mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 06:05:53 -05:00
Server hardening, user alerts and user permission checking.
This commit is contained in:
parent
50002f5f60
commit
3c1797a016
@ -20,7 +20,7 @@ module.exports.IntToStrX = function(v) { return String.fromCharCode(v & 0xFF, (v
|
||||
module.exports.MakeToArray = function(v) { if (!v || v == null || typeof v == 'object') return v; return [v]; }
|
||||
module.exports.SplitArray = function(v) { return v.split(','); }
|
||||
module.exports.Clone = function(v) { return JSON.parse(JSON.stringify(v)); }
|
||||
module.exports.IsFilenameValid = (function () { var x1 = /^[^\\/:\*\?"<>\|]+$/, x2 = /^\./, x3 = /^(nul|prn|con|lpt[0-9]|com[0-9])(\.|$)/i; return function isFilenameValid(fname) { return x1.test(fname) && !x2.test(fname) && !x3.test(fname) && (fname[0] != '.'); } })();
|
||||
module.exports.IsFilenameValid = (function () { var x1 = /^[^\\/:\*\?"<>\|]+$/, x2 = /^\./, x3 = /^(nul|prn|con|lpt[0-9]|com[0-9])(\.|$)/i; return function isFilenameValid(fname) { return module.exports.validateString(fname, 1, 4096) && x1.test(fname) && !x2.test(fname) && !x3.test(fname) && (fname[0] != '.'); } })();
|
||||
|
||||
// Move an element from one position in an array to a new position
|
||||
module.exports.ArrayElementMove = function(arr, from, to) { arr.splice(to, 0, arr.splice(from, 1)[0]); };
|
||||
@ -126,3 +126,9 @@ module.exports.objKeysToLower = function (obj) {
|
||||
}
|
||||
return obj;
|
||||
}
|
||||
|
||||
// Validation methods
|
||||
module.exports.validateString = function(str, minlen, maxlen) { return ((str != null) && (typeof str == 'string') && ((minlen == null) || (str.length >= minlen)) && ((maxlen == null) || (str.length <= maxlen))); }
|
||||
module.exports.validateInt = function(int, minval, maxval) { return ((int != null) && (typeof int == 'number') && ((minval == null) || (int >= minval)) && ((maxval == null) || (int <= maxval))); }
|
||||
module.exports.validateArray = function(array, minlen, maxlen) { return ((array != null) && Array.isArray(array) && ((minlen == null) || (array.length >= minlen)) && ((maxlen == null) || (array.length <= maxlen))); }
|
||||
module.exports.validateObject = function(obj) { return ((obj != null) && (typeof obj == 'object')); }
|
||||
|
140
meshuser.js
140
meshuser.js
@ -28,7 +28,17 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
}
|
||||
|
||||
// Convert a mesh path array into a real path on the server side
|
||||
function meshPathToRealPath(meshpath) {
|
||||
function meshPathToRealPath(meshpath, user) {
|
||||
if (obj.common.validateArray(meshpath, 1) == false) return null;
|
||||
var splitid = meshpath[0].split('/');
|
||||
if (splitid[0] == 'user') {
|
||||
// Check user access
|
||||
if (meshpath[0] != user._id) return null; // Only allow own user folder
|
||||
} else if (splitid[0] == 'mesh') {
|
||||
// Check mesh access
|
||||
var meshrights = user.links[meshpath[0]];
|
||||
if ((meshrights == null) || ((meshrights & 32) == 0)) return null; // This user must have mesh rights to "server files"
|
||||
} else return null;
|
||||
var rootfolder = meshpath[0], rootfoldersplit = rootfolder.split('/'), domainx = 'domain';
|
||||
if (rootfoldersplit[1].length > 0) domainx = 'domain-' + rootfoldersplit[1];
|
||||
var path = obj.parent.path.join(obj.parent.filespath, domainx, rootfoldersplit[0] + "-" + rootfoldersplit[2]);
|
||||
@ -94,8 +104,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
|
||||
// When data is received from the web socket
|
||||
ws.on('message', function (msg) {
|
||||
var user = obj.parent.users[req.session.userid];
|
||||
var command = JSON.parse(msg.toString('utf8'))
|
||||
var command, user = obj.parent.users[req.session.userid];
|
||||
try { command = JSON.parse(msg.toString('utf8')); } catch (e) { return; }
|
||||
if ((user == null) || (obj.common.validateString(command.action, 3, 32) == false)) return; // User must be set and action must be a string between 3 and 32 chars
|
||||
|
||||
switch (command.action) {
|
||||
case 'meshes':
|
||||
{
|
||||
@ -114,6 +126,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
} else {
|
||||
// Request list of all nodes for one specific meshid
|
||||
var meshid = command.meshid;
|
||||
if (obj.common.validateString(meshid, 0, 128) == false) return;
|
||||
if (meshid.split('/').length == 0) { meshid = 'mesh/' + domain.id + '/' + command.meshid; }
|
||||
if (user.links[meshid] != null) { links.push(meshid); }
|
||||
}
|
||||
@ -149,6 +162,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
{
|
||||
// Query the database for the power timeline for a given node
|
||||
// The result is a compacted array: [ startPowerState, startTimeUTC, powerState ] + many[ deltaTime, powerState ]
|
||||
if (obj.common.validateString(command.nodeid, 0, 128) == false) return;
|
||||
obj.db.getPowerTimeline(command.nodeid, function (err, docs) {
|
||||
if (err == null && docs.length > 0) {
|
||||
var timeline = [], time = null, previousPower;
|
||||
@ -204,16 +218,16 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
// Check permissions
|
||||
if ((user.siteadmin & 8) != 0) {
|
||||
// Perform a file operation (Create Folder, Delete Folder, Delete File...)
|
||||
if ((command.path != null) && (typeof command.path == 'object') && command.path.length > 0) {
|
||||
var sendUpdate = true;
|
||||
var path = meshPathToRealPath(command.path); // TODO: Check mesh rights!!!!!
|
||||
if (obj.common.validateString(command.fileop, 4, 16) == false) return;
|
||||
var sendUpdate = true, path = meshPathToRealPath(command.path, user); // This will also check access rights
|
||||
if (path == null) break;
|
||||
|
||||
if ((command.fileop == 'createfolder') && (obj.common.IsFilenameValid(command.newfolder) == true)) { try { obj.fs.mkdirSync(path + "/" + command.newfolder); } catch (e) { } } // Create a new folder
|
||||
else if (command.fileop == 'delete') { for (var i in command.delfiles) { if (obj.common.IsFilenameValid(command.delfiles[i]) == true) { var fullpath = path + "/" + command.delfiles[i]; try { obj.fs.rmdirSync(fullpath); } catch (e) { try { obj.fs.unlinkSync(fullpath); } catch (e) { } } } } } // Delete
|
||||
else if (command.fileop == 'delete') { if (obj.common.validateArray(command.delfiles, 1) == false) return; for (var i in command.delfiles) { if (obj.common.IsFilenameValid(command.delfiles[i]) == true) { var fullpath = path + "/" + command.delfiles[i]; try { obj.fs.rmdirSync(fullpath); } catch (e) { try { obj.fs.unlinkSync(fullpath); } catch (e) { } } } } } // Delete
|
||||
else if ((command.fileop == 'rename') && (obj.common.IsFilenameValid(command.oldname) == true) && (obj.common.IsFilenameValid(command.newname) == true)) { try { obj.fs.renameSync(path + "/" + command.oldname, path + "/" + command.newname); } catch (e) { } } // Rename
|
||||
else if ((command.fileop == 'copy') || (command.fileop == 'move')) {
|
||||
var scpath = meshPathToRealPath(command.scpath); // TODO: Check mesh rights!!!!!
|
||||
if (obj.common.validateArray(command.names, 1) == false) return;
|
||||
var scpath = meshPathToRealPath(command.scpath, user); // This will also check access rights
|
||||
if (scpath == null) break;
|
||||
// TODO: Check quota if this is a copy!!!!!!!!!!!!!!!!
|
||||
for (var i in command.names) {
|
||||
@ -225,14 +239,13 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
|
||||
if (sendUpdate == true) { obj.parent.parent.DispatchEvent([user._id], obj, 'updatefiles'); } // Fire an event causing this user to update this files
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'msg':
|
||||
{
|
||||
// Route a message.
|
||||
// This this command has a nodeid, that is the target.
|
||||
if (command.nodeid != null) {
|
||||
if (obj.common.validateString(command.nodeid, 8, 128) == false) return;
|
||||
var splitnodeid = command.nodeid.split('/');
|
||||
// Check that we are in the same domain and the user has rights over this node.
|
||||
if ((splitnodeid[0] == 'node') && (splitnodeid[1] == domain.id)) {
|
||||
@ -261,7 +274,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'events':
|
||||
@ -307,7 +319,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
case 'changeemail':
|
||||
{
|
||||
// Change the email address
|
||||
if ((command.email != null) && (typeof command.email == 'string') && (command.email.length < 1024)) {
|
||||
if (obj.common.validateString(command.email, 3, 1024) == false) return;
|
||||
var x = command.email.split('@');
|
||||
if ((x.length == 2) && (x[0].length > 0) && (x[1].split('.').length > 1) && (x[1].length > 2)) {
|
||||
if (obj.parent.users[req.session.userid].email != command.email) {
|
||||
@ -337,13 +349,12 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'verifyemail':
|
||||
{
|
||||
// Send a account email verification email
|
||||
if ((command.email != null) && (typeof command.email == 'string') && (command.email.length < 1024)) {
|
||||
if (obj.common.validateString(command.email, 3, 1024) == false) return;
|
||||
var x = command.email.split('@');
|
||||
if ((x.length == 2) && (x[0].length > 0) && (x[1].split('.').length > 1) && (x[1].length > 2)) {
|
||||
if (obj.parent.users[req.session.userid].email == command.email) {
|
||||
@ -353,7 +364,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'wssessioncount':
|
||||
@ -363,10 +373,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
if ((user.siteadmin & 2) == 0) break;
|
||||
if (obj.parent.parent.multiServer == null) {
|
||||
// No peering, use simple session counting
|
||||
for (var i in obj.wssessions) { if (obj.wssessions[i][0].domainid == domain.id) { wssessions[i] = obj.wssessions[i].length; } }
|
||||
for (var i in obj.parent.wssessions) { if (obj.parent.wssessions[i][0].domainid == domain.id) { wssessions[i] = obj.parent.wssessions[i].length; } }
|
||||
} else {
|
||||
// We have peer servers, use more complex session counting
|
||||
for (var userid in obj.sessionsCount) { if (userid.split('/')[1] == domain.id) { wssessions[userid] = obj.sessionsCount[userid]; } }
|
||||
for (var userid in obj.parent.sessionsCount) { if (userid.split('/')[1] == domain.id) { wssessions[userid] = obj.parent.sessionsCount[userid]; } }
|
||||
}
|
||||
ws.send(JSON.stringify({ action: 'wssessioncount', wssessions: wssessions, tag: command.tag })); // wssessions is: userid --> count
|
||||
break;
|
||||
@ -375,9 +385,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
{
|
||||
// Delete a user account
|
||||
if ((user.siteadmin & 2) == 0) break;
|
||||
var delusername = command.username, deluserid = command.userid, deluser = obj.parent.users[deluserid];
|
||||
if (obj.common.validateString(command.userid, 1, 2048) == false) break;
|
||||
var delusersplit = command.userid.split('/'), deluserid = command.userid, deluser = obj.parent.users[deluserid];
|
||||
if ((deluser == null) || (delusersplit.length != 3) || (delusersplit[1] != domain.id)) break; // Invalid domain, operation only valid for current domain
|
||||
if ((deluser.siteadmin != null) && (deluser.siteadmin > 0) && (user.siteadmin != 0xFFFFFFFF)) break; // Need full admin to remote another administrator
|
||||
if ((deluserid.split('/').length != 3) || (deluserid.split('/')[1] != domain.id)) break; // Invalid domain, operation only valid for current domain
|
||||
|
||||
// Delete all files on the server for this account
|
||||
try {
|
||||
@ -387,7 +398,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
|
||||
obj.db.Remove(deluserid);
|
||||
delete obj.parent.users[deluserid];
|
||||
obj.parent.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', userid: deluserid, username: delusername, action: 'accountremove', msg: 'Account removed', domain: domain.id })
|
||||
obj.parent.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', userid: deluserid, username: deluser.name, action: 'accountremove', msg: 'Account removed', domain: domain.id })
|
||||
obj.parent.parent.DispatchEvent([deluserid], obj, 'close');
|
||||
|
||||
break;
|
||||
@ -396,10 +407,13 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
{
|
||||
// Add a new user account
|
||||
if ((user.siteadmin & 2) == 0) break;
|
||||
if (obj.common.validateString(command.username, 1, 64) == false) break; // Username is between 1 and 64 characters
|
||||
if (obj.common.validateString(command.pass, 1, 256) == false) break; // Password is between 1 and 256 characters
|
||||
var newusername = command.username, newuserid = 'user/' + domain.id + '/' + command.username.toLowerCase();
|
||||
if (newusername == '~') break; // This is a reserved user name
|
||||
if (!obj.parent.users[newuserid]) {
|
||||
var newuser = { type: 'user', _id: newuserid, name: newusername, email: command.email, creation: Date.now(), domain: domain.id };
|
||||
var newuser = { type: 'user', _id: newuserid, name: newusername, creation: Date.now(), domain: domain.id };
|
||||
if (obj.common.validateString(command.email, 1, 256) == true) { newuser.email = command.email; } // Email is between 1 and 256 characters
|
||||
obj.parent.users[newuserid] = newuser;
|
||||
// Create a user, generate a salt and hash the password
|
||||
require('./pass').hash(command.pass, function (err, salt, hash) {
|
||||
@ -422,9 +436,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
if (((user.siteadmin & 2) != 0) || (user.name == command.name)) {
|
||||
var chguserid = 'user/' + domain.id + '/' + command.name.toLowerCase(), chguser = obj.parent.users[chguserid], change = 0;
|
||||
if (chguser) {
|
||||
if (command.email && chguser.email != command.email) { chguser.email = command.email; change = 1; }
|
||||
if (command.quota != chguser.quota) { chguser.quota = command.quota; if (chguser.quota == null) { delete chguser.quota; } change = 1; }
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (command.siteadmin != null) && (chguser.siteadmin != command.siteadmin)) { chguser.siteadmin = command.siteadmin; change = 1 }
|
||||
if (obj.common.validateString(command.email, 1, 256) && (chguser.email != command.email)) { chguser.email = command.email; change = 1; }
|
||||
if (obj.common.validateInt(command.quota, 0) && (command.quota != chguser.quota)) { chguser.quota = command.quota; if (chguser.quota == null) { delete chguser.quota; } change = 1; }
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && obj.common.validateInt(command.siteadmin) && (chguser.siteadmin != command.siteadmin)) { chguser.siteadmin = command.siteadmin; change = 1 }
|
||||
if (change == 1) {
|
||||
obj.db.SetUser(chguser);
|
||||
obj.parent.parent.DispatchEvent([chguser._id], obj, 'resubscribe');
|
||||
@ -442,6 +456,24 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'notifyuser':
|
||||
{
|
||||
// Send a notification message to a user
|
||||
if ((user.siteadmin & 2) == 0) break;
|
||||
if (obj.common.validateString(command.userid, 1, 64) == false) break; // Meshname is between 1 and 64 characters
|
||||
if (obj.common.validateString(command.msg, 1, 4096) == false) break;
|
||||
|
||||
// Create the notification message
|
||||
var notification = { "action": "msg", "type": "notify", "value": "<b>" + user.name + "</b>: " + EscapeHtml(command.msg), "userid": user._id, "username": user.name };
|
||||
|
||||
// Get the list of sessions for this user
|
||||
var sessions = obj.parent.wssessions[command.userid];
|
||||
if (sessions != null) { for (var i in sessions) { sessions[i].send(JSON.stringify(notification)); } }
|
||||
|
||||
if (obj.parent.parent.multiServer != null) {
|
||||
// TODO: Add multi-server support
|
||||
}
|
||||
}
|
||||
case 'serverversion':
|
||||
{
|
||||
// Check the server version
|
||||
@ -459,7 +491,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
case 'createmesh':
|
||||
{
|
||||
// Create mesh
|
||||
// TODO: Right now, we only create type 1 Agent-less Intel AMT mesh, or type 2 Agent mesh
|
||||
if (obj.common.validateString(command.meshname, 1, 64) == false) break; // Meshname is between 1 and 64 characters
|
||||
if (obj.common.validateString(command.desc, 0, 1024) == false) break; // Mesh description is between 0 and 1024 characters
|
||||
|
||||
// We only create Agent-less Intel AMT mesh (Type1), or Agent mesh (Type2)
|
||||
if ((command.meshtype == 1) || (command.meshtype == 2)) {
|
||||
// Create a type 1 agent-less Intel AMT mesh.
|
||||
obj.parent.crypto.randomBytes(48, function (err, buf) {
|
||||
@ -482,6 +517,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
case 'deletemesh':
|
||||
{
|
||||
// Delete a mesh and all computers within it
|
||||
if (obj.common.validateString(command.meshid, 1, 1024) == false) break; // Check the meshid
|
||||
obj.db.Get(command.meshid, function (err, meshes) {
|
||||
if (meshes.length != 1) return;
|
||||
var mesh = meshes[0];
|
||||
@ -519,20 +555,25 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
case 'editmesh':
|
||||
{
|
||||
// Change the name or description of a mesh
|
||||
if (obj.common.validateString(command.meshid, 1, 1024) == false) break; // Check the meshid
|
||||
var mesh = obj.parent.meshes[command.meshid], change = '';
|
||||
if (mesh) {
|
||||
// Check if this user has rights to do this
|
||||
if (mesh.links[user._id] == null || ((mesh.links[user._id].rights & 1) == 0)) return;
|
||||
if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
|
||||
|
||||
if (command.meshname && command.meshname != '' && command.meshname != mesh.name) { change = 'Mesh name changed from "' + mesh.name + '" to "' + command.meshname + '"'; mesh.name = command.meshname; }
|
||||
if (command.desc != null && command.desc != mesh.desc) { if (change != '') change += ' and description changed'; else change += 'Mesh "' + mesh.name + '" description changed'; mesh.desc = command.desc; }
|
||||
if ((obj.common.validateString(command.meshname, 1, 64) == true) && (command.meshname != mesh.name)) { change = 'Mesh name changed from "' + mesh.name + '" to "' + command.meshname + '"'; mesh.name = command.meshname; }
|
||||
if ((obj.common.validateString(command.desc, 1, 1024) == true) && (command.desc != mesh.desc)) { if (change != '') change += ' and description changed'; else change += 'Mesh "' + mesh.name + '" description changed'; mesh.desc = command.desc; }
|
||||
if (change != '') { obj.db.Set(mesh); obj.parent.parent.DispatchEvent(['*', mesh._id, user._id], obj, { etype: 'mesh', username: user.name, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id }) }
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'addmeshuser':
|
||||
{
|
||||
if (obj.common.validateString(command.meshid, 1, 1024) == false) break; // Check the meshid
|
||||
if (obj.common.validateString(command.username, 1, 64) == false) break; // Username is between 1 and 64 characters
|
||||
if (obj.common.validateInt(command.meshadmin) == false) break; // Mesh rights must be an integer
|
||||
|
||||
// Check if the user exists
|
||||
var newuserid = 'user/' + domain.id + '/' + command.username.toLowerCase(), newuser = obj.parent.users[newuserid];
|
||||
if (newuser == null) {
|
||||
@ -554,17 +595,19 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
obj.parent.parent.DispatchEvent([newuser._id], obj, 'resubscribe');
|
||||
|
||||
// Add a user to the mesh
|
||||
mesh.links[newuserid] = { name: command.username, rights: command.meshadmin };
|
||||
mesh.links[newuserid] = { name: newuser.name, rights: command.meshadmin };
|
||||
obj.db.Set(mesh);
|
||||
|
||||
// Notify mesh change
|
||||
var change = 'Added user ' + command.username + ' to mesh ' + mesh.name;
|
||||
obj.parent.parent.DispatchEvent(['*', mesh._id, user._id, newuserid], obj, { etype: 'mesh', username: user.name, userid: command.userid, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id })
|
||||
var change = 'Added user ' + newuser.name + ' to mesh ' + mesh.name;
|
||||
obj.parent.parent.DispatchEvent(['*', mesh._id, user._id, newuserid], obj, { etype: 'mesh', username: newuser.name, userid: command.userid, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id })
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'removemeshuser':
|
||||
{
|
||||
if (obj.common.validateString(command.userid, 1, 1024) == false) break; // Check userid
|
||||
if (obj.common.validateString(command.meshid, 1, 1024) == false) break; // Check meshid
|
||||
if ((command.userid.split('/').length != 3) || (command.userid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
|
||||
|
||||
// Check if the user exists
|
||||
@ -597,15 +640,20 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
|
||||
// Notify mesh change
|
||||
var change = 'Removed user ' + deluser.name + ' from mesh ' + mesh.name;
|
||||
obj.parent.parent.DispatchEvent(['*', mesh._id, user._id, command.userid], obj, { etype: 'mesh', username: user.name, userid: command.userid, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id })
|
||||
obj.parent.parent.DispatchEvent(['*', mesh._id, user._id, command.userid], obj, { etype: 'mesh', username: user.name, userid: deluser.name, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id })
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'addamtdevice':
|
||||
{
|
||||
if (obj.args.wanonly == true) return; // This is a WAN-only server, local Intel AMT computers can't be added
|
||||
|
||||
if (obj.common.validateString(command.meshid, 1, 1024) == false) break; // Check meshid
|
||||
if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
|
||||
if (obj.common.validateString(command.devicename, 1, 256) == false) break; // Check device name
|
||||
if (obj.common.validateString(command.hostname, 1, 256) == false) break; // Check hostname
|
||||
if (obj.common.validateString(command.amtusername, 1, 16) == false) break; // Check username
|
||||
if (obj.common.validateString(command.amtpassword, 1, 16) == false) break; // Check password
|
||||
if (obj.common.validateInt(command.amttls, 0, 1) == false) break; // Check TLS flag
|
||||
|
||||
// Get the mesh
|
||||
var mesh = obj.parent.meshes[command.meshid];
|
||||
@ -634,6 +682,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
case 'scanamtdevice':
|
||||
{
|
||||
if (obj.args.wanonly == true) return; // This is a WAN-only server, this type of scanning is not allowed.
|
||||
if (obj.common.validateString(command.range, 1, 256) == false) break; // Check range string
|
||||
|
||||
// Ask the RMCP scanning to scan a range of IP addresses
|
||||
if (obj.parent.parent.amtScanner) {
|
||||
@ -645,8 +694,11 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
}
|
||||
case 'removedevices':
|
||||
{
|
||||
if (obj.common.validateArray(command.nodeids, 1) == false) break; // Check nodeid's
|
||||
|
||||
for (var i in command.nodeids) {
|
||||
var nodeid = command.nodeids[i];
|
||||
if (obj.common.validateString(nodeid, 1, 1024) == false) break; // Check nodeid
|
||||
if ((nodeid.split('/').length != 3) || (nodeid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
|
||||
|
||||
// Get the device
|
||||
@ -669,10 +721,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
obj.parent.parent.DispatchEvent(['*', node.meshid], obj, { etype: 'node', username: user.name, action: 'removenode', nodeid: node._id, msg: change, domain: domain.id })
|
||||
|
||||
// Disconnect all connections if needed
|
||||
var state = obj.parent.parent.GetConnectivityState(command.nodeid);
|
||||
var state = obj.parent.parent.GetConnectivityState(nodeid);
|
||||
if ((state != null) && (state.connectivity != null)) {
|
||||
if ((state.connectivity & 1) != 0) { obj.parent.wsagents[command.nodeid].close(); } // Disconnect mesh agent
|
||||
if ((state.connectivity & 2) != 0) { obj.parent.parent.mpsserver.close(obj.parent.parent.mpsserver.ciraConnections[command.nodeid]); } // Disconnect CIRA connection
|
||||
if ((state.connectivity & 1) != 0) { obj.parent.wsagents[nodeid].close(); } // Disconnect mesh agent
|
||||
if ((state.connectivity & 2) != 0) { obj.parent.parent.mpsserver.close(obj.parent.parent.mpsserver.ciraConnections[nodeid]); } // Disconnect CIRA connection
|
||||
}
|
||||
}
|
||||
});
|
||||
@ -682,12 +734,13 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
}
|
||||
case 'wakedevices':
|
||||
{
|
||||
// TODO: INPUT VALIDATION!!!
|
||||
if (obj.common.validateArray(command.nodeids, 1) == false) break; // Check nodeid's
|
||||
// TODO: We can optimize this a lot.
|
||||
// - We should get a full list of all MAC's to wake first.
|
||||
// - We should try to only have one agent per subnet (using Gateway MAC) send a wake-on-lan.
|
||||
for (var i in command.nodeids) {
|
||||
var nodeid = command.nodeids[i], wakeActions = 0;
|
||||
if (obj.common.validateString(nodeid, 1, 1024) == false) break; // Check nodeid
|
||||
if ((nodeid.split('/').length == 3) && (nodeid.split('/')[1] == domain.id)) { // Validate the domain, operation only valid for current domain
|
||||
// Get the device
|
||||
obj.db.Get(nodeid, function (err, nodes) {
|
||||
@ -739,9 +792,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
}
|
||||
case 'poweraction':
|
||||
{
|
||||
// TODO: INPUT VALIDATION!!!
|
||||
if (obj.common.validateArray(command.nodeids, 1) == false) break; // Check nodeid's
|
||||
for (var i in command.nodeids) {
|
||||
var nodeid = command.nodeids[i], powerActions = 0;
|
||||
if (obj.common.validateString(nodeid, 1, 1024) == false) break; // Check nodeid
|
||||
if ((nodeid.split('/').length == 3) && (nodeid.split('/')[1] == domain.id)) { // Validate the domain, operation only valid for current domain
|
||||
// Get the device
|
||||
obj.db.Get(nodeid, function (err, nodes) {
|
||||
@ -774,7 +828,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
case 'getnetworkinfo':
|
||||
{
|
||||
// Argument validation
|
||||
if ((command.nodeid == null) || (typeof command.nodeid != 'string') || (command.nodeid.split('/').length != 3) || (command.nodeid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
|
||||
if (obj.common.validateString(command.nodeid, 1, 1024) == false) break; // Check nodeid
|
||||
if ((command.nodeid.split('/').length != 3) || (command.nodeid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
|
||||
|
||||
// Get the device
|
||||
obj.db.Get(command.nodeid, function (err, nodes) {
|
||||
@ -800,7 +855,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
case 'changedevice':
|
||||
{
|
||||
// Argument validation
|
||||
if ((command.nodeid == null) || (typeof command.nodeid != 'string') || (command.nodeid.split('/').length != 3) || (command.nodeid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
|
||||
if (obj.common.validateString(command.nodeid, 1, 1024) == false) break; // Check nodeid
|
||||
if ((command.nodeid.split('/').length != 3) || (command.nodeid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
|
||||
if ((command.userloc) && (command.userloc.length != 2) && (command.userloc.length != 0)) return;
|
||||
|
||||
// Change the device
|
||||
@ -857,7 +913,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
case 'uploadagentcore':
|
||||
{
|
||||
if (user.siteadmin != 0xFFFFFFFF) break;
|
||||
if (obj.common.validateString(command.nodeid, 1, 1024) == false) break; // Check nodeid
|
||||
if (command.path) {
|
||||
if (obj.common.validateString(command.path, 1, 4096) == false) break; // Check path
|
||||
if (command.path == '*') {
|
||||
// Update the server default core and send a core hash request
|
||||
// Load default mesh agent core if present, then perform a core update
|
||||
@ -883,6 +941,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
case 'agentdisconnect':
|
||||
{
|
||||
// Force mesh agent disconnection
|
||||
if (obj.common.validateString(command.nodeid, 1, 1024) == false) break; // Check nodeid
|
||||
if (obj.common.validateInt(command.disconnectMode) == false) break; // Check disconnect mode
|
||||
obj.parent.forceMeshAgentDisconnect(user, domain, command.nodeid, command.disconnectMode);
|
||||
break;
|
||||
}
|
||||
@ -896,6 +956,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
case 'getcookie':
|
||||
{
|
||||
// Check if this user has rights on this nodeid
|
||||
if (obj.common.validateString(command.nodeid, 1, 1024) == false) break; // Check nodeid
|
||||
obj.db.Get(command.nodeid, function (err, nodes) { // TODO: Make a NodeRights(user) method that also does not do a db call if agent is connected (???)
|
||||
if (nodes.length == 1) {
|
||||
var meshlinks = user.links[nodes[0].meshid];
|
||||
@ -916,6 +977,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
||||
{
|
||||
if ((obj.parent.parent.mailserver == null) || (obj.args.lanonly == true)) return; // This operation requires the email server
|
||||
if ((obj.parent.parent.certificates.CommonName == null) || (obj.parent.parent.certificates.CommonName == 'un-configured')) return; // Server name must be configured
|
||||
if (obj.common.validateString(command.meshid, 1, 1024) == false) break; // Check meshid
|
||||
if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) return; // Invalid domain, operation only valid for current domain
|
||||
|
||||
// Get the mesh
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.1.5-w",
|
||||
"version": "0.1.5-y",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
@ -4197,7 +4197,7 @@
|
||||
function account_createMesh() {
|
||||
if (xxdialogMode) return;
|
||||
var x = "Create a new mesh computer group using the options below.<br /><br />";
|
||||
x += addHtmlValue('Mesh Name', '<input id=dp2meshname style=width:230px maxlength=32 onchange=account_validateMeshCreate() onkeyup=account_validateMeshCreate() />');
|
||||
x += addHtmlValue('Mesh Name', '<input id=dp2meshname style=width:230px maxlength=64 onchange=account_validateMeshCreate() onkeyup=account_validateMeshCreate() />');
|
||||
x += addHtmlValue('Mesh Type', '<div style=width:230px;margin:0;padding:0><select id=dp2meshtype style=width:100% onchange=account_validateMeshCreate() ><option value=2>Mesh Agent Policy</option><option value=1>Intel® AMT Agent-less Policy</option></select></div>');
|
||||
x += addHtmlValue('Description', '<div style=width:230px;margin:0;padding:0><textarea id=dp2meshdesc maxlength=1024 style=width:100%;resize:none></textarea></div>');
|
||||
setDialogMode(2, "Create Mesh", 3, account_createMeshEx, x);
|
||||
@ -4747,15 +4747,24 @@
|
||||
function updateUsers() {
|
||||
QV('MainMenuMyUsers', (users != null) && ((features & 4) == 0));
|
||||
if ((users == null) || ((features & 4) != 0)) { QH('p3users', ''); return; }
|
||||
|
||||
// Sort the list of user id's
|
||||
var sortedUserIds = [];
|
||||
for (var i in users) { sortedUserIds.push(i); }
|
||||
sortedUserIds.sort();
|
||||
|
||||
// Display the users using the sorted list
|
||||
var x = '<table style=width:100% cellpadding=0 cellspacing=0>';
|
||||
for (var i in users) {
|
||||
var user = users[i], icon = 'm2', msg = '';
|
||||
for (var i in sortedUserIds) {
|
||||
var user = users[sortedUserIds[i]], icon = 'm2', msg = '', self = (user.name != userinfo.name);
|
||||
if (wssessions != null && wssessions[user._id]) {
|
||||
if (self) { msg += "<a onclick=showUserAlertDialog(event,\"" + user._id + "\")>"; }
|
||||
var sessions = wssessions[user._id];
|
||||
if (sessions == 1) { msg = '1 active session'; } else { msg = sessions + ' active sessions'; }
|
||||
if (sessions == 1) { msg += '1 active session'; } else { msg += sessions + ' active sessions'; }
|
||||
if (self) { msg += "</a>"; }
|
||||
}
|
||||
if (msg != '') msg += ', ';
|
||||
if (user.name != userinfo.name) { msg += "<a onclick=showUserAdminDialog(event,\"" + user._id + "\")>"; }
|
||||
if (self) { msg += "<a onclick=showUserAdminDialog(event,\"" + user._id + "\")>"; }
|
||||
if ((user.siteadmin == null) || (user.siteadmin == 0)) {
|
||||
msg += "User";
|
||||
} else if (user.siteadmin == 8) {
|
||||
@ -4766,7 +4775,7 @@
|
||||
msg += "Partial Admin";
|
||||
}
|
||||
if ((user.quota != null) && ((user.siteadmin & 8) != 0)) { msg += ", " + (user.quota / 1024) + " k"; }
|
||||
if (user.name != userinfo.name) { msg += "</a>"; }
|
||||
if (self) { msg += "</a>"; }
|
||||
var username = EscapeHtml(user.name);
|
||||
if (user.email != null) { username += ', <a onclick=doemail(event,\"' + user.email + '\")>' + user.email + '</a>' + (((serverinfo.emailcheck == true) && (user.emailVerified != true))?' (unverified)':''); }
|
||||
x += '<tr><td style=cursor:pointer onclick=showUserInfoDialog(\"' + user._id + '\")>';
|
||||
@ -4779,6 +4788,16 @@
|
||||
QH('p3users', x);
|
||||
}
|
||||
|
||||
function showUserAlertDialog(e, userid) {
|
||||
if (xxdialogMode) return;
|
||||
haltEvent(e);
|
||||
setDialogMode(2, "Notify " + EscapeHtml(users[userid].name), 3, showUserAlertDialogEx, 'Send a text notification to this user.<textarea id=d2notifyText maxlength=2048 style="width:100%;height:184px;resize:none"></textarea>', userid);
|
||||
Q('d2notifyText').focus();
|
||||
return false;
|
||||
}
|
||||
|
||||
function showUserAlertDialogEx(button, userid) { meshserver.send({ action: 'notifyuser', userid: userid, msg: Q('d2notifyText').value }); }
|
||||
|
||||
function doemail(e, addr) {
|
||||
if (xxdialogMode) return;
|
||||
haltEvent(e);
|
||||
@ -4807,10 +4826,10 @@
|
||||
function showCreateNewAccountDialog() {
|
||||
if (xxdialogMode) return;
|
||||
var x = '';
|
||||
x += addHtmlValue('Name', '<input id=p4name style=width:230px maxlength=32 onchange=showCreateNewAccountDialogValidate() onkeyup=showCreateNewAccountDialogValidate() />');
|
||||
x += addHtmlValue('Email', '<input id=p4email style=width:230px maxlength=64 onchange=showCreateNewAccountDialogValidate() onkeyup=showCreateNewAccountDialogValidate() />');
|
||||
x += addHtmlValue('Password', '<input id=p4pass1 type=password style=width:230px maxlength=64 onchange=showCreateNewAccountDialogValidate() onkeyup=showCreateNewAccountDialogValidate() />');
|
||||
x += addHtmlValue('Password', '<input id=p4pass2 type=password style=width:230px maxlength=64 onchange=showCreateNewAccountDialogValidate() onkeyup=showCreateNewAccountDialogValidate() />');
|
||||
x += addHtmlValue('Name', '<input id=p4name style=width:230px maxlength=64 onchange=showCreateNewAccountDialogValidate() onkeyup=showCreateNewAccountDialogValidate() />');
|
||||
x += addHtmlValue('Email', '<input id=p4email style=width:230px maxlength=256 onchange=showCreateNewAccountDialogValidate() onkeyup=showCreateNewAccountDialogValidate() />');
|
||||
x += addHtmlValue('Password', '<input id=p4pass1 type=password style=width:230px maxlength=256 onchange=showCreateNewAccountDialogValidate() onkeyup=showCreateNewAccountDialogValidate() />');
|
||||
x += addHtmlValue('Password', '<input id=p4pass2 type=password style=width:230px maxlength=256 onchange=showCreateNewAccountDialogValidate() onkeyup=showCreateNewAccountDialogValidate() />');
|
||||
setDialogMode(2, "Create Account", 3, showCreateNewAccountDialogEx, x);
|
||||
showCreateNewAccountDialogValidate();
|
||||
Q('p4name').focus();
|
||||
|
@ -42,11 +42,11 @@
|
||||
<table>
|
||||
<tr>
|
||||
<td align=right width=100>Username:</td>
|
||||
<td><input id=username type=text name=username onchange=validateLogin(1) onkeyup=validateLogin(1,event) /></td>
|
||||
<td><input id=username type=text maxlength=64 name=username onchange=validateLogin(1) onkeyup=validateLogin(1,event) /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align=right>Password:</td>
|
||||
<td><input id=password type=password name=password autocomplete=off onchange=validateLogin(2) onkeyup=validateLogin(2,event) /></td>
|
||||
<td><input id=password type=password maxlength=256 name=password autocomplete=off onchange=validateLogin(2) onkeyup=validateLogin(2,event) /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><div id=showPassHintLink style=display:none><a onclick=showPassHint() style="cursor:pointer">Show Hint</a></div></td>
|
||||
@ -73,27 +73,27 @@
|
||||
<table>
|
||||
<tr>
|
||||
<td align=right width=100>Username:</td>
|
||||
<td><input id=ausername type=text name=username onchange=validateCreate(1) onkeydown=haltReturn(event) onkeyup=validateCreate(1,event) /></td>
|
||||
<td><input id=ausername type=text name=username onchange=validateCreate(1) maxlength=64 onkeydown=haltReturn(event) onkeyup=validateCreate(1,event) /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align=right width=100>Email:</td>
|
||||
<td><input id=aemail type=text name=email onchange=validateCreate(2) onkeydown=haltReturn(event) onkeyup=validateCreate(2,event) /></td>
|
||||
<td><input id=aemail type=text name=email onchange=validateCreate(2) maxlength=256 onkeydown=haltReturn(event) onkeyup=validateCreate(2,event) /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align=right>Password:</td>
|
||||
<td><input id=apassword1 type=password name=password1 autocomplete=off onkeydown=haltReturn(event) onchange=validateCreate(3) onkeyup=validateCreate(3,event) /></td>
|
||||
<td><input id=apassword1 type=password name=password1 autocomplete=off maxlength=256 onkeydown=haltReturn(event) onchange=validateCreate(3) onkeyup=validateCreate(3,event) /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align=right>Password:</td>
|
||||
<td><input id=apassword2 type=password name=password2 autocomplete=off onkeydown=haltReturn(event) onchange=validateCreate(4) onkeyup=validateCreate(4,event) /></td>
|
||||
<td><input id=apassword2 type=password name=password2 autocomplete=off maxlength=256 onkeydown=haltReturn(event) onchange=validateCreate(4) onkeyup=validateCreate(4,event) /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align=right>Password Hint:</td>
|
||||
<td><input id=apasswordhint type=text name=apasswordhint autocomplete=off maxlength=250 onkeydown=haltReturn(event) onchange=validateCreate(5) onkeyup=validateCreate(5,event) /></td>
|
||||
<td><input id=apasswordhint type=text name=apasswordhint autocomplete=off maxlength=256 onkeydown=haltReturn(event) onchange=validateCreate(5) onkeyup=validateCreate(5,event) /></td>
|
||||
</tr>
|
||||
<tr id=newAccountPass title="Enter the account creation token">
|
||||
<td align=right>Creation Token:</td>
|
||||
<td><input id=anewaccountpass type=password name=anewaccountpass autocomplete=off maxlength=250 onkeydown=haltReturn(event) onchange=validateCreate(6) onkeyup=validateCreate(6,event) /></td>
|
||||
<td><input id=anewaccountpass type=password name=anewaccountpass autocomplete=off maxlength=256 onkeydown=haltReturn(event) onchange=validateCreate(6) onkeyup=validateCreate(6,event) /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan=2>
|
||||
@ -116,7 +116,7 @@
|
||||
<table>
|
||||
<tr>
|
||||
<td align=right width=100>Email:</td>
|
||||
<td><input id=remail type=text name=email onchange=validateReset() onkeyup=validateReset(event) /></td>
|
||||
<td><input id=remail type=text name=email maxlength=256 onchange=validateReset() onkeyup=validateReset(event) /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan=2>
|
||||
|
Loading…
Reference in New Issue
Block a user