mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-12 15:33:20 -05:00
Added support to lockout accounts
This commit is contained in:
parent
df30cae461
commit
ea2a0bb321
@ -91,7 +91,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
|||||||
obj.ws.HandleEvent = function (source, event) {
|
obj.ws.HandleEvent = function (source, event) {
|
||||||
if (!event.domain || event.domain == obj.domain.id) {
|
if (!event.domain || event.domain == obj.domain.id) {
|
||||||
try {
|
try {
|
||||||
if (event == 'close') { obj.req.session.destroy(); obj.ws.close(); }
|
if (event == 'close') { req.session.destroy(); obj.close(); }
|
||||||
else if (event == 'resubscribe') { user.subscriptions = obj.parent.subscribe(user._id, ws); }
|
else if (event == 'resubscribe') { user.subscriptions = obj.parent.subscribe(user._id, ws); }
|
||||||
else if (event == 'updatefiles') { updateUserFiles(user, ws, domain); }
|
else if (event == 'updatefiles') { updateUserFiles(user, ws, domain); }
|
||||||
else { ws.send(JSON.stringify({ action: 'event', event: event })); }
|
else { ws.send(JSON.stringify({ action: 'event', event: event })); }
|
||||||
@ -280,10 +280,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
|||||||
{
|
{
|
||||||
if ((command.limit == null) || (typeof command.limit != 'number')) {
|
if ((command.limit == null) || (typeof command.limit != 'number')) {
|
||||||
// Send the list of all events for this session
|
// Send the list of all events for this session
|
||||||
obj.db.GetEvents(user.subscriptions, domain.id, function (err, docs) { if (err != null) return; ws.send(JSON.stringify({ action: 'events', events: docs, tag: command.tag })); });
|
obj.db.GetEvents(user.subscriptions, domain.id, function (err, docs) { if (err != null) return; try { ws.send(JSON.stringify({ action: 'events', events: docs, tag: command.tag })); } catch (ex) { } });
|
||||||
} else {
|
} else {
|
||||||
// Send the list of most recent events for this session, up to 'limit' count
|
// Send the list of most recent events for this session, up to 'limit' count
|
||||||
obj.db.GetEventsWithLimit(user.subscriptions, domain.id, command.limit, function (err, docs) { if (err != null) return; ws.send(JSON.stringify({ action: 'events', events: docs, tag: command.tag })); });
|
obj.db.GetEventsWithLimit(user.subscriptions, domain.id, command.limit, function (err, docs) { if (err != null) return; try { ws.send(JSON.stringify({ action: 'events', events: docs, tag: command.tag })); } catch (ex) { } });
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -452,6 +452,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
|
|||||||
delete userinfo.passtype;
|
delete userinfo.passtype;
|
||||||
obj.parent.parent.DispatchEvent(['*', 'server-users', user._id, chguser._id], obj, { etype: 'user', username: user.name, account: userinfo, action: 'accountchange', msg: 'Account changed: ' + command.name, domain: domain.id })
|
obj.parent.parent.DispatchEvent(['*', 'server-users', user._id, chguser._id], obj, { etype: 'user', username: user.name, account: userinfo, action: 'accountchange', msg: 'Account changed: ' + command.name, domain: domain.id })
|
||||||
}
|
}
|
||||||
|
if ((chguser.siteadmin) && (chguser.siteadmin != 0xFFFFFFFF) && (chguser.siteadmin & 32)) {
|
||||||
|
obj.parent.parent.DispatchEvent([chguser._id], obj, 'close'); // Disconnect all this user's sessions
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "meshcentral",
|
"name": "meshcentral",
|
||||||
"version": "0.1.6-h",
|
"version": "0.1.6-j",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"Remote Management",
|
"Remote Management",
|
||||||
"Intel AMT",
|
"Intel AMT",
|
||||||
|
@ -3457,7 +3457,7 @@
|
|||||||
function dmousedown(e) { if (!xxdialogMode && desktop != null && Q('DeskControl').checked) desktop.m.mousedown(e) }
|
function dmousedown(e) { if (!xxdialogMode && desktop != null && Q('DeskControl').checked) desktop.m.mousedown(e) }
|
||||||
function dmouseup(e) { if (!xxdialogMode && desktop != null && Q('DeskControl').checked) desktop.m.mouseup(e) }
|
function dmouseup(e) { if (!xxdialogMode && desktop != null && Q('DeskControl').checked) desktop.m.mouseup(e) }
|
||||||
function dmousemove(e) { if (!xxdialogMode && desktop != null && Q('DeskControl').checked) desktop.m.mousemove(e) }
|
function dmousemove(e) { if (!xxdialogMode && desktop != null && Q('DeskControl').checked) desktop.m.mousemove(e) }
|
||||||
function dmousewheel(e) { if (!xxdialogMode && desktop != null && Q('DeskControl').checked) { desktop.m.mousewheel(e); haltEvent(e); return true; } return false; }
|
function dmousewheel(e) { if (!xxdialogMode && desktop != null && Q('DeskControl').checked && desktop.m.mousewheel) { desktop.m.mousewheel(e); haltEvent(e); return true; } return false; }
|
||||||
function drotate(x) { if (!xxdialogMode && desktop != null) { desktop.m.setRotation(desktop.m.rotation + x); deskAdjust(); deskAdjust(); } }
|
function drotate(x) { if (!xxdialogMode && desktop != null) { desktop.m.setRotation(desktop.m.rotation + x); deskAdjust(); deskAdjust(); } }
|
||||||
function stopProcess(id, name) { setDialogMode(2, "Process Control", 3, stopProcessEx, 'Stop process #' + id + ' "' + name + '"?', id); }
|
function stopProcess(id, name) { setDialogMode(2, "Process Control", 3, stopProcessEx, 'Stop process #' + id + ' "' + name + '"?', id); }
|
||||||
function stopProcessEx(buttons, tag) { meshserver.send({ action: 'msg', type:'pskill', nodeid: currentNode._id, value: tag }); setTimeout(refreshDeskTools, 300); }
|
function stopProcessEx(buttons, tag) { meshserver.send({ action: 'msg', type:'pskill', nodeid: currentNode._id, value: tag }); setTimeout(refreshDeskTools, 300); }
|
||||||
@ -4856,8 +4856,9 @@
|
|||||||
if (self) { msg += "</a>"; }
|
if (self) { msg += "</a>"; }
|
||||||
}
|
}
|
||||||
if (msg != '') msg += ', ';
|
if (msg != '') msg += ', ';
|
||||||
if (self) { msg += "<a onclick=showUserAdminDialog(event,\"" + user._id + "\")>"; }
|
if (self) { msg += "<a onclick=showUserAdminDialog(event,\"" + encodeURIComponent(user._id) + "\")>"; }
|
||||||
if ((user.siteadmin == null) || (user.siteadmin == 0)) {
|
if ((user.siteadmin != null) && (user.siteadmin == 32)) { msg += "Locked, "; }
|
||||||
|
if ((user.siteadmin == null) || (user.siteadmin == 0) || (user.siteadmin == 32)) {
|
||||||
msg += "User";
|
msg += "User";
|
||||||
} else if (user.siteadmin == 8) {
|
} else if (user.siteadmin == 8) {
|
||||||
msg += "User with server files";
|
msg += "User with server files";
|
||||||
@ -4938,6 +4939,7 @@
|
|||||||
function showUserAdminDialog(e, userid) {
|
function showUserAdminDialog(e, userid) {
|
||||||
if (xxdialogMode) return;
|
if (xxdialogMode) return;
|
||||||
haltEvent(e);
|
haltEvent(e);
|
||||||
|
userid = decodeURIComponent(userid);
|
||||||
var x = '<div>';
|
var x = '<div>';
|
||||||
x += '<input type=checkbox onchange=showUserAdminDialogValidate() id=ua_fileaccess>Server Files, <input type=number onchange=showUserAdminDialogValidate() maxlength=10 style=width:80px;text-align:right id=ua_fileaccessquota>k max, blank for default<br><hr/>';
|
x += '<input type=checkbox onchange=showUserAdminDialogValidate() id=ua_fileaccess>Server Files, <input type=number onchange=showUserAdminDialogValidate() maxlength=10 style=width:80px;text-align:right id=ua_fileaccessquota>k max, blank for default<br><hr/>';
|
||||||
x += '<input type=checkbox onchange=showUserAdminDialogValidate() id=ua_fulladmin>Full Administrator<br>';
|
x += '<input type=checkbox onchange=showUserAdminDialogValidate() id=ua_fulladmin>Full Administrator<br>';
|
||||||
@ -4945,9 +4947,10 @@
|
|||||||
x += '<input type=checkbox onchange=showUserAdminDialogValidate() id=ua_serverrestore>Server Restore<br>';
|
x += '<input type=checkbox onchange=showUserAdminDialogValidate() id=ua_serverrestore>Server Restore<br>';
|
||||||
x += '<input type=checkbox onchange=showUserAdminDialogValidate() id=ua_serverupdate>Server Updates<br>';
|
x += '<input type=checkbox onchange=showUserAdminDialogValidate() id=ua_serverupdate>Server Updates<br>';
|
||||||
x += '<input type=checkbox onchange=showUserAdminDialogValidate() id=ua_manageusers>Manage Users<br>';
|
x += '<input type=checkbox onchange=showUserAdminDialogValidate() id=ua_manageusers>Manage Users<br>';
|
||||||
|
x += '<hr/><input type=checkbox onchange=showUserAdminDialogValidate() id=ua_lockedaccount>Lock Account<br>';
|
||||||
x += '</div>';
|
x += '</div>';
|
||||||
var user = users[userid];
|
var user = users[userid.toLowerCase()];
|
||||||
setDialogMode(2, "Site Permissions", 3, showUserAdminDialogEx, x, user);
|
setDialogMode(2, "Server Permissions", 3, showUserAdminDialogEx, x, user);
|
||||||
if (user.siteadmin && user.siteadmin != 0) {
|
if (user.siteadmin && user.siteadmin != 0) {
|
||||||
Q('ua_fulladmin').checked = (user.siteadmin == 0xFFFFFFFF);
|
Q('ua_fulladmin').checked = (user.siteadmin == 0xFFFFFFFF);
|
||||||
Q('ua_serverbackup').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1) != 0)); // Server Backup
|
Q('ua_serverbackup').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1) != 0)); // Server Backup
|
||||||
@ -4955,6 +4958,7 @@
|
|||||||
Q('ua_serverrestore').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 4) != 0)); // Server Restore
|
Q('ua_serverrestore').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 4) != 0)); // Server Restore
|
||||||
Q('ua_fileaccess').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 8) != 0)); // Server Files
|
Q('ua_fileaccess').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 8) != 0)); // Server Files
|
||||||
Q('ua_serverupdate').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 16) != 0)); // Server Update
|
Q('ua_serverupdate').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 16) != 0)); // Server Update
|
||||||
|
Q('ua_lockedaccount').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 32) != 0)); // Account locked
|
||||||
}
|
}
|
||||||
QE('ua_fulladmin', userinfo.siteadmin == 0xFFFFFFFF);
|
QE('ua_fulladmin', userinfo.siteadmin == 0xFFFFFFFF);
|
||||||
QE('ua_serverbackup', userinfo.siteadmin == 0xFFFFFFFF);
|
QE('ua_serverbackup', userinfo.siteadmin == 0xFFFFFFFF);
|
||||||
@ -4974,7 +4978,7 @@
|
|||||||
QE('ua_serverrestore', !Q('ua_fulladmin').checked);
|
QE('ua_serverrestore', !Q('ua_fulladmin').checked);
|
||||||
QE('ua_fileaccess', !Q('ua_fulladmin').checked);
|
QE('ua_fileaccess', !Q('ua_fulladmin').checked);
|
||||||
QE('ua_serverupdate', !Q('ua_fulladmin').checked);
|
QE('ua_serverupdate', !Q('ua_fulladmin').checked);
|
||||||
QE('ua_fileaccessquota', Q('ua_fileaccess').checked || Q('ua_fulladmin').checked);
|
QE('ua_fileaccessquota', Q('ua_fileaccess').checked && !Q('ua_fulladmin').checked);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4986,6 +4990,7 @@
|
|||||||
if (Q('ua_serverrestore').checked == true) siteadmin += 4;
|
if (Q('ua_serverrestore').checked == true) siteadmin += 4;
|
||||||
if (Q('ua_fileaccess').checked == true) siteadmin += 8;
|
if (Q('ua_fileaccess').checked == true) siteadmin += 8;
|
||||||
if (Q('ua_serverupdate').checked == true) siteadmin += 16;
|
if (Q('ua_serverupdate').checked == true) siteadmin += 16;
|
||||||
|
if (Q('ua_lockedaccount').checked == true) siteadmin += 32;
|
||||||
}
|
}
|
||||||
var x = { action: 'edituser', name: user.name, siteadmin: siteadmin };
|
var x = { action: 'edituser', name: user.name, siteadmin: siteadmin };
|
||||||
if (isNaN(quota) == false) { x.quota = (quota * 1024); }
|
if (isNaN(quota) == false) { x.quota = (quota * 1024); }
|
||||||
|
@ -88,6 +88,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
|||||||
const SITERIGHT_SERVERRESTORE = 4;
|
const SITERIGHT_SERVERRESTORE = 4;
|
||||||
const SITERIGHT_FILEACCESS = 8;
|
const SITERIGHT_FILEACCESS = 8;
|
||||||
const SITERIGHT_SERVERUPDATE = 16;
|
const SITERIGHT_SERVERUPDATE = 16;
|
||||||
|
const SITERIGHT_LOCKED = 32;
|
||||||
|
|
||||||
// Setup SSPI authentication if needed
|
// Setup SSPI authentication if needed
|
||||||
if ((obj.parent.platform == 'win32') && (obj.args.nousers != true) && (obj.parent.config != null) && (obj.parent.config.domains != null)) {
|
if ((obj.parent.platform == 'win32') && (obj.args.nousers != true) && (obj.parent.config != null) && (obj.parent.config.domains != null)) {
|
||||||
@ -207,6 +208,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
|||||||
if (hash == user.hash) {
|
if (hash == user.hash) {
|
||||||
// Update the password to the stronger format.
|
// Update the password to the stronger format.
|
||||||
require('./pass').hash(pass, function (err, salt, hash) { if (err) throw err; user.salt = salt; user.hash = hash; delete user.passtype; obj.db.SetUser(user); });
|
require('./pass').hash(pass, function (err, salt, hash) { if (err) throw err; user.salt = salt; user.hash = hash; delete user.passtype; obj.db.SetUser(user); });
|
||||||
|
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
|
||||||
return fn(null, user._id);
|
return fn(null, user._id);
|
||||||
}
|
}
|
||||||
fn(new Error('invalid password'), null, user.passhint);
|
fn(new Error('invalid password'), null, user.passhint);
|
||||||
@ -215,7 +217,10 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
|||||||
// Default strong password hashing (pbkdf2 SHA384)
|
// Default strong password hashing (pbkdf2 SHA384)
|
||||||
require('./pass').hash(pass, user.salt, function (err, hash) {
|
require('./pass').hash(pass, user.salt, function (err, hash) {
|
||||||
if (err) return fn(err);
|
if (err) return fn(err);
|
||||||
if (hash == user.hash) return fn(null, user._id);
|
if (hash == user.hash) {
|
||||||
|
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
|
||||||
|
return fn(null, user._id);
|
||||||
|
}
|
||||||
fn(new Error('invalid password'), null, user.passhint);
|
fn(new Error('invalid password'), null, user.passhint);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -330,7 +335,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
|||||||
obj.parent.DispatchEvent(['*'], obj, { etype: 'user', username: user.name, action: 'login', msg: 'Account login', domain: domain.id })
|
obj.parent.DispatchEvent(['*'], obj, { etype: 'user', username: user.name, action: 'login', msg: 'Account login', domain: domain.id })
|
||||||
} else {
|
} else {
|
||||||
delete req.session.loginmode;
|
delete req.session.loginmode;
|
||||||
req.session.error = '<b style=color:#8C001A>Login failed, check username and password.</b>';
|
if (err == 'locked') { req.session.error = '<b style=color:#8C001A>Account locked.</b>'; } else { req.session.error = '<b style=color:#8C001A>Login failed, check username and password.</b>'; }
|
||||||
if ((passhint != null) && (passhint.length > 0)) {
|
if ((passhint != null) && (passhint.length > 0)) {
|
||||||
req.session.passhint = passhint;
|
req.session.passhint = passhint;
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user