MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deny sspi and ldap password change

This commit is contained in:
Simon Smith 2023-09-20 19:24:30 +01:00 committed by GitHub
parent 04a71800fa
commit 545c029752
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
meshuser.js
View File

@ -1820,7 +1820,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// If this account is settings locked, return here. // If this account is settings locked, return here.
if ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1024) != 0)) return; if ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1024) != 0)) return;
// Do not allow change password if sspi or ldap
if ((domain.auth == 'sspi') || (domain.auth == 'ldap')) return;
// Change our own password // Change our own password
if (common.validateString(command.oldpass, 1, 256) == false) break; if (common.validateString(command.oldpass, 1, 256) == false) break;
if (common.validateString(command.newpass, 1, 256) == false) break; if (common.validateString(command.newpass, 1, 256) == false) break;