Improved AMT 802.1x config to deal with platforms with just wired or wireless.

2022-04-03 00:34:00 -07:00 · 2022-04-03 00:34:00 -07:00 · da2f53f05f
parent 43d8eafd6a
commit da2f53f05f
1 changed files with 227 additions and 207 deletions
--- a/amtmanager.js
+++ b/amtmanager.js
@ -1324,14 +1324,20 @@ module.exports.CreateAmtManager = function (parent) {
        dev.amtstack.BatchEnum(null, objQuery, function (stack, name, responses, status) {
            const dev = stack.dev;
            if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
-            if (status != 200) { devTaskCompleted(dev); return; } // We can't get wireless settings, ignore and carry on.
            const domain = parent.config.domains[dev.domainid];

+            const wiredConfig = ((parent.config.domains[dev.domainid].amtmanager['802.1x'] != null) && (responses['AMT_8021XProfile'].status == 200));
+            const wirelessConfig = ((responses['CIM_WiFiEndpointSettings'].status == 200) && (responses['AMT_WiFiPortConfigurationService'].status == 200) && (responses['CIM_WiFiPort'].status == 200) && (responses['CIM_IEEE8021xSettings'].status == 200));
+            if (!wiredConfig && !wirelessConfig) { devTaskCompleted(dev); return; } // We can't get wired or wireless settings, ignore and carry on.
+
            // Check if wired 802.1x needs updating
            var newNetAuthProfileRequested = false;
-            var devNetAuthProfile = responses['AMT_8021XProfile'].response;
            var srvNetAuthProfile = domain.amtmanager['802.1x'];
+            var devNetAuthProfile = null;
+
+            if (wiredConfig) {
                var wiredMatch = 0;
+                devNetAuthProfile = responses['AMT_8021XProfile'].response;
                if ((srvNetAuthProfile === false) && (devNetAuthProfile != null)) {
                    // Remove the 802.1x profile
                    wiredMatch = 1;
@ -1352,7 +1358,9 @@ module.exports.CreateAmtManager = function (parent) {
                    }
                }
                if (wiredMatch == 2) { newNetAuthProfileRequested = true; }
+            }

+            if (wirelessConfig) {
                // If we have server WIFI profiles to sync, do this now.
                if (parent.config.domains[dev.domainid].amtmanager.wifiprofiles != null) {
                    // The server and device WIFI profiles, find profiles to add and remove
@ -1436,13 +1444,14 @@ module.exports.CreateAmtManager = function (parent) {
                    for (var i in profilesToRemove) {
                        dev.amtstack.Delete('CIM_WiFiEndpointSettings', { InstanceID: 'Intel(r) AMT:WiFi Endpoint Settings ' + profilesToRemove[i].ElementName }, function (stack, name, responses, status) { }, 0, 1);
                    }
+                }

                if (newNetAuthProfileRequested) {
                    // Credentials for this 802.1x profile are provided using MeshCentral Satellite
                    // Send a message to Satellite requesting a 802.1x profile for this device
                    dev.consoleMsg("Requesting 802.1x credentials for " + netAuthStrings[srvNetAuthProfile.authenticationprotocol] + " from MeshCentral Satellite...");
                    dev.netAuthSatReqId = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64'); // Generate a crypto-secure request id.
-                    dev.netAuthSatReqData = { domain: domain, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses }
+                    dev.netAuthSatReqData = { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses }
                    parent.DispatchEvent([srvNetAuthProfile.satellitecredentials], obj, { action: 'satellite', satelliteFlags: 2, nodeid: dev.nodeid, domain: dev.nodeid.split('/')[1], nolog: 1, reqid: dev.netAuthSatReqId, authProtocol: srvNetAuthProfile.authenticationprotocol, devname: dev.name });

                    // Set a response timeout
@ -1460,7 +1469,7 @@ module.exports.CreateAmtManager = function (parent) {
                    return;
                } else {
                    // No need to call MeshCentral Satellite for a 802.1x profile, so configure everything now.
-                    attemptWifiSyncEx(dev, { domain: domain, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses });
+                    attemptWifiSyncEx(dev, { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses });
                }
            }
        });
@ -1474,7 +1483,10 @@ module.exports.CreateAmtManager = function (parent) {
        const srvNetAuthProfile = devNetAuthData.srvNetAuthProfile;
        const profilesToAdd = devNetAuthData.profilesToAdd;
        const responses = devNetAuthData.responses;
+        const wiredConfig = devNetAuthData.wiredConfig;
+        const wirelessConfig = devNetAuthData.wirelessConfig;

+        if (wiredConfig) {
            var netAuthProfile = Clone(devNetAuthProfile);
            netAuthProfile['Enabled'] = ((srvNetAuthProfile != null) && (typeof srvNetAuthProfile == 'object'));
            if (netAuthProfile['Enabled']) {
@ -1516,17 +1528,24 @@ module.exports.CreateAmtManager = function (parent) {
                if (status == 200) { dev.consoleMsg("802.1x wired profile set."); }
                attemptWifiSyncEx(dev, devNetAuthData);
            });
+        } else {
+            // No wired interface, skip with WIFI config
+            attemptWifiSyncEx(dev, devNetAuthData);
+        }
    }

    function attemptWifiSyncEx(dev, devNetAuthData) {
        // Unpack
-        var domain = devNetAuthData.domain;
-        var devNetAuthProfile = devNetAuthData.devNetAuthProfile;
-        var srvNetAuthProfile = devNetAuthData.srvNetAuthProfile;
-        var profilesToAdd = devNetAuthData.profilesToAdd;
-        var responses = devNetAuthData.responses;
-        var prioritiesInUse = devNetAuthData.prioritiesInUse;
+        const domain = devNetAuthData.domain;
+        const devNetAuthProfile = devNetAuthData.devNetAuthProfile;
+        const srvNetAuthProfile = devNetAuthData.srvNetAuthProfile;
+        const profilesToAdd = devNetAuthData.profilesToAdd;
+        const responses = devNetAuthData.responses;
+        const prioritiesInUse = devNetAuthData.prioritiesInUse;
+        const wiredConfig = devNetAuthData.wiredConfig;
+        const wirelessConfig = devNetAuthData.wirelessConfig;

+        if (wirelessConfig) {
            // Add missing WIFI profiles
            var nextPriority = 0;
            for (var i in profilesToAdd) {
@ -1605,6 +1624,7 @@ module.exports.CreateAmtManager = function (parent) {
                    });
                }
            }
+        }

        // Done
        devTaskCompleted(dev);