mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-27 02:04:30 +03:00
Fixed exception when configuring Intel AMT devices that do not have WIFI.
This commit is contained in:
parent
26570ec664
commit
5e070a09cb
131
amtmanager.js
131
amtmanager.js
@ -1525,55 +1525,55 @@ module.exports.CreateAmtManager = function (parent) {
|
|||||||
dev.amtstack.Delete('CIM_WiFiEndpointSettings', { InstanceID: 'Intel(r) AMT:WiFi Endpoint Settings ' + profilesToRemove[i].ElementName }, function (stack, name, responses, status) { }, 0, 1);
|
dev.amtstack.Delete('CIM_WiFiEndpointSettings', { InstanceID: 'Intel(r) AMT:WiFi Endpoint Settings ' + profilesToRemove[i].ElementName }, function (stack, name, responses, status) { }, 0, 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Check the 802.1x client certificate expiration time
|
// Check the 802.1x client certificate expiration time
|
||||||
// TODO: We are only getting the client cert from the wired 802.1x profile, need to get it for wireless too.
|
// TODO: We are only getting the client cert from the wired 802.1x profile, need to get it for wireless too.
|
||||||
var netAuthClientCert = null;
|
var netAuthClientCert = null;
|
||||||
if (netAuthClientCertInstanceId != null) {
|
if (netAuthClientCertInstanceId != null) {
|
||||||
netAuthClientCert = getInstance(responses['AMT_PublicKeyCertificate'].responses, netAuthClientCertInstanceId);
|
netAuthClientCert = getInstance(responses['AMT_PublicKeyCertificate'].responses, netAuthClientCertInstanceId);
|
||||||
if (netAuthClientCert) {
|
if (netAuthClientCert) {
|
||||||
var cert = null;
|
var cert = null;
|
||||||
try { cert = obj.parent.certificateOperations.forge.pki.certificateFromAsn1(obj.parent.certificateOperations.forge.asn1.fromDer(obj.parent.certificateOperations.forge.util.decode64(netAuthClientCert.X509Certificate))); } catch (ex) { }
|
try { cert = obj.parent.certificateOperations.forge.pki.certificateFromAsn1(obj.parent.certificateOperations.forge.asn1.fromDer(obj.parent.certificateOperations.forge.util.decode64(netAuthClientCert.X509Certificate))); } catch (ex) { }
|
||||||
if (cert != null) {
|
if (cert != null) {
|
||||||
const certStart = new Date(cert.validity.notBefore).getTime();
|
const certStart = new Date(cert.validity.notBefore).getTime();
|
||||||
const certEnd = new Date(cert.validity.notAfter).getTime();
|
const certEnd = new Date(cert.validity.notAfter).getTime();
|
||||||
const certMidPoint = certStart + ((certEnd - certStart) / 2);
|
const certMidPoint = certStart + ((certEnd - certStart) / 2);
|
||||||
if (Date.now() > certMidPoint) { newNetAuthProfileRequested = true; } // Past mid-point or expired, request a new 802.1x certificate & profile
|
if (Date.now() > certMidPoint) { newNetAuthProfileRequested = true; } // Past mid-point or expired, request a new 802.1x certificate & profile
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Figure out is there are no changes to 802.1x wired configuration
|
// Figure out if there are no changes to 802.1x wired configuration
|
||||||
if ((wiredMatch == 0) && (newNetAuthProfileRequested == false)) { wiredConfig = false; }
|
if ((wiredMatch == 0) && (newNetAuthProfileRequested == false)) { wiredConfig = false; }
|
||||||
|
|
||||||
// See if we need to ask MeshCentral Satellite for a new 802.1x profile
|
// See if we need to ask MeshCentral Satellite for a new 802.1x profile
|
||||||
if (newNetAuthProfileRequested && (typeof srvNetAuthProfile.satellitecredentials == 'string')) {
|
if (newNetAuthProfileRequested && (typeof srvNetAuthProfile.satellitecredentials == 'string')) {
|
||||||
// Credentials for this 802.1x profile are provided using MeshCentral Satellite
|
// Credentials for this 802.1x profile are provided using MeshCentral Satellite
|
||||||
// Send a message to Satellite requesting a 802.1x profile for this device
|
// Send a message to Satellite requesting a 802.1x profile for this device
|
||||||
dev.consoleMsg("Requesting 802.1x credentials for " + netAuthStrings[srvNetAuthProfile.authenticationprotocol] + " from MeshCentral Satellite...");
|
dev.consoleMsg("Requesting 802.1x credentials for " + netAuthStrings[srvNetAuthProfile.authenticationprotocol] + " from MeshCentral Satellite...");
|
||||||
dev.netAuthSatReqId = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64'); // Generate a crypto-secure request id.
|
dev.netAuthSatReqId = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64'); // Generate a crypto-secure request id.
|
||||||
dev.netAuthSatReqData = { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys }
|
dev.netAuthSatReqData = { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys }
|
||||||
const request = { action: 'satellite', subaction: '802.1x-ProFile-Request', satelliteFlags: 2, nodeid: dev.nodeid, icon: dev.icon, domain: dev.nodeid.split('/')[1], nolog: 1, reqid: dev.netAuthSatReqId, authProtocol: srvNetAuthProfile.authenticationprotocol, devname: dev.name, osname: dev.rname, ver: dev.intelamt.ver };
|
const request = { action: 'satellite', subaction: '802.1x-ProFile-Request', satelliteFlags: 2, nodeid: dev.nodeid, icon: dev.icon, domain: dev.nodeid.split('/')[1], nolog: 1, reqid: dev.netAuthSatReqId, authProtocol: srvNetAuthProfile.authenticationprotocol, devname: dev.name, osname: dev.rname, ver: dev.intelamt.ver };
|
||||||
if (netAuthClientCert != null) { request.cert = netAuthClientCert.X509Certificate; request.certid = netAuthClientCertInstanceId; }
|
if (netAuthClientCert != null) { request.cert = netAuthClientCert.X509Certificate; request.certid = netAuthClientCertInstanceId; }
|
||||||
parent.DispatchEvent([srvNetAuthProfile.satellitecredentials], obj, request);
|
parent.DispatchEvent([srvNetAuthProfile.satellitecredentials], obj, request);
|
||||||
|
|
||||||
// Set a response timeout
|
// Set a response timeout
|
||||||
const netAuthTimeoutFunc = function netAuthTimeout() {
|
const netAuthTimeoutFunc = function netAuthTimeout() {
|
||||||
if (isAmtDeviceValid(netAuthTimeout.dev) == false) return; // Device no longer exists, ignore this request.
|
if (isAmtDeviceValid(netAuthTimeout.dev) == false) return; // Device no longer exists, ignore this request.
|
||||||
if (dev.netAuthSatReqId != null) {
|
if (dev.netAuthSatReqId != null) {
|
||||||
delete netAuthTimeout.dev.netAuthSatReqId;
|
delete netAuthTimeout.dev.netAuthSatReqId;
|
||||||
delete netAuthTimeout.dev.netAuthSatReqData;
|
delete netAuthTimeout.dev.netAuthSatReqData;
|
||||||
netAuthTimeout.dev.consoleMsg("MeshCentral Satellite did not respond in time, 802.1x profile will not be set.");
|
netAuthTimeout.dev.consoleMsg("MeshCentral Satellite did not respond in time, 802.1x profile will not be set.");
|
||||||
devTaskCompleted(netAuthTimeout.dev);
|
devTaskCompleted(netAuthTimeout.dev);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
netAuthTimeoutFunc.dev = dev;
|
|
||||||
dev.netAuthSatReqTimer = setTimeout(netAuthTimeoutFunc, 20000);
|
|
||||||
return;
|
|
||||||
} else {
|
|
||||||
// No need to call MeshCentral Satellite for a 802.1x profile, so configure everything now.
|
|
||||||
attempt8021xSyncEx(dev, { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys });
|
|
||||||
}
|
}
|
||||||
|
netAuthTimeoutFunc.dev = dev;
|
||||||
|
dev.netAuthSatReqTimer = setTimeout(netAuthTimeoutFunc, 20000);
|
||||||
|
return;
|
||||||
|
} else {
|
||||||
|
// No need to call MeshCentral Satellite for a 802.1x profile, so configure everything now.
|
||||||
|
attempt8021xSyncEx(dev, { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys });
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -1813,31 +1813,34 @@ module.exports.CreateAmtManager = function (parent) {
|
|||||||
function attemptWifiSyncEx2(dev, devNetAuthData) {
|
function attemptWifiSyncEx2(dev, devNetAuthData) {
|
||||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||||
const responses = devNetAuthData.responses;
|
const responses = devNetAuthData.responses;
|
||||||
|
const wirelessConfig = devNetAuthData.wirelessConfig;
|
||||||
|
|
||||||
// Check if local WIFI profile sync is enabled, if not, enabled it.
|
if (wirelessConfig) {
|
||||||
if ((responses['AMT_WiFiPortConfigurationService'] != null) && (responses['AMT_WiFiPortConfigurationService'].response != null) && (responses['AMT_WiFiPortConfigurationService'].response['localProfileSynchronizationEnabled'] == 0)) {
|
// Check if local WIFI profile sync is enabled, if not, enabled it.
|
||||||
responses['AMT_WiFiPortConfigurationService'].response['localProfileSynchronizationEnabled'] = 1;
|
if ((responses['AMT_WiFiPortConfigurationService'] != null) && (responses['AMT_WiFiPortConfigurationService'].response != null) && (responses['AMT_WiFiPortConfigurationService'].response['localProfileSynchronizationEnabled'] == 0)) {
|
||||||
dev.amtstack.Put('AMT_WiFiPortConfigurationService', responses['AMT_WiFiPortConfigurationService'].response, function (stack, name, response, status) {
|
responses['AMT_WiFiPortConfigurationService'].response['localProfileSynchronizationEnabled'] = 1;
|
||||||
if (status != 200) { dev.consoleMsg("Unable to enable local WIFI profile sync."); } else { dev.consoleMsg("Enabled local WIFI profile sync."); }
|
dev.amtstack.Put('AMT_WiFiPortConfigurationService', responses['AMT_WiFiPortConfigurationService'].response, function (stack, name, response, status) {
|
||||||
});
|
if (status != 200) { dev.consoleMsg("Unable to enable local WIFI profile sync."); } else { dev.consoleMsg("Enabled local WIFI profile sync."); }
|
||||||
}
|
});
|
||||||
|
}
|
||||||
|
|
||||||
// Change the WIFI state if needed. Right now, we always enable it.
|
// Change the WIFI state if needed. Right now, we always enable it.
|
||||||
// WifiState = { 3: "Disabled", 32768: "Enabled in S0", 32769: "Enabled in S0, Sx/AC" };
|
// WifiState = { 3: "Disabled", 32768: "Enabled in S0", 32769: "Enabled in S0, Sx/AC" };
|
||||||
var wifiState = 32769; // For now, always enable WIFI
|
var wifiState = 32769; // For now, always enable WIFI
|
||||||
if (responses['CIM_WiFiPort'].responses.Body.EnabledState != 32769) {
|
if (responses['CIM_WiFiPort'].responses.Body.EnabledState != 32769) {
|
||||||
if (wifiState == 3) {
|
if (wifiState == 3) {
|
||||||
dev.amtstack.CIM_WiFiPort_RequestStateChange(wifiState, null, function (stack, name, responses, status) {
|
dev.amtstack.CIM_WiFiPort_RequestStateChange(wifiState, null, function (stack, name, responses, status) {
|
||||||
const dev = stack.dev;
|
const dev = stack.dev;
|
||||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||||
if (status == 200) { dev.consoleMsg("Disabled WIFI."); }
|
if (status == 200) { dev.consoleMsg("Disabled WIFI."); }
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
dev.amtstack.CIM_WiFiPort_RequestStateChange(wifiState, null, function (stack, name, responses, status) {
|
dev.amtstack.CIM_WiFiPort_RequestStateChange(wifiState, null, function (stack, name, responses, status) {
|
||||||
const dev = stack.dev;
|
const dev = stack.dev;
|
||||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||||
if (status == 200) { dev.consoleMsg("Enabled WIFI."); }
|
if (status == 200) { dev.consoleMsg("Enabled WIFI."); }
|
||||||
});
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user