Fixed bug in Intel AMT password testing system.

This commit is contained in:
Ylian Saint-Hilaire 2020-10-23 14:56:20 -07:00
parent 798a349c12
commit b13876905a
2 changed files with 10 additions and 9 deletions

View File

@ -313,7 +313,8 @@ module.exports.CreateAmtManager = function (parent) {
if ((typeof mesh.amt.password == 'string') && (mesh.amt.password != '')) { password = mesh.amt.password; } if ((typeof mesh.amt.password == 'string') && (mesh.amt.password != '')) { password = mesh.amt.password; }
} }
} }
if (amtPolicy < 2) { ciraPolicy = 0; } if (amtPolicy == 0) { ciraPolicy = 0; } // If no policy, don't change CIRA state.
if (amtPolicy == 1) { ciraPolicy = 1; } // If deactivation policy, clear CIRA.
dev.policy = { amtPolicy: amtPolicy, ciraPolicy: ciraPolicy, badPass: badPass, password: password }; dev.policy = { amtPolicy: amtPolicy, ciraPolicy: ciraPolicy, badPass: badPass, password: password };
// Setup the monitored device // Setup the monitored device
@ -371,8 +372,8 @@ module.exports.CreateAmtManager = function (parent) {
// Deactivate CCM. // Deactivate CCM.
deactivateIntelAmtCCM(dev); deactivateIntelAmtCCM(dev);
} else { } else {
// Already deactivated or in ACM, do nothing. // Already deactivated or in ACM
dev.consoleMsg("Done."); dev.consoleMsg("Done."); // TODO: We need to at least clear CIRA
removeAmtDevice(dev); removeAmtDevice(dev);
} }
return; return;
@ -570,7 +571,7 @@ module.exports.CreateAmtManager = function (parent) {
} else if (status == 401) { } else if (status == 401) {
// Authentication error, see if we can use alternative credentials // Authentication error, see if we can use alternative credentials
if ((dev.acctry == null) && (typeof dev.policy.password == 'string') && (dev.policy.password != '')) { dev.acctry = 'policy'; attemptInitialContact(dev); return; } if ((dev.acctry == null) && (typeof dev.policy.password == 'string') && (dev.policy.password != '')) { dev.acctry = 'policy'; attemptInitialContact(dev); return; }
if ((dev.acctry == null) || (dev.acctry == 'policy') && (obj.amtAdminAccounts[dev.domainid] != null) && (obj.amtAdminAccounts[dev.domainid].length > 0)) { dev.acctry = 0; attemptInitialContact(dev); return; } if (((dev.acctry == null) || (dev.acctry == 'policy')) && (obj.amtAdminAccounts[dev.domainid] != null) && (obj.amtAdminAccounts[dev.domainid].length > 0)) { dev.acctry = 0; attemptInitialContact(dev); return; }
if ((dev.acctry != null) && (obj.amtAdminAccounts[dev.domainid] != null) && (obj.amtAdminAccounts[dev.domainid].length > (dev.acctry + 1))) { dev.acctry++; attemptInitialContact(dev); return; } if ((dev.acctry != null) && (obj.amtAdminAccounts[dev.domainid] != null) && (obj.amtAdminAccounts[dev.domainid].length > (dev.acctry + 1))) { dev.acctry++; attemptInitialContact(dev); return; }
// If this devics is in CCM mode and we have a bad password reset policy, do it now. // If this devics is in CCM mode and we have a bad password reset policy, do it now.
@ -1209,8 +1210,8 @@ module.exports.CreateAmtManager = function (parent) {
const dev = stack.dev; const dev = stack.dev;
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request. if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
if (status != 200) { dev.consoleMsg("Failed to create new MPS server (" + status + ")."); removeAmtDevice(dev); return; } if (status != 200) { dev.consoleMsg("Failed to create new MPS server (" + status + ")."); removeAmtDevice(dev); return; }
if ((response.Body.MpServer == null) || (response.Body.MpServer.ReferenceParameters == null) || (response.Body.MpServer.ReferenceParameters.SelectorSet == null) || (response.Body.MpServer.ReferenceParameters.SelectorSet.Selector == null)) { dev.consoleMsg("Create new MPS server invalid response."); removeAmtDevice(dev); return; }
dev.cira.mpsPresent = getItem(response.Body.MpServer.ReferenceParameters.SelectorSet.Selector, '@Name', 'Name').Value; dev.cira.mpsPresent = getItem(response.Body.MpServer.ReferenceParameters.SelectorSet.Selector, '@Name', 'Name').Value;
console.log(dev.cira.mpsPresent);
dev.consoleMsg("Created new MPS server."); dev.consoleMsg("Created new MPS server.");
addMpsPolicy(dev); addMpsPolicy(dev);
}); });
@ -1832,7 +1833,7 @@ module.exports.CreateAmtManager = function (parent) {
delete dev.amtstack; delete dev.amtstack;
UpdateDevice(dev); UpdateDevice(dev);
if (dev.policy.amtPolicy == 1) { // CCM deactivation policy, we are done. if (dev.policy.amtPolicy == 1) { // Deactivation policy, we are done.
dev.consoleMsg("Deactivation successful."); dev.consoleMsg("Deactivation successful.");
dev.consoleMsg("Done."); dev.consoleMsg("Done.");
removeAmtDevice(dev); removeAmtDevice(dev);

View File

@ -9421,7 +9421,7 @@
// Intel AMT setup // Intel AMT setup
var intelAmtPolicy = "No Policy"; var intelAmtPolicy = "No Policy";
if (currentMesh.amt) { if (currentMesh.amt) {
if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate Client Control Mode (CCM)'; } if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate'; }
else if (currentMesh.amt.type == 2) { else if (currentMesh.amt.type == 2) {
intelAmtPolicy = "Simple Client Control Mode (CCM)"; intelAmtPolicy = "Simple Client Control Mode (CCM)";
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += " + CIRA"; } if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += " + CIRA"; }
@ -9519,7 +9519,7 @@
if (xxdialogMode) return; if (xxdialogMode) return;
var x = '', acmoption = ''; var x = '', acmoption = '';
if ((features & 0x100000) != 0) { acmoption = '<option value=3>' + "Simple Admin Control Mode (ACM)" + '</option>'; } if ((features & 0x100000) != 0) { acmoption = '<option value=3>' + "Simple Admin Control Mode (ACM)" + '</option>'; }
x += addHtmlValue("Type", '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>' + "No Policy" + '</option><option value=1>' + "Deactivate Client Control Mode (CCM)" + '</option><option value=2>' + "Simple Client Control Mode (CCM)" + '</option>' + acmoption + '<option value=4>' + "Fully Automatic" + '</option></select>'); x += addHtmlValue("Type", '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>' + "No Policy" + '</option><option value=1>' + "Deactivate" + '</option><option value=2>' + "Simple Client Control Mode (CCM)" + '</option>' + acmoption + '<option value=4>' + "Fully Automatic" + '</option></select>');
x += '<div id=dp20amtpolicydiv></div>'; x += '<div id=dp20amtpolicydiv></div>';
setDialogMode(2, "Intel&reg; AMT Policy", 3, p20editMeshAmtEx, x); setDialogMode(2, "Intel&reg; AMT Policy", 3, p20editMeshAmtEx, x);
if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; } if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; }
@ -9553,7 +9553,7 @@
} }
} }
if (ptype == 0) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/rcheckbox60.png width=60 height=60><td>' + "When this policy is selected, Intel&reg; AMT is not managed by this server. Intel AMT can still be used by manually activating and configuring it." + '</table>'; } if (ptype == 0) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/rcheckbox60.png width=60 height=60><td>' + "When this policy is selected, Intel&reg; AMT is not managed by this server. Intel AMT can still be used by manually activating and configuring it." + '</table>'; }
if (ptype == 1) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/rcheckbox60.png width=60 height=60><td>' + "When this policy is selected, any Intel&reg; AMT in Client Control Mode (CCM) will be deactivated. Devices in Admin Control Mode (ACM) can still be managed manually." + '</table>'; } if (ptype == 1) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/rcheckbox60.png width=60 height=60><td>' + "When this policy is selected, any Intel&reg; AMT in Client Control Mode (CCM) will be deactivated. Other devices will have CIRA cleared and can still be managed manually." + '</table>'; }
if (ptype == 4) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/checkbox60.png width=60 height=60><td>' + "This is the recommanded policy. Intel&reg; AMT activation and management is completely automated and the server will attempt to make best possible use of hardware management." + '</table>'; } if (ptype == 4) { x = '<table style=padding-top:4px><tr><td><img style=padding-right:8px src=images/checkbox60.png width=60 height=60><td>' + "This is the recommanded policy. Intel&reg; AMT activation and management is completely automated and the server will attempt to make best possible use of hardware management." + '</table>'; }
QH('dp20amtpolicydiv', x); QH('dp20amtpolicydiv', x);
setTimeout(dp20amtValidatePolicy, 1); setTimeout(dp20amtValidatePolicy, 1);