Fixed exception when configuring Intel AMT devices that do not have WIFI.

2024-11-26 07:57:56 +03:00 · 2022-06-19 11:43:27 -07:00 · 2022-06-19 11:43:27 -07:00 · 5e070a09cb
commit 5e070a09cb
parent 26570ec664
1 changed files with 67 additions and 64 deletions
--- a/amtmanager.js
+++ b/amtmanager.js
@ -1525,55 +1525,55 @@ module.exports.CreateAmtManager = function (parent) {
                        dev.amtstack.Delete('CIM_WiFiEndpointSettings', { InstanceID: 'Intel(r) AMT:WiFi Endpoint Settings ' + profilesToRemove[i].ElementName }, function (stack, name, responses, status) { }, 0, 1);
                    }
                }
            }
-                // Check the 802.1x client certificate expiration time
+            // Check the 802.1x client certificate expiration time
-                // TODO: We are only getting the client cert from the wired 802.1x profile, need to get it for wireless too.
+            // TODO: We are only getting the client cert from the wired 802.1x profile, need to get it for wireless too.
-                var netAuthClientCert = null;
+            var netAuthClientCert = null;
-                if (netAuthClientCertInstanceId != null) {
+            if (netAuthClientCertInstanceId != null) {
-                    netAuthClientCert = getInstance(responses['AMT_PublicKeyCertificate'].responses, netAuthClientCertInstanceId);
+                netAuthClientCert = getInstance(responses['AMT_PublicKeyCertificate'].responses, netAuthClientCertInstanceId);
-                    if (netAuthClientCert) {
+                if (netAuthClientCert) {
-                        var cert = null;
+                    var cert = null;
-                        try { cert = obj.parent.certificateOperations.forge.pki.certificateFromAsn1(obj.parent.certificateOperations.forge.asn1.fromDer(obj.parent.certificateOperations.forge.util.decode64(netAuthClientCert.X509Certificate))); } catch (ex) { }
+                    try { cert = obj.parent.certificateOperations.forge.pki.certificateFromAsn1(obj.parent.certificateOperations.forge.asn1.fromDer(obj.parent.certificateOperations.forge.util.decode64(netAuthClientCert.X509Certificate))); } catch (ex) { }
-                        if (cert != null) {
+                    if (cert != null) {
-                            const certStart = new Date(cert.validity.notBefore).getTime();
+                        const certStart = new Date(cert.validity.notBefore).getTime();
-                            const certEnd = new Date(cert.validity.notAfter).getTime();
+                        const certEnd = new Date(cert.validity.notAfter).getTime();
-                            const certMidPoint = certStart + ((certEnd - certStart) / 2);
+                        const certMidPoint = certStart + ((certEnd - certStart) / 2);
-                            if (Date.now() > certMidPoint) { newNetAuthProfileRequested = true; } // Past mid-point or expired, request a new 802.1x certificate & profile
+                        if (Date.now() > certMidPoint) { newNetAuthProfileRequested = true; } // Past mid-point or expired, request a new 802.1x certificate & profile
                        }
                    }
                }
            }
-                // Figure out is there are no changes to 802.1x wired configuration
+            // Figure out if there are no changes to 802.1x wired configuration
-                if ((wiredMatch == 0) && (newNetAuthProfileRequested == false)) { wiredConfig = false; }
+            if ((wiredMatch == 0) && (newNetAuthProfileRequested == false)) { wiredConfig = false; }
-                // See if we need to ask MeshCentral Satellite for a new 802.1x profile
+            // See if we need to ask MeshCentral Satellite for a new 802.1x profile
-                if (newNetAuthProfileRequested && (typeof srvNetAuthProfile.satellitecredentials == 'string')) {
+            if (newNetAuthProfileRequested && (typeof srvNetAuthProfile.satellitecredentials == 'string')) {
-                    // Credentials for this 802.1x profile are provided using MeshCentral Satellite
+                // Credentials for this 802.1x profile are provided using MeshCentral Satellite
-                    // Send a message to Satellite requesting a 802.1x profile for this device
+                // Send a message to Satellite requesting a 802.1x profile for this device
-                    dev.consoleMsg("Requesting 802.1x credentials for " + netAuthStrings[srvNetAuthProfile.authenticationprotocol] + " from MeshCentral Satellite...");
+                dev.consoleMsg("Requesting 802.1x credentials for " + netAuthStrings[srvNetAuthProfile.authenticationprotocol] + " from MeshCentral Satellite...");
-                    dev.netAuthSatReqId = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64'); // Generate a crypto-secure request id.
+                dev.netAuthSatReqId = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64'); // Generate a crypto-secure request id.
-                    dev.netAuthSatReqData = { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys }
+                dev.netAuthSatReqData = { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys }
-                    const request = { action: 'satellite', subaction: '802.1x-ProFile-Request', satelliteFlags: 2, nodeid: dev.nodeid, icon: dev.icon, domain: dev.nodeid.split('/')[1], nolog: 1, reqid: dev.netAuthSatReqId, authProtocol: srvNetAuthProfile.authenticationprotocol, devname: dev.name, osname: dev.rname, ver: dev.intelamt.ver };
+                const request = { action: 'satellite', subaction: '802.1x-ProFile-Request', satelliteFlags: 2, nodeid: dev.nodeid, icon: dev.icon, domain: dev.nodeid.split('/')[1], nolog: 1, reqid: dev.netAuthSatReqId, authProtocol: srvNetAuthProfile.authenticationprotocol, devname: dev.name, osname: dev.rname, ver: dev.intelamt.ver };
-                    if (netAuthClientCert != null) { request.cert = netAuthClientCert.X509Certificate; request.certid = netAuthClientCertInstanceId; }
+                if (netAuthClientCert != null) { request.cert = netAuthClientCert.X509Certificate; request.certid = netAuthClientCertInstanceId; }
-                    parent.DispatchEvent([srvNetAuthProfile.satellitecredentials], obj, request);
+                parent.DispatchEvent([srvNetAuthProfile.satellitecredentials], obj, request);
-                    // Set a response timeout
+                // Set a response timeout
-                    const netAuthTimeoutFunc = function netAuthTimeout() {
+                const netAuthTimeoutFunc = function netAuthTimeout() {
-                        if (isAmtDeviceValid(netAuthTimeout.dev) == false) return; // Device no longer exists, ignore this request.
+                    if (isAmtDeviceValid(netAuthTimeout.dev) == false) return; // Device no longer exists, ignore this request.
-                        if (dev.netAuthSatReqId != null) {
+                    if (dev.netAuthSatReqId != null) {
-                            delete netAuthTimeout.dev.netAuthSatReqId;
+                        delete netAuthTimeout.dev.netAuthSatReqId;
-                            delete netAuthTimeout.dev.netAuthSatReqData;
+                        delete netAuthTimeout.dev.netAuthSatReqData;
-                            netAuthTimeout.dev.consoleMsg("MeshCentral Satellite did not respond in time, 802.1x profile will not be set.");
+                        netAuthTimeout.dev.consoleMsg("MeshCentral Satellite did not respond in time, 802.1x profile will not be set.");
-                            devTaskCompleted(netAuthTimeout.dev);
+                        devTaskCompleted(netAuthTimeout.dev);
                        }
                    }
                    netAuthTimeoutFunc.dev = dev;
                    dev.netAuthSatReqTimer = setTimeout(netAuthTimeoutFunc, 20000);
                    return;
                } else {
                    // No need to call MeshCentral Satellite for a 802.1x profile, so configure everything now.
                    attempt8021xSyncEx(dev, { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys });
                }
                netAuthTimeoutFunc.dev = dev;
                dev.netAuthSatReqTimer = setTimeout(netAuthTimeoutFunc, 20000);
                return;
            } else {
                // No need to call MeshCentral Satellite for a 802.1x profile, so configure everything now.
                attempt8021xSyncEx(dev, { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys });
            }
        });
    }
@ -1813,31 +1813,34 @@ module.exports.CreateAmtManager = function (parent) {
    function attemptWifiSyncEx2(dev, devNetAuthData) {
        if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
        const responses = devNetAuthData.responses;
        const wirelessConfig = devNetAuthData.wirelessConfig;
-        // Check if local WIFI profile sync is enabled, if not, enabled it.
+        if (wirelessConfig) {
-        if ((responses['AMT_WiFiPortConfigurationService'] != null) && (responses['AMT_WiFiPortConfigurationService'].response != null) && (responses['AMT_WiFiPortConfigurationService'].response['localProfileSynchronizationEnabled'] == 0)) {
+            // Check if local WIFI profile sync is enabled, if not, enabled it.
-            responses['AMT_WiFiPortConfigurationService'].response['localProfileSynchronizationEnabled'] = 1;
+            if ((responses['AMT_WiFiPortConfigurationService'] != null) && (responses['AMT_WiFiPortConfigurationService'].response != null) && (responses['AMT_WiFiPortConfigurationService'].response['localProfileSynchronizationEnabled'] == 0)) {
-            dev.amtstack.Put('AMT_WiFiPortConfigurationService', responses['AMT_WiFiPortConfigurationService'].response, function (stack, name, response, status) {
+                responses['AMT_WiFiPortConfigurationService'].response['localProfileSynchronizationEnabled'] = 1;
-                if (status != 200) { dev.consoleMsg("Unable to enable local WIFI profile sync."); } else { dev.consoleMsg("Enabled local WIFI profile sync."); }
+                dev.amtstack.Put('AMT_WiFiPortConfigurationService', responses['AMT_WiFiPortConfigurationService'].response, function (stack, name, response, status) {
-            });
+                    if (status != 200) { dev.consoleMsg("Unable to enable local WIFI profile sync."); } else { dev.consoleMsg("Enabled local WIFI profile sync."); }
-        }
+                });
            }
-        // Change the WIFI state if needed. Right now, we always enable it.
+            // Change the WIFI state if needed. Right now, we always enable it.
-        // WifiState = { 3: "Disabled", 32768: "Enabled in S0", 32769: "Enabled in S0, Sx/AC" };
+            // WifiState = { 3: "Disabled", 32768: "Enabled in S0", 32769: "Enabled in S0, Sx/AC" };
-        var wifiState = 32769; // For now, always enable WIFI
+            var wifiState = 32769; // For now, always enable WIFI
-        if (responses['CIM_WiFiPort'].responses.Body.EnabledState != 32769) {
+            if (responses['CIM_WiFiPort'].responses.Body.EnabledState != 32769) {
-            if (wifiState == 3) {
+                if (wifiState == 3) {
-                dev.amtstack.CIM_WiFiPort_RequestStateChange(wifiState, null, function (stack, name, responses, status) {
+                    dev.amtstack.CIM_WiFiPort_RequestStateChange(wifiState, null, function (stack, name, responses, status) {
-                    const dev = stack.dev;
+                        const dev = stack.dev;
-                    if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
+                        if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
-                    if (status == 200) { dev.consoleMsg("Disabled WIFI."); }
+                        if (status == 200) { dev.consoleMsg("Disabled WIFI."); }
-                });
+                    });
-            } else {
+                } else {
-                dev.amtstack.CIM_WiFiPort_RequestStateChange(wifiState, null, function (stack, name, responses, status) {
+                    dev.amtstack.CIM_WiFiPort_RequestStateChange(wifiState, null, function (stack, name, responses, status) {
-                    const dev = stack.dev;
+                        const dev = stack.dev;
-                    if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
+                        if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
-                    if (status == 200) { dev.consoleMsg("Enabled WIFI."); }
+                        if (status == 200) { dev.consoleMsg("Enabled WIFI."); }
-                });
+                    });
                }
            }
        }