mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-03-09 15:40:18 +00:00
More work on Intel AMT provisioning server.
This commit is contained in:
Ylian Saint-Hilaire
parent
f0c319e070
commit
fb8ea438b2
5 changed files with 117 additions and 46 deletions
|
|
@ -38,6 +38,7 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
socket.on('error', function (err) { })
|
||||
socket.on('close', function () { if (this.data != null) { processHelloData(this.data, this.ra); } delete this.ra; this.removeAllListeners(); })
|
||||
socket.on('data', function (data) {
|
||||
console.log('HELLO:', data.toString('HEX'));
|
||||
if (this.data == null) { this.data = data; } else { Buffer.concat([this.data, data]); }
|
||||
var str = this.data.toString();
|
||||
if (str.startsWith('GET ') && (str.indexOf('\r\n\r\n') >= 0)) {
|
||||
|
|
@ -59,7 +60,8 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
|
||||
// Example hello data for testing
|
||||
//setTimeout(function () { processHelloData(Buffer.from('01000300000000004b529b93d413181de4871c697a6b7a2b170220c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4022045140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda0220d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef402201465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65802202ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f502209acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df022016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0220960adf0063e96356750c2965dd0a0867da0b9cbd6e77714aeafb2349ab393da3022068ad50909b04363c605ef13581a939ff2c96372e3f12325b0a6861e1d59f660302206dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb177022073c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c022043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f33902202399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c022070a73f7f376b60074248904534b11482d5bf0e698ecc498df52577ebf2e93b9a02204348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c701610220cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f022031ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d00220552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988022067540a47aa5b9f34570a99723cfefa96a96ee3f0d9b8bf4def9440b8065d665d02207224395222cd588c4f2683716922addb41e39b581ac34fa87b39efa896fbb39e0220cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0220179fbc148a3dd00fd24ea13458cc43bfa7f59c8182d783a513f6ebec100c892402202cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf69', 'hex'), '192.168.2.148'); }, 500);
|
||||
//setTimeout(function () { processHelloData(Buffer.from('01000300000000004b529b93d413181de4871c697a6b7a2b180220c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4022045140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda0220d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef402201465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65802202ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f502209acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df022016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0220960adf0063e96356750c2965dd0a0867da0b9cbd6e77714aeafb2349ab393da3022068ad50909b04363c605ef13581a939ff2c96372e3f12325b0a6861e1d59f660302206dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb177022073c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c022043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f33902202399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c022070a73f7f376b60074248904534b11482d5bf0e698ecc498df52577ebf2e93b9a02204348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c701610220cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f022031ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d00220552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988022067540a47aa5b9f34570a99723cfefa96a96ee3f0d9b8bf4def9440b8065d665d0220a267c480b0b29056eb5e8aa7c93add804f5a7df516e969e77bcacafe8d45607902207224395222cd588c4f2683716922addb41e39b581ac34fa87b39efa896fbb39e0220cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0220179fbc148a3dd00fd24ea13458cc43bfa7f59c8182d783a513f6ebec100c892402202cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf69', 'hex'), '192.168.2.148'); }, 500);
|
||||
//setTimeout(function () { processHelloData(Buffer.from('01000300000000004b529b93d413181de4871c697a6b7a2b180220c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4022045140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda0220d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef402201465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65802202ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f502209acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df022016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0220960adf0063e96356750c2965dd0a0867da0b9cbd6e77714aeafb2349ab393da3022068ad50909b04363c605ef13581a939ff2c96372e3f12325b0a6861e1d59f660302206dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb177022073c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c022043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f33902202399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c022070a73f7f376b60074248904534b11482d5bf0e698ecc498df52577ebf2e93b9a02204348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c701610220cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f022031ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d00220552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988022067540a47aa5b9f34570a99723cfefa96a96ee3f0d9b8bf4def9440b8065d665d0220a267c480b0b29056eb5e8aa7c93add804f5a7df516e969e77bcacafe8d45607902207224395222cd588c4f2683716922addb41e39b581ac34fa87b39efa896fbb39e0220cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0220179fbc148a3dd00fd24ea13458cc43bfa7f59c8182d783a513f6ebec100c892402202cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf69', 'hex'), '192.168.2.148'); }, 5000);
|
||||
//setTimeout(function () { processHelloData(Buffer.from('01000300010000003ec2ffd2d19d2d41860a54b2039b72ff180220c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4022045140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda0220d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef402201465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65802202ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f502209acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df022016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0220960adf0063e96356750c2965dd0a0867da0b9cbd6e77714aeafb2349ab393da3022068ad50909b04363c605ef13581a939ff2c96372e3f12325b0a6861e1d59f660302206dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb177022073c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c022043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f33902202399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c022070a73f7f376b60074248904534b11482d5bf0e698ecc498df52577ebf2e93b9a02204348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c701610220cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f022031ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d00220552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988022067540a47aa5b9f34570a99723cfefa96a96ee3f0d9b8bf4def9440b8065d665d0220a267c480b0b29056eb5e8aa7c93add804f5a7df516e969e77bcacafe8d45607902207224395222cd588c4f2683716922addb41e39b581ac34fa87b39efa896fbb39e0220cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0220179fbc148a3dd00fd24ea13458cc43bfa7f59c8182d783a513f6ebec100c892402202cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf69', 'hex'), '192.168.2.134'); }, 5000);
|
||||
|
||||
// Parse Intel AMT hello data
|
||||
function parseHelloData(data, addr) {
|
||||
|
|
@ -71,8 +73,8 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
const firstBytes = data.readInt16LE(0);
|
||||
if (firstBytes > 1) return; // Invalid data
|
||||
amtHello.adminCredentialsSet = (firstBytes != 0);
|
||||
amtHello.version = data.readInt16LE(2);
|
||||
if (amtHello.version != 3) return null; // One touch PID not supported, only version 3 supported.
|
||||
amtHello.helloversion = data.readInt16LE(2);
|
||||
if (amtHello.helloversion != 3) return null; // One touch PID not supported, only version 3 supported.
|
||||
amtHello.retryCount = data.readInt32LE(4);
|
||||
amtHello.guidhex = data.slice(8, 24).toString('hex');
|
||||
amtHello.guid = guidToStr(amtHello.guidhex);
|
||||
|
|
@ -110,9 +112,10 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
if (dev == null) { parent.debug('amtsca', addr, 'Got invalid hello from: ' + addr); return; } // Invalid Intel AMT hello
|
||||
parent.debug('amtsca', 'Got hello from ' + addr);
|
||||
obj.devices[addr] = dev;
|
||||
dev.aquired = {};
|
||||
|
||||
// Set device messages
|
||||
dev.consoleMsg = function deviceConsoleMsg(msg) { parent.debug('amtsca', deviceConsoleMsg.dev.hostname ? deviceConsoleMsg.dev.hostname : deviceConsoleMsg.dev.addr, msg); return; }
|
||||
dev.consoleMsg = function deviceConsoleMsg(msg) { parent.debug('amtsca', deviceConsoleMsg.dev.aquired.host ? deviceConsoleMsg.dev.aquired.host : deviceConsoleMsg.dev.addr, msg); return; }
|
||||
dev.consoleMsg.dev = dev;
|
||||
|
||||
// Get assumed trusted FQDN and device group
|
||||
|
|
@ -121,18 +124,19 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
if ((mesh == null) || (mesh.mtype !== 1) || (typeof mesh.amt !== 'object') || (typeof mesh.amt.type !== 'number')) { dev.consoleMsg('Invalid device group for Intel AMT activation.'); return; }
|
||||
if ((mesh.amt.type != 3) && (mesh.amt.type != 4)) { dev.consoleMsg('Device group does not have ACM activation policy.'); return; }
|
||||
dev.mesh = mesh;
|
||||
dev.meshid = mesh._id;
|
||||
dev.domainid = mesh.domain;
|
||||
|
||||
// Compute the nodeid for this device using the device GUID
|
||||
const g = dev.guid.split('-').join('');
|
||||
const id = Buffer.from(g + g + g, 'hex').toString('base64');
|
||||
const id = Buffer.from(g + g + g, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
|
||||
dev.nodeid = 'node/' + mesh.domain + '/' + id;
|
||||
|
||||
// Attempts reverse DNS loopup on the device IP address
|
||||
const func = function dnsReverseLoopup(err, hostnames) {
|
||||
var hostname = dnsReverseLoopup.addr;
|
||||
if ((err == null) && (hostnames != null) && (hostnames.length > 0)) { hostname = hostnames[0]; }
|
||||
dnsReverseLoopup.dev.hostname = hostname;
|
||||
dnsReverseLoopup.dev.aquired.host = hostname;
|
||||
processHelloDataEx1(dnsReverseLoopup.dev);
|
||||
}
|
||||
func.addr = addr;
|
||||
|
|
@ -173,7 +177,7 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
|
||||
// Setup a connection to the Intel AMT device
|
||||
dev.consoleMsg('Launching TLS connection...');
|
||||
var comm = CreateWsmanComm(dev.hostname, 16993, 'admin', '', 1, { cert: dev.certchain.certs.reverse().join(''), key: dev.certchain.signkey }); // Perform TLS connection
|
||||
var comm = CreateWsmanComm(dev.aquired.host, 16993, 'admin', '', 1, { cert: dev.certchain.certs.reverse().join(''), key: dev.certchain.signkey }); // Perform TLS connection
|
||||
comm.xtlsFingerprint = 0; // No Intel AMT certificate checking.
|
||||
var wsstack = WsmanStackCreateService(comm);
|
||||
dev.amtstack = AmtStackCreateService(wsstack);
|
||||
|
|
@ -196,9 +200,9 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
if (amtlogicalelements.length > 0) {
|
||||
var vs = getInstance(amtlogicalelements, 'AMT')['VersionString'];
|
||||
if (vs != null) {
|
||||
dev.amtversionstr = vs;
|
||||
dev.amtversion = parseInt(dev.amtversionstr.split('.')[0]);
|
||||
dev.amtversionmin = parseInt(dev.amtversionstr.split('.')[1]);
|
||||
dev.aquired.version = vs;
|
||||
dev.aquired.versionmajor = parseInt(dev.aquired.version.split('.')[0]);
|
||||
dev.aquired.versionminor = parseInt(dev.aquired.version.split('.')[1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -207,24 +211,24 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
if ((dev.amtversionstr == null) && (stack.wsman.comm.amtVersion != null)) {
|
||||
var s = stack.wsman.comm.amtVersion.split('.');
|
||||
if (s.length >= 3) {
|
||||
dev.amtversionstr = s[0] + '.' + s[1] + '.' + s[2];
|
||||
dev.amtversion = parseInt(s[0]);
|
||||
dev.amtversionmin = parseInt(s[1]);
|
||||
dev.aquired.version = s[0] + '.' + s[1] + '.' + s[2];
|
||||
dev.aquired.versionmajor = parseInt(s[0]);
|
||||
dev.aquired.versionminor = parseInt(s[1]);
|
||||
}
|
||||
}
|
||||
|
||||
// If we can't get the Intel AMT version, stop here.
|
||||
if (dev.amtversionstr == null) { parent.debug('amtsca', dev.hostname, 'Could not get Intel AMT version.'); destroyDevice(dev); return; } // Could not get Intel AMT version, disconnect();
|
||||
if (dev.aquired.version == null) { dev.consoleMsg('Could not get Intel AMT version.'); destroyDevice(dev); return; } // Could not get Intel AMT version, disconnect();
|
||||
|
||||
// Get the digest realm
|
||||
if (responses['AMT_GeneralSettings'] && responses['AMT_GeneralSettings'].response && (typeof responses['AMT_GeneralSettings'].response['DigestRealm'] == 'string')) {
|
||||
dev.realm = responses['AMT_GeneralSettings'].response['DigestRealm'];
|
||||
dev.aquired.realm = responses['AMT_GeneralSettings'].response['DigestRealm'];
|
||||
} else {
|
||||
dev.consoleMsg('Could not get Intel AMT digest realm.'); destroyDevice(dev); return;
|
||||
}
|
||||
|
||||
// Looks like we are doing well.
|
||||
parent.debug('amtsca', dev.hostname, 'Succesful TLS connection, Intel AMT v' + dev.amtversionstr);
|
||||
dev.consoleMsg('Succesful TLS connection, Intel AMT v' + dev.aquired.version);
|
||||
|
||||
// Set the new MEBx password
|
||||
dev.consoleMsg('Setting MEBx password...');
|
||||
|
|
@ -236,29 +240,28 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
const dev = stack.dev;
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
if (status != 200) { dev.consoleMsg('Failed to set MEBx password, status=' + status + '.'); destroyDevice(dev); return; }
|
||||
parent.debug('amtsca', dev.hostname, 'MEBx password set. Setting admin password...');
|
||||
dev.consoleMsg('MEBx password set. Setting admin password...');
|
||||
|
||||
// See what admin password to use
|
||||
dev.pass = dev.mesh.amt.password;
|
||||
if (dev.pass == null) { dev.pass = getRandomAmtPassword(); }
|
||||
dev.aquired.user = 'admin';
|
||||
dev.aquired.pass = dev.mesh.amt.password;
|
||||
if (dev.aquired.pass == null) { dev.aquired.pass = getRandomAmtPassword(); }
|
||||
|
||||
// Set the admin password
|
||||
dev.amtstack.AMT_AuthorizationService_SetAdminAclEntryEx('admin', hex_md5('admin:' + dev.realm + ':' + dev.pass), processHelloDataEx4);
|
||||
dev.amtstack.AMT_AuthorizationService_SetAdminAclEntryEx(dev.aquired.user, hex_md5(dev.aquired.user + ':' + dev.aquired.realm + ':' + dev.aquired.pass), processHelloDataEx4);
|
||||
}
|
||||
|
||||
// Response from setting admin password
|
||||
function processHelloDataEx4(stack, name, responses, status) {
|
||||
const dev = stack.dev;
|
||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||
if (status != 200) { parent.debug('amtsca', dev.hostname, 'Failed to set admin password, status=' + status + '.'); destroyDevice(dev); return; }
|
||||
parent.debug('amtsca', dev.hostname, 'Admin password set.');
|
||||
if (status != 200) { dev.consoleMsg('Failed to set admin password, status=' + status + '.'); destroyDevice(dev); return; }
|
||||
dev.consoleMsg('Admin password set.');
|
||||
|
||||
// Setup TLS and commit.
|
||||
dev.intelamt = {};
|
||||
dev.aquired = {};
|
||||
attemptTlsSync(dev, function (dev) {
|
||||
destroyDevice(dev)
|
||||
dev.consoleMsg('Intel AMT ACM activation completed.');
|
||||
destroyDevice(dev)
|
||||
});
|
||||
}
|
||||
|
||||
|
|
@ -407,8 +410,6 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
*/
|
||||
// TLS already enabled, update device in the database
|
||||
dev.consoleMsg("Intel AMT has TLS already enabled.");
|
||||
dev.intelamt.tls = dev.aquired.tls = 1;
|
||||
UpdateDevice(dev);
|
||||
|
||||
// Perform commit
|
||||
dev.taskCount = 1;
|
||||
|
|
@ -438,10 +439,11 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
dev.consoleMsg("Commited, holding 5 seconds...");
|
||||
|
||||
// Update device in the database
|
||||
dev.intelamt.tls = dev.aquired.tls = 1;
|
||||
dev.intelamt.hash = dev.aquired.hash = dev.aquired.xhash;
|
||||
dev.aquired.tls = 1;
|
||||
dev.aquired.hash = dev.aquired.xhash;
|
||||
dev.aquired.state = 2; // Activated in ACM
|
||||
delete dev.aquired.xhash;
|
||||
UpdateDevice(dev);
|
||||
if (UpdateDevice(dev) == false) return;
|
||||
|
||||
// Switch our communications to TLS (Restart our management of this node)
|
||||
dev.switchToTls = 1;
|
||||
|
|
@ -454,20 +456,89 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
|
|||
});
|
||||
}
|
||||
|
||||
// Update the device in the database
|
||||
function UpdateDevice(dev) {
|
||||
console.log('UpdateDevice', dev.intelamt);
|
||||
}
|
||||
|
||||
// Do aggressive cleanup on the device
|
||||
function destroyDevice(dev) {
|
||||
delete obj.devices[dev.addr];
|
||||
if (dev.amtstack != null) { delete dev.amtstack.dev; delete dev.amtstack; }
|
||||
delete dev.guid;
|
||||
delete dev.mesh;
|
||||
delete dev.realm;
|
||||
delete dev.meshid;
|
||||
delete dev.aquired;
|
||||
delete dev.guidhex;
|
||||
delete dev.domainid;
|
||||
delete dev.certchain;
|
||||
delete dev.amtversionstr;
|
||||
delete dev.retryCount;
|
||||
delete dev.amtversion;
|
||||
delete dev.amtversionmin;
|
||||
delete dev.realm;
|
||||
delete dev.amtversionstr;
|
||||
}
|
||||
|
||||
// Update the device in the database and event any changes
|
||||
function UpdateDevice(dev) {
|
||||
// Check that the mesh exists
|
||||
const mesh = parent.webserver.meshes[dev.meshid];
|
||||
if (mesh == null) { destroyDevice(dev); return false; }
|
||||
|
||||
// Get the node and change it if needed
|
||||
parent.db.Get(dev.nodeid, function (err, nodes) {
|
||||
if ((nodes == null) || (nodes.length == 0)) {
|
||||
// Add a new device
|
||||
var devicename = dev.guid;
|
||||
if (dev.addr != dev.aquired.host) { devicename = dev.aquired.host.split('.')[0]; }
|
||||
var device = { type: 'node', _id: dev.nodeid, meshid: dev.meshid, name: devicename, host: dev.aquired.host, domain: dev.domainid, intelamt: { ver: dev.aquired.version, user: dev.aquired.user, pass: dev.aquired.pass, tls: dev.aquired.tls, state: 2, realm: dev.aquired.realm } };
|
||||
if (dev.aquired.hash != null) { device.intelamt.hash = dev.aquired.hash; }
|
||||
parent.db.Set(device);
|
||||
|
||||
// Event the new node
|
||||
parent.DispatchEvent(parent.webserver.CreateMeshDispatchTargets(dev.meshid, [dev.nodeid]), obj, { etype: 'node', action: 'addnode', node: parent.CloneSafeNode(device), msgid: 84, msgArgs: [devicename, mesh.name], msg: 'Added device ' + devicename + ' to device group ' + mesh.name, domain: domain.id });
|
||||
} else {
|
||||
// Update an existing device
|
||||
const device = nodes[0];
|
||||
var changes = [], change = 0, log = 0;
|
||||
var domain = parent.config.domains[device.domain];
|
||||
if (domain == null) return false;
|
||||
|
||||
// Check if anything changes
|
||||
if (device.intelamt == null) { device.intelamt = {}; }
|
||||
if ((typeof dev.aquired.version == 'string') && (dev.aquired.version != device.intelamt.ver)) { change = 1; log = 1; device.intelamt.ver = dev.aquired.version; changes.push('AMT version'); }
|
||||
if ((typeof dev.aquired.user == 'string') && (dev.aquired.user != device.intelamt.user)) { change = 1; log = 1; device.intelamt.user = dev.aquired.user; changes.push('AMT user'); }
|
||||
if ((typeof dev.aquired.pass == 'string') && (dev.aquired.pass != device.intelamt.pass)) { change = 1; log = 1; device.intelamt.pass = dev.aquired.pass; changes.push('AMT pass'); }
|
||||
if ((typeof dev.aquired.mpspass == 'string') && (dev.aquired.mpspass != device.intelamt.mpspass)) { change = 1; log = 1; device.intelamt.mpspass = dev.aquired.mpspass; changes.push('AMT MPS pass'); }
|
||||
if ((typeof dev.aquired.host == 'string') && (dev.aquired.host != device.intelamt.host)) { change = 1; log = 1; device.intelamt.host = dev.aquired.host; changes.push('AMT host'); }
|
||||
if ((typeof dev.aquired.realm == 'string') && (dev.aquired.realm != device.intelamt.realm)) { change = 1; log = 1; device.intelamt.realm = dev.aquired.realm; changes.push('AMT realm'); }
|
||||
if ((typeof dev.aquired.hash == 'string') && (dev.aquired.hash != device.intelamt.hash)) { change = 1; log = 1; device.intelamt.hash = dev.aquired.hash; changes.push('AMT hash'); }
|
||||
if ((typeof dev.aquired.tls == 'number') && (dev.aquired.tls != device.intelamt.tls)) { change = 1; log = 1; device.intelamt.tls = dev.aquired.tls; changes.push('AMT TLS'); }
|
||||
if ((typeof dev.aquired.state == 'number') && (dev.aquired.state != device.intelamt.state)) { change = 1; log = 1; device.intelamt.state = dev.aquired.state; changes.push('AMT state'); }
|
||||
|
||||
// Intel AMT Warning Flags: 1 = Unknown credentials, 2 = Realm Mismatch, 4 = TLS Cert Mismatch, 8 = Trying credentials
|
||||
if ((typeof dev.aquired.warn == 'number')) { if ((dev.aquired.warn == 0) && (device.intelamt.warn != null)) { delete device.intelamt.warn; change = 1; } else if (dev.aquired.warn != device.intelamt.warn) { device.intelamt.warn = dev.aquired.warn; change = 1; } }
|
||||
|
||||
// Update Intel AMT flags if needed
|
||||
// dev.aquired.controlMode // 1 = CCM, 2 = ACM
|
||||
// (node.intelamt.flags & 2) == CCM, (node.intelamt.flags & 4) == ACM
|
||||
var flags = 0;
|
||||
if (typeof device.intelamt.flags == 'number') { flags = device.intelamt.flags; }
|
||||
if (dev.aquired.controlMode == 1) { if ((flags & 4) != 0) { flags -= 4; } if ((flags & 2) == 0) { flags += 2; } } // CCM
|
||||
if (dev.aquired.controlMode == 2) { if ((flags & 4) == 0) { flags += 4; } if ((flags & 2) != 0) { flags -= 2; } } // ACM
|
||||
if (device.intelamt.flags != flags) { change = 1; log = 1; device.intelamt.flags = flags; changes.push('AMT flags'); }
|
||||
|
||||
// If there are changes, event the new device
|
||||
if (change == 1) {
|
||||
// Save to the database
|
||||
parent.db.Set(device);
|
||||
|
||||
// Event the node change
|
||||
var event = { etype: 'node', action: 'changenode', nodeid: device._id, domain: domain.id, node: parent.webserver.CloneSafeNode(device) };
|
||||
if (changes.length > 0) { event.msg = 'Changed device ' + device.name + ' from group ' + mesh.name + ': ' + changes.join(', '); }
|
||||
if ((log == 0) || ((obj.agentInfo) && (obj.agentInfo.capabilities) && (obj.agentInfo.capabilities & 0x20)) || (changes.length == 0)) { event.nolog = 1; } // If this is a temporary device, don't log changes
|
||||
if (parent.db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the node. Another event will come.
|
||||
parent.DispatchEvent(parent.webserver.CreateMeshDispatchTargets(device.meshid, [device._id]), obj, event);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
//
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue