Intel AMT password discovery added to amtactivation.log.

2021-04-05 14:55:52 -07:00 · 2021-04-05 14:55:52 -07:00 · a32081d7d3
parent 3f6856cedc
commit a32081d7d3
2 changed files with 11 additions and 4 deletions
--- a/amtmanager.js
+++ b/amtmanager.js
@ -606,6 +606,11 @@ module.exports.CreateAmtManager = function (parent) {
            if (stack.wsman.comm.xtls == 1) { dev.aquired.hash = stack.wsman.comm.xtlsCertificate.fingerprint.split(':').join('').toLowerCase(); } else { delete dev.aquired.hash; }
            UpdateDevice(dev);

+            // If this is the new first user/pass for the device UUID, update the activation log now.
+            if ((parent.amtPasswords != null) && (dev.mpsConnection != null) && (dev.mpsConnection.tag != null) && (dev.mpsConnection.tag.meiState != null) && (dev.mpsConnection.tag.meiState.UUID != null) && (parent.amtPasswords[dev.mpsConnection.tag.meiState.UUID] != null) && (parent.amtPasswords[dev.mpsConnection.tag.meiState.UUID][0] != dev.aquired.pass)) {
+                parent.certificateOperations.logAmtActivation(parent.config.domains[dev.domainid], { time: new Date(), action: 'amtpassword', domain: dev.domainid, amtUuid: dev.mpsConnection.tag.meiState.UUID, amtRealm: dev.aquired.realm, user: dev.aquired.user, password: dev.aquired.pass, computerName: dev.name });
+            }
+
            // Perform Intel AMT clock sync
            attemptSyncClock(dev, function (dev) {
                // Check Intel AMT TLS state
--- a/meshcentral.js
+++ b/meshcentral.js
@ -2700,14 +2700,16 @@ function CreateMeshCentralServer(config, args) {
                            if (amtPasswords[j.amtUuid] == null) {
                                amtPasswords[j.amtUuid] = [j.password]; // Add password to array
                            } else {
-                                if (amtPasswords[j.amtUuid].indexOf(j.password) == -1) {
-                                    amtPasswords[j.amtUuid].unshift(j.password); // Add password at the start of the array
-                                    while (amtPasswords[j.amtUuid].length > 3) { amtPasswords[j.amtUuid].pop(); } // Only keep the 3 last passwords for any given device
-                                }
+                                amtPasswords[j.amtUuid].unshift(j.password); // Add password at the start of the array
                            }
                        }
                    }
                }
+                // Remove all duplicates and only keep the 3 last passwords for any given device
+                for (var i in amtPasswords) {
+                    amtPasswords[i] = [...new Set(amtPasswords[i])];
+                    while (amtPasswords[i].length > 3) { amtPasswords[i].pop(); }
+                }
            }
            func(obj.common.sortObj(amtPasswords)); // Sort by UUID
        });