Added preparations for Intel AMT 802.1x support.
This commit is contained in:
parent
8968048377
commit
a1943e3df1
|
@ -64,30 +64,61 @@ module.exports.CreateAmtManager = function (parent) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check WIFI profiles
|
// Check WIFI profiles
|
||||||
//var wifiAuthMethod = { 1: "Other", 2: "Open", 3: "Shared Key", 4: "WPA PSK", 5: "WPA 802.1x", 6: "WPA2 PSK", 7: "WPA2 802.1x", 32768: "WPA3 802.1x" };
|
//var wifiAuthMethod = { 1: "Other", 2: "Open", 3: "Shared Key", 4: "WPA PSK", 5: "WPA 802.1x", 6: "WPA2 PSK", 7: "WPA2 802.1x", 32768: "WPA3 SAE IEEE 802.1x", 32769: "WPA3 OWE IEEE 802.1x" };
|
||||||
//var wifiEncMethod = { 1: "Other", 2: "WEP", 3: "TKIP", 4: "CCMP", 5: "None" }
|
//var wifiEncMethod = { 1: "Other", 2: "WEP", 3: "TKIP", 4: "CCMP", 5: "None" }
|
||||||
if (Array.isArray(domain.amtmanager.wifiprofiles) == true) {
|
if (Array.isArray(domain.amtmanager.wifiprofiles) == true) {
|
||||||
var goodWifiProfiles = [];
|
var goodWifiProfiles = [];
|
||||||
for (var i = 0; i < domain.amtmanager.wifiprofiles.length; i++) {
|
for (var i = 0; i < domain.amtmanager.wifiprofiles.length; i++) {
|
||||||
var wifiProfile = domain.amtmanager.wifiprofiles[i];
|
var wifiProfile = domain.amtmanager.wifiprofiles[i];
|
||||||
if ((typeof wifiProfile.ssid == 'string') && (wifiProfile.ssid != '') && (typeof wifiProfile.password == 'string') && (wifiProfile.password != '')) {
|
if ((typeof wifiProfile.ssid == 'string') && (wifiProfile.ssid != '') && (((typeof wifiProfile.password == 'string') && (wifiProfile.password != '')) || ((typeof wifiProfile['802.1x'] == 'object') && (wifiProfile['802.1x'] != null)))) {
|
||||||
if ((wifiProfile.name == null) || (wifiProfile.name == '')) { wifiProfile.name = wifiProfile.ssid; }
|
if ((wifiProfile.name == null) || (wifiProfile.name == '')) { wifiProfile.name = wifiProfile.ssid; }
|
||||||
if (typeof wifiProfile.authentication == 'string') {
|
|
||||||
// Authentication
|
|
||||||
if (typeof wifiProfile.authentication == 'string') { wifiProfile.authentication = wifiProfile.authentication.toLowerCase(); }
|
|
||||||
if (wifiProfile.authentication == 'wpa-psk') { wifiProfile.authentication = 4; }
|
|
||||||
if (wifiProfile.authentication == 'wpa2-psk') { wifiProfile.authentication = 6; }
|
|
||||||
if (typeof wifiProfile.authentication != 'number') { wifiProfile.authentication = 6; } // Default to WPA2-PSK
|
|
||||||
|
|
||||||
// Encyption
|
// Authentication
|
||||||
if (typeof wifiProfile.encryption == 'string') { wifiProfile.encryption = wifiProfile.encryption.toLowerCase(); }
|
if (typeof wifiProfile.authentication == 'string') { wifiProfile.authentication = wifiProfile.authentication.toLowerCase(); }
|
||||||
if ((wifiProfile.encryption == 'ccmp-aes') || (wifiProfile.encryption == 'ccmp')) { wifiProfile.encryption = 4; }
|
if (wifiProfile.authentication == 'wpa-psk') { wifiProfile.authentication = 4; }
|
||||||
if ((wifiProfile.encryption == 'tkip-rc4') || (wifiProfile.encryption == 'tkip')) { wifiProfile.encryption = 3; }
|
if (wifiProfile.authentication == 'wpa2-psk') { wifiProfile.authentication = 6; }
|
||||||
if (typeof wifiProfile.encryption != 'number') { wifiProfile.encryption = 4; } // Default to CCMP-AES
|
if (wifiProfile.authentication == 'wpa-8021x') { wifiProfile.authentication = 5; }
|
||||||
|
if (wifiProfile.authentication == 'wpa2-802.1x') { wifiProfile.authentication = 7; }
|
||||||
// Type
|
if (wifiProfile.authentication == 'wpa3-sae-802.1x') { wifiProfile.authentication = 32768; }
|
||||||
wifiProfile.type = 3; // Infrastructure
|
if (wifiProfile.authentication == 'wpa3-owe-802.1x') { wifiProfile.authentication = 32769; }
|
||||||
|
if (typeof wifiProfile.authentication != 'number') {
|
||||||
|
if (wifiProfile['802.1x']) { wifiProfile.authentication = 7; } // Default to WPA2-802.1x
|
||||||
|
else { wifiProfile.authentication = 6; } // Default to WPA2-PSK
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Encyption
|
||||||
|
if (typeof wifiProfile.encryption == 'string') { wifiProfile.encryption = wifiProfile.encryption.toLowerCase(); }
|
||||||
|
if ((wifiProfile.encryption == 'ccmp-aes') || (wifiProfile.encryption == 'ccmp')) { wifiProfile.encryption = 4; }
|
||||||
|
if ((wifiProfile.encryption == 'tkip-rc4') || (wifiProfile.encryption == 'tkip')) { wifiProfile.encryption = 3; }
|
||||||
|
if (typeof wifiProfile.encryption != 'number') { wifiProfile.encryption = 4; } // Default to CCMP-AES
|
||||||
|
|
||||||
|
// Type
|
||||||
|
wifiProfile.type = 3; // Infrastructure
|
||||||
|
|
||||||
|
// Check authentication
|
||||||
|
if ([4, 6].indexOf(wifiProfile.authentication) >= 0) {
|
||||||
|
// Password authentication
|
||||||
|
if ((typeof wifiProfile.password != 'string') || (wifiProfile.password.length < 8) || (wifiProfile.password.length > 63)) continue;
|
||||||
|
} else if ([5, 7, 32768, 32769].indexOf(wifiProfile.authentication) >= 0) {
|
||||||
|
// 802.1x authentication
|
||||||
|
if ((wifiProfile['802.1x'] == null) && (typeof wifiProfile['802.1x'] != 'object')) continue;
|
||||||
|
const netAuthStrings = ['eap-tls', 'eap-ttls/mschapv2', 'peapv0/eap-mschapv2', 'peapv1/eap-gtc', 'eap-fast/mschapv2', 'eap-fast/gtc', 'eap-md5', 'eap-psk', 'eap-sim', 'eap-aka', 'eap-fast/tls'];
|
||||||
|
|
||||||
|
if (typeof wifiProfile['802.1x'].servercertificatename != 'string') {
|
||||||
|
delete wifiProfile['802.1x'].servercertificatenamecomparison;
|
||||||
|
const serverCertCompareStrings = ['', '', 'fullname', 'domainsuffix'];
|
||||||
|
if (typeof wifiProfile['802.1x'].servercertificatenamecomparison == 'string') {
|
||||||
|
wifiProfile['802.1x'].servercertificatenamecomparison = serverCertCompareStrings.indexOf(wifiProfile['802.1x'].servercertificatenamecomparison.toLowerCase());
|
||||||
|
if (wifiProfile['802.1x'].servercertificatenamecomparison == -1) { wifiProfile['802.1x'].servercertificatenamecomparison = 2; } // Default to full name compare
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (typeof wifiProfile['802.1x'].authenticationprotocol == 'string') {
|
||||||
|
wifiProfile['802.1x'].authenticationprotocol = netAuthStrings.indexOf(wifiProfile['802.1x'].authenticationprotocol.toLowerCase());
|
||||||
|
if (wifiProfile['802.1x'].authenticationprotocol == -1) continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
goodWifiProfiles.push(wifiProfile);
|
goodWifiProfiles.push(wifiProfile);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -95,6 +126,25 @@ module.exports.CreateAmtManager = function (parent) {
|
||||||
} else {
|
} else {
|
||||||
delete domain.amtmanager.wifiprofiles;
|
delete domain.amtmanager.wifiprofiles;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check 802.1x wired profile if present
|
||||||
|
if ((domain.amtmanager['802.1x'] != null) && (typeof domain.amtmanager['802.1x'] == 'object')) {
|
||||||
|
const netAuthStrings = ['eap-tls', 'eap-ttls/mschapv2', 'peapv0/eap-mschapv2', 'peapv1/eap-gtc', 'eap-fast/mschapv2', 'eap-fast/gtc', 'eap-md5', 'eap-psk', 'eap-sim', 'eap-aka', 'eap-fast/tls'];
|
||||||
|
|
||||||
|
if (typeof domain.amtmanager['802.1x'].servercertificatename != 'string') {
|
||||||
|
delete domain.amtmanager['802.1x'].servercertificatenamecomparison;
|
||||||
|
const serverCertCompareStrings = ['', '', 'fullname', 'domainsuffix'];
|
||||||
|
if (typeof domain.amtmanager['802.1x'].servercertificatenamecomparison == 'string') {
|
||||||
|
domain.amtmanager['802.1x'].servercertificatenamecomparison = serverCertCompareStrings.indexOf(domain.amtmanager['802.1x'].servercertificatenamecomparison.toLowerCase());
|
||||||
|
if (domain.amtmanager['802.1x'].servercertificatenamecomparison == -1) { domain.amtmanager['802.1x'].servercertificatenamecomparison = 2; } // Default to full name compare
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (typeof domain.amtmanager['802.1x'].authenticationprotocol == 'string') {
|
||||||
|
domain.amtmanager['802.1x'].authenticationprotocol = netAuthStrings.indexOf(domain.amtmanager['802.1x'].authenticationprotocol.toLowerCase());
|
||||||
|
if (domain.amtmanager['802.1x'].authenticationprotocol == -1) { delete domain.amtmanager['802.1x']; }
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if an Intel AMT device is being managed
|
// Check if an Intel AMT device is being managed
|
||||||
|
|
|
@ -682,7 +682,7 @@
|
||||||
"items": {
|
"items": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"additionalProperties": false,
|
"additionalProperties": false,
|
||||||
"required": [ "ssid", "password" ],
|
"required": [ "ssid" ],
|
||||||
"properties": {
|
"properties": {
|
||||||
"name": {
|
"name": {
|
||||||
"description": "WIFI profile name, if not specified the SSID is used.",
|
"description": "WIFI profile name, if not specified the SSID is used.",
|
||||||
|
@ -695,7 +695,7 @@
|
||||||
"authentication": {
|
"authentication": {
|
||||||
"description": "WIFI authentication.",
|
"description": "WIFI authentication.",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"enum": [ "wpa2-psk", "wpa-psk" ],
|
"enum": [ "wpa-psk", "wpa2-psk", "wpa-8021x", "wpa2-802.1x", "wpa3-sae-802.1x", "wpa3-owe-802.1x" ],
|
||||||
"default": "wpa2-psk"
|
"default": "wpa2-psk"
|
||||||
},
|
},
|
||||||
"encryption": {
|
"encryption": {
|
||||||
|
@ -709,9 +709,152 @@
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"minLength": 8,
|
"minLength": 8,
|
||||||
"maxLength": 63
|
"maxLength": 63
|
||||||
|
},
|
||||||
|
"802.1x": {
|
||||||
|
"description": "802.1x settings for this WIFI profile. Only required if the WIFI authentication type has 802.1x",
|
||||||
|
"default": null,
|
||||||
|
"type": "object",
|
||||||
|
"additionalProperties": false,
|
||||||
|
"required": [ "authenticationProtocol" ],
|
||||||
|
"properties": {
|
||||||
|
"authenticationProtocol": {
|
||||||
|
"description": "Identifies the authentication protocol used to authenticate the access requestor to the AAA server.",
|
||||||
|
"type": [ "integer", "string" ],
|
||||||
|
"enum": [ "EAP-TLS", "EAP-TTLS/MSCHAPv2", "PEAPv0/EAP-MSCHAPv2", "PEAPv1/EAP-GTC", "EAP-FAST/MSCHAPv2", "EAP-FAST/GTC", "EAP-MD5", "EAP-PSK", "EAP-SIM", "EAP-AKA", "EAP-FAST/TLS", 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 ]
|
||||||
|
},
|
||||||
|
"serverCertificateNameComparison": {
|
||||||
|
"type": [ "integer", "string" ],
|
||||||
|
"default": "FullName",
|
||||||
|
"description": "Determines the comparison algorithm used between the ServerCertificateName value and the subject name field of the certificate presented by the AAA server.",
|
||||||
|
"enum": [ "FullName", "DomainSuffix", 2, 3 ]
|
||||||
|
},
|
||||||
|
"serverCertificateName": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "The name compared against the subject name field in the certificate provided by the AAA server.",
|
||||||
|
"maxLength": 80
|
||||||
|
},
|
||||||
|
"availableInS0": {
|
||||||
|
"type": "boolean",
|
||||||
|
"default": true,
|
||||||
|
"description": "Indicates the activity setting of the 802.1X module in H0 state"
|
||||||
|
},
|
||||||
|
"protectedAccessCredentialHex": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.",
|
||||||
|
"maxLength": 64
|
||||||
|
},
|
||||||
|
"pacPassword": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "Optional password to extract the PAC (Protected Access Credential) information from the PAC data.",
|
||||||
|
"maxLength": 256
|
||||||
|
},
|
||||||
|
"domain": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "The domain within which Username is unique.",
|
||||||
|
"maxLength": 128
|
||||||
|
},
|
||||||
|
"username": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "Within the domain specified by Domain, Identifies the user that is requesting access to the network.",
|
||||||
|
"maxLength": 128
|
||||||
|
},
|
||||||
|
"password": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "The password associated with the user identified by Username and Domain.",
|
||||||
|
"maxLength": 32
|
||||||
|
},
|
||||||
|
"roamingIdentity": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "A string presented to the authentication server in 802.1x protocol exchange",
|
||||||
|
"maxLength": 80
|
||||||
|
},
|
||||||
|
"pxeTimeoutInSeconds": {
|
||||||
|
"type": "integer",
|
||||||
|
"default": 120,
|
||||||
|
"description": "Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session."
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"802.1x": {
|
||||||
|
"description": "802.1x settings for the Intel AMT Wired interface. If set to false, any existing 802.1x wired profile will be removed from Intel AMT.",
|
||||||
|
"default": null,
|
||||||
|
"type": [ "object", "boolean" ],
|
||||||
|
"additionalProperties": false,
|
||||||
|
"required": [ "authenticationProtocol" ],
|
||||||
|
"properties": {
|
||||||
|
"authenticationProtocol": {
|
||||||
|
"description": "Identifies the authentication protocol used to authenticate the access requestor to the AAA server.",
|
||||||
|
"type": [ "integer", "string" ],
|
||||||
|
"enum": [ "EAP-TLS", "EAP-TTLS/MSCHAPv2", "PEAPv0/EAP-MSCHAPv2", "PEAPv1/EAP-GTC", "EAP-FAST/MSCHAPv2", "EAP-FAST/GTC", "EAP-MD5", "EAP-PSK", "EAP-SIM", "EAP-AKA", "EAP-FAST/TLS", 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 ]
|
||||||
|
},
|
||||||
|
"serverCertificateNameComparison": {
|
||||||
|
"type": [ "integer", "string" ],
|
||||||
|
"description": "Determines the comparison algorithm used between the ServerCertificateName value and the subject name field of the certificate presented by the AAA server.",
|
||||||
|
"enum": [ "FullName", "DomainSuffix", 2, 3 ]
|
||||||
|
},
|
||||||
|
"serverCertificateName": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "The name compared against the subject name field in the certificate provided by the AAA server.",
|
||||||
|
"maxLength": 80
|
||||||
|
},
|
||||||
|
"availableInS0": {
|
||||||
|
"type": "boolean",
|
||||||
|
"default": true,
|
||||||
|
"description": "Indicates the activity setting of the 802.1X module in H0 state"
|
||||||
|
},
|
||||||
|
"protectedAccessCredentialHex": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.",
|
||||||
|
"maxLength": 64
|
||||||
|
},
|
||||||
|
"pacPassword": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "Optional password to extract the PAC (Protected Access Credential) information from the PAC data.",
|
||||||
|
"maxLength": 256
|
||||||
|
},
|
||||||
|
"domain": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "The domain within which Username is unique.",
|
||||||
|
"maxLength": 128
|
||||||
|
},
|
||||||
|
"username": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "Within the domain specified by Domain, Identifies the user that is requesting access to the network.",
|
||||||
|
"maxLength": 128
|
||||||
|
},
|
||||||
|
"password": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "The password associated with the user identified by Username and Domain.",
|
||||||
|
"maxLength": 32
|
||||||
|
},
|
||||||
|
"roamingIdentity": {
|
||||||
|
"type": "string",
|
||||||
|
"default": null,
|
||||||
|
"description": "A string presented to the authentication server in 802.1x protocol exchange",
|
||||||
|
"maxLength": 80
|
||||||
|
},
|
||||||
|
"pxeTimeoutInSeconds": {
|
||||||
|
"type": "integer",
|
||||||
|
"default": 120,
|
||||||
|
"description": "Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session."
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in New Issue