Added server-side Intel AMT configuration options.

This commit is contained in:
Ylian Saint-Hilaire 2019-02-07 15:00:10 -08:00
parent c3a49807dc
commit 28d13d6995
19 changed files with 250 additions and 61 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -95,6 +95,7 @@ function createMeshCore(agent) {
var nextTunnelIndex = 1; var nextTunnelIndex = 1;
var oswsstack = null; var oswsstack = null;
var osamtstack = null; var osamtstack = null;
var amtPolicy = null;
// If we are running in Duktape, agent will be null // If we are running in Duktape, agent will be null
if (agent == null) { if (agent == null) {
@ -174,7 +175,10 @@ function createMeshCore(agent) {
wifiScanner.on('accessPoint', function (data) { sendConsoleText(data); }); wifiScanner.on('accessPoint', function (data) { sendConsoleText(data); });
} catch (ex) { wifiScannerLib = null; wifiScanner = null; } } catch (ex) { wifiScannerLib = null; wifiScanner = null; }
// Try to load up the MEI module // Try to load Intel AMT policy
try { amtPolicy = JSON.parse(db.Get('amtPolicy')); } catch (ex) { amtPolicy = null; }
// Try to load up the MEI module
function resetMei() { function resetMei() {
try { try {
var amtMeiLib = require('amt-mei'); var amtMeiLib = require('amt-mei');
@ -502,6 +506,12 @@ function createMeshCore(agent) {
if (data.url) { mesh.SendCommand({ "action": "openUrl", "url": data.url, "sessionid": data.sessionid, "success": (openUserDesktopUrl(data.url) != null) }); } if (data.url) { mesh.SendCommand({ "action": "openUrl", "url": data.url, "sessionid": data.sessionid, "success": (openUserDesktopUrl(data.url) != null) }); }
break; break;
} }
case 'amtPolicy': {
// Store the latest Intel AMT policy
amtPolicy = data.amtPolicy;
if (data.amtPolicy != null) { db.Put('amtPolicy', JSON.stringify(data.amtPolicy)); } else { db.Put('amtPolicy', null); }
break;
}
default: default:
// Unknown action, ignore it. // Unknown action, ignore it.
break; break;
@ -1093,7 +1103,7 @@ function createMeshCore(agent) {
var response = null; var response = null;
switch (cmd) { switch (cmd) {
case 'help': { // Displays available commands case 'help': { // Displays available commands
response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtdeactivate.'; response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtdeactivate, amtpolicy.';
break; break;
} }
/* /*
@ -1132,6 +1142,14 @@ function createMeshCore(agent) {
if (amtMei == null) { response = 'Intel AMT not supported.'; } else { deactivateCCM(); } if (amtMei == null) { response = 'Intel AMT not supported.'; } else { deactivateCCM(); }
break; break;
} }
case 'amtpolicy': {
if (amtPolicy == null) {
response = 'No Intel(R) AMT policy.';
} else {
response = JSON.stringify(amtPolicy);
}
break;
}
case 'openurl': { case 'openurl': {
if (args['_'].length != 1) { response = 'Proper usage: openurl (url)'; } // Display usage if (args['_'].length != 1) { response = 'Proper usage: openurl (url)'; } // Display usage
else { if (openUserDesktopUrl(args['_'][0]) == null) { response = 'Failed.'; } else { response = 'Success.'; } } else { if (openUserDesktopUrl(args['_'][0]) == null) { response = 'Failed.'; } else { response = 'Success.'; } }
@ -2004,13 +2022,16 @@ function createMeshCore(agent) {
// //
function activeToCCM(adminpass) { function activeToCCM(adminpass) {
sendConsoleText('Trying to get local account info...');
amtMei.getLocalSystemAccount(function (x) { amtMei.getLocalSystemAccount(function (x) {
if (x.user && x.pass) { if (x.user && x.pass) {
sendConsoleText('Intel AMT local account info: User=' + x.user + ', Pass=' + x.pass + '.');
var transport = require('amt-wsman-duk'); var transport = require('amt-wsman-duk');
var wsman = require('amt-wsman'); var wsman = require('amt-wsman');
var amt = require('amt'); var amt = require('amt');
oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false); oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
osamtstack = new amt(oswsstack); osamtstack = new amt(oswsstack);
sendConsoleText('Trying to get Intel AMT activation information...');
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToCCMEx2, adminpass); osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToCCMEx2, adminpass);
} else { } else {
sendConsoleText('Unable to get $$OsAdmin password.'); sendConsoleText('Unable to get $$OsAdmin password.');
@ -2019,7 +2040,7 @@ function createMeshCore(agent) {
} }
function activeToCCMEx2(stack, name, responses, status, adminpass) { function activeToCCMEx2(stack, name, responses, status, adminpass) {
if (status != 200) { sendConsoleText('Failed to fetch activation status, status ' + status); } if (status != 200) { sendConsoleText('Failed to fetch activation information, status ' + status); }
else if (responses['IPS_HostBasedSetupService'].response['AllowedControlModes'].length != 2) { sendConsoleText('Client control mode activation not allowed'); } else if (responses['IPS_HostBasedSetupService'].response['AllowedControlModes'].length != 2) { sendConsoleText('Client control mode activation not allowed'); }
else { stack.IPS_HostBasedSetupService_Setup(2, md5hex('admin:' + responses['AMT_GeneralSettings'].response['DigestRealm'] + ':' + adminpass).substring(0, 32), null, null, null, null, activeToCCMEx3); } else { stack.IPS_HostBasedSetupService_Setup(2, md5hex('admin:' + responses['AMT_GeneralSettings'].response['DigestRealm'] + ':' + adminpass).substring(0, 32), null, null, null, null, activeToCCMEx3); }
} }

File diff suppressed because one or more lines are too long

View File

@ -129,6 +129,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
obj.parent.parent.taskLimiter.launch(function (argument, taskid, taskLimiterQueue) { obj.parent.parent.taskLimiter.launch(function (argument, taskid, taskLimiterQueue) {
obj.send(obj.common.ShortToStr(10) + obj.common.ShortToStr(0) + argument.hash + argument.core, function () { obj.parent.parent.taskLimiter.completed(taskid); }); // MeshCommand_CoreModule, start core update obj.send(obj.common.ShortToStr(10) + obj.common.ShortToStr(0) + argument.hash + argument.core, function () { obj.parent.parent.taskLimiter.completed(taskid); }); // MeshCommand_CoreModule, start core update
obj.parent.parent.debug(1, 'Updating code ' + argument.name); obj.parent.parent.debug(1, 'Updating code ' + argument.name);
agentCoreIsStable();
}, { hash: meshcorehash, core: obj.parent.parent.defaultMeshCores[corename], name: corename }); }, { hash: meshcorehash, core: obj.parent.parent.defaultMeshCores[corename], name: corename });
} }
obj.agentCoreCheck++; obj.agentCoreCheck++;
@ -136,6 +137,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
} else { } else {
obj.agentCoreCheck = 0; obj.agentCoreCheck = 0;
obj.send(obj.common.ShortToStr(16) + obj.common.ShortToStr(0)); // MeshCommand_CoreOk. Indicates to the agent that the core is ok. Start it if it's not already started. obj.send(obj.common.ShortToStr(16) + obj.common.ShortToStr(0)); // MeshCommand_CoreOk. Indicates to the agent that the core is ok. Start it if it's not already started.
agentCoreIsStable(); // No updates needed, agent is ready to go.
} }
} }
@ -463,52 +465,69 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
obj.send(obj.common.ShortToStr(12) + obj.common.ShortToStr(0)); obj.send(obj.common.ShortToStr(12) + obj.common.ShortToStr(0));
} else { } else {
// Check the mesh core, if the agent is capable of running one // Check the mesh core, if the agent is capable of running one
if (((obj.agentInfo.capabilities & 16) != 0) && (corename != null)) { obj.send(obj.common.ShortToStr(11) + obj.common.ShortToStr(0)); } // Command 11, ask for mesh core hash. if (((obj.agentInfo.capabilities & 16) != 0) && (corename != null)) {
obj.send(obj.common.ShortToStr(11) + obj.common.ShortToStr(0)); // Command 11, ask for mesh core hash.
} else {
agentCoreIsStable(); // No updates needed, agent is ready to go.
}
} }
});
}
// Do this if IP location is enabled on this domain TODO: Set IP location per device group? function agentCoreIsStable() {
if (domain.iplocation == true) { // Check that the mesh exists
// Check if we already have IP location information for this node var mesh = obj.parent.meshes[obj.dbMeshKey];
obj.db.Get('iploc_' + obj.remoteaddr, function (err, iplocs) { if (mesh == null) {
if (iplocs.length == 1) { // TODO: Mark this agent as part of a mesh that does not exists.
// We have a location in the database for this remote IP return; // Probably not worth doing anything else. Hold this agent.
var iploc = nodes[0], x = {}; }
if ((iploc != null) && (iploc.ip != null) && (iploc.loc != null)) {
x.publicip = iploc.ip; // Send Intel AMT policy
x.iploc = iploc.loc + ',' + (Math.floor((new Date(iploc.date)) / 1000)); var amtPolicy = null;
ChangeAgentLocationInfo(x); if (mesh.amt != null) { amtPolicy = mesh.amt; }
} obj.send(JSON.stringify({ action: 'amtPolicy', amtPolicy: amtPolicy }));
// Do this if IP location is enabled on this domain TODO: Set IP location per device group?
if (domain.iplocation == true) {
// Check if we already have IP location information for this node
obj.db.Get('iploc_' + obj.remoteaddr, function (err, iplocs) {
if (iplocs.length == 1) {
// We have a location in the database for this remote IP
var iploc = nodes[0], x = {};
if ((iploc != null) && (iploc.ip != null) && (iploc.loc != null)) {
x.publicip = iploc.ip;
x.iploc = iploc.loc + ',' + (Math.floor((new Date(iploc.date)) / 1000));
ChangeAgentLocationInfo(x);
}
} else {
// Check if we need to ask for the IP location
var doIpLocation = 0;
if (device.iploc == null) {
doIpLocation = 1;
} else { } else {
// Check if we need to ask for the IP location var loc = device.iploc.split(',');
var doIpLocation = 0; if (loc.length < 3) {
if (device.iploc == null) { doIpLocation = 2;
doIpLocation = 1;
} else { } else {
var loc = device.iploc.split(','); var t = new Date((parseFloat(loc[2]) * 1000)), now = Date.now();
if (loc.length < 3) { t.setDate(t.getDate() + 20);
doIpLocation = 2; if (t < now) { doIpLocation = 3; }
} else {
var t = new Date((parseFloat(loc[2]) * 1000)), now = Date.now();
t.setDate(t.getDate() + 20);
if (t < now) { doIpLocation = 3; }
}
}
// If we need to ask for IP location, see if we have the quota to do it.
if (doIpLocation > 0) {
obj.db.getValueOfTheDay('ipLocationRequestLimitor', 10, function (ipLocationLimitor) {
if (ipLocationLimitor.value > 0) {
ipLocationLimitor.value--;
obj.db.Set(ipLocationLimitor);
obj.send(JSON.stringify({ action: 'iplocation' }));
}
});
} }
} }
});
}
}); // If we need to ask for IP location, see if we have the quota to do it.
if (doIpLocation > 0) {
obj.db.getValueOfTheDay('ipLocationRequestLimitor', 10, function (ipLocationLimitor) {
if (ipLocationLimitor.value > 0) {
ipLocationLimitor.value--;
obj.db.Set(ipLocationLimitor);
obj.send(JSON.stringify({ action: 'iplocation' }));
}
});
}
}
});
}
} }
// Get the web certificate private key hash for the specified domain // Get the web certificate private key hash for the specified domain

View File

@ -110,6 +110,19 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
return true; return true;
} }
// Route a command to all targets in a mesh
function routeCommandToMesh(meshid, command) {
// Send the request to all peer servers
// TODO !!!!
// See if the node is connected
for (var nodeid in obj.parent.wsagents) {
var agent = obj.parent.wsagents[nodeid];
if (agent.dbMeshKey == meshid) { try { agent.send(JSON.stringify(command)); } catch (ex) { } }
}
return true;
}
try { try {
// Check if the user is logged in // Check if the user is logged in
if (user == null) { try { obj.ws.close(); } catch (e) { } return; } if (user == null) { try { obj.ws.close(); } catch (e) { } return; }
@ -917,6 +930,39 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} }
break; break;
} }
case 'meshamtpolicy':
{
// Change a mesh Intel AMT policy
if (obj.common.validateString(command.meshid, 1, 1024) == false) break; // Check the meshid
if (obj.common.validateObject(command.amtpolicy) == false) break; // Check the amtpolicy
if (obj.common.validateInt(command.amtpolicy.type, 0, 2) == false) break; // Check the amtpolicy.type
if (command.amtpolicy.type === 2) {
if (obj.common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
if (obj.common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
if (obj.common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
}
mesh = obj.parent.meshes[command.meshid];
change = '';
if (mesh) {
// Check if this user has rights to do this
if ((mesh.links[user._id] == null) || (mesh.links[user._id].rights != 0xFFFFFFFF)) return;
if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
// TODO: Check if this is a change from the existing policy
// Perform the Intel AMT policy change
change = 'Intel AMT policy change';
var amtpolicy = { type: command.amtpolicy.type };
if (command.amtpolicy.type === 2) { amtpolicy = { type: command.amtpolicy.type, password: command.amtpolicy.password, badpass: command.amtpolicy.badpass, cirasetup: command.amtpolicy.cirasetup }; }
mesh.amt = amtpolicy;
obj.db.Set(obj.common.escapeLinksFieldName(mesh));
obj.parent.parent.DispatchEvent(['*', mesh._id, user._id], obj, { etype: 'mesh', username: user.name, meshid: mesh._id, amt: amtpolicy, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id });
// Send new policy to all computers on this mesh
routeCommandToMesh(command.meshid, { action: 'amtPolicy', amtPolicy: amtpolicy });
}
break;
}
case 'addamtdevice': case 'addamtdevice':
{ {
if (obj.args.wanonly == true) return; // This is a WAN-only server, local Intel AMT computers can't be added if (obj.args.wanonly == true) return; // This is a WAN-only server, local Intel AMT computers can't be added

View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.2.7-m", "version": "0.2.7-n",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",

View File

@ -177,7 +177,12 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) {
obj.ProcessData = function (str) { obj.ProcessData = function (str) {
var ptr = 0; var ptr = 0;
while (ptr < str.length) { ptr += obj.ProcessDataEx(str.substring(ptr)); } //console.log('x0', str.length);
while (ptr < str.length) {
//console.log('x1', ptr, str.length);
ptr += obj.ProcessDataEx(str.substring(ptr));
//console.log('x2', ptr, str.length);
}
} }
obj.ProcessDataEx = function (str) { obj.ProcessDataEx = function (str) {
@ -194,7 +199,7 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) {
if (str.length < 12) return; if (str.length < 12) return;
command = ReadShort(str, 8) command = ReadShort(str, 8)
cmdsize = ReadInt(str, 4); cmdsize = ReadInt(str, 4);
console.log('JUMBO cmd=' + command + ', cmdsize=' + cmdsize + ', data received=' + str.length); //console.log('JUMBO cmd=' + command + ', cmdsize=' + cmdsize + ', data received=' + str.length);
if ((cmdsize + 8) > str.length) { if ((cmdsize + 8) > str.length) {
console.log('KVM accumulator set to ' + str.length + ' bytes, need ' + cmdsize + ' bytes.'); console.log('KVM accumulator set to ' + str.length + ' bytes, need ' + cmdsize + ' bytes.');
obj.accumulator = str; obj.accumulator = str;
@ -204,7 +209,7 @@ var CreateAgentRemoteDesktop = function (canvasid, scrolldiv) {
jumboAdd = 8; jumboAdd = 8;
} }
if ((cmdsize != str.length) && (obj.debugmode > 0)) { console.log(cmdsize, str.length, cmdsize == str.length); } if ((cmdsize != str.length) && (obj.debugmode > 0)) { console.log(cmdsize, str.length, cmdsize == str.length); }
if ((command >= 18) && (command != 65)) { console.error("Invalid KVM command " + command + " of size " + cmdsize); console.log("Invalid KVM data", str.length, str, rstr2hex(str)); return; } if ((command >= 18) && (command != 65)) { console.error("Invalid KVM command " + command + " of size " + cmdsize); console.log("Invalid KVM data", str.length, rstr2hex(str.substring(0, 40)) + '...'); return; }
if (cmdsize > str.length) { if (cmdsize > str.length) {
console.log('KVM accumulator set to ' + str.length + ' bytes, need ' + cmdsize + ' bytes.'); console.log('KVM accumulator set to ' + str.length + ' bytes, need ' + cmdsize + ' bytes.');
obj.accumulator = str; obj.accumulator = str;

View File

@ -38,6 +38,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
obj.socket = new WebSocket(url); obj.socket = new WebSocket(url);
obj.socket.onopen = obj.xxOnSocketConnected; obj.socket.onopen = obj.xxOnSocketConnected;
obj.socket.onmessage = obj.xxOnMessage; obj.socket.onmessage = obj.xxOnMessage;
//obj.socket.onmessage = function (e) { console.log('Websocket data', e.data); obj.xxOnMessage(e); }
obj.socket.onerror = function (e) { console.error(e); } obj.socket.onerror = function (e) { console.error(e); }
obj.socket.onclose = obj.xxOnSocketClosed; obj.socket.onclose = obj.xxOnSocketClosed;
obj.xxStateChange(1); obj.xxStateChange(1);
@ -84,7 +85,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
} }
obj.xxOnMessage = function (e) { obj.xxOnMessage = function (e) {
//console.log('Recv', e.data, obj.State); //console.log('Recv', e.data, e.data.byteLength, obj.State);
if (obj.State < 3) { if (obj.State < 3) {
if (e.data == 'c') { if (e.data == 'c') {
try { obj.socket.send(obj.protocol); } catch (ex) { } try { obj.socket.send(obj.protocol); } catch (ex) { }
@ -97,7 +98,8 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
else if (typeof webkitRTCPeerConnection !== 'undefined') { obj.webrtc = new webkitRTCPeerConnection(configuration); } else if (typeof webkitRTCPeerConnection !== 'undefined') { obj.webrtc = new webkitRTCPeerConnection(configuration); }
if (obj.webrtc != null) { if (obj.webrtc != null) {
obj.webchannel = obj.webrtc.createDataChannel("DataChannel", {}); // { ordered: false, maxRetransmits: 2 } obj.webchannel = obj.webrtc.createDataChannel("DataChannel", {}); // { ordered: false, maxRetransmits: 2 }
obj.webchannel.onmessage = function (event) { obj.xxOnMessage({ data: event.data }); }; obj.webchannel.onmessage = obj.xxOnMessage;
//obj.webchannel.onmessage = function (e) { console.log('WebRTC data', e.data); obj.xxOnMessage(e); }
obj.webchannel.onopen = function () { obj.webRtcActive = true; performWebRtcSwitch(); }; obj.webchannel.onopen = function () { obj.webRtcActive = true; performWebRtcSwitch(); };
obj.webchannel.onclose = function (event) { if (obj.webRtcActive) { obj.Stop(); } } obj.webchannel.onclose = function (event) { if (obj.webRtcActive) { obj.Stop(); } }
obj.webrtc.onicecandidate = function (e) { obj.webrtc.onicecandidate = function (e) {
@ -130,6 +132,7 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
return; return;
} }
/*
if (typeof e.data == 'object') { if (typeof e.data == 'object') {
var f = new FileReader(); var f = new FileReader();
if (f.readAsBinaryString) { if (f.readAsBinaryString) {
@ -152,8 +155,41 @@ var CreateAgentRedirect = function (meshserver, module, serverPublicNamePort, au
// If we get a string object, it maybe the WebRTC confirm. Ignore it. // If we get a string object, it maybe the WebRTC confirm. Ignore it.
obj.xxOnSocketData(e.data); obj.xxOnSocketData(e.data);
} }
*/
if (typeof e.data == 'object') {
if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; }
if (fileReader.readAsBinaryString) {
// Chrome & Firefox (Draft)
fileReaderInuse = true;
fileReader.readAsBinaryString(new Blob([e.data]));
} else if (fileReader.readAsArrayBuffer) {
// Chrome & Firefox (Spec)
fileReaderInuse = true;
fileReader.readAsArrayBuffer(e.data);
} else {
// IE10, readAsBinaryString does not exist, use an alternative.
var binary = "", bytes = new Uint8Array(e.data), length = bytes.byteLength;
for (var i = 0; i < length; i++) { binary += String.fromCharCode(bytes[i]); }
obj.xxOnSocketData(binary);
}
} else {
// If we get a string object, it maybe the WebRTC confirm. Ignore it.
obj.xxOnSocketData(e.data);
}
}; };
// Setup the file reader
var fileReader = new FileReader();
var fileReaderInuse = false, fileReaderAcc = [];
if (fileReader.readAsBinaryString) {
// Chrome & Firefox (Draft)
fileReader.onload = function (e) { obj.xxOnSocketData(e.target.result); if (fileReaderAcc.length == 0) { fileReaderInuse = false; } else { fileReader.readAsBinaryString(new Blob([fileReaderAcc.shift()])); } }
} else if (fileReader.readAsArrayBuffer) {
// Chrome & Firefox (Spec)
fileReader.onloadend = function (e) { obj.xxOnSocketData(e.target.result); if (fileReaderAcc.length == 0) { fileReaderInuse = false; } else { fileReader.readAsArrayBuffer(fileReaderAcc.shift()); } }
}
obj.xxOnSocketData = function (data) { obj.xxOnSocketData = function (data) {
if (!data || obj.connectstate == -1) return; if (!data || obj.connectstate == -1) return;
if (typeof data === 'object') { if (typeof data === 'object') {

View File

@ -74,9 +74,11 @@ var CreateAmtRemoteIder = function (serverurl) {
if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; } if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; }
if (fileReader.readAsBinaryString) { if (fileReader.readAsBinaryString) {
// Chrome & Firefox (Draft) // Chrome & Firefox (Draft)
fileReaderInuse = true;
fileReader.readAsBinaryString(new Blob([e.data])); fileReader.readAsBinaryString(new Blob([e.data]));
} else if (fileReader.readAsArrayBuffer) { } else if (fileReader.readAsArrayBuffer) {
// Chrome & Firefox (Spec) // Chrome & Firefox (Spec)
fileReaderInuse = true;
fileReader.readAsArrayBuffer(e.data); fileReader.readAsArrayBuffer(e.data);
} else { } else {
// IE10, readAsBinaryString does not exist, use an alternative. // IE10, readAsBinaryString does not exist, use an alternative.

View File

@ -146,9 +146,11 @@ var CreateWsmanComm = function (host, port, user, pass, tls) {
if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; } if (fileReaderInuse == true) { fileReaderAcc.push(e.data); return; }
if (fileReader.readAsBinaryString) { if (fileReader.readAsBinaryString) {
// Chrome & Firefox (Draft) // Chrome & Firefox (Draft)
fileReaderInuse = true;
fileReader.readAsBinaryString(new Blob([e.data])); fileReader.readAsBinaryString(new Blob([e.data]));
} else if (fileReader.readAsArrayBuffer) { } else if (fileReader.readAsArrayBuffer) {
// Chrome & Firefox (Spec) // Chrome & Firefox (Spec)
fileReaderInuse = true;
fileReader.readAsArrayBuffer(e.data); fileReader.readAsArrayBuffer(e.data);
} else { } else {
// IE10, readAsBinaryString does not exist, use an alternative. // IE10, readAsBinaryString does not exist, use an alternative.

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -1486,10 +1486,11 @@
meshserver.send({ action: 'nodes' }); // Request a refresh of all nodes (TODO: We could optimize this to only request nodes for the new mesh). meshserver.send({ action: 'nodes' }); // Request a refresh of all nodes (TODO: We could optimize this to only request nodes for the new mesh).
} else { } else {
// This is an existing mesh // This is an existing mesh
meshes[message.event.meshid].name = message.event.name; if (message.event.name) { meshes[message.event.meshid].name = message.event.name; }
meshes[message.event.meshid].desc = message.event.desc; if (message.event.desc) { meshes[message.event.meshid].desc = message.event.desc; }
meshes[message.event.meshid].flags = message.event.flags; if (message.event.flags) { meshes[message.event.meshid].flags = message.event.flags; }
meshes[message.event.meshid].links = message.event.links; if (message.event.links) { meshes[message.event.meshid].links = message.event.links; }
if (message.event.amt) { meshes[message.event.meshid].amt = message.event.amt; }
// Check if we lost rights to this mesh in this change. // Check if we lost rights to this mesh in this change.
if (meshes[message.event.meshid].links['user/' + domain + '/' + userinfo.name.toLowerCase()] == null) { if (meshes[message.event.meshid].links['user/' + domain + '/' + userinfo.name.toLowerCase()] == null) {
@ -1506,7 +1507,7 @@
} }
} }
masterUpdate(4 + 128); masterUpdate(4 + 128);
meshserver.send({ action: 'files' }); //meshserver.send({ action: 'files' }); // TODO: Why do we need to do this??
// If we are looking at a mesh that is now deleted, move back to "My Account" // If we are looking at a mesh that is now deleted, move back to "My Account"
if (xxcurrentView == 20 && currentMesh._id == message.event.meshid) { p20updateMesh(); } if (xxcurrentView == 20 && currentMesh._id == message.event.meshid) { p20updateMesh(); }
@ -5473,6 +5474,19 @@
x += addHtmlValue('Type', meshtype); x += addHtmlValue('Type', meshtype);
//x += addHtmlValue('Identifier', currentMesh._id.split('/')[2]); //x += addHtmlValue('Identifier', currentMesh._id.split('/')[2]);
// Intel AMT setup
if (currentMesh.mtype == 2) {
var intelAmtPolicy = 'No Policy';
if (currentMesh.amt) {
if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate Client Control Mode (CCM)'; }
else if (currentMesh.amt.type == 2) {
intelAmtPolicy = 'Simple Client Control Mode (CCM)';
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
}
}
x += addHtmlValue('Intel&reg; AMT', addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', (meshrights & 0xFFFFFFFF) != 0));
}
// Display group note support // Display group note support
if (meshrights & 1) { x += '<br><input type=button value=Notes title="View notes about this device group" onclick=showNotes(false,"' + encodeURIComponent(currentMesh._id) + '") />'; } if (meshrights & 1) { x += '<br><input type=button value=Notes title="View notes about this device group" onclick=showNotes(false,"' + encodeURIComponent(currentMesh._id) + '") />'; }
@ -5532,6 +5546,50 @@
QH('p20info', x); QH('p20info', x);
} }
function p20editMeshAmt() {
if (xxdialogMode) return;
var x = '';
x += addHtmlValue('Type', '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>No Policy</option><option value=1>Deactivate Client Control Mode (CCM)</option><option value=2>Simple Client Control Mode (CCM)</option></select>');
x += '<div id=dp20amtpolicydiv></div>';
setDialogMode(2, "Intel&reg; AMT Policy", 3, p20editMeshAmtEx, x);
if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; }
p20editMeshAmtChange();
// Set the current Intel AMT policy
if (currentMesh.amt && currentMesh.amt.type == 2) {
Q('dp20amtpolicypass').value = currentMesh.amt.password;
Q('dp20amtbadpass').value = currentMesh.amt.badpass;
Q('dp20amtcira').value = currentMesh.amt.cirasetup;
}
dp20amtValidatePolicy();
}
function p20editMeshAmtChange() {
var ptype = Q('dp20amtpolicy').value, x = '';
if (ptype == 2) {
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel&reg; AMT</option></select>");
x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=1>Don't connect to server</option><option value=2>Connect to server</option></select>");
x += '<br/><span style="font-size:10px">* Recommanded, leave blank to assign a random password to each device.</span><br/>';
x += '<span style="font-size:10px">This policy will not impact devices with Intel&reg; AMT in ACM mode.</span><br/>';
x += '<span style="font-size:10px">This is not a secure policy as agents will be performing activation.</span>';
}
QH('dp20amtpolicydiv', x);
}
function dp20amtValidatePolicy() {
var ok = true, ptype = Q('dp20amtpolicy').value;
if (ptype == 2) { var pass = Q('dp20amtpolicypass').value; ok = (pass == '') ? true : passwordcheck(pass); }
QE('idx_dlgOkButton', ok);
}
function p20editMeshAmtEx() {
var ptype = parseInt(Q('dp20amtpolicy').value), amtpolicy = { type: ptype };
if (ptype == 2) { amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value), cirasetup: parseInt(Q('dp20amtcira').value) }; }
meshserver.send({ action: 'meshamtpolicy', meshid: currentMesh._id, amtpolicy: amtpolicy });
}
function p20showDeleteMeshDialog() { function p20showDeleteMeshDialog() {
if (xxdialogMode) return; if (xxdialogMode) return;
var x = "Are you sure you want to delete mesh \"" + EscapeHtml(currentMesh.name) + "\"? Deleting the mesh will also delete all information about computers within this mesh.<br /><br />"; var x = "Are you sure you want to delete mesh \"" + EscapeHtml(currentMesh.name) + "\"? Deleting the mesh will also delete all information about computers within this mesh.<br /><br />";

View File

@ -140,7 +140,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} }
// Main lists // Main lists
obj.wsagents = {}; obj.wsagents = {}; // NodeId --> Agent
obj.wsagentsDisconnections = {}; obj.wsagentsDisconnections = {};
obj.wsagentsDisconnectionsTimer = null; obj.wsagentsDisconnectionsTimer = null;
obj.wssessions = {}; // UserId --> Array Of Sessions obj.wssessions = {}; // UserId --> Array Of Sessions
@ -933,14 +933,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Returns the mesh server root certificate // Returns the mesh server root certificate
function handleRootCertRequest(req, res) { function handleRootCertRequest(req, res) {
if (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false) { return; } // Check server-wide IP filter only. if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false)) { return; } // Check server-wide IP filter only.
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + certificates.RootName + '.cer' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + certificates.RootName + '.cer' });
res.send(Buffer.from(getRootCertBase64(), 'base64')); res.send(Buffer.from(getRootCertBase64(), 'base64'));
} }
// Returns an mescript for Intel AMT configuration // Returns an mescript for Intel AMT configuration
function handleMeScriptRequest(req, res) { function handleMeScriptRequest(req, res) {
if (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false) { return; } // Check server-wide IP filter only. if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false)) { return; } // Check server-wide IP filter only.
if (req.query.type == 1) { if (req.query.type == 1) {
var filename = 'cira_setup.mescript'; var filename = 'cira_setup.mescript';
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + filename }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + filename });