MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-01-23 20:53:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added more input validation to --resetaccount and --adminaccount.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2020-03-23 13:32:08 -07:00
parent 9fd65509f8
commit 069da0d9a8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
meshcentral.js
View File

@ -608,7 +608,7 @@ function CreateMeshCentralServer(config, args) {
if (obj.args.recordencryptionrecode) { obj.db.performRecordEncryptionRecode(function (count) { console.log('Re-encoded ' + count + ' record(s).'); process.exit(); }); return; } if (obj.args.recordencryptionrecode) { obj.db.performRecordEncryptionRecode(function (count) { console.log('Re-encoded ' + count + ' record(s).'); process.exit(); }); return; }
if (obj.args.dbstats) { obj.db.getDbStats(function (stats) { console.log(stats); process.exit(); }); return; } if (obj.args.dbstats) { obj.db.getDbStats(function (stats) { console.log(stats); process.exit(); }); return; }
if (obj.args.resetaccount) { if (obj.args.resetaccount) {
if (obj.args.pass == null) { console.log('Usage: --resetaccount [userid] --pass [password].'); process.exit(); return; } if ((obj.args.pass == null) || (obj.args.pass == '') || (obj.args.resetaccount.startsWith('user/') == false)) { console.log('Usage: --resetaccount [userid] --pass [password].'); process.exit(); return; }
obj.db.Get(obj.args.resetaccount, function (err, docs) { obj.db.Get(obj.args.resetaccount, function (err, docs) {
if ((err != null) || (docs == null) || (docs.length == 0)) { console.log('Unknown userid, usage: --resetaccount [userid] --pass [password].'); process.exit(); return; } if ((err != null) || (docs == null) || (docs.length == 0)) { console.log('Unknown userid, usage: --resetaccount [userid] --pass [password].'); process.exit(); return; }
var user = docs[0]; if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { user.siteadmin -= 32; } // Unlock the account. var user = docs[0]; if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { user.siteadmin -= 32; } // Unlock the account.
@ -617,7 +617,7 @@ function CreateMeshCentralServer(config, args) {
}); });
return; return;
} }
if (obj.args.adminaccount) { if (obj.args.adminaccount || (obj.args.resetaccount.startsWith('user/') == false)) {
obj.db.Get(obj.args.adminaccount, function (err, docs) { obj.db.Get(obj.args.adminaccount, function (err, docs) {
if ((err != null) || (docs == null) || (docs.length == 0)) { console.log('Unknown userid, usage: --adminaccount [userid].'); process.exit(); return; } if ((err != null) || (docs == null) || (docs.length == 0)) { console.log('Unknown userid, usage: --adminaccount [userid].'); process.exit(); return; }
docs[0].siteadmin = 0xFFFFFFFF; // Set user as site administrator docs[0].siteadmin = 0xFFFFFFFF; // Set user as site administrator