More work on Intel AMT ACM activation.

2025-03-09 15:40:18 +00:00 · 2019-06-13 16:39:21 -07:00 · 2019-06-13 16:39:21 -07:00 · 5a4223e5a6
commit 5a4223e5a6
parent 0b92b1fc32
7 changed files with 52 additions and 10 deletions
--- a/agents/meshcore.js
+++ b/agents/meshcore.js
@ -1832,11 +1832,25 @@ function createMeshCore(agent) {
                try {
                    if (meinfo == null) return;
                    var intelamt = {}, p = false;
-                    if (meinfo.Versions && meinfo.Versions.AMT) { intelamt.ver = meinfo.Versions.AMT; p = true; }
-                    if (meinfo.ProvisioningState) { intelamt.state = meinfo.ProvisioningState; p = true; }
-                    if (meinfo.Flags) { intelamt.flags = meinfo.Flags; p = true; }
-                    if (meinfo.OsHostname) { intelamt.host = meinfo.OsHostname; p = true; }
-                    if (meinfo.UUID) { intelamt.uuid = meinfo.UUID; p = true; }
+                    if ((meinfo.Versions != null) && (meinfo.Versions.AMT != null)) { intelamt.ver = meinfo.Versions.AMT; p = true; }
+                    if (meinfo.ProvisioningState != null) { intelamt.state = meinfo.ProvisioningState; p = true; }
+                    if (meinfo.Flags != null) { intelamt.flags = meinfo.Flags; p = true; }
+                    if (meinfo.OsHostname != null) { intelamt.host = meinfo.OsHostname; p = true; }
+                    if (meinfo.UUID != null) { intelamt.uuid = meinfo.UUID; p = true; }
+                    if ((meinfo.ProvisioningState == 0) && (meinfo.net0 != null) && (meinfo.net0.enabled == 1)) { // If not activated, look to see if we have wired net working.
+                        // Not activated and we have wired ethernet, look for the trusted DNS
+                        var dns = meinfo.dns;
+                        if (dns == null) {
+                            // Trusted DNS not set, let's look for the OS network DNS suffix
+                            var interfaces = require('os').networkInterfaces();
+                            for (var i in interfaces) {
+                                for (var j in interfaces[i]) {
+                                    if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { dns = interfaces[i][j].fqdn; }
+                                }
+                            }
+                        }
+                        if (intelamt.dns != dns) { intelamt.dns = dns; p = true; }
+                    } else { if (intelamt.dns != null) { delete intelamt.dns; p = true; } }
                    if (p == true) {
                        var meInfoStr = JSON.stringify(intelamt);
                        if (meInfoStr != lastMeInfo) {
--- a/agents/modules_meshcore/amt-manage.js
+++ b/agents/modules_meshcore/amt-manage.js
@ -516,6 +516,15 @@ function AmtManager(agent, db, isdebug) {
                var wsmanQuery = ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService', '*AMT_RedirectionService', '*CIM_KVMRedirectionSAP', 'AMT_PublicKeyCertificate', '*AMT_EnvironmentDetectionSettingData'];
                if (amtpolicy.cirasetup == 2) { wsmanQuery.push("AMT_ManagementPresenceRemoteSAP", "AMT_RemoteAccessCredentialContext", "AMT_RemoteAccessPolicyAppliesToMPS", "AMT_RemoteAccessPolicyRule", "*AMT_UserInitiatedConnectionService", "AMT_MPSUsernamePassword"); }
                try { amtstack.BatchEnum(null, wsmanQuery, wsmanPassTestResponse); } catch (ex) { debug(ex); }
+            } else if ((amtpolicy.type == 3) && (meinfo.ProvisioningState == 0)) {
+                // ACM Activation Policy
+                // TODO: Check that we have wired ethernet enabled and that the DNS domain suffix matches a server certificate...
+
+                // TODO: Check that a trusted hash matches the server cert root hash...
+
+                // TODO: Fetch Intel AMT Realm and Nonce and get ready to ACM activation...
+
+                //console.log(meinfo);
            } else {
                // Other possible cases...
            }