From 1d7635a0e44417dcaea08acadff105f08da05f05 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Fri, 23 Oct 2020 14:56:20 -0700 Subject: [PATCH] Fixed bug in Intel AMT password testing system. --- amtmanager.js | 13 +++++++------ views/default.handlebars | 6 +++--- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/amtmanager.js b/amtmanager.js index cacb596e..d0371139 100644 --- a/amtmanager.js +++ b/amtmanager.js @@ -313,7 +313,8 @@ module.exports.CreateAmtManager = function (parent) { if ((typeof mesh.amt.password == 'string') && (mesh.amt.password != '')) { password = mesh.amt.password; } } } - if (amtPolicy < 2) { ciraPolicy = 0; } + if (amtPolicy == 0) { ciraPolicy = 0; } // If no policy, don't change CIRA state. + if (amtPolicy == 1) { ciraPolicy = 1; } // If deactivation policy, clear CIRA. dev.policy = { amtPolicy: amtPolicy, ciraPolicy: ciraPolicy, badPass: badPass, password: password }; // Setup the monitored device @@ -371,8 +372,8 @@ module.exports.CreateAmtManager = function (parent) { // Deactivate CCM. deactivateIntelAmtCCM(dev); } else { - // Already deactivated or in ACM, do nothing. - dev.consoleMsg("Done."); + // Already deactivated or in ACM + dev.consoleMsg("Done."); // TODO: We need to at least clear CIRA removeAmtDevice(dev); } return; @@ -570,7 +571,7 @@ module.exports.CreateAmtManager = function (parent) { } else if (status == 401) { // Authentication error, see if we can use alternative credentials if ((dev.acctry == null) && (typeof dev.policy.password == 'string') && (dev.policy.password != '')) { dev.acctry = 'policy'; attemptInitialContact(dev); return; } - if ((dev.acctry == null) || (dev.acctry == 'policy') && (obj.amtAdminAccounts[dev.domainid] != null) && (obj.amtAdminAccounts[dev.domainid].length > 0)) { dev.acctry = 0; attemptInitialContact(dev); return; } + if (((dev.acctry == null) || (dev.acctry == 'policy')) && (obj.amtAdminAccounts[dev.domainid] != null) && (obj.amtAdminAccounts[dev.domainid].length > 0)) { dev.acctry = 0; attemptInitialContact(dev); return; } if ((dev.acctry != null) && (obj.amtAdminAccounts[dev.domainid] != null) && (obj.amtAdminAccounts[dev.domainid].length > (dev.acctry + 1))) { dev.acctry++; attemptInitialContact(dev); return; } // If this devics is in CCM mode and we have a bad password reset policy, do it now. @@ -1209,8 +1210,8 @@ module.exports.CreateAmtManager = function (parent) { const dev = stack.dev; if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request. if (status != 200) { dev.consoleMsg("Failed to create new MPS server (" + status + ")."); removeAmtDevice(dev); return; } + if ((response.Body.MpServer == null) || (response.Body.MpServer.ReferenceParameters == null) || (response.Body.MpServer.ReferenceParameters.SelectorSet == null) || (response.Body.MpServer.ReferenceParameters.SelectorSet.Selector == null)) { dev.consoleMsg("Create new MPS server invalid response."); removeAmtDevice(dev); return; } dev.cira.mpsPresent = getItem(response.Body.MpServer.ReferenceParameters.SelectorSet.Selector, '@Name', 'Name').Value; - console.log(dev.cira.mpsPresent); dev.consoleMsg("Created new MPS server."); addMpsPolicy(dev); }); @@ -1832,7 +1833,7 @@ module.exports.CreateAmtManager = function (parent) { delete dev.amtstack; UpdateDevice(dev); - if (dev.policy.amtPolicy == 1) { // CCM deactivation policy, we are done. + if (dev.policy.amtPolicy == 1) { // Deactivation policy, we are done. dev.consoleMsg("Deactivation successful."); dev.consoleMsg("Done."); removeAmtDevice(dev); diff --git a/views/default.handlebars b/views/default.handlebars index 72291668..2fc72329 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -9421,7 +9421,7 @@ // Intel AMT setup var intelAmtPolicy = "No Policy"; if (currentMesh.amt) { - if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate Client Control Mode (CCM)'; } + if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate'; } else if (currentMesh.amt.type == 2) { intelAmtPolicy = "Simple Client Control Mode (CCM)"; if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += " + CIRA"; } @@ -9519,7 +9519,7 @@ if (xxdialogMode) return; var x = '', acmoption = ''; if ((features & 0x100000) != 0) { acmoption = ''; } - x += addHtmlValue("Type", ''); + x += addHtmlValue("Type", ''); x += '
'; setDialogMode(2, "Intel® AMT Policy", 3, p20editMeshAmtEx, x); if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; } @@ -9553,7 +9553,7 @@ } } if (ptype == 0) { x = '
' + "When this policy is selected, Intel® AMT is not managed by this server. Intel AMT can still be used by manually activating and configuring it." + '
'; } - if (ptype == 1) { x = '
' + "When this policy is selected, any Intel® AMT in Client Control Mode (CCM) will be deactivated. Devices in Admin Control Mode (ACM) can still be managed manually." + '
'; } + if (ptype == 1) { x = '
' + "When this policy is selected, any Intel® AMT in Client Control Mode (CCM) will be deactivated. Other devices will have CIRA cleared and can still be managed manually." + '
'; } if (ptype == 4) { x = '
' + "This is the recommanded policy. Intel® AMT activation and management is completely automated and the server will attempt to make best possible use of hardware management." + '
'; } QH('dp20amtpolicydiv', x); setTimeout(dp20amtValidatePolicy, 1);