external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

More Intel AMT ACM/CCM work.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2019-06-24 18:56:14 -07:00
parent 82300f0cbe
commit 9c7ae58421
13 changed files with 568 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

144
views/default-min.handlebars
View file

@ -7903,15 +7903,19 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
}
if (message.event.node.intelamt != null) {
if (node.intelamt == null) node.intelamt = {};
if (message.event.node.intelamt.state != null) { node.intelamt.state = message.event.node.intelamt.state; }
if (message.event.node.intelamt.host != null) { node.intelamt.user = message.event.node.intelamt.host; }
if (message.event.node.intelamt.user != null) { node.intelamt.user = message.event.node.intelamt.user; }
if (message.event.node.intelamt.tls != null) { node.intelamt.tls = message.event.node.intelamt.tls; }
if (message.event.node.intelamt.ver != null) { node.intelamt.ver = message.event.node.intelamt.ver; }
if (message.event.node.intelamt.state != null) { node.intelamt.state = message.event.node.intelamt.state; }
if (message.event.node.intelamt.tag != null) { node.intelamt.tag = message.event.node.intelamt.tag; }
if (message.event.node.intelamt.uuid != null) { node.intelamt.uuid = message.event.node.intelamt.uuid; }
if (message.event.node.intelamt.realm != null) { node.intelamt.realm = message.event.node.intelamt.realm; }
}
node.namel = node.name.toLowerCase();
if (node.rname) { node.rnamel = node.rname.toLowerCase(); } else { node.rnamel = node.namel; }
if (message.event.node.icon) { node.icon = message.event.node.icon; }
console.log(node);
// Web page update
masterUpdate(2 | 4 | 8 | 16);
@ -8632,6 +8636,11 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
r += ' <a style=cursor:pointer;font-size:10px title="Add a new Intel&reg; AMT computer that is located on the local network." onclick=addDeviceToMesh(\"' + mesh._id + '\")>Add Local</a>';
r += ' <a style=cursor:pointer;font-size:10px title="Add a new Intel&reg; AMT computer by scanning the local network." onclick=addAmtScanToMesh(\"' + mesh._id + '\")>Scan Network</a>';
}
if (mesh.amt && (mesh.amt.type == 2)) { // CCM activation
r += ' <a style=cursor:pointer;font-size:10px title="Perform Intel AMT client control mode (CCM) activation." onclick=showCcmActivation(\"' + mesh._id + '\")>Activation</a>';
} else if (mesh.amt && (mesh.amt.type == 3) && ((features & 0x00100000) != 0)) { // ACM activation
r += ' <a style=cursor:pointer;font-size:10px title="Perform Intel AMT admin control mode (ACM) activation." onclick=showAcmActivation(\"' + mesh._id + '\")>Activation</a>';
}
}
if (mesh.mtype == 2) {
r += ' <a style=cursor:pointer;font-size:10px title="Add a new computer to this mesh by installing the mesh agent." onclick=addAgentToMesh(\"' + mesh._id + '\")>Add Agent</a>';
@ -8654,6 +8663,45 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
Q('dp1devicename').focus();
}
// Intel AMT CCM Activation
function showCcmActivation(meshid) {
if (xxdialogMode) return;
var servername = serverinfo.name, mesh = meshes[meshid];
if ((servername.indexOf('.') == -1) || ((features & 2) != 0)) { servername = window.location.hostname; } // If the server name is not set or it's in LAN-only mode, use the URL hostname as server name.
var url, domainUrlNoSlash = domainUrl.substring(0, domainUrl.length - 1);
if (serverinfo.https == true) {
var portStr = (serverinfo.port == 443) ? '' : (":" + serverinfo.port);
url = "wss://" + servername + portStr + domainUrl;
} else {
var portStr = (serverinfo.port == 80) ? '' : (":" + serverinfo.port);
url = "ws://" + servername + portStr + domainUrl;
}
var x = "Perform Intel AMT client control mode (CCM) activation to group \"" + EscapeHtml(mesh.name) + "\" by downloading the MeshCMD tool and running it like this:<br /><br />";
x += '<textarea readonly=readonly style=width:100%;resize:none;height:100px;overflow:auto;font-size:12px readonly>meshcmd amtccm --url ' + url + 'amtactivate?id=' + meshid.split('/')[2] + ' --serverhttpshash ' + serverinfo.tlshash + '</textarea>';
setDialogMode(2, "Intel&reg; AMT activation", 9, null, x);
}
// Intel AMT ACM Activation
function showAcmActivation(meshid) {
if (xxdialogMode) return;
var servername = serverinfo.name, mesh = meshes[meshid];
if ((servername.indexOf('.') == -1) || ((features & 2) != 0)) { servername = window.location.hostname; } // If the server name is not set or it's in LAN-only mode, use the URL hostname as server name.
var url, domainUrlNoSlash = domainUrl.substring(0, domainUrl.length - 1);
if (serverinfo.https == true) {
var portStr = (serverinfo.port == 443) ? '' : (":" + serverinfo.port);
url = "wss://" + servername + portStr + domainUrl;
} else {
var portStr = (serverinfo.port == 80) ? '' : (":" + serverinfo.port);
url = "ws://" + servername + portStr + domainUrl;
}
var x = "Perform Intel AMT admin control mode (ACM) activation to group \"" + EscapeHtml(mesh.name) + "\" by downloading the MeshCMD tool and running it like this:<br /><br />";
x += '<textarea readonly=readonly style=width:100%;resize:none;height:100px;overflow:auto;font-size:12px readonly>meshcmd amtacm --url ' + url + 'amtactivate?id=' + meshid.split('/')[2] + ' --serverhttpshash ' + serverinfo.tlshash + '</textarea>';
if (serverinfo.amtAcmFqdn != null) {
x += '<div style=margin-top:8px>Intel AMT will need to be set with a Trusted FQDN in MEBx or have a wired LAN on the network: <b>' + serverinfo.amtAcmFqdn.join(', ') + '</b></div>';
}
setDialogMode(2, "Intel&reg; AMT activation", 9, null, x);
}
// Display the Intel AMT scanning dialog box
function addAmtScanToMesh(meshid) {
if (xxdialogMode) return;
@ -9887,11 +9935,20 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
x += addDeviceAttribute('Intel&reg; AMT', str);
}
// Attribute: Mesh Agent Tag
if ((node.agent != null) && (node.agent.tag != null) && (node.agent.tag != 'mailto:')) {
var tag = EscapeHtml(node.agent.tag);
if (tag.startsWith('mailto:')) { tag = '<a href="' + tag + '">' + tag.substring(7) + '</a>'; }
x += addDeviceAttribute('Agent Tag', tag);
if (mesh.mtype == 2) {
// Attribute: Mesh Agent Tag
if ((node.agent != null) && (node.agent.tag != null)) {
var tag = EscapeHtml(node.agent.tag);
if (tag.startsWith('mailto:')) { tag = '<a href="' + tag + '">' + tag.substring(7) + '</a>'; }
x += addDeviceAttribute('Agent Tag', tag);
}
} else {
// Attribute: Intel AMT Tag
if ((node.intelamt != null) && (node.intelamt.tag != null)) {
var tag = EscapeHtml(node.intelamt.tag);
if (tag.startsWith('mailto:')) { tag = '<a href="' + tag + '">' + tag.substring(7) + '</a>'; }
x += addDeviceAttribute('Intel&reg; AMT Tag', tag);
}
}
// Attribute: Intel AMT
@ -12244,14 +12301,16 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
//x += addHtmlValue('Identifier', currentMesh._id.split('/')[2]);
// Display features
var meshFeatures = [];
if (currentMesh.flags) {
if (currentMesh.flags & 1) { meshFeatures.push('Auto-Remove'); }
if (currentMesh.flags & 2) { meshFeatures.push('Hostname Sync'); }
if (currentMesh.mtype == 2) {
var meshFeatures = [];
if (currentMesh.flags) {
if (currentMesh.flags & 1) { meshFeatures.push('Auto-Remove'); }
if (currentMesh.flags & 2) { meshFeatures.push('Hostname Sync'); }
}
meshFeatures = meshFeatures.join(', ');
if (meshFeatures == '') { meshFeatures = '<i>None</i>'; }
x += addHtmlValue('Features', addLinkConditional(meshFeatures, 'p20editmeshfeatures()', meshrights & 1));
}
meshFeatures = meshFeatures.join(', ');
if (meshFeatures == '') { meshFeatures = '<i>None</i>'; }
x += addHtmlValue('Features', addLinkConditional(meshFeatures, 'p20editmeshfeatures()', meshrights & 1));
// Display user consent
if (currentMesh.mtype == 2) {
@ -12271,20 +12330,18 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
}
// Intel AMT setup
if (currentMesh.mtype == 2) {
var intelAmtPolicy = 'No Policy';
if (currentMesh.amt) {
if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate Client Control Mode (CCM)'; }
else if (currentMesh.amt.type == 2) {
intelAmtPolicy = 'Simple Client Control Mode (CCM)';
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
} else if (currentMesh.amt.type == 3) {
intelAmtPolicy = 'Simple Admin Control Mode (ACM)';
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
}
var intelAmtPolicy = 'No Policy';
if (currentMesh.amt) {
if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate Client Control Mode (CCM)'; }
else if (currentMesh.amt.type == 2) {
intelAmtPolicy = 'Simple Client Control Mode (CCM)';
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
} else if (currentMesh.amt.type == 3) {
intelAmtPolicy = 'Simple Admin Control Mode (ACM)';
if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += ' + CIRA'; }
}
x += addHtmlValue('Intel&reg; AMT', addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', meshrights & 1));
}
x += addHtmlValue('Intel&reg; AMT', addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', meshrights & 1));
// Display group note support
if (meshrights & 1) { x += '<br><input type=button value=Notes title="View notes about this device group" onclick=showNotes(false,"' + encodeURIComponent(currentMesh._id) + '") />'; }
@ -12297,6 +12354,11 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
if (currentMesh.mtype == 1) {
x += '<a onclick=addCiraDeviceToMesh(\"' + currentMesh._id + '\") style=cursor:pointer;margin-right:10px title="Add a new Intel&reg; AMT computer that is located on the internet."><img src=images/icon-installmesh.png border=0 height=12 width=12> Install CIRA</a>';
x += '<a onclick=addDeviceToMesh(\"' + currentMesh._id + '\") style=cursor:pointer;margin-right:10px title="Add a new Intel&reg; AMT computer that is located on the local network."><img src=images/icon-installmesh.png border=0 height=12 width=12> Install local</a>';
if (currentMesh.amt && (currentMesh.amt.type == 2)) { // CCM activation
x += '<a onclick=showCcmActivation(\"' + currentMesh._id + '\") style=cursor:pointer;margin-right:10px title="Perform Intel AMT client control mode (CCM) activation."><img src=images/icon-installmesh.png border=0 height=12 width=12> Activation</a>';
} else if (currentMesh.amt && (currentMesh.amt.type == 3) && ((features & 0x00100000) != 0)) { // ACM activation
x += '<a onclick=showAcmActivation(\"' + currentMesh._id + '\") style=cursor:pointer;margin-right:10px title="Perform Intel AMT admin control mode (ACM) activation."><img src=images/icon-installmesh.png border=0 height=12 width=12> Activation</a>';
}
}
if (currentMesh.mtype == 2) {
x += '<a onclick=addAgentToMesh(\"' + currentMesh._id + '\") style=cursor:pointer;margin-right:10px title="Add a new computer to this mesh by installing the mesh agent."><img src=images/icon-addnew.png border=0 height=12 width=12> Install</a>';
@ -12352,7 +12414,11 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
if (xxdialogMode) return;
var x = '', acmoption = '';
if ((features & 0x100000) != 0) { acmoption = '<option value=3>Simple Admin Control Mode (ACM)</option>'; }
x += addHtmlValue('Type', '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>No Policy</option><option value=1>Deactivate Client Control Mode (CCM)</option><option value=2>Simple Client Control Mode (CCM)</option>' + acmoption + '</select>');
if (currentMesh.mtype == 1) {
x += addHtmlValue('Type', '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>No Policy</option><option value=2>Simple Client Control Mode (CCM)</option>' + acmoption + '</select>');
} else {
x += addHtmlValue('Type', '<select id=dp20amtpolicy style=width:230px onchange=p20editMeshAmtChange()><option value=0>No Policy</option><option value=1>Deactivate Client Control Mode (CCM)</option><option value=2>Simple Client Control Mode (CCM)</option>' + acmoption + '</select>');
}
x += '<div id=dp20amtpolicydiv></div>';
setDialogMode(2, "Intel&reg; AMT Policy", 3, p20editMeshAmtEx, x);
if (currentMesh.amt) { Q('dp20amtpolicy').value = currentMesh.amt.type; }
@ -12361,7 +12427,7 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
// Set the current Intel AMT policy
if (currentMesh.amt && (currentMesh.amt.type == 2) || (currentMesh.amt.type == 3)) {
Q('dp20amtpolicypass').value = currentMesh.amt.password;
if (currentMesh.amt.type == 2) { Q('dp20amtbadpass').value = currentMesh.amt.badpass; }
if ((currentMesh.amt.type == 2) && (currentMesh.amt.badpass != null)) { Q('dp20amtbadpass').value = currentMesh.amt.badpass; }
if ((features & 0x400) == 0) { Q('dp20amtcira').value = currentMesh.amt.cirasetup; }
}
@ -12371,9 +12437,9 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
function p20editMeshAmtChange() {
var ptype = Q('dp20amtpolicy').value, x = '';
if (ptype >= 2) {
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
x += addHtmlValue('Password*', '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() />')
if (ptype == 2) { x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel&reg; AMT</option></select>"); }
x = addHtmlValue('Password*', '<input id=dp20amtpolicypass type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
x += addHtmlValue('Password*', '<input id=dp20amtpolicypass2 type=password style=width:230px maxlength=32 onchange=dp20amtValidatePolicy() onkeyup=dp20amtValidatePolicy() autocomplete=off />')
if ((ptype == 2) && (currentMesh.mtype == 2)) { x += addHtmlValue('Password mismatch', "<select id=dp20amtbadpass style=width:230px><option value=0>Do nothing</option><option value=1>Reactivate Intel&reg; AMT</option></select>"); }
if ((features & 0x400) == 0) {
if (ptype == 2) {
x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=1>Don't connect to server</option><option value=2>Connect to server</option></select>");
@ -12381,15 +12447,18 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
x += addHtmlValue('<span title="Client Initiated Remote Access">CIRA</span>', "<select id=dp20amtcira style=width:230px><option value=0>Don't configure</option><option value=2>Connect to server</option></select>");
}
}
x += '<br/><span style="font-size:10px">* Recommanded, leave blank to assign a random password to each device.</span><br/>';
if (ptype == 2) {
x += '<span style="font-size:10px">This policy will not impact devices with Intel&reg; AMT in ACM mode.</span><br/>';
x += '<span style="font-size:10px">This is not a secure policy as agents will be performing activation.</span>';
} else {
x += '<span style="font-size:10px">During activation, the agent will have access to admin password infomation.</span>';
x += '<br/><span style="font-size:10px">* Leave blank to assign a random password to each device.</span><br/>';
if (currentMesh.mtype == 2) {
if (ptype == 2) {
x += '<span style="font-size:10px">This policy will not impact devices with Intel&reg; AMT in ACM mode.</span><br/>';
x += '<span style="font-size:10px">This is not a secure policy as agents will be performing activation.</span>';
} else {
x += '<span style="font-size:10px">During activation, the agent will have access to admin password infomation.</span>';
}
}
}
QH('dp20amtpolicydiv', x);
setTimeout(dp20amtValidatePolicy, 1);
}
function dp20amtValidatePolicy() {
@ -12404,7 +12473,8 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
function p20editMeshAmtEx() {
var ptype = parseInt(Q('dp20amtpolicy').value), amtpolicy = { type: ptype };
if (ptype == 2) {
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value, badpass: parseInt(Q('dp20amtbadpass').value) };
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value };
if (currentMesh.mtype == 2) { amtpolicy.badpass = parseInt(Q('dp20amtbadpass').value); }
if ((features & 0x400) == 0) { amtpolicy.cirasetup = parseInt(Q('dp20amtcira').value); } else { amtpolicy.cirasetup = 1; }
} else if (ptype == 3) {
amtpolicy = { type: ptype, password: Q('dp20amtpolicypass').value };