From a32081d7d306e54f9dd7a80ea9af5d4b2f4c70be Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Mon, 5 Apr 2021 14:55:52 -0700
Subject: [PATCH] Intel AMT password discovery added to amtactivation.log.

---
 amtmanager.js  |  5 +++++
 meshcentral.js | 10 ++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/amtmanager.js b/amtmanager.js
index 584fa37b..74ac11d9 100644
--- a/amtmanager.js
+++ b/amtmanager.js
@@ -606,6 +606,11 @@ module.exports.CreateAmtManager = function (parent) {
             if (stack.wsman.comm.xtls == 1) { dev.aquired.hash = stack.wsman.comm.xtlsCertificate.fingerprint.split(':').join('').toLowerCase(); } else { delete dev.aquired.hash; }
             UpdateDevice(dev);
 
+            // If this is the new first user/pass for the device UUID, update the activation log now.
+            if ((parent.amtPasswords != null) && (dev.mpsConnection != null) && (dev.mpsConnection.tag != null) && (dev.mpsConnection.tag.meiState != null) && (dev.mpsConnection.tag.meiState.UUID != null) && (parent.amtPasswords[dev.mpsConnection.tag.meiState.UUID] != null) && (parent.amtPasswords[dev.mpsConnection.tag.meiState.UUID][0] != dev.aquired.pass)) {
+                parent.certificateOperations.logAmtActivation(parent.config.domains[dev.domainid], { time: new Date(), action: 'amtpassword', domain: dev.domainid, amtUuid: dev.mpsConnection.tag.meiState.UUID, amtRealm: dev.aquired.realm, user: dev.aquired.user, password: dev.aquired.pass, computerName: dev.name });
+            }
+
             // Perform Intel AMT clock sync
             attemptSyncClock(dev, function (dev) {
                 // Check Intel AMT TLS state
diff --git a/meshcentral.js b/meshcentral.js
index c872efcd..fbf5095e 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -2700,14 +2700,16 @@ function CreateMeshCentralServer(config, args) {
                             if (amtPasswords[j.amtUuid] == null) {
                                 amtPasswords[j.amtUuid] = [j.password]; // Add password to array
                             } else {
-                                if (amtPasswords[j.amtUuid].indexOf(j.password) == -1) {
-                                    amtPasswords[j.amtUuid].unshift(j.password); // Add password at the start of the array
-                                    while (amtPasswords[j.amtUuid].length > 3) { amtPasswords[j.amtUuid].pop(); } // Only keep the 3 last passwords for any given device
-                                }
+                                amtPasswords[j.amtUuid].unshift(j.password); // Add password at the start of the array
                             }
                         }
                     }
                 }
+                // Remove all duplicates and only keep the 3 last passwords for any given device
+                for (var i in amtPasswords) {
+                    amtPasswords[i] = [...new Set(amtPasswords[i])];
+                    while (amtPasswords[i].length > 3) { amtPasswords[i].pop(); }
+                }
             }
             func(obj.common.sortObj(amtPasswords)); // Sort by UUID
         });