From 89c152027f96c7f81d2a13190a485bb0bafe1b39 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Thu, 23 Jun 2022 12:23:03 -0700 Subject: [PATCH] Intel AMT power actions permissions improvements, #4159 --- meshuser.js | 5 +++-- views/default-mobile.handlebars | 38 ++++++--------------------------- views/default.handlebars | 9 +++++--- 3 files changed, 15 insertions(+), 37 deletions(-) diff --git a/meshuser.js b/meshuser.js index 30b27364..135e9e0a 100644 --- a/meshuser.js +++ b/meshuser.js @@ -2867,8 +2867,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use if ((command.actiontype == 400) && common.validateInt(command.time, 1, 30000)) { routeCommandToNode({ action: 'msg', type: 'console', nodeid: node._id, value: 'flash ' + command.time }, MESHRIGHT_ADMIN, 0); } if ((command.actiontype == 401) && common.validateInt(command.time, 1, 30000)) { routeCommandToNode({ action: 'msg', type: 'console', nodeid: node._id, value: 'vibrate ' + command.time }, MESHRIGHT_ADMIN, 0); } } else { - // Check we have the rights to delete this device - if ((rights & MESHRIGHT_RESETOFF) == 0) return; + // Check we have the rights to perform this operation + if ((command.actiontype == 302) && ((rights & MESHRIGHT_WAKEDEVICE) == 0)) return; // This is a Intel AMT power on operation, check if we have WAKE rights + if ((command.actiontype != 302) && ((rights & MESHRIGHT_RESETOFF) == 0)) return; // For all other operations, check that we have RESET/OFF rights // If this device is connected on MQTT, send a power action. if ((parent.parent.mqttbroker != null) && (command.actiontype >= 0) && (command.actiontype <= 4)) { parent.parent.mqttbroker.publish(node._id, 'powerAction', ['', '', 'poweroff', 'reset', 'sleep'][command.actiontype]); } diff --git a/views/default-mobile.handlebars b/views/default-mobile.handlebars index e49ffe2d..57f05ef2 100644 --- a/views/default-mobile.handlebars +++ b/views/default-mobile.handlebars @@ -3541,7 +3541,7 @@ x += '
'; // Show action button, only show if we have permissions 4, 8, 64 - if (((meshrights & (4 + 8 + 64)) != 0) && (node.mtype < 3)) { x += ''; } + if (((meshrights & (4 + 8 + 64 + 262144)) != 0) && (node.mtype < 3)) { x += ''; } x += ''; //if ((connectivity & 1) && (meshrights & 8) && (node.agent.id < 5)) { x += ''; } @@ -3676,35 +3676,6 @@ if (currentDevicePanel == 1) { deskAdjust(); } } - /* - function deviceActionFunction() { - if (xxdialogMode) return; - var rights = GetNodeRights(currentNode), count = 0; - var x = "Select an operation to perform on this device." + '

'; - var y = ''; - x += addHtmlValue("Operation", y); - if (count == 0) { x = "No actions currently available for this device."; } - setDialogMode(2, "Device Action", (count == 0) ? 1 : 3, deviceActionFunctionEx, x); - } - - function deviceActionFunctionEx() { - var op = Q('d2deviceop').value; - if (op == 100) { - // Device wake - meshserver.send({ action: 'wakedevices', nodeids: [currentNode._id] }); - } else { - // Power operation - meshserver.send({ action: 'poweraction', nodeids: [currentNode._id], actiontype: op }); - } - } - */ - function deviceActionFunction() { if (xxdialogMode) return; var rights = GetNodeRights(currentNode), count = 0; @@ -3723,12 +3694,15 @@ //if (((currentNode.conn & 1) != 0) && ((rights & 131072) != 0)) { count++; y += ''; } // Remote command permission if ((currentNode.conn != 0) && ((rights & 262144) != 0)) { count++; y += ''; } //if ((currentNode.conn & 16) != 0) { count++; y += ''; } - if ((currentNode.intelamt != null) && (currentNode.intelamt.state == 2) && ((currentNode.conn & 6) != 0) && (rights == 0xFFFFFFFF)) { + if ((currentNode.intelamt != null) && (currentNode.intelamt.state == 2) && ((currentNode.conn & 6) != 0) && ((rights & 262144) != 0)) { count++; y += ''; - y += ''; y += ''; } + if ((currentNode.intelamt != null) && (currentNode.intelamt.state == 2) && ((currentNode.conn & 6) != 0) && ((rights & 64) != 0)) { + count++; + y += ''; + } //if ((getNodeAmtVersion(currentNode) >= 15) && (currentNode.intelamt.state == 2) && ((currentNode.conn & 6) != 0) && (rights == 0xFFFFFFFF) && ((features & 0x00000400) == 0)) { count++; y += ''; } // CIRA (2) or AMT (4) connected //if (((currentNode.conn & 1) != 0) && ((rights & 32768) != 0)) { count++; y += ''; } } diff --git a/views/default.handlebars b/views/default.handlebars index 1a250ce7..4a685ffe 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -7072,7 +7072,7 @@ x += '
'; // Show action button, only show if we have permissions 4, 8, 64 - if (((meshrights & (4 + 8 + 64)) != 0) && (node.mtype < 3) && ((node.agent == null) || (node.agent.id != 34))) { x += ''; } + if (((meshrights & (4 + 8 + 64 + 262144)) != 0) && (node.mtype < 3) && ((node.agent == null) || (node.agent.id != 34))) { x += ''; } x += ''; x += ''; if (node.mtype != 4) { @@ -7766,12 +7766,15 @@ if (((currentNode.conn & 1) != 0) && ((rights & 131072) != 0)) { count++; y += ''; } // Remote command permission if ((currentNode.conn != 0) && ((rights & 262144) != 0)) { count++; y += ''; } if ((currentNode.conn & 16) != 0) { count++; y += ''; } - if ((currentNode.intelamt != null) && (currentNode.intelamt.state == 2) && ((currentNode.conn & 6) != 0) && (rights == 0xFFFFFFFF)) { + if ((currentNode.intelamt != null) && (currentNode.intelamt.state == 2) && ((currentNode.conn & 6) != 0) && ((rights & 262144) != 0)) { count++; y += ''; - y += ''; y += ''; } + if ((currentNode.intelamt != null) && (currentNode.intelamt.state == 2) && ((currentNode.conn & 6) != 0) && ((rights & 64) != 0)) { + count++; + y += ''; + } if ((getNodeAmtVersion(currentNode) >= 15) && (currentNode.intelamt.state == 2) && ((currentNode.conn & 6) != 0) && (rights == 0xFFFFFFFF) && ((features & 0x00000400) == 0)) { count++; y += ''; } // CIRA (2) or AMT (4) connected if (((currentNode.conn & 1) != 0) && ((rights & 32768) != 0)) { count++; y += ''; } }