mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-25 14:45:52 -05:00
LDAP fixes.
This commit is contained in:
parent
48d554a05d
commit
ba3503ebe0
@ -558,6 +558,7 @@ function CreateMeshCentralServer(config, args) {
|
|||||||
process.exit();
|
process.exit();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if ((obj.config.domains[i].auth == 'ldap') || (obj.config.domains[i].auth == 'sspi')) { obj.config.domains[i].newaccounts = 0; } // No new accounts allowed in SSPI/LDAP authentication modes.
|
||||||
}
|
}
|
||||||
|
|
||||||
// Log passed arguments into Windows Service Log
|
// Log passed arguments into Windows Service Log
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "meshcentral",
|
"name": "meshcentral",
|
||||||
"version": "0.3.2-i",
|
"version": "0.3.2-k",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"Remote Management",
|
"Remote Management",
|
||||||
"Intel AMT",
|
"Intel AMT",
|
||||||
|
84
webserver.js
84
webserver.js
@ -219,36 +219,64 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
if (!module.parent) console.log('authenticating %s:%s:%s', domain.id, name, pass);
|
if (!module.parent) console.log('authenticating %s:%s:%s', domain.id, name, pass);
|
||||||
|
|
||||||
if (domain.auth == 'ldap') {
|
if (domain.auth == 'ldap') {
|
||||||
// LDAP login
|
if (domain.ldapoptions.url == 'test') {
|
||||||
var LdapAuth = require('ldapauth-fork');
|
// Fake LDAP login
|
||||||
var ldap = new LdapAuth(domain.ldapoptions);
|
var xxuser = domain.ldapoptions[name.toLowerCase()];
|
||||||
ldap.authenticate(name, pass, function (err, xxuser) {
|
if (xxuser == null) {
|
||||||
try { ldap.close(); } catch (ex) { console.log(ex); } // Close the LDAP object
|
fn(new Error('invalid password'));
|
||||||
if (err) { fn(new Error('invalid password')); return; }
|
return;
|
||||||
if (xxuser.objectSid == null) { fn(new Error('no objectSid')); return; }
|
|
||||||
var userid = 'user/' + domain.id + '/' + Buffer.from(xxuser.objectSid, 'binary').toString('hex').toLowerCase();
|
|
||||||
var user = obj.users[userid];
|
|
||||||
if (user == null) {
|
|
||||||
// This user does not exist, create a new account.
|
|
||||||
var name = null;
|
|
||||||
if (xxuser.displayName) { name = xxuser.displayName; }
|
|
||||||
else if (xxuser.name) { name = xxuser.name; }
|
|
||||||
else if (xxuser.cn) { name = xxuser.cn; }
|
|
||||||
if (name == null) { fn(new Error('no user name')); return; }
|
|
||||||
var user = { type: 'user', _id: userid, name: name, creation: Math.floor(Date.now() / 1000), login: Math.floor(Date.now() / 1000), domain: domain.id };
|
|
||||||
var usercount = 0;
|
|
||||||
for (var i in obj.users) { if (obj.users[i].domain == domain.id) { usercount++; } }
|
|
||||||
if (usercount == 0) { user.siteadmin = 0xFFFFFFFF; if (domain.newaccounts === 2) { domain.newaccounts = 0; } } // If this is the first user, give the account site admin.
|
|
||||||
obj.users[user._id] = user;
|
|
||||||
obj.db.SetUser(user);
|
|
||||||
obj.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', username: user.name, account: obj.CloneSafeUser(user), action: 'accountcreate', msg: 'Account created, name is ' + name, domain: domain.id });
|
|
||||||
return fn(null, user._id);
|
|
||||||
} else {
|
} else {
|
||||||
// This is an existing user
|
var shortname = null;
|
||||||
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
|
if (xxuser.name) { shortname = xxuser.name; }
|
||||||
return fn(null, user._id);
|
else if (xxuser.cn) { shortname = xxuser.cn; }
|
||||||
|
if (shortname == null) { fn(new Error('no short name')); return; }
|
||||||
|
var userid = 'user/' + domain.id + '/' + shortname;
|
||||||
|
var user = obj.users[userid];
|
||||||
|
if (user == null) {
|
||||||
|
var user = { type: 'user', _id: userid, name: shortname, creation: Math.floor(Date.now() / 1000), login: Math.floor(Date.now() / 1000), domain: domain.id };
|
||||||
|
var usercount = 0;
|
||||||
|
for (var i in obj.users) { if (obj.users[i].domain == domain.id) { usercount++; } }
|
||||||
|
if (usercount == 0) { user.siteadmin = 0xFFFFFFFF; if (domain.newaccounts === 2) { domain.newaccounts = 0; } } // If this is the first user, give the account site admin.
|
||||||
|
obj.users[user._id] = user;
|
||||||
|
obj.db.SetUser(user);
|
||||||
|
obj.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', username: user.name, account: obj.CloneSafeUser(user), action: 'accountcreate', msg: 'Account created, name is ' + name, domain: domain.id });
|
||||||
|
return fn(null, user._id);
|
||||||
|
} else {
|
||||||
|
// This is an existing user
|
||||||
|
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
|
||||||
|
return fn(null, user._id);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
});
|
} else {
|
||||||
|
// LDAP login
|
||||||
|
var LdapAuth = require('ldapauth-fork');
|
||||||
|
var ldap = new LdapAuth(domain.ldapoptions);
|
||||||
|
ldap.authenticate(name, pass, function (err, xxuser) {
|
||||||
|
try { ldap.close(); } catch (ex) { console.log(ex); } // Close the LDAP object
|
||||||
|
if (err) { fn(new Error('invalid password')); return; }
|
||||||
|
var shortname = null;
|
||||||
|
if (xxuser.name) { shortname = xxuser.name; }
|
||||||
|
else if (xxuser.cn) { shortname = xxuser.cn; }
|
||||||
|
if (shortname == null) { fn(new Error('no short name')); return; }
|
||||||
|
var userid = 'user/' + domain.id + '/' + shortname;
|
||||||
|
var user = obj.users[userid];
|
||||||
|
if (user == null) {
|
||||||
|
// This user does not exist, create a new account.
|
||||||
|
var user = { type: 'user', _id: userid, name: shortname, creation: Math.floor(Date.now() / 1000), login: Math.floor(Date.now() / 1000), domain: domain.id };
|
||||||
|
var usercount = 0;
|
||||||
|
for (var i in obj.users) { if (obj.users[i].domain == domain.id) { usercount++; } }
|
||||||
|
if (usercount == 0) { user.siteadmin = 0xFFFFFFFF; if (domain.newaccounts === 2) { domain.newaccounts = 0; } } // If this is the first user, give the account site admin.
|
||||||
|
obj.users[user._id] = user;
|
||||||
|
obj.db.SetUser(user);
|
||||||
|
obj.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', username: user.name, account: obj.CloneSafeUser(user), action: 'accountcreate', msg: 'Account created, name is ' + name, domain: domain.id });
|
||||||
|
return fn(null, user._id);
|
||||||
|
} else {
|
||||||
|
// This is an existing user
|
||||||
|
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
|
||||||
|
return fn(null, user._id);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
// Regular login
|
// Regular login
|
||||||
var user = obj.users['user/' + domain.id + '/' + name.toLowerCase()];
|
var user = obj.users['user/' + domain.id + '/' + name.toLowerCase()];
|
||||||
|
Loading…
Reference in New Issue
Block a user