Added server-side Intel AMT configuration options.

2025-03-09 15:40:18 +00:00 · 2019-02-07 15:00:10 -08:00 · 2019-02-07 15:00:10 -08:00 · 3910eba2eb
commit 3910eba2eb
parent aa440da880
19 changed files with 250 additions and 61 deletions
--- a/agents/MeshCmd-signed.exe
+++ b/agents/MeshCmd-signed.exe
--- a/agents/MeshCmd64-signed.exe
+++ b/agents/MeshCmd64-signed.exe
--- a/agents/MeshService-signed.exe
+++ b/agents/MeshService-signed.exe
--- a/agents/MeshService.exe
+++ b/agents/MeshService.exe
--- a/agents/MeshService64-signed.exe
+++ b/agents/MeshService64-signed.exe
--- a/agents/MeshService64.exe
+++ b/agents/MeshService64.exe
--- a/agents/meshcore.js
+++ b/agents/meshcore.js
@ -95,6 +95,7 @@ function createMeshCore(agent) {
    var nextTunnelIndex = 1;
    var oswsstack = null;
    var osamtstack = null;
+    var amtPolicy = null;

    // If we are running in Duktape, agent will be null
    if (agent == null) {
@ -174,7 +175,10 @@ function createMeshCore(agent) {
        wifiScanner.on('accessPoint', function (data) { sendConsoleText(data); });
    } catch (ex) { wifiScannerLib = null; wifiScanner = null; }

-        // Try to load up the MEI module
+    // Try to load Intel AMT policy
+    try { amtPolicy = JSON.parse(db.Get('amtPolicy')); } catch (ex) { amtPolicy = null; }
+
+    // Try to load up the MEI module
    function resetMei() {
        try {
            var amtMeiLib = require('amt-mei');
@ -502,6 +506,12 @@ function createMeshCore(agent) {
                    if (data.url) { mesh.SendCommand({ "action": "openUrl", "url": data.url, "sessionid": data.sessionid, "success": (openUserDesktopUrl(data.url) != null) }); }
                    break;
                }
+                case 'amtPolicy': {
+                    // Store the latest Intel AMT policy
+                    amtPolicy = data.amtPolicy;
+                    if (data.amtPolicy != null) { db.Put('amtPolicy', JSON.stringify(data.amtPolicy)); } else { db.Put('amtPolicy', null); }
+                    break;
+                }
                default:
                    // Unknown action, ignore it.
                    break;
@ -1093,7 +1103,7 @@ function createMeshCore(agent) {
            var response = null;
            switch (cmd) {
                case 'help': { // Displays available commands
-                    response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtdeactivate.';
+                    response = 'Available commands: help, info, osinfo,args, print, type, dbget, dbset, dbcompact, eval, parseuri, httpget,\r\nwslist, wsconnect, wssend, wsclose, notify, ls, ps, kill, amt, netinfo, location, power, wakeonlan, scanwifi,\r\nscanamt, setdebug, smbios, rawsmbios, toast, lock, users, sendcaps, openurl, amtreset, amtccm, amtdeactivate, amtpolicy.';
                    break;
                }
                    /*
@ -1132,6 +1142,14 @@ function createMeshCore(agent) {
                    if (amtMei == null) { response = 'Intel AMT not supported.'; } else { deactivateCCM(); }
                    break;
                }
+                case 'amtpolicy': {
+                    if (amtPolicy == null) {
+                        response = 'No Intel(R) AMT policy.';
+                    } else {
+                        response = JSON.stringify(amtPolicy);
+                    }
+                    break;
+                }
                case 'openurl': {
                    if (args['_'].length != 1) { response = 'Proper usage: openurl (url)'; } // Display usage
                    else { if (openUserDesktopUrl(args['_'][0]) == null) { response = 'Failed.'; } else { response = 'Success.'; } }
@ -2004,13 +2022,16 @@ function createMeshCore(agent) {
    //

    function activeToCCM(adminpass) {
+        sendConsoleText('Trying to get local account info...');
        amtMei.getLocalSystemAccount(function (x) {
            if (x.user && x.pass) {
+                sendConsoleText('Intel AMT local account info: User=' + x.user + ', Pass=' + x.pass + '.');
                var transport = require('amt-wsman-duk');
                var wsman = require('amt-wsman');
                var amt = require('amt');
                oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
                osamtstack = new amt(oswsstack);
+                sendConsoleText('Trying to get Intel AMT activation information...');
                osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToCCMEx2, adminpass);
            } else {
                sendConsoleText('Unable to get $$OsAdmin password.');
@ -2019,7 +2040,7 @@ function createMeshCore(agent) {
    }

    function activeToCCMEx2(stack, name, responses, status, adminpass) {
-        if (status != 200) { sendConsoleText('Failed to fetch activation status, status ' + status); }
+        if (status != 200) { sendConsoleText('Failed to fetch activation information, status ' + status); }
        else if (responses['IPS_HostBasedSetupService'].response['AllowedControlModes'].length != 2) { sendConsoleText('Client control mode activation not allowed'); }
        else { stack.IPS_HostBasedSetupService_Setup(2, md5hex('admin:' + responses['AMT_GeneralSettings'].response['DigestRealm'] + ':' + adminpass).substring(0, 32), null, null, null, null, activeToCCMEx3); }
    }
--- a/agents/meshcore.min.js
+++ b/agents/meshcore.min.js