diff --git a/meshuser.js b/meshuser.js
index f024b4fa..baeba207 100644
--- a/meshuser.js
+++ b/meshuser.js
@@ -3847,7 +3847,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (command.desc != null && (command.desc != node.desc)) { change = 1; node.desc = command.desc; changes.push('description'); }
if (command.intelamt != null) {
if ((command.intelamt.user != null) && (command.intelamt.pass != undefined) && ((command.intelamt.user != node.intelamt.user) || (command.intelamt.pass != node.intelamt.pass))) { change = 1; node.intelamt.user = command.intelamt.user; node.intelamt.pass = command.intelamt.pass; changes.push('Intel AMT credentials'); amtchange = 1; }
- if ((command.intelamt.tls != null) && (command.intelamt.tls != node.intelamt.tls)) { change = 1; node.intelamt.tls = command.intelamt.tls; changes.push('Intel AMT TLS'); }
+ // Only allow the user to set Intel AMT TLS state if AMT Manager is not active. AMT manager will auto-detect TLS state.
+ if ((parent.parent.amtManager != null) && (command.intelamt.tls != null) && (command.intelamt.tls != node.intelamt.tls)) { change = 1; node.intelamt.tls = command.intelamt.tls; changes.push('Intel AMT TLS'); }
}
if (command.tags) { // Node grouping tag, this is a array of strings that can't be empty and can't contain a comma
var ok = true, group2 = [];
diff --git a/views/default.handlebars b/views/default.handlebars
index 38853349..6c85bb0f 100644
--- a/views/default.handlebars
+++ b/views/default.handlebars
@@ -1263,6 +1263,7 @@
var files;
var debugLevel = parseInt('{{{debuglevel}}}');
var features = parseInt('{{{features}}}');
+ var features2 = parseInt('{{{features2}}}');
var sessionTime = parseInt('{{{sessiontime}}}');
var sessionRefreshTimer = null;
var domain = '{{{domain}}}';
@@ -6222,11 +6223,12 @@
if ((meshrights & 4) == 0) return;
x += addHtmlValue("Username", '');
x += addHtmlValue("Password", '');
- x += addHtmlValue("Security", '');
+ // Only display the TLS setting if the Intel AMT manager is not running on the server. With the manager TLS is auto-detected.
+ if ((features2 & 1) == 0) { x += addHtmlValue("Security", ''); }
if ((node.intelamt.user != null) && (node.intelamt.user != '')) { buttons = 7; }
setDialogMode(2, "Edit Intel® AMT credentials", buttons, editDeviceAmtSettingsEx, x, { node: node, func: func, arg: arg });
if ((node.intelamt.user != null) && (node.intelamt.user != '')) { Q('dp10username').value = node.intelamt.user; } else { Q('dp10username').value = 'admin'; }
- Q('dp10tls').value = node.intelamt.tls;
+ if ((features2 & 1) == 0) { Q('dp10tls').value = node.intelamt.tls; }
validateDeviceAmtSettings();
}
@@ -6244,9 +6246,11 @@
if (amtuser == '') amtuser = 'admin';
var amtpass = Q('dp10password').value;
if (amtpass == '') amtuser = '';
- meshserver.send({ action: 'changedevice', nodeid: tag.node._id, intelamt: { user: amtuser, pass: amtpass, tls: parseInt(Q('dp10tls').value) } });
+ var x = { action: 'changedevice', nodeid: tag.node._id, intelamt: { user: amtuser, pass: amtpass } };
+ if ((features2 & 1) == 0) { x.intelamt.tls = parseInt(Q('dp10tls').value); }
+ meshserver.send(x);
tag.node.intelamt.user = amtuser;
- tag.node.intelamt.tls = parseInt(Q('dp10tls').value);
+ if ((features2 & 1) == 0) { tag.node.intelamt.tls = parseInt(Q('dp10tls').value); }
if (tag.func) { setTimeout(function () { tag.func(null, tag.arg); }, 300); }
}
}
@@ -9398,19 +9402,22 @@
x += addHtmlValue("Invite Codes", addLinkConditional(inviteCodeStr, 'p20editmeshInviteCode()', (meshrights & 1) || (icodes)));
}
- // Intel AMT setup
- var intelAmtPolicy = "No Policy";
- if (currentMesh.amt) {
- if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate Client Control Mode (CCM)'; }
- else if (currentMesh.amt.type == 2) {
- intelAmtPolicy = "Simple Client Control Mode (CCM)";
- if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += " + CIRA"; }
- } else if (currentMesh.amt.type == 3) {
- intelAmtPolicy = "Simple Admin Control Mode (ACM)";
- if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += " + CIRA"; }
+ // If the Intel AMT manager is active on the server, show the Intel AMT policy edit box.
+ if ((features2 & 1) != 0) {
+ // Intel AMT setup
+ var intelAmtPolicy = "No Policy";
+ if (currentMesh.amt) {
+ if (currentMesh.amt.type == 1) { intelAmtPolicy = 'Deactivate Client Control Mode (CCM)'; }
+ else if (currentMesh.amt.type == 2) {
+ intelAmtPolicy = "Simple Client Control Mode (CCM)";
+ if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += " + CIRA"; }
+ } else if (currentMesh.amt.type == 3) {
+ intelAmtPolicy = "Simple Admin Control Mode (ACM)";
+ if (currentMesh.amt.cirasetup == 2) { intelAmtPolicy += " + CIRA"; }
+ }
}
+ x += addHtmlValue("Intel® AMT", addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', meshrights & 1));
}
- x += addHtmlValue("Intel® AMT", addLinkConditional(intelAmtPolicy, 'p20editMeshAmt()', meshrights & 1));
// Display group note support
if (meshrights & 1) { x += '
'; }
diff --git a/webserver.js b/webserver.js
index 15e1663e..2c229592 100644
--- a/webserver.js
+++ b/webserver.js
@@ -2123,7 +2123,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
function handleRootRequestEx(req, res, domain, direct) {
- var nologout = false, user = null, features = 0;
+ var nologout = false, user = null, features = 0, features2 = 0;
res.set({ 'Cache-Control': 'no-store' });
// Check if we have an incomplete domain name in the path
@@ -2285,6 +2285,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Give the web page a list of supported server features
features = 0;
+ features2 = 0;
if (obj.args.wanonly == true) { features += 0x00000001; } // WAN-only mode
if (obj.args.lanonly == true) { features += 0x00000002; } // LAN-only mode
if (obj.args.nousers == true) { features += 0x00000004; } // Single user mode
@@ -2326,6 +2327,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (domain.novnc === false) { features += 0x20000000; } // Disables noVNC
if (domain.mstsc !== true) { features += 0x40000000; } // Disables MSTSC.js
if (obj.isTrustedCert(domain) == false) { features += 0x80000000; } // Indicate we are not using a trusted certificate
+ if (obj.parent.amtManager != null) { features2 += 1; } // Indicates that the Intel AMT manager is active
// Create a authentication cookie
const authCookie = obj.parent.encodeCookie({ userid: user._id, domainid: domain.id, ip: req.clientIp }, obj.parent.loginCookieEncryptionKey);
@@ -2390,6 +2392,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
serverPublicPort: httpsPort,
serverfeatures: serverFeatures,
features: features,
+ features2: features2,
sessiontime: args.sessiontime,
mpspass: args.mpspass,
passRequirements: passRequirements,