928 lines
35 KiB
C#
928 lines
35 KiB
C#
//----------------------------------------------------------------------------
|
|
//
|
|
// Copyright © 2009-2014, Intel Corporation. All rights reserved.
|
|
//
|
|
// File: Configuration.cs
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
using System;
|
|
using System.IO;
|
|
using UCT.Utils;
|
|
using System.Net;
|
|
using System.Text;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
using System.Collections.Generic;
|
|
using System.Net.Sockets;
|
|
using System.Security;
|
|
using System.Runtime.InteropServices;
|
|
using System.Windows.Forms;
|
|
using Intel.Management.Wsman;
|
|
using System.Net.Security;
|
|
using Common.Utils;
|
|
|
|
namespace UCT
|
|
{
|
|
#region - Enums -
|
|
|
|
public enum ConnectionStatus
|
|
{
|
|
Connected,
|
|
MissingPermission,
|
|
UnsupportedFeature,
|
|
Failure
|
|
}
|
|
|
|
enum Permissions
|
|
{
|
|
NONE,
|
|
ADMIN_SECURITY_RCS_ADMIN_REALM,
|
|
ADMIN_SECURITY_SOLIDER_REALM,
|
|
ADMIN_SECURITY_ADMINISTRATION_REALM,
|
|
ADMIN_SECURITY_HARDWARE_ASSET_REALM,
|
|
ADMIN_SECURITY_REMOTE_CONTROL_REALM,
|
|
ADMIN_SECURITY_STORAGE_REALM,
|
|
ADMIN_SECURITY_EVENT_MANAGER_REALM,
|
|
ADMIN_SECURITY_STORAGE_ADMIN_REALM,
|
|
ADMIN_SECURITY_AGENT_PRECENSE_LOCAL_REALM,
|
|
ADMIN_SECURITY_AGENT_PRECENSE_REMOTE_REALM,
|
|
ADMIN_SECURITY_CIRCUIT_BREAKER_REALM,
|
|
ADMIN_SECURITY_NETWORK_TIME_REALM,
|
|
ADMIN_SECURITY_GENERAL_INFO_REALM,
|
|
ADMIN_SECURITY_FW_UPDATE_REALM,
|
|
ADMIN_SECURITY_EIT_PROVISIONING_REALM,
|
|
ADMIN_SECURITY_LOCAL_APPS_REALM,
|
|
ADMIN_SECURITY_EAC_REALM,
|
|
ADMIN_SECURITY_EAC_ADMIN_REALM,
|
|
ADMIN_SECURITY_EVENT_LOG_READER_REALM,
|
|
ADMIN_SECURITY_AUDIT_LOG_REALM,
|
|
ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM,
|
|
ADMIN_SECURITY_WOX_REALM,
|
|
}
|
|
|
|
public enum UCTPermission
|
|
{
|
|
None = 0,
|
|
Admin,
|
|
RemoteControl,
|
|
Redirection,
|
|
Other
|
|
}
|
|
|
|
#endregion
|
|
|
|
/// <summary>
|
|
/// Singleton object that hold the below settings:
|
|
/// Basic Settings - amtHost, amtUsername, amtPassword .. etc
|
|
/// Certificate options - path to the certificates files
|
|
/// Proxy options - ciraHost, ciraUsername, ciraPassword
|
|
/// RFB Settings - current color level, encoding
|
|
/// </summary>
|
|
public class Configuration : IConnectRemoteSystem, IDisposable
|
|
{
|
|
#region - Consts -
|
|
|
|
private const string WirelessInstanceID = "Intel(r) AMT Ethernet Port Settings 1";
|
|
private const string UnsupportedFWVersion = "DestinationUnreachable";
|
|
|
|
#endregion
|
|
|
|
#region - Classes -
|
|
|
|
#region Basic Settings
|
|
|
|
/// <summary>
|
|
/// Contain Basic Intel(r) AMT settings (Credentials ... etc)
|
|
/// </summary>
|
|
public class BasicSettings
|
|
{
|
|
Dictionary<string, Permissions> RealmsDictionary = new Dictionary<string, Permissions>()
|
|
{
|
|
{"RCS", Permissions.ADMIN_SECURITY_RCS_ADMIN_REALM},
|
|
{"REDIR", Permissions.ADMIN_SECURITY_SOLIDER_REALM},
|
|
{"ADMIN", Permissions.ADMIN_SECURITY_ADMINISTRATION_REALM},
|
|
{"HAI", Permissions.ADMIN_SECURITY_HARDWARE_ASSET_REALM},
|
|
{"RC", Permissions.ADMIN_SECURITY_REMOTE_CONTROL_REALM},
|
|
{"STOR", Permissions.ADMIN_SECURITY_STORAGE_REALM},
|
|
{"EVTMGR", Permissions.ADMIN_SECURITY_EVENT_MANAGER_REALM},
|
|
{"STORA", Permissions.ADMIN_SECURITY_STORAGE_ADMIN_REALM},
|
|
{"AGPL", Permissions.ADMIN_SECURITY_AGENT_PRECENSE_LOCAL_REALM},
|
|
{"AGPR", Permissions.ADMIN_SECURITY_AGENT_PRECENSE_REMOTE_REALM},
|
|
{"CB", Permissions.ADMIN_SECURITY_CIRCUIT_BREAKER_REALM},
|
|
{"NETT", Permissions.ADMIN_SECURITY_NETWORK_TIME_REALM},
|
|
{"INFO", Permissions.ADMIN_SECURITY_GENERAL_INFO_REALM},
|
|
{"FWUPD", Permissions.ADMIN_SECURITY_FW_UPDATE_REALM},
|
|
{"EIT", Permissions.ADMIN_SECURITY_EIT_PROVISIONING_REALM},
|
|
{"LOCAPP", Permissions.ADMIN_SECURITY_LOCAL_APPS_REALM},
|
|
{"EAC", Permissions.ADMIN_SECURITY_EAC_REALM},
|
|
{"EACADM", Permissions.ADMIN_SECURITY_EAC_ADMIN_REALM},
|
|
{"EVTLOG", Permissions.ADMIN_SECURITY_EVENT_LOG_READER_REALM},
|
|
{"AUDIT", Permissions.ADMIN_SECURITY_AUDIT_LOG_REALM},
|
|
{"UAC", Permissions.ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM},
|
|
{"WOX", Permissions.ADMIN_SECURITY_WOX_REALM},
|
|
{"SEC_LCL", Permissions.NONE},
|
|
{"RESERVED", Permissions.NONE}
|
|
};
|
|
|
|
private const string DEFAULT_USERNAME = "admin";
|
|
private const string DEFAULT_PASSWORD = "admin";
|
|
|
|
private string _amtHost;
|
|
private string _amtUsername;
|
|
private SecureString _amtPassword;
|
|
private bool _tlsEnable;
|
|
private bool _ciraEnable;
|
|
private bool _kerberosEnable;
|
|
private UCTPermission _userRealm;
|
|
private List<Permissions> _realms;
|
|
|
|
private static BasicSettings _instance = null;
|
|
|
|
/// <summary>
|
|
/// Singleton return the Basic Settings instance
|
|
/// </summary>
|
|
/// <returns>the single instance</returns>
|
|
public static BasicSettings GetInstance()
|
|
{
|
|
if (null == _instance)
|
|
{
|
|
_instance = new BasicSettings();
|
|
}
|
|
return _instance;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Ctor. Initialize default settings
|
|
/// </summary>
|
|
private BasicSettings()
|
|
{
|
|
_amtHost = string.Empty;
|
|
_amtUsername = string.Empty;
|
|
_amtPassword = new SecureString();
|
|
_tlsEnable = false;
|
|
_ciraEnable = false;
|
|
_kerberosEnable = false;
|
|
_realms = new List<Permissions>();
|
|
_userRealm = UCTPermission.None;
|
|
}
|
|
|
|
/// <summary>
|
|
/// property indicate about the Intel(r) AMT host
|
|
/// </summary>
|
|
public string AmtHost
|
|
{
|
|
get { return _amtHost; }
|
|
set { _amtHost = value; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// property indicate about the Intel(r) AMT username
|
|
/// </summary>
|
|
public string AmtUsername
|
|
{
|
|
get { return _amtUsername; }
|
|
set { _amtUsername = value; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// property indicate about the Intel(r) AMT Password
|
|
/// </summary>
|
|
public SecureString AmtPassword
|
|
{
|
|
get => _amtPassword;
|
|
set
|
|
{
|
|
_amtPassword?.Dispose();
|
|
_amtPassword = value ?? new SecureString();
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// property indicate about using TLS
|
|
/// </summary>
|
|
public bool TlsEnable
|
|
{
|
|
get { return _tlsEnable; }
|
|
set { _tlsEnable = value; }
|
|
}
|
|
/// <summary>
|
|
/// property indicate about using CIRA
|
|
/// </summary>
|
|
public bool CIRAEnable
|
|
{
|
|
get { return _ciraEnable; }
|
|
set { _ciraEnable = value; }
|
|
}
|
|
/// <summary>
|
|
/// property indicate if kerberos should be preferred
|
|
/// </summary>
|
|
public bool KerberosEnable
|
|
{
|
|
get { return _kerberosEnable; }
|
|
set { _kerberosEnable = value; }
|
|
}
|
|
/// <summary>
|
|
/// property indicate the user realms
|
|
/// </summary>
|
|
public UCTPermission UserRealm
|
|
{
|
|
get { return _userRealm; }
|
|
set { _userRealm = value; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// Return the privileges as string
|
|
/// </summary>
|
|
/// <returns></returns>
|
|
public string GetUserPermissions()
|
|
{
|
|
StringBuilder realmsStr = new StringBuilder();
|
|
foreach (Permissions perm in _realms)
|
|
{
|
|
realmsStr.Append(perm.ToString());
|
|
realmsStr.Append(Environment.NewLine);
|
|
}
|
|
return realmsStr.ToString();
|
|
}
|
|
|
|
/// <summary>
|
|
/// Initialize the user permissions
|
|
/// </summary>
|
|
public UCTPermission InitiateUserPrivileges()
|
|
{
|
|
_realms = new List<Permissions>();
|
|
|
|
// Enumerate CIM_Privilege instances
|
|
IManagedReference privilegeRef = _wsmanConnection.NewReference("SELECT * FROM CIM_Privilege");
|
|
IWsmanEnumeration privilegesCollection = privilegeRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null);
|
|
|
|
// Go over the instances returned
|
|
foreach (IWsmanItem privilegeItem in privilegesCollection)
|
|
{
|
|
// Get the Privilege object
|
|
IManagedInstance privilegeObject = privilegeItem.Object;
|
|
|
|
// Convert the permissions array to full realm name
|
|
IWsmanItem activityQualifiers = privilegeObject.GetProperty("ActivityQualifiers");
|
|
string[] permissions = new string[activityQualifiers.Count];
|
|
|
|
for (int i = 0; i < activityQualifiers.Count; i++)
|
|
permissions[i] = activityQualifiers.Item(i).ToString();
|
|
|
|
foreach (string str in permissions)
|
|
{
|
|
_realms.Add(RealmsDictionary[str]);
|
|
}
|
|
}
|
|
|
|
if (_realms.Contains(Permissions.ADMIN_SECURITY_ADMINISTRATION_REALM))
|
|
{
|
|
_userRealm = UCTPermission.Admin;
|
|
}
|
|
else if (_realms.Contains(Permissions.ADMIN_SECURITY_REMOTE_CONTROL_REALM) &&
|
|
_realms.Contains(Permissions.ADMIN_SECURITY_GENERAL_INFO_REALM))
|
|
{
|
|
_userRealm = UCTPermission.RemoteControl;
|
|
}
|
|
else if (_realms.Contains(Permissions.ADMIN_SECURITY_GENERAL_INFO_REALM) &&
|
|
_realms.Contains(Permissions.ADMIN_SECURITY_SOLIDER_REALM))
|
|
{
|
|
_userRealm = UCTPermission.Redirection;
|
|
}
|
|
else
|
|
_userRealm = UCTPermission.Other;
|
|
|
|
return _userRealm;
|
|
}
|
|
}
|
|
|
|
#endregion
|
|
|
|
#region Certificate Settings
|
|
|
|
/// <summary>
|
|
/// Singleton object that represent the certificate settings
|
|
/// </summary>
|
|
public class CertificateSettings
|
|
{
|
|
private X509Certificate2 _serverCert;
|
|
|
|
public X509Certificate2 ServerCertificate
|
|
{
|
|
get { return _serverCert; }
|
|
set { _serverCert = value; }
|
|
}
|
|
|
|
private string _personalCertificate;
|
|
|
|
private CertificateSettings()
|
|
{
|
|
|
|
_personalCertificate = string.Empty;
|
|
}
|
|
|
|
private static CertificateSettings _certificateSettings = null;
|
|
/// <summary>
|
|
/// Singleton object that represent the certificates configuration
|
|
/// </summary>
|
|
/// <returns></returns>
|
|
public static CertificateSettings GetInstance()
|
|
{
|
|
if (null == _certificateSettings)
|
|
{
|
|
_certificateSettings = new CertificateSettings();
|
|
}
|
|
return _certificateSettings;
|
|
}
|
|
|
|
/// <summary>
|
|
/// path to the personal certificate file
|
|
/// </summary>
|
|
public string PersonalCertificate
|
|
{
|
|
get { return _personalCertificate; }
|
|
set { _personalCertificate = value; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// return the CN of the personal certificate
|
|
/// </summary>
|
|
public string PersonalCertificateSubject
|
|
{
|
|
get
|
|
{
|
|
if (PersonalCertificate == string.Empty)
|
|
return null;
|
|
|
|
try
|
|
{
|
|
string filedata = File.ReadAllText(PersonalCertificate);
|
|
int indexStart = filedata.IndexOf("-----BEGIN CERTIFICATE-----");
|
|
if (indexStart == -1)
|
|
return null;
|
|
string certificateSection = filedata.Substring(indexStart);
|
|
// extract subject from the given personal certificate
|
|
X509Certificate2 cer = new X509Certificate2(Encoding.ASCII.GetBytes(certificateSection));
|
|
return cer.Subject;
|
|
}
|
|
catch (System.IO.IOException e)
|
|
{
|
|
throw e;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
#endregion
|
|
|
|
#region Proxy Settings
|
|
|
|
/// <summary>
|
|
/// Singleton object represent CIRA configuration
|
|
/// </summary>
|
|
public class ProxySettings
|
|
{
|
|
/// <summary>
|
|
/// default port when using WS-Man over CIRA
|
|
/// </summary>
|
|
public const ushort DEFAULT_PROXY_HTTP_PORT = 8080;
|
|
|
|
// HTTP proxy
|
|
private string _proxyHostHttp;
|
|
private ushort _proxyPortHttp;
|
|
private string _proxyUsernameHttp;
|
|
private SecureString _proxyPasswordHttp;
|
|
|
|
private ProxySettings()
|
|
{
|
|
_proxyHostHttp = string.Empty;
|
|
_proxyUsernameHttp = string.Empty;
|
|
// _proxyPasswordHttp = string.Empty;
|
|
//_proxyPortHttp = DEFAULT_PROXY_HTTP_PORT;
|
|
}
|
|
|
|
private static ProxySettings _proxySettings = null;
|
|
/// <summary>
|
|
/// Represent the CIRA configuration instance
|
|
/// </summary>
|
|
/// <returns></returns>
|
|
public static ProxySettings GetInstance()
|
|
{
|
|
if (null == _proxySettings)
|
|
{
|
|
_proxySettings = new ProxySettings();
|
|
}
|
|
return _proxySettings;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Represent the CIRA host
|
|
/// </summary>
|
|
public string ProxyHostHttp
|
|
{
|
|
get { return _proxyHostHttp; }
|
|
set { _proxyHostHttp = value; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// Represent the CIRA port
|
|
/// </summary>
|
|
public ushort ProxyPortHttp
|
|
{
|
|
get { return _proxyPortHttp; }
|
|
set { _proxyPortHttp = value; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// Represent the username that will be used to connect to CIRA
|
|
/// </summary>
|
|
public string ProxyUsernameHttp
|
|
{
|
|
get { return _proxyUsernameHttp; }
|
|
set { _proxyUsernameHttp = value; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// Represent the password that will be used to connect to CIRA
|
|
/// </summary>
|
|
public SecureString ProxyPasswordHttp
|
|
{
|
|
get => _proxyPasswordHttp;
|
|
set
|
|
{
|
|
_proxyPasswordHttp?.Dispose();
|
|
_proxyPasswordHttp = value ?? new SecureString();
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Get the combination of the proxy host : name
|
|
/// for example: ibxpx.intel.com:16992
|
|
/// </summary>
|
|
public string FullProxyNameHttp
|
|
{
|
|
get
|
|
{
|
|
return BuildProxyURL(_proxyHostHttp, _proxyPortHttp);
|
|
}
|
|
}
|
|
|
|
private string BuildProxyURL(string proxyHost, ushort proxyPort)
|
|
{
|
|
if (proxyHost == string.Empty)
|
|
{
|
|
return string.Empty;
|
|
}
|
|
else
|
|
{
|
|
return proxyHost + ":" + proxyPort;
|
|
}
|
|
}
|
|
}
|
|
#endregion
|
|
|
|
#region InterfaceSettings
|
|
|
|
public class InterfaceSettings
|
|
{
|
|
private LinkInterface _linkInterface;
|
|
IManagedReference _ethernetPortServiceEPR;
|
|
private string _lanID;
|
|
|
|
private static InterfaceSettings _instance = null;
|
|
|
|
/// <summary>
|
|
/// Singleton return the interface Settings instance
|
|
/// </summary>
|
|
/// <returns>the single instance</returns>
|
|
public static InterfaceSettings GetInstance()
|
|
{
|
|
if (null == _instance)
|
|
{
|
|
_instance = new InterfaceSettings();
|
|
}
|
|
return _instance;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Ctor. Initialize default settings
|
|
/// </summary>
|
|
private InterfaceSettings()
|
|
{
|
|
_linkInterface = LinkInterface.None;
|
|
_lanID = string.Empty;
|
|
}
|
|
|
|
/// <summary>
|
|
/// property indicate about the intefacce
|
|
/// </summary>
|
|
public LinkInterface LinkInterface
|
|
{
|
|
get { return _linkInterface; }
|
|
set { _linkInterface = value; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// property indicate about the Intel(r) AMT LanID
|
|
/// </summary>
|
|
public string LanID
|
|
{
|
|
get { return _lanID; }
|
|
set { _lanID = value; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// property indicate about the Intel(r) AMT ethernet port settings epr
|
|
/// </summary>
|
|
public IManagedReference EthernetPortServiceEPR
|
|
{
|
|
get { return _ethernetPortServiceEPR; }
|
|
set { _ethernetPortServiceEPR = value; }
|
|
}
|
|
}
|
|
|
|
#endregion
|
|
|
|
#region Configuration
|
|
|
|
private BasicSettings _basic;
|
|
private CertificateSettings _certificate;
|
|
private ProxySettings _proxy;
|
|
private InterfaceSettings _interface;
|
|
public static bool acceptSelfSignedCert = false;
|
|
public static WsmanConnection _wsmanConnection;
|
|
|
|
/// <summary>
|
|
/// Contain the Basic Settings
|
|
/// </summary>
|
|
public BasicSettings Basic
|
|
{
|
|
get { return _basic; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// Contain certificate settings
|
|
/// </summary>
|
|
public CertificateSettings Certificate
|
|
{
|
|
get { return _certificate; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// Contain CIRA related settings
|
|
/// </summary>
|
|
public ProxySettings Proxy
|
|
{
|
|
get { return _proxy; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// Contain settings related to the remote machine interface
|
|
/// </summary>
|
|
public InterfaceSettings Interface
|
|
{
|
|
get { return _interface; }
|
|
}
|
|
|
|
private Configuration()
|
|
{
|
|
_basic = BasicSettings.GetInstance();
|
|
_certificate = CertificateSettings.GetInstance();
|
|
_proxy = ProxySettings.GetInstance();
|
|
_interface = InterfaceSettings.GetInstance();
|
|
}
|
|
|
|
private static Configuration _configuration = null;
|
|
|
|
public static bool HostNameMismatch { get; set; }
|
|
|
|
/// <summary>
|
|
/// Singleton object that return the current configuration object
|
|
/// </summary>
|
|
/// <returns></returns>
|
|
public static Configuration GetInstance()
|
|
{
|
|
lock (typeof(Configuration))
|
|
{
|
|
if (null == _configuration)
|
|
{
|
|
_configuration = new Configuration();
|
|
}
|
|
}
|
|
return _configuration;
|
|
}
|
|
|
|
private static IWebProxy GetWebProxy()
|
|
{
|
|
string proxyAddress = _configuration.Proxy.ProxyHostHttp;
|
|
if (proxyAddress == string.Empty)
|
|
{
|
|
return null;
|
|
}
|
|
|
|
IWebProxy proxy = new WebProxy(_configuration.Proxy.ProxyHostHttp, _configuration.Proxy.ProxyPortHttp);
|
|
if (!string.IsNullOrEmpty(_configuration._proxy.ProxyUsernameHttp) &&
|
|
_configuration.Proxy.ProxyPasswordHttp != null && _configuration.Proxy.ProxyPasswordHttp.Length > 0)
|
|
{
|
|
proxy.Credentials = new NetworkCredential(_configuration.Proxy.ProxyUsernameHttp,
|
|
_configuration.Proxy.ProxyPasswordHttp);
|
|
}
|
|
|
|
return proxy;
|
|
}
|
|
|
|
public ConnectionStatus InitWSManClient()
|
|
{
|
|
LogManager.WriteOperation(LogLevel.BASIC, "Initializing WS-Management client", LogInteraction.Information);
|
|
return ScanAMTSystem();
|
|
}
|
|
|
|
#endregion
|
|
|
|
#endregion
|
|
|
|
#region IConnectRemoteSystem Members
|
|
|
|
private const string FW_VERSION_INSTANCE_ID = "AMT FW Core Version";
|
|
private const string ETHERNET_PORT_INSTANCE_ID = "Intel(r) AMT Ethernet Port Settings 1";
|
|
private const string ETHERNET_PORT_INSTANCE_ID_WIRED = "Intel(r) AMT Ethernet Port Settings 0";
|
|
private const string ETHERNET_PORT_IPv6_INSTANCE_ID = "Intel(r) IPS IPv6 Settings 1";
|
|
private const string FW_VERSION_VALUE = "6.1.0";
|
|
|
|
public void InitiateWSManClient()
|
|
{
|
|
try
|
|
{
|
|
_wsmanConnection = new WsmanConnection();
|
|
_wsmanConnection.Options.ServerCertificateValidationCallback = new ServerCertificateValidationCallback(CertificateCallBack);
|
|
HostNameMismatch = false;
|
|
string address = Configuration.GetInstance().Basic.AmtHost;
|
|
if (Utilities.CheckAddressFormat(address) == Address.IPV6)
|
|
address = "[" + address + "]";
|
|
_wsmanConnection.Address = Configuration.GetInstance().Basic.TlsEnable == true
|
|
? "https://" + address + ":16993/wsman"
|
|
: "http://" + address + ":16992/wsman";
|
|
|
|
_wsmanConnection.Username = Configuration.GetInstance().Basic.AmtUsername;
|
|
|
|
// Convert password to secure string to comply with wsman dll which supports passwords in SecureString
|
|
// format only.
|
|
_wsmanConnection.Password = Configuration.GetInstance().Basic.AmtPassword;
|
|
|
|
_wsmanConnection.AuthenticationScheme = (Configuration.GetInstance().Basic.KerberosEnable) ? "Negotiate" : "Digest";
|
|
|
|
|
|
if (Configuration.GetInstance().Basic.CIRAEnable)
|
|
{
|
|
string proxyAddress = Configuration.GetInstance().Proxy.ProxyHostHttp;
|
|
if (Utilities.CheckAddressFormat(proxyAddress) == Address.IPV6)
|
|
proxyAddress = "[" + proxyAddress + "]";
|
|
_wsmanConnection.Options.ProxyAddress = "http://" + proxyAddress + ":" + Configuration.GetInstance().Proxy.ProxyPortHttp;
|
|
|
|
if (Configuration.GetInstance().Proxy.ProxyUsernameHttp != string.Empty &&
|
|
Configuration.GetInstance().Proxy.ProxyPasswordHttp.Length > 0)
|
|
{
|
|
_wsmanConnection.Options.ProxyUser = Configuration.GetInstance().Proxy.ProxyUsernameHttp;
|
|
|
|
// Convert password to secure string to comply with wsman dll which supports passwords in SecureString
|
|
// format only.
|
|
_wsmanConnection.Options.ProxyPassword = Configuration.GetInstance().Proxy.ProxyPasswordHttp;
|
|
}
|
|
}
|
|
_wsmanConnection.Options.ClientCertificate = !string.IsNullOrEmpty(Configuration.GetInstance().Certificate.PersonalCertificate) ? Utilities.getCertFromStore(Configuration.GetInstance().Certificate.PersonalCertificate)[0] : null;
|
|
}
|
|
catch (UriFormatException e1)
|
|
{
|
|
// ignore the Uri format exception, the exception
|
|
// will be catch in the update settings function
|
|
MessageBox.Show(e1.Message, "Invalid Host", MessageBoxButtons.OK, MessageBoxIcon.Error);
|
|
}
|
|
}
|
|
|
|
private static bool CertificateCallBack(X509Certificate certificate, SslPolicyErrors error)
|
|
{
|
|
// Ignore only HostName mismatch error.
|
|
if (error == SslPolicyErrors.RemoteCertificateNameMismatch)
|
|
{
|
|
HostNameMismatch = true;
|
|
CertificateSettings.GetInstance().ServerCertificate = new X509Certificate2(certificate);
|
|
return true;
|
|
}
|
|
// If certificate is self signed, ignore all errors
|
|
if (acceptSelfSignedCert && certificate.Subject.Equals(certificate.Issuer))
|
|
{
|
|
return true;
|
|
}
|
|
if (error == SslPolicyErrors.None)
|
|
{
|
|
CertificateSettings.GetInstance().ServerCertificate = new X509Certificate2(certificate);
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public bool CheckUserPriveleges()
|
|
{
|
|
// Getting the user privileges and check if the user has the
|
|
// required relams for running the tool.
|
|
if (BasicSettings.GetInstance().InitiateUserPrivileges() == UCTPermission.Other)
|
|
{
|
|
AMT_SW_GUI.MessageManager.ShowErrorMessage("In order to run this tool you must have one of the required privileges:\n" +
|
|
Permissions.ADMIN_SECURITY_ADMINISTRATION_REALM.ToString() + "\nOr - \n" +
|
|
Permissions.ADMIN_SECURITY_REMOTE_CONTROL_REALM.ToString() + " and " + Permissions.ADMIN_SECURITY_GENERAL_INFO_REALM.ToString() + "\nOr - \n" +
|
|
Permissions.ADMIN_SECURITY_SOLIDER_REALM.ToString() + " and " + Permissions.ADMIN_SECURITY_GENERAL_INFO_REALM.ToString() +
|
|
"\n\nNote that your current privileges are:" +
|
|
Configuration.BasicSettings.GetInstance().GetUserPermissions(),
|
|
"Permission Warning");
|
|
return false;
|
|
}
|
|
if (BasicSettings.GetInstance().InitiateUserPrivileges() == UCTPermission.RemoteControl || BasicSettings.GetInstance().InitiateUserPrivileges() == UCTPermission.Redirection)
|
|
{
|
|
AMT_SW_GUI.MessageManager.ShowWarningMessage("Some options are disabled. This is because the User Consent Tool is running under a user that does not have the required permissions in the Intel AMT device.",
|
|
"Permission Warning", MessageBoxButtons.OK);
|
|
}
|
|
return true;
|
|
}
|
|
|
|
public bool CheckHostBaseSupported()
|
|
{
|
|
// Checking if the tool support the AMT version.
|
|
// AMT version >= 6.1 support HBP. in order to check if HBP is supported on the given
|
|
// client we are checking the FW version using the CIM_SoftwareIdentity class to
|
|
// get the core version.
|
|
IManagedReference softwareIdentityRef = _wsmanConnection.NewReference("SELECT * FROM CIM_SoftwareIdentity WHERE InstanceID='" + FW_VERSION_INSTANCE_ID + "'");
|
|
IManagedInstance softwareIdentityObject = softwareIdentityRef.Get();
|
|
string versionString = softwareIdentityObject.GetProperty("VersionString").ToString();
|
|
if (Utilities.CompareVersions(versionString, FW_VERSION_VALUE) < 0)
|
|
{
|
|
throw new UCTException(Properties.Resources.ERROR_UNSUPPORTED_FEATURE);
|
|
}
|
|
|
|
// Enumerate the HBP service - if the enumeration context is empty - indicates
|
|
// that HBP is disable on the target system.
|
|
IManagedReference optInServiceRef = _wsmanConnection.NewReference("IPS_OptInService");
|
|
IWsmanEnumeration optInServiceCollection = optInServiceRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null);
|
|
if (!optInServiceCollection.HasNext) //There are no items.
|
|
{
|
|
throw new UCTException(Properties.Resources.ERROR_DISABLED_FEATURE);
|
|
}
|
|
return true;
|
|
}
|
|
|
|
public void GetConnectionInterface()
|
|
{
|
|
IManagedReference ethernetPortSettingsRef = _wsmanConnection.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='" + ETHERNET_PORT_INSTANCE_ID + "'");
|
|
IManagedInstance ethernetPortSettingsObject;
|
|
|
|
ethernetPortSettingsObject = ethernetPortSettingsRef.Get();
|
|
if (ethernetPortSettingsObject == null)
|
|
{
|
|
ethernetPortSettingsRef = _wsmanConnection.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='" + ETHERNET_PORT_INSTANCE_ID_WIRED + "'");
|
|
try
|
|
{
|
|
ethernetPortSettingsRef.Get();
|
|
_configuration.Interface.LinkInterface = LinkInterface.Wired;
|
|
}
|
|
catch (Exception)
|
|
{
|
|
throw new UCTException("Your platform currently does not have a wired or wireless network interface.\n Therefore, this tool cannot perform the user consent flow.");
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
_configuration.Interface.EthernetPortServiceEPR = ethernetPortSettingsRef;
|
|
|
|
//IWsmanEnumeration ethernetPortSettingsCollection = ethernetPortSettingsRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null);
|
|
|
|
//// Check if we have wireless interface
|
|
//if (!ethernetPortSettingsCollection.HasNext)
|
|
//{
|
|
// _configuration.Interface.LinkInterface = LinkInterface.Wired;
|
|
// return;
|
|
//}
|
|
//ethernetPortSettingsRef = ethernetPortSettingsCollection.Next().Object.ToReference("InstanceID");
|
|
//IManagedInstance ethernetPortSettingsObject = ethernetPortSettingsRef.Get();
|
|
//_configuration.Interface.EthernetPortServiceEPR = ethernetPortSettingsRef;
|
|
|
|
IPAddress adrr;
|
|
|
|
string ipAddress = "";
|
|
if (_wsmanConnection.Address.StartsWith("https"))
|
|
{
|
|
ipAddress = _wsmanConnection.Address.Substring(8, _wsmanConnection.Address.Length - 8);
|
|
}
|
|
else if (_wsmanConnection.Address.StartsWith("http"))
|
|
{
|
|
ipAddress = _wsmanConnection.Address.Substring(7, _wsmanConnection.Address.Length - 7);
|
|
}
|
|
|
|
if (ipAddress.Contains(":"))
|
|
{
|
|
int index = ipAddress.LastIndexOf(":");
|
|
ipAddress = ipAddress.Substring(0, index);
|
|
}
|
|
|
|
//The IP address is an IPv6 type
|
|
if (ipAddress.Contains("["))
|
|
{
|
|
ipAddress = ipAddress.Substring(1, ipAddress.Length - 2);
|
|
}
|
|
|
|
// If host name is specified - trying to get the ip
|
|
if (!IPAddress.TryParse(ipAddress, out adrr))
|
|
{
|
|
IPAddress[] addrs = Dns.GetHostAddresses(ipAddress);
|
|
if (addrs == null || addrs.Length == 0)
|
|
{
|
|
throw new UCTException(Properties.Resources.ERROR_UNRESOLVED_HOST_ENTRY);
|
|
}
|
|
else // Expecting one name
|
|
{
|
|
adrr = addrs[0];
|
|
}
|
|
}
|
|
|
|
// Check if the sample run over wireless
|
|
if (adrr.AddressFamily == AddressFamily.InterNetwork) //IPv4
|
|
{
|
|
if (ethernetPortSettingsObject.Xml.Contains("IPAddress"))
|
|
{
|
|
_configuration.Interface.LinkInterface = (String.Compare(ethernetPortSettingsObject.GetProperty("IPAddress").ToString(), adrr.ToString()) != 0) ?
|
|
LinkInterface.Wired : LinkInterface.Wireless;
|
|
}
|
|
else
|
|
_configuration.Interface.LinkInterface = LinkInterface.Wired;
|
|
}
|
|
else //IPv6
|
|
{
|
|
IManagedReference IPv6PortSettingsRef = _wsmanConnection.NewReference("SELECT * FROM IPS_IPv6PortSettings WHERE InstanceID='" + ETHERNET_PORT_IPv6_INSTANCE_ID + "'");
|
|
IWsmanEnumeration IPv6PortSettingsCollection = IPv6PortSettingsRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null);
|
|
IManagedInstance IPv6PortSettingsObject = IPv6PortSettingsCollection.Next().Object;
|
|
|
|
IWsmanItem CurrentAddressInfo = IPv6PortSettingsObject.GetProperty("CurrentAddressInfo");
|
|
string[] IPv6Addresses = new string[CurrentAddressInfo.Count];
|
|
|
|
for (int i = 0; i < CurrentAddressInfo.Count; i++)
|
|
IPv6Addresses[i] = CurrentAddressInfo.Item(i).ToString();
|
|
|
|
foreach (string address in IPv6Addresses)
|
|
{
|
|
if (String.Compare((address.Split(',')[0]).ToLower(), adrr.ToString().ToLower()) == 0)
|
|
{
|
|
_configuration.Interface.LinkInterface = LinkInterface.Wireless;
|
|
return;
|
|
}
|
|
}
|
|
_configuration.Interface.LinkInterface = LinkInterface.Wired;
|
|
}
|
|
}
|
|
|
|
public ConnectionStatus ScanAMTSystem()
|
|
{
|
|
|
|
// 1) Initiate WSMan Client
|
|
InitiateWSManClient();
|
|
|
|
// 2) Ensure the target system support HostBasedProvisioning
|
|
if (!CheckHostBaseSupported())
|
|
return ConnectionStatus.UnsupportedFeature;
|
|
|
|
// 3) Ensure the user has the required privileges
|
|
if (!CheckUserPriveleges())
|
|
return ConnectionStatus.MissingPermission;
|
|
|
|
// 4) Checking the connection interface
|
|
GetConnectionInterface();
|
|
if (_configuration.Interface.LinkInterface == LinkInterface.Wireless)
|
|
{
|
|
IManagedReference wiFiEndpointRef = _wsmanConnection.NewReference("SELECT * FROM CIM_WiFiEndpoint WHERE Name='WiFi Endpoint 0'");
|
|
IManagedInstance wiFiEndpointObject = wiFiEndpointRef.Get();
|
|
string LANID = wiFiEndpointObject.GetProperty("LANID").ToString();
|
|
if (!string.IsNullOrEmpty(LANID))
|
|
_configuration.Interface.LanID = LANID;
|
|
}
|
|
return ConnectionStatus.Connected;
|
|
}
|
|
|
|
#endregion
|
|
|
|
#region IDisposable Members
|
|
|
|
public void Dispose()
|
|
{
|
|
Dispose(true);
|
|
GC.SuppressFinalize(this);
|
|
}
|
|
|
|
private void Dispose(bool disposing)
|
|
{
|
|
if (disposing)
|
|
{
|
|
Basic.AmtPassword?.Dispose();
|
|
}
|
|
}
|
|
|
|
#endregion
|
|
}
|
|
}
|