diff --git a/agents/meshcore.js b/agents/meshcore.js index 0db93b5a..e40d7ab0 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -134,6 +134,16 @@ function createMeshCore(agent) { } } + // Add an Intel AMT event to the log + function addAmtEvent(msg) { + if (obj.amtevents == null) { obj.amtevents = []; } + var d = new Date(); + obj.amtevents.push(zeroPad(d.getHours(), 2) + ':' + zeroPad(d.getMinutes(), 2) + ':' + zeroPad(d.getSeconds(), 2) + ', ' + msg); + if (obj.amtevents.length > 100) { obj.amtevents.splice(0, obj.amtevents.length - 100); } + } + function zeroPad(num, size) { var s = '000000000' + num; return s.substr(s.length - size); } + + // Create Secure IPC for Diagnostic Agent Communications obj.DAIPC = require('net').createServer(); if (process.platform != 'win32') { try { require('fs').unlinkSync(process.cwd() + '/DAIPC'); } catch (e) { } } @@ -1091,9 +1101,10 @@ function createMeshCore(agent) { conntype: 2, // 0 = CIRA, 1 = Relay, 2 = LMS. The correct value is 2 since we are performing an LMS relay, other values for testing. meiState: state // MEI state will be passed to MPS server }; + addAmtEvent('LMS tunnel start.'); apftunnel = require('apfclient')({ debug: false }, apfarg); apftunnel.onJsonControl = function (data) { - if (data.action == 'console') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); } // Display a console message (DEBUG) + if (data.action == 'console') { addAmtEvent(data.msg); } // Add console message to AMT event log if (data.action == 'mestate') { getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state if (data.action == 'deactivate') { // Request CCM deactivation var amtMeiModule, amtMei; @@ -1103,7 +1114,7 @@ function createMeshCore(agent) { } if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection } - apftunnel.onChannelClosed = function () { apftunnel = null; } + apftunnel.onChannelClosed = function () { addAmtEvent('LMS tunnel closed.'); apftunnel = null; } try { apftunnel.connect(); } catch (ex) { } }); break; @@ -2589,7 +2600,7 @@ function createMeshCore(agent) { var response = null; switch (cmd) { case 'help': { // Displays available commands - var fin = '', f = '', availcommands = 'amtconfig,coredump,service,fdsnapshot,fdcount,startupoptions,alert,agentsize,versions,help,info,osinfo,args,print,type,dbkeys,dbget,dbset,dbcompact,eval,parseuri,httpget,nwslist,plugin,wsconnect,wssend,wsclose,notify,ls,ps,kill,amt,netinfo,location,power,wakeonlan,setdebug,smbios,rawsmbios,toast,lock,users,sendcaps,openurl,getscript,getclip,setclip,log,av,cpuinfo,sysinfo,apf,scanwifi,scanamt,wallpaper,agentmsg'; + var fin = '', f = '', availcommands = 'amtconfig,amtevents,coredump,service,fdsnapshot,fdcount,startupoptions,alert,agentsize,versions,help,info,osinfo,args,print,type,dbkeys,dbget,dbset,dbcompact,eval,parseuri,httpget,nwslist,plugin,wsconnect,wssend,wsclose,notify,ls,ps,kill,amt,netinfo,location,power,wakeonlan,setdebug,smbios,rawsmbios,toast,lock,users,sendcaps,openurl,getscript,getclip,setclip,log,av,cpuinfo,sysinfo,apf,scanwifi,scanamt,wallpaper,agentmsg'; if (process.platform == 'win32') { availcommands += ',safemode,wpfhwacceleration,uac'; } if (process.platform != 'freebsd') { availcommands += ',vm';} if (require('MeshAgent').maxKvmTileSize != null) { availcommands += ',kvmmode'; } @@ -3532,6 +3543,10 @@ function createMeshCore(agent) { if (diag) { diag.close(); diag = null; } break; } + case 'amtevents': { + if (obj.amtevents == null) { response = 'No events.'; } else { response = obj.amtevents.join('\r\n'); } + break; + } case 'amtconfig': { if (apftunnel != null) { response = "Intel AMT server tunnel already active"; break; } if (amt == null) { response = "No Intel AMT support delected"; break; } @@ -3552,9 +3567,10 @@ function createMeshCore(agent) { if ((state.UUID == null) || (state.UUID.length != 36)) { rx = "Unable to get Intel AMT UUID"; } else { + addAmtEvent('User LMS tunnel start.'); apftunnel = require('apfclient')({ debug: false }, apfarg); apftunnel.onJsonControl = function (data) { - if (data.action == 'console') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); } // Display a console message + if (data.action == 'console') { addAmtEvent(data.msg); require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); } // Display a console message if (data.action == 'mestate') { getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state if (data.action == 'deactivate') { // Request CCM deactivation var amtMeiModule, amtMei; @@ -3564,7 +3580,7 @@ function createMeshCore(agent) { } if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection } - apftunnel.onChannelClosed = function () { apftunnel = null; } + apftunnel.onChannelClosed = function () { addAmtEvent('User LMS tunnel closed.'); apftunnel = null; } try { apftunnel.connect(); rx = "Started Intel AMT configuration"; diff --git a/amtmanager.js b/amtmanager.js index e4324021..7c689d62 100644 --- a/amtmanager.js +++ b/amtmanager.js @@ -1675,6 +1675,8 @@ module.exports.CreateAmtManager = function (parent) { if (responses['IPS_HostBasedSetupService'].response['AllowedControlModes'].length != 2) { dev.consoleMsg("Client control mode activation not allowed."); removeAmtDevice(dev); return; } // Log the activation request, logging is a required step for activation. + var domain = parent.config.domains[dev.domainid]; + if (domain == null) { dev.consoleMsg("Invalid domain."); removeAmtDevice(dev); return; } if (parent.certificateOperations.logAmtActivation(domain, { time: new Date(), action: 'ccmactivate', domain: dev.domainid, amtUuid: dev.mpsConnection.tag.meiState.UUID, amtRealm: responses['AMT_GeneralSettings'].response['DigestRealm'], user: 'admin', password: dev.temp.pass, ipport: dev.mpsConnection.remoteAddr + ':' + dev.mpsConnection.remotePort, nodeid: dev.nodeid, meshid: dev.meshid, computerName: dev.name }) == false) { dev.consoleMsg("Unable to log operation."); removeAmtDevice(dev); return; } @@ -1704,6 +1706,7 @@ module.exports.CreateAmtManager = function (parent) { dev.intelamt.tls = dev.aquired.tls = 0; dev.aquired.lastContact = Date.now(); dev.aquired.state = 2; // Activated + dev.aquired.warn = 0; // Clear all warnings delete dev.acctry; delete dev.temp; UpdateDevice(dev); diff --git a/certoperations.js b/certoperations.js index eacd274b..cdaf7ce3 100644 --- a/certoperations.js +++ b/certoperations.js @@ -68,11 +68,15 @@ module.exports.CertificateOperations = function (parent) { return { 'action': 'acmactivate', 'signature': signature, 'password': obj.crypto.createHash('md5').update(user + ':' + request.realm + ':' + pass).digest('hex'), 'nonce': mcNonce.toString('base64'), 'certs': certChain }; } - // Log the Intel AMT activation operation + // Log the Intel AMT activation operation in the domain log obj.logAmtActivation = function (domain, x) { - if ((domain.amtacmactivation == null) || (domain.amtacmactivation.log == null) || (typeof domain.amtacmactivation.log != 'string') || (x == null)) return true; + if (x == null) return true; var logpath = null; - if ((domain.amtacmactivation.log.length >= 2) && ((domain.amtacmactivation.log[0] == '/') || (domain.amtacmactivation.log[1] == ':'))) { logpath = domain.amtacmactivation.log; } else { logpath = parent.path.join(obj.parent.datapath, domain.amtacmactivation.log); } + if ((domain.amtacmactivation == null) || (domain.amtacmactivation.log == null) || (typeof domain.amtacmactivation.log != 'string')) { + if (domain.id == '') { logpath = parent.path.join(obj.parent.datapath, 'amtactivation.log'); } else { logpath = parent.path.join(obj.parent.datapath, 'amtactivation-' + domain.id + '.log'); } + } else { + if ((domain.amtacmactivation.log.length >= 2) && ((domain.amtacmactivation.log[0] == '/') || (domain.amtacmactivation.log[1] == ':'))) { logpath = domain.amtacmactivation.log; } else { logpath = parent.path.join(obj.parent.datapath, domain.amtacmactivation.log); } + } try { obj.fs.appendFileSync(logpath, JSON.stringify(x) + '\r\n'); } catch (ex) { console.log(ex); return false; } return true; }