Improved AMT ACM activation using MeshAgent.

This commit is contained in:
Ylian Saint-Hilaire 2021-03-05 17:45:17 -08:00
parent dea0d96add
commit c9757d904c
4 changed files with 23 additions and 40 deletions

Binary file not shown.

Binary file not shown.

View File

@ -1187,29 +1187,7 @@ function handleServerCommand(data) {
}; };
addAmtEvent('LMS tunnel start.'); addAmtEvent('LMS tunnel start.');
apftunnel = require('amt-apfclient')({ debug: false }, apfarg); apftunnel = require('amt-apfclient')({ debug: false }, apfarg);
apftunnel.onJsonControl = function (data) { apftunnel.onJsonControl = handleApfJsonControl;
if (data.action == 'console') { addAmtEvent(data.msg); } // Add console message to AMT event log
if (data.action == 'mestate') { amt.getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state
if (data.action == 'deactivate') { // Request CCM deactivation
var amtMeiModule, amtMei;
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { if (apftunnel) apftunnel.sendMeiDeactivationState(1); return; }
amtMei.on('error', function (e) { if (apftunnel) apftunnel.sendMeiDeactivationState(1); });
amtMei.unprovision(1, function (status) { if (apftunnel) apftunnel.sendMeiDeactivationState(status); }); // 0 = Success
}
if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection
if (data.action == 'startTlsHostConfig') { // Request start of host based TLS ACM activation
var amtMeiModule, amtMei;
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { if (apftunnel) apftunnel.sendMeiDeactivationState(1); return; }
amtMei.on('error', function (e) { if (apftunnel) apftunnel.sendStartTlsHostConfigResponse({ state: -104 }); });
amtMei.startConfigurationHBased(Buffer.from(data.hash, 'hex'), data.hostVpn, data.dnsSuffixList, function (response) { apftunnel.sendStartTlsHostConfigResponse(response); });
}
if (data.action == 'stopConfiguration') { // Request Intel AMT stop configuration.
var amtMeiModule, amtMei;
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { if (apftunnel) apftunnel.sendMeiDeactivationState(1); return; }
amtMei.on('error', function (e) { if (apftunnel) apftunnel.sendStopConfigurationResponse({ state: -104 }); });
amtMei.stopConfiguration(function (status) { apftunnel.sendStopConfigurationResponse(status); });
}
}
apftunnel.onChannelClosed = function () { addAmtEvent('LMS tunnel closed.'); apftunnel = null; } apftunnel.onChannelClosed = function () { addAmtEvent('LMS tunnel closed.'); apftunnel = null; }
try { apftunnel.connect(); } catch (ex) { } try { apftunnel.connect(); } catch (ex) { }
}); });
@ -1279,6 +1257,24 @@ function handleServerCommand(data) {
} }
} }
// Handle APF JSON control commands
function handleApfJsonControl(data) {
if (data.action == 'console') { addAmtEvent(data.msg); } // Add console message to AMT event log
if (data.action == 'mestate') { amt.getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state
if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection
if (amt.amtMei != null) {
if (data.action == 'deactivate') { // Request CCM deactivation
amt.amtMei.unprovision(1, function (status) { if (apftunnel) apftunnel.sendMeiDeactivationState(status); }); // 0 = Success
}
if (data.action == 'startTlsHostConfig') { // Request start of host based TLS ACM activation
amt.amtMei.startConfigurationHBased(Buffer.from(data.hash, 'hex'), data.hostVpn, data.dnsSuffixList, function (response) { apftunnel.sendStartTlsHostConfigResponse(response); });
}
if (data.action == 'stopConfiguration') { // Request Intel AMT stop configuration.
amt.amtMei.stopConfiguration(function (status) { apftunnel.sendStopConfigurationResponse(status); });
}
}
}
// Agent just get a file from the server and save it locally. // Agent just get a file from the server and save it locally.
function serverFetchFile() { function serverFetchFile() {
if ((Object.keys(agentFileHttpRequests).length > 4) || (agentFileHttpPendingRequests.length == 0)) return; // No more than 4 active HTTPS requests to the server. if ((Object.keys(agentFileHttpRequests).length > 4) || (agentFileHttpPendingRequests.length == 0)) return; // No more than 4 active HTTPS requests to the server.
@ -3769,17 +3765,7 @@ function processConsoleCommand(cmd, args, rights, sessionid) {
} else { } else {
addAmtEvent('User LMS tunnel start.'); addAmtEvent('User LMS tunnel start.');
apftunnel = require('amt-apfclient')({ debug: false }, apfarg); apftunnel = require('amt-apfclient')({ debug: false }, apfarg);
apftunnel.onJsonControl = function (data) { apftunnel.onJsonControl = handleApfJsonControl;
if (data.action == 'console') { addAmtEvent(data.msg); require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); } // Display a console message
if (data.action == 'mestate') { amt.getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state
if (data.action == 'deactivate') { // Request CCM deactivation
var amtMeiModule, amtMei;
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { apftunnel.sendMeiDeactivationState(1); return; }
amtMei.on('error', function (e) { apftunnel.sendMeiDeactivationState(1); });
amtMei.unprovision(1, function (status) { apftunnel.sendMeiDeactivationState(status); }); // 0 = Success
}
if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection
}
apftunnel.onChannelClosed = function () { addAmtEvent('User LMS tunnel closed.'); apftunnel = null; } apftunnel.onChannelClosed = function () { addAmtEvent('User LMS tunnel closed.'); apftunnel = null; }
try { try {
apftunnel.connect(); apftunnel.connect();
@ -3816,10 +3802,7 @@ function processConsoleCommand(cmd, args, rights, sessionid) {
response = "Unable to get Intel AMT UUID: " + apfarg.clientuuid; response = "Unable to get Intel AMT UUID: " + apfarg.clientuuid;
} else { } else {
apftunnel = require('amt-apfclient')({ debug: false }, apfarg); apftunnel = require('amt-apfclient')({ debug: false }, apfarg);
apftunnel.onJsonControl = function (data) { apftunnel.onJsonControl = handleApfJsonControl;
if (data.action == 'console') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); }
if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; }
}
apftunnel.onChannelClosed = function () { apftunnel = null; } apftunnel.onChannelClosed = function () { apftunnel = null; }
try { try {
apftunnel.connect(); apftunnel.connect();

View File

@ -58,11 +58,11 @@ function AmtManager(agent, db, isdebug) {
var rebindToMeiRetrys = 0; var rebindToMeiRetrys = 0;
obj.reset = function () { obj.reset = function () {
++rebindToMeiRetrys; ++rebindToMeiRetrys;
amtMei = null, amtMeiState = 0, amtLms = null, amtLmsState = 0, obj.state = 0, obj.lmsstate = 0; obj.amtMei = null, amtMei = null, amtMeiState = 0, amtLms = null, amtLmsState = 0, obj.state = 0, obj.lmsstate = 0;
//debug('Binding to MEI'); //debug('Binding to MEI');
try { try {
var amtMeiLib = require('amt-mei'); var amtMeiLib = require('amt-mei');
amtMei = new amtMeiLib(); obj.amtMei = amtMei = new amtMeiLib();
amtMei.on('error', function (e) { debug('MEI error'); amtMei = null; amtMeiState = -1; obj.state = -1; if (obj.onStateChange != null) { obj.onStateChange(amtMeiState); } }); amtMei.on('error', function (e) { debug('MEI error'); amtMei = null; amtMeiState = -1; obj.state = -1; if (obj.onStateChange != null) { obj.onStateChange(amtMeiState); } });
amtMei.getVersion(function (result) { amtMei.getVersion(function (result) {
if (result == null) { if (result == null) {