From c9757d904c05e2059b9448f6927e848962415f5e Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Fri, 5 Mar 2021 17:45:17 -0800
Subject: [PATCH] Improved AMT ACM activation using MeshAgent.

---
 agents/MeshCmd-signed.exe             | Bin 4434272 -> 4434272 bytes
 agents/MeshCmd64-signed.exe           | Bin 4041568 -> 4041568 bytes
 agents/meshcore.js                    |  59 +++++++++-----------------
 agents/modules_meshcore/amt-manage.js |   4 +-
 4 files changed, 23 insertions(+), 40 deletions(-)

diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe
index 2279702fdca1aade3773b9d1da4ead476a41fe78..bc8630d148322f87e926854939d26fecd151cd42 100644
GIT binary patch
delta 821
zcmWl|dr->(00;1`hsAoVhhDTz4{MEIYpqqvYHNq?dLXLZ)kV4$dE6!vt-4;6CDPjA
z%!O5!SI2Q8axSN0?sQc0*d3>6{V`X!B7VL;cOUbcQ+8&&T}8Fy7S~i$k5^Oww?lh$
zKu27HG<3qHxD4s&j4tSkZpc7)^gvJa!sY0VKIn^n=#MLKB?cf9S;)p!7>Gd_j3Kxh
zIT(su3_~8S!L>+WIPx(91sI7!j6xAcV+_XPI*h}3T#sT*z(kaw^nNupslq@L@gsx+
zp+HCLOxj*a_mNMIUFZ8Qth6@#YU8BZYc4Tc+H|s}k6A_eO2dutT(^LS*5DEOSV2W$
z`_&9*#g{!d)z3$``Q^gR9{b++^lKHiZ<Zb62dwVwj?AQlh=NV>dHp*oDeHS!tO`$l
z$>H(4hq;TBA)}wCc$(-}Y!82l%~GQub{W1bt#qNAS2zxCP5d;_U&lCSQoAZ0YHw9^
z7IgIQJTXW_db3;=T@3SdEn~{QgDpF-iKV8PV&)p2^oheK&yP#q>ZaD0MDr*U7Or%0
z<`7Z(=l7Xyi&6d8j3U*n);^Prn@OJ#dfu~A*W8(J-u?7-=&szJM$%$>Y%3~mKF+Vq
z%h9##{(e0e*6PzUIv(4TMn(s*yi(_dcUwo&1PcC4?>OnC*O1zYq5VVjmQH&1l9;S<
zUsEY#de=pn^+flUgf2fr$WOO(Wn;!^c}i{}d0lxjFfgvSLTe~mYD_7aZOogfdNliF
z;o0ZgoaI@roSOJg^+%3T;uFmhqB4iAr5v4YxRH1$qsjeax|07bz!XbZYPtqhN+R=D
zTJN?|vA!cCiqAAOdDdOYpZmU{%vPRL+W0;+B8k{DKr6qH%2l!I=<Isc$$J6*hl7mU
zKQPPs)~27`NGF^pNrxXVvSlJ=lUf~0k?xH>{iU_Nj;z;Ohuo8ils2bzk2M?$`~zYU
BRGa_+

delta 821
zcmWl|3ow%b00(g2yd$f9D$jW~uMx{<&CukPNZFl{9y&^0U8xSe)I>vUv#vWucj}Ij
zbr&HVMkPv=E2+3HR;P3oQ7c-m{{8NL6VK(e32ewEXik;+c|>6z@jngq(Ett62#wJM
zO>qgDp*b!^3#8*RT#gJR(GpkSN?e6jXpJ^#i*{&_Omsj;bV6rzL04RjEObM6^gvJa
zLN<D%53WI9^g|A=MSr9)0J*phc^HU%48mXx!SyJ>P~6a(M}(bK8dDq&#r5M}Hm(gz
z5R(=KS+&~8i2b^t5$Wd6+z~-?)#*&1gogXNn0p3{C$`h2DU%bAbmxn!yCVk1YFw#c
zpMv*3QrnAlTO+lO#hN0*w0cY6QC2whVb=9ksZqyOU(FyP*%lZ1s&t_4MMvhiph>ki
z`o@qjgfN;BaouxBmM)E+6Q5(DQBH|1yLwDElK~lN?>D+jAC_Mc&e2O4<sTJ`4W2x+
z)Jgx?_L>yI=<VTV(Qu;ODw6j^^z{@|p?FHpnN=!Pzkg(fQ-#0ThZ7|W`~yNSfqT}p
zC|S8|x?lUKMJ7>AxmDVhkj^*l<DHahqlSf;p-viiyf{EslpqXp{$8IU_EIU%WL{cI
zA1}3M<rW_y%UZRmW#LgoR4@6{JL(R_bTA&gYTk49keq!qt-B)p$CM`Nw#TQMAl<E|
zI*Ixt^{mL*Dpxwjs|d;H*WbN(ze6taeV6GU&!3!^pTE1H$D9w<gifsWYZSK;TGKBN
z*!n+5>)SeFOOmVSG&{w=-mY%z|I5ivvP$ruPR?o^xOc(D`^&&!d%DzoN3S~8a>=pn
zj2S(L&~MhwUfHknqpok=WX(UpXvsM_*Ojl<q{Z#)W4dnqCh-UxwL4xbW2ehv^#07s
ycl8OQ|2(z{cDvT3=D&N%5<8W7@(fkI!j!5#=ibm2$^weR{rtwn`=9|$5B>p`MpW_u

diff --git a/agents/MeshCmd64-signed.exe b/agents/MeshCmd64-signed.exe
index 2a0e402d5a3cb3d1619f7a7eae43f94b71387017..66896b881d6642b502f75503ac53d233ff70a9aa 100644
GIT binary patch
delta 797
zcmWl|doa@h902fU@>(`F%X6_A^L`97V;=c~TPH1N9kC>(%M8&SQ~TvatcK)~UOFa^
zJLBBW+|kh~R_)UD2RnJ)A!=ULZsggw&)sKXQjc1Iy@e=)0`pQ4>b?l|zX3!;LwFn-
zL1SnFO`#dYz!T6MVj&J%Kud^+1ZV|`@FcW`HqaK@L3`)`N$?bOgieqQDbN{Gp$l|{
zH0TE1p$GJYUeFu*Kwszw{UIF&z(5!T888?!VF+ZwP#C5Zq1ff^#tc9IKzd+Mqj4uY
z5g}QyB+_Ce<q3lS%PMWtytm9vT<dn>7Cr6J$>eky)z<XFA7uoMpP8&FY4VS)%+DQ<
zen5-S6j*njjabBV|59%YHv372!3504ENc2Qk4whZ@0-ZtLu5jVZ8M+DZ{PV+sIBRX
zs^L|R6jhjCiQLZHwc@1Pbl+0cBi(8$v-S=K{i#@m^hl!z=)NmN){Duln_IeZadl(@
z+Jn+EanETEi*J$pobF#|nI_trA=B#V=6$YPSn9~#qh!ZJ&JC@C)${PS-*4iFGWp8^
z{9yR<kJh2C)|gQXZiRT|&7sPjZg1?Glhhb5*Q5mYwK4ay8ZrmRFvyZoXZVuR5r;yO
zaYnQ@#&Fu1K{q#4-R!}ZesxBCl|)_5jcep5ynDvJoMBnOBkwyu3eZdF8a9>0o<a+b
zdYO6Wv>g46f?<;?-8k>1`&NYJEE1wV=3~;LSzYSaRpRRc%Ed^$WY|S2i$3z|6=kV5
z9I!)Q!<8kAh&-o*yA>y_N^)p5<K>7Yy;ka4eM`BW&LN@MgnO{5SjHJOV18n=#{}t3
z2gJ9U(K2C8{6q(zRyyHXS+CoSQ)%bc(_}sP83rQc?PMDY=QD^?k3)lE^A$GZ#pv&A
nCF_;DTGchH&{uo2gy$i%^FDaj1G;x@UFW50lZ3jql4IZ>FEve|

delta 797
zcmWl|3osJ^7yw{nvw39melIabn$`??tfq&~i7SR=8WE+dtK4aZR(9<2whLEYo%bSi
zDo%QhN$gS#)#<jdTpr!h84c6lclXJsR0uijVk5M}9C;iBpM&^c8|pwLL_uAMh8U;^
z^`QYYgu9>-#6lc2h9=Mynn81D0WF~ww1zg&7TQ63h=;qO1Ka~0p%WxPXXpZn&=tDD
zz0e)*gCyty_d_x~04dNDQlS_0hCc8h^o4%V9|rVr5VX7&v=@cq<wGG?qJ^|b?nRHa
zjf%omOC@t6a51^KUEk?moP{EsDKebN&K%DPba&7RneJe|HB0c%76fnEvGTBapJb_)
zL*u6yL9tlB$&){KhA{ah%cg~4SHvTIn^kIR+?r^ynkpVWO!nu9Bnw1*`zF2m2M;-1
zkc+;XiK^)loXuBvONjHiDsF1$v4+;5+K$iu1S<9kY8)NjCTAFFLa;KfBc|_i8{ho3
zScQG5m}JofINkS&Wx@oF<ay+V3i(IrqfUuv5>mpR@uxO7^dB?GUt=Sqb4J+i3k!+r
z{`wLf5toz{Z#x&g(jS9K+n&rK@QQVPN%eI>9?g2Ck|NrA88@V71%qTuXz@>rr8e{3
z;oHBwlY%^Xs5+c|O-9P-qn1=H16)niah&NbnNpZQb&iM$Eyt`HD=WtAhh5?xdJgi-
z6pbz=O43|u)GHQ4a*o$19Wlv3sq>1ywMtre*PL<mtlPX98?Uab9hI5JW9{j^1gjEz
zrsTy=vw(|DYf8DEXk`?<aDt8h-l?tplCpIK_ko_&?10-;3D&XUqt?wbH2)^qTr=@z
zx-%n9VfWh%FRuE_>1Pvd0(>;WS-lHNkEDh(GS+?6Y3YOI0gm{cwmChv{Lr%R5+3Qc
m#Ok#oev}K(^KUo}gkEwbFhlBS1+|3a+M`lT`rw^eE$|QZEK+#@

diff --git a/agents/meshcore.js b/agents/meshcore.js
index 5b454dfb..93d89d23 100644
--- a/agents/meshcore.js
+++ b/agents/meshcore.js
@@ -1187,29 +1187,7 @@ function handleServerCommand(data) {
                     };
                     addAmtEvent('LMS tunnel start.');
                     apftunnel = require('amt-apfclient')({ debug: false }, apfarg);
-                    apftunnel.onJsonControl = function (data) {
-                        if (data.action == 'console') { addAmtEvent(data.msg); } // Add console message to AMT event log
-                        if (data.action == 'mestate') { amt.getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state
-                        if (data.action == 'deactivate') { // Request CCM deactivation
-                            var amtMeiModule, amtMei;
-                            try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { if (apftunnel) apftunnel.sendMeiDeactivationState(1); return; }
-                            amtMei.on('error', function (e) { if (apftunnel) apftunnel.sendMeiDeactivationState(1); });
-                            amtMei.unprovision(1, function (status) { if (apftunnel) apftunnel.sendMeiDeactivationState(status); }); // 0 = Success
-                        }
-                        if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection
-                        if (data.action == 'startTlsHostConfig') { // Request start of host based TLS ACM activation
-                            var amtMeiModule, amtMei;
-                            try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { if (apftunnel) apftunnel.sendMeiDeactivationState(1); return; }
-                            amtMei.on('error', function (e) { if (apftunnel) apftunnel.sendStartTlsHostConfigResponse({ state: -104 }); });
-                            amtMei.startConfigurationHBased(Buffer.from(data.hash, 'hex'), data.hostVpn, data.dnsSuffixList, function (response) { apftunnel.sendStartTlsHostConfigResponse(response); });
-                        }
-                        if (data.action == 'stopConfiguration') { // Request Intel AMT stop configuration.
-                            var amtMeiModule, amtMei;
-                            try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { if (apftunnel) apftunnel.sendMeiDeactivationState(1); return; }
-                            amtMei.on('error', function (e) { if (apftunnel) apftunnel.sendStopConfigurationResponse({ state: -104 }); });
-                            amtMei.stopConfiguration(function (status) { apftunnel.sendStopConfigurationResponse(status); });
-                        }
-                    }
+                    apftunnel.onJsonControl = handleApfJsonControl;
                     apftunnel.onChannelClosed = function () { addAmtEvent('LMS tunnel closed.'); apftunnel = null; }
                     try { apftunnel.connect(); } catch (ex) { }
                 });
@@ -1279,6 +1257,24 @@ function handleServerCommand(data) {
     }
 }
 
+// Handle APF JSON control commands
+function handleApfJsonControl(data) {
+    if (data.action == 'console') { addAmtEvent(data.msg); } // Add console message to AMT event log
+    if (data.action == 'mestate') { amt.getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state
+    if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection
+    if (amt.amtMei != null) {
+        if (data.action == 'deactivate') { // Request CCM deactivation
+            amt.amtMei.unprovision(1, function (status) { if (apftunnel) apftunnel.sendMeiDeactivationState(status); }); // 0 = Success
+        }
+        if (data.action == 'startTlsHostConfig') { // Request start of host based TLS ACM activation
+            amt.amtMei.startConfigurationHBased(Buffer.from(data.hash, 'hex'), data.hostVpn, data.dnsSuffixList, function (response) { apftunnel.sendStartTlsHostConfigResponse(response); });
+        }
+        if (data.action == 'stopConfiguration') { // Request Intel AMT stop configuration.
+            amt.amtMei.stopConfiguration(function (status) { apftunnel.sendStopConfigurationResponse(status); });
+        }
+    }
+}
+
 // Agent just get a file from the server and save it locally.
 function serverFetchFile() {
     if ((Object.keys(agentFileHttpRequests).length > 4) || (agentFileHttpPendingRequests.length == 0)) return; // No more than 4 active HTTPS requests to the server.
@@ -3769,17 +3765,7 @@ function processConsoleCommand(cmd, args, rights, sessionid) {
                         } else {
                             addAmtEvent('User LMS tunnel start.');
                             apftunnel = require('amt-apfclient')({ debug: false }, apfarg);
-                            apftunnel.onJsonControl = function (data) {
-                                if (data.action == 'console') { addAmtEvent(data.msg); require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); } // Display a console message
-                                if (data.action == 'mestate') { amt.getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state
-                                if (data.action == 'deactivate') { // Request CCM deactivation
-                                    var amtMeiModule, amtMei;
-                                    try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { apftunnel.sendMeiDeactivationState(1); return; }
-                                    amtMei.on('error', function (e) { apftunnel.sendMeiDeactivationState(1); });
-                                    amtMei.unprovision(1, function (status) { apftunnel.sendMeiDeactivationState(status); }); // 0 = Success
-                                }
-                                if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection
-                            }
+                            apftunnel.onJsonControl = handleApfJsonControl;
                             apftunnel.onChannelClosed = function () { addAmtEvent('User LMS tunnel closed.'); apftunnel = null; }
                             try {
                                 apftunnel.connect();
@@ -3816,10 +3802,7 @@ function processConsoleCommand(cmd, args, rights, sessionid) {
                                 response = "Unable to get Intel AMT UUID: " + apfarg.clientuuid;
                             } else {
                                 apftunnel = require('amt-apfclient')({ debug: false }, apfarg);
-                                apftunnel.onJsonControl = function (data) {
-                                    if (data.action == 'console') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); }
-                                    if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; }
-                                }
+                                apftunnel.onJsonControl = handleApfJsonControl;
                                 apftunnel.onChannelClosed = function () { apftunnel = null; }
                                 try {
                                     apftunnel.connect();
diff --git a/agents/modules_meshcore/amt-manage.js b/agents/modules_meshcore/amt-manage.js
index 63af1289..8d9b5891 100644
--- a/agents/modules_meshcore/amt-manage.js
+++ b/agents/modules_meshcore/amt-manage.js
@@ -58,11 +58,11 @@ function AmtManager(agent, db, isdebug) {
     var rebindToMeiRetrys = 0;
     obj.reset = function () {
         ++rebindToMeiRetrys;
-        amtMei = null, amtMeiState = 0, amtLms = null, amtLmsState = 0, obj.state = 0, obj.lmsstate = 0;
+        obj.amtMei = null, amtMei = null, amtMeiState = 0, amtLms = null, amtLmsState = 0, obj.state = 0, obj.lmsstate = 0;
         //debug('Binding to MEI');
         try {
             var amtMeiLib = require('amt-mei');
-            amtMei = new amtMeiLib();
+            obj.amtMei = amtMei = new amtMeiLib();
             amtMei.on('error', function (e) { debug('MEI error'); amtMei = null; amtMeiState = -1; obj.state = -1; if (obj.onStateChange != null) { obj.onStateChange(amtMeiState); } });
             amtMei.getVersion(function (result) {
                 if (result == null) {