From 94e2f05e95fb230daffb1892b080209807e7197d Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Tue, 20 Oct 2020 18:14:00 -0700 Subject: [PATCH] More Intel AMT CCM improvements. --- agents/MeshCmd-signed.exe | Bin 4376224 -> 4377360 bytes agents/MeshCmd64-signed.exe | Bin 3992224 -> 3993360 bytes agents/MeshService-signed.exe | Bin 3335592 -> 3335592 bytes agents/MeshService64-signed.exe | Bin 2951592 -> 2951592 bytes agents/meshcmd.js | 178 +++++++++++++++++--------------- agents/meshcore.js | 58 ++++++----- amtmanager.js | 13 ++- 7 files changed, 131 insertions(+), 118 deletions(-) diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe index a70ebd616f122b42dda1c5cc14a7b9d961b5204b..02f0b91b5961352950be66b0c2fc7c0777ed24cc 100644 GIT binary patch delta 2967 zcmZ{k2~?9;7ROBt5C{p#RsBz_q})jZ~5QX zyk#@Dx_&day?`@*Z!cS0%!%e^eO%hXsp#O0!bQd-Jj4pIMr;s1VvE=z0>mB>A|k{A zaYQB{PKYz&g191X$P0)&G7<4WJP|KMj7&nj5eD%=d=Uxahxj7_$cu;+2}FXBU?c>2 z2?<3eBQhk+)WHd#eWrqUHXMmSA`v+<1$h~nicCYIkm<+_BpQh^@y^DMZ-u~1#2FGA zSv%NQN}XV!hP8!|Y$AeYXUd0|Y~l&ki&-o1j%WEGQxO5I$tF^0z8cH}a*6Pu(u3MS zb2iETA2DBu$svm@9jR}k(7i{+>xeyM zX-SYJ_C*=>g_JUCZRzOKl1b){dL3C|8S!&HJK3BF8g)c$iDdyB3|Y0TgQdeN_wg*i z4p->k!TMV|G*3Gqm*iUJ>Kj<`^T%Kd-)M;~EXl+4?Q4l6yp=~1A*%@w=|UcfcxLm_ zg@g|-`Gh=<_2IPSd=mHk5Ery+=f|PSV%&~#+fkY%dxamibz0x6t#kZ5@G{eib#SbZoVAM!Uyx8S!3+a ze9vCRBzbJAu^45aTMFOQQcRp4>zHSZuElh0EpdG|h-qx$6hkL~tbo|TpL&w?OrGQt zBC|BNl#uyPvXnUr-D-_m3uP0+yg9z0 zSc=8=^>QqyNqdQxY1=xIt%pzTXkc9i-EF%%osnvF3Y`)>S5OI*GgM?{X^&0^b{p{n zgP2Z)?-=R^F;|GdQ?1c4IZDNtlabw;j56zDeM1D-#{3Sqw|b*}TLt|lIb zia3tuoT2lyaT={otyrTp1#zjXCs+qzAq8uR8=T7_%F)Nd9nOmB9w^Sl$KtUojAFoNp=;uOTy2COK-z{74me3_IJqjPRVhP^Du>yRp%=Yna zMYVnjjjq3fA<~K)K+i}<|7^i*moaDS{b=hmUSRxD(Xkk(F?yB<=oANdeH#^7vbRN2 zThQPTb7FI=#-I9{Tc7yT`Oy9;`cw2iddKV{X#iag)y|km7R3snQjO2+sr%H=4ZZRI zi~`KRDPyV+pz&`)XBF!GTusC589kGx(50yusj>jJ`mWuyh6xmsn;Ut?Jct@ddwkST`b-IVb|8|iX$)YDOB@?<7K!_3pt zRcltOLl~`2lf|f%Im%GevE8)$`gn8>5JG)8A*PBN*2XSSs#2&|Wh%9d&lB~40Omse=0dm|g;#2s7)cRpl|vc!EmzJ32_WbC0ro2EHEY|hQbXu-$O z^^Xn0eEaJI?ZG9+Hm@bV>+d8EiIQI2)j4H)*Us*(gNx%z9OD-lGkvQ=jJ3zzAGrnH zp4h*3xNT)6N2L<9g)Lfj^?r$;!)^Kbo?+L)uEWxgj`x;U7uD9eJ$mD<5A>zst-bPl z-)k>cyqqr2zT4227Hh~^xw~zg*Xx?&alg%ovwE1&zCZ5oOsm)Fo_jZMecgI>$Xe|9l9OaODgWbYcn zBjj><LMSUyp?Ms*1i$|iO?%WRf-Q9WK z)CnoG94h_oHZ0A1=a=Q>mkacNbNw^ZX+-ZFarwh2QE$(Uqvs!$8W#>mCuQ*r>P;?r z7dlrzXlO3Fs;4LJJs3{9)N-l&^fJFkAsb_>4juTl=fZEI((h`mR(K50J(&`%?eEeg zRbT2cP1P7u2j^F9Y0!05-#A_1dUWH?s-YROnVqHAUll~E7JSJ)^FhD$HxKvx!EQKo zR{3q3ps8(SQ{eOkckE`I>0Hm<_*xmgW%zV6Z>?34I9mD7*M#@C7kVGyz4EqHuAP#9 z_O5IF);iJ9!O%4=lNu9qqE7sNd2ffI{-AYW!TkjFgPXg20`In-m5scceB!HG8`&$9 z^xLi|mW}k?T*Cx+K!K%BQj{`kpbr&u4zW|NDE+d(L^E=UirU(MC>b!A4G{lC5Jh zIcRG-+n>Wao^^(udxovSK{|+wh9F&}hx8E-86ZPsgp831GDT*{99bYsWQDAe4YEac z$R0T$NAwjMiky%$;v)ePA`ucJ335TMNQ&H$I~sN7%HK=))`lHGw*3nhd7vsSJ9YsU18kW{jaO zg_uM54#oiZc~n@GO5~cB0s@y4BS=jp5^d+fR5Dc?4f1Im;KLg7myCP!iMu@)Ct1% zJ@vsbolJ){>BL?0ump0C41qPPv6z~4T&87)rs)3_s3sZ2g8fDN`%GfZ{yazZ{~j<^ z;W_xJ$Q0P3A|cv*{63-welB#9HuL5#OchHt2+zWMGWZ=sBbs?8p zIYPBFT>?6}R0yGbdKmioG*)vv(?O9+6tHIlW_1$Mg%F)aJmH*>Zi4V=Jm8v@xV(TA z+<`<9od=t%hzWFvXoVo6CvD_a-qP5 z`oq~Z#6xrM7255`ttr#oaRHoPhS@BoQ~+~y@n1ou)S+lR28*Ova;YO73P+^W3uZSH zAsD#PNRU}F=ITB-8XgA|wo!$;W*b%80O`O?B`rh-(TR*c_&y@8>X@T+<_ox=MfKI4 zMa)N@-lDln=O-*k(X850&ELxeSa2RbhnQcOALKQM3mx3%>Lf>;&5Qo0%l1%SeniWM z-isAYF9HrQtmnph>XYR|Q_CSX<=yQ1aW-tV`AO!Dxx6#J;MsBGi_O07P0>9egFRvG zJ2NJaIFpqsnzmRJ{UB0rcr{%sIAKt#WD&YUJuPeee zs5ttk|H$Rjc&?&?9R>rs=8CwP!!=zW-Bg zRnyLdBh#;TUHdbm;GIQ6mfeIk3K(2@GU z6(AFIfx;p(U%%qsVb(*J2uh2Ho!+PVk#z-?mNnN0c*TG20t{Hg^`oq_K9KS{0L5gb zes9Kc*6!Wr1#lLK0Opop`ud&30@jw04?$&uM{}u!OxE}9vmMW3^fsc=GF>s`WSi`JOs3|D=2^VxF zh1-dnZiyC6M~*(tr)5N37=stqRY8nkQyGcS`}G%5E8**}TXyqKV*RI$`vh<*kd6XbDKUn@aR$IDr(KYzygcenkkhhk+ z?zfObE#P`Ju?1!-%Y#K_c(dn()Ew+~q43aW1+%sh9=My~mp%F(1MyL;EeI`HQ)^{v zTuSP4COjyFNl__NV>O8>$!hquNn+1&gxEDWDrf$V6EUHkjMo?TFZ5&W*iG$PWMQ4aEe-!9J^epbrDnRaWFCh zC&Cqo2+kD}<pHrbZmq;UTdE-R1iP z(k#e}!ht{$jt1c&)@Z1OC3+uo3RMviL`z>U;luMFx?srULe%?oEF5vhw`al*6l?nX zv{=6mpB(|%&!lsK#^8IjdL~{&b1CXxCmQ>cSnc{u>QjI@6escfQ799K{s};*5uJ21 zf@$Sj0$@V0mc+_|e$YhC^m+GwOa+jFONLVFj4dJ5amY9jLZhJmDyq?} z6-9$mF$GB|od7z&eRg6#q{lz}T~lwlI{2FN32ESnb{c>S@Yk zFiT=JOA;7~G7a)WSUZjkj#pA!t=&QTg9sw85S~1Z@$q4jS0*J%nKf$|Nt*jgwKDau zK2@w*{n{sGR>Q*6lyO4+XjY~sQ!L}*!9=7mk!t^?%M+8`7_}xv#Uv#oNwkAw?{>@l~*SJnCQ~^U|)2N z>?r&ESy!kTyW%>ubhBS%T9p{eoy30xC~oGD7sf7GGU@r?i-e3UzcHmDzf>)9m}fG> z#?zQ4|+u^PJATd&KvQSVsydYMO81i{IGOamDcr!@@~h10`}&Vw!TL>k28;kcugF& zFURq~zOnxM%D5{&d*<}ptAFNZC#^f4m$7+3BaH43IOBh??8}JiAi?5gmY12DA3xR{ zx^3kD$j!#EM4DGvap&QOhkG^7i;KSL&U<(tB&yt9v|&$0LwJotZ}Ai7ZCpL46kH$7J}-DWqb(}V}7T{g^k1Yy6kPcywH%jI(Kc{0C|0+)@!8(#=H0CPq>Ge0^I zy{2%Zi~G+7U9NF$7Z*R2FLEe(Wfs;m_2Ns@8P{?;uJw(8lTYuLU$PcO6>awKY*`#? z$unR7O^@9`SdXfAe$4c9p4?}BLSdKVUFnObfi1Jv-s!l~|H$*V$t~}lt*C4IpcW2& zaYfj5!aOY@&nCjxX|7+IN8+;+-^F;W?Z}+dS3dXU7R@GG`T5SkGwUzgy5>~8{Ib}u8&i)jTD^B?S+@{w5bX1DN1`ic=*zi2g2fWy~`l`aBF)(qz zndoWL1)KD$qL#9+o{Q*!O?yOa@al_=n|?JGoo@J9ep)lXza;QrMb=c|q>Qt+eDAvk zPnpctuJ4ZdW_SG|w@_4#X%iUlS$5l?f9{Tlh^tzKXE%r=j&&$^u5J~;DwM{w-dX&ctf zDd^^ULU&-@Kc+;N-3pS-=R7XozMyB~z$pJGwdu)&$_F19&b!^H;JK{m`di`=>5XfX z^XD|>($BnWBUbsmID6@sBy85vYduR%74#ZdAw0Ggn#NIUd=oE~<7g;8&bgzPfSMK==DEo7$!F delta 2192 zcmYk)3tWup8UXNSOt(q*p_?+@Q>y8vdfzXVE;1D(N>QP^RwPT5OzKctoQR&T>J-vx z+l@VTkW?$HjaXSfT@JQ&>1a`_qO(f-jQJhM{C@xWJ>U0y-}gN4`#yz_##q(&$5>6f zSZr2)Q3h){Tkc+N7b~xeCB;Uw5C_R41*C|SkTT*T6*L>EA~mFrG>|6JLfVLj=AgMq z2k9a`q>l{HJYfPjA~R%;ERZF#LJN>JvXOML7P^n-vEM92w#W|IBLQ+i zj>ri)BNwy?xgs|S`;9xN7S{VwE(m<77PK@o%FyJG(UoOX88q4$EtnBvWPgaLK;8*r z1)>v#3oR!|nk@1tCcB`}fiZw1$A}WF^P_6e>O;4I`q$JRMtrC)3|(PVp%sWGh^{hR z;5Sl};u0c|UO9tjDVYslmJoAUvaW=zmPIqZG#T)34jd{afwFs>{HPd`%7_iL6fla= zx{NBqNx-s=WyBCfOX+OrFC!~KLy2<0shl`Td*pz)5+B)FPP{}_iiAOS z6|t87X@l1XA`jU$m}suTWolPToBm&e60d5a#ro_z<{xAZ>(e{p|7SqG7SDm!k`Opr zOZ;W^_`0|kR7jW0Di^9!d5CUfCcHrG9geJ|P7qZGzcYl$7V&Ww&XO%z;66cAA<&XqL7F-JMUrJnIV|Y7%;-suSy7$=T=1bOFsp%@ zK!7i;hY4SrAf3)ka4sRvQ1uN~HS(v45M4$b;Hp180-_u|;O0uggT+7;Ve3*F3x)TI z8a!P}D`eUH02&7oZHzk11W*-FTZRk$_!`dm1~@Q<@45+TFo;5NY7Psj2V6NtY^8JW zEZctEni}bh8$(+$R?`lm#<1QRC&@dA>KCVAkQ9V1S9?-JXb7S%5H(IrfE!HLg1sxF zDH#u@qGS+Wq|TD&i&Qcfyp$LYR7?_kh%RE3fXGuz$%db4_%Qstjw(r>UuHfiD<*B+ z61O>iyL8nC68?2&u@?K+|G|s4{X?FW zPNZ&i)ROw*#Z@-!n4x>)c_TmhOEi0#cbbCC$xHOP#%k~PI%`}?SI0KrQkE1=yj@`) zY4f$Y_H@BxtAWdI`61S7vpRAYB|0P&g4-~YE0zlwIzDz$c(xnhzBz10@x=q(7Zwe}93D97{VZmP(3t%lt#hqh}4wcRdtv2vl8*(Isa{5vx)c5ruabP=o-cq%Ac z9|$<`PL-w1ad6}a6lqmoSo~B-r^TZI?)iyr_N6ZAuL`Yf>Q?w>`bh5Hnyu3C>-HO}L7nZ0xk)6Ked=uOF!OI11H zW)s#+22}Q&HR{D_pUj#xY~1#=Zdj-z$SANmo}BnZcS1j%NiZ>0d)Q-V-F9=Tb7|!~ zg`y>Y@80usZgAv&_~Lb2a)mOp4%+NLm<^Ri(MQiFPV-6&e$05Np89G^-El;R%LKK1d9N9a zdheIkV=x{hUgyf|x^7amSL@jE73mGe%4x%#o`}gKPln&yb^fWKHdy>Oiw8afM^0<4 z{;DYN-ow+I`$k_ko%FmbXQPuC)L*>CcX_9%-v36Fo}Fv!S5E8W9&3A52!rd>$G)xX zt@%ECo#Wk;Z)g7!Z5L<_=Y20n>=d3q@j~I6?Z(Y??f9C5AL1A8aO~jRO}Oq@qg!D5 zM_8zbSx-i`q!-HlhQrL-Us9oY(UaR#w8qQuV1MfubHDNU*Q=I>F8|!^VRzL#4L9=N n4?WkJTxz(!zkSu5VkOH9gM0ONwe`+~wzpoePzh9%`}q3{LM)&K diff --git a/agents/MeshService-signed.exe b/agents/MeshService-signed.exe index 29a02b75298e87a64bb6afcca647441e09ca5087..e22a5e92199ce8b6e9d37473a76a609db5960971 100644 GIT binary patch delta 751 zcmWl|doU9K901_04MXx87N#tU*vvLvDC_c^lhbgSIXQ$LOB_LQ&-Oc^@d{*cG1X-6y<5w0^bnSOnDUxQkWY=F(hNYo&gdYg+Ba*_Yl}-~s3XJ>fxk z2zo(pco_OXUr2-`=m*KrznzPue3~((P-y`H zknlEJ;+(o?v`u*V!d0nwg5ZM0G(dhs;_-}RH7aFc`b*TG4W(x|qd{J6vuAr|7>lM7(OfLEbZN;^ z!70n`F!N05VhLT(>3f7v)hg@M<|seJvHVrC?XOoSBpV-x12}eRTn6@={Z1pIo4^v- ziz+>?bY)PP{?16PPw9%fd`$MG#3~P!Zk0PC=Va!rpQ45~X0yxgYIwxlQR)2j0L`4t z9x_U1yz9Ic(o$~~XX+J#Mfshoa-1K!8q>k(3lj~Jwp>E==i4rI4%F$N^pTs}A0?Dz z)x=w9C(mAgM;i)u7e<PzdltoJb delta 751 zcmWl|X)GH67ywW$YDTryQg^4Qv!h*P2#LguA7(5wOP57r2Vrs4IUPkED>0N*9W(53 zG*M$z%4UX)cBlw#hGLCo5-QE6Hb?B+OJ0vmhUkF<`3S=)EuF(cRI(8NBcUNQg2oU9 zP2dG+3NJ!4Xb#cP0%9N*;-DqOLjtsd){qEope?k6_Rs-3LMKRqm!LBwLl@`@-5>?J zLl5W)y`VSrfmC=I`a(ZQ6SEL>`8LYWpHBC`(iE$v$FVbQHNjTmg5Zx%b{NlIm$cq6 z?7L?u+jvE7!jOBf)lkPBGEwg0CMuq_W-GnZWKs@V6frZueegTqt4^7-fM5tRkX`RH zkDOHkMt4JWcB`Q7d*gAoe_HWPUCve3U9JDx*n`dV74Dp0l44h<=ic{SeW>qmq&qm1 zH^hgMuoOHL}&V*hacTQ zP|eooF|T(5GsK*!#5i{D9+CPg-cea9KV>dUL`A9f;bw=AarQcEX3TU4j`~uvoi}+N z5<9ny?$f%sc3M0+TIYWqpZPT_Khb?==j`;~NKTkG4kXMY>@Cj?m;5o@P*0O) z_sR*h=L5*CN<#aKmFDIjOGoP@DQ^-pJRstmY-ZSmrPz;Xux&+2W$s-v^uB>+pWDJ# WpDgBtW^M3|XeEcJJwN;B5A7N?O5xy&tA z*xl5Lt-149%&Q}@Saj`b8JfL1BJAf! zyU4obQ5D-A-_|yjJ9=~v{a^#7HVVc1{F{`7AhDMc0@J9&+>E(VrRODeZejFOTiKIEjv3bJg$$g-qgizeV{NWIL!@B?M<)6 znI2{hrbaTIugPi;${27LOdakf=6-!j(G07GYAo*z%p7}BUV+OicEI_wb*OQz&>&U$ z8b$JZH>w`cq}kfRrUX|bB~OZvEm@e+w^4;Z>WN1pX!VR)tVI{Lq)(R=p)c_}sfrlM zG`E$Gk8{>ndmW{3Y+%>Q2Uvy0XJ{Ai+We5kAxK(|e%^^59>x~tK z$&qs8;x9Z+@STcXpJKn{RJa)m@|3;T+e|*@@Ua@E+T*#?+sZonwRth6Z0la=q`vc3 z@u=Uz=3l;MIpw5RqONpBNvPzhRDUQD%IN8^MtqTUUAr*eD;E`P+!P&4d}BS^vz_M9 NqRO#bO;wN(h<`5sKoI}{ delta 730 zcmWl|2~1J}7yw{UK)gayOnoFOXgu*Gap`Q$TBs{vn%E?pM>(Cx%Eru*3$K|pkCI9} zr_PB-8aWLt<}sI+%A8l_k(HXQRB~u}%vyin_O-~nu`N)Qg*A%V%9mj8NwEJLL1T!6 zcu0UIkO)no88n9$&=MYjBxnW6@F=u~Hjn~s;W20j?V$riAQc{mj*teOpfhxVbjX0N z&<&n|Oo&2v$buef3D$EGPw?Te*&P3ha1&3VG|hO6|0#WZxgY`Kb#3kU(nLpNXJeQ^ zUN#>=Dj>VEZuu_W_Eudjp!#II9`%oMbhkr()C?0HpC``C%MSXKmGnHiLp4pu{Hr>n zKg@4jK!53TrHYZdVe9Glz4nhhkRj$fQNRK!9(;J8msqQ=CI@#kU-}a(+ThJu>ZQ|) zQukbE?i246>HhcG?dEqa_AxL5`EID|WYXx0h$5mh%eJG3d*A^@tF}HnZU}TA3)Q|dW zH8OEl8sc2rU0)UdF(*?JCVa4}!&p3UAo=E{A+l}bH}RRMp?zk8W0TqZfxSj+!uN!4 P>Z{fff_Keh0|xUC(NQ{i diff --git a/agents/meshcmd.js b/agents/meshcmd.js index ff776c63..fd39f8a5 100644 --- a/agents/meshcmd.js +++ b/agents/meshcmd.js @@ -537,64 +537,66 @@ function run(argv) { var amtMeiModule, amtMei; try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { console.log(ex); exit(1); return; } amtMei.on('error', function (e) { console.log('ERROR: ' + e); exit(1); return; }); - amtMei.getVersion(function (result) { - if (result) { - for (var version in result.Versions) { - if (result.Versions[version].Description == 'AMT') { mestate.ver = result.Versions[version].Version; } - if (result.Versions[version].Description == 'Sku') { mestate.sku = parseInt(result.Versions[version].Version); } - } - } - }); - amtMei.getProvisioningState(function (result) { if (result) { mestate.ProvisioningState = result; } }); - amtMei.getProvisioningMode(function (result) { if (result) { mestate.ProvisioningMode = result; } }); - amtMei.getEHBCState(function (result) { if (result) { mestate.ehbc = result; } }); - amtMei.getControlMode(function (result) { if (result) { mestate.controlmode = result; } }); - amtMei.getMACAddresses(function (result) { if (result) { mestate.mac = result; } }); - amtMei.getLanInterfaceSettings(0, function (result) { if (result) { mestate.net0 = result; } }); - amtMei.getLanInterfaceSettings(1, function (result) { if (result) { mestate.net1 = result; } }); - amtMei.getUuid(function (result) { if ((result != null) && (result.uuid != null)) { mestate.uuid = result.uuid; } }); - amtMei.getDnsSuffix(function (result) { - if (result) { mestate.dns = result; } - if (mestate.ver && mestate.ProvisioningState && mestate.ProvisioningMode) { - var str = 'Intel ME v' + mestate.ver; - if (mestate.sku & 8) { str = 'Intel AMT v' + mestate.ver } - else if (mestate.sku & 16) { str = 'Intel SM v' + mestate.ver } - if (mestate.ProvisioningState.stateStr == 'PRE') { str += ', pre-provisioning state'; } - else if (mestate.ProvisioningState.stateStr == 'IN') { str += ', in-provisioning state'; } - else if (mestate.ProvisioningState.stateStr == 'POST') { - if (mestate.ProvisioningMode) { - if (mestate.controlmode) { - if (mestate.ProvisioningMode.modeStr == 'ENTERPRISE') { str += ', activated in ' + ["none", "client control mode", "admin control mode", "remote assistance mode"][mestate.controlmode.controlMode]; } else { str += ', activated in ' + mestate.ProvisioningMode.modeStr; } - } else { - str += ', activated in ' + mestate.ProvisioningMode.modeStr; - } + try { + amtMei.getVersion(function (result) { + if (result) { + for (var version in result.Versions) { + if (result.Versions[version].Description == 'AMT') { mestate.ver = result.Versions[version].Version; } + if (result.Versions[version].Description == 'Sku') { mestate.sku = parseInt(result.Versions[version].Version); } } } - if ((mestate.ehbc) && (mestate.ehbc.EHBC == true)) { str += ', EHBC enabled'; } - str += '.'; - if (mestate.net0 != null) { str += '\r\nWired ' + ((mestate.net0.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net0.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net0.mac + (mestate.net0.address == '0.0.0.0' ? '' : (', ' + mestate.net0.address)); } - if (mestate.net1 != null) { str += '\r\nWireless ' + ((mestate.net1.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net1.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net1.mac + (mestate.net1.address == '0.0.0.0' ? '' : (', ' + mestate.net1.address)); } - if ((mestate.ProvisioningState.stateStr != 'POST') && (mestate.net0 != null) && (mestate.net0.enabled == 1)) { - if (mestate.dns != null) { - // Intel AMT has a trusted DNS suffix set, use that one. - str += '\r\nTrusted DNS suffix: ' + mestate.dns; - } else { - // Look for the DNS suffix for the Intel AMT Ethernet interface - var fqdn = null, interfaces = require('os').networkInterfaces(); - for (var i in interfaces) { - for (var j in interfaces[i]) { - if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { fqdn = interfaces[i][j].fqdn; } + }); + amtMei.getProvisioningState(function (result) { if (result) { mestate.ProvisioningState = result; } }); + amtMei.getProvisioningMode(function (result) { if (result) { mestate.ProvisioningMode = result; } }); + amtMei.getEHBCState(function (result) { if (result) { mestate.ehbc = result; } }); + amtMei.getControlMode(function (result) { if (result) { mestate.controlmode = result; } }); + amtMei.getMACAddresses(function (result) { if (result) { mestate.mac = result; } }); + amtMei.getLanInterfaceSettings(0, function (result) { if (result) { mestate.net0 = result; } }); + amtMei.getLanInterfaceSettings(1, function (result) { if (result) { mestate.net1 = result; } }); + amtMei.getUuid(function (result) { if ((result != null) && (result.uuid != null)) { mestate.uuid = result.uuid; } }); + amtMei.getDnsSuffix(function (result) { + if (result) { mestate.dns = result; } + if (mestate.ver && mestate.ProvisioningState && mestate.ProvisioningMode) { + var str = 'Intel ME v' + mestate.ver; + if (mestate.sku & 8) { str = 'Intel AMT v' + mestate.ver } + else if (mestate.sku & 16) { str = 'Intel SM v' + mestate.ver } + if (mestate.ProvisioningState.stateStr == 'PRE') { str += ', pre-provisioning state'; } + else if (mestate.ProvisioningState.stateStr == 'IN') { str += ', in-provisioning state'; } + else if (mestate.ProvisioningState.stateStr == 'POST') { + if (mestate.ProvisioningMode) { + if (mestate.controlmode) { + if (mestate.ProvisioningMode.modeStr == 'ENTERPRISE') { str += ', activated in ' + ["none", "client control mode", "admin control mode", "remote assistance mode"][mestate.controlmode.controlMode]; } else { str += ', activated in ' + mestate.ProvisioningMode.modeStr; } + } else { + str += ', activated in ' + mestate.ProvisioningMode.modeStr; } } - if (fqdn != null) { str += '\r\nDNS suffix: ' + fqdn; } } + if ((mestate.ehbc) && (mestate.ehbc.EHBC == true)) { str += ', EHBC enabled'; } + str += '.'; + if (mestate.net0 != null) { str += '\r\nWired ' + ((mestate.net0.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net0.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net0.mac + (mestate.net0.address == '0.0.0.0' ? '' : (', ' + mestate.net0.address)); } + if (mestate.net1 != null) { str += '\r\nWireless ' + ((mestate.net1.enabled == 1) ? 'Enabled' : 'Disabled') + ((mestate.net1.dhcpEnabled == 1) ? ', DHCP' : ', Static') + ', ' + mestate.net1.mac + (mestate.net1.address == '0.0.0.0' ? '' : (', ' + mestate.net1.address)); } + if ((mestate.ProvisioningState.stateStr != 'POST') && (mestate.net0 != null) && (mestate.net0.enabled == 1)) { + if (mestate.dns != null) { + // Intel AMT has a trusted DNS suffix set, use that one. + str += '\r\nTrusted DNS suffix: ' + mestate.dns; + } else { + // Look for the DNS suffix for the Intel AMT Ethernet interface + var fqdn = null, interfaces = require('os').networkInterfaces(); + for (var i in interfaces) { + for (var j in interfaces[i]) { + if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { fqdn = interfaces[i][j].fqdn; } + } + } + if (fqdn != null) { str += '\r\nDNS suffix: ' + fqdn; } + } + } + console.log(str + '.'); + } else { + console.log('Intel(R) AMT not supported.'); } - console.log(str + '.'); - } else { - console.log('Intel(R) AMT not supported.'); - } - exit(1); - }); + exit(1); + }); + } catch (ex) { console.log("Unable to perform MEI operations, try running as administrator."); exit(1); return; } } else if (settings.action == 'amtinfodebug') { // Display Intel AMT version and activation state getMeiState(15, function (state) { console.log(JSON.stringify(state, null, 2)); exit(1); }); // Flags: 1 = Versions, 2 = OsAdmin, 4 = Hashes, 8 = Network @@ -1133,20 +1135,23 @@ function startMeshCommander() { // function configureAmt() { - console.log('Starting Intel AMT configuration...'); settings.noconsole = true; startLms(configureAmt2, amtMei); } function configureAmt2() { getMeiState(15, function (state) { // Flags: 1 = Versions, 2 = OsAdmin, 4 = Hashes, 8 = Network + if (state == null) { console.log('Unable to get Intel AMT state, try running as administrator.'); exit(1); return; } + if (state.ProvisioningState == null) { console.log('Intel AMT not ready for configuration.'); exit(1); return; } + console.log('Starting Intel AMT configuration...'); + // Connect to MPS and start APF relay var apfarg = { mpsurl: settings.url, mpsuser: settings.id.substring(0, 16), mpspass: settings.id.substring(0, 16), mpskeepalive: 60000, - clientname: require('os').hostname(), + clientname: state.OsHostname, clientaddress: '127.0.0.1', clientuuid: state.UUID, conntype: 2, // 0 = CIRA, 1 = Relay, 2 = LMS. The correct value is 2 since we are performing an LMS relay. @@ -1306,36 +1311,38 @@ function activeToACM() { var amtMeiModule, amtMei; try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { console.log(ex); exit(1); return; } amtMei.on('error', function (e) { console.log('ERROR: ' + e); exit(1); return; }); - amtMei.getProvisioningState(function (result) { if (result) { mestate.ProvisioningState = result; } }); - amtMei.getVersion(function (val) { mestate.vers = {}; if (val != null) { for (var version in val.Versions) { mestate.vers[val.Versions[version].Description] = val.Versions[version].Version; } } }); - amtMei.getLanInterfaceSettings(0, function (result) { if (result) { mestate.net0 = result; } }); - amtMei.getUuid(function (result) { if ((result != null) && (result.uuid != null)) { mestate.uuid = result.uuid; } }); - amtMei.getControlMode(function (result) { if (result != null) { mestate.controlMode = result.controlMode; } }); // controlMode: 0 = NoActivated, 1 = CCM, 2 = ACM - amtMei.getDnsSuffix(function (result) { - if ((mestate.vers == null) || (mestate.vers['AMT'] == null)) { console.log("Unable to get Intel AMT version."); exit(100); return; } - if (mestate.ProvisioningState == null) { console.log("Unable to read Intel AMT activation state."); exit(100); return; } - if ((settings.action != 'amtdiscover') && (mestate.controlMode == 2)) { console.log("Intel AMT already activation in admin control mode."); exit(100); return; } - if (mestate.uuid == null) { console.log("Unable to get Intel AMT UUID."); exit(100); return; } - var fqdn = null; - if ((mestate.net0 == null) && (meinfo.net0.enabled != 0)) { console.log("No Intel AMT wired interface, can't perform ACM activation."); exit(100); return; } - if (result) { fqdn = result; } // If Intel AMT has a trusted DNS suffix set, use that one. - else { - // Look for the DNS suffix for the Intel AMT Ethernet interface - var interfaces = require('os').networkInterfaces(); - for (var i in interfaces) { - for (var j in interfaces[i]) { - if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { fqdn = interfaces[i][j].fqdn; } + try { + amtMei.getProvisioningState(function (result) { if (result) { mestate.ProvisioningState = result; } }); + amtMei.getVersion(function (val) { mestate.vers = {}; if (val != null) { for (var version in val.Versions) { mestate.vers[val.Versions[version].Description] = val.Versions[version].Version; } } }); + amtMei.getLanInterfaceSettings(0, function (result) { if (result) { mestate.net0 = result; } }); + amtMei.getUuid(function (result) { if ((result != null) && (result.uuid != null)) { mestate.uuid = result.uuid; } }); + amtMei.getControlMode(function (result) { if (result != null) { mestate.controlMode = result.controlMode; } }); // controlMode: 0 = NoActivated, 1 = CCM, 2 = ACM + amtMei.getDnsSuffix(function (result) { + if ((mestate.vers == null) || (mestate.vers['AMT'] == null)) { console.log("Unable to get Intel AMT version."); exit(100); return; } + if (mestate.ProvisioningState == null) { console.log("Unable to read Intel AMT activation state."); exit(100); return; } + if ((settings.action != 'amtdiscover') && (mestate.controlMode == 2)) { console.log("Intel AMT already activation in admin control mode."); exit(100); return; } + if (mestate.uuid == null) { console.log("Unable to get Intel AMT UUID."); exit(100); return; } + var fqdn = null; + if ((mestate.net0 == null) && (meinfo.net0.enabled != 0)) { console.log("No Intel AMT wired interface, can't perform ACM activation."); exit(100); return; } + if (result) { fqdn = result; } // If Intel AMT has a trusted DNS suffix set, use that one. + else { + // Look for the DNS suffix for the Intel AMT Ethernet interface + var interfaces = require('os').networkInterfaces(); + for (var i in interfaces) { + for (var j in interfaces[i]) { + if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { fqdn = interfaces[i][j].fqdn; } + } } } - } - if (fqdn != null) { - settings.fqdn = fqdn; - settings.uuid = mestate.uuid; - getTrustedHashes(amtMei, function () { startLms(getFwNonce, amtMei); }); - } else { - console.log("Trusted DNS suffix not set, can't perform ACM activation."); exit(100); return; - } - }); + if (fqdn != null) { + settings.fqdn = fqdn; + settings.uuid = mestate.uuid; + getTrustedHashes(amtMei, function () { startLms(getFwNonce, amtMei); }); + } else { + console.log("Trusted DNS suffix not set, can't perform ACM activation."); exit(100); return; + } + }); + } catch (ex) { console.log("Unable to perform MEI operations, try running as administrator."); exit(1); return; } } // Gets the FWNonce from AMT and saves it to a file. @@ -1719,7 +1726,7 @@ function startLms(func, lmscommander, tag) { //console.log("PTHI Connected."); console.log('Setting up LME...'); - amtLms = new lme_heci({ debug: settings.lmsdebug }); + try { amtLms = new lme_heci({ debug: settings.lmsdebug }); } catch (ex) { if (func != null) { func(0, tag); } return; } amtLms.promise = ret; amtLms.on('error', function (e) { //console.log('LME connection failed', e); @@ -1835,6 +1842,7 @@ function setupMeiOsAdmin(func, state, tag) { if (func) { func(state, tag); } } else { amtMei.getLocalSystemAccount(function (x) { + if ((x == null) || (x.user == null) || (x.pass == null)) { if (func) { func(state, tag); } return; } // No OsAdmin, stop here. var transport = require('amt-wsman-duk'); var wsman = require('amt-wsman'); var amt = require('amt'); @@ -2957,7 +2965,7 @@ function getMeiState(flags, func) { try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { func(null); return; } amtMei.on('error', function (e) { func(null); return; }); try { - var amtMeiTmpState = { Flags: 0 }; // Flags: 1=EHBC, 2=CCM, 4=ACM + var amtMeiTmpState = { OsHostname: require('os').hostname(), Flags: 0 }; // Flags: 1=EHBC, 2=CCM, 4=ACM amtMei.getProtocolVersion(function (result) { if (result != null) { amtMeiTmpState.MeiVersion = result; } }); if ((flags & 1) != 0) { amtMei.getVersion(function (result) { if (result) { amtMeiTmpState.Versions = {}; for (var version in result.Versions) { amtMeiTmpState.Versions[result.Versions[version].Description] = result.Versions[version].Version; } } }); } amtMei.getProvisioningMode(function (result) { if (result) { amtMeiTmpState.ProvisioningMode = result.mode; } }); @@ -2980,7 +2988,7 @@ function getMeiState(flags, func) { amtMei.getDnsSuffix(function (result) { if (result != null) { amtMeiTmpState.DnsSuffix = result; } if ((flags & 4) == 0) { if (func != null) { func(amtMeiTmpState); } } }); if ((flags & 4) != 0) { amtMei.getHashHandles(function (handles) { - if (handles != null) { amtMeiTmpState.Hashes = []; } else { func(amtMeiTmpState); } + if ((handles != null) && (handles.length > 0)) { amtMeiTmpState.Hashes = []; } else { func(amtMeiTmpState); } var exitOnCount = handles.length; for (var i = 0; i < handles.length; ++i) { this.getCertHashEntry(handles[i], function (hashresult) { amtMeiTmpState.Hashes.push(hashresult); if (--exitOnCount == 0) { if (func != null) { func(amtMeiTmpState); } } }); } }); diff --git a/agents/meshcore.js b/agents/meshcore.js index 45c7622b..d252b5e5 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -3545,32 +3545,34 @@ function createMeshCore(agent) { if (amt == null) { response = "No Intel AMT support delected"; break; } getMeiState(15, function (state) { var rx = ''; - var apfarg = { - mpsurl: mesh.ServerUrl.replace('agent.ashx', 'apf.ashx'), - mpsuser: Buffer.from(mesh.ServerInfo.MeshID, 'hex').toString('base64').substring(0, 16), - mpspass: Buffer.from(mesh.ServerInfo.MeshID, 'hex').toString('base64').substring(0, 16), - mpskeepalive: 60000, - clientname: require('os').hostname(), - clientaddress: '127.0.0.1', - clientuuid: state.UUID, - conntype: 2, // 0 = CIRA, 1 = Relay, 2 = LMS. The correct value is 2 since we are performing an LMS relay, other values for testing. - meiState: state // MEI state will be passed to MPS server - }; - if ((state.UUID == null) || (state.UUID.length != 36)) { - rx = "Unable to get Intel AMT UUID"; - } else { - apftunnel = require('apfclient')({ debug: false }, apfarg); - apftunnel.onJsonControl = function (data) { - if (data.action == 'console') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); } // Display a console message - if (data.action == 'mestate') { getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state - if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection - } - apftunnel.onChannelClosed = function () { apftunnel = null; } - try { - apftunnel.connect(); - rx = "Started Intel AMT configuration"; - } catch (ex) { - rx = JSON.stringify(ex); + if ((state == null) || (state.ProvisioningState == null)) { rx = "Intel AMT not ready for configuration."; } else { + var apfarg = { + mpsurl: mesh.ServerUrl.replace('agent.ashx', 'apf.ashx'), + mpsuser: Buffer.from(mesh.ServerInfo.MeshID, 'hex').toString('base64').substring(0, 16), + mpspass: Buffer.from(mesh.ServerInfo.MeshID, 'hex').toString('base64').substring(0, 16), + mpskeepalive: 60000, + clientname: state.OsHostname, + clientaddress: '127.0.0.1', + clientuuid: state.UUID, + conntype: 2, // 0 = CIRA, 1 = Relay, 2 = LMS. The correct value is 2 since we are performing an LMS relay, other values for testing. + meiState: state // MEI state will be passed to MPS server + }; + if ((state.UUID == null) || (state.UUID.length != 36)) { + rx = "Unable to get Intel AMT UUID"; + } else { + apftunnel = require('apfclient')({ debug: false }, apfarg); + apftunnel.onJsonControl = function (data) { + if (data.action == 'console') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: data.msg }); } // Display a console message + if (data.action == 'mestate') { getMeiState(15, function (state) { apftunnel.updateMeiState(state); }); } // Update the MEI state + if (data.action == 'close') { try { apftunnel.disconnect(); } catch (e) { } apftunnel = null; } // Close the CIRA-LMS connection + } + apftunnel.onChannelClosed = function () { apftunnel = null; } + try { + apftunnel.connect(); + rx = "Started Intel AMT configuration"; + } catch (ex) { + rx = JSON.stringify(ex); + } } } if (rx != '') { require('MeshAgent').SendCommand({ action: 'msg', type: 'console', value: rx }); } @@ -3840,7 +3842,7 @@ function createMeshCore(agent) { try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { func(null); return; } amtMei.on('error', function (e) { func(null); return; }); try { - var amtMeiTmpState = { Flags: 0 }; // Flags: 1=EHBC, 2=CCM, 4=ACM + var amtMeiTmpState = { OsHostname: require('os').hostname(), Flags: 0 }; // Flags: 1=EHBC, 2=CCM, 4=ACM amtMei.getProtocolVersion(function (result) { if (result != null) { amtMeiTmpState.MeiVersion = result; } }); if ((flags & 1) != 0) { amtMei.getVersion(function (result) { if (result) { amtMeiTmpState.Versions = {}; for (var version in result.Versions) { amtMeiTmpState.Versions[result.Versions[version].Description] = result.Versions[version].Version; } } }); } amtMei.getProvisioningMode(function (result) { if (result) { amtMeiTmpState.ProvisioningMode = result.mode; } }); @@ -3863,7 +3865,7 @@ function createMeshCore(agent) { amtMei.getDnsSuffix(function (result) { if (result != null) { amtMeiTmpState.DnsSuffix = result; } if ((flags & 4) == 0) { if (func != null) { func(amtMeiTmpState); } } }); if ((flags & 4) != 0) { amtMei.getHashHandles(function (handles) { - if (handles != null) { amtMeiTmpState.Hashes = []; } else { func(amtMeiTmpState); } + if ((handles != null) && (handles.length > 0)) { amtMeiTmpState.Hashes = []; } else { func(amtMeiTmpState); } var exitOnCount = handles.length; for (var i = 0; i < handles.length; ++i) { this.getCertHashEntry(handles[i], function (hashresult) { amtMeiTmpState.Hashes.push(hashresult); if (--exitOnCount == 0) { if (func != null) { func(amtMeiTmpState); } } }); } }); diff --git a/amtmanager.js b/amtmanager.js index 5caacfd0..fb3e788c 100644 --- a/amtmanager.js +++ b/amtmanager.js @@ -443,6 +443,7 @@ module.exports.CreateAmtManager = function(parent) { if (dev.aquired.version && (typeof dev.aquired.version == 'string') && (dev.aquired.version != device.intelamt.ver)) { change = 1; log = 1; device.intelamt.ver = dev.aquired.version; changes.push('AMT version'); } if (dev.aquired.user && (typeof dev.aquired.user == 'string') && (dev.aquired.user != device.intelamt.user)) { change = 1; log = 1; device.intelamt.user = dev.aquired.user; changes.push('AMT user'); } if (dev.aquired.pass && (typeof dev.aquired.pass == 'string') && (dev.aquired.pass != device.intelamt.pass)) { change = 1; log = 1; device.intelamt.pass = dev.aquired.pass; changes.push('AMT pass'); } + if (dev.aquired.host && (typeof dev.aquired.host == 'string') && (dev.aquired.host != device.host)) { change = 1; log = 1; device.host = dev.aquired.host; changes.push('host'); } if (dev.aquired.realm && (typeof dev.aquired.realm == 'string') && (dev.aquired.realm != device.intelamt.realm)) { change = 1; log = 1; device.intelamt.realm = dev.aquired.realm; changes.push('AMT realm'); } if (dev.aquired.hash && (typeof dev.aquired.hash == 'string') && (dev.aquired.hash != device.intelamt.hash)) { change = 1; log = 1; device.intelamt.hash = dev.aquired.hash; changes.push('AMT hash'); } if (dev.aquired.tls && (typeof dev.aquired.tls == 'number') && (dev.aquired.tls != device.intelamt.tls)) { change = 1; log = 1; device.intelamt.tls = dev.aquired.tls; changes.push('AMT TLS'); } @@ -469,7 +470,6 @@ module.exports.CreateAmtManager = function(parent) { if (parent.db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the node. Another event will come. parent.DispatchEvent(parent.webserver.CreateMeshDispatchTargets(device.meshid, [device._id]), obj, event); } - }); } @@ -703,7 +703,7 @@ module.exports.CreateAmtManager = function(parent) { const domain = parent.config.domains[dev.domainid]; var serverName = 'MeshCentral'; if ((domain != null) && (domain.title != null)) { serverName = domain.title; } - const certattributes = { 'CN': commonName, 'O': serverName, 'ST': serverName, 'C': serverName }; + const certattributes = { 'CN': commonName, 'O': serverName, 'ST': 'MC', 'C': 'MC' }; const issuerattributes = { 'CN': obj.rootCertCN }; const xxCaPrivateKey = obj.parent.certificates.root.key; @@ -781,7 +781,7 @@ module.exports.CreateAmtManager = function(parent) { const dev = stack.dev; if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request. if (status != 200) { dev.consoleMsg("Failed perform commit (" + status + ")."); removeAmtDevice(dev); return; } - dev.consoleMsg("Enabled TLS"); + dev.consoleMsg("Enabled TLS."); // Update device in the database dev.aquired.tls = 1; @@ -1205,7 +1205,7 @@ module.exports.CreateAmtManager = function(parent) { } function activateIntelAmtCcm(dev, password) { - console.log('Intel AMT CCM Activation Required: ' + dev.name, dev.nodeid); + // Generate a random Intel AMT password if needed if ((password == null) || (password == '')) { password = getRandomAmtPassword(); } dev.temp = { pass: password }; @@ -1229,13 +1229,15 @@ module.exports.CreateAmtManager = function(parent) { const dev = stack.dev; if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request. if (status != 200) { dev.consoleMsg("Failed to activate Intel AMT to CCM."); removeAmtDevice(dev); return; } - obj.parent.mpsserver.SendJsonControl(dev.mpsConnection, { action: 'mestate' }); // Request an MEI state refresh // Update the device dev.aquired = {}; dev.aquired.controlMode = 1; // 1 = CCM, 2 = ACM var verSplit = dev.amtstack.wsman.comm.amtVersion.split('.'); if (verSplit.length >= 3) { dev.aquired.version = verSplit[0] + '.' + verSplit[1] + '.' + verSplit[2]; dev.aquired.majorver = parseInt(verSplit[0]); dev.aquired.minorver = parseInt(verSplit[1]); } + if ((typeof dev.mpsConnection.tag.meiState.OsHostname == 'string') && (typeof dev.mpsConnection.tag.meiState.OsDnsSuffix == 'string')) { + dev.aquired.host = dev.mpsConnection.tag.meiState.OsHostname + '.' + dev.mpsConnection.tag.meiState.OsDnsSuffix; + } dev.aquired.realm = dev.amtstack.wsman.comm.digestRealm; dev.aquired.user = 'admin'; dev.aquired.pass = dev.temp.pass; @@ -1244,6 +1246,7 @@ module.exports.CreateAmtManager = function(parent) { UpdateDevice(dev); // Success, switch to managing this device + obj.parent.mpsserver.SendJsonControl(dev.mpsConnection, { action: 'mestate' }); // Request an MEI state refresh dev.consoleMsg("Succesfully activated Intel AMT in CCM mode."); // Wait 8 seconds before attempting to manage this device in CCM