Tools not allowed to connect when account twas notools site rights, #2726
This commit is contained in:
parent
8f1ce3eb5e
commit
26f289aba7
Binary file not shown.
66
webserver.js
66
webserver.js
|
@ -86,22 +86,42 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
obj.renderLanguages = [];
|
||||
|
||||
// Mesh Rights
|
||||
const MESHRIGHT_EDITMESH = 1;
|
||||
const MESHRIGHT_MANAGEUSERS = 2;
|
||||
const MESHRIGHT_MANAGECOMPUTERS = 4;
|
||||
const MESHRIGHT_REMOTECONTROL = 8;
|
||||
const MESHRIGHT_AGENTCONSOLE = 16;
|
||||
const MESHRIGHT_SERVERFILES = 32;
|
||||
const MESHRIGHT_WAKEDEVICE = 64;
|
||||
const MESHRIGHT_SETNOTES = 128;
|
||||
const MESHRIGHT_EDITMESH = 0x00000001;
|
||||
const MESHRIGHT_MANAGEUSERS = 0x00000002;
|
||||
const MESHRIGHT_MANAGECOMPUTERS = 0x00000004;
|
||||
const MESHRIGHT_REMOTECONTROL = 0x00000008;
|
||||
const MESHRIGHT_AGENTCONSOLE = 0x00000010;
|
||||
const MESHRIGHT_SERVERFILES = 0x00000020;
|
||||
const MESHRIGHT_WAKEDEVICE = 0x00000040;
|
||||
const MESHRIGHT_SETNOTES = 0x00000080;
|
||||
const MESHRIGHT_REMOTEVIEWONLY = 0x00000100;
|
||||
const MESHRIGHT_NOTERMINAL = 0x00000200;
|
||||
const MESHRIGHT_NOFILES = 0x00000400;
|
||||
const MESHRIGHT_NOAMT = 0x00000800;
|
||||
const MESHRIGHT_DESKLIMITEDINPUT = 0x00001000;
|
||||
const MESHRIGHT_LIMITEVENTS = 0x00002000;
|
||||
const MESHRIGHT_CHATNOTIFY = 0x00004000;
|
||||
const MESHRIGHT_UNINSTALL = 0x00008000;
|
||||
const MESHRIGHT_NODESKTOP = 0x00010000;
|
||||
const MESHRIGHT_REMOTECOMMAND = 0x00020000;
|
||||
const MESHRIGHT_RESETOFF = 0x00040000;
|
||||
const MESHRIGHT_GUESTSHARING = 0x00080000;
|
||||
const MESHRIGHT_ADMIN = 0xFFFFFFFF;
|
||||
|
||||
// Site rights
|
||||
const SITERIGHT_SERVERBACKUP = 1;
|
||||
const SITERIGHT_MANAGEUSERS = 2;
|
||||
const SITERIGHT_SERVERRESTORE = 4;
|
||||
const SITERIGHT_FILEACCESS = 8;
|
||||
const SITERIGHT_SERVERUPDATE = 16;
|
||||
const SITERIGHT_LOCKED = 32;
|
||||
// Site rights
|
||||
const SITERIGHT_SERVERBACKUP = 0x00000001;
|
||||
const SITERIGHT_MANAGEUSERS = 0x00000002;
|
||||
const SITERIGHT_SERVERRESTORE = 0x00000004;
|
||||
const SITERIGHT_FILEACCESS = 0x00000008;
|
||||
const SITERIGHT_SERVERUPDATE = 0x00000010;
|
||||
const SITERIGHT_LOCKED = 0x00000020;
|
||||
const SITERIGHT_NONEWGROUPS = 0x00000040;
|
||||
const SITERIGHT_NOMESHCMD = 0x00000080;
|
||||
const SITERIGHT_USERGROUPS = 0x00000100;
|
||||
const SITERIGHT_RECORDINGS = 0x00000200;
|
||||
const SITERIGHT_LOCKSETTINGS = 0x00000400;
|
||||
const SITERIGHT_ALLEVENTS = 0x00000800;
|
||||
const SITERIGHT_ADMIN = 0xFFFFFFFF;
|
||||
|
||||
// Setup SSPI authentication if needed
|
||||
if ((obj.parent.platform == 'win32') && (obj.args.nousers != true) && (obj.parent.config != null) && (obj.parent.config.domains != null)) {
|
||||
|
@ -6233,6 +6253,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
// A user/pass is provided in URL arguments
|
||||
obj.authenticate(req.query.user, req.query.pass, domain, function (err, userid, passhint, loginOptions) {
|
||||
|
||||
// Check if user as the "notools" site right. If so, deny this connection as tools are not allowed to connect.
|
||||
if ((user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & SITERIGHT_NOMESHCMD)) {
|
||||
// No tools allowed, close the websocket connection
|
||||
parent.debug('web', 'ERR: Websocket no tools allowed');
|
||||
try { ws.send(JSON.stringify({ action: 'close', cause: 'notools', msg: 'notools' })); ws.close(); } catch (e) { }
|
||||
return;
|
||||
}
|
||||
|
||||
// See if we support two-factor trusted cookies
|
||||
var twoFactorCookieDays = 30;
|
||||
if (typeof domain.twofactorcookiedurationdays == 'number') { twoFactorCookieDays = domain.twofactorcookiedurationdays; }
|
||||
|
@ -6349,6 +6377,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
obj.authenticate(s[0], s[1], domain, function (err, userid, passhint, loginOptions) {
|
||||
var user = obj.users[userid];
|
||||
if ((err == null) && (user)) {
|
||||
// Check if user as the "notools" site right. If so, deny this connection as tools are not allowed to connect.
|
||||
if ((user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & SITERIGHT_NOMESHCMD)) {
|
||||
// No tools allowed, close the websocket connection
|
||||
parent.debug('web', 'ERR: Websocket no tools allowed');
|
||||
try { ws.send(JSON.stringify({ action: 'close', cause: 'notools', msg: 'notools' })); ws.close(); } catch (e) { }
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if a 2nd factor is needed
|
||||
if (checkUserOneTimePasswordRequired(domain, user, req, loginOptions) == true) {
|
||||
|
||||
|
|
Loading…
Reference in New Issue