From bc948328cb50c8da1ceb209e5e8fe72d7c98e808 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Sat, 28 Aug 2021 09:51:03 -0700 Subject: [PATCH] Added more user permissions removal. #3065 --- agents/meshcore.js | 2 +- agents/recoverycore.js | 2 +- views/default-mobile.handlebars | 5 ++++ views/default.handlebars | 49 +++++++++++++++++++++++++-------- webserver.js | 5 ++++ 5 files changed, 49 insertions(+), 14 deletions(-) diff --git a/agents/meshcore.js b/agents/meshcore.js index 1a668e1e..1021f5b3 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -874,7 +874,7 @@ function handleServerCommand(data) { case 'msg': { switch (data.type) { case 'console': { // Process a console command - if ((typeof data.rights != 'number') || ((data.rights & 16) == 0)) break; // Check console rights + if ((typeof data.rights != 'number') || ((data.rights & 8) == 0) || ((data.rights & 16) == 0)) break; // Check console rights (Remote Control and Console) if (data.value && data.sessionid) { MeshServerLogEx(17, [data.value], "Processing console command: " + data.value, data); var args = splitArgs(data.value); diff --git a/agents/recoverycore.js b/agents/recoverycore.js index 215e14c8..71d51590 100644 --- a/agents/recoverycore.js +++ b/agents/recoverycore.js @@ -911,7 +911,7 @@ require('MeshAgent').AddCommandHandler(function (data) { { switch (data.type) { case 'console': { // Process a console command - if ((typeof data.rights != 'number') || ((data.rights & 16) == 0)) break; // Check console rights + if ((typeof data.rights != 'number') || ((data.rights & 8) == 0) || ((data.rights & 16) == 0)) break; // Check console rights (Remote Control and Console) if (data.value && data.sessionid) { var args = splitArgs(data.value); processConsoleCommand(args[0].toLowerCase(), parseArgs(args), data.rights, data.sessionid); diff --git a/views/default-mobile.handlebars b/views/default-mobile.handlebars index d7df88ad..ced2ca91 100644 --- a/views/default-mobile.handlebars +++ b/views/default-mobile.handlebars @@ -6363,11 +6363,16 @@ function removeUserRights(rights, userid) { if ((userid != userinfo._id) || (userinfo.removeRights == null)) return rights; var add = 0, substract = 0; + if ((userinfo.removeRights & 0x00000008) != 0) { substract += 0x00000008; } // No Remote Control if ((userinfo.removeRights & 0x00010000) != 0) { add += 0x00010000; } // No Desktop if ((userinfo.removeRights & 0x00000100) != 0) { add += 0x00000100; } // Desktop View Only if ((userinfo.removeRights & 0x00000200) != 0) { add += 0x00000200; } // No Terminal if ((userinfo.removeRights & 0x00000400) != 0) { add += 0x00000400; } // No Files if ((userinfo.removeRights & 0x00000010) != 0) { substract += 0x00000010; } // No Console + if ((userinfo.removeRights & 0x00008000) != 0) { substract += 0x00008000; } // No Uninstall + if ((userinfo.removeRights & 0x00020000) != 0) { substract += 0x00020000; } // No Remote Command + if ((userinfo.removeRights & 0x00000040) != 0) { substract += 0x00000040; } // No Wake + if ((userinfo.removeRights & 0x00040000) != 0) { substract += 0x00040000; } // No Reset/Off if (rights != 0xFFFFFFFF) { // If not administrator, add and subsctract restrictions rights |= add; diff --git a/views/default.handlebars b/views/default.handlebars index 29aba88e..fac89fce 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -14073,11 +14073,17 @@ var userFeatures = []; if ((serverinfo.usersSessionRecording == 1) && (user.flags) && (user.flags & 2)) { userFeatures.push("Record Sessions"); } if (user.removeRights) { - if ((user.removeRights & 0x00010000) != 0) { userFeatures.push("No Desktop"); } - else if ((user.removeRights & 0x00000100) != 0) { userFeatures.push("Desktop View Only"); } - if ((user.removeRights & 0x00000200) != 0) { userFeatures.push("No Terminal"); } - if ((user.removeRights & 0x00000400) != 0) { userFeatures.push("No Files"); } + if ((user.removeRights & 0x00000008) != 0) { userFeatures.push("No Remote Control"); } else { + if ((user.removeRights & 0x00010000) != 0) { userFeatures.push("No Desktop"); } + else if ((user.removeRights & 0x00000100) != 0) { userFeatures.push("Desktop View Only"); } + if ((user.removeRights & 0x00000200) != 0) { userFeatures.push("No Terminal"); } + if ((user.removeRights & 0x00000400) != 0) { userFeatures.push("No Files"); } + } if ((user.removeRights & 0x00000010) != 0) { userFeatures.push("No Console"); } + if ((user.removeRights & 0x00008000) != 0) { userFeatures.push("No Uninstall"); } + if ((user.removeRights & 0x00020000) != 0) { userFeatures.push("No Remote Command"); } + if ((user.removeRights & 0x00000040) != 0) { userFeatures.push("No Wake"); } + if ((user.removeRights & 0x00040000) != 0) { userFeatures.push("No Reset/Off"); } } userFeatures = userFeatures.join(', '); if (userFeatures == '') { userFeatures = '' + "None" + ''; } @@ -14204,17 +14210,25 @@ if (serverinfo.usersSessionRecording == 1) { x += '

'; } - x += '

'; + x += '

'; + x += '

'; x += '

'; - x += '

'; - x += '

'; + x += '

'; + x += '

'; x += '

'; + x += '

'; + x += '

'; + x += '

'; + x += '

'; setDialogMode(2, "Edit User Features", 3, p20edituserfeaturesEx, x); p20edituserfeaturesValidate(); } function p20edituserfeaturesValidate() { - QE('d20flag3', !Q('d20flag2').checked); + QE('d20flag2', !Q('d20flag7').checked); + QE('d20flag3', !Q('d20flag7').checked && !Q('d20flag2').checked); + QE('d20flag4', !Q('d20flag7').checked); + QE('d20flag5', !Q('d20flag7').checked); } // Send to the server the new user's real name @@ -14226,11 +14240,17 @@ // Setup user permission removal var r = 0; - if (Q('d20flag2').checked) { r += 0x00010000; } - else if (Q('d20flag3').checked) { r += 0x00000100; } - if (Q('d20flag4').checked) { r += 0x00000200; } - if (Q('d20flag5').checked) { r += 0x00000400; } + if (Q('d20flag7').checked) { r += 0x00000008; } else { + if (Q('d20flag2').checked) { r += 0x00010000; } + else if (Q('d20flag3').checked) { r += 0x00000100; } + if (Q('d20flag4').checked) { r += 0x00000200; } + if (Q('d20flag5').checked) { r += 0x00000400; } + } if (Q('d20flag6').checked) { r += 0x00000010; } + if (Q('d20flag8').checked) { r += 0x00008000; } + if (Q('d20flag9').checked) { r += 0x00020000; } + if (Q('d20flag10').checked) { r += 0x00000040; } + if (Q('d20flag11').checked) { r += 0x00040000; } meshserver.send({ action: 'edituser', id: currentUser._id, flags: f, removeRights: r }); } @@ -15841,11 +15861,16 @@ function removeUserRights(rights, userid) { if ((userid != userinfo._id) || (userinfo.removeRights == null)) return rights; var add = 0, substract = 0; + if ((userinfo.removeRights & 0x00000008) != 0) { substract += 0x00000008; } // No Remote Control if ((userinfo.removeRights & 0x00010000) != 0) { add += 0x00010000; } // No Desktop if ((userinfo.removeRights & 0x00000100) != 0) { add += 0x00000100; } // Desktop View Only if ((userinfo.removeRights & 0x00000200) != 0) { add += 0x00000200; } // No Terminal if ((userinfo.removeRights & 0x00000400) != 0) { add += 0x00000400; } // No Files if ((userinfo.removeRights & 0x00000010) != 0) { substract += 0x00000010; } // No Console + if ((userinfo.removeRights & 0x00008000) != 0) { substract += 0x00008000; } // No Uninstall + if ((userinfo.removeRights & 0x00020000) != 0) { substract += 0x00020000; } // No Remote Command + if ((userinfo.removeRights & 0x00000040) != 0) { substract += 0x00000040; } // No Wake + if ((userinfo.removeRights & 0x00040000) != 0) { substract += 0x00040000; } // No Reset/Off if (rights != 0xFFFFFFFF) { // If not administrator, add and subsctract restrictions rights |= add; diff --git a/webserver.js b/webserver.js index 3e52599c..18c5032a 100644 --- a/webserver.js +++ b/webserver.js @@ -6803,11 +6803,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { function removeUserRights(rights, user) { if (user.removeRights == null) return rights; var add = 0, substract = 0; + if ((user.removeRights & 0x00000008) != 0) { substract += 0x00000008; } // No Remote Control if ((user.removeRights & 0x00010000) != 0) { add += 0x00010000; } // No Desktop if ((user.removeRights & 0x00000100) != 0) { add += 0x00000100; } // Desktop View Only if ((user.removeRights & 0x00000200) != 0) { add += 0x00000200; } // No Terminal if ((user.removeRights & 0x00000400) != 0) { add += 0x00000400; } // No Files if ((user.removeRights & 0x00000010) != 0) { substract += 0x00000010; } // No Console + if ((user.removeRights & 0x00008000) != 0) { substract += 0x00008000; } // No Uninstall + if ((user.removeRights & 0x00020000) != 0) { substract += 0x00020000; } // No Remote Command + if ((user.removeRights & 0x00000040) != 0) { substract += 0x00000040; } // No Wake + if ((user.removeRights & 0x00040000) != 0) { substract += 0x00040000; } // No Reset/Off if (rights != 0xFFFFFFFF) { // If not administrator, add and subsctract restrictions rights |= add;