external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Make MeshAgent and MeshCore update.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2019-06-14 16:33:53 -07:00
parent 5a4223e5a6
commit 8f568380d5
61 changed files with 2446 additions and 3093 deletions
Download patch file Download diff file Expand all files Collapse all files

101
agents/modules_meshcore/amt-manage.js
View file

@ -34,6 +34,7 @@ function AmtManager(agent, db, isdebug) {
var osamtstack = null;
var amtpolicy = null;
var obj = this;
var mestate;
obj.state = 0;
obj.lmsstate = 0;
obj.onStateChange = null;
@ -92,7 +93,7 @@ function AmtManager(agent, db, isdebug) {
amtMei.getLanInterfaceSettings(0, function (result) { if (result) { amtMeiTmpState.net0 = result; } });
amtMei.getLanInterfaceSettings(1, function (result) { if (result) { amtMeiTmpState.net1 = result; } });
amtMei.getUuid(function (result) { if ((result != null) && (result.uuid != null)) { amtMeiTmpState.UUID = result.uuid; } });
amtMei.getDnsSuffix(function (result) { if (result != null) { amtMeiTmpState.dns = result; } if (func != null) { func(amtMeiTmpState); } });
amtMei.getDnsSuffix(function (result) { if (result != null) { amtMeiTmpState.DNS = result; } if (func != null) { func(amtMeiTmpState); } });
} catch (e) { if (func != null) { func(null); } return; }
}
@ -167,7 +168,7 @@ function AmtManager(agent, db, isdebug) {
var amtver = null;
try { for (var i in amtGetVersionResult.Versions) { if (amtGetVersionResult.Versions[i].Description == 'AMT') amtver = parseInt(amtGetVersionResult.Versions[i].Version.split('.')[0]); } } catch (e) { }
if ((amtver != null) && (amtver >= 12)) {
debug('KVM data channel setup');
//debug('KVM data channel setup');
kvmGetData('skip'); // Clear any previous data, this is a dummy read to about handling old data.
obj.kvmTempTimer = setInterval(function () { kvmGetData(); }, 2000); // Start polling for KVM data.
kvmSetData(JSON.stringify({ action: 'restart', ver: 1 })); // Send a restart command to advise the console if present that MicroLMS just started.
@ -431,6 +432,60 @@ function AmtManager(agent, db, isdebug) {
});
}
//
// Activate Intel AMT to ACM
//
obj.activeToACM = function (mestate) {
//debug('ProvisioningState: ' + JSON.stringify(mestate.ProvisioningState));
if (mestate.ProvisioningState != 0) return; // Can't activate unless in "PRE" activation mode.
var trustedFqdn = null;
//debug('Wired Interface: ' + JSON.stringify(mestate.net0));
if ((mestate.net0 == null) && (mestate.net0.enabled != 0)) return; // Can't activate unless wired interface is active
if (mestate.DNS) { trustedFqdn = mestate.DNS; } // If Intel AMT has a trusted DNS suffix set, use that one.
else {
// Look for the DNS suffix for the Intel AMT Ethernet interface
var interfaces = require('os').networkInterfaces();
for (var i in interfaces) {
for (var j in interfaces[i]) {
if ((interfaces[i][j].mac == mestate.net0.mac) && (interfaces[i][j].fqdn != null) && (interfaces[i][j].fqdn != '')) { trustedFqdn = interfaces[i][j].fqdn; }
}
}
}
if (trustedFqdn == null) return; // No trusted DNS suffix.
//debug('TrustedFqdn: ' + trustedFqdn);
// Fetch Intel AMT realm and activation nonce and get ready to ACM activation...
if (osamtstack != null) {
//debug('Trying to get Intel AMT activation information...');
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToACM2, trustedFqdn);
} else {
//debug('ACM Activation: Trying to get local account info...');
amtMei.getLocalSystemAccount(function (x) {
if ((x != null) && x.user && x.pass) {
//debug('Intel AMT local account info: User=' + x.user + ', Pass=' + x.pass + '.');
var transport = require('amt-wsman-duk');
var wsman = require('amt-wsman');
var amt = require('amt');
oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
osamtstack = new amt(oswsstack);
//debug('Trying to get Intel AMT activation information...');
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToACM2, trustedFqdn);
} else {
//debug('Unable to get $$OsAdmin password.');
}
});
}
}
function activeToACM2(stack, name, responses, status, trustedFqdn) {
debug('activeToACM2: ' + trustedFqdn);
if (status != 200) return;
var fwNonce = responses['IPS_HostBasedSetupService'].response['ConfigurationNonce'];
var digestRealm = responses['AMT_GeneralSettings'].response['DigestRealm'];
agent.SendCommand({ "action": "acmactivate", "nonce": fwNonce, "realm": digestRealm, "fqdn": trustedFqdn });
}
//
// Activate Intel AMT to CCM
//
@ -444,21 +499,25 @@ function AmtManager(agent, db, isdebug) {
obj.activeToCCM = function (adminpass) {
if ((adminpass == null) || (adminpass == '')) { adminpass = 'P@0s' + makePass(23); }
intelAmtAdminPass = adminpass;
//debug('Trying to get local account info...');
amtMei.getLocalSystemAccount(function (x) {
if ((x != null) && x.user && x.pass) {
//debug('Intel AMT local account info: User=' + x.user + ', Pass=' + x.pass + '.');
var transport = require('amt-wsman-duk');
var wsman = require('amt-wsman');
var amt = require('amt');
oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
osamtstack = new amt(oswsstack);
//debug('Trying to get Intel AMT activation information...');
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToCCMEx2, adminpass);
} else {
debug('Unable to get $$OsAdmin password.');
}
});
if (osamtstack != null) {
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToCCMEx2, adminpass);
} else {
//debug('Trying to get local account info...');
amtMei.getLocalSystemAccount(function (x) {
if ((x != null) && x.user && x.pass) {
//debug('Intel AMT local account info: User=' + x.user + ', Pass=' + x.pass + '.');
var transport = require('amt-wsman-duk');
var wsman = require('amt-wsman');
var amt = require('amt');
oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
osamtstack = new amt(oswsstack);
//debug('Trying to get Intel AMT activation information...');
osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToCCMEx2, adminpass);
} else {
//debug('Unable to get $$OsAdmin password.');
}
});
}
}
var activeToCCMEx2 = function(stack, name, responses, status, adminpass) {
@ -518,13 +577,7 @@ function AmtManager(agent, db, isdebug) {
try { amtstack.BatchEnum(null, wsmanQuery, wsmanPassTestResponse); } catch (ex) { debug(ex); }
} else if ((amtpolicy.type == 3) && (meinfo.ProvisioningState == 0)) {
// ACM Activation Policy
// TODO: Check that we have wired ethernet enabled and that the DNS domain suffix matches a server certificate...
// TODO: Check that a trusted hash matches the server cert root hash...
// TODO: Fetch Intel AMT Realm and Nonce and get ready to ACM activation...
//console.log(meinfo);
obj.activeToACM(meinfo);
} else {
// Other possible cases...
}

125
agents/modules_meshcore/toaster.js
View file

@ -1,125 +0,0 @@
/*
Copyright 2018-2019 Intel Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var toasters = {};
function Toaster()
{
this._ObjectID = 'toaster';
this.Toast = function Toast(title, caption)
{
var retVal = {};
var emitter = require('events').inherits(retVal);
emitter.createEvent('Dismissed');
retVal.title = title;
retVal.caption = caption;
if (process.platform == 'win32')
{
emitter.createEvent('Clicked');
var session = require('user-sessions').Current();
for (var i in session) {
console.log(session[i]);
}
try {
console.log('Attempting Toast Mechanism 1');
retVal._child = require('ScriptContainer').Create({ processIsolation: true, sessionId: session.Active[0].SessionId });
}
catch (e) {
console.log(e);
console.log('Attempting Toast Mechanism 2');
retVal._child = require('ScriptContainer').Create({ processIsolation: true });
}
retVal._child.parent = retVal;
retVal._child.on('exit', function (code) { this.parent.emit('Dismissed'); delete this.parent._child; });
retVal._child.addModule('win-console', getJSModule('win-console'));
retVal._child.addModule('win-message-pump', getJSModule('win-message-pump'));
var str = "\
try{\
var toast = require('win-console');\
var balloon = toast.SetTrayIcon({ szInfo: '" + caption + "', szInfoTitle: '" + title + "', balloonOnly: true });\
balloon.on('ToastDismissed', function(){process.exit();});\
}\
catch(e)\
{\
require('ScriptContainer').send(e);\
}\
require('ScriptContainer').send('done');\
";
retVal._child.ExecuteString(str);
toasters[retVal._hashCode()] = retVal;
retVal.on('Dismissed', function () { delete toasters[this._hashCode()]; });
console.log('Returning');
return (retVal);
}
else
{
if(!require('fs').existsSync('/usr/bin/notify-send'))
{
throw ('Toast not supported on this platform');
}
Object.defineProperty(retVal, '_sessions', {
value: require('user-sessions').Current(function onCurrentSession(sessions)
{
this._cchild = require('child_process').execFile('/usr/bin/whoami', ['whoami'], { type: require('child_process').SpawnTypes.TERM });
this._cchild.stdout.on('data', function (chunk)
{
if (chunk.toString().split('\r\n')[0] == 'root')
{
if (sessions[':0'].State != 'Connected' && sessions[':0'].State != 'Active')
{
// No logged in user owns the display
this.parent.parent.Parent.emit('Dismissed');
return;
}
// We root, so we need to direct to DISPLAY=:0
this.parent.parent._notify = require('child_process').execFile('/bin/sh', ['sh'], { type: require('child_process').SpawnTypes.TERM });
this.parent.parent._notify.stdin.write('su - ' + sessions[':0'].Username + ' -c "DISPLAY=:0 notify-send \'' + this.parent.parent.Parent.title + '\' \'' + this.parent.parent.Parent.caption + '\'"\n');
this.parent.parent._notify.stdin.write('exit\n');
this.parent.parent._notify.stdout.on('data', function (chunk) { });
}
else
{
// We ain't root, so that means we can just call send-notify directly
this.parent.parent._notify = require('child_process').execFile('/usr/bin/notify-send', ['notify-send', this.parent.parent.Parent.title, this.parent.parent.Parent.caption], { type: require('child_process').SpawnTypes.TERM });
this.parent.parent._notify.stdout.on('data', function (chunk) { });
}
// NOTIFY-SEND has a bug where timeouts don't work, so the default is 10 seconds
this.parent.parent.Parent._timeout = setTimeout(function onFakeDismissed(obj)
{
obj.emit('Dismissed');
}, 10000, this.parent.parent.Parent);
});
this._cchild.parent = this;
})
});
retVal._sessions.Parent = retVal;
toasters[retVal._hashCode()] = retVal;
retVal.on('Dismissed', function () { delete toasters[this._hashCode()]; });
return (retVal);
}
};
}
module.exports = new Toaster();