mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 06:05:53 -05:00
Improved AMT policy dialog.
This commit is contained in:
parent
6fb8beb164
commit
add724419e
@ -1130,7 +1130,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
if (responses['IPS_HTTPProxyService'].status == 400) { delete responses['IPS_HTTPProxyService']; }
|
||||
for (var i in responses) { if (responses[i].status != 200) { status = responses[i].status; } }
|
||||
}
|
||||
if (status != 200) { dev.consoleMsg("Failed get CIRA state (" + status + ")."); removeAmtDevice(dev); return; }
|
||||
if (status != 200) { dev.consoleMsg("Failed to get CIRA state (" + status + ")."); removeAmtDevice(dev); return; }
|
||||
if ((responses['AMT_UserInitiatedConnectionService'] == null) || (responses['AMT_UserInitiatedConnectionService'].response == null)) { dev.consoleMsg("Invalid CIRA state."); removeAmtDevice(dev); return; }
|
||||
|
||||
dev.cira = {};
|
||||
|
13
meshuser.js
13
meshuser.js
@ -18,7 +18,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
const common = parent.common;
|
||||
|
||||
// Cross domain messages, for cross-domain administrators only.
|
||||
const allowedCrossDomainMessages = ['accountcreate', 'accountremove', 'accountchange', 'createusergroup', 'deleteusergroup', 'usergroupchange'];
|
||||
|
||||
@ -3306,11 +3305,11 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
if (common.validateObject(command.amtpolicy) == false) break; // Check the amtpolicy
|
||||
if (common.validateInt(command.amtpolicy.type, 0, 4) == false) break; // Check the amtpolicy.type
|
||||
if (command.amtpolicy.type === 2) {
|
||||
if (common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
|
||||
if ((command.amtpolicy.password != null) && (common.validateString(command.amtpolicy.password, 0, 32) == false)) break; // Check the amtpolicy.password
|
||||
if ((command.amtpolicy.badpass != null) && common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
|
||||
if (common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
|
||||
} else if (command.amtpolicy.type === 3) {
|
||||
if (common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
|
||||
if ((command.amtpolicy.password != null) && (common.validateString(command.amtpolicy.password, 0, 32) == false)) break; // Check the amtpolicy.password
|
||||
if ((command.amtpolicy.badpass != null) && common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
|
||||
if (common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
|
||||
}
|
||||
@ -3326,11 +3325,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
// Perform the Intel AMT policy change
|
||||
change = 'Intel AMT policy change';
|
||||
var amtpolicy = { type: command.amtpolicy.type };
|
||||
if ((command.amtpolicy.type === 2) || (command.amtpolicy.type === 3)) { amtpolicy = { type: command.amtpolicy.type, password: command.amtpolicy.password, badpass: command.amtpolicy.badpass, cirasetup: command.amtpolicy.cirasetup }; }
|
||||
if ((command.amtpolicy.type === 2) || (command.amtpolicy.type === 3)) {
|
||||
amtpolicy = { type: command.amtpolicy.type, badpass: command.amtpolicy.badpass, cirasetup: command.amtpolicy.cirasetup };
|
||||
if ((command.amtpolicy.password == null) && (mesh.amt != null) && (typeof mesh.amt.password == 'string')) { amtpolicy.password = mesh.amt.password; } // Keep the last password
|
||||
if ((typeof command.amtpolicy.password == 'string') && (command.amtpolicy.password.length >= 8)) { amtpolicy.password = command.amtpolicy.password; } // Set a new password
|
||||
}
|
||||
mesh.amt = amtpolicy;
|
||||
db.Set(mesh);
|
||||
var amtpolicy2 = Object.assign({}, amtpolicy); // Shallow clone
|
||||
delete amtpolicy2.password;
|
||||
if (amtpolicy2.password != null) { amtpolicy2.password = 1; }
|
||||
var event = { etype: 'mesh', userid: user._id, username: user.name, meshid: mesh._id, amt: amtpolicy2, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id, invite: mesh.invite };
|
||||
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
|
||||
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(mesh, [user._id]), obj, event);
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -9528,7 +9528,9 @@
|
||||
// Set the current Intel AMT policy
|
||||
if (currentMesh.amt && (currentMesh.amt.type == 2) || (currentMesh.amt.type == 3)) {
|
||||
Q('dp20amtpolicypass').value = currentMesh.amt.password;
|
||||
if ((currentMesh.amt.type == 2) && (currentMesh.amt.badpass != null)) { Q('dp20amtbadpass').value = currentMesh.amt.badpass; }
|
||||
if ((currentMesh.amt.type == 2) || (currentMesh.amt.type == 3)) {
|
||||
if (currentMesh.amt.badpass != null) { Q('dp20amtbadpass').value = currentMesh.amt.badpass; }
|
||||
}
|
||||
if ((features & 0x400) == 0) { Q('dp20amtcira').value = currentMesh.amt.cirasetup; }
|
||||
}
|
||||
|
||||
@ -9537,44 +9539,49 @@
|
||||
|
||||
function p20editMeshAmtChange() {
|
||||
var ptype = Q('dp20amtpolicy').value, x = '';
|
||||
if ((ptype >= 2) && (ptype < 4)) {
|
||||
x = addHtmlValue("Password*", '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
|
||||
x += addHtmlValue("Password*", '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
|
||||
x += addHtmlValue("Password mismatch", '<select id=dp20amtbadpass style=width:230px><option value=0>' + "Do nothing" + '</option><option value=1>' + "Reactivate Intel® AMT" + '</option></select>');
|
||||
if ((features & 0x400) == 0) { x += addHtmlValue('<span title="' + "Client Initiated Remote Access" + '">' + "CIRA" + '</span>', '<select id=dp20amtcira style=width:230px><option value=0>' + "Don't configure" + '</option><option value=1>' + "Don't connect to server" + '</option><option value=2>' + "Connect to server" + '</option></select>'); }
|
||||
x += '<br/><span style="font-size:10px">' + "* Leave blank to assign a random password to each device." + '</span><br/>';
|
||||
if (currentMesh.mtype == 2) {
|
||||
if (ptype == 2) {
|
||||
x += '<span style="font-size:10px">' + "This policy will not impact devices with Intel® AMT in ACM mode." + '</span><br/>';
|
||||
x += '<span style="font-size:10px">' + "This is not a secure policy as agents will be performing activation." + '</span>';
|
||||
} else {
|
||||
x += '<span style="font-size:10px">' + "During activation, the agent will have access to admin password infomation." + '</span>';
|
||||
}
|
||||
}
|
||||
if ((ptype == 2) || (ptype == 3)) {
|
||||
var keeppass = ((currentMesh.amt != null) && (currentMesh.amt.password == 1))?'<option value=1 selected>' + "Keep existing password" + '</option>':'';
|
||||
x += addHtmlValue("Password", '<select id=dp20amtpass style=width:230px onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy()><option value=0>' + "Randomize password" + '</option>' + keeppass+ '<option value=2>' + "Select new password" + '</option></select>');
|
||||
x += '<div id=dp20amtpassdiv style=display:none>';
|
||||
x += addHtmlValue("New password*", '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
|
||||
x += addHtmlValue("New password*", '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
|
||||
x += '</div>';
|
||||
x += addHtmlValue("Unknown password", '<select id=dp20amtbadpass style=width:230px><option value=0>' + "Do nothing" + '</option><option value=1>' + "If in CCM, reactivate Intel® AMT" + '</option></select>');
|
||||
if ((features & 0x400) == 0) { x += addHtmlValue('<span title="' + "Client Initiated Remote Access" + '">' + "CIRA setup" + '</span>', '<select id=dp20amtcira style=width:230px><option value=0>' + "Do nothing" + '</option><option value=1>' + "Don't connect to server" + '</option><option value=2>' + "Connect to server" + '</option></select>'); }
|
||||
x += '<span id=dp10passNotify style="font-size:10px"> ' + "* 8 characters, 1 upper, 1 lower, 1 numeric, 1 non-alpha numeric." + '</span>';
|
||||
if ((currentMesh.mtype == 2) && (ptype == 2)) { x += '<span style="font-size:10px"> ' + "This policy will not impact devices with Intel® AMT in ACM mode." + '</span>'; }
|
||||
}
|
||||
if (ptype == 0) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/rcheckbox60.png width=60 height=60><td>' + "When this policy is selected, Intel® AMT is not managed by this server. Intel AMT can still be used by manually activating and configuring it." + '</table>'; }
|
||||
if (ptype == 1) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/rcheckbox60.png width=60 height=60><td>' + "When this policy is selected, any Intel® AMT in Client Control Mode (CCM) will be deactivated. Other devices will have CIRA cleared and can still be managed manually." + '</table>'; }
|
||||
if (ptype == 4) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/checkbox60.png width=60 height=60><td>' + "This is the recommanded policy. Intel® AMT activation and management is completely automated and the server will attempt to make best possible use of hardware management." + '</table>'; }
|
||||
QH('dp20amtpolicydiv', x);
|
||||
setTimeout(dp20amtValidatePolicy, 1);
|
||||
setTimeout(dp20amtValidatePolicy, 500);
|
||||
}
|
||||
|
||||
function dp20amtValidatePolicy() {
|
||||
var ok = true, ptype = Q('dp20amtpolicy').value;
|
||||
if ((ptype == 2) || (ptype == 3)) {
|
||||
if (((ptype == 2) || (ptype == 3)) && (Q('dp20amtpass').value == 2)) {
|
||||
var pass = Q('dp20amtpolicypass').value, pass2 = Q('dp20amtpolicypass2').value;
|
||||
ok = ((pass === pass2) && ((pass === '') ? true : passwordcheck(pass)));
|
||||
ok = ((pass === pass2) && passwordcheck(pass));
|
||||
}
|
||||
QE('idx_dlgOkButton', ok);
|
||||
if ((ptype == 2) || (ptype == 3)) { QV('dp20amtpassdiv', Q('dp20amtpass').value == 2); }
|
||||
QV('dp10passNotify', ((ptype == 2) || (ptype == 3)) && (Q('dp20amtpass').value == 2));
|
||||
}
|
||||
|
||||
function p20editMeshAmtEx() {
|
||||
var ptype = parseInt(Q('dp20amtpolicy').value), amtpolicy = { type: ptype };
|
||||
var password = null;
|
||||
if ((ptype == 2) || (ptype == 3)) {
|
||||
if (Q('dp20amtpass').value == 0) { password = ''; } // Randomize
|
||||
if (Q('dp20amtpass').value == 1) { password = null; } // Keep same
|
||||
if (Q('dp20amtpass').value == 2) { password = Q('dp20amtpolicypass').value; } // Set new password
|
||||
}
|
||||
if (ptype == 2) { // CCM policy
|
||||
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
|
||||
amtpolicy = { type: ptype, password: password, badpass: parseInt(Q('dp20amtbadpass').value) };
|
||||
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
|
||||
} else if (ptype == 3) { // ACM policy
|
||||
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
|
||||
amtpolicy = { type: ptype, password: password, badpass: parseInt(Q('dp20amtbadpass').value) };
|
||||
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
|
||||
} else if (ptype == 4) { // Fully automatic policy
|
||||
amtpolicy = { type: ptype };
|
||||
|
@ -2296,7 +2296,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
if (obj.args.webrtc == true) { features += 0x00000080; } // Enable WebRTC (Default false for now)
|
||||
if (obj.args.clickonce !== false) { features += 0x00000100; } // Enable ClickOnce (Default true)
|
||||
if (obj.args.allowhighqualitydesktop !== false) { features += 0x00000200; } // Enable AllowHighQualityDesktop (Default true)
|
||||
if (obj.args.lanonly == true || obj.args.mpsport == 0) { features += 0x00000400; } // No CIRA
|
||||
if ((obj.args.lanonly == true) || (obj.args.mpsport == 0)) { features += 0x00000400; } // No CIRA
|
||||
if ((obj.parent.serverSelfWriteAllowed == true) && (user != null) && (user.siteadmin == 0xFFFFFFFF)) { features += 0x00000800; } // Server can self-write (Allows self-update)
|
||||
if ((parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (obj.parent.certificates.CommonName.indexOf('.') != -1) && (obj.args.nousers !== true) && (user._id.split('/')[2][0] != '~')) { features += 0x00001000; } // 2FA login supported
|
||||
if (domain.agentnoproxy === true) { features += 0x00002000; } // Indicates that agents should be installed without using a HTTP proxy
|
||||
@ -5915,7 +5915,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
if ((r.amt != null) && (r.amt.password != null)) {
|
||||
r = Object.assign({}, r); // Shallow clone
|
||||
r.amt = Object.assign({}, r.amt); // Shallow clone
|
||||
if (r.amt.password != null) { r.amt.password = 1; } // Remove the Intel AMT password from the policy
|
||||
if ((r.amt.password != null) && (r.amt.password != '')) { r.amt.password = 1; } // Remove the Intel AMT password from the policy
|
||||
}
|
||||
return r;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user