// Encyption
|
||||
if (typeof wifiProfile.encryption == 'string') { wifiProfile.encryption = wifiProfile.encryption.toLowerCase(); }
|
||||
if ((wifiProfile.encryption == 'ccmp-aes') || (wifiProfile.encryption == 'ccmp')) { wifiProfile.encryption = 4; }
|
||||
if ((wifiProfile.encryption == 'tkip-rc4') || (wifiProfile.encryption == 'tkip')) { wifiProfile.encryption = 3; }
|
||||
if (typeof wifiProfile.encryption != 'number') { wifiProfile.encryption = 4; } // Default to CCMP-AES
|
||||
|
||||
// Type
|
||||
wifiProfile.type = 3; // Infrastructure
|
||||
|
||||
// Check authentication
|
||||
if ([4, 6].indexOf(wifiProfile.authentication) >= 0) {
|
||||
// Password authentication
|
||||
if ((typeof wifiProfile.password != 'string') || (wifiProfile.password.length < 8) || (wifiProfile.password.length > 63)) continue;
|
||||
} else if ([5, 7, 32768, 32769].indexOf(wifiProfile.authentication) >= 0) {
|
||||
// 802.1x authentication
|
||||
if ((wifiProfile['802.1x'] == null) && (typeof wifiProfile['802.1x'] != 'object')) continue;
|
||||
const netAuthStrings = ['eap-tls', 'eap-ttls/mschapv2', 'peapv0/eap-mschapv2', 'peapv1/eap-gtc', 'eap-fast/mschapv2', 'eap-fast/gtc', 'eap-md5', 'eap-psk', 'eap-sim', 'eap-aka', 'eap-fast/tls'];
|
||||
|
||||
if (typeof wifiProfile['802.1x'].servercertificatename != 'string') {
|
||||
delete wifiProfile['802.1x'].servercertificatenamecomparison;
|
||||
const serverCertCompareStrings = ['', '', 'fullname', 'domainsuffix'];
|
||||
if (typeof wifiProfile['802.1x'].servercertificatenamecomparison == 'string') {
|
||||
wifiProfile['802.1x'].servercertificatenamecomparison = serverCertCompareStrings.indexOf(wifiProfile['802.1x'].servercertificatenamecomparison.toLowerCase());
|
||||
if (wifiProfile['802.1x'].servercertificatenamecomparison == -1) { wifiProfile['802.1x'].servercertificatenamecomparison = 2; } // Default to full name compare
|
||||
}
|
||||
}
|
||||
|
||||
if (typeof wifiProfile['802.1x'].authenticationprotocol == 'string') {
|
||||
wifiProfile['802.1x'].authenticationprotocol = netAuthStrings.indexOf(wifiProfile['802.1x'].authenticationprotocol.toLowerCase());
|
||||
if (wifiProfile['802.1x'].authenticationprotocol == -1) continue;
|
||||
}
|
||||
}
|
||||
|
||||
goodWifiProfiles.push(wifiProfile);
|
||||
}
|
||||
}
|
||||
@ -95,6 +126,25 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
} else {
|
||||
delete domain.amtmanager.wifiprofiles;
|
||||
}
|
||||
|
||||
// Check 802.1x wired profile if present
|
||||
if ((domain.amtmanager['802.1x'] != null) && (typeof domain.amtmanager['802.1x'] == 'object')) {
|
||||
const netAuthStrings = ['eap-tls', 'eap-ttls/mschapv2', 'peapv0/eap-mschapv2', 'peapv1/eap-gtc', 'eap-fast/mschapv2', 'eap-fast/gtc', 'eap-md5', 'eap-psk', 'eap-sim', 'eap-aka', 'eap-fast/tls'];
|
||||
|
||||
if (typeof domain.amtmanager['802.1x'].servercertificatename != 'string') {
|
||||
delete domain.amtmanager['802.1x'].servercertificatenamecomparison;
|
||||
const serverCertCompareStrings = ['', '', 'fullname', 'domainsuffix'];
|
||||
if (typeof domain.amtmanager['802.1x'].servercertificatenamecomparison == 'string') {
|
||||
domain.amtmanager['802.1x'].servercertificatenamecomparison = serverCertCompareStrings.indexOf(domain.amtmanager['802.1x'].servercertificatenamecomparison.toLowerCase());
|
||||
if (domain.amtmanager['802.1x'].servercertificatenamecomparison == -1) { domain.amtmanager['802.1x'].servercertificatenamecomparison = 2; } // Default to full name compare
|
||||
}
|
||||
}
|
||||
|
||||
if (typeof domain.amtmanager['802.1x'].authenticationprotocol == 'string') {
|
||||
domain.amtmanager['802.1x'].authenticationprotocol = netAuthStrings.indexOf(domain.amtmanager['802.1x'].authenticationprotocol.toLowerCase());
|
||||
if (domain.amtmanager['802.1x'].authenticationprotocol == -1) { delete domain.amtmanager['802.1x']; }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Check if an Intel AMT device is being managed
|
||||
|
@ -682,7 +682,7 @@
|
||||
"items": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [ "ssid", "password" ],
|
||||
"required": [ "ssid" ],
|
||||
"properties": {
|
||||
"name": {
|
||||
"description": "WIFI profile name, if not specified the SSID is used.",
|
||||
@ -695,7 +695,7 @@
|
||||
"authentication": {
|
||||
"description": "WIFI authentication.",
|
||||
"type": "string",
|
||||
"enum": [ "wpa2-psk", "wpa-psk" ],
|
||||
"enum": [ "wpa-psk", "wpa2-psk", "wpa-8021x", "wpa2-802.1x", "wpa3-sae-802.1x", "wpa3-owe-802.1x" ],
|
||||
"default": "wpa2-psk"
|
||||
},
|
||||
"encryption": {
|
||||
@ -709,9 +709,152 @@
|
||||
"type": "string",
|
||||
"minLength": 8,
|
||||
"maxLength": 63
|
||||
},
|
||||
"802.1x": {
|
||||
"description": "802.1x settings for this WIFI profile. Only required if the WIFI authentication type has 802.1x",
|
||||
"default": null,
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [ "authenticationProtocol" ],
|
||||
"properties": {
|
||||
"authenticationProtocol": {
|
||||
"description": "Identifies the authentication protocol used to authenticate the access requestor to the AAA server.",
|
||||
"type": [ "integer", "string" ],
|
||||
"enum": [ "EAP-TLS", "EAP-TTLS/MSCHAPv2", "PEAPv0/EAP-MSCHAPv2", "PEAPv1/EAP-GTC", "EAP-FAST/MSCHAPv2", "EAP-FAST/GTC", "EAP-MD5", "EAP-PSK", "EAP-SIM", "EAP-AKA", "EAP-FAST/TLS", 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 ]
|
||||
},
|
||||
"serverCertificateNameComparison": {
|
||||
"type": [ "integer", "string" ],
|
||||
"default": "FullName",
|
||||
"description": "Determines the comparison algorithm used between the ServerCertificateName value and the subject name field of the certificate presented by the AAA server.",
|
||||
"enum": [ "FullName", "DomainSuffix", 2, 3 ]
|
||||
},
|
||||
"serverCertificateName": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "The name compared against the subject name field in the certificate provided by the AAA server.",
|
||||
"maxLength": 80
|
||||
},
|
||||
"availableInS0": {
|
||||
"type": "boolean",
|
||||
"default": true,
|
||||
"description": "Indicates the activity setting of the 802.1X module in H0 state"
|
||||
},
|
||||
"protectedAccessCredentialHex": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.",
|
||||
"maxLength": 64
|
||||
},
|
||||
"pacPassword": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "Optional password to extract the PAC (Protected Access Credential) information from the PAC data.",
|
||||
"maxLength": 256
|
||||
},
|
||||
"domain": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "The domain within which Username is unique.",
|
||||
"maxLength": 128
|
||||
},
|
||||
"username": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "Within the domain specified by Domain, Identifies the user that is requesting access to the network.",
|
||||
"maxLength": 128
|
||||
},
|
||||
"password": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "The password associated with the user identified by Username and Domain.",
|
||||
"maxLength": 32
|
||||
},
|
||||
"roamingIdentity": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "A string presented to the authentication server in 802.1x protocol exchange",
|
||||
"maxLength": 80
|
||||
},
|
||||
"pxeTimeoutInSeconds": {
|
||||
"type": "integer",
|
||||
"default": 120,
|
||||
"description": "Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session."
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"802.1x": {
|
||||
"description": "802.1x settings for the Intel AMT Wired interface. If set to false, any existing 802.1x wired profile will be removed from Intel AMT.",
|
||||
"default": null,
|
||||
"type": [ "object", "boolean" ],
|
||||
"additionalProperties": false,
|
||||
"required": [ "authenticationProtocol" ],
|
||||
"properties": {
|
||||
"authenticationProtocol": {
|
||||
"description": "Identifies the authentication protocol used to authenticate the access requestor to the AAA server.",
|
||||
"type": [ "integer", "string" ],
|
||||
"enum": [ "EAP-TLS", "EAP-TTLS/MSCHAPv2", "PEAPv0/EAP-MSCHAPv2", "PEAPv1/EAP-GTC", "EAP-FAST/MSCHAPv2", "EAP-FAST/GTC", "EAP-MD5", "EAP-PSK", "EAP-SIM", "EAP-AKA", "EAP-FAST/TLS", 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 ]
|
||||
},
|
||||
"serverCertificateNameComparison": {
|
||||
"type": [ "integer", "string" ],
|
||||
"description": "Determines the comparison algorithm used between the ServerCertificateName value and the subject name field of the certificate presented by the AAA server.",
|
||||
"enum": [ "FullName", "DomainSuffix", 2, 3 ]
|
||||
},
|
||||
"serverCertificateName": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "The name compared against the subject name field in the certificate provided by the AAA server.",
|
||||
"maxLength": 80
|
||||
},
|
||||
"availableInS0": {
|
||||
"type": "boolean",
|
||||
"default": true,
|
||||
"description": "Indicates the activity setting of the 802.1X module in H0 state"
|
||||
},
|
||||
"protectedAccessCredentialHex": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.",
|
||||
"maxLength": 64
|
||||
},
|
||||
"pacPassword": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "Optional password to extract the PAC (Protected Access Credential) information from the PAC data.",
|
||||
"maxLength": 256
|
||||
},
|
||||
"domain": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "The domain within which Username is unique.",
|
||||
"maxLength": 128
|
||||
},
|
||||
"username": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "Within the domain specified by Domain, Identifies the user that is requesting access to the network.",
|
||||
"maxLength": 128
|
||||
},
|
||||
"password": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "The password associated with the user identified by Username and Domain.",
|
||||
"maxLength": 32
|
||||
},
|
||||
"roamingIdentity": {
|
||||
"type": "string",
|
||||
"default": null,
|
||||
"description": "A string presented to the authentication server in 802.1x protocol exchange",
|
||||
"maxLength": 80
|
||||
},
|
||||
"pxeTimeoutInSeconds": {
|
||||
"type": "integer",
|
||||
"default": 120,
|
||||
"description": "Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session."
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
|
Loading…
Reference in New Issue
Block a user