mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-12 23:43:20 -05:00
More work on cross-domain admin.
This commit is contained in:
parent
7c91660cd2
commit
9f1953c7bc
61
meshctrl.js
61
meshctrl.js
@ -7,7 +7,7 @@ try { require('ws'); } catch (ex) { console.log('Missing module "ws", type "npm
|
||||
var settings = {};
|
||||
const crypto = require('crypto');
|
||||
const args = require('minimist')(process.argv.slice(2));
|
||||
const possibleCommands = ['listusers', 'listusersessions', 'listdevicegroups', 'listdevices', 'listusersofdevicegroup', 'serverinfo', 'userinfo', 'adduser', 'removeuser', 'adddevicegroup', 'removedevicegroup', 'broadcast', 'showevents', 'addusertodevicegroup', 'removeuserfromdevicegroup', 'addusertodevice', 'removeuserfromdevice', 'sendinviteemail', 'generateinvitelink', 'config', 'movetodevicegroup', 'deviceinfo'];
|
||||
const possibleCommands = ['listusers', 'listusersessions', 'listdevicegroups', 'listdevices', 'listusersofdevicegroup', 'serverinfo', 'userinfo', 'adduser', 'removeuser', 'adddevicegroup', 'removedevicegroup', 'broadcast', 'showevents', 'addusertodevicegroup', 'removeuserfromdevicegroup', 'addusertodevice', 'removeuserfromdevice', 'sendinviteemail', 'generateinvitelink', 'config', 'movetodevicegroup', 'deviceinfo', 'addusergroup', 'listusergroups', 'removeusergroup'];
|
||||
if (args.proxy != null) { try { require('https-proxy-agent'); } catch (ex) { console.log('Missing module "https-proxy-agent", type "npm install https-proxy-agent" to install it.'); return; } }
|
||||
|
||||
if (args['_'].length == 0) {
|
||||
@ -20,6 +20,7 @@ if (args['_'].length == 0) {
|
||||
console.log(" UserInfo - Show user information.");
|
||||
console.log(" ListUsers - List user accounts.");
|
||||
console.log(" ListUsersSessions - List online users.");
|
||||
console.log(" ListUserGroups - List user groups.");
|
||||
console.log(" ListDevices - List devices.");
|
||||
console.log(" ListDeviceGroups - List device groups.");
|
||||
console.log(" ListUsersOfDeviceGroup - List the users in a device group.");
|
||||
@ -27,6 +28,8 @@ if (args['_'].length == 0) {
|
||||
console.log(" Config - Perform operation on config.json file.");
|
||||
console.log(" AddUser - Create a new user account.");
|
||||
console.log(" RemoveUser - Delete a user account.");
|
||||
console.log(" AddUserGroup - Create a new user group.");
|
||||
console.log(" RemoveUserGroup - Delete a user group.");
|
||||
console.log(" AddDeviceGroup - Create a new device group.");
|
||||
console.log(" RemoveDeviceGroup - Delete a device group.");
|
||||
console.log(" MoveToDeviceGroup - Move a device to a different device group.");
|
||||
@ -45,7 +48,7 @@ if (args['_'].length == 0) {
|
||||
console.log(" --token [number] - 2nd factor authentication token.");
|
||||
console.log(" --loginkey [hex] - Server login key in hex.");
|
||||
console.log(" --loginkeyfile [file] - File containing server login key in hex.");
|
||||
console.log(" --domain [domainid] - Domain id, default is empty, only used with loginkey.");
|
||||
console.log(" --logindomain [domainid] - Domain id, default is empty, only used with loginkey.");
|
||||
console.log(" --proxy [http://proxy:1] - Specify an HTTP proxy.");
|
||||
return;
|
||||
} else {
|
||||
@ -60,6 +63,7 @@ if (args['_'].length == 0) {
|
||||
case 'userinfo': { ok = true; break; }
|
||||
case 'listusers': { ok = true; break; }
|
||||
case 'listusersessions': { ok = true; break; }
|
||||
case 'listusergroups': { ok = true; break; }
|
||||
case 'listdevicegroups': { ok = true; break; }
|
||||
case 'listdevices': { ok = true; break; }
|
||||
case 'listusersofdevicegroup': {
|
||||
@ -132,6 +136,16 @@ if (args['_'].length == 0) {
|
||||
else { ok = true; }
|
||||
break;
|
||||
}
|
||||
case 'addusergroup': {
|
||||
if (args.name == null) { console.log("New user group name missing, use --name [name]"); }
|
||||
else { ok = true; }
|
||||
break;
|
||||
}
|
||||
case 'removeusergroup': {
|
||||
if (args.groupid == null) { console.log("Remove user group id missing, use --groupid [id]"); }
|
||||
else { ok = true; }
|
||||
break;
|
||||
}
|
||||
case 'sendinviteemail': {
|
||||
if ((args.id == null) && (args.group == null)) { console.log("Device group identifier missing, use --id [groupid] or --group [groupname]"); }
|
||||
else if (args.email == null) { console.log("Device email is missing, use --email [email]"); }
|
||||
@ -211,6 +225,12 @@ if (args['_'].length == 0) {
|
||||
console.log(" MeshCtrl ListUserSessions --json");
|
||||
break;
|
||||
}
|
||||
case 'listusergroups': {
|
||||
console.log("List user groups on the MeshCentral server, Example usages:\r\n");
|
||||
console.log(" MeshCtrl ListUserGroups");
|
||||
console.log(" MeshCtrl ListUserGroups --json");
|
||||
break;
|
||||
}
|
||||
case 'listdevicegroups': {
|
||||
console.log("List the device groups for this account, Example usages:\r\n");
|
||||
console.log(" MeshCtrl ListDeviceGroups ");
|
||||
@ -260,6 +280,7 @@ if (args['_'].length == 0) {
|
||||
console.log(" --locked - This account will be locked.");
|
||||
console.log(" --nonewgroups - Account will not be allowed to create device groups.");
|
||||
console.log(" --notools - Account not see MeshCMD download links.");
|
||||
console.log(" --domain [domain] - Account domain, only for cross-domain admins.");
|
||||
break;
|
||||
}
|
||||
case 'removeuser': {
|
||||
@ -574,11 +595,11 @@ function serverConnect() {
|
||||
|
||||
if (ckey != null) {
|
||||
var domainid = '', username = 'admin';
|
||||
if (args.domain != null) { domainid = args.domain; }
|
||||
if (args.logindomain != null) { domainid = args.logindomain; }
|
||||
if (args.loginuser != null) { username = args.loginuser; }
|
||||
url += '?auth=' + encodeCookie({ userid: 'user/' + domainid + '/' + username, domainid: domainid }, ckey);
|
||||
} else {
|
||||
if (args.domain != null) { console.log("--domain can only be used along with --loginkey."); process.exit(); return; }
|
||||
if (args.logindomain != null) { console.log("--logindomain can only be used along with --loginkey."); process.exit(); return; }
|
||||
}
|
||||
|
||||
const ws = new WebSocket(url, options);
|
||||
@ -591,6 +612,7 @@ function serverConnect() {
|
||||
case 'userinfo': { break; }
|
||||
case 'listusers': { ws.send(JSON.stringify({ action: 'users' })); break; }
|
||||
case 'listusersessions': { ws.send(JSON.stringify({ action: 'wssessioncount' })); }
|
||||
case 'listusergroups': { ws.send(JSON.stringify({ action: 'usergroups' })); }
|
||||
case 'listdevicegroups': { ws.send(JSON.stringify({ action: 'meshes' })); break; }
|
||||
case 'listusersofdevicegroup': { ws.send(JSON.stringify({ action: 'meshes' })); break; }
|
||||
case 'listdevices': {
|
||||
@ -618,14 +640,28 @@ function serverConnect() {
|
||||
if (args.email) { op.email = args.email; if (args.emailverified) { op.emailVerified = true; } }
|
||||
if (args.resetpass) { op.resetNextLogin = true; }
|
||||
if (siteadmin != 0) { op.siteadmin = siteadmin; }
|
||||
if (args.domain) { op.domain = args.domain; }
|
||||
ws.send(JSON.stringify(op));
|
||||
break;
|
||||
}
|
||||
case 'removeuser': {
|
||||
var op = { action: 'deleteuser', userid: args.userid, responseid: 'meshctrl' };
|
||||
var userid = args.userid;
|
||||
if ((args.domain != null) && (userid.indexOf('/') < 0)) { userid = 'user/' + args.domain + '/' + userid; }
|
||||
ws.send(JSON.stringify({ action: 'deleteuser', userid: userid, responseid: 'meshctrl' }));
|
||||
break;
|
||||
}
|
||||
case 'addusergroup': {
|
||||
var op = { action: 'createusergroup', name: args.name, desc: args.desc, responseid: 'meshctrl' };
|
||||
if (args.domain) { op.domain = args.domain; }
|
||||
ws.send(JSON.stringify(op));
|
||||
break;
|
||||
}
|
||||
case 'removeusergroup': {
|
||||
var ugrpid = args.groupid;
|
||||
if ((args.domain != null) && (userid.indexOf('/') < 0)) { ugrpid = 'ugrp/' + args.domain + '/' + ugrpid; }
|
||||
ws.send(JSON.stringify({ action: 'deleteusergroup', ugrpid: ugrpid, responseid: 'meshctrl' }));
|
||||
break;
|
||||
}
|
||||
case 'adddevicegroup': {
|
||||
var op = { action: 'createmesh', meshname: args.name, meshtype: 2, responseid: 'meshctrl' };
|
||||
if (args.desc) { op.desc = args.desc; }
|
||||
@ -807,6 +843,8 @@ function serverConnect() {
|
||||
case 'removemeshuser': //
|
||||
case 'inviteAgent': //
|
||||
case 'adddeviceuser': //
|
||||
case 'createusergroup': //
|
||||
case 'deleteusergroup': //
|
||||
case 'userbroadcast': { // BROADCAST
|
||||
if (data.responseid == 'meshctrl') {
|
||||
if (data.meshid) { console.log(data.result, data.meshid); }
|
||||
@ -832,6 +870,19 @@ function serverConnect() {
|
||||
process.exit();
|
||||
break;
|
||||
}
|
||||
case 'usergroups': { // LIST USER GROUPS
|
||||
if (args.json) {
|
||||
console.log(JSON.stringify(data.ugroups, ' ', 2));
|
||||
} else {
|
||||
for (var i in data.ugroups) {
|
||||
var x = i + ', ' + data.ugroups[i].name;
|
||||
if (data.ugroups[i].desc && (data.ugroups[i].desc != '')) { x += ', ' + data.ugroups[i].desc; }
|
||||
console.log(x);
|
||||
}
|
||||
}
|
||||
process.exit();
|
||||
break;
|
||||
}
|
||||
case 'users': { // LISTUSERS
|
||||
if (args.filter) {
|
||||
// Filter the list of users
|
||||
|
30
meshuser.js
30
meshuser.js
@ -1398,7 +1398,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
if (parent.parent.multiServer == null) {
|
||||
// No peering, use simple session counting
|
||||
for (i in parent.wssessions) {
|
||||
if (parent.wssessions[i][0].domainid == domain.id) {
|
||||
if ((obj.crossDomain === true) || (parent.wssessions[i][0].domainid == domain.id)) {
|
||||
if ((user.groups == null) || (user.groups.length == 0)) {
|
||||
// No user groups, count everything
|
||||
wssessions[i] = parent.wssessions[i].length;
|
||||
@ -1414,7 +1414,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
} else {
|
||||
// We have peer servers, use more complex session counting
|
||||
for (i in parent.sessionsCount) {
|
||||
if (i.split('/')[1] == domain.id) {
|
||||
if ((obj.crossDomain === true) || (i.split('/')[1] == domain.id)) {
|
||||
if ((user.groups == null) || (user.groups.length == 0)) {
|
||||
// No user groups, count everything
|
||||
wssessions[i] = parent.sessionsCount[i];
|
||||
@ -1441,6 +1441,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
if ((user.siteadmin & 2) == 0) { err = 'Permission denied'; }
|
||||
else if (common.validateString(command.userid, 1, 2048) == false) { err = 'Invalid userid'; }
|
||||
else {
|
||||
if (command.userid.indexOf('/') < 0) { command.userid = 'user/' + domain.id + '/' + command.userid; }
|
||||
delusersplit = command.userid.split('/');
|
||||
deluserid = command.userid;
|
||||
deluser = parent.users[deluserid];
|
||||
@ -1950,19 +1951,32 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
case 'deleteusergroup':
|
||||
{
|
||||
if ((user.siteadmin & SITERIGHT_USERGROUPS) == 0) { return; }
|
||||
var err = null;
|
||||
|
||||
if ((user.siteadmin & SITERIGHT_USERGROUPS) == 0) { err = "Permission denied"; }
|
||||
|
||||
// Change the name or description of a user group
|
||||
if (common.validateString(command.ugrpid, 1, 1024) == false) break; // Check the user group id
|
||||
else if (common.validateString(command.ugrpid, 1, 1024) == false) { err = "Invalid group id"; } // Check the user group id
|
||||
else {
|
||||
var ugroupidsplit = command.ugrpid.split('/');
|
||||
if ((ugroupidsplit.length != 3) || (ugroupidsplit[0] != 'ugrp') || ((obj.crossDomain !== true) && (ugroupidsplit[1] != domain.id))) break;
|
||||
if ((ugroupidsplit.length != 3) || (ugroupidsplit[0] != 'ugrp') || ((obj.crossDomain !== true) && (ugroupidsplit[1] != domain.id))) { err = "Invalid domain id"; }
|
||||
}
|
||||
|
||||
// Get the domain
|
||||
var delGroupDomain = parent.parent.config.domains[ugroupidsplit[1]];
|
||||
if (delGroupDomain == null) break;
|
||||
if (delGroupDomain == null) { err = "Invalid domain id"; }
|
||||
|
||||
// Handle any errors
|
||||
if (err != null) {
|
||||
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deleteusergroup', responseid: command.responseid, result: err })); } catch (ex) { } }
|
||||
break;
|
||||
}
|
||||
|
||||
db.Get(command.ugrpid, function (err, groups) {
|
||||
if ((err != null) || (groups.length != 1)) return;
|
||||
if ((err != null) || (groups.length != 1)) {
|
||||
try { ws.send(JSON.stringify({ action: 'deleteusergroup', responseid: command.responseid, result: 'Unknown device group' })); } catch (ex) { }
|
||||
return;
|
||||
}
|
||||
var group = groups[0];
|
||||
|
||||
// Unlink any user and meshes that have a link to this group
|
||||
@ -2007,6 +2021,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
|
||||
// Log in the auth log
|
||||
if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' deleted user group ' + group.name); }
|
||||
|
||||
try { ws.send(JSON.stringify({ action: 'deleteusergroup', responseid: command.responseid, result: 'ok', ugrpid: group._id })); } catch (ex) { }
|
||||
});
|
||||
break;
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -2330,7 +2330,7 @@
|
||||
case 'accountcreate':
|
||||
case 'accountchange': {
|
||||
// An account was created or changed
|
||||
if (userinfo.name == message.event.account.name) {
|
||||
if (userinfo._id == message.event.account._id) {
|
||||
var newsiteadmin = message.event.account.siteadmin?message.event.account.siteadmin:0;
|
||||
var oldsiteadmin = userinfo.siteadmin?userinfo.siteadmin:0;
|
||||
if ((message.event.account.quota != userinfo.quota) || (((userinfo.siteadmin & 8) == 0) && ((message.event.account.siteadmin & 8) != 0))) { meshserver.send({ action: 'files' }); }
|
||||
@ -8923,7 +8923,6 @@
|
||||
}
|
||||
|
||||
function p20showAddMeshUserDialog(userid, selected) {
|
||||
console.log('p20showAddMeshUserDialog', userid, selected);
|
||||
if (xxdialogMode) return false;
|
||||
var x = '';
|
||||
if ((userid == null) || (userid == 5)) {
|
||||
@ -10664,13 +10663,16 @@
|
||||
|
||||
var x = '<div style=min-height:80px><table style=width:100%>';
|
||||
if ((args.hide & 8) != 0) { x += '<br />' + addDeviceAttribute("Name", gname); } // If title bar is hidden, display the user group name here
|
||||
if (serverinfo.crossDomain != null) {
|
||||
var d = group._id.split('/')[1];
|
||||
x += addDeviceAttribute("Domain", (d != '')?EscapeHtml(d):('<i>' + "Default" + '</i>'));
|
||||
x += addDeviceAttribute("Group Identifier", EscapeHtml(group._id));
|
||||
}
|
||||
if ((userinfo.siteadmin & 256) != 0) {
|
||||
x += addDeviceAttribute("Description", '<span onclick=p51editgroup(2) style=cursor:pointer>' + desc + ' <img class=hoverButton src="images/link5.png" /></span>');
|
||||
} else {
|
||||
x += addDeviceAttribute("Description", desc);
|
||||
}
|
||||
|
||||
if (serverinfo.crossDomain != null) { x += addDeviceAttribute("Group Identifier", group._id); }
|
||||
x += addDeviceAttribute("Users", usercount);
|
||||
x += addDeviceAttribute("Device Groups", meshcount);
|
||||
x += addDeviceAttribute("Devices", devicecount);
|
||||
@ -10939,7 +10941,7 @@
|
||||
if (user == null) { setDialogMode(0); go(4); return; }
|
||||
QH('p30userName', user.name);
|
||||
QH('p31userName', user.name);
|
||||
var self = (user.name == userinfo.name), activeSessions = 0;
|
||||
var self = (user._id == userinfo._id), activeSessions = 0;
|
||||
if (wssessions != null && wssessions[user._id]) { activeSessions = wssessions[user._id]; }
|
||||
|
||||
// Change user grayscale
|
||||
@ -10971,6 +10973,8 @@
|
||||
if (serverinfo.emailcheck) { everify = ((user.emailVerified == true) ? '<b style=color:green;cursor:pointer title="' + "Email is verified" + '">✓</b> ' : '<b style=color:red;cursor:pointer title="' + "Email not verified" + '">✗</b> '); }
|
||||
|
||||
if (serverinfo.crossDomain) {
|
||||
var d = user._id.split('/')[1];
|
||||
x += addDeviceAttribute("Domain", ((d != '')?EscapeHtml(d):('<i>' + "Default" + '</i>')));
|
||||
x += addDeviceAttribute("User Identifier", EscapeHtml(user._id));
|
||||
} else {
|
||||
if (user.name.toLowerCase() != user._id.split('/')[2]) { x += addDeviceAttribute("User Identifier", EscapeHtml(user._id.split('/')[2])); }
|
||||
|
Loading…
Reference in New Issue
Block a user