Improved AMT policy dialog.

This commit is contained in:
Ylian Saint-Hilaire 2020-10-26 00:22:22 -07:00
parent 6fb8beb164
commit add724419e
5 changed files with 836 additions and 792 deletions

View File

@ -1130,7 +1130,7 @@ module.exports.CreateAmtManager = function (parent) {
if (responses['IPS_HTTPProxyService'].status == 400) { delete responses['IPS_HTTPProxyService']; }
for (var i in responses) { if (responses[i].status != 200) { status = responses[i].status; } }
}
if (status != 200) { dev.consoleMsg("Failed get CIRA state (" + status + ")."); removeAmtDevice(dev); return; }
if (status != 200) { dev.consoleMsg("Failed to get CIRA state (" + status + ")."); removeAmtDevice(dev); return; }
if ((responses['AMT_UserInitiatedConnectionService'] == null) || (responses['AMT_UserInitiatedConnectionService'].response == null)) { dev.consoleMsg("Invalid CIRA state."); removeAmtDevice(dev); return; }
dev.cira = {};

View File

@ -18,7 +18,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
const fs = require('fs');
const path = require('path');
const common = parent.common;
// Cross domain messages, for cross-domain administrators only.
const allowedCrossDomainMessages = ['accountcreate', 'accountremove', 'accountchange', 'createusergroup', 'deleteusergroup', 'usergroupchange'];
@ -3306,11 +3305,11 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (common.validateObject(command.amtpolicy) == false) break; // Check the amtpolicy
if (common.validateInt(command.amtpolicy.type, 0, 4) == false) break; // Check the amtpolicy.type
if (command.amtpolicy.type === 2) {
if (common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
if ((command.amtpolicy.password != null) && (common.validateString(command.amtpolicy.password, 0, 32) == false)) break; // Check the amtpolicy.password
if ((command.amtpolicy.badpass != null) && common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
if (common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
} else if (command.amtpolicy.type === 3) {
if (common.validateString(command.amtpolicy.password, 0, 32) == false) break; // Check the amtpolicy.password
if ((command.amtpolicy.password != null) && (common.validateString(command.amtpolicy.password, 0, 32) == false)) break; // Check the amtpolicy.password
if ((command.amtpolicy.badpass != null) && common.validateInt(command.amtpolicy.badpass, 0, 1) == false) break; // Check the amtpolicy.badpass
if (common.validateInt(command.amtpolicy.cirasetup, 0, 2) == false) break; // Check the amtpolicy.cirasetup
}
@ -3326,11 +3325,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Perform the Intel AMT policy change
change = 'Intel AMT policy change';
var amtpolicy = { type: command.amtpolicy.type };
if ((command.amtpolicy.type === 2) || (command.amtpolicy.type === 3)) { amtpolicy = { type: command.amtpolicy.type, password: command.amtpolicy.password, badpass: command.amtpolicy.badpass, cirasetup: command.amtpolicy.cirasetup }; }
if ((command.amtpolicy.type === 2) || (command.amtpolicy.type === 3)) {
amtpolicy = { type: command.amtpolicy.type, badpass: command.amtpolicy.badpass, cirasetup: command.amtpolicy.cirasetup };
if ((command.amtpolicy.password == null) && (mesh.amt != null) && (typeof mesh.amt.password == 'string')) { amtpolicy.password = mesh.amt.password; } // Keep the last password
if ((typeof command.amtpolicy.password == 'string') && (command.amtpolicy.password.length >= 8)) { amtpolicy.password = command.amtpolicy.password; } // Set a new password
}
mesh.amt = amtpolicy;
db.Set(mesh);
var amtpolicy2 = Object.assign({}, amtpolicy); // Shallow clone
delete amtpolicy2.password;
if (amtpolicy2.password != null) { amtpolicy2.password = 1; }
var event = { etype: 'mesh', userid: user._id, username: user.name, meshid: mesh._id, amt: amtpolicy2, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id, invite: mesh.invite };
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(mesh, [user._id]), obj, event);

File diff suppressed because it is too large Load Diff

View File

@ -9528,7 +9528,9 @@
// Set the current Intel AMT policy
if (currentMesh.amt && (currentMesh.amt.type == 2) || (currentMesh.amt.type == 3)) {
Q('dp20amtpolicypass').value = currentMesh.amt.password;
if ((currentMesh.amt.type == 2) && (currentMesh.amt.badpass != null)) { Q('dp20amtbadpass').value = currentMesh.amt.badpass; }
if ((currentMesh.amt.type == 2) || (currentMesh.amt.type == 3)) {
if (currentMesh.amt.badpass != null) { Q('dp20amtbadpass').value = currentMesh.amt.badpass; }
}
if ((features & 0x400) == 0) { Q('dp20amtcira').value = currentMesh.amt.cirasetup; }
}
@ -9537,44 +9539,49 @@
function p20editMeshAmtChange() {
var ptype = Q('dp20amtpolicy').value, x = '';
if ((ptype >= 2) && (ptype < 4)) {
x = addHtmlValue("Password*", '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
x += addHtmlValue("Password*", '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
x += addHtmlValue("Password mismatch", '<select id=dp20amtbadpass style=width:230px><option value=0>' + "Do nothing" + '</option><option value=1>' + "Reactivate Intel&reg; AMT" + '</option></select>');
if ((features & 0x400) == 0) { x += addHtmlValue('<span title="' + "Client Initiated Remote Access" + '">' + "CIRA" + '</span>', '<select id=dp20amtcira style=width:230px><option value=0>' + "Don't configure" + '</option><option value=1>' + "Don't connect to server" + '</option><option value=2>' + "Connect to server" + '</option></select>'); }
x += '<br/><span style="font-size:10px">' + "* Leave blank to assign a random password to each device." + '</span><br/>';
if (currentMesh.mtype == 2) {
if (ptype == 2) {
x += '<span style="font-size:10px">' + "This policy will not impact devices with Intel&reg; AMT in ACM mode." + '</span><br/>';
x += '<span style="font-size:10px">' + "This is not a secure policy as agents will be performing activation." + '</span>';
} else {
x += '<span style="font-size:10px">' + "During activation, the agent will have access to admin password infomation." + '</span>';
}
}
if ((ptype == 2) || (ptype == 3)) {
var keeppass = ((currentMesh.amt != null) && (currentMesh.amt.password == 1))?'<option value=1 selected>' + "Keep existing password" + '</option>':'';
x += addHtmlValue("Password", '<select id=dp20amtpass style=width:230px onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy()><option value=0>' + "Randomize password" + '</option>' + keeppass+ '<option value=2>' + "Select new password" + '</option></select>');
x += '<div id=dp20amtpassdiv style=display:none>';
x += addHtmlValue("New password*", '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
x += addHtmlValue("New password*", '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
x += '</div>';
x += addHtmlValue("Unknown password", '<select id=dp20amtbadpass style=width:230px><option value=0>' + "Do nothing" + '</option><option value=1>' + "If in CCM, reactivate Intel&reg; AMT" + '</option></select>');
if ((features & 0x400) == 0) { x += addHtmlValue('<span title="' + "Client Initiated Remote Access" + '">' + "CIRA setup" + '</span>', '<select id=dp20amtcira style=width:230px><option value=0>' + "Do nothing" + '</option><option value=1>' + "Don't connect to server" + '</option><option value=2>' + "Connect to server" + '</option></select>'); }
x += '<span id=dp10passNotify style="font-size:10px"> ' + "* 8 characters, 1 upper, 1 lower, 1 numeric, 1 non-alpha numeric." + '</span>';
if ((currentMesh.mtype == 2) && (ptype == 2)) { x += '<span style="font-size:10px"> ' + "This policy will not impact devices with Intel&reg; AMT in ACM mode." + '</span>'; }
}
if (ptype == 0) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/rcheckbox60.png width=60 height=60><td>' + "When this policy is selected, Intel&reg; AMT is not managed by this server. Intel AMT can still be used by manually activating and configuring it." + '</table>'; }
if (ptype == 1) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/rcheckbox60.png width=60 height=60><td>' + "When this policy is selected, any Intel&reg; AMT in Client Control Mode (CCM) will be deactivated. Other devices will have CIRA cleared and can still be managed manually." + '</table>'; }
if (ptype == 4) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/checkbox60.png width=60 height=60><td>' + "This is the recommanded policy. Intel&reg; AMT activation and management is completely automated and the server will attempt to make best possible use of hardware management." + '</table>'; }
QH('dp20amtpolicydiv', x);
setTimeout(dp20amtValidatePolicy, 1);
setTimeout(dp20amtValidatePolicy, 500);
}
function dp20amtValidatePolicy() {
var ok = true, ptype = Q('dp20amtpolicy').value;
if ((ptype == 2) || (ptype == 3)) {
if (((ptype == 2) || (ptype == 3)) && (Q('dp20amtpass').value == 2)) {
var pass = Q('dp20amtpolicypass').value, pass2 = Q('dp20amtpolicypass2').value;
ok = ((pass === pass2) && ((pass === '') ? true : passwordcheck(pass)));
ok = ((pass === pass2) && passwordcheck(pass));
}
QE('idx_dlgOkButton', ok);
if ((ptype == 2) || (ptype == 3)) { QV('dp20amtpassdiv', Q('dp20amtpass').value == 2); }
QV('dp10passNotify', ((ptype == 2) || (ptype == 3)) && (Q('dp20amtpass').value == 2));
}
function p20editMeshAmtEx() {
var ptype = parseInt(Q('dp20amtpolicy').value), amtpolicy = { type: ptype };
var password = null;
if ((ptype == 2) || (ptype == 3)) {
if (Q('dp20amtpass').value == 0) { password = ''; } // Randomize
if (Q('dp20amtpass').value == 1) { password = null; } // Keep same
if (Q('dp20amtpass').value == 2) { password = Q('dp20amtpolicypass').value; } // Set new password
}
if (ptype == 2) { // CCM policy
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
amtpolicy = { type: ptype, password: password, badpass: parseInt(Q('dp20amtbadpass').value) };
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
} else if (ptype == 3) { // ACM policy
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
amtpolicy = { type: ptype, password: password, badpass: parseInt(Q('dp20amtbadpass').value) };
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
} else if (ptype == 4) { // Fully automatic policy
amtpolicy = { type: ptype };

View File

@ -2296,7 +2296,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (obj.args.webrtc == true) { features += 0x00000080; } // Enable WebRTC (Default false for now)
if (obj.args.clickonce !== false) { features += 0x00000100; } // Enable ClickOnce (Default true)
if (obj.args.allowhighqualitydesktop !== false) { features += 0x00000200; } // Enable AllowHighQualityDesktop (Default true)
if (obj.args.lanonly == true || obj.args.mpsport == 0) { features += 0x00000400; } // No CIRA
if ((obj.args.lanonly == true) || (obj.args.mpsport == 0)) { features += 0x00000400; } // No CIRA
if ((obj.parent.serverSelfWriteAllowed == true) && (user != null) && (user.siteadmin == 0xFFFFFFFF)) { features += 0x00000800; } // Server can self-write (Allows self-update)
if ((parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (obj.parent.certificates.CommonName.indexOf('.') != -1) && (obj.args.nousers !== true) && (user._id.split('/')[2][0] != '~')) { features += 0x00001000; } // 2FA login supported
if (domain.agentnoproxy === true) { features += 0x00002000; } // Indicates that agents should be installed without using a HTTP proxy
@ -5915,7 +5915,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((r.amt != null) && (r.amt.password != null)) {
r = Object.assign({}, r); // Shallow clone
r.amt = Object.assign({}, r.amt); // Shallow clone
if (r.amt.password != null) { r.amt.password = 1; } // Remove the Intel AMT password from the policy
if ((r.amt.password != null) && (r.amt.password != '')) { r.amt.password = 1; } // Remove the Intel AMT password from the policy
}
return r;
}