diff --git a/agents/MeshService.exe b/agents/MeshService.exe index 66c5d19e..1215e568 100644 Binary files a/agents/MeshService.exe and b/agents/MeshService.exe differ diff --git a/agents/MeshService64.exe b/agents/MeshService64.exe index 72d21698..df8472b2 100644 Binary files a/agents/MeshService64.exe and b/agents/MeshService64.exe differ diff --git a/agents/meshcore.js b/agents/meshcore.js index d53ff379..dbb0f23d 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -29,6 +29,7 @@ function createMeshCore(agent) { var selfInfoUpdateTimer = null; var http = require('http'); var fs = require('fs'); + var rtc = require('ILibWebRTC'); var wifiScannerLib = null; var wifiScanner = null; @@ -417,8 +418,26 @@ function createMeshCore(agent) { if (len > 0) { this.write(buf.slice(0, len)); } else { fs.closeSync(this.httprequest.downloadFile); this.httprequest.downloadFile = undefined; this.end(); } return; } + // Setup remote desktop & terminal without using native pipes - if ((this.httprequest.desktop) && (obj.useNativePipes == false)) { this.httprequest.desktop.kvm.write(data); return; } + if ((this.httprequest.desktop) && (obj.useNativePipes == false)) { + if (data.length > 21 && data.toString().startsWith('**********%%%%%%###**')) { + var controlMsg = JSON.parse(data.toString().substring(21)); + if (controlMsg.type == 'offer') { + this.webrtc = rtc.createConnection(); + this.webrtc.on('connected', function () { sendConsoleText('OnWebRTC_Connected'); }); + this.webrtc.on('dataChannel', function () { sendConsoleText('OnWebRTC_DataChannel'); }); + var counterOffer = this.webrtc.setOffer(controlMsg.sdp); + this.write('**********%%%%%%###**' + JSON.stringify({ type: 'answer', sdp: counterOffer })); + sendConsoleText('counterOfferSent'); + } else { + sendConsoleText(JSON.stringify(controlMsg)); + } + } else { + this.httprequest.desktop.kvm.write(data); + } + return; + } if ((this.httprequest.terminal) && (obj.useNativePipes == false)) { this.httprequest.terminal.write(data); return; } if (this.httprequest.state == 0) { diff --git a/certoperations.js b/certoperations.js index 1ae667d3..6553397f 100644 --- a/certoperations.js +++ b/certoperations.js @@ -12,24 +12,16 @@ module.exports.CertificateOperations = function () { obj.dirExists = function (filePath) { try { return obj.fs.statSync(filePath).isDirectory(); } catch (err) { return false; } } obj.getFilesizeInBytes = function(filename) { try { return obj.fs.statSync(filename)["size"]; } catch (err) { return -1; } } obj.fileExists = function(filePath) { try { return obj.fs.statSync(filePath).isFile(); } catch (err) { return false; } } - - // Return the SHA256 hash of the certificate public key - obj.getPublicKeyHash = function(cert) { - var publickey = obj.pki.certificateFromPem(cert).publicKey; - return obj.pki.getPublicKeyFingerprint(publickey, { encoding: 'hex', md: obj.forge.md.sha256.create() }); - } - // Return a random nonce (TODO: weak crypto) - obj.xxRandomNonceX = "abcdef0123456789"; - obj.xxRandomNonce = function (length) { - var r = ""; - for (var i = 0; i < length; i++) { r += obj.xxRandomNonceX.charAt(Math.floor(Math.random() * obj.xxRandomNonceX.length)); } - return r; + // Return the SHA386 hash of the certificate public key + obj.getPublicKeyHash = function (cert) { + var publickey = obj.pki.certificateFromPem(cert).publicKey; + return obj.pki.getPublicKeyFingerprint(publickey, { encoding: 'hex', md: obj.forge.md.sha384.create() }); } // Create a self-signed certificate obj.GenerateRootCertificate = function (addThumbPrintToName, commonName, country, organization) { - var keys = obj.pki.rsa.generateKeyPair(2048); + var keys = obj.pki.rsa.generateKeyPair(3072); var cert = obj.pki.createCertificate(); cert.publicKey = keys.publicKey; cert.serialNumber = '' + Math.floor((Math.random() * 100000) + 1); ; @@ -55,14 +47,14 @@ module.exports.CertificateOperations = function () { }, { name: 'subjectKeyIdentifier' }]); - cert.sign(keys.privateKey, obj.forge.md.sha256.create()); + cert.sign(keys.privateKey, obj.forge.md.sha384.create()); return { cert: cert, key: keys.privateKey }; } // Issue a certificate from a root - obj.IssueWebServerCertificate = function (rootcert, addThumbPrintToName, commonName, country, organization, extKeyUsage) { - var keys = obj.pki.rsa.generateKeyPair(2048); + obj.IssueWebServerCertificate = function (rootcert, addThumbPrintToName, commonName, country, organization, extKeyUsage, strong) { + var keys = obj.pki.rsa.generateKeyPair((strong == true) ? 3072 : 2048); var cert = obj.pki.createCertificate(); cert.publicKey = keys.publicKey; cert.serialNumber = '' + Math.floor((Math.random() * 100000) + 1); ; @@ -128,8 +120,7 @@ module.exports.CertificateOperations = function () { }] if (subjectAltName != null) extensions.push(subjectAltName); cert.setExtensions(extensions); - - cert.sign(rootcert.key, obj.forge.md.sha256.create()); + cert.sign(rootcert.key, obj.forge.md.sha384.create()); return { cert: cert, key: keys.privateKey }; } @@ -234,7 +225,7 @@ module.exports.CertificateOperations = function () { if (xorganizationField != null) { xorganization = xorganizationField.value; } if ((r.CommonName == commonName) && (xcountry == country) && (xorganization == organization) && (r.AmtMpsName == commonName)) { if (func != undefined) { func(r); } return r; } else { forceWebCertGen = 1; } // If the certificate matches what we want, keep it. } - console.log('Generating certificates...'); + console.log('Generating certificates, may take a few minutes...'); var rootCertAndKey, rootCertificate, rootPrivateKey, rootName; if (r.root == undefined) { @@ -255,7 +246,7 @@ module.exports.CertificateOperations = function () { // If the web certificate does not exist, create one var webCertAndKey, webCertificate, webPrivateKey; if ((r.web == null) || (forceWebCertGen == 1)) { - webCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, false, commonName, country, organization); + webCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, false, commonName, country, organization, null, true); webCertificate = obj.pki.certificateToPem(webCertAndKey.cert); webPrivateKey = obj.pki.privateKeyToPem(webCertAndKey.key); obj.fs.writeFileSync(directory + '/webserver-cert-public.crt', webCertificate); @@ -270,7 +261,7 @@ module.exports.CertificateOperations = function () { // If the Intel AMT MPS certificate does not exist, create one var mpsCertAndKey, mpsCertificate, mpsPrivateKey; if ((r.mps == null) || (forceWebCertGen == 1)) { - mpsCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, false, commonName, country, organization); + mpsCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, false, commonName, country, organization, null, false); mpsCertificate = obj.pki.certificateToPem(mpsCertAndKey.cert); mpsPrivateKey = obj.pki.privateKeyToPem(mpsCertAndKey.key); obj.fs.writeFileSync(directory + '/mpsserver-cert-public.crt', mpsCertificate); @@ -285,7 +276,7 @@ module.exports.CertificateOperations = function () { // If the Intel AMT console certificate does not exist, create one var consoleCertAndKey, consoleCertificate, consolePrivateKey, amtConsoleName = 'MeshCentral'; if (r.console == null) { - consoleCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, false, amtConsoleName, country, organization, { name: 'extKeyUsage', clientAuth: true, '2.16.840.1.113741.1.2.1': true, '2.16.840.1.113741.1.2.2': true, '2.16.840.1.113741.1.2.3': true }); // Intel AMT Remote, Agent and Activation usages + consoleCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, false, amtConsoleName, country, organization, { name: 'extKeyUsage', clientAuth: true, '2.16.840.1.113741.1.2.1': true, '2.16.840.1.113741.1.2.2': true, '2.16.840.1.113741.1.2.3': true }, false); // Intel AMT Remote, Agent and Activation usages consoleCertificate = obj.pki.certificateToPem(consoleCertAndKey.cert); consolePrivateKey = obj.pki.privateKeyToPem(consoleCertAndKey.key); obj.fs.writeFileSync(directory + '/amtconsole-cert-public.crt', consoleCertificate); @@ -301,7 +292,7 @@ module.exports.CertificateOperations = function () { // If the mesh agent server certificate does not exist, create one var agentCertAndKey, agentCertificate, agentPrivateKey; if (r.agent == null) { - agentCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, true, 'MeshCentralAgentServer'); + agentCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, true, 'MeshCentralAgentServer', null, true); agentCertificate = obj.pki.certificateToPem(agentCertAndKey.cert); agentPrivateKey = obj.pki.privateKeyToPem(agentCertAndKey.key); obj.fs.writeFileSync(directory + '/agentserver-cert-public.crt', agentCertificate); diff --git a/db.js b/db.js index 7138e83a..49cb7922 100644 --- a/db.js +++ b/db.js @@ -43,7 +43,7 @@ module.exports.CreateDB = function (args, datapath) { if ((docs.length == 1) && (docs[0].value != null)) { obj.identifier = docs[0].value; } else { - obj.identifier = new Buffer(require('crypto').randomBytes(32), 'binary').toString('hex'); + obj.identifier = new Buffer(require('crypto').randomBytes(48), 'binary').toString('hex'); obj.Set({ _id: 'DatabaseIdentifier', value: obj.identifier }); } }); @@ -53,94 +53,9 @@ module.exports.CreateDB = function (args, datapath) { var ver = 0; if (docs && docs.length == 1) { ver = docs[0].value; } - // Upgrade schema 0 to schema 1 - if (ver == 0) { - // Add the default domain to all users - obj.GetAllType('user', function (err, docs) { - for (var id in docs) { - var oldid, changed = false; - if (docs[id].subscriptions) { delete docs[id].subscriptions; changed = true; } - if (docs[id].domain == undefined) { - docs[id].domain = ''; - oldid = docs[id]._id; - docs[id]._id = 'user//' + docs[id]._id.substring(5); - changed = true; - } - if (docs[id].links) { - for (var linkid in docs[id].links) { - var linkid2 = 'mesh//' + linkid.substring(5); - docs[id].links[linkid2] = docs[id].links[linkid]; - delete docs[id].links[linkid]; - } - } - if (changed == true) { - if (oldid) obj.Remove(oldid); - obj.Set(docs[id]); - } - } - - // Add the default domain to all nodes - obj.GetAllType('node', function (err, docs) { - for (var id in docs) { - var oldid, changed = false; - if (docs[id].domain == undefined) { - docs[id].domain = ''; - oldid = docs[id]._id; - docs[id]._id = 'node//' + docs[id]._id.substring(5); - docs[id].meshid = 'mesh//' + docs[id].meshid.substring(5); - changed = true; - } - if (changed == true) { - if (oldid) obj.Remove(oldid); - obj.Set(docs[id]); - } - } - }); - - // Add the default domain to all meshes - obj.GetAllType('mesh', function (err, docs) { - for (var id in docs) { - var oldid, changed = false; - if (docs[id].domain == undefined) { - docs[id].domain = ''; - oldid = docs[id]._id; - docs[id]._id = 'mesh//' + docs[id]._id.substring(5); - if (docs[id].links) { - for (var linkid in docs[id].links) { - var linkid2 = 'user//' + linkid.substring(5); - docs[id].links[linkid2] = docs[id].links[linkid]; - delete docs[id].links[linkid]; - } - } - changed = true; - } - if (changed == true) { - if (oldid) obj.Remove(oldid); - obj.Set(docs[id]); - } - } - }); - - // Add the default domain to all events - obj.GetAllType('event', function (err, docs) { - var changed = false; - for (var id in docs) { - var oldid; - changed = true; - if (docs[id].domain == undefined) { - docs[id].domain = ''; - obj.Set(docs[id]); - } - } - - obj.Set({ _id: 'SchemaVersion', value: 1 }); - ver = 1; - if (changed == true) { console.log('Upgraded database to version 1.'); } - func(ver); - }); - }); + // TODO: Any schema upgrades here... - } else { func(ver); } + func(ver); }); } diff --git a/meshagent.js b/meshagent.js index ef267fa0..009b0be5 100644 --- a/meshagent.js +++ b/meshagent.js @@ -27,6 +27,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { obj.agentUpdate = null; var agentUpdateBlockSize = 65520; obj.remoteaddr = obj.ws._socket.remoteAddress; + obj.useSHA386 = false; if (obj.remoteaddr.startsWith('::ffff:')) { obj.remoteaddr = obj.remoteaddr.substring(7); } ws._socket.setKeepAlive(true, 0); // Set TCP keep alive @@ -49,12 +50,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { // When data is received from the mesh agent web socket ws.on('message', function (msg) { if (msg.length < 2) return; - if (typeof msg == 'object') { - // Convert the buffer into a string - var msg2 = ""; - for (var i = 0; i < msg.length; i++) { msg2 += String.fromCharCode(msg[i]); } - msg = msg2; - } + if (typeof msg == 'object') { msg = msg.toString('binary'); } // TODO: Could change this entire method to use Buffer instead of binary string if (obj.authenticated == 2) { // We are authenticated if (msg.charCodeAt(0) == 123) { processAgentData(msg); } @@ -67,7 +63,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { // We need to check if the core is current. // TODO: Check if we have a mesh specific core. If so, use that. var agentMeshCoreHash = null; - if (msg.length == 36) { agentMeshCoreHash = msg.substring(4, 36); } + if (msg.length == 52) { agentMeshCoreHash = msg.substring(4, 52); } if (agentMeshCoreHash != obj.parent.parent.defaultMeshCoreHash) { if (obj.agentCoreCheck < 5) { // This check is in place to avoid a looping core update. if (obj.parent.parent.defaultMeshCoreHash == null) { @@ -84,16 +80,16 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { } } else if (cmdid == 12) { // MeshCommand_AgentHash - if ((msg.length == 36) && (obj.agentInfo != null) && (obj.agentInfo.update == true)) { + if ((msg.length == 52) && (obj.agentExeInfo != null) && (obj.agentExeInfo.update == true)) { var agenthash = obj.common.rstr2hex(msg.substring(4)).toLowerCase(); - if (agenthash != obj.agentInfo.hash) { + if (agenthash != obj.agentExeInfo.hash) { // Mesh agent update required - console.log('Agent update required, NodeID=0x' + obj.nodeid.substring(0, 16) + ', ' + obj.agentInfo.desc); - obj.fs.open(obj.agentInfo.path, 'r', function (err, fd) { + console.log('Agent update required, NodeID=0x' + obj.nodeid.substring(0, 16) + ', ' + obj.agentExeInfo.desc); + obj.fs.open(obj.agentExeInfo.path, 'r', function (err, fd) { if (err) { return console.error(err); } obj.agentUpdate = { oldHash: agenthash, ptr: 0, buf: new Buffer(agentUpdateBlockSize + 4), fd: fd }; - // We got the agent file open on the server side, tell the agent we are sending an update starting with the SHA256 hash of the result + // We got the agent file open on the server side, tell the agent we are sending an update starting with the SHA384 hash of the result //console.log("Agent update file open."); obj.send(obj.common.ShortToStr(13) + obj.common.ShortToStr(0)); // Command 13, start mesh agent download @@ -136,7 +132,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { if (len < agentUpdateBlockSize) { //console.log("Agent update sent"); - obj.send(obj.common.ShortToStr(13) + obj.common.ShortToStr(0) + obj.common.hex2rstr(obj.agentInfo.hash)); // Command 13, end mesh agent download, send agent SHA256 hash + obj.send(obj.common.ShortToStr(13) + obj.common.ShortToStr(0) + obj.common.hex2rstr(obj.agentInfo.hash)); // Command 13, end mesh agent download, send agent SHA384 hash obj.fs.close(obj.agentUpdate.fd); obj.agentUpdate = null; } @@ -152,18 +148,18 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { var cmd = obj.common.ReadShort(msg, 0); if (cmd == 1) { // Agent authentication request - if ((msg.length != 66) || ((obj.receivedCommands & 1) != 0)) return; + if ((msg.length != 98) || ((obj.receivedCommands & 1) != 0)) return; obj.receivedCommands += 1; // Agent can't send the same command twice on the same connection ever. Block DOS attack path. - // Check that the server hash matches out own web certificate hash - if (obj.parent.webCertificatHash != msg.substring(2, 34)) { obj.close(); return; } + // Check that the server hash matches out own web certificate hash (SHA386) + if (obj.parent.webCertificatHash != msg.substring(2, 50)) { obj.close(); return; } // Use our server private key to sign the ServerHash + AgentNonce + ServerNonce var privateKey = obj.forge.pki.privateKeyFromPem(obj.parent.certificates.agent.key); - var md = obj.forge.md.sha256.create(); + var md = obj.forge.md.sha384.create(); md.update(msg.substring(2), 'binary'); md.update(obj.nonce, 'binary'); - obj.agentnonce = msg.substring(34); + obj.agentnonce = msg.substring(50); // Send back our certificate + signature obj.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(parent.agentCertificatAsn1.length) + parent.agentCertificatAsn1 + privateKey.sign(md)); // Command 2, certificate + signature @@ -183,15 +179,15 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { obj.unauth = {}; obj.unauth.nodeCert = null; try { obj.unauth.nodeCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))); } catch (e) { return; } - obj.unauth.nodeid = obj.forge.pki.getPublicKeyFingerprint(obj.unauth.nodeCert.publicKey, { encoding: 'hex', md: obj.forge.md.sha256.create() }); + obj.unauth.nodeid = obj.forge.pki.getPublicKeyFingerprint(obj.unauth.nodeCert.publicKey, { encoding: 'hex', md: obj.forge.md.sha384.create() }); // Check the agent signature if we can - if (obj.agentnonce == null) { obj.unauthsign = msg.substring(4 + certlen); } else { if (processAgentSignature(msg.substring(4 + certlen)) == false) { disonnect(); return; } } + if (obj.agentnonce == null) { obj.unauthsign = msg.substring(4 + certlen); } else { if (processAgentSignature(msg.substring(4 + certlen)) == false) { console.log('Bad Agent Signature'); obj.close(); return; } } completeAgentConnection(); } else if (cmd == 3) { // Agent meshid - if ((msg.length < 56) || ((obj.receivedCommands & 4) != 0)) return; + if ((msg.length < 72) || ((obj.receivedCommands & 4) != 0)) return; obj.receivedCommands += 4; // Agent can't send the same command twice on the same connection ever. Block DOS attack path. // Set the meshid @@ -200,10 +196,10 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { obj.agentInfo.agentId = obj.common.ReadInt(msg, 6); obj.agentInfo.agentVersion = obj.common.ReadInt(msg, 10); obj.agentInfo.platformType = obj.common.ReadInt(msg, 14); - obj.meshid = obj.common.rstr2hex(msg.substring(18, 50)).toUpperCase(); - obj.agentInfo.capabilities = obj.common.ReadInt(msg, 50); - var computerNameLen = obj.common.ReadShort(msg, 54); - obj.agentInfo.computerName = msg.substring(56, 56 + computerNameLen); + obj.meshid = obj.common.rstr2hex(msg.substring(18, 66)).toUpperCase(); + obj.agentInfo.capabilities = obj.common.ReadInt(msg, 66); + var computerNameLen = obj.common.ReadShort(msg, 70); + obj.agentInfo.computerName = msg.substring(72, 72 + computerNameLen); obj.dbMeshKey = 'mesh/' + obj.domain.id + '/' + obj.meshid; completeAgentConnection(); } @@ -218,8 +214,8 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { // obj.ws._socket._parent.on('close', function (req) { obj.parent.parent.debug(1, 'Agent TCP disconnect ' + obj.nodeid + ' (' + obj.remoteaddr + ')'); }); // Start authenticate the mesh agent by sending a auth nonce & server TLS cert hash. - // Send 256 bits SHA256 hash of TLS cert public key + 256 bits nonce - obj.nonce = obj.forge.random.getBytesSync(32); + // Send 384 bits SHA384 hash of TLS cert public key + 384 bits nonce + obj.nonce = obj.forge.random.getBytesSync(48); obj.send(obj.common.ShortToStr(1) + parent.webCertificatHash + obj.nonce); // Command 1, hash + nonce // Once we get all the information about an agent, run this to hook everything up to the server @@ -237,7 +233,6 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { // Mark when we connected to this agent obj.connectTime = Date.now(); - if (nodes.length == 0) { // This node does not exist, create it. device = { type: 'node', mtype: mesh.mtype, _id: obj.dbNodeKey, icon: obj.agentInfo.platformType, meshid: obj.dbMeshKey, name: obj.agentInfo.computerName, domain: domain.id, agent: { ver: obj.agentInfo.agentVersion, id: obj.agentInfo.agentId, caps: obj.agentInfo.capabilities }, host: null }; @@ -292,8 +287,8 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { if ((obj.agentInfo.capabilities & 16) != 0) { obj.send(obj.common.ShortToStr(11) + obj.common.ShortToStr(0)); } // Command 11, ask for mesh core hash. // Check if we need to make an native update check - obj.agentInfo = obj.parent.parent.meshAgentBinaries[obj.agentInfo.agentId]; - if ((obj.agentInfo != null) && (obj.agentInfo.update == true)) { obj.send(obj.common.ShortToStr(12) + obj.common.ShortToStr(0)); } // Ask the agent for it's executable binary hash + obj.agentExeInfo = obj.parent.parent.meshAgentBinaries[obj.agentInfo.agentId]; + if ((obj.agentExeInfo != null) && (obj.agentExeInfo.update == true)) { obj.send(obj.common.ShortToStr(12) + obj.common.ShortToStr(0)); } // Ask the agent for it's executable binary hash // Check if we already have IP location information for this node obj.db.Get('iploc_' + obj.remoteaddr, function (err, iplocs) { @@ -337,11 +332,11 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { // Verify the agent signature function processAgentSignature(msg) { - var md = obj.forge.md.sha256.create(); // TODO: Switch this to SHA256 on node instead of forge. + var md = obj.forge.md.sha384.create(); // TODO: Switch this to SHA384 on node instead of forge. md.update(obj.parent.webCertificatHash, 'binary'); md.update(obj.nonce, 'binary'); md.update(obj.agentnonce, 'binary'); - if (obj.unauth.nodeCert.publicKey.verify(md.digest().bytes(), msg) == false) return false; + if (obj.unauth.nodeCert.publicKey.verify(md.digest().bytes(), msg) == false) { return false; } // Connection is a success, clean up obj.nodeid = obj.unauth.nodeid.toUpperCase(); diff --git a/meshcentral.js b/meshcentral.js index c912fb2d..0a847650 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -29,8 +29,8 @@ function CreateMeshCentralServer() { obj.certificateOperations = require('./certoperations.js').CertificateOperations(); obj.defaultMeshCore = null; obj.defaultMeshCoreHash = null; - obj.meshAgentBinaries = {}; // Mesh Agent Binaries, Architecture type --> { hash:(sha256 hash), size:(binary size), path:(binary path) } - obj.meshAgentInstallScripts = {}; // Mesh Install Scripts, Script ID -- { hash:(sha256 hash), size:(binary size), path:(binary path) } + obj.meshAgentBinaries = {}; // Mesh Agent Binaries, Architecture type --> { hash:(sha384 hash), size:(binary size), path:(binary path) } + obj.meshAgentInstallScripts = {}; // Mesh Install Scripts, Script ID -- { hash:(sha384 hash), size:(binary size), path:(binary path) } obj.multiServer = null; obj.currentVer = null; obj.maintenanceTimer = null; @@ -38,11 +38,11 @@ function CreateMeshCentralServer() { // Setup the default configuration and files paths if ((__dirname.endsWith('/node_modules/meshcentral')) || (__dirname.endsWith('\\node_modules\\meshcentral')) || (__dirname.endsWith('/node_modules/meshcentral/')) || (__dirname.endsWith('\\node_modules\\meshcentral\\'))) { - obj.datapath = obj.path.join(__dirname, '../../.meshcentral-data'); - obj.filespath = obj.path.join(__dirname, '../../.meshcentral-files'); + obj.datapath = obj.path.join(__dirname, '../../meshcentral-data'); + obj.filespath = obj.path.join(__dirname, '../../meshcentral-files'); } else { - obj.datapath = obj.path.join(__dirname, '../.meshcentral-data'); - obj.filespath = obj.path.join(__dirname, '../.meshcentral-files'); + obj.datapath = obj.path.join(__dirname, '../meshcentral-data'); + obj.filespath = obj.path.join(__dirname, '../meshcentral-files'); } // Create data and files folders if needed @@ -64,12 +64,12 @@ function CreateMeshCentralServer() { try { require('./pass').hash('test', function () { }); } catch (e) { console.log('Old version of node, must upgrade.'); return; } // TODO: Not sure if this test works or not. // Check for invalid arguments - var validArguments = ['_', 'notls', 'user', 'port', 'mpsport', 'redirport', 'cert', 'deletedomain', 'deletedefaultdomain', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbimport', 'selfupdate', 'tlsoffload', 'userallowedip']; + var validArguments = ['_', 'notls', 'user', 'port', 'mpsport', 'redirport', 'cert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbimport', 'selfupdate', 'tlsoffload', 'userallowedip']; for (var arg in obj.args) { obj.args[arg.toLocaleLowerCase()] = obj.args[arg]; if (validArguments.indexOf(arg.toLocaleLowerCase()) == -1) { console.log('Invalid argument "' + arg + '", use --help.'); return; } } if (obj.args.mongodb == true) { console.log('Must specify: --mongodb [connectionstring] \r\nSee https://docs.mongodb.com/manual/reference/connection-string/ for MongoDB connection string.'); return; } if ((obj.args.help == true) || (obj.args['?'] == true)) { - console.log('MeshCentral2 Beta 1, a web-based remote computer management web portal.\r\n'); + console.log('MeshCentral2 Beta 2, a web-based remote computer management web portal.\r\n'); if (obj.platform == 'win32') { console.log('Run as a Windows Service'); console.log(' --install/uninstall Install Meshcentral as a background service.'); @@ -198,7 +198,7 @@ function CreateMeshCentralServer() { // Validate the domains, this is used for multi-hosting if (obj.config.domains == null) { obj.config.domains = {}; } if (obj.config.domains[''] == null) { obj.config.domains[''] = { }; } - var xdomains = {}; for (var i in obj.config.domains) { if (!obj.config.domains[i].title) { obj.config.domains[i].title = 'MeshCentral'; } if (!obj.config.domains[i].title2) { obj.config.domains[i].title2 = '2.0 Beta 1'; } xdomains[i.toLowerCase()] = obj.config.domains[i]; } obj.config.domains = xdomains; + var xdomains = {}; for (var i in obj.config.domains) { if (!obj.config.domains[i].title) { obj.config.domains[i].title = 'MeshCentral'; } if (!obj.config.domains[i].title2) { obj.config.domains[i].title2 = '2.0 Beta 2'; } xdomains[i.toLowerCase()] = obj.config.domains[i]; } obj.config.domains = xdomains; var bannedDomains = ['public', 'private', 'images', 'scripts', 'styles', 'views']; // List of banned domains for (var i in obj.config.domains) { for (var j in bannedDomains) { if (i == bannedDomains[j]) { console.log("ERROR: Domain '" + i + "' is not allowed domain name in ./data/config.json."); return; } } } for (var i in obj.config.domains) { @@ -223,6 +223,7 @@ function CreateMeshCentralServer() { // See if any database operations needs to be completed if (obj.args.deletedomain) { obj.db.DeleteDomain(obj.args.deletedomain, function () { console.log('Deleted domain ' + obj.args.deletedomain + '.'); process.exit(); }); return; } if (obj.args.deletedefaultdomain) { obj.db.DeleteDomain('', function () { console.log('Deleted default domain.'); process.exit(); }); return; } + if (obj.args.showall) { obj.db.GetAll(function (err, docs) { console.log(docs); process.exit(); }); return; } if (obj.args.showusers) { obj.db.GetAllType('user', function (err, docs) { console.log(docs); process.exit(); }); return; } if (obj.args.shownodes) { obj.db.GetAllType('node', function (err, docs) { console.log(docs); process.exit(); }); return; } if (obj.args.showmeshes) { obj.db.GetAllType('mesh', function (err, docs) { console.log(docs); process.exit(); }); return; } @@ -269,7 +270,7 @@ function CreateMeshCentralServer() { while (obj.dbconfig.amtWsEventSecret == null) { process.nextTick(); } var username = buf.toString('hex'); var nodeid = obj.args.getwspass; - var pass = require('crypto').createHash('sha256').update(username.toLowerCase() + ":" + nodeid.toUpperCase() + ":" + obj.dbconfig.amtWsEventSecret).digest("base64").substring(0, 12).split("/").join("x").split("\\").join("x"); + var pass = require('crypto').createHash('sha384').update(username.toLowerCase() + ":" + nodeid.toUpperCase() + ":" + obj.dbconfig.amtWsEventSecret).digest("base64").substring(0, 12).split("/").join("x").split("\\").join("x"); console.log('--- Intel(r) AMT WSMAN eventing credentials ---'); console.log('Username: ' + username); console.log('Password: ' + pass); @@ -299,7 +300,7 @@ function CreateMeshCentralServer() { obj.updateMeshAgentInstallScripts(); // Setup and start the web server - require('crypto').randomBytes(32, function (err, buf) { + require('crypto').randomBytes(48, function (err, buf) { // Setup Mesh Multi-Server if needed obj.multiServer = require('./multiserver.js').CreateMultiServer(obj, obj.args); if (obj.multiServer != null) { @@ -657,7 +658,7 @@ function CreateMeshCentralServer() { // Set the new default meshcore.js meshCore = obj.common.IntToStr(0) + moduleAdditions + meshCore; // Add the 4 bytes encoding type & flags (Set to 0 for raw) obj.defaultMeshCore = meshCore; - obj.defaultMeshCoreHash = obj.crypto.createHash('sha256').update(meshCore).digest("binary"); + obj.defaultMeshCoreHash = obj.crypto.createHash('sha384').update(meshCore).digest("binary"); if (func != null) { func(true); } } @@ -690,7 +691,7 @@ function CreateMeshCentralServer() { }); stream.info = meshAgentsInstallScriptList[scriptid]; stream.agentpath = scriptpath; - stream.hash = obj.crypto.createHash('sha256', stream); + stream.hash = obj.crypto.createHash('sha384', stream); } catch (e) { } } } @@ -748,7 +749,7 @@ function CreateMeshCentralServer() { }); stream.info = meshAgentsArchitectureNumbers[archid]; stream.agentpath = agentpath; - stream.hash = obj.crypto.createHash('sha256', stream); + stream.hash = obj.crypto.createHash('sha384', stream); } catch (e) { } } } @@ -817,7 +818,7 @@ function InstallModule(modulename, func, tag1, tag2) { process.on('SIGINT', function () { if (meshserver != null) { meshserver.Stop(); meshserver = null; } console.log('Server Ctrl-C exit...'); process.exit(); }); // Build the list of required modules -var modules = ['nedb', 'https', 'unzip', 'xmldom', 'express', 'mongojs', 'archiver', 'websocket', 'minimist', 'multiparty', 'node-forge', 'express-ws', 'compression', 'body-parser', 'connect-redis', 'express-session', 'express-handlebars']; +var modules = ['nedb', 'https', 'unzip', 'xmldom', 'express', 'mongojs', 'archiver', 'minimist', 'multiparty', 'node-forge', 'express-ws', 'compression', 'body-parser', 'connect-redis', 'express-session', 'express-handlebars']; if (require('os').platform() == 'win32') { modules.push("node-windows"); } // Run as a command line, if we are not using service arguments, don't need to install the service package. diff --git a/meshrelay.js b/meshrelay.js index 570c228d..beeaa939 100644 --- a/meshrelay.js +++ b/meshrelay.js @@ -6,9 +6,9 @@ // Construct a MeshRelay object, called upon connection module.exports.CreateMeshRelayKey = function (parent, func) { - parent.crypto.randomBytes(16, function (err, buf) { + parent.crypto.randomBytes(48, function (err, buf) { var key = buf.toString('hex').toUpperCase() + ':' + Date.now(); - key += ':' + parent.crypto.createHmac('SHA256', parent.relayRandom).update(key).digest('hex'); + key += ':' + parent.crypto.createHmac('SHA384', parent.relayRandom).update(key).digest('hex'); func(key); }); } @@ -41,7 +41,7 @@ module.exports.CreateMeshRelay = function (parent, ws, req) { // Check the identifier, if running without TLS, skip this. var ids = obj.id.split(':'); if (ids.length != 3) { obj.ws.close(); obj.id = null; return null; } // Invalid ID, drop this. - if (parent.crypto.createHmac('SHA256', parent.relayRandom).update(ids[0] + ':' + ids[1]).digest('hex') != ids[2]) { obj.ws.close(); obj.id = null; return null; } // Invalid HMAC, drop this. + if (parent.crypto.createHmac('SHA384', parent.relayRandom).update(ids[0] + ':' + ids[1]).digest('hex') != ids[2]) { obj.ws.close(); obj.id = null; return null; } // Invalid HMAC, drop this. if ((Date.now() - parseInt(ids[1])) > 120000) { obj.ws.close(); obj.id = null; return null; } // Expired time, drop this. obj.id = ids[0]; } @@ -107,6 +107,8 @@ module.exports.CreateMeshRelay = function (parent, ws, req) { // When data is received from the mesh relay web socket ws.on('message', function (data) { + //console.log(typeof data); + //if (typeof data == 'string') console.log(data); if (this.peer != null) { try { this.pause(); this.peer.send(data, ws.flushSink); } catch (e) { } } }); diff --git a/meshscanner.js b/meshscanner.js index 1aaa08a3..6d88ffdf 100644 --- a/meshscanner.js +++ b/meshscanner.js @@ -17,21 +17,22 @@ module.exports.CreateMeshScanner = function (parent) { var periodicScanTime = (60000 * 20); // Interval between scans, 20 minutes. var membershipIPv4 = '239.255.255.235'; var membershipIPv6 = 'FF02:0:0:0:0:0:0:FE'; - obj.agentCertificatHashHex = parent.certificateOperations.forge.pki.getPublicKeyFingerprint(parent.certificateOperations.forge.pki.certificateFromPem(parent.certificates.agent.cert).publicKey, { md: parent.certificateOperations.forge.md.sha256.create(), encoding: 'hex' }); + obj.agentCertificatHashHex = parent.certificateOperations.forge.pki.getPublicKeyFingerprint(parent.certificateOperations.forge.pki.certificateFromPem(parent.certificates.agent.cert).publicKey, { md: parent.certificateOperations.forge.md.sha384.create(), encoding: 'hex' }); obj.error = 0; // Get a list of IPv4 and IPv6 interface addresses function getInterfaceList() { - var ipv4 = [], ipv6 = []; - if (parent.platform == 'win32') { ipv4.push('*'); ipv6.push('*'); } // Bind to IN_ADDR_ANY only on Windows - var interfaces = require('os').networkInterfaces(); - for (var i in interfaces) { - var interface = interfaces[i]; - for (var j in interface) { - var interface2 = interface[j]; - if ((interface2.mac != '00:00:00:00:00:00') && (interface2.internal == false)) { - if (interface2.family == 'IPv4') { ipv4.push(interface2.address); } - if (interface2.family == 'IPv6') { ipv6.push(interface2.address + '%' + i); } + var ipv4 = ['*'], ipv6 = ['*']; // Bind to IN_ADDR_ANY always + if (parent.platform == 'win32') { // On Windows, also bind to each interface seperatly + var interfaces = require('os').networkInterfaces(); + for (var i in interfaces) { + var interface = interfaces[i]; + for (var j in interface) { + var interface2 = interface[j]; + if ((interface2.mac != '00:00:00:00:00:00') && (interface2.internal == false)) { + if (interface2.family == 'IPv4') { ipv4.push(interface2.address); } + if (interface2.family == 'IPv6') { ipv6.push(interface2.address + '%' + i); } + } } } } diff --git a/mpsserver.js b/mpsserver.js index 18723bc9..b1e59503 100644 --- a/mpsserver.js +++ b/mpsserver.js @@ -112,7 +112,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { socket.tag.domainid = domainid; socket.tag.meshid = 'mesh/' + domainid + '/' + meshid; - socket.tag.nodeid = 'node/' + domainid + '/' + require('crypto').createHash('sha256').update(common.hex2rstr(socket.tag.clientCert.modulus, 'binary')).digest('hex').toUpperCase(); + socket.tag.nodeid = 'node/' + domainid + '/' + require('crypto').createHash('sha384').update(common.hex2rstr(socket.tag.clientCert.modulus, 'binary')).digest('hex').toUpperCase(); socket.tag.name = socket.tag.clientCert.subject.CN; socket.tag.connectTime = Date.now(); socket.tag.host = ''; @@ -170,7 +170,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { console.log(e); } }); - + // Process one AFP command function ProcessCommand(socket) { var cmd = socket.tag.accumulator.charCodeAt(0); @@ -228,7 +228,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { // Intel AMT GUID (socket.tag.SystemId) will be used at NodeID var systemid = socket.tag.SystemId.split('-').join('').toUpperCase(); socket.tag.name = ''; - socket.tag.nodeid = 'node/' + mesh.domain + '/' + systemid + systemid; + socket.tag.nodeid = 'node/' + mesh.domain + '/' + systemid + systemid + systemid; // Turn 16bit systemid guid into 48bit nodeid socket.tag.meshid = mesh._id; obj.db.Get(socket.tag.nodeid, function (err, nodes) { @@ -318,7 +318,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { if (len < 26 + requestLen + addrLen + oaddrLen + datalen) return 0; Debug(2, 'MPS:GLOBAL_REQUEST', request, addr + ':' + port, oaddr + ':' + oport, datalen); // TODO - return ptr + 26 + requestLen + addrLen + oaddrLen + datalen; + return 26 + requestLen + addrLen + oaddrLen + datalen; } return 6 + requestLen; diff --git a/multiserver.js b/multiserver.js index 21d49746..a810529a 100644 --- a/multiserver.js +++ b/multiserver.js @@ -7,6 +7,7 @@ // Construct a Mesh Multi-Server object. This is used for MeshCentral-to-MeshCentral communication. module.exports.CreateMultiServer = function (parent, args) { var obj = {}; + const WebSocket = require('ws'); obj.parent = parent; obj.crypto = require('crypto'); obj.peerConfig = parent.config.peers; @@ -22,7 +23,6 @@ module.exports.CreateMultiServer = function (parent, args) { obj.serverid = serverid; obj.url = url; obj.ws = null; - obj.conn = null; obj.certificates = parent.parent.certificates; obj.common = require('./common.js'); obj.forge = require('node-forge'); @@ -51,123 +51,107 @@ module.exports.CreateMultiServer = function (parent, args) { obj.connectionState = 1; // Get the web socket setup - const WebSocket = require('websocket'); - var WebSocketClient = require('websocket').client; - obj.ws = new WebSocketClient(); + obj.ws = new WebSocket(obj.url + 'meshserver.ashx', { rejectUnauthorized: false, cert: obj.certificates.agent.cert, key: obj.certificates.agent.key }); obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Connecting to: ' + url + 'meshserver.ashx'); // Register the connection failed event - obj.ws.on('connectFailed', function (error) { obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Failed connection'); disconnect(); }); + obj.ws.on('error', function (error) { obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Error: ' + error); disconnect(); }); + obj.ws.on('close', function () { obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Disconnected'); disconnect(); }); // Register the connection event - obj.ws.on('connect', function (connection) { + obj.ws.on('open', function () { obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Connected'); obj.connectionState |= 2; - obj.conn = connection; - obj.nonce = obj.forge.random.getBytesSync(32); - - // If the connection has an error or closes - obj.conn.on('error', function (error) { obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Error: ' + error); disconnect(); }); - obj.conn.on('close', function () { obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Disconnected'); disconnect(); }); + obj.nonce = obj.forge.random.getBytesSync(48); // Get the peer server's certificate and compute the server public key hash - if (obj.ws.socket == null) return; - var rawcertbuf = obj.ws.socket.getPeerCertificate().raw, rawcert = ''; - for (var i = 0; i < rawcertbuf.length; i++) { rawcert += String.fromCharCode(rawcertbuf[i]); } - var serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(rawcert)); - obj.serverCertHash = obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha256.create() }); + if (obj.ws._socket == null) return; + var serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(obj.ws._socket.getPeerCertificate().raw.toString('binary'))); + obj.serverCertHash = obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }); - // If a message is received - obj.conn.on('message', function (msg) { - if (msg.type == 'binary') { var msg2 = ""; for (var i = 0; i < msg.binaryData.length; i++) { msg2 += String.fromCharCode(msg.binaryData[i]); } msg = msg2; } - else if (msg.type == 'utf8') { msg = msg.utf8Data; } - if (msg.length < 2) return; - - if (msg.charCodeAt(0) == 123) { - if (obj.connectionState == 15) { processServerData(msg); } - } else { - var cmd = obj.common.ReadShort(msg, 0); - switch (cmd) { - case 1: { - // Server authentication request - if (msg.length != 66) { obj.parent.parent.debug(1, 'OutPeer: BAD MESSAGE(A1)'); return; } - - // Check that the server hash matches the TLS server certificate public key hash - if (obj.serverCertHash != msg.substring(2, 34)) { obj.parent.parent.debug(1, 'OutPeer: Server hash mismatch.'); disconnect(); return; } - obj.servernonce = msg.substring(34); - - // Use our agent root private key to sign the ServerHash + ServerNonce + AgentNonce - var privateKey = obj.forge.pki.privateKeyFromPem(obj.certificates.agent.key); - var md = obj.forge.md.sha256.create(); - md.update(msg.substring(2), 'binary'); - md.update(obj.nonce, 'binary'); - - // Send back our certificate + signature - agentRootCertificatAsn1 = obj.forge.asn1.toDer(obj.forge.pki.certificateToAsn1(obj.forge.pki.certificateFromPem(obj.certificates.agent.cert))).getBytes(); - obj.conn.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(agentRootCertificatAsn1.length) + agentRootCertificatAsn1 + privateKey.sign(md)); // Command 3, signature - break; - } - case 2: { - // Server certificate - var certlen = obj.common.ReadShort(msg, 2), serverCert = null; - try { serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))); } catch (e) { } - if (serverCert == null) { obj.parent.parent.debug(1, 'OutPeer: Invalid server certificate.'); disconnect(); return; } - var serverid = obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'hex', md: obj.forge.md.sha256.create() }); - if (serverid !== obj.agentCertificatHashHex) { obj.parent.parent.debug(1, 'OutPeer: Server hash mismatch.'); disconnect(); return; } - - // Server signature, verify it - var md = obj.forge.md.sha256.create(); - md.update(obj.serverCertHash, 'binary'); - md.update(obj.nonce, 'binary'); - md.update(obj.servernonce, 'binary'); - if (serverCert.publicKey.verify(md.digest().bytes(), msg.substring(4 + certlen)) == false) { obj.parent.parent.debug(1, 'OutPeer: Server sign check failed.'); disconnect(); return; } - - // Connection is a success, clean up - delete obj.nonce; - delete obj.servernonce; - obj.serverCertHash = obj.common.rstr2hex(obj.serverCertHash).toLowerCase(); // Change this value to hex - obj.connectionState |= 4; - obj.retryBackoff = 0; // Set backoff connection timer back to fast. - obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Verified peer connection to ' + obj.url); - - // Send information about our server to the peer - if (obj.connectionState == 15) { obj.conn.send(JSON.stringify({ action: 'info', serverid: obj.parent.serverid, dbid: obj.parent.parent.db.identifier, key: obj.parent.serverKey, serverCertHash: obj.parent.parent.webserver.webCertificatHashHex })); } - //if ((obj.connectionState == 15) && (obj.connectHandler != null)) { obj.connectHandler(1); } - break; - } - case 4: { - // Server confirmed authentication, we are allowed to send commands to the server - obj.connectionState |= 8; - if (obj.connectionState == 15) { obj.conn.send(JSON.stringify({ action: 'info', serverid: obj.parent.serverid, dbid: obj.parent.parent.db.identifier, key: obj.parent.serverKey, serverCertHash: obj.parent.parent.webserver.webCertificatHashHex })); } - //if ((obj.connectionState == 15) && (obj.connectHandler != null)) { obj.connectHandler(1); } - break; - } - default: { - obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Un-handled command: ' + cmd); - break; - } - } - } - }); - - // Not sure why, but we need to delay the first send - setTimeout(function () { - if ((obj.ws == null) || (obj.conn == null)) return; - // Start authenticate the mesh agent by sending a auth nonce & server TLS cert hash. - // Send 256 bits SHA256 hash of TLS cert public key + 256 bits nonce - obj.conn.send(obj.common.ShortToStr(1) + obj.serverCertHash + obj.nonce); // Command 1, hash + nonce - }, 10); + // Start authenticate the peer server by sending a auth nonce & server TLS cert hash. + // Send 384 bits SHA384 hash of TLS cert public key + 384 bits nonce + obj.ws.send(obj.common.ShortToStr(1) + obj.serverCertHash + obj.nonce); // Command 1, hash + nonce }); - obj.ws.connect(obj.url + 'meshserver.ashx', null, null, null, { rejectUnauthorized: false, cert: obj.certificates.agent.cert, key: obj.certificates.agent.key }); + // If a message is received + obj.ws.on('message', function (msg) { + if (typeof msg != 'string') { msg = msg.toString('binary'); } + if (msg.length < 2) return; + + if (msg.charCodeAt(0) == 123) { + if (obj.connectionState == 15) { processServerData(msg); } + } else { + var cmd = obj.common.ReadShort(msg, 0); + switch (cmd) { + case 1: { + // Server authentication request + if (msg.length != 98) { obj.parent.parent.debug(1, 'OutPeer: BAD MESSAGE(A1)'); return; } + + // Check that the server hash matches the TLS server certificate public key hash + if (obj.serverCertHash != msg.substring(2, 50)) { obj.parent.parent.debug(1, 'OutPeer: Server hash mismatch.'); disconnect(); return; } + obj.servernonce = msg.substring(50); + + // Use our agent certificate root private key to sign the ServerHash + ServerNonce + PeerNonce + var privateKey = obj.forge.pki.privateKeyFromPem(obj.certificates.agent.key); + var md = obj.forge.md.sha384.create(); + md.update(msg.substring(2), 'binary'); + md.update(obj.nonce, 'binary'); + + // Send back our certificate + signature + agentRootCertificatAsn1 = obj.forge.asn1.toDer(obj.forge.pki.certificateToAsn1(obj.forge.pki.certificateFromPem(obj.certificates.agent.cert))).getBytes(); + obj.ws.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(agentRootCertificatAsn1.length) + agentRootCertificatAsn1 + privateKey.sign(md)); // Command 3, signature + break; + } + case 2: { + // Server certificate + var certlen = obj.common.ReadShort(msg, 2), serverCert = null; + try { serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))); } catch (e) { } + if (serverCert == null) { obj.parent.parent.debug(1, 'OutPeer: Invalid server certificate.'); disconnect(); return; } + var serverid = obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'hex', md: obj.forge.md.sha384.create() }); + if (serverid !== obj.agentCertificatHashHex) { obj.parent.parent.debug(1, 'OutPeer: Server hash mismatch.'); disconnect(); return; } + + // Server signature, verify it + var md = obj.forge.md.sha384.create(); + md.update(obj.serverCertHash, 'binary'); + md.update(obj.nonce, 'binary'); + md.update(obj.servernonce, 'binary'); + if (serverCert.publicKey.verify(md.digest().bytes(), msg.substring(4 + certlen)) == false) { obj.parent.parent.debug(1, 'OutPeer: Server sign check failed.'); disconnect(); return; } + + // Connection is a success, clean up + delete obj.nonce; + delete obj.servernonce; + obj.serverCertHash = obj.common.rstr2hex(obj.serverCertHash).toLowerCase(); // Change this value to hex + obj.connectionState |= 4; + obj.retryBackoff = 0; // Set backoff connection timer back to fast. + obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Verified peer connection to ' + obj.url); + + // Send information about our server to the peer + if (obj.connectionState == 15) { obj.ws.send(JSON.stringify({ action: 'info', serverid: obj.parent.serverid, dbid: obj.parent.parent.db.identifier, key: obj.parent.serverKey.toString('hex'), serverCertHash: obj.parent.parent.webserver.webCertificatHashHex })); } + //if ((obj.connectionState == 15) && (obj.connectHandler != null)) { obj.connectHandler(1); } + break; + } + case 4: { + // Server confirmed authentication, we are allowed to send commands to the server + obj.connectionState |= 8; + if (obj.connectionState == 15) { obj.ws.send(JSON.stringify({ action: 'info', serverid: obj.parent.serverid, dbid: obj.parent.parent.db.identifier, key: obj.parent.serverKey.toString('hex'), serverCertHash: obj.parent.parent.webserver.webCertificatHashHex })); } + //if ((obj.connectionState == 15) && (obj.connectHandler != null)) { obj.connectHandler(1); } + break; + } + default: { + obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Un-handled command: ' + cmd); + break; + } + } + } + }); } // Disconnect from the server, if we need to, try again with a delay. function disconnect() { if (obj.authenticated == 3) { obj.parent.ClearPeerServer(obj, obj.peerServerId); obj.authenticated = 0; } if ((obj.connectionState == 15) && (obj.connectHandler != null)) { obj.connectHandler(0); } - if (obj.conn != null) { obj.conn.close(); obj.conn = null; } - if (obj.ws != null) { obj.ws = null; } + if (obj.ws != null) { obj.ws.close(); obj.ws = null; } if (obj.retryTimer != null) { clearTimeout(obj.retryTimer); obj.retryTimer = null; } // Re-try connection if (obj.connectionState >= 1) { obj.connectionState = 1; if (obj.retryTimer == null) { obj.retryTimer = setTimeout(connect, getConnectRetryTime()); } } @@ -182,9 +166,9 @@ module.exports.CreateMultiServer = function (parent, args) { // Send a JSON message to the peer server obj.send = function (msg) { try { - if (obj.ws == null || obj.conn == null || obj.connectionState != 15) { return; } - if (typeof msg == 'object') { obj.conn.send(JSON.stringify(msg)); return; } - if (typeof msg == 'string') { obj.conn.send(msg); return; } + if (obj.ws == null || obj.connectionState != 15) { return; } + if (typeof msg == 'object') { obj.ws.send(JSON.stringify(msg)); return; } + if (typeof msg == 'string') { obj.ws.send(msg); return; } } catch (e) { } } @@ -201,7 +185,7 @@ module.exports.CreateMultiServer = function (parent, args) { if (command.dbid != obj.parent.parent.db.identifier) { console.log('ERROR: Database ID mismatch. Trying to peer to a server with the wrong database. (' + obj.url + ', ' + command.serverid + ').'); return; } if (obj.serverCertHash != command.serverCertHash) { console.log('ERROR: Outer certificate hash mismatch. (' + obj.url + ', ' + command.serverid + ').'); return; } obj.peerServerId = command.serverid; - obj.peerServerKey = command.key; + obj.peerServerKey = new Buffer(command.key, 'hex'); obj.authenticated = 3; obj.parent.SetupPeerServer(obj, obj.peerServerId); } @@ -235,6 +219,7 @@ module.exports.CreateMultiServer = function (parent, args) { obj.peerServerId = null; obj.serverCertHash = null; if (obj.remoteaddr.startsWith('::ffff:')) { obj.remoteaddr = obj.remoteaddr.substring(7); } + obj.parent.parent.debug(1, 'InPeer: Connected (' + obj.remoteaddr + ')'); // Send a message to the peer server obj.send = function (data) { @@ -252,10 +237,9 @@ module.exports.CreateMultiServer = function (parent, args) { if (obj.authenticated == 3) { obj.parent.ClearPeerServer(obj, obj.peerServerId); obj.authenticated = 0; } } - // When data is received from the mesh agent web socket + // When data is received from the peer server web socket ws.on('message', function (msg) { - if (msg.type == 'binary') { var msg2 = ""; for (var i = 0; i < msg.binaryData.length; i++) { msg2 += String.fromCharCode(msg.binaryData[i]); } msg = msg2; } - else if (msg.type == 'utf8') { msg = msg.utf8Data; } + if (typeof msg != 'string') { msg = msg.toString('binary'); } if (msg.length < 2) return; if (obj.authenticated >= 2) { // We are authenticated @@ -267,48 +251,47 @@ module.exports.CreateMultiServer = function (parent, args) { else if (obj.authenticated < 2) { // We are not authenticated var cmd = obj.common.ReadShort(msg, 0); if (cmd == 1) { - // Agent authentication request - if ((msg.length != 66) || ((obj.receivedCommands & 1) != 0)) return; - obj.receivedCommands += 1; // Agent can't send the same command twice on the same connection ever. Block DOS attack path. + // Peer server authentication request + if ((msg.length != 98) || ((obj.receivedCommands & 1) != 0)) return; + obj.receivedCommands += 1; // Peer server can't send the same command twice on the same connection ever. Block DOS attack path. // Check that the server hash matches out own web certificate hash - if (obj.webCertificatHash != msg.substring(2, 34)) { obj.close(); return; } + if (obj.webCertificatHash != msg.substring(2, 50)) { obj.close(); return; } - // Use our server private key to sign the ServerHash + AgentNonce + ServerNonce + // Use our server private key to sign the ServerHash + PeerNonce + ServerNonce var privateKey = obj.forge.pki.privateKeyFromPem(obj.parent.parent.certificates.agent.key); - var md = obj.forge.md.sha256.create(); + var md = obj.forge.md.sha384.create(); md.update(msg.substring(2), 'binary'); md.update(obj.nonce, 'binary'); - obj.agentnonce = msg.substring(34); + obj.peernonce = msg.substring(50); // Send back our certificate + signature obj.send(obj.common.ShortToStr(2) + obj.common.ShortToStr(obj.agentCertificatAsn1.length) + obj.agentCertificatAsn1 + privateKey.sign(md)); // Command 2, certificate + signature - // Check the agent signature if we can + // Check the peer server signature if we can if (obj.unauthsign != null) { - if (processAgentSignature(obj.unauthsign) == false) { disconnect(); return; } else { completePeerServerConnection(); } + if (processPeerSignature(obj.unauthsign) == false) { disconnect(); return; } else { completePeerServerConnection(); } } } else if (cmd == 2) { - // Agent certificate + // Peer server certificate if ((msg.length < 4) || ((obj.receivedCommands & 2) != 0)) return; - obj.receivedCommands += 2; // Agent can't send the same command twice on the same connection ever. Block DOS attack path. + obj.receivedCommands += 2; // Peer server can't send the same command twice on the same connection ever. Block DOS attack path. // Decode the certificate var certlen = obj.common.ReadShort(msg, 2); obj.unauth = {}; obj.unauth.nodeCert = null; try { obj.unauth.nodeCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))); } catch (e) { return; } - obj.unauth.nodeid = obj.forge.pki.getPublicKeyFingerprint(obj.unauth.nodeCert.publicKey, { encoding: 'hex', md: obj.forge.md.sha256.create() }); + obj.unauth.nodeid = obj.forge.pki.getPublicKeyFingerprint(obj.unauth.nodeCert.publicKey, { encoding: 'hex', md: obj.forge.md.sha384.create() }); - // Check the agent signature if we can - if (obj.agentnonce == null) { obj.unauthsign = msg.substring(4 + certlen); } else { if (processAgentSignature(msg.substring(4 + certlen)) == false) { disconnect(); return; } } + // Check the peer server signature if we can + if (obj.peernonce == null) { obj.unauthsign = msg.substring(4 + certlen); } else { if (processPeerSignature(msg.substring(4 + certlen)) == false) { disconnect(); return; } } completePeerServerConnection(); } else if (cmd == 3) { - // Agent meshid if ((msg.length < 56) || ((obj.receivedCommands & 4) != 0)) return; - obj.receivedCommands += 4; // Agent can't send the same command twice on the same connection ever. Block DOS attack path. + obj.receivedCommands += 4; // Peer server can't send the same command twice on the same connection ever. Block DOS attack path. completePeerServerConnection(); } } @@ -317,36 +300,36 @@ module.exports.CreateMultiServer = function (parent, args) { // If error, do nothing ws.on('error', function (err) { obj.parent.parent.debug(1, 'InPeer: Connection Error: ' + err); }); - // If the mesh agent web socket is closed, clean up. + // If the peer server web socket is closed, clean up. ws.on('close', function (req) { obj.parent.parent.debug(1, 'InPeer disconnect ' + obj.nodeid + ' (' + obj.remoteaddr + ')'); obj.close(0); }); - // obj.ws._socket._parent.on('close', function (req) { obj.parent.parent.debug(1, 'Agent TCP disconnect ' + obj.nodeid + ' (' + obj.remoteaddr + ')'); }); + // obj.ws._socket._parent.on('close', function (req) { obj.parent.parent.debug(1, 'Peer server TCP disconnect ' + obj.nodeid + ' (' + obj.remoteaddr + ')'); }); - // Start authenticate the mesh agent by sending a auth nonce & server TLS cert hash. - // Send 256 bits SHA256 hash of TLS cert public key + 256 bits nonce - obj.nonce = obj.forge.random.getBytesSync(32); + // Start authenticate the peer server by sending a auth nonce & server TLS cert hash. + // Send 384 bits SHA382 hash of TLS cert public key + 384 bits nonce + obj.nonce = obj.forge.random.getBytesSync(48); obj.send(obj.common.ShortToStr(1) + obj.webCertificatHash + obj.nonce); // Command 1, hash + nonce - // Once we get all the information about an agent, run this to hook everything up to the server + // Once we get all the information about an peer server, run this to hook everything up to the server function completePeerServerConnection() { if (obj.authenticated != 1) return; obj.send(obj.common.ShortToStr(4)); - obj.send(JSON.stringify({ action: 'info', serverid: obj.parent.serverid, dbid: obj.parent.parent.db.identifier, key: obj.parent.serverKey, serverCertHash: obj.parent.parent.webserver.webCertificatHashHex })); + obj.send(JSON.stringify({ action: 'info', serverid: obj.parent.serverid, dbid: obj.parent.parent.db.identifier, key: obj.parent.serverKey.toString('hex'), serverCertHash: obj.parent.parent.webserver.webCertificatHashHex })); obj.authenticated = 2; } - // Verify the agent signature - function processAgentSignature(msg) { - var md = obj.forge.md.sha256.create(); // TODO: Switch this to SHA256 on node instead of forge. + // Verify the peer server signature + function processPeerSignature(msg) { + var md = obj.forge.md.sha384.create(); // TODO: Switch this to SHA384 on node instead of forge. md.update(obj.parent.parent.webserver.webCertificatHash, 'binary'); md.update(obj.nonce, 'binary'); - md.update(obj.agentnonce, 'binary'); + md.update(obj.peernonce, 'binary'); if (obj.unauth.nodeCert.publicKey.verify(md.digest().bytes(), msg) == false) { return false; } if (obj.unauth.nodeid !== obj.agentCertificatHashHex) { return false; } // Connection is a success, clean up obj.nodeid = obj.unauth.nodeid.toUpperCase(); delete obj.nonce; - delete obj.agentnonce; + delete obj.peernonce; delete obj.unauth; if (obj.unauthsign) delete obj.unauthsign; obj.authenticated = 1; @@ -366,7 +349,7 @@ module.exports.CreateMultiServer = function (parent, args) { if (command.dbid != obj.parent.parent.db.identifier) { console.log('ERROR: Database ID mismatch. Trying to peer to a server with the wrong database. (' + obj.remoteaddr + ', ' + command.serverid + ').'); return; } if (obj.parent.peerConfig.servers[command.serverid] == null) { console.log('ERROR: Unknown peer serverid: ' + command.serverid + ' (' + obj.remoteaddr + ').'); return; } obj.peerServerId = command.serverid; - obj.peerServerKey = command.key; + obj.peerServerKey = new Buffer(command.key, 'hex'); obj.serverCertHash = command.serverCertHash; obj.authenticated = 3; obj.parent.SetupPeerServer(obj, obj.peerServerId); @@ -389,9 +372,7 @@ module.exports.CreateMultiServer = function (parent, args) { if (obj.parent.config.peers.servers[obj.serverid] == null) { console.log("Error: Unable to peer with other servers, \"" + obj.serverid + "\" not present in peer servers list."); return null; } // Generate a cryptographic key used to encode and decode cookies - obj.generateCookieKey = function () { - return new Buffer(obj.crypto.randomBytes(32), 'binary').toString('hex'); - } + obj.generateCookieKey = function () { return new Buffer(obj.crypto.randomBytes(32), 'binary'); } // Return the private key of a peer server obj.getServerCookieKey = function (serverid) { @@ -400,40 +381,25 @@ module.exports.CreateMultiServer = function (parent, args) { return null; } - // Encode an object as a cookie using a key + // Encode an object as a cookie using a key. (key must be 32 bytes long) obj.encodeCookie = function (o, key) { try { if (key == null) { key = obj.serverKey; } - key = require('./common.js').hex2rstr(key); o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time - var msg = JSON.stringify(o); - msg = obj.crypto.createHmac('sha256', key.substring(16)).update(msg, 'binary', 'binary').digest('binary') + msg; - var iv = new Buffer(obj.crypto.randomBytes(16), 'binary'); - var cipher = obj.crypto.createCipheriv('aes-128-cbc', new Buffer(key.substring(0, 16), 'binary'), iv); - crypted = cipher.update(msg, 'binary', 'binary'); - crypted += cipher.final('binary'); - var total = new Buffer(iv, 'binary').toString('hex') + new Buffer(crypted, 'binary').toString('hex'); // HEX: This is not an efficient concat, but it's very compatible. - var cookie = new Buffer(total, 'hex').toString('base64'); - return cookie.replace(/\+/g, '@').replace(/\//g, '$'); + var iv = new Buffer(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key, iv); + var crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]); + return Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return null; } } - // Decode a cookie back into an object using a key. Return null if it's not a valid cookie. + // Decode a cookie back into an object using a key. Return null if it's not a valid cookie. (key must be 32 bytes long) obj.decodeCookie = function (cookie, key) { try { if (key == null) { key = obj.serverKey; } - key = require('./common.js').hex2rstr(key); - cookie = new Buffer(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex'); // HEX: This is not an efficient split, but it's very compatible. - var iv = new Buffer(cookie.substring(0, 32), 'hex'); - var msg = new Buffer(cookie.substring(32), 'hex'); - var decipher = obj.crypto.createDecipheriv('aes-128-cbc', new Buffer(key.substring(0, 16), 'binary'), iv) - var dec = decipher.update(msg, 'binary', 'binary') - dec += decipher.final('binary'); - var msg = dec.substring(32); - var hash1 = dec.substring(0, 32); - var hash2 = obj.crypto.createHmac('sha256', key.substring(16)).update(msg, 'binary', 'binary').digest('binary'); - if (hash1 !== hash2) { return null; } - var o = JSON.parse(msg); + cookie = new Buffer(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); // HEX: This is not an efficient split, but it's very compatible. + var decipher = obj.crypto.createDecipheriv('aes-256-gcm', key, cookie.slice(0, 12)); + decipher.setAuthTag(cookie.slice(12, 16)); + var o = JSON.parse(decipher.update(cookie.slice(28), 'binary', 'utf8') + decipher.final('utf8')); if ((o.time == null) || (o.time == null) || (typeof o.time != 'number')) { return null; } o.time = o.time * 1000; // Decode the cookie creation time o.dtime = Date.now() - o.time; // Decode how long ago the cookie was created @@ -639,41 +605,30 @@ module.exports.CreateMultiServer = function (parent, args) { peerTunnel.connect = function () { // Get the web socket setup - var WebSocketClient = require('websocket').client; - peerTunnel.wsclient = new WebSocketClient(); + peerTunnel.parent.parent.debug(1, 'FTunnel ' + peerTunnel.serverid + ': Start connect to ' + peerTunnel.url); + peerTunnel.ws2 = new WebSocket(peerTunnel.url, { rejectUnauthorized: false }); // Register the connection failed event - peerTunnel.wsclient.on('connectFailed', function (error) { peerTunnel.parent.parent.debug(1, 'FTunnel ' + obj.serverid + ': Failed connection'); peerTunnel.ws1.close(); }); + peerTunnel.ws2.on('error', function (error) { peerTunnel.parent.parent.debug(1, 'FTunnel ' + obj.serverid + ': Connection error'); peerTunnel.close(); }); + + // If the peer server web socket is closed, clean up. + peerTunnel.ws2.on('close', function (req) { peerTunnel.parent.parent.debug(1, 'FTunnel disconnect ' + peerTunnel.nodeid); peerTunnel.close(); }); + + // If a message is received from the peer, Peer ---> Browser (TODO: Pipe this?) + peerTunnel.ws2.on('message', function (msg) { try { peerTunnel.ws2.pause(); peerTunnel.ws1.send(msg, function () { peerTunnel.ws2.resume(); }); } catch (e) { } }); // Register the connection event - peerTunnel.wsclient.on('connect', function (connection) { + peerTunnel.ws2.on('open', function () { + peerTunnel.parent.parent.debug(1, 'FTunnel ' + peerTunnel.serverid + ': Connected'); + // Get the peer server's certificate and compute the server public key hash - var rawcertbuf = connection.socket.getPeerCertificate().raw, rawcert = ''; - for (var i = 0; i < rawcertbuf.length; i++) { rawcert += String.fromCharCode(rawcertbuf[i]); } - var serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(rawcert)); - var serverCertHashHex = obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'hex', md: obj.forge.md.sha256.create() }); + var serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(peerTunnel.ws2._socket.getPeerCertificate().raw.toString('binary'))); + var serverCertHashHex = obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'hex', md: obj.forge.md.sha384.create() }); // Check if the peer certificate is the expected one for this serverid - if (obj.peerServers[serverid] == null || obj.peerServers[serverid].serverCertHash != serverCertHashHex) { console.log('ERROR: Outer certificate hash mismatch. (' + peerTunnel.url + ', ' + peerTunnel.serverid + ').'); peerTunnel.ws1.close(); return; } + if (obj.peerServers[serverid] == null || obj.peerServers[serverid].serverCertHash != serverCertHashHex) { console.log('ERROR: Outer certificate hash mismatch. (' + peerTunnel.url + ', ' + peerTunnel.serverid + ').'); peerTunnel.close(); return; } - // Connection accepted. - peerTunnel.ws2 = connection; - - // If error, do nothing - peerTunnel.ws2.on('error', function (err) { peerTunnel.parent.parent.debug(1, 'FTunnel: Connection Error: ' + err); peerTunnel.close(); }); - - // If the mesh agent web socket is closed, clean up. - peerTunnel.ws2.on('close', function (req) { peerTunnel.parent.parent.debug(1, 'FTunnel disconnect ' + peerTunnel.nodeid); peerTunnel.close(); }); - - // If a message is received from the peer, Peer ---> Browser - peerTunnel.ws2.on('message', function (msg) { - try { - if (msg.type == 'utf8') { peerTunnel.ws2.pause(); peerTunnel.ws1.send(msg.utf8Data, function () { peerTunnel.ws2.resume(); }); } - else if (msg.type == 'binary') { peerTunnel.ws2.pause(); peerTunnel.ws1.send(msg.binaryData, function () { peerTunnel.ws2.resume(); }); } - } catch (e) { } - }); - - // Resume the web socket to start the data flow + // Connection accepted, resume the web socket to start the data flow peerTunnel.ws1.resume(); }); @@ -681,12 +636,10 @@ module.exports.CreateMultiServer = function (parent, args) { peerTunnel.ws1.on('message', function (msg) { try { peerTunnel.ws1.pause(); peerTunnel.ws2.send(msg, function () { peerTunnel.ws1.resume(); }); } catch (e) { } }); // If error, do nothing - peerTunnel.ws1.on('error', function (err) { console.log(err); peerTunnel.close(); }); + peerTunnel.ws1.on('error', function (err) { peerTunnel.close(); }); // If the web socket is closed, close the associated TCP connection. peerTunnel.ws1.on('close', function (req) { peerTunnel.parent.parent.debug(1, 'FTunnel disconnect ' + peerTunnel.nodeid); peerTunnel.close(); }); - - peerTunnel.wsclient.connect(peerTunnel.url, null, null, null, { rejectUnauthorized: false }); } // Disconnect both sides of the tunnel diff --git a/package.json b/package.json index f8fc4ab7..f5c5ac01 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.0.8-u", + "version": "0.0.8-w", "keywords": [ "Remote Management", "Intel AMT", @@ -26,20 +26,22 @@ ], "dependencies": { "archiver": "^1.3.0", - "body-parser": "^1.17.1", - "compression": "^1.6.2", - "connect-redis": "^3.2.0", - "express": "^4.15.2", + "body-parser": "^1.18.2", + "compression": "^1.7.1", + "connect-redis": "^3.3.2", + "express": "^4.16.2", "express-handlebars": "^3.0.0", - "express-session": "^1.15.1", + "express-session": "^1.15.6", "express-ws": "^2.0.0", "meshcentral": "*", "minimist": "^1.2.0", + "mongojs": "^2.4.1", "multiparty": "^4.1.3", "nedb": "^1.8.0", "node-forge": "^0.6.49", + "node-windows": "^0.1.14", "unzip": "^0.1.11", - "websocket": "^1.0.24", + "ws": "^3.2.0", "xmldom": "^0.1.27" }, "optionalDependencies": { diff --git a/pass.js b/pass.js index 515d5e2e..c6670f14 100644 --- a/pass.js +++ b/pass.js @@ -21,7 +21,7 @@ var iterations = 12000; exports.hash = function (pwd, salt, fn) { if (3 == arguments.length) { try { - crypto.pbkdf2(pwd, salt, iterations, len, 'sha256', function (err, hash) { fn(err, hash.toString('base64')); }); + crypto.pbkdf2(pwd, salt, iterations, len, 'sha384', function (err, hash) { fn(err, hash.toString('base64')); }); } catch (e) { // If this previous call fails, it's probably because older pbkdf2 did not specify the hashing function, just use the default. crypto.pbkdf2(pwd, salt, iterations, len, function (err, hash) { fn(err, hash.toString('base64')); }); @@ -32,7 +32,7 @@ exports.hash = function (pwd, salt, fn) { if (err) return fn(err); salt = salt.toString('base64'); try { - crypto.pbkdf2(pwd, salt, iterations, len, 'sha256', function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64')); }); + crypto.pbkdf2(pwd, salt, iterations, len, 'sha384', function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64')); }); } catch (e) { // If this previous call fails, it's probably because older pbkdf2 did not specify the hashing function, just use the default. crypto.pbkdf2(pwd, salt, iterations, len, function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64')); }); diff --git a/public/scripts/agent-redir-ws-0.1.0.js b/public/scripts/agent-redir-ws-0.1.0.js index 75a3901f..f0b3fceb 100644 --- a/public/scripts/agent-redir-ws-0.1.0.js +++ b/public/scripts/agent-redir-ws-0.1.0.js @@ -16,7 +16,9 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort) { obj.connectstate = -1; obj.tunnelid = Math.random().toString(36).substring(2); // Generate a random client tunnel id obj.protocol = module.protocol; // 1 = SOL, 2 = KVM, 3 = IDER, 4 = Files, 5 = FileTransfer - + obj.attemptWebRTC = false; + obj.webrtc = null; + obj.webchannel = null; obj.onStateChanged = null; // Private method @@ -43,8 +45,68 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort) { obj.xxStateChange(2); } + // Called to pass websocket control messages + obj.xxOnControlCommand = function (msg) { + var controlMsg = JSON.parse(msg); + if ((controlMsg.type == 'answer') && (obj.webrtc != null)) { + console.log('gotAnswer', JSON.stringify(controlMsg)); + obj.webrtc.setRemoteDescription(new RTCSessionDescription(controlMsg), function () { console.log('WebRTC remote ok'); }, obj.xxCloseWebRTC); + } + } + + // Close the WebRTC connection, should be called if a problem occurs during WebRTC setup. + obj.xxCloseWebRTC = function () { + if (obj.webchannel != null) { obj.webchannel.close(); obj.webchannel = null; } + if (obj.webrtc != null) { obj.webrtc.close(); obj.webrtc = null; } + } + obj.xxOnMessage = function (e) { - if (obj.State < 3) { if (e.data == 'c') { obj.socket.send(obj.protocol); obj.xxStateChange(3); return; } } + if (obj.State < 3) { + if (e.data == 'c') { + obj.socket.send(obj.protocol); + obj.xxStateChange(3); + + if (obj.attemptWebRTC == true) { + // Try to get WebRTC setup + var configuration = null; //{ "iceServers": [ { 'urls': 'stun:stun.services.mozilla.com' }, { 'urls': 'stun:stun.l.google.com:19302' } ] }; + if (typeof RTCPeerConnection !== 'undefined') { obj.webrtc = new RTCPeerConnection(configuration); } + else if (typeof webkitRTCPeerConnection !== 'undefined') { obj.webrtc = new webkitRTCPeerConnection(configuration); } + + if (obj.webrtc != null) { + obj.webchannel = obj.webrtc.createDataChannel("DataChannel", {}); // { ordered: false, maxRetransmits: 2 } + obj.webchannel.onmessage = function (event) { console.log("DataChannel - onmessage", event.data); }; + obj.webchannel.onopen = function () { console.log("DataChannel - onopen"); }; + obj.webchannel.onclose = function (event) { console.log("DataChannel - onclose"); } + obj.webrtc.ondatachannel = function (e) { console.log('ondatachannel'); } // TODO: Should not be needed + obj.webrtc.onicecandidate = function (e) { + if (e.candidate == null) { + console.log('createOffer', JSON.stringify(obj.webrtcoffer)); + obj.socket.send('**********%%%%%%###**' + JSON.stringify(obj.webrtcoffer)); // End of candidates, send the offer + } else { + obj.webrtcoffer.sdp += ("a=" + e.candidate.candidate + "\r\n"); // New candidate, add it to the SDP + } + } + obj.webrtc.oniceconnectionstatechange = function () { + if (obj.webrtc != null) { + console.log('oniceconnectionstatechange', obj.webrtc.iceConnectionState); + if ((obj.webrtc.iceConnectionState == 'disconnected') || (obj.webrtc.iceConnectionState == 'failed')) { obj.xxCloseWebRTC(); } + } + } + obj.webrtc.createOffer(function (offer) { + // Got the offer + obj.webrtcoffer = offer; + obj.webrtc.setLocalDescription(offer, function () { console.log('WebRTC local ok'); }, obj.xxCloseWebRTC); + }, obj.xxCloseWebRTC, { mandatory: { OfferToReceiveAudio: false, OfferToReceiveVideo: false } }); + } + } + + return; + } + } + if (typeof e.data == 'string') { + // Control messages, most likely WebRTC setup + obj.xxOnControlCommand(e.data); + } if (typeof e.data == 'object') { var f = new FileReader(); if (f.readAsBinaryString) { @@ -81,6 +143,9 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort) { } else if (typeof data !== 'string') return; + // TODO: Don't use a prefix anymore, use string encoding instead + if (data.length > 21 && data.startsWith('**********%%%%%%###**')) { obj.xxOnControlCommand(data.substring(21)); return; } + //console.log("xxOnSocketData", rstr2hex(data)); return obj.m.ProcessData(data); @@ -115,6 +180,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort) { //obj.debug("Agent Redir Socket Stopped"); obj.xxStateChange(0); obj.connectstate = -1; + obj.xxCloseWebRTC(); if (obj.socket != null) { obj.socket.close(); obj.socket = null; } } diff --git a/public/scripts/cira_cleanup.mescript b/public/scripts/cira_cleanup.mescript index c310e264..00bcbb53 100644 --- a/public/scripts/cira_cleanup.mescript +++ b/public/scripts/cira_cleanup.mescript @@ -1,5 +1,5 @@ { - "scriptText": "##### Starting Block #####\nprint \"Script Started\"\n\n##### Block: Remote - Remove Trigger #####\nHighlightBlock __t 0\njsonparse hMapPolicies \"%7B%220%22:%20%22User%20Initiated%22,%09%221%22:%20%22Alert%22,%20%222%22:%20%22Periodic%22%7D\"\nsplit policiesArr \"0,1,2\" \",\"\nlength policiesArrLen policiesArr\nset i 0\n:loop-0\nset curPolicy hMapPolicies.{policiesArr.{i}}\njsonparse ws_args \"%7B%22PolicyRuleName%22:%22{curPolicy}%22%7D\"\nwsdelete \"AMT_RemoteAccessPolicyRule\" ws_args\nadd i i 1\njump :loop-0 i \"<\" policiesArrLen\nprint \"INFO: Policies removed successfully\"\nset PullRemoteAccess 1\nset AMT_RemoteAccessPolicyRule\nset curPolicy\nset hMapPolicies\nset i\nset policiesArr\nset policiesArrLen\nset ws_args\nset wsman_result\n\n##### Block: Remote - Remove All MPS #####\nHighlightBlock __t 1\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\nset i 0\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\nLength arr_len arr\n:loop-1\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\nadd i i 1\njump :loop-1 i \"<\" arr_len\n:end-1\nset AMT_ManagementPresenceRemoteSAP\nset arr\nset i\nset instanceName\nset selector\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset arr_len\nset PullRemoteAccess 1\n\n\n##### Block: Network - Clear Environment Detection #####\nHighlightBlock __t 2\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\nwsbatchenum \"wsman_answer\" ws_general_query\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\nset envDetectionInstance.DetectionStrings undefined\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\njump :error-2 wsman_result \"==\" 200\nprint \"Cleared environment detection\"\njump :end-2\n:error-2\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\njump :end-2\n:end-2\nset envDetectionInstance\nset ws_general_query\nset AMT_EnvironmentDetectionSettingData\nset PullRemoteAccess \"1\"\nset wsman_answer \nset wsman_result\n\n\n##### Ending Block #####\n:end\njump :SkipPullSystemStatus PullSystemStatus \"!=\" 1\nPullSystemStatus\n:SkipPullSystemStatus\njump :SkipPullEventLog PullEventLog \"!=\" 1\nPullEventLog\n:SkipPullEventLog\njump :SkipPullAuditLog PullAuditLog \"!=\" 1\nPullAuditLog\n:SkipPullAuditLog\njump :SkipPullCertificates PullCertificates \"!=\" 1\nPullCertificates\n:SkipPullCertificates\njump :SkipPullWatchdog PullWatchdog \"!=\" 1\nPullWatchdog\n:SkipPullWatchdog\njump :SkipPullSystemDefense PullSystemDefense \"!=\" 1\nPullSystemDefense\n:SkipPullSystemDefense\njump :SkipPullHardware PullHardware \"!=\" 1\nPullHardware\n:SkipPullHardware\njump :SkipPullUserInfo PullUserInfo \"!=\" 1\nPullUserInfo\n:SkipPullUserInfo\njump :SkipPullRemoteAccess PullRemoteAccess \"!=\" 1\nPullRemoteAccess\n:SkipPullRemoteAccess\nprint \"Script Completed\"\nHighlightBlock\n", + "scriptText": "##### Starting Block #####\nprint \"Script Started\"\n\n##### Block: Remote - Remove Trigger #####\nHighlightBlock __t 0\njsonparse hMapPolicies \"%7B%220%22:%20%22User%20Initiated%22,%09%221%22:%20%22Alert%22,%20%222%22:%20%22Periodic%22%7D\"\nsplit policiesArr \"0,1,2\" \",\"\nlength policiesArrLen policiesArr\nset i 0\n:loop-0\nset curPolicy hMapPolicies.{policiesArr.{i}}\njsonparse ws_args \"%7B%22PolicyRuleName%22:%22{curPolicy}%22%7D\"\nwsdelete \"AMT_RemoteAccessPolicyRule\" ws_args\nadd i i 1\njump :loop-0 i \"<\" policiesArrLen\nprint \"Policies removed successfully\"\nset PullRemoteAccess 1\nset AMT_RemoteAccessPolicyRule\nset curPolicy\nset hMapPolicies\nset i\nset policiesArr\nset policiesArrLen\nset ws_args\nset wsman_result\n\n##### Block: Remote - Remove All MPS #####\nHighlightBlock __t 1\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\nset i 0\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\nLength arr_len arr\n:loop-1\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\nadd i i 1\njump :loop-1 i \"<\" arr_len\n:end-1\nset AMT_ManagementPresenceRemoteSAP\nset arr\nset i\nset instanceName\nset selector\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset arr_len\nset PullRemoteAccess 1\n\n\n##### Block: Network - Clear Environment Detection #####\nHighlightBlock __t 2\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\nwsbatchenum \"wsman_answer\" ws_general_query\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\nset envDetectionInstance.DetectionStrings undefined\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\njump :error-2 wsman_result \"==\" 200\nprint \"Cleared environment detection\"\njump :end-2\n:error-2\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\njump :end-2\n:end-2\nset envDetectionInstance\nset ws_general_query\nset AMT_EnvironmentDetectionSettingData\nset PullRemoteAccess \"1\"\nset wsman_answer \nset wsman_result\n\n\n##### Ending Block #####\n:end\njump :SkipPullSystemStatus PullSystemStatus \"!=\" 1\nPullSystemStatus\n:SkipPullSystemStatus\njump :SkipPullEventLog PullEventLog \"!=\" 1\nPullEventLog\n:SkipPullEventLog\njump :SkipPullAuditLog PullAuditLog \"!=\" 1\nPullAuditLog\n:SkipPullAuditLog\njump :SkipPullCertificates PullCertificates \"!=\" 1\nPullCertificates\n:SkipPullCertificates\njump :SkipPullWatchdog PullWatchdog \"!=\" 1\nPullWatchdog\n:SkipPullWatchdog\njump :SkipPullSystemDefense PullSystemDefense \"!=\" 1\nPullSystemDefense\n:SkipPullSystemDefense\njump :SkipPullHardware PullHardware \"!=\" 1\nPullHardware\n:SkipPullHardware\njump :SkipPullUserInfo PullUserInfo \"!=\" 1\nPullUserInfo\n:SkipPullUserInfo\njump :SkipPullRemoteAccess PullRemoteAccess \"!=\" 1\nPullRemoteAccess\n:SkipPullRemoteAccess\nprint \"Script Completed\"\nHighlightBlock\n", "mescript": "JH0pRQABAAMAFwABAA8BU2NyaXB0IFN0YXJ0ZWROKQATAAIABABfX3QABQIAAAAAAAsAdgACAA0AaE1hcFBvbGljaWVzAF8BJTdCJTIyMCUyMjolMjAlMjJVc2VyJTIwSW5pdGlhdGVkJTIyLCUwOSUyMjElMjI6JTIwJTIyQWxlcnQlMjIsJTIwJTIyMiUyMjolMjAlMjJQZXJpb2RpYyUyMiU3RAAIACAAAwAMAHBvbGljaWVzQXJyAAYBMCwxLDIAAgEsAAoAJQACAA8AcG9saWNpZXNBcnJMZW4ADABwb2xpY2llc0FycgACABEAAgACAGkABQIAAAAAAAIAMwACAAoAY3VyUG9saWN5AB8AaE1hcFBvbGljaWVzLntwb2xpY2llc0Fyci57aX19AAsAPwACAAgAd3NfYXJncwAtASU3QiUyMlBvbGljeVJ1bGVOYW1lJTIyOiUyMntjdXJQb2xpY3l9JTIyJTdEABMALQACABsBQU1UX1JlbW90ZUFjY2Vzc1BvbGljeVJ1bGUACAB3c19hcmdzAA0AFQADAAIAaQACAGkABQIAAAABAAEAJgAEAAUDAAAA9gACAGkAAgE8AA8AcG9saWNpZXNBcnJMZW4AAwAsAAEAJAFJTkZPOiBQb2xpY2llcyByZW1vdmVkIHN1Y2Nlc3NmdWxseQACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABAAIAIwABABsAQU1UX1JlbW90ZUFjY2Vzc1BvbGljeVJ1bGUAAgASAAEACgBjdXJQb2xpY3kAAgAVAAEADQBoTWFwUG9saWNpZXMAAgAKAAEAAgBpAAIAFAABAAwAcG9saWNpZXNBcnIAAgAXAAEADwBwb2xpY2llc0FyckxlbgACABAAAQAIAHdzX2FyZ3MAAgAVAAEADQB3c21hbl9yZXN1bHROKQATAAIABABfX3QABQIAAAABAAgAPwADABEAd3NfZ2VuZXJhbF9xdWVyeQAgAUFNVF9NYW5hZ2VtZW50UHJlc2VuY2VSZW1vdGVTQVAAAgAsABAAKAACAA0Bd3NtYW5fYW5zd2VyABEAd3NfZ2VuZXJhbF9xdWVyeQACABEAAgACAGkABQIAAAAAAAIARQACAAQAYXJyADcAd3NtYW5fYW5zd2VyLkFNVF9NYW5hZ2VtZW50UHJlc2VuY2VSZW1vdGVTQVAucmVzcG9uc2VzAAoAFgACAAgAYXJyX2xlbgAEAGFycgACAFcAAgANAGluc3RhbmNlTmFtZQBAAHdzbWFuX2Fuc3dlci5BTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQLnJlc3BvbnNlcy57aX0uTmFtZQACAHwAAgAJAHNlbGVjdG9yAGkBJTNDdzpTZWxlY3RvclNldCUzRSUzQ3c6U2VsZWN0b3IlMjBOYW1lPSUyMk5hbWUlMjIlM0V7aW5zdGFuY2VOYW1lfSUzQy93OlNlbGVjdG9yJTNFJTNDL3c6U2VsZWN0b3JTZXQlM0UAEwAzAAIAIAFBTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQAAkAc2VsZWN0b3IADQAVAAMAAgBpAAIAaQAFAgAAAAEAAQAfAAQABQMAAAOmAAIAaQACATwACABhcnJfbGVuAAIAKAABACAAQU1UX01hbmFnZW1lbnRQcmVzZW5jZVJlbW90ZVNBUAACAAwAAQAEAGFycgACAAoAAQACAGkAAgAVAAEADQBpbnN0YW5jZU5hbWUAAgARAAEACQBzZWxlY3RvcgACABkAAQARAHdzX2dlbmVyYWxfcXVlcnkAAgAVAAEADQB3c21hbl9hbnN3ZXIAAgAVAAEADQB3c21hbl9yZXN1bHQAAgAZAAEAEQB3c21hbl9yZXN1bHRfc3RyAAIAEAABAAgAYXJyX2xlbgACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABTikAEwACAAQAX190AAUCAAAAAgAIAEQAAwARAHdzX2dlbmVyYWxfcXVlcnkAJQEqQU1UX0Vudmlyb25tZW50RGV0ZWN0aW9uU2V0dGluZ0RhdGEAAgEsABAAKAACAA0Bd3NtYW5fYW5zd2VyABEAd3NfZ2VuZXJhbF9xdWVyeQACAFkAAgAVAGVudkRldGVjdGlvbkluc3RhbmNlADoAd3NtYW5fYW5zd2VyLkFNVF9FbnZpcm9ubWVudERldGVjdGlvblNldHRpbmdEYXRhLnJlc3BvbnNlAAIAOgACACYAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uU3RyaW5ncwAKAHVuZGVmaW5lZAARAEMAAgAkAUFNVF9FbnZpcm9ubWVudERldGVjdGlvblNldHRpbmdEYXRhABUAZW52RGV0ZWN0aW9uSW5zdGFuY2UAAQAoAAQABQMAAAeAAA0Ad3NtYW5fcmVzdWx0AAMBPT0ABQIAAADIAAMAJgABAB4BQ2xlYXJlZCBlbnZpcm9ubWVudCBkZXRlY3Rpb24AAQANAAEABQMAAAfCAAMANQABAC0BRVJST1I6IFdTTUFOIGNhbGwgZmFpbGVkOiB7d3NtYW5fcmVzdWx0X3N0cn0AAQANAAEABQMAAAfCAAIAHQABABUAZW52RGV0ZWN0aW9uSW5zdGFuY2UAAgAZAAEAEQB3c19nZW5lcmFsX3F1ZXJ5AAIALAABACQAQU1UX0Vudmlyb25tZW50RGV0ZWN0aW9uU2V0dGluZ0RhdGEAAgAdAAIAEQBQdWxsUmVtb3RlQWNjZXNzAAIBMQACABUAAQANAHdzbWFuX2Fuc3dlcgACABUAAQANAHdzbWFuX3Jlc3VsdAABACwABAAFAwAACJ0AEQBQdWxsU3lzdGVtU3RhdHVzAAMBIT0ABQIAAAABTiAABgAAAAEAKAAEAAUDAAAIywANAFB1bGxFdmVudExvZwADASE9AAUCAAAAAU4hAAYAAAABACgABAAFAwAACPkADQBQdWxsQXVkaXRMb2cAAwEhPQAFAgAAAAFOIgAGAAAAAQAsAAQABQMAAAkrABEAUHVsbENlcnRpZmljYXRlcwADASE9AAUCAAAAAU4jAAYAAAABACgABAAFAwAACVkADQBQdWxsV2F0Y2hkb2cAAwEhPQAFAgAAAAFOJAAGAAAAAQAtAAQABQMAAAmMABIAUHVsbFN5c3RlbURlZmVuc2UAAwEhPQAFAgAAAAFOJQAGAAAAAQAoAAQABQMAAAm6AA0AUHVsbEhhcmR3YXJlAAMBIT0ABQIAAAABTiYABgAAAAEAKAAEAAUDAAAJ6AANAFB1bGxVc2VySW5mbwADASE9AAUCAAAAAU4nAAYAAAABACwABAAFAwAAChoAEQBQdWxsUmVtb3RlQWNjZXNzAAMBIT0ABQIAAAABTigABgAAAAMAGQABABEBU2NyaXB0IENvbXBsZXRlZE4pAAYAAA==", "blocks": { "_start": { @@ -477,7 +477,7 @@ "AMT-Network-AddEnvDetection": { "name": "Network - Set Environment Detection", "desc": "Configures the DNS information that will be used by Intel AMT to dynamically determine the network it is operating in", - "code": "# *** Validate user input ***\r\nprint \"INFO: Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"INFO: Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"INFO: Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result", + "code": "# *** Validate user input ***\r\nprint \"Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result", "vars": { "DetectionStrings": { "name": "Detection Strings", @@ -690,7 +690,7 @@ "AMT-RemoteAccess-AddRemoteAccessPolicyRule": { "name": "Remote - Add Trigger (User / Alert)", "desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.", - "code": "# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%220%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\n# *** Verify valid input ***\r\njump :VALID_INPUT \"%%%AccessInfo1%%%\" \"!=\" \"\"\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:VALID_INPUT\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"INFO: Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"INFO: Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"INFO: Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy addedd successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer", + "code": "# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%220%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\n# *** Verify valid input ***\r\njump :VALID_INPUT \"%%%AccessInfo1%%%\" \"!=\" \"\"\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:VALID_INPUT\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy addedd successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer", "vars": { "AccessInfo1": { "name": "MPS 1 Address", @@ -728,7 +728,7 @@ "AMT-RemoteAccess-AddRemoteAccessPolicyRule2": { "name": "Remote - Add Trigger (Periodic)", "desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.", - "code": "# *** Verify valid input ***\r\nsplit period_arr \"%%%Period%%%\" \":\"\r\nlength period_arr_len period_arr\r\njump :INVALID_ARG_AccessInfo1 \"%%%AccessInfo1%%%\" \"=\" \"\"\r\njump :DailyPeriod \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_PeriodType \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \">\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"4294967295\"\nIntToStr extendedData \"0\"\nIntToStr bPeriod period_arr.0\nadd extendedData extendedData bPeriod\njump :SET_PERIOD\n:DailyPeriod\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\nIntToStr extendedData \"1\"\nIntToStr bPeriodHour period_arr.0\nIntToStr bPeriodMinute period_arr.1\nadd extendedData extendedData bPeriodHour\nadd extendedData extendedData bPeriodMinute\njump :SET_PERIOD\n:INVALID_PeriodType\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\njump :end-4\n:INVALID_ARG_PeriodDaily\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\njump :end-4\n:INVALID_ARG_AccessInfo1\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\njump :end-4\n:INVALID_ARG_Period\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"5\"\n:SET_IPV6_PREFIX-6\njump :IPv6StringsDefined-6 envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\njump :EMPTY_IPV6PRFX \"\" \"=\" \"\" \nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\njump :CALL_WSPUT-6\n:IPv6StringsDefined-6\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\n:EMPTY_IPV6PRFX\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-6 arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\n:CALL_WSPUT-6\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\njump :error-6 wsman_result \"!=\" 200\nprint \"INFO: Environment Detection set successfully\"\njump :end-6\n:error-6\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\njump :end-6\n:INVALID_LEN_DetectionStrings-6\nprint \"ERROR: detection strings count must be at most 5\"\njump :end-6\n:INVALID_LEN_DetectionIPv6LocalPrefixes-6\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\njump :end-6\n:EMPTY_DETECTIONSTR-6\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\n:end-6\n set PullRemoteAccess \"1\"\nset AMT_EnvironmentDetectionSettingData\nset arrDetectionIPv6LocalPrefixes\nset arrDetectionStrings\nset envDetectionInstance\nset ws_general_query\nset wsman_answer \nset wsman_result\n\n##### Ending Block #####\n:end\njump :SkipPullSystemStatus PullSystemStatus \"!=\" 1\nPullSystemStatus\n:SkipPullSystemStatus\njump :SkipPullEventLog PullEventLog \"!=\" 1\nPullEventLog\n:SkipPullEventLog\njump :SkipPullAuditLog PullAuditLog \"!=\" 1\nPullAuditLog\n:SkipPullAuditLog\njump :SkipPullCertificates PullCertificates \"!=\" 1\nPullCertificates\n:SkipPullCertificates\njump :SkipPullWatchdog PullWatchdog \"!=\" 1\nPullWatchdog\n:SkipPullWatchdog\njump :SkipPullSystemDefense PullSystemDefense \"!=\" 1\nPullSystemDefense\n:SkipPullSystemDefense\njump :SkipPullHardware PullHardware \"!=\" 1\nPullHardware\n:SkipPullHardware\njump :SkipPullUserInfo PullUserInfo \"!=\" 1\nPullUserInfo\n:SkipPullUserInfo\njump :SkipPullRemoteAccess PullRemoteAccess \"!=\" 1\nPullRemoteAccess\n:SkipPullRemoteAccess\nprint \"Script Completed\"\nHighlightBlock\n", + "scriptText": "##### Starting Block #####\nprint \"Script Started\"\n\n##### Block: Remote - Remove Trigger #####\nHighlightBlock __t 0\njsonparse hMapPolicies \"%7B%220%22:%20%22User%20Initiated%22,%09%221%22:%20%22Alert%22,%20%222%22:%20%22Periodic%22%7D\"\nsplit policiesArr \"0,1,2\" \",\"\nlength policiesArrLen policiesArr\nset i 0\n:loop-0\nset curPolicy hMapPolicies.{policiesArr.{i}}\njsonparse ws_args \"%7B%22PolicyRuleName%22:%22{curPolicy}%22%7D\"\nwsdelete \"AMT_RemoteAccessPolicyRule\" ws_args\nadd i i 1\njump :loop-0 i \"<\" policiesArrLen\nprint \"Policies removed successfully\"\nset PullRemoteAccess 1\nset AMT_RemoteAccessPolicyRule\nset curPolicy\nset hMapPolicies\nset i\nset policiesArr\nset policiesArrLen\nset ws_args\nset wsman_result\n\n##### Block: Remote - Remove All MPS #####\nHighlightBlock __t 1\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\nset i 0\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\nLength arr_len arr\n:loop-1\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\nadd i i 1\njump :loop-1 i \"<\" arr_len\n:end-1\nset AMT_ManagementPresenceRemoteSAP\nset arr\nset i\nset instanceName\nset selector\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset arr_len\nset PullRemoteAccess 1\n\n\n##### Block: Security - Add Certificate #####\nHighlightBlock __t 2\njsonparse wsargs \"%7B%7D\"\nset wsargs.CertificateBlob \"MIIDKDCCAhCgAwIBAgIDBVZ2MA0GCSqGSIb3DQEBCwUAMEQxHzAdBgNVBAMTFk1lc2hDZW50cmFsUm9vdC1mYWM4NGUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtNZXNoQ2VudHJhbDAeFw0xNTA3MTkxODE3NTVaFw00NjA3MTkxODE3NTVaMEQxHzAdBgNVBAMTFk1lc2hDZW50cmFsUm9vdC1mYWM4NGUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtNZXNoQ2VudHJhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyN61TmYjDS8PJQGQ8OB2V0ccJ3kKZ4LkrwPhx+qRpZBqQ1MpUfjhjjMngjiEwVu04t729xekRjamwU6sorNZbp2l1OZNA2TIs5WCg1llXyxTkRqtfim83rwXQNu+6ivz5dAux46zKFGOcVdtMlyKEjZj16zuAQ/2xg6qgyQFYwwArq9Cy5qzWMA5cjqugqA106adkOQRCatdWHYxaMXRJaBJuKQnp1HGPefyITK1UEshEZYqmBKnbD9NwxqsC+Sp/diRWrGIEKkx1GsrepQcEXIzIMSdq7+LApwhl84pgNkzKJXHTPHqQaQSejPj3FprsQh2bgsbRJUwBTWIBru/MCAwEAAaMjMCEwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEEBAMCAAUwDQYJKoZIhvcNAQELBQADggEBAA+eOSMF7b82S3faGV7jKAFzkRwOUoZnCVFV6eGBK1iyPC/xrIbWncSc59DjnHMyXWCmc0OVknTgfeyqIS2OD2DkW1zU1gNuQksDbETzV6Db3ExQyv1BXCasLPop2CkC3WCwLFa2bXG7AEheFFfqwZz1mRwPnr8AiHS2zG6RjepZts+zQvVhTftiW1aFmYVHDWlhHFIVJ4xw2KHPfuufSxyOO7YOosjzGHUYiEP1zOQKmwm1Rcz+QZRmj/O8PfQsiKnUHpHAhx0GTqwgoL7hi2bkbC9IX04pDX8Vd5uABDLfU3+S3vjBvUe+XYSRknDnFiivOtAY6fFwLqu+OnbwiIA=\"\njump :certroot 1 \"=\" 1\nprint \"Adding certificate...\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\njump :certdone\n:certroot\nprint \"Adding root certificate...\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddTrustedRootCertificate\" wsargs\n:certdone\nset wsargs\nset AMT_PublicKeyManagementService\nset PullCertificates 1\n\n\n##### Block: Remote - Add MPS FQDN/User #####\nHighlightBlock __t 3\n# Set method parameters\njsonparse wsargs \"%7B%22AccessInfo%22:%22devbox.mesh.meshcentral.com%22,%22InfoFormat%22:201,%22Port%22:4433,%22AuthMethod%22:2,%22Username%22:%22B6367516FC563665%22,%22Password%22:%22P@ssw0rd%22%7D\"\n# Execute call to AddMpServer\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\njump :error-3 wsman_result \"!=\" 200\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\nset PullRemoteAccess 1\njump :end-3\n:error-3\nprint \"Call failed: {wsman_result_str}\"\n:end-3\nset AMT_RemoteAccessService\nset certHandle\nset curSubject\nset i\nset pos\nset ws_general_query\nset wsargs\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset certInstanceId\nset wsman_ans_length\n\n##### Block: Remote - Add Trigger (Periodic) #####\nHighlightBlock __t 4\n# *** Verify valid input ***\nsplit period_arr \"10\" \":\"\nlength period_arr_len period_arr\njump :INVALID_ARG_AccessInfo1 \"devbox.mesh.meshcentral.com:4433\" \"=\" \"\"\njump :DailyPeriod \"0\" \"!=\" \"0\"\njump :INVALID_PeriodType \"0\" \"!=\" \"0\"\njump :INVALID_ARG_Period period_arr.0 \"<=\" \"0\"\njump :INVALID_ARG_Period period_arr.0 \">\" \"4294967295\"\nIntToStr extendedData \"0\"\nIntToStr bPeriod period_arr.0\nadd extendedData extendedData bPeriod\njump :SET_PERIOD\n:DailyPeriod\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\nIntToStr extendedData \"1\"\nIntToStr bPeriodHour period_arr.0\nIntToStr bPeriodMinute period_arr.1\nadd extendedData extendedData bPeriodHour\nadd extendedData extendedData bPeriodMinute\njump :SET_PERIOD\n:INVALID_PeriodType\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\njump :end-4\n:INVALID_ARG_PeriodDaily\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\njump :end-4\n:INVALID_ARG_AccessInfo1\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\njump :end-4\n:INVALID_ARG_Period\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"5\"\n:SET_IPV6_PREFIX-6\njump :IPv6StringsDefined-6 envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\njump :EMPTY_IPV6PRFX \"\" \"=\" \"\" \nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\njump :CALL_WSPUT-6\n:IPv6StringsDefined-6\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\n:EMPTY_IPV6PRFX\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-6 arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\n:CALL_WSPUT-6\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\njump :error-6 wsman_result \"!=\" 200\nprint \"Environment Detection set successfully\"\njump :end-6\n:error-6\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\njump :end-6\n:INVALID_LEN_DetectionStrings-6\nprint \"ERROR: detection strings count must be at most 5\"\njump :end-6\n:INVALID_LEN_DetectionIPv6LocalPrefixes-6\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\njump :end-6\n:EMPTY_DETECTIONSTR-6\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\n:end-6\n set PullRemoteAccess \"1\"\nset AMT_EnvironmentDetectionSettingData\nset arrDetectionIPv6LocalPrefixes\nset arrDetectionStrings\nset envDetectionInstance\nset ws_general_query\nset wsman_answer \nset wsman_result\n\n##### Ending Block #####\n:end\njump :SkipPullSystemStatus PullSystemStatus \"!=\" 1\nPullSystemStatus\n:SkipPullSystemStatus\njump :SkipPullEventLog PullEventLog \"!=\" 1\nPullEventLog\n:SkipPullEventLog\njump :SkipPullAuditLog PullAuditLog \"!=\" 1\nPullAuditLog\n:SkipPullAuditLog\njump :SkipPullCertificates PullCertificates \"!=\" 1\nPullCertificates\n:SkipPullCertificates\njump :SkipPullWatchdog PullWatchdog \"!=\" 1\nPullWatchdog\n:SkipPullWatchdog\njump :SkipPullSystemDefense PullSystemDefense \"!=\" 1\nPullSystemDefense\n:SkipPullSystemDefense\njump :SkipPullHardware PullHardware \"!=\" 1\nPullHardware\n:SkipPullHardware\njump :SkipPullUserInfo PullUserInfo \"!=\" 1\nPullUserInfo\n:SkipPullUserInfo\njump :SkipPullRemoteAccess PullRemoteAccess \"!=\" 1\nPullRemoteAccess\n:SkipPullRemoteAccess\nprint \"Script Completed\"\nHighlightBlock\n", "mescript": "JH0pRQABAAMAFwABAA8BU2NyaXB0IFN0YXJ0ZWROKQATAAIABABfX3QABQIAAAAAAAsAdgACAA0AaE1hcFBvbGljaWVzAF8BJTdCJTIyMCUyMjolMjAlMjJVc2VyJTIwSW5pdGlhdGVkJTIyLCUwOSUyMjElMjI6JTIwJTIyQWxlcnQlMjIsJTIwJTIyMiUyMjolMjAlMjJQZXJpb2RpYyUyMiU3RAAIACAAAwAMAHBvbGljaWVzQXJyAAYBMCwxLDIAAgEsAAoAJQACAA8AcG9saWNpZXNBcnJMZW4ADABwb2xpY2llc0FycgACABEAAgACAGkABQIAAAAAAAIAMwACAAoAY3VyUG9saWN5AB8AaE1hcFBvbGljaWVzLntwb2xpY2llc0Fyci57aX19AAsAPwACAAgAd3NfYXJncwAtASU3QiUyMlBvbGljeVJ1bGVOYW1lJTIyOiUyMntjdXJQb2xpY3l9JTIyJTdEABMALQACABsBQU1UX1JlbW90ZUFjY2Vzc1BvbGljeVJ1bGUACAB3c19hcmdzAA0AFQADAAIAaQACAGkABQIAAAABAAEAJgAEAAUDAAAA9gACAGkAAgE8AA8AcG9saWNpZXNBcnJMZW4AAwAsAAEAJAFJTkZPOiBQb2xpY2llcyByZW1vdmVkIHN1Y2Nlc3NmdWxseQACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABAAIAIwABABsAQU1UX1JlbW90ZUFjY2Vzc1BvbGljeVJ1bGUAAgASAAEACgBjdXJQb2xpY3kAAgAVAAEADQBoTWFwUG9saWNpZXMAAgAKAAEAAgBpAAIAFAABAAwAcG9saWNpZXNBcnIAAgAXAAEADwBwb2xpY2llc0FyckxlbgACABAAAQAIAHdzX2FyZ3MAAgAVAAEADQB3c21hbl9yZXN1bHROKQATAAIABABfX3QABQIAAAABAAgAPwADABEAd3NfZ2VuZXJhbF9xdWVyeQAgAUFNVF9NYW5hZ2VtZW50UHJlc2VuY2VSZW1vdGVTQVAAAgAsABAAKAACAA0Bd3NtYW5fYW5zd2VyABEAd3NfZ2VuZXJhbF9xdWVyeQACABEAAgACAGkABQIAAAAAAAIARQACAAQAYXJyADcAd3NtYW5fYW5zd2VyLkFNVF9NYW5hZ2VtZW50UHJlc2VuY2VSZW1vdGVTQVAucmVzcG9uc2VzAAoAFgACAAgAYXJyX2xlbgAEAGFycgACAFcAAgANAGluc3RhbmNlTmFtZQBAAHdzbWFuX2Fuc3dlci5BTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQLnJlc3BvbnNlcy57aX0uTmFtZQACAHwAAgAJAHNlbGVjdG9yAGkBJTNDdzpTZWxlY3RvclNldCUzRSUzQ3c6U2VsZWN0b3IlMjBOYW1lPSUyMk5hbWUlMjIlM0V7aW5zdGFuY2VOYW1lfSUzQy93OlNlbGVjdG9yJTNFJTNDL3c6U2VsZWN0b3JTZXQlM0UAEwAzAAIAIAFBTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQAAkAc2VsZWN0b3IADQAVAAMAAgBpAAIAaQAFAgAAAAEAAQAfAAQABQMAAAOmAAIAaQACATwACABhcnJfbGVuAAIAKAABACAAQU1UX01hbmFnZW1lbnRQcmVzZW5jZVJlbW90ZVNBUAACAAwAAQAEAGFycgACAAoAAQACAGkAAgAVAAEADQBpbnN0YW5jZU5hbWUAAgARAAEACQBzZWxlY3RvcgACABkAAQARAHdzX2dlbmVyYWxfcXVlcnkAAgAVAAEADQB3c21hbl9hbnN3ZXIAAgAVAAEADQB3c21hbl9yZXN1bHQAAgAZAAEAEQB3c21hbl9yZXN1bHRfc3RyAAIAEAABAAgAYXJyX2xlbgACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABTikAEwACAAQAX190AAUCAAAAAgALABgAAgAHAHdzYXJncwAHASU3QiU3RAACBF4AAgAXAHdzYXJncy5DZXJ0aWZpY2F0ZUJsb2IEPQFNSUlES0RDQ0FoQ2dBd0lCQWdJREJWWjJNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1FUXhIekFkQmdOVkJBTVRGazFsYzJoRFpXNTBjbUZzVW05dmRDMW1ZV000TkdVeEN6QUpCZ05WQkFZVEFsVlRNUlF3RWdZRFZRUUtFd3ROWlhOb1EyVnVkSEpoYkRBZUZ3MHhOVEEzTVRreE9ERTNOVFZhRncwME5qQTNNVGt4T0RFM05UVmFNRVF4SHpBZEJnTlZCQU1URmsxbGMyaERaVzUwY21Gc1VtOXZkQzFtWVdNNE5HVXhDekFKQmdOVkJBWVRBbFZUTVJRd0VnWURWUVFLRXd0TlpYTm9RMlZ1ZEhKaGJEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUp5TjYxVG1ZakRTOFBKUUdROE9CMlYwY2NKM2tLWjRMa3J3UGh4K3FScFpCcVExTXBVZmpoampNbmdqaUV3VnUwNHQ3Mjl4ZWtSamFtd1U2c29yTlpicDJsMU9aTkEyVElzNVdDZzFsbFh5eFRrUnF0ZmltODNyd1hRTnUrNml2ejVkQXV4NDZ6S0ZHT2NWZHRNbHlLRWpaajE2enVBUS8yeGc2cWd5UUZZd3dBcnE5Q3k1cXpXTUE1Y2pxdWdxQTEwNmFka09RUkNhdGRXSFl4YU1YUkphQkp1S1FucDFIR1BlZnlJVEsxVUVzaEVaWXFtQktuYkQ5Tnd4cXNDK1NwL2RpUldyR0lFS2t4MUdzcmVwUWNFWEl6SU1TZHE3K0xBcHdobDg0cGdOa3pLSlhIVFBIcVFhUVNlalBqM0ZwcnNRaDJiZ3NiUkpVd0JUV0lCcnUvTUNBd0VBQWFNak1DRXdEQVlEVlIwVEJBVXdBd0VCL3pBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQUFVd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFBK2VPU01GN2I4MlMzZmFHVjdqS0FGemtSd09Vb1puQ1ZGVjZlR0JLMWl5UEMveHJJYlduY1NjNTlEam5ITXlYV0NtYzBPVmtuVGdmZXlxSVMyT0QyRGtXMXpVMWdOdVFrc0RiRVR6VjZEYjNFeFF5djFCWENhc0xQb3AyQ2tDM1dDd0xGYTJiWEc3QUVoZUZGZnF3WnoxbVJ3UG5yOEFpSFMyekc2UmplcFp0cyt6UXZWaFRmdGlXMWFGbVlWSERXbGhIRklWSjR4dzJLSFBmdXVmU3h5T083WU9vc2p6R0hVWWlFUDF6T1FLbXdtMVJjeitRWlJtai9POFBmUXNpS25VSHBIQWh4MEdUcXdnb0w3aGkyYmtiQzlJWDA0cERYOFZkNXVBQkRMZlUzK1MzdmpCdlVlK1hZU1JrbkRuRmlpdk90QVk2ZkZ3THF1K09uYndpSUE9AAEAHwAEAAUDAAAK5AAFAgAAAAEAAgE9AAUCAAAAAQADAB4AAQAWAUFkZGluZyBjZXJ0aWZpY2F0ZS4uLgAUAEEAAwAfAUFNVF9QdWJsaWNLZXlNYW5hZ2VtZW50U2VydmljZQAPAUFkZENlcnRpZmljYXRlAAcAd3NhcmdzAAEADQABAAUDAAALUwADACMAAQAbAUFkZGluZyByb290IGNlcnRpZmljYXRlLi4uABQATAADAB8BQU1UX1B1YmxpY0tleU1hbmFnZW1lbnRTZXJ2aWNlABoBQWRkVHJ1c3RlZFJvb3RDZXJ0aWZpY2F0ZQAHAHdzYXJncwACAA8AAQAHAHdzYXJncwACACcAAQAfAEFNVF9QdWJsaWNLZXlNYW5hZ2VtZW50U2VydmljZQACACAAAgARAFB1bGxDZXJ0aWZpY2F0ZXMABQIAAAABTikAEwACAAQAX190AAUCAAAAAwALAMYAAgAHAHdzYXJncwC1ASU3QiUyMkFjY2Vzc0luZm8lMjI6JTIyZGV2Ym94Lm1lc2gubWVzaGNlbnRyYWwuY29tJTIyLCUyMkluZm9Gb3JtYXQlMjI6MjAxLCUyMlBvcnQlMjI6NDQzMywlMjJBdXRoTWV0aG9kJTIyOjIsJTIyVXNlcm5hbWUlMjI6JTIyQjYzNjc1MTZGQzU2MzY2NSUyMiwlMjJQYXNzd29yZCUyMjolMjJQQHNzdzByZCUyMiU3RAAUADoABAAYAUFNVF9SZW1vdGVBY2Nlc3NTZXJ2aWNlAAwBQWRkTXBTZXJ2ZXIABwB3c2FyZ3MAAQEAAQAoAAQABQMAAA1sAA0Ad3NtYW5fcmVzdWx0AAMBIT0ABQIAAADIAAMAWwABAFMBTWFuYWdlbWVudCBQcmVzY2VuY2UgU2VydmVyIChNUFMpIHN1Y2Nlc3NmdWxseSBhZGRlZCB0byB0aGUgSW50ZWwoUikgQU1UIFN1YnN5c3RlbQACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABAAEADQABAAUDAAANlAADACgAAQAgAUNhbGwgZmFpbGVkOiB7d3NtYW5fcmVzdWx0X3N0cn0AAgAgAAEAGABBTVRfUmVtb3RlQWNjZXNzU2VydmljZQACABMAAQALAGNlcnRIYW5kbGUAAgATAAEACwBjdXJTdWJqZWN0AAIACgABAAIAaQACAAwAAQAEAHBvcwACABkAAQARAHdzX2dlbmVyYWxfcXVlcnkAAgAPAAEABwB3c2FyZ3MAAgAVAAEADQB3c21hbl9hbnN3ZXIAAgAVAAEADQB3c21hbl9yZXN1bHQAAgAZAAEAEQB3c21hbl9yZXN1bHRfc3RyAAIAFwABAA8AY2VydEluc3RhbmNlSWQAAgAZAAEAEQB3c21hbl9hbnNfbGVuZ3RoTikAEwACAAQAX190AAUCAAAABAAIABwAAwALAHBlcmlvZF9hcnIAAwExMAACAToACgAkAAIADwBwZXJpb2RfYXJyX2xlbgALAHBlcmlvZF9hcnIAAQA3AAQABQMAABJrACEBZGV2Ym94Lm1lc2gubWVzaGNlbnRyYWwuY29tOjQ0MzMAAgE9AAEBAAEAGgAEAAUDAAAQDgACATAAAwEhPQACATAAAQAaAAQABQMAABGdAAIBMAADASE9AAIBMAABACUABAAFAwAAEsgADQBwZXJpb2RfYXJyLjAAAwE8PQACATAAAQAtAAQABQMAABLIAA0AcGVyaW9kX2Fyci4wAAIBPgALATQyOTQ5NjcyOTUnIQAZAAIADQBleHRlbmRlZERhdGEAAgEwJyEAHwACAAgAYlBlcmlvZAANAHBlcmlvZF9hcnIuMAANAC4AAwANAGV4dGVuZGVkRGF0YQANAGV4dGVuZGVkRGF0YQAIAGJQZXJpb2QAAQANAAEABQMAABMrAAEAJwAEAAUDAAARnQAPAHBlcmlvZF9hcnJfbGVuAAMBIT0AAgEyAAEAJQAEAAUDAAAR+gANAHBlcmlvZF9hcnIuMAADATw9AAIBMAABACUABAAFAwAAEfoADQBwZXJpb2RfYXJyLjAAAgE+AAMBMjMAAQAlAAQABQMAABH6AA0AcGVyaW9kX2Fyci4xAAIBPgADATU5AAEAJQAEAAUDAAAR+gANAHBlcmlvZF9hcnIuMQADATw9AAIBMCchABkAAgANAGV4dGVuZGVkRGF0YQACATEnIQAjAAIADABiUGVyaW9kSG91cgANAHBlcmlvZF9hcnIuMCchACUAAgAOAGJQZXJpb2RNaW51dGUADQBwZXJpb2RfYXJyLjEADQAyAAMADQBleHRlbmRlZERhdGEADQBleHRlbmRlZERhdGEADABiUGVyaW9kSG91cgANADQAAwANAGV4dGVuZGVkRGF0YQANAGV4dGVuZGVkRGF0YQAOAGJQZXJpb2RNaW51dGUAAQANAAEABQMAABMrAAMAUAABAEgBRVJST1I6IFRoZSBwZXJpb2QgdHlwZSBhbmQgdmFsdWUgbXVzdCBjb3JyZXNwb25kLCBhYm9ydGluZyBvcGVyYXRpb24uLi4AAQANAAEABQMAAB5hAAMAZAABAFwBRVJST1I6IEZpZWxkICUyMlBlcmlvZCUyMiBtdXN0IGJlIGEgdmFsdWUgSEg6TU0gMDw9SEg8MjQgJiYgMDw9TU08NjAsIGFib3J0aW5nIG9wZXJhdGlvbi4uLgABAA0AAQAFAwAAHmEAAwBQAAEASAFFUlJPUjogRmllbGQgJTIyQWNjZXNzSW5mbzElMjIgbXVzdCBub3QgYmUgZW1wdHksIGFib3J0aW5nIG9wZXJhdGlvbi4uLgABAA0AAQAFAwAAHmEAAwBWAAEATgFFUlJPUjogRmllbGQgJTIyUGVyaW9kJTIyIG11c3QgYmUgYSB2YWx1ZSAwPD10PE1BWF9JTlQsIGFib3J0aW5nIG9wZXJhdGlvbi4uLgABAA0AAQAFAwAAHmEACwBLAAIACAB3c19hcmdzADkBJTdCJTIyVHJpZ2dlciUyMjolMjIyJTIyLCUyMlR1bm5lbExpZmVUaW1lJTIyOiUyMjAlMjIlN0QnFAAkAAIADQBleHRlbmRlZERhdGEADQBleHRlbmRlZERhdGEAAgAsAAIAFQB3c19hcmdzLkV4dGVuZGVkRGF0YQANAGV4dGVuZGVkRGF0YQAIAD8AAwARAHdzX2dlbmVyYWxfcXVlcnkAIAFBTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQAAIALAAQACgAAgANAXdzbWFuX2Fuc3dlcgARAHdzX2dlbmVyYWxfcXVlcnkAAgARAAIAAgBpAAUCAAAAAAACAEUAAgAEAGFycgA3AHdzbWFuX2Fuc3dlci5BTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQLnJlc3BvbnNlcwAKABYAAgAIAGFycl9sZW4ABABhcnIAAgAUAAIACABtcHNFcHIxAAIBKgACABQAAgAIAG1wc0VwcjIAAgEqAAIAKwACAA4AY3VyQWNjZXNzSW5mbwATAGFyci57aX0uQWNjZXNzSW5mbwANACoAAwAOAGN1ckFjY2Vzc0luZm8ADgBjdXJBY2Nlc3NJbmZvAAIBOgANADUAAwAOAGN1ckFjY2Vzc0luZm8ADgBjdXJBY2Nlc3NJbmZvAA0AYXJyLntpfS5Qb3J0AAEARQAEAAUDAAAWLwAOAGN1ckFjY2Vzc0luZm8AAwEhPQAhAWRldmJveC5tZXNoLm1lc2hjZW50cmFsLmNvbTo0NDMzAAIAUgACAAgAbXBzRXByMQBAAHdzbWFuX2Fuc3dlci5BTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQLnJlc3BvbnNlcy57aX0uTmFtZQADADYAAQAuAUlORk86IEZvdW5kIG1hdGNoaW5nIChwcmltYXJ5KSBtcHM6IHttcHNFcHIxfQABABcABAAFAwAAFxIAAQEAAgE9AAEBAAEAJQAEAAUDAAAW3gAOAGN1ckFjY2Vzc0luZm8AAwEhPQABAQACAFIAAgAIAG1wc0VwcjIAQAB3c21hbl9hbnN3ZXIuQU1UX01hbmFnZW1lbnRQcmVzZW5jZVJlbW90ZVNBUC5yZXNwb25zZXMue2l9Lk5hbWUAAwA4AAEAMAFJTkZPOiBGb3VuZCBtYXRjaGluZyAoc2Vjb25kYXJ5KSBtcHM6IHttcHNFcHIyfQANABUAAwACAGkAAgBpAAUCAAAAAQABAB8ABAAFAwAAFMEAAgBpAAIBPAAIAGFycl9sZW4AAQAgAAQABQMAABerAAgAbXBzRXByMQADASE9AAIBKgADAGwAAQBkAUVSUk9SOiBNUFMgc2VydmVyOiAlMjJkZXZib3gubWVzaC5tZXNoY2VudHJhbC5jb206NDQzMyUyMiBjb3VsZCBub3QgYmUgZm91bmQsIGFib3J0aW5nIG9wZXJhdGlvbi4uLgABAA0AAQAFAwAAHmEAAQAXAAQABQMAABg7AAEBAAIBPQABAQABACAABAAFAwAAGDsACABtcHNFcHIyAAMBIT0AAgEqAAMATAABAEQBRVJST1I6IE1QUyBzZXJ2ZXI6ICUyMiUyMiBjb3VsZCBub3QgYmUgZm91bmQsIGFib3J0aW5nIG9wZXJhdGlvbi4uLgABAA0AAQAFAwAAHmEAAwAgAAEAGAFJTkZPOiBTZXR0aW5nIHBvbGljeS4uLgALACIAAgARAHdzX2FyZ3MuTXBTZXJ2ZXIABwElN0IlN0QAAgJhAAIACQBNcFNlcnZlcgJOASUzQ0FkZHJlc3MlMjB4bWxucz0lMjJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmclMjIlM0VodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3Npbmcvcm9sZS9hbm9ueW1vdXMlM0MvQWRkcmVzcyUzRSUzQ1JlZmVyZW5jZVBhcmFtZXRlcnMlMjB4bWxucz0lMjJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmclMjIlM0UlM0NSZXNvdXJjZVVSSSUyMHhtbG5zPSUyMmh0dHA6Ly9zY2hlbWFzLmRtdGYub3JnL3diZW0vd3NtYW4vMS93c21hbi54c2QlMjIlM0VodHRwOi8vaW50ZWwuY29tL3diZW0vd3NjaW0vMS9hbXQtc2NoZW1hLzEvQU1UX01hbmFnZW1lbnRQcmVzZW5jZVJlbW90ZVNBUCUzQy9SZXNvdXJjZVVSSSUzRSUzQ1NlbGVjdG9yU2V0JTIweG1sbnM9JTIyaHR0cDovL3NjaGVtYXMuZG10Zi5vcmcvd2JlbS93c21hbi8xL3dzbWFuLnhzZCUyMiUzRSUzQ1NlbGVjdG9yJTIwTmFtZT0lMjJOYW1lJTIyJTNFe21wc0VwcjF9JTNDL1NlbGVjdG9yJTNFJTNDL1NlbGVjdG9yU2V0JTNFJTNDL1JlZmVyZW5jZVBhcmFtZXRlcnMlM0UAAQAXAAQABQMAAB1iAAEBAAIBPQABAQANAm0AAwAJAE1wU2VydmVyAAkATXBTZXJ2ZXICTwF8JTNDQWRkcmVzcyUyMHhtbG5zPSUyMmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDQvMDgvYWRkcmVzc2luZyUyMiUzRWh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDQvMDgvYWRkcmVzc2luZy9yb2xlL2Fub255bW91cyUzQy9BZGRyZXNzJTNFJTNDUmVmZXJlbmNlUGFyYW1ldGVycyUyMHhtbG5zPSUyMmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDQvMDgvYWRkcmVzc2luZyUyMiUzRSUzQ1Jlc291cmNlVVJJJTIweG1sbnM9JTIyaHR0cDovL3NjaGVtYXMuZG10Zi5vcmcvd2JlbS93c21hbi8xL3dzbWFuLnhzZCUyMiUzRWh0dHA6Ly9pbnRlbC5jb20vd2JlbS93c2NpbS8xL2FtdC1zY2hlbWEvMS9BTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQJTNDL1Jlc291cmNlVVJJJTNFJTNDU2VsZWN0b3JTZXQlMjB4bWxucz0lMjJodHRwOi8vc2NoZW1hcy5kbXRmLm9yZy93YmVtL3dzbWFuLzEvd3NtYW4ueHNkJTIyJTNFJTNDU2VsZWN0b3IlMjBOYW1lPSUyMk5hbWUlMjIlM0V7bXBzRXByMn0lM0MvU2VsZWN0b3IlM0UlM0MvU2VsZWN0b3JTZXQlM0UlM0MvUmVmZXJlbmNlUGFyYW1ldGVycyUzRQAIACgAAwARAHdzX2FyZ3MuTXBTZXJ2ZXIACQBNcFNlcnZlcgACAXwAFABRAAQAGAFBTVRfUmVtb3RlQWNjZXNzU2VydmljZQAaAUFkZFJlbW90ZUFjY2Vzc1BvbGljeVJ1bGUACAB3c19hcmdzAAkAc2VsZWN0b3IAAQAoAAQABQMAAB4zAA0Ad3NtYW5fcmVzdWx0AAMBIT0ABQIAAADIAAMAIwABABsBUG9saWN5IGFkZGVkZCBzdWNjZXNzZnVsbHkAAQANAAEABQMAAB5hAAMALgABACYBV1NNQU4gY2FsbCBmYWlsZWQ6IHt3c21hbl9yZXN1bHRfc3RyfQACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABAAIAEAABAAgAbXBzRXByMQACABAAAQAIAG1wc0VwcjIAAgAKAAEAAgBpAAIAFgABAA4AY3VyQWNjZXNzSW5mbwACABAAAQAIAGFycl9sZW4AAgARAAEACQBNcFNlcnZlcgACAAwAAQAEAGFycgACACAAAQAYAEFNVF9SZW1vdGVBY2Nlc3NTZXJ2aWNlAAIAFQABAA0Ad3NtYW5fcmVzdWx0AAIAGQABABEAd3NtYW5fcmVzdWx0X3N0cgACABAAAQAIAHdzX2FyZ3MAAgAZAAEAEQB3c19nZW5lcmFsX3F1ZXJ5AAIAFQABAA0Ad3NtYW5fYW5zd2VyAAIAEAABAAgAYlBlcmlvZAACABUAAQANAGV4dGVuZGVkRGF0YQACABMAAQALAHBlcmlvZF9hcnIAAgAXAAEADwBwZXJpb2RfYXJyX2xlbgACABQAAQAMAGJQZXJpb2RIb3VyAAIAFgABAA4AYlBlcmlvZE1pbnV0ZU4pABMAAgAEAF9fdAAFAgAAAAUACwA4AAIABwB3c2FyZ3MAJwElN0IlMjJSZXF1ZXN0ZWRTdGF0ZSUyMjolMjIzMjc3MSUyMiU3RAALAJMAAgAKAEVudW1TdGF0ZQB/ASU3QiUyMjMyNzY4JTIyOiUyMkRpc2FibGVkJTIyLCUyMjMyNzY5JTIyOiUyMkJJT1MgRW5hYmxlZCUyMiwlMjIzMjc3MCUyMjolMjJPUyBlbmFibGUlMjIsJTIyMzI3NzElMjI6JTIyQklPUyAmIE9TIEVuYWJlZCUyMiU3RAAUAEwABAAjAUFNVF9Vc2VySW5pdGlhdGVkQ29ubmVjdGlvblNlcnZpY2UAEwFSZXF1ZXN0U3RhdGVDaGFuZ2UABwB3c2FyZ3MAAQEAAQAoAAQABQMAACG7AA0Ad3NtYW5fcmVzdWx0AAMBIT0ABQIAAADIAAMASQABAEEBU1VDQ0VTUzogUmVtb3RlIEFjY2VzcyB1c2VyIGludGVyZmFjZXMgc2V0IHRvOiB7RW51bVN0YXRlLjMyNzcxfQACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABAAEADQABAAUDAAAh4wADACgAAQAgAUNhbGwgZmFpbGVkOiB7d3NtYW5fcmVzdWx0X3N0cn0AAgAPAAEABwB3c2FyZ3MAAgAVAAEADQB3c21hbl9yZXN1bHQAAgAZAAEAEQB3c21hbl9yZXN1bHRfc3RyAAIAEgABAAoARW51bVN0YXRlAAIAKwABACMAQU1UX1VzZXJJbml0aWF0ZWRDb25uZWN0aW9uU2VydmljZU4pABMAAgAEAF9fdAAFAgAAAAYAAwAnAAEAHwFJTkZPOiBQYXJzaW5nIGJsb2NrIHBhcmFtZXRlcnMAAQAlAAQABQMAACoLAA8BYWFiYmNjZGRlZWZmZ2cAAgE9AAEBAAgAMQADABQAYXJyRGV0ZWN0aW9uU3RyaW5ncwAPAWFhYmJjY2RkZWVmZmdnAAIBLAAIAC0AAwAeAGFyckRldGVjdGlvbklQdjZMb2NhbFByZWZpeGVzAAEBAAIBLAADACwAAQAkAUlORk86IFNldHRpbmcgRW52aXJvbm1lbnQgRGV0ZWN0aW9uAAgARAADABEAd3NfZ2VuZXJhbF9xdWVyeQAlASpBTVRfRW52aXJvbm1lbnREZXRlY3Rpb25TZXR0aW5nRGF0YQACASwAEAAoAAIADQF3c21hbl9hbnN3ZXIAEQB3c19nZW5lcmFsX3F1ZXJ5AAIAWQACABUAZW52RGV0ZWN0aW9uSW5zdGFuY2UAOgB3c21hbl9hbnN3ZXIuQU1UX0Vudmlyb25tZW50RGV0ZWN0aW9uU2V0dGluZ0RhdGEucmVzcG9uc2UAAQA6AAMABQMAACSWACYAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uU3RyaW5ncwADASE9AAIARAACACYAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uU3RyaW5ncwAUAGFyckRldGVjdGlvblN0cmluZ3MAAQANAAEABQMAACYDAA0ANgADABQAYXJyRGV0ZWN0aW9uU3RyaW5ncwACASwAFABhcnJEZXRlY3Rpb25TdHJpbmdzAA0AbAADACYAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uU3RyaW5ncwAmAGVudkRldGVjdGlvbkluc3RhbmNlLkRldGVjdGlvblN0cmluZ3MAFABhcnJEZXRlY3Rpb25TdHJpbmdzJxkAVgACACYAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uU3RyaW5ncwAmAGVudkRldGVjdGlvbkluc3RhbmNlLkRldGVjdGlvblN0cmluZ3MACgBHAAIAFwBhcnJEZXRlY3Rpb25TdHJpbmdzTGVuACYAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uU3RyaW5ncwABAC4ABAAFAwAAKYMAFwBhcnJEZXRlY3Rpb25TdHJpbmdzTGVuAAIBPgACATUAAQBEAAMABQMAACbDADAAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uSVB2NkxvY2FsUHJlZml4ZXMAAwEhPQABABcABAAFAwAAKAEAAQEAAgE9AAEBAAIAWAACADAAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uSVB2NkxvY2FsUHJlZml4ZXMAHgBhcnJEZXRlY3Rpb25JUHY2TG9jYWxQcmVmaXhlcwABAA0AAQAFAwAAKJQADQBKAAMAHgBhcnJEZXRlY3Rpb25JUHY2TG9jYWxQcmVmaXhlcwACASwAHgBhcnJEZXRlY3Rpb25JUHY2TG9jYWxQcmVmaXhlcwANAIoAAwAwAGVudkRldGVjdGlvbkluc3RhbmNlLkRldGVjdGlvbklQdjZMb2NhbFByZWZpeGVzADAAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uSVB2NkxvY2FsUHJlZml4ZXMAHgBhcnJEZXRlY3Rpb25JUHY2TG9jYWxQcmVmaXhlcycZAGoAAgAwAGVudkRldGVjdGlvbkluc3RhbmNlLkRldGVjdGlvbklQdjZMb2NhbFByZWZpeGVzADAAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uSVB2NkxvY2FsUHJlZml4ZXMACgBbAAIAIQBhcnJEZXRlY3Rpb25JUHY2TG9jYWxQcmVmaXhlc0xlbgAwAGVudkRldGVjdGlvbkluc3RhbmNlLkRldGVjdGlvbklQdjZMb2NhbFByZWZpeGVzAAEAOAAEAAUDAAApyQAhAGFyckRldGVjdGlvbklQdjZMb2NhbFByZWZpeGVzTGVuAAIBPgACATUAEQBDAAIAJAFBTVRfRW52aXJvbm1lbnREZXRlY3Rpb25TZXR0aW5nRGF0YQAVAGVudkRldGVjdGlvbkluc3RhbmNlAAEAKAAEAAUDAAApQQANAHdzbWFuX3Jlc3VsdAADASE9AAUCAAAAyAADADUAAQAtAUlORk86IEVudmlyb25tZW50IERldGVjdGlvbiBzZXQgc3VjY2Vzc2Z1bGx5AAEADQABAAUDAAAqXwADADUAAQAtAUVSUk9SOiBXU01BTiBjYWxsIGZhaWxlZDoge3dzbWFuX3Jlc3VsdF9zdHJ9AAEADQABAAUDAAAqXwADADkAAQAxAUVSUk9SOiBkZXRlY3Rpb24gc3RyaW5ncyBjb3VudCBtdXN0IGJlIGF0IG1vc3QgNQABAA0AAQAFAwAAKl8AAwA1AAEALQFFUlJPUjogSVB2NiBwcmVmaXhlcyBjb3VudCBtdXN0IGJlIGF0IG1vc3QgNQABAA0AAQAFAwAAKl8AAwBUAAEATAFFUlJPUjogJTIyRGV0ZWN0aW9uIFN0cmluZ3MlMjIgZmllbGQgY2Fubm90IGJlIGVtcHR5LCBhYm9ydGluZyBvcGVyYXRpb24uLi4AAgAdAAIAEQBQdWxsUmVtb3RlQWNjZXNzAAIBMQACACwAAQAkAEFNVF9FbnZpcm9ubWVudERldGVjdGlvblNldHRpbmdEYXRhAAIAJgABAB4AYXJyRGV0ZWN0aW9uSVB2NkxvY2FsUHJlZml4ZXMAAgAcAAEAFABhcnJEZXRlY3Rpb25TdHJpbmdzAAIAHQABABUAZW52RGV0ZWN0aW9uSW5zdGFuY2UAAgAZAAEAEQB3c19nZW5lcmFsX3F1ZXJ5AAIAFQABAA0Ad3NtYW5fYW5zd2VyAAIAFQABAA0Ad3NtYW5fcmVzdWx0AAEALAAEAAUDAAArfAARAFB1bGxTeXN0ZW1TdGF0dXMAAwEhPQAFAgAAAAFOIAAGAAAAAQAoAAQABQMAACuqAA0AUHVsbEV2ZW50TG9nAAMBIT0ABQIAAAABTiEABgAAAAEAKAAEAAUDAAAr2AANAFB1bGxBdWRpdExvZwADASE9AAUCAAAAAU4iAAYAAAABACwABAAFAwAALAoAEQBQdWxsQ2VydGlmaWNhdGVzAAMBIT0ABQIAAAABTiMABgAAAAEAKAAEAAUDAAAsOAANAFB1bGxXYXRjaGRvZwADASE9AAUCAAAAAU4kAAYAAAABAC0ABAAFAwAALGsAEgBQdWxsU3lzdGVtRGVmZW5zZQADASE9AAUCAAAAAU4lAAYAAAABACgABAAFAwAALJkADQBQdWxsSGFyZHdhcmUAAwEhPQAFAgAAAAFOJgAGAAAAAQAoAAQABQMAACzHAA0AUHVsbFVzZXJJbmZvAAMBIT0ABQIAAAABTicABgAAAAEALAAEAAUDAAAs+QARAFB1bGxSZW1vdGVBY2Nlc3MAAwEhPQAFAgAAAAFOKAAGAAAAAwAZAAEAEQFTY3JpcHQgQ29tcGxldGVkTikABgAA", "blocks": { "_start": { @@ -477,7 +477,7 @@ "AMT-Network-AddEnvDetection": { "name": "Network - Set Environment Detection", "desc": "Configures the DNS information that will be used by Intel AMT to dynamically determine the network it is operating in", - "code": "# *** Validate user input ***\r\nprint \"INFO: Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"INFO: Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"INFO: Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result", + "code": "# *** Validate user input ***\r\nprint \"Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result", "vars": { "DetectionStrings": { "name": "Detection Strings", @@ -690,7 +690,7 @@ "AMT-RemoteAccess-AddRemoteAccessPolicyRule": { "name": "Remote - Add Trigger (User / Alert)", "desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.", - "code": "# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%220%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\n# *** Verify valid input ***\r\njump :VALID_INPUT \"%%%AccessInfo1%%%\" \"!=\" \"\"\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:VALID_INPUT\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"INFO: Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"INFO: Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"INFO: Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy addedd successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer", + "code": "# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%220%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\n# *** Verify valid input ***\r\njump :VALID_INPUT \"%%%AccessInfo1%%%\" \"!=\" \"\"\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:VALID_INPUT\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy addedd successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer", "vars": { "AccessInfo1": { "name": "MPS 1 Address", @@ -728,7 +728,7 @@ "AMT-RemoteAccess-AddRemoteAccessPolicyRule2": { "name": "Remote - Add Trigger (Periodic)", "desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.", - "code": "# *** Verify valid input ***\r\nsplit period_arr \"%%%Period%%%\" \":\"\r\nlength period_arr_len period_arr\r\njump :INVALID_ARG_AccessInfo1 \"%%%AccessInfo1%%%\" \"=\" \"\"\r\njump :DailyPeriod \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_PeriodType \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \">\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"INFO: Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result", + "code": "# *** Validate user input ***\r\nprint \"Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result", "vars": { "DetectionStrings": { "name": "Detection Strings", diff --git a/public/scripts/cira_setup_script_ip.mescript b/public/scripts/cira_setup_script_ip.mescript index e34de31d..91c768a4 100644 --- a/public/scripts/cira_setup_script_ip.mescript +++ b/public/scripts/cira_setup_script_ip.mescript @@ -1,5 +1,5 @@ { - "scriptText": "##### Starting Block #####\nprint \"Script Started\"\n\n##### Block: Remote - Remove Trigger #####\nHighlightBlock __t 0\njsonparse hMapPolicies \"%7B%220%22:%20%22User%20Initiated%22,%09%221%22:%20%22Alert%22,%20%222%22:%20%22Periodic%22%7D\"\nsplit policiesArr \"0,1,2\" \",\"\nlength policiesArrLen policiesArr\nset i 0\n:loop-0\nset curPolicy hMapPolicies.{policiesArr.{i}}\njsonparse ws_args \"%7B%22PolicyRuleName%22:%22{curPolicy}%22%7D\"\nwsdelete \"AMT_RemoteAccessPolicyRule\" ws_args\nadd i i 1\njump :loop-0 i \"<\" policiesArrLen\nprint \"INFO: Policies removed successfully\"\nset PullRemoteAccess 1\nset AMT_RemoteAccessPolicyRule\nset curPolicy\nset hMapPolicies\nset i\nset policiesArr\nset policiesArrLen\nset ws_args\nset wsman_result\n\n##### Block: Remote - Remove All MPS #####\nHighlightBlock __t 1\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\nset i 0\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\nLength arr_len arr\n:loop-1\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\nadd i i 1\njump :loop-1 i \"<\" arr_len\n:end-1\nset AMT_ManagementPresenceRemoteSAP\nset arr\nset i\nset instanceName\nset selector\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset arr_len\nset PullRemoteAccess 1\n\n\n##### Block: Security - Add Certificate #####\nHighlightBlock __t 2\njsonparse wsargs \"%7B%7D\"\nset wsargs.CertificateBlob \"MIIDKDCCAhCgAwIBAgIDBVZ2MA0GCSqGSIb3DQEBCwUAMEQxHzAdBgNVBAMTFk1lc2hDZW50cmFsUm9vdC1mYWM4NGUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtNZXNoQ2VudHJhbDAeFw0xNTA3MTkxODE3NTVaFw00NjA3MTkxODE3NTVaMEQxHzAdBgNVBAMTFk1lc2hDZW50cmFsUm9vdC1mYWM4NGUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtNZXNoQ2VudHJhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyN61TmYjDS8PJQGQ8OB2V0ccJ3kKZ4LkrwPhx+qRpZBqQ1MpUfjhjjMngjiEwVu04t729xekRjamwU6sorNZbp2l1OZNA2TIs5WCg1llXyxTkRqtfim83rwXQNu+6ivz5dAux46zKFGOcVdtMlyKEjZj16zuAQ/2xg6qgyQFYwwArq9Cy5qzWMA5cjqugqA106adkOQRCatdWHYxaMXRJaBJuKQnp1HGPefyITK1UEshEZYqmBKnbD9NwxqsC+Sp/diRWrGIEKkx1GsrepQcEXIzIMSdq7+LApwhl84pgNkzKJXHTPHqQaQSejPj3FprsQh2bgsbRJUwBTWIBru/MCAwEAAaMjMCEwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEEBAMCAAUwDQYJKoZIhvcNAQELBQADggEBAA+eOSMF7b82S3faGV7jKAFzkRwOUoZnCVFV6eGBK1iyPC/xrIbWncSc59DjnHMyXWCmc0OVknTgfeyqIS2OD2DkW1zU1gNuQksDbETzV6Db3ExQyv1BXCasLPop2CkC3WCwLFa2bXG7AEheFFfqwZz1mRwPnr8AiHS2zG6RjepZts+zQvVhTftiW1aFmYVHDWlhHFIVJ4xw2KHPfuufSxyOO7YOosjzGHUYiEP1zOQKmwm1Rcz+QZRmj/O8PfQsiKnUHpHAhx0GTqwgoL7hi2bkbC9IX04pDX8Vd5uABDLfU3+S3vjBvUe+XYSRknDnFiivOtAY6fFwLqu+OnbwiIA=\"\njump :certroot 1 \"=\" 1\nprint \"Adding certificate...\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\njump :certdone\n:certroot\nprint \"Adding root certificate...\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddTrustedRootCertificate\" wsargs\n:certdone\nset wsargs\nset AMT_PublicKeyManagementService\nset PullCertificates 1\n\n\n##### Block: Remote - Add MPS IP/User #####\nHighlightBlock __t 3\n# Set method parameters\njsonparse wsargs \"%7B%22AccessInfo%22:%22192.168.2.133%22,%22InfoFormat%22:%223%22,%22Port%22:4433,%22AuthMethod%22:%222%22,%22Username%22:%22B6367516FC563665%22,%22Password%22:%22P@ssw0rd%22%7D\"\nset wsargs.CN \"devbox.mesh.meshcentral.com\"\n# Execute call to AddMpServer\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\njump :error-3 wsman_result \"!=\" 200\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\nset PullRemoteAccess 1\njump :end-3\n:error-3\nprint \"Call failed: {wsman_result_str}\"\n:end-3\nset AMT_RemoteAccessService\nset wsargs\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset wsman_ans_length\n\n##### Block: Remote - Add Trigger (Periodic) #####\nHighlightBlock __t 4\n# *** Verify valid input ***\nsplit period_arr \"10\" \":\"\nlength period_arr_len period_arr\njump :INVALID_ARG_AccessInfo1 \"192.168.2.133:4433\" \"=\" \"\"\njump :DailyPeriod \"0\" \"!=\" \"0\"\njump :INVALID_PeriodType \"0\" \"!=\" \"0\"\njump :INVALID_ARG_Period period_arr.0 \"<=\" \"0\"\njump :INVALID_ARG_Period period_arr.0 \">\" \"4294967295\"\nIntToStr extendedData \"0\"\nIntToStr bPeriod period_arr.0\nadd extendedData extendedData bPeriod\njump :SET_PERIOD\n:DailyPeriod\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\nIntToStr extendedData \"1\"\nIntToStr bPeriodHour period_arr.0\nIntToStr bPeriodMinute period_arr.1\nadd extendedData extendedData bPeriodHour\nadd extendedData extendedData bPeriodMinute\njump :SET_PERIOD\n:INVALID_PeriodType\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\njump :end-4\n:INVALID_ARG_PeriodDaily\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\njump :end-4\n:INVALID_ARG_AccessInfo1\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\njump :end-4\n:INVALID_ARG_Period\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"5\"\n:SET_IPV6_PREFIX-6\njump :IPv6StringsDefined-6 envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\njump :EMPTY_IPV6PRFX \"\" \"=\" \"\" \nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\njump :CALL_WSPUT-6\n:IPv6StringsDefined-6\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\n:EMPTY_IPV6PRFX\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-6 arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\n:CALL_WSPUT-6\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\njump :error-6 wsman_result \"!=\" 200\nprint \"INFO: Environment Detection set successfully\"\njump :end-6\n:error-6\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\njump :end-6\n:INVALID_LEN_DetectionStrings-6\nprint \"ERROR: detection strings count must be at most 5\"\njump :end-6\n:INVALID_LEN_DetectionIPv6LocalPrefixes-6\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\njump :end-6\n:EMPTY_DETECTIONSTR-6\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\n:end-6\n set PullRemoteAccess \"1\"\nset AMT_EnvironmentDetectionSettingData\nset arrDetectionIPv6LocalPrefixes\nset arrDetectionStrings\nset envDetectionInstance\nset ws_general_query\nset wsman_answer \nset wsman_result\n\n##### Ending Block #####\n:end\njump :SkipPullSystemStatus PullSystemStatus \"!=\" 1\nPullSystemStatus\n:SkipPullSystemStatus\njump :SkipPullEventLog PullEventLog \"!=\" 1\nPullEventLog\n:SkipPullEventLog\njump :SkipPullAuditLog PullAuditLog \"!=\" 1\nPullAuditLog\n:SkipPullAuditLog\njump :SkipPullCertificates PullCertificates \"!=\" 1\nPullCertificates\n:SkipPullCertificates\njump :SkipPullWatchdog PullWatchdog \"!=\" 1\nPullWatchdog\n:SkipPullWatchdog\njump :SkipPullSystemDefense PullSystemDefense \"!=\" 1\nPullSystemDefense\n:SkipPullSystemDefense\njump :SkipPullHardware PullHardware \"!=\" 1\nPullHardware\n:SkipPullHardware\njump :SkipPullUserInfo PullUserInfo \"!=\" 1\nPullUserInfo\n:SkipPullUserInfo\njump :SkipPullRemoteAccess PullRemoteAccess \"!=\" 1\nPullRemoteAccess\n:SkipPullRemoteAccess\nprint \"Script Completed\"\nHighlightBlock\n", + "scriptText": "##### Starting Block #####\nprint \"Script Started\"\n\n##### Block: Remote - Remove Trigger #####\nHighlightBlock __t 0\njsonparse hMapPolicies \"%7B%220%22:%20%22User%20Initiated%22,%09%221%22:%20%22Alert%22,%20%222%22:%20%22Periodic%22%7D\"\nsplit policiesArr \"0,1,2\" \",\"\nlength policiesArrLen policiesArr\nset i 0\n:loop-0\nset curPolicy hMapPolicies.{policiesArr.{i}}\njsonparse ws_args \"%7B%22PolicyRuleName%22:%22{curPolicy}%22%7D\"\nwsdelete \"AMT_RemoteAccessPolicyRule\" ws_args\nadd i i 1\njump :loop-0 i \"<\" policiesArrLen\nprint \"Policies removed successfully\"\nset PullRemoteAccess 1\nset AMT_RemoteAccessPolicyRule\nset curPolicy\nset hMapPolicies\nset i\nset policiesArr\nset policiesArrLen\nset ws_args\nset wsman_result\n\n##### Block: Remote - Remove All MPS #####\nHighlightBlock __t 1\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\nset i 0\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\nLength arr_len arr\n:loop-1\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\nadd i i 1\njump :loop-1 i \"<\" arr_len\n:end-1\nset AMT_ManagementPresenceRemoteSAP\nset arr\nset i\nset instanceName\nset selector\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset arr_len\nset PullRemoteAccess 1\n\n\n##### Block: Security - Add Certificate #####\nHighlightBlock __t 2\njsonparse wsargs \"%7B%7D\"\nset wsargs.CertificateBlob \"MIIDKDCCAhCgAwIBAgIDBVZ2MA0GCSqGSIb3DQEBCwUAMEQxHzAdBgNVBAMTFk1lc2hDZW50cmFsUm9vdC1mYWM4NGUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtNZXNoQ2VudHJhbDAeFw0xNTA3MTkxODE3NTVaFw00NjA3MTkxODE3NTVaMEQxHzAdBgNVBAMTFk1lc2hDZW50cmFsUm9vdC1mYWM4NGUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtNZXNoQ2VudHJhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyN61TmYjDS8PJQGQ8OB2V0ccJ3kKZ4LkrwPhx+qRpZBqQ1MpUfjhjjMngjiEwVu04t729xekRjamwU6sorNZbp2l1OZNA2TIs5WCg1llXyxTkRqtfim83rwXQNu+6ivz5dAux46zKFGOcVdtMlyKEjZj16zuAQ/2xg6qgyQFYwwArq9Cy5qzWMA5cjqugqA106adkOQRCatdWHYxaMXRJaBJuKQnp1HGPefyITK1UEshEZYqmBKnbD9NwxqsC+Sp/diRWrGIEKkx1GsrepQcEXIzIMSdq7+LApwhl84pgNkzKJXHTPHqQaQSejPj3FprsQh2bgsbRJUwBTWIBru/MCAwEAAaMjMCEwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEEBAMCAAUwDQYJKoZIhvcNAQELBQADggEBAA+eOSMF7b82S3faGV7jKAFzkRwOUoZnCVFV6eGBK1iyPC/xrIbWncSc59DjnHMyXWCmc0OVknTgfeyqIS2OD2DkW1zU1gNuQksDbETzV6Db3ExQyv1BXCasLPop2CkC3WCwLFa2bXG7AEheFFfqwZz1mRwPnr8AiHS2zG6RjepZts+zQvVhTftiW1aFmYVHDWlhHFIVJ4xw2KHPfuufSxyOO7YOosjzGHUYiEP1zOQKmwm1Rcz+QZRmj/O8PfQsiKnUHpHAhx0GTqwgoL7hi2bkbC9IX04pDX8Vd5uABDLfU3+S3vjBvUe+XYSRknDnFiivOtAY6fFwLqu+OnbwiIA=\"\njump :certroot 1 \"=\" 1\nprint \"Adding certificate...\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\njump :certdone\n:certroot\nprint \"Adding root certificate...\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddTrustedRootCertificate\" wsargs\n:certdone\nset wsargs\nset AMT_PublicKeyManagementService\nset PullCertificates 1\n\n\n##### Block: Remote - Add MPS IP/User #####\nHighlightBlock __t 3\n# Set method parameters\njsonparse wsargs \"%7B%22AccessInfo%22:%22192.168.2.133%22,%22InfoFormat%22:%223%22,%22Port%22:4433,%22AuthMethod%22:%222%22,%22Username%22:%22B6367516FC563665%22,%22Password%22:%22P@ssw0rd%22%7D\"\nset wsargs.CN \"devbox.mesh.meshcentral.com\"\n# Execute call to AddMpServer\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\njump :error-3 wsman_result \"!=\" 200\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\nset PullRemoteAccess 1\njump :end-3\n:error-3\nprint \"Call failed: {wsman_result_str}\"\n:end-3\nset AMT_RemoteAccessService\nset wsargs\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset wsman_ans_length\n\n##### Block: Remote - Add Trigger (Periodic) #####\nHighlightBlock __t 4\n# *** Verify valid input ***\nsplit period_arr \"10\" \":\"\nlength period_arr_len period_arr\njump :INVALID_ARG_AccessInfo1 \"192.168.2.133:4433\" \"=\" \"\"\njump :DailyPeriod \"0\" \"!=\" \"0\"\njump :INVALID_PeriodType \"0\" \"!=\" \"0\"\njump :INVALID_ARG_Period period_arr.0 \"<=\" \"0\"\njump :INVALID_ARG_Period period_arr.0 \">\" \"4294967295\"\nIntToStr extendedData \"0\"\nIntToStr bPeriod period_arr.0\nadd extendedData extendedData bPeriod\njump :SET_PERIOD\n:DailyPeriod\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\nIntToStr extendedData \"1\"\nIntToStr bPeriodHour period_arr.0\nIntToStr bPeriodMinute period_arr.1\nadd extendedData extendedData bPeriodHour\nadd extendedData extendedData bPeriodMinute\njump :SET_PERIOD\n:INVALID_PeriodType\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\njump :end-4\n:INVALID_ARG_PeriodDaily\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\njump :end-4\n:INVALID_ARG_AccessInfo1\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\njump :end-4\n:INVALID_ARG_Period\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"5\"\n:SET_IPV6_PREFIX-6\njump :IPv6StringsDefined-6 envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\njump :EMPTY_IPV6PRFX \"\" \"=\" \"\" \nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\njump :CALL_WSPUT-6\n:IPv6StringsDefined-6\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\n:EMPTY_IPV6PRFX\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-6 arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\n:CALL_WSPUT-6\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\njump :error-6 wsman_result \"!=\" 200\nprint \"Environment Detection set successfully\"\njump :end-6\n:error-6\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\njump :end-6\n:INVALID_LEN_DetectionStrings-6\nprint \"ERROR: detection strings count must be at most 5\"\njump :end-6\n:INVALID_LEN_DetectionIPv6LocalPrefixes-6\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\njump :end-6\n:EMPTY_DETECTIONSTR-6\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\n:end-6\n set PullRemoteAccess \"1\"\nset AMT_EnvironmentDetectionSettingData\nset arrDetectionIPv6LocalPrefixes\nset arrDetectionStrings\nset envDetectionInstance\nset ws_general_query\nset wsman_answer \nset wsman_result\n\n##### Ending Block #####\n:end\njump :SkipPullSystemStatus PullSystemStatus \"!=\" 1\nPullSystemStatus\n:SkipPullSystemStatus\njump :SkipPullEventLog PullEventLog \"!=\" 1\nPullEventLog\n:SkipPullEventLog\njump :SkipPullAuditLog PullAuditLog \"!=\" 1\nPullAuditLog\n:SkipPullAuditLog\njump :SkipPullCertificates PullCertificates \"!=\" 1\nPullCertificates\n:SkipPullCertificates\njump :SkipPullWatchdog PullWatchdog \"!=\" 1\nPullWatchdog\n:SkipPullWatchdog\njump :SkipPullSystemDefense PullSystemDefense \"!=\" 1\nPullSystemDefense\n:SkipPullSystemDefense\njump :SkipPullHardware PullHardware \"!=\" 1\nPullHardware\n:SkipPullHardware\njump :SkipPullUserInfo PullUserInfo \"!=\" 1\nPullUserInfo\n:SkipPullUserInfo\njump :SkipPullRemoteAccess PullRemoteAccess \"!=\" 1\nPullRemoteAccess\n:SkipPullRemoteAccess\nprint \"Script Completed\"\nHighlightBlock\n", "mescript": "JH0pRQABAAMAFwABAA8BU2NyaXB0IFN0YXJ0ZWROKQATAAIABABfX3QABQIAAAAAAAsAdgACAA0AaE1hcFBvbGljaWVzAF8BJTdCJTIyMCUyMjolMjAlMjJVc2VyJTIwSW5pdGlhdGVkJTIyLCUwOSUyMjElMjI6JTIwJTIyQWxlcnQlMjIsJTIwJTIyMiUyMjolMjAlMjJQZXJpb2RpYyUyMiU3RAAIACAAAwAMAHBvbGljaWVzQXJyAAYBMCwxLDIAAgEsAAoAJQACAA8AcG9saWNpZXNBcnJMZW4ADABwb2xpY2llc0FycgACABEAAgACAGkABQIAAAAAAAIAMwACAAoAY3VyUG9saWN5AB8AaE1hcFBvbGljaWVzLntwb2xpY2llc0Fyci57aX19AAsAPwACAAgAd3NfYXJncwAtASU3QiUyMlBvbGljeVJ1bGVOYW1lJTIyOiUyMntjdXJQb2xpY3l9JTIyJTdEABMALQACABsBQU1UX1JlbW90ZUFjY2Vzc1BvbGljeVJ1bGUACAB3c19hcmdzAA0AFQADAAIAaQACAGkABQIAAAABAAEAJgAEAAUDAAAA9gACAGkAAgE8AA8AcG9saWNpZXNBcnJMZW4AAwAsAAEAJAFJTkZPOiBQb2xpY2llcyByZW1vdmVkIHN1Y2Nlc3NmdWxseQACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABAAIAIwABABsAQU1UX1JlbW90ZUFjY2Vzc1BvbGljeVJ1bGUAAgASAAEACgBjdXJQb2xpY3kAAgAVAAEADQBoTWFwUG9saWNpZXMAAgAKAAEAAgBpAAIAFAABAAwAcG9saWNpZXNBcnIAAgAXAAEADwBwb2xpY2llc0FyckxlbgACABAAAQAIAHdzX2FyZ3MAAgAVAAEADQB3c21hbl9yZXN1bHROKQATAAIABABfX3QABQIAAAABAAgAPwADABEAd3NfZ2VuZXJhbF9xdWVyeQAgAUFNVF9NYW5hZ2VtZW50UHJlc2VuY2VSZW1vdGVTQVAAAgAsABAAKAACAA0Bd3NtYW5fYW5zd2VyABEAd3NfZ2VuZXJhbF9xdWVyeQACABEAAgACAGkABQIAAAAAAAIARQACAAQAYXJyADcAd3NtYW5fYW5zd2VyLkFNVF9NYW5hZ2VtZW50UHJlc2VuY2VSZW1vdGVTQVAucmVzcG9uc2VzAAoAFgACAAgAYXJyX2xlbgAEAGFycgACAFcAAgANAGluc3RhbmNlTmFtZQBAAHdzbWFuX2Fuc3dlci5BTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQLnJlc3BvbnNlcy57aX0uTmFtZQACAHwAAgAJAHNlbGVjdG9yAGkBJTNDdzpTZWxlY3RvclNldCUzRSUzQ3c6U2VsZWN0b3IlMjBOYW1lPSUyMk5hbWUlMjIlM0V7aW5zdGFuY2VOYW1lfSUzQy93OlNlbGVjdG9yJTNFJTNDL3c6U2VsZWN0b3JTZXQlM0UAEwAzAAIAIAFBTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQAAkAc2VsZWN0b3IADQAVAAMAAgBpAAIAaQAFAgAAAAEAAQAfAAQABQMAAAOmAAIAaQACATwACABhcnJfbGVuAAIAKAABACAAQU1UX01hbmFnZW1lbnRQcmVzZW5jZVJlbW90ZVNBUAACAAwAAQAEAGFycgACAAoAAQACAGkAAgAVAAEADQBpbnN0YW5jZU5hbWUAAgARAAEACQBzZWxlY3RvcgACABkAAQARAHdzX2dlbmVyYWxfcXVlcnkAAgAVAAEADQB3c21hbl9hbnN3ZXIAAgAVAAEADQB3c21hbl9yZXN1bHQAAgAZAAEAEQB3c21hbl9yZXN1bHRfc3RyAAIAEAABAAgAYXJyX2xlbgACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABTikAEwACAAQAX190AAUCAAAAAgALABgAAgAHAHdzYXJncwAHASU3QiU3RAACBF4AAgAXAHdzYXJncy5DZXJ0aWZpY2F0ZUJsb2IEPQFNSUlES0RDQ0FoQ2dBd0lCQWdJREJWWjJNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1FUXhIekFkQmdOVkJBTVRGazFsYzJoRFpXNTBjbUZzVW05dmRDMW1ZV000TkdVeEN6QUpCZ05WQkFZVEFsVlRNUlF3RWdZRFZRUUtFd3ROWlhOb1EyVnVkSEpoYkRBZUZ3MHhOVEEzTVRreE9ERTNOVFZhRncwME5qQTNNVGt4T0RFM05UVmFNRVF4SHpBZEJnTlZCQU1URmsxbGMyaERaVzUwY21Gc1VtOXZkQzFtWVdNNE5HVXhDekFKQmdOVkJBWVRBbFZUTVJRd0VnWURWUVFLRXd0TlpYTm9RMlZ1ZEhKaGJEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUp5TjYxVG1ZakRTOFBKUUdROE9CMlYwY2NKM2tLWjRMa3J3UGh4K3FScFpCcVExTXBVZmpoampNbmdqaUV3VnUwNHQ3Mjl4ZWtSamFtd1U2c29yTlpicDJsMU9aTkEyVElzNVdDZzFsbFh5eFRrUnF0ZmltODNyd1hRTnUrNml2ejVkQXV4NDZ6S0ZHT2NWZHRNbHlLRWpaajE2enVBUS8yeGc2cWd5UUZZd3dBcnE5Q3k1cXpXTUE1Y2pxdWdxQTEwNmFka09RUkNhdGRXSFl4YU1YUkphQkp1S1FucDFIR1BlZnlJVEsxVUVzaEVaWXFtQktuYkQ5Tnd4cXNDK1NwL2RpUldyR0lFS2t4MUdzcmVwUWNFWEl6SU1TZHE3K0xBcHdobDg0cGdOa3pLSlhIVFBIcVFhUVNlalBqM0ZwcnNRaDJiZ3NiUkpVd0JUV0lCcnUvTUNBd0VBQWFNak1DRXdEQVlEVlIwVEJBVXdBd0VCL3pBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQUFVd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFBK2VPU01GN2I4MlMzZmFHVjdqS0FGemtSd09Vb1puQ1ZGVjZlR0JLMWl5UEMveHJJYlduY1NjNTlEam5ITXlYV0NtYzBPVmtuVGdmZXlxSVMyT0QyRGtXMXpVMWdOdVFrc0RiRVR6VjZEYjNFeFF5djFCWENhc0xQb3AyQ2tDM1dDd0xGYTJiWEc3QUVoZUZGZnF3WnoxbVJ3UG5yOEFpSFMyekc2UmplcFp0cyt6UXZWaFRmdGlXMWFGbVlWSERXbGhIRklWSjR4dzJLSFBmdXVmU3h5T083WU9vc2p6R0hVWWlFUDF6T1FLbXdtMVJjeitRWlJtai9POFBmUXNpS25VSHBIQWh4MEdUcXdnb0w3aGkyYmtiQzlJWDA0cERYOFZkNXVBQkRMZlUzK1MzdmpCdlVlK1hZU1JrbkRuRmlpdk90QVk2ZkZ3THF1K09uYndpSUE9AAEAHwAEAAUDAAAK5AAFAgAAAAEAAgE9AAUCAAAAAQADAB4AAQAWAUFkZGluZyBjZXJ0aWZpY2F0ZS4uLgAUAEEAAwAfAUFNVF9QdWJsaWNLZXlNYW5hZ2VtZW50U2VydmljZQAPAUFkZENlcnRpZmljYXRlAAcAd3NhcmdzAAEADQABAAUDAAALUwADACMAAQAbAUFkZGluZyByb290IGNlcnRpZmljYXRlLi4uABQATAADAB8BQU1UX1B1YmxpY0tleU1hbmFnZW1lbnRTZXJ2aWNlABoBQWRkVHJ1c3RlZFJvb3RDZXJ0aWZpY2F0ZQAHAHdzYXJncwACAA8AAQAHAHdzYXJncwACACcAAQAfAEFNVF9QdWJsaWNLZXlNYW5hZ2VtZW50U2VydmljZQACACAAAgARAFB1bGxDZXJ0aWZpY2F0ZXMABQIAAAABTikAEwACAAQAX190AAUCAAAAAwALAMIAAgAHAHdzYXJncwCxASU3QiUyMkFjY2Vzc0luZm8lMjI6JTIyMTkyLjE2OC4yLjEzMyUyMiwlMjJJbmZvRm9ybWF0JTIyOiUyMjMlMjIsJTIyUG9ydCUyMjo0NDMzLCUyMkF1dGhNZXRob2QlMjI6JTIyMiUyMiwlMjJVc2VybmFtZSUyMjolMjJCNjM2NzUxNkZDNTYzNjY1JTIyLCUyMlBhc3N3b3JkJTIyOiUyMlBAc3N3MHJkJTIyJTdEAAIAMAACAAoAd3NhcmdzLkNOABwBZGV2Ym94Lm1lc2gubWVzaGNlbnRyYWwuY29tABQAOgAEABgBQU1UX1JlbW90ZUFjY2Vzc1NlcnZpY2UADAFBZGRNcFNlcnZlcgAHAHdzYXJncwABAQABACgABAAFAwAADZgADQB3c21hbl9yZXN1bHQAAwEhPQAFAgAAAMgAAwBbAAEAUwFNYW5hZ2VtZW50IFByZXNjZW5jZSBTZXJ2ZXIgKE1QUykgc3VjY2Vzc2Z1bGx5IGFkZGVkIHRvIHRoZSBJbnRlbChSKSBBTVQgU3Vic3lzdGVtAAIAIAACABEAUHVsbFJlbW90ZUFjY2VzcwAFAgAAAAEAAQANAAEABQMAAA3AAAMAKAABACABQ2FsbCBmYWlsZWQ6IHt3c21hbl9yZXN1bHRfc3RyfQACACAAAQAYAEFNVF9SZW1vdGVBY2Nlc3NTZXJ2aWNlAAIADwABAAcAd3NhcmdzAAIAFQABAA0Ad3NtYW5fYW5zd2VyAAIAFQABAA0Ad3NtYW5fcmVzdWx0AAIAGQABABEAd3NtYW5fcmVzdWx0X3N0cgACABkAAQARAHdzbWFuX2Fuc19sZW5ndGhOKQATAAIABABfX3QABQIAAAAEAAgAHAADAAsAcGVyaW9kX2FycgADATEwAAIBOgAKACQAAgAPAHBlcmlvZF9hcnJfbGVuAAsAcGVyaW9kX2FycgABACkABAAFAwAAEh0AEwExOTIuMTY4LjIuMTMzOjQ0MzMAAgE9AAEBAAEAGgAEAAUDAAAPwAACATAAAwEhPQACATAAAQAaAAQABQMAABFPAAIBMAADASE9AAIBMAABACUABAAFAwAAEnoADQBwZXJpb2RfYXJyLjAAAwE8PQACATAAAQAtAAQABQMAABJ6AA0AcGVyaW9kX2Fyci4wAAIBPgALATQyOTQ5NjcyOTUnIQAZAAIADQBleHRlbmRlZERhdGEAAgEwJyEAHwACAAgAYlBlcmlvZAANAHBlcmlvZF9hcnIuMAANAC4AAwANAGV4dGVuZGVkRGF0YQANAGV4dGVuZGVkRGF0YQAIAGJQZXJpb2QAAQANAAEABQMAABLdAAEAJwAEAAUDAAARTwAPAHBlcmlvZF9hcnJfbGVuAAMBIT0AAgEyAAEAJQAEAAUDAAARrAANAHBlcmlvZF9hcnIuMAADATw9AAIBMAABACUABAAFAwAAEawADQBwZXJpb2RfYXJyLjAAAgE+AAMBMjMAAQAlAAQABQMAABGsAA0AcGVyaW9kX2Fyci4xAAIBPgADATU5AAEAJQAEAAUDAAARrAANAHBlcmlvZF9hcnIuMQADATw9AAIBMCchABkAAgANAGV4dGVuZGVkRGF0YQACATEnIQAjAAIADABiUGVyaW9kSG91cgANAHBlcmlvZF9hcnIuMCchACUAAgAOAGJQZXJpb2RNaW51dGUADQBwZXJpb2RfYXJyLjEADQAyAAMADQBleHRlbmRlZERhdGEADQBleHRlbmRlZERhdGEADABiUGVyaW9kSG91cgANADQAAwANAGV4dGVuZGVkRGF0YQANAGV4dGVuZGVkRGF0YQAOAGJQZXJpb2RNaW51dGUAAQANAAEABQMAABLdAAMAUAABAEgBRVJST1I6IFRoZSBwZXJpb2QgdHlwZSBhbmQgdmFsdWUgbXVzdCBjb3JyZXNwb25kLCBhYm9ydGluZyBvcGVyYXRpb24uLi4AAQANAAEABQMAAB33AAMAZAABAFwBRVJST1I6IEZpZWxkICUyMlBlcmlvZCUyMiBtdXN0IGJlIGEgdmFsdWUgSEg6TU0gMDw9SEg8MjQgJiYgMDw9TU08NjAsIGFib3J0aW5nIG9wZXJhdGlvbi4uLgABAA0AAQAFAwAAHfcAAwBQAAEASAFFUlJPUjogRmllbGQgJTIyQWNjZXNzSW5mbzElMjIgbXVzdCBub3QgYmUgZW1wdHksIGFib3J0aW5nIG9wZXJhdGlvbi4uLgABAA0AAQAFAwAAHfcAAwBWAAEATgFFUlJPUjogRmllbGQgJTIyUGVyaW9kJTIyIG11c3QgYmUgYSB2YWx1ZSAwPD10PE1BWF9JTlQsIGFib3J0aW5nIG9wZXJhdGlvbi4uLgABAA0AAQAFAwAAHfcACwBLAAIACAB3c19hcmdzADkBJTdCJTIyVHJpZ2dlciUyMjolMjIyJTIyLCUyMlR1bm5lbExpZmVUaW1lJTIyOiUyMjAlMjIlN0QnFAAkAAIADQBleHRlbmRlZERhdGEADQBleHRlbmRlZERhdGEAAgAsAAIAFQB3c19hcmdzLkV4dGVuZGVkRGF0YQANAGV4dGVuZGVkRGF0YQAIAD8AAwARAHdzX2dlbmVyYWxfcXVlcnkAIAFBTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQAAIALAAQACgAAgANAXdzbWFuX2Fuc3dlcgARAHdzX2dlbmVyYWxfcXVlcnkAAgARAAIAAgBpAAUCAAAAAAACAEUAAgAEAGFycgA3AHdzbWFuX2Fuc3dlci5BTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQLnJlc3BvbnNlcwAKABYAAgAIAGFycl9sZW4ABABhcnIAAgAUAAIACABtcHNFcHIxAAIBKgACABQAAgAIAG1wc0VwcjIAAgEqAAIAKwACAA4AY3VyQWNjZXNzSW5mbwATAGFyci57aX0uQWNjZXNzSW5mbwANACoAAwAOAGN1ckFjY2Vzc0luZm8ADgBjdXJBY2Nlc3NJbmZvAAIBOgANADUAAwAOAGN1ckFjY2Vzc0luZm8ADgBjdXJBY2Nlc3NJbmZvAA0AYXJyLntpfS5Qb3J0AAEANwAEAAUDAAAV0wAOAGN1ckFjY2Vzc0luZm8AAwEhPQATATE5Mi4xNjguMi4xMzM6NDQzMwACAFIAAgAIAG1wc0VwcjEAQAB3c21hbl9hbnN3ZXIuQU1UX01hbmFnZW1lbnRQcmVzZW5jZVJlbW90ZVNBUC5yZXNwb25zZXMue2l9Lk5hbWUAAwA2AAEALgFJTkZPOiBGb3VuZCBtYXRjaGluZyAocHJpbWFyeSkgbXBzOiB7bXBzRXByMX0AAQAXAAQABQMAABa2AAEBAAIBPQABAQABACUABAAFAwAAFoIADgBjdXJBY2Nlc3NJbmZvAAMBIT0AAQEAAgBSAAIACABtcHNFcHIyAEAAd3NtYW5fYW5zd2VyLkFNVF9NYW5hZ2VtZW50UHJlc2VuY2VSZW1vdGVTQVAucmVzcG9uc2VzLntpfS5OYW1lAAMAOAABADABSU5GTzogRm91bmQgbWF0Y2hpbmcgKHNlY29uZGFyeSkgbXBzOiB7bXBzRXByMn0ADQAVAAMAAgBpAAIAaQAFAgAAAAEAAQAfAAQABQMAABRzAAIAaQACATwACABhcnJfbGVuAAEAIAAEAAUDAAAXQQAIAG1wc0VwcjEAAwEhPQACASoAAwBeAAEAVgFFUlJPUjogTVBTIHNlcnZlcjogJTIyMTkyLjE2OC4yLjEzMzo0NDMzJTIyIGNvdWxkIG5vdCBiZSBmb3VuZCwgYWJvcnRpbmcgb3BlcmF0aW9uLi4uAAEADQABAAUDAAAd9wABABcABAAFAwAAF9EAAQEAAgE9AAEBAAEAIAAEAAUDAAAX0QAIAG1wc0VwcjIAAwEhPQACASoAAwBMAAEARAFFUlJPUjogTVBTIHNlcnZlcjogJTIyJTIyIGNvdWxkIG5vdCBiZSBmb3VuZCwgYWJvcnRpbmcgb3BlcmF0aW9uLi4uAAEADQABAAUDAAAd9wADACAAAQAYAUlORk86IFNldHRpbmcgcG9saWN5Li4uAAsAIgACABEAd3NfYXJncy5NcFNlcnZlcgAHASU3QiU3RAACAmEAAgAJAE1wU2VydmVyAk4BJTNDQWRkcmVzcyUyMHhtbG5zPSUyMmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDQvMDgvYWRkcmVzc2luZyUyMiUzRWh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDQvMDgvYWRkcmVzc2luZy9yb2xlL2Fub255bW91cyUzQy9BZGRyZXNzJTNFJTNDUmVmZXJlbmNlUGFyYW1ldGVycyUyMHhtbG5zPSUyMmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDQvMDgvYWRkcmVzc2luZyUyMiUzRSUzQ1Jlc291cmNlVVJJJTIweG1sbnM9JTIyaHR0cDovL3NjaGVtYXMuZG10Zi5vcmcvd2JlbS93c21hbi8xL3dzbWFuLnhzZCUyMiUzRWh0dHA6Ly9pbnRlbC5jb20vd2JlbS93c2NpbS8xL2FtdC1zY2hlbWEvMS9BTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQJTNDL1Jlc291cmNlVVJJJTNFJTNDU2VsZWN0b3JTZXQlMjB4bWxucz0lMjJodHRwOi8vc2NoZW1hcy5kbXRmLm9yZy93YmVtL3dzbWFuLzEvd3NtYW4ueHNkJTIyJTNFJTNDU2VsZWN0b3IlMjBOYW1lPSUyMk5hbWUlMjIlM0V7bXBzRXByMX0lM0MvU2VsZWN0b3IlM0UlM0MvU2VsZWN0b3JTZXQlM0UlM0MvUmVmZXJlbmNlUGFyYW1ldGVycyUzRQABABcABAAFAwAAHPgAAQEAAgE9AAEBAA0CbQADAAkATXBTZXJ2ZXIACQBNcFNlcnZlcgJPAXwlM0NBZGRyZXNzJTIweG1sbnM9JTIyaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nJTIyJTNFaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nL3JvbGUvYW5vbnltb3VzJTNDL0FkZHJlc3MlM0UlM0NSZWZlcmVuY2VQYXJhbWV0ZXJzJTIweG1sbnM9JTIyaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nJTIyJTNFJTNDUmVzb3VyY2VVUkklMjB4bWxucz0lMjJodHRwOi8vc2NoZW1hcy5kbXRmLm9yZy93YmVtL3dzbWFuLzEvd3NtYW4ueHNkJTIyJTNFaHR0cDovL2ludGVsLmNvbS93YmVtL3dzY2ltLzEvYW10LXNjaGVtYS8xL0FNVF9NYW5hZ2VtZW50UHJlc2VuY2VSZW1vdGVTQVAlM0MvUmVzb3VyY2VVUkklM0UlM0NTZWxlY3RvclNldCUyMHhtbG5zPSUyMmh0dHA6Ly9zY2hlbWFzLmRtdGYub3JnL3diZW0vd3NtYW4vMS93c21hbi54c2QlMjIlM0UlM0NTZWxlY3RvciUyME5hbWU9JTIyTmFtZSUyMiUzRXttcHNFcHIyfSUzQy9TZWxlY3RvciUzRSUzQy9TZWxlY3RvclNldCUzRSUzQy9SZWZlcmVuY2VQYXJhbWV0ZXJzJTNFAAgAKAADABEAd3NfYXJncy5NcFNlcnZlcgAJAE1wU2VydmVyAAIBfAAUAFEABAAYAUFNVF9SZW1vdGVBY2Nlc3NTZXJ2aWNlABoBQWRkUmVtb3RlQWNjZXNzUG9saWN5UnVsZQAIAHdzX2FyZ3MACQBzZWxlY3RvcgABACgABAAFAwAAHckADQB3c21hbl9yZXN1bHQAAwEhPQAFAgAAAMgAAwAjAAEAGwFQb2xpY3kgYWRkZWRkIHN1Y2Nlc3NmdWxseQABAA0AAQAFAwAAHfcAAwAuAAEAJgFXU01BTiBjYWxsIGZhaWxlZDoge3dzbWFuX3Jlc3VsdF9zdHJ9AAIAIAACABEAUHVsbFJlbW90ZUFjY2VzcwAFAgAAAAEAAgAQAAEACABtcHNFcHIxAAIAEAABAAgAbXBzRXByMgACAAoAAQACAGkAAgAWAAEADgBjdXJBY2Nlc3NJbmZvAAIAEAABAAgAYXJyX2xlbgACABEAAQAJAE1wU2VydmVyAAIADAABAAQAYXJyAAIAIAABABgAQU1UX1JlbW90ZUFjY2Vzc1NlcnZpY2UAAgAVAAEADQB3c21hbl9yZXN1bHQAAgAZAAEAEQB3c21hbl9yZXN1bHRfc3RyAAIAEAABAAgAd3NfYXJncwACABkAAQARAHdzX2dlbmVyYWxfcXVlcnkAAgAVAAEADQB3c21hbl9hbnN3ZXIAAgAQAAEACABiUGVyaW9kAAIAFQABAA0AZXh0ZW5kZWREYXRhAAIAEwABAAsAcGVyaW9kX2FycgACABcAAQAPAHBlcmlvZF9hcnJfbGVuAAIAFAABAAwAYlBlcmlvZEhvdXIAAgAWAAEADgBiUGVyaW9kTWludXRlTikAEwACAAQAX190AAUCAAAABQALADgAAgAHAHdzYXJncwAnASU3QiUyMlJlcXVlc3RlZFN0YXRlJTIyOiUyMjMyNzcxJTIyJTdEAAsAkwACAAoARW51bVN0YXRlAH8BJTdCJTIyMzI3NjglMjI6JTIyRGlzYWJsZWQlMjIsJTIyMzI3NjklMjI6JTIyQklPUyBFbmFibGVkJTIyLCUyMjMyNzcwJTIyOiUyMk9TIGVuYWJsZSUyMiwlMjIzMjc3MSUyMjolMjJCSU9TICYgT1MgRW5hYmVkJTIyJTdEABQATAAEACMBQU1UX1VzZXJJbml0aWF0ZWRDb25uZWN0aW9uU2VydmljZQATAVJlcXVlc3RTdGF0ZUNoYW5nZQAHAHdzYXJncwABAQABACgABAAFAwAAIVEADQB3c21hbl9yZXN1bHQAAwEhPQAFAgAAAMgAAwBJAAEAQQFTVUNDRVNTOiBSZW1vdGUgQWNjZXNzIHVzZXIgaW50ZXJmYWNlcyBzZXQgdG86IHtFbnVtU3RhdGUuMzI3NzF9AAIAIAACABEAUHVsbFJlbW90ZUFjY2VzcwAFAgAAAAEAAQANAAEABQMAACF5AAMAKAABACABQ2FsbCBmYWlsZWQ6IHt3c21hbl9yZXN1bHRfc3RyfQACAA8AAQAHAHdzYXJncwACABUAAQANAHdzbWFuX3Jlc3VsdAACABkAAQARAHdzbWFuX3Jlc3VsdF9zdHIAAgASAAEACgBFbnVtU3RhdGUAAgArAAEAIwBBTVRfVXNlckluaXRpYXRlZENvbm5lY3Rpb25TZXJ2aWNlTikAEwACAAQAX190AAUCAAAABgADACcAAQAfAUlORk86IFBhcnNpbmcgYmxvY2sgcGFyYW1ldGVycwABACUABAAFAwAAKaEADwFhYWJiY2NkZGVlZmZnZwACAT0AAQEACAAxAAMAFABhcnJEZXRlY3Rpb25TdHJpbmdzAA8BYWFiYmNjZGRlZWZmZ2cAAgEsAAgALQADAB4AYXJyRGV0ZWN0aW9uSVB2NkxvY2FsUHJlZml4ZXMAAQEAAgEsAAMALAABACQBSU5GTzogU2V0dGluZyBFbnZpcm9ubWVudCBEZXRlY3Rpb24ACABEAAMAEQB3c19nZW5lcmFsX3F1ZXJ5ACUBKkFNVF9FbnZpcm9ubWVudERldGVjdGlvblNldHRpbmdEYXRhAAIBLAAQACgAAgANAXdzbWFuX2Fuc3dlcgARAHdzX2dlbmVyYWxfcXVlcnkAAgBZAAIAFQBlbnZEZXRlY3Rpb25JbnN0YW5jZQA6AHdzbWFuX2Fuc3dlci5BTVRfRW52aXJvbm1lbnREZXRlY3Rpb25TZXR0aW5nRGF0YS5yZXNwb25zZQABADoAAwAFAwAAJCwAJgBlbnZEZXRlY3Rpb25JbnN0YW5jZS5EZXRlY3Rpb25TdHJpbmdzAAMBIT0AAgBEAAIAJgBlbnZEZXRlY3Rpb25JbnN0YW5jZS5EZXRlY3Rpb25TdHJpbmdzABQAYXJyRGV0ZWN0aW9uU3RyaW5ncwABAA0AAQAFAwAAJZkADQA2AAMAFABhcnJEZXRlY3Rpb25TdHJpbmdzAAIBLAAUAGFyckRldGVjdGlvblN0cmluZ3MADQBsAAMAJgBlbnZEZXRlY3Rpb25JbnN0YW5jZS5EZXRlY3Rpb25TdHJpbmdzACYAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uU3RyaW5ncwAUAGFyckRldGVjdGlvblN0cmluZ3MnGQBWAAIAJgBlbnZEZXRlY3Rpb25JbnN0YW5jZS5EZXRlY3Rpb25TdHJpbmdzACYAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uU3RyaW5ncwAKAEcAAgAXAGFyckRldGVjdGlvblN0cmluZ3NMZW4AJgBlbnZEZXRlY3Rpb25JbnN0YW5jZS5EZXRlY3Rpb25TdHJpbmdzAAEALgAEAAUDAAApGQAXAGFyckRldGVjdGlvblN0cmluZ3NMZW4AAgE+AAIBNQABAEQAAwAFAwAAJlkAMABlbnZEZXRlY3Rpb25JbnN0YW5jZS5EZXRlY3Rpb25JUHY2TG9jYWxQcmVmaXhlcwADASE9AAEAFwAEAAUDAAAnlwABAQACAT0AAQEAAgBYAAIAMABlbnZEZXRlY3Rpb25JbnN0YW5jZS5EZXRlY3Rpb25JUHY2TG9jYWxQcmVmaXhlcwAeAGFyckRldGVjdGlvbklQdjZMb2NhbFByZWZpeGVzAAEADQABAAUDAAAoKgANAEoAAwAeAGFyckRldGVjdGlvbklQdjZMb2NhbFByZWZpeGVzAAIBLAAeAGFyckRldGVjdGlvbklQdjZMb2NhbFByZWZpeGVzAA0AigADADAAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uSVB2NkxvY2FsUHJlZml4ZXMAMABlbnZEZXRlY3Rpb25JbnN0YW5jZS5EZXRlY3Rpb25JUHY2TG9jYWxQcmVmaXhlcwAeAGFyckRldGVjdGlvbklQdjZMb2NhbFByZWZpeGVzJxkAagACADAAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uSVB2NkxvY2FsUHJlZml4ZXMAMABlbnZEZXRlY3Rpb25JbnN0YW5jZS5EZXRlY3Rpb25JUHY2TG9jYWxQcmVmaXhlcwAKAFsAAgAhAGFyckRldGVjdGlvbklQdjZMb2NhbFByZWZpeGVzTGVuADAAZW52RGV0ZWN0aW9uSW5zdGFuY2UuRGV0ZWN0aW9uSVB2NkxvY2FsUHJlZml4ZXMAAQA4AAQABQMAAClfACEAYXJyRGV0ZWN0aW9uSVB2NkxvY2FsUHJlZml4ZXNMZW4AAgE+AAIBNQARAEMAAgAkAUFNVF9FbnZpcm9ubWVudERldGVjdGlvblNldHRpbmdEYXRhABUAZW52RGV0ZWN0aW9uSW5zdGFuY2UAAQAoAAQABQMAACjXAA0Ad3NtYW5fcmVzdWx0AAMBIT0ABQIAAADIAAMANQABAC0BSU5GTzogRW52aXJvbm1lbnQgRGV0ZWN0aW9uIHNldCBzdWNjZXNzZnVsbHkAAQANAAEABQMAACn1AAMANQABAC0BRVJST1I6IFdTTUFOIGNhbGwgZmFpbGVkOiB7d3NtYW5fcmVzdWx0X3N0cn0AAQANAAEABQMAACn1AAMAOQABADEBRVJST1I6IGRldGVjdGlvbiBzdHJpbmdzIGNvdW50IG11c3QgYmUgYXQgbW9zdCA1AAEADQABAAUDAAAp9QADADUAAQAtAUVSUk9SOiBJUHY2IHByZWZpeGVzIGNvdW50IG11c3QgYmUgYXQgbW9zdCA1AAEADQABAAUDAAAp9QADAFQAAQBMAUVSUk9SOiAlMjJEZXRlY3Rpb24gU3RyaW5ncyUyMiBmaWVsZCBjYW5ub3QgYmUgZW1wdHksIGFib3J0aW5nIG9wZXJhdGlvbi4uLgACAB0AAgARAFB1bGxSZW1vdGVBY2Nlc3MAAgExAAIALAABACQAQU1UX0Vudmlyb25tZW50RGV0ZWN0aW9uU2V0dGluZ0RhdGEAAgAmAAEAHgBhcnJEZXRlY3Rpb25JUHY2TG9jYWxQcmVmaXhlcwACABwAAQAUAGFyckRldGVjdGlvblN0cmluZ3MAAgAdAAEAFQBlbnZEZXRlY3Rpb25JbnN0YW5jZQACABkAAQARAHdzX2dlbmVyYWxfcXVlcnkAAgAVAAEADQB3c21hbl9hbnN3ZXIAAgAVAAEADQB3c21hbl9yZXN1bHQAAQAsAAQABQMAACsSABEAUHVsbFN5c3RlbVN0YXR1cwADASE9AAUCAAAAAU4gAAYAAAABACgABAAFAwAAK0AADQBQdWxsRXZlbnRMb2cAAwEhPQAFAgAAAAFOIQAGAAAAAQAoAAQABQMAACtuAA0AUHVsbEF1ZGl0TG9nAAMBIT0ABQIAAAABTiIABgAAAAEALAAEAAUDAAAroAARAFB1bGxDZXJ0aWZpY2F0ZXMAAwEhPQAFAgAAAAFOIwAGAAAAAQAoAAQABQMAACvOAA0AUHVsbFdhdGNoZG9nAAMBIT0ABQIAAAABTiQABgAAAAEALQAEAAUDAAAsAQASAFB1bGxTeXN0ZW1EZWZlbnNlAAMBIT0ABQIAAAABTiUABgAAAAEAKAAEAAUDAAAsLwANAFB1bGxIYXJkd2FyZQADASE9AAUCAAAAAU4mAAYAAAABACgABAAFAwAALF0ADQBQdWxsVXNlckluZm8AAwEhPQAFAgAAAAFOJwAGAAAAAQAsAAQABQMAACyPABEAUHVsbFJlbW90ZUFjY2VzcwADASE9AAUCAAAAAU4oAAYAAAADABkAAQARAVNjcmlwdCBDb21wbGV0ZWROKQAGAAA=", "blocks": { "_start": { @@ -477,7 +477,7 @@ "AMT-Network-AddEnvDetection": { "name": "Network - Set Environment Detection", "desc": "Configures the DNS information that will be used by Intel AMT to dynamically determine the network it is operating in", - "code": "# *** Validate user input ***\r\nprint \"INFO: Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"INFO: Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"INFO: Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result", + "code": "# *** Validate user input ***\r\nprint \"Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result", "vars": { "DetectionStrings": { "name": "Detection Strings", @@ -684,7 +684,7 @@ "AMT-RemoteAccess-AddRemoteAccessPolicyRule": { "name": "Remote - Add Trigger (User / Alert)", "desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.", - "code": "# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%220%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\n# *** Verify valid input ***\r\njump :VALID_INPUT \"%%%AccessInfo1%%%\" \"!=\" \"\"\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:VALID_INPUT\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"INFO: Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"INFO: Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"INFO: Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy addedd successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer", + "code": "# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%220%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\n# *** Verify valid input ***\r\njump :VALID_INPUT \"%%%AccessInfo1%%%\" \"!=\" \"\"\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:VALID_INPUT\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy addedd successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer", "vars": { "AccessInfo1": { "name": "MPS 1 Address", @@ -722,7 +722,7 @@ "AMT-RemoteAccess-AddRemoteAccessPolicyRule2": { "name": "Remote - Add Trigger (Periodic)", "desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.", - "code": "# *** Verify valid input ***\r\nsplit period_arr \"%%%Period%%%\" \":\"\r\nlength period_arr_len period_arr\r\njump :INVALID_ARG_AccessInfo1 \"%%%AccessInfo1%%%\" \"=\" \"\"\r\njump :DailyPeriod \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_PeriodType \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \">\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"INFO: Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result", + "code": "# *** Validate user input ***\r\nprint \"Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result", "vars": { "DetectionStrings": { "name": "Detection Strings", diff --git a/views/default.handlebars b/views/default.handlebars index 5fb0131d..05dab81a 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -150,7 +150,7 @@ -
+