mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-22 21:31:35 +03:00
AMT manager improvements.
This commit is contained in:
parent
55686471c8
commit
02a5d421b2
@ -340,7 +340,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
}
|
||||
|
||||
// If there is no Intel AMT policy for this device, stop here.
|
||||
if (amtPolicy == 0) { dev.consoleMsg("Done."); removeAmtDevice(dev); return; }
|
||||
//if (amtPolicy == 0) { dev.consoleMsg("Done."); removeAmtDevice(dev); return; }
|
||||
|
||||
// Initiate the communication to Intel AMT
|
||||
dev.consoleMsg("Checking Intel AMT state...");
|
||||
@ -371,19 +371,22 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
if ((dev.mpsConnection.tag.meiState.ProvisioningState == 2) && ((dev.mpsConnection.tag.meiState.Flags & 2) != 0)) {
|
||||
// Deactivate CCM.
|
||||
deactivateIntelAmtCCM(dev);
|
||||
} else {
|
||||
// Already deactivated or in ACM
|
||||
dev.consoleMsg("Done."); // TODO: We need to at least clear CIRA
|
||||
removeAmtDevice(dev);
|
||||
}
|
||||
return;
|
||||
} //else {
|
||||
// Already deactivated or in ACM
|
||||
//dev.consoleMsg("Done."); // TODO: We need to at least clear CIRA
|
||||
//removeAmtDevice(dev);
|
||||
//}
|
||||
//return;
|
||||
}
|
||||
// No Intel AMT policy, stop here
|
||||
/*
|
||||
// No Intel AMT policy, since this is CIRA-LMS, stop here.
|
||||
if (dev.policy.amtPolicy == 0) {
|
||||
dev.consoleMsg("Done.");
|
||||
removeAmtDevice(dev);
|
||||
return;
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
||||
// See if we need to try different credentials
|
||||
@ -762,6 +765,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
// Care should be take not to have many pending WSMAN called when performing clock sync.
|
||||
function attemptSyncClock(dev, func) {
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
if (dev.policy.amtPolicy == 0) { func(dev); return; } // If there is no Intel AMT policy, skip this operation.
|
||||
dev.taskCount = 1;
|
||||
dev.taskCompleted = func;
|
||||
dev.amtstack.AMT_TimeSynchronizationService_GetLowAccuracyTimeSynch(attemptSyncClockEx);
|
||||
@ -802,6 +806,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
// Check if Intel AMT TLS state is correct
|
||||
function attemptTlsSync(dev, func) {
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
if (dev.policy.amtPolicy == 0) { func(dev); return; } // If there is no Intel AMT policy, skip this operation.
|
||||
dev.taskCount = 1;
|
||||
dev.taskCompleted = func;
|
||||
// TODO: We only deal with certificates starting with Intel AMT 6 and beyond
|
||||
@ -973,6 +978,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
// We may want to work on an alternate version that does do priority if requested.
|
||||
function attemptWifiSync(dev, func) {
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
if (dev.policy.amtPolicy == 0) { func(dev); return; } // If there is no Intel AMT policy, skip this operation.
|
||||
if (dev.connType != 2) { func(dev); return; } // Only configure wireless over a CIRA-LMS link
|
||||
if (parent.config.domains[dev.domainid].amtmanager.wifiprofiles == null) { func(dev); return; } // No server WIFI profiles set, skip this.
|
||||
if ((dev.mpsConnection.tag.meiState == null) || (dev.mpsConnection.tag.meiState.net1 == null)) { func(dev); return; } // No WIFI on this device, skip this.
|
||||
@ -1080,6 +1086,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
// Check if Intel AMT has the server root certificate
|
||||
function attemptRootCertSync(dev, func) {
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
if (dev.policy.amtPolicy == 0) { func(dev); return; } // If there is no Intel AMT policy, skip this operation.
|
||||
if ((dev.connType != 2) || (dev.policy.ciraPolicy != 2) || (parent.mpsserver.server == null)) { func(dev); return; } // Server root certificate does not need to be present is CIRA is not needed
|
||||
|
||||
// Find the current TLS certificate & MeshCentral root certificate
|
||||
@ -1108,6 +1115,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
//
|
||||
|
||||
// Check if Intel AMT has the server root certificate
|
||||
// If deactivation policy is in effect, remove CIRA configuration
|
||||
function attemptCiraSync(dev, func) {
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
if ((dev.connType != 2) || ((dev.policy.ciraPolicy != 1) && (dev.policy.ciraPolicy != 2))) { func(dev); return; } // Only setup CIRA when LMS connection is used and a CIRA policy is enabled.
|
||||
@ -1116,12 +1124,15 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
// TODO: We only deal with remote access starting with Intel AMT 6 and beyond
|
||||
dev.taskCount = 1;
|
||||
dev.taskCompleted = func;
|
||||
dev.tryCount = 0;
|
||||
var requests = ['*AMT_EnvironmentDetectionSettingData', 'AMT_ManagementPresenceRemoteSAP', 'AMT_RemoteAccessCredentialContext', 'AMT_RemoteAccessPolicyAppliesToMPS', 'AMT_RemoteAccessPolicyRule', '*AMT_UserInitiatedConnectionService', 'AMT_MPSUsernamePassword'];
|
||||
if ((dev.aquired.majorver != null) && (dev.aquired.majorver > 11)) { requests.push('*IPS_HTTPProxyService', 'IPS_HTTPProxyAccessPoint'); }
|
||||
dev.amtstack.BatchEnum(null, requests, function (stack, name, responses, status) {
|
||||
dev.amtstack.BatchEnum(null, requests, attemptCiraSyncResponse);
|
||||
}
|
||||
|
||||
function attemptCiraSyncResponse(stack, name, responses, status) {
|
||||
const dev = stack.dev;
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
//dev.consoleMsg("Added server root certificate.");
|
||||
|
||||
if ((dev.aquired.majorver != null) && (dev.aquired.majorver > 11) && (status == 400)) {
|
||||
// Check if only the HTTP proxy objects failed
|
||||
@ -1130,7 +1141,24 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
if (responses['IPS_HTTPProxyService'].status == 400) { delete responses['IPS_HTTPProxyService']; }
|
||||
for (var i in responses) { if (responses[i].status != 200) { status = responses[i].status; } }
|
||||
}
|
||||
if (status != 200) { dev.consoleMsg("Failed to get CIRA state (" + status + ")."); removeAmtDevice(dev); return; }
|
||||
|
||||
// If batch enumeration was not succesful, try again.
|
||||
if (status != 200) {
|
||||
// If we failed to get the CIRA state, try again up to 5 times.
|
||||
if (dev.tryCount <= 5) {
|
||||
dev.tryCount++;
|
||||
var requests = ['*AMT_EnvironmentDetectionSettingData', 'AMT_ManagementPresenceRemoteSAP', 'AMT_RemoteAccessCredentialContext', 'AMT_RemoteAccessPolicyAppliesToMPS', 'AMT_RemoteAccessPolicyRule', '*AMT_UserInitiatedConnectionService', 'AMT_MPSUsernamePassword'];
|
||||
if ((dev.aquired.majorver != null) && (dev.aquired.majorver > 11)) { requests.push('*IPS_HTTPProxyService', 'IPS_HTTPProxyAccessPoint'); }
|
||||
dev.amtstack.BatchEnum(null, requests, attemptCiraSyncResponse);
|
||||
return;
|
||||
}
|
||||
|
||||
// We tried 5 times, give up.
|
||||
dev.consoleMsg("Failed to get CIRA state (" + status + ").");
|
||||
removeAmtDevice(dev);
|
||||
return;
|
||||
}
|
||||
|
||||
if ((responses['AMT_UserInitiatedConnectionService'] == null) || (responses['AMT_UserInitiatedConnectionService'].response == null)) { dev.consoleMsg("Invalid CIRA state."); removeAmtDevice(dev); return; }
|
||||
|
||||
dev.cira = {};
|
||||
@ -1203,7 +1231,6 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
// If we need to setup CIRA, start by checking the MPS server
|
||||
// parent.mpsserver.server is not null if the MPS server is listening for TCP/TLS connections
|
||||
if ((dev.policy.ciraPolicy == 2) && (parent.mpsserver.server != null)) { addMpsServer(dev); } else { checkEnvironmentDetection(dev); }
|
||||
});
|
||||
}
|
||||
|
||||
function addMpsServer(dev) {
|
||||
@ -1316,6 +1343,7 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
|
||||
function attemptSettingsSync(dev, func) {
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
if (dev.policy.amtPolicy == 0) { func(dev); return; } // If there is no Intel AMT policy, skip this operation.
|
||||
dev.taskCount = 1;
|
||||
dev.taskCompleted = func;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user