mirrors/MeshCentral
2
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-10-26 11:27:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge d4ca7bba61 into c899ee2404

Browse Source
This commit is contained in:
Daniel Hammerschmidt 2025-10-25 20:43:16 +02:00 committed by GitHub
commit a4be20ac9d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 174 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apprelays.js
View File

@ -57,6 +57,7 @@ const MESHRIGHT_RESETOFF = 0x00040000; // 262144
const MESHRIGHT_GUESTSHARING = 0x00080000; // 524288
const MESHRIGHT_DEVICEDETAILS = 0x00100000; // 1048576
const MESHRIGHT_RELAY = 0x00200000; // 2097152
const MESHRIGHT_HIDERDPSESSIONS = 0x00400000; // 4194304
const MESHRIGHT_ADMIN = 0xFFFFFFFF;
// SerialTunnel object is used to embed TLS within another connection.

7
meshagent.js
View File

@ -1219,6 +1219,13 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
obj.consoleKickValue = command.value;
}
}
else if (command.type == 'userSessions') {
const rights = parent.GetNodeRights(parent.wssessions2[command.sessionid].userid, obj.dbMeshKey, obj.dbNodeKey);
if ((rights !== 0xFFFFFFFF) && (rights & 0x00400000)) {
command.data = Object.fromEntries(Object.entries(command.data).filter(([k,v]) => (!v.StationName.toUpperCase().startsWith('RDP-'))));
console.log(rights.toString(16).padStart(8,'0'), command);
}
}
// Route a message
parent.routeAgentCommand(command, obj.domain.id, obj.dbNodeKey, obj.dbMeshKey);

16
meshcentral-config-schema.json
View File

@ -1557,6 +1557,11 @@
]
}
},
"applyFeaturePermissionsToRouterAndWebTools": {
"type": "boolean",
"default": true,
"description": "Hides RDP, SSH or SCP links if access to Desktop, Terminal or Files is denied."
},
"deviceMeshRouterLinks": {
"type": "object",
"properties": {
@ -1970,6 +1975,15 @@
"default": true,
"description": "When enabled, activates the built-in web-based VNC client."
},
"novncargs": {
"type": "string",
"default": "show_dot=1",
"description": "Additional arguments for nVNC. URL-encoded and sparated by ampersand (&)."
},
"novncViewOnlyPort": {
"type": ["number", "array"],
"description": "TCP port where a VNC server is listening in view-only mode. Single number or array in Object.fromEntries()-compatible format."
},
"mstsc": {
"type": "boolean",
"default": true,
@ -2408,7 +2422,7 @@
"viewonly": {
"type": "boolean",
"description": "When set to true, the remote desktop feature is view only.",
"default": "false"
"default": false
}
}
},

2
meshcentral.js
View File

@ -3241,6 +3241,8 @@ function CreateMeshCentralServer(config, args) {
// Sign windows agents
obj.signMeshAgents = function (domain, func) {
// Skip signing to speed up debugging
if ('MESHCENTRAL_DEV_NO_AGENT_SIGNING' in process.env && (()=> { try { return require('node:inspector').url() !== undefined; } catch (_) { return false; } }).call()) { return void func(); }
// Setup the domain is specified
var objx = domain, suffix = '';
if (domain.id == '') { objx = obj; } else { suffix = '-' + domain.id; objx.meshAgentBinaries = {}; }

2
meshipkvm.js
View File

@ -34,6 +34,8 @@ function CreateIPKVMManager(parent) {
const MESHRIGHT_RESETOFF = 0x00040000; // 262144
const MESHRIGHT_GUESTSHARING = 0x00080000; // 524288
const MESHRIGHT_DEVICEDETAILS = 0x00100000; // ?1048576?
const MESHRIGHT_RELAY = 0x00200000; // 2097152
const MESHRIGHT_HIDERDPSESSIONS = 0x00400000; // 4194304
const MESHRIGHT_ADMIN = 0xFFFFFFFF;
// Subscribe for mesh creation events

20
meshrelay.js
View File

@ -36,6 +36,7 @@ const MESHRIGHT_RESETOFF = 0x00040000; // 262144
const MESHRIGHT_GUESTSHARING = 0x00080000; // 524288
const MESHRIGHT_DEVICEDETAILS = 0x00100000; // 1048576
const MESHRIGHT_RELAY = 0x00200000; // 2097152
const MESHRIGHT_HIDERDPSESSIONS = 0x00400000; // 4194304
const MESHRIGHT_ADMIN = 0xFFFFFFFF;
// Protocol:
@ -883,14 +884,31 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
parent.db.Get(cookie.nodeid, function (err, docs) {
if (docs.length == 0) { console.log('ERR: Node not found'); try { obj.close(); } catch (e) { } return; } // Disconnect websocket
const node = docs[0];
const rights = parent.GetNodeRights(obj.user, node.meshid, node._id);
// Check if this user has permission to relay thru this computer (MESHRIGHT_REMOTECONTROL or MESHRIGHT_RELAY rights)
if ((obj.nouser !== true) && ((parent.GetNodeRights(obj.user, node.meshid, node._id) & 0x00200008) == 0)) { console.log('ERR: Access denied (1)'); try { obj.close(); } catch (ex) { } return; }
if ((obj.nouser !== true) && ((rights & 0x00200008) == 0)) { console.log('ERR: Access denied (1)'); try { obj.close(); } catch (ex) { } return; }
// Set nodeid and meshid
obj.nodeid = node._id;
obj.meshid = node.meshid;
function getNoVncViewOnlyPort(rfbport = 5900) {
let novncvop = domain.novncviewonlyport;
if (typeof novncvop === 'number') { return novncvop; }
if (Array.isArray(novncvop)) { novncvop = domain.novncviewonlyport = Object.fromEntries(novncvop); }
const tokens = [obj.meshid, `mesh/${domain.id}/${parent.meshes[obj.meshid].name}`, obj.nodeid, `node/${domain.id}/${node.name}`, '*'];
tokens.some((val) => ((val = +novncvop[val]) ? ((rfbport = val), true) : false));
return rfbport;
}
if (domain.applyfeaturepermissionstorouterandwebtools !== false) {
switch (cookie.tcpport) {
// don't know why, but we have to terminate() the websocket to close the connection. or is a feature to avoid DoS?
case node.rdpport ?? 3389: { if ((rights !== 0xFFFFFFFF) && (rights & MESHRIGHT_REMOTEVIEWONLY)) { console.log('ERR: Access denied (1)'); try { obj.close(); /*ws.terminate();*/ } catch (ex) { } return; } break; }
case node.rfbport ?? 5900: { if ((rights !== 0xFFFFFFFF) && (rights & MESHRIGHT_REMOTEVIEWONLY)) { cookie.tcpport = getNoVncViewOnlyPort(node.rfbport); } break; }
}
}
// Send connection request to agent
const rcookieData = {};
if (user != null) { rcookieData.ruserid = user._id; } else if (obj.nouser === true) { rcookieData.nouser = 1; }

17
meshuser.js
View File

@ -53,6 +53,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
const MESHRIGHT_GUESTSHARING = 0x00080000; // 524288
const MESHRIGHT_DEVICEDETAILS = 0x00100000; // 1048576
const MESHRIGHT_RELAY = 0x00200000; // 2097152
const MESHRIGHT_HIDERDPSESSIONS = 0x00400000; // 4194304
const MESHRIGHT_ADMIN = 0xFFFFFFFF;
// Site rights
@ -552,7 +553,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Build server information object
const allFeatures = parent.getDomainUserFeatures(domain, user, req);
var serverinfo = { domain: domain.id, name: domain.dns ? domain.dns : parent.certificates.CommonName, mpsname: parent.certificates.AmtMpsName, mpsport: mpsport, mpspass: args.mpspass, port: httpport, emailcheck: ((domain.mailserver != null) && (domain.auth != 'sspi') && (domain.auth != 'ldap') && (args.lanonly != true) && (parent.certificates.CommonName != null) && (parent.certificates.CommonName.indexOf('.') != -1) && (user._id.split('/')[2].startsWith('~') == false)), domainauth: (domain.auth == 'sspi'), serverTime: Date.now(), features: allFeatures.features, features2: allFeatures.features2 };
var serverinfo = { domain: domain.id, name: domain.dns ? domain.dns : parent.certificates.CommonName, mpsname: parent.certificates.AmtMpsName, mpsport: mpsport, mpspass: args.mpspass, port: httpport, emailcheck: ((domain.mailserver != null) && (domain.auth != 'sspi') && (domain.auth != 'ldap') && (args.lanonly != true) && (parent.certificates.CommonName != null) && (parent.certificates.CommonName.indexOf('.') != -1) && (user._id.split('/')[2].startsWith('~') == false)), domainauth: (domain.auth == 'sspi'), serverTime: Date.now(), features: allFeatures.features, features2: allFeatures.features2, features3: allFeatures.features3 };
serverinfo.languages = parent.renderLanguages;
serverinfo.tlshash = Buffer.from(parent.webCertificateFullHashs[domain.id], 'binary').toString('hex').toUpperCase(); // SHA384 of server HTTPS certificate
serverinfo.agentCertHash = parent.agentCertificateHashBase64;
@ -4745,7 +4746,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} else {
try {
parent.parent.pluginHandler.plugins[command.plugin].serveraction(command, obj, parent);
} catch (ex) { console.log('Error loading plugin handler (' + ex + ')'); }
} catch (ex) { console.log('Error executing plugin serveraction (' + ex + ')', ex.stack); }
}
break;
}
@ -6434,6 +6435,18 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
parent.GetNodeWithRights(domain, user, command.nodeid, function (node, rights, visible) {
if ((node == null) || ((rights & MESHRIGHT_REMOTECONTROL) == 0) || (visible == false)) return; // Access denied.
const applyfeaturepermissions = obj.domain.applyfeaturepermissionstorouterandwebtools !== false;
switch (command.tag) {
case 'novnc': {
let novncargs = domain.novncargs ?? 'show_dot=1';
if (applyfeaturepermissions) { novncargs += '&view_only=' +!!(rights & MESHRIGHT_REMOTEVIEWONLY); }
command.qsappend = novncargs.charAt(0) === '&' ? novncargs.slice(1) : novncargs;
break;
}
case 'mstsc': { if (applyfeaturepermissions && (rights & MESHRIGHT_REMOTEVIEWONLY)) { return; } break; }
case 'ssh': { if (applyfeaturepermissions && (rights & MESHRIGHT_NOTERMINAL)) { return; }; break; }
}
// Add a user authentication cookie to a url
var cookieContent = { userid: user._id, domainid: user.domain };
if (command.nodeid) { cookieContent.nodeid = command.nodeid; }

11
sample-config-advanced.json
View File

@ -590,6 +590,17 @@
"_footer": "Test",
"_certUrl": "https://192.168.2.106:443/"
},
"_domain_with_novncViewOnlyPort": {
"_novnc": true,
"_1_novncViewOnlyPort": 5901,
"_2_novncViewOnlyPort": [
["#_node//Oqj4ExG@mcz9ZmXMuy7YncqEKuVA1rD5o8ZUWQ8F$mA$33zwfXz$XQ5mrUYdJbss", 5901],
["#_node//my-dev-box", 5902],
["#_mesh//KbvW2V18kiZSNQ5zkT8Qk2s7aADf0MwS1cXUlc$WzqwbwEVYMTopJFR1uxxZzE79", 5903],
["#_mesh//playground--connect", 5904],
["*", 5905]
]
},
"_info": {
"_share": "C:\\ExtraWebSite"
}

68
views/default.handlebars
View File

@ -1552,6 +1552,7 @@
var debugLevel = parseInt('{{{debuglevel}}}');
var features = parseInt('{{{features}}}');
var features2 = parseInt('{{{features2}}}');
var features3 = parseInt('{{{features3}}}');
var sessionTime = parseInt('{{{sessiontime}}}');
var webRelayPort = parseInt('{{{webRelayPort}}}');
var webRelayDns = '{{{webRelayDns}}}';
@ -2359,6 +2360,7 @@
if (updateNaggleFlags & 16384) { updateUsers(); }
if (updateNaggleFlags & 32768) { updateRecordings(); }
if (updateNaggleFlags & 65536) { updateLoginTokens(); }
if (currentNode && (updateNaggleFlags & 131072)) { updateDesktopButtons(); }
updateNaggleTimer = null;
updateNaggleFlags = 0;
gotoStartViewPage();
@ -3012,18 +3014,18 @@
//console.log(url);
downloadFile(url, '');
} else if (message.tag == 'novnc') {
var vncurl = window.location.origin + domainUrl + 'novnc/vnc.html?ws=wss%3A%2F%2F' + window.location.host + encodeURIComponentEx(domainUrl) + (message.localRelay?'local':'mesh') + 'relay.ashx%3Fauth%3D' + message.cookie + '&show_dot=1' + (urlargs.key?('&key=' + urlargs.key):'') + '&l={{{lang}}}';
var vncurl = window.location.origin + domainUrl + 'novnc/vnc.html?ws=wss%3A%2F%2F' + window.location.host + encodeURIComponentEx(domainUrl) + (message.localRelay ? 'local' : 'mesh') + 'relay.ashx%3Fauth%3D' + message.cookie + (urlargs.key?('&key=' + urlargs.key):'') + '&l={{{lang}}}' + (message.qsappend ? '&' + message.qsappend : '');
var node = getNodeFromId(message.nodeid);
if (node != null) { vncurl += '&name=' + encodeURIComponentEx(node.name); }
safeNewWindow(vncurl, 'mcnovnc/' + message.nodeid);
} else if (message.tag == 'mstsc') {
var rdpurl = window.location.origin + domainUrl + 'mstsc.html?ws=' + message.cookie + (urlargs.key?('&key=' + urlargs.key):'');
var rdpurl = window.location.origin + domainUrl + 'mstsc.html?ws=' + message.cookie + (urlargs.key ? ('&key=' + urlargs.key) : '') + (message.qsappend ? '&' + message.qsappend : '');
var node = getNodeFromId(message.nodeid);
if (node != null) { rdpurl += '&name=' + encodeURIComponentEx(node.name); }
if (message.localRelay) { rdpurl += '&local=1'; }
safeNewWindow(rdpurl, 'mcmstsc/' + message.nodeid);
} else if (message.tag == 'ssh') {
var sshurl = window.location.origin + domainUrl + 'ssh.html?ws=' + message.cookie + (urlargs.key?('&key=' + urlargs.key):'');
var sshurl = window.location.origin + domainUrl + 'ssh.html?ws=' + message.cookie + (urlargs.key ? ('&key=' + urlargs.key) : '') + (message.qsappend ? '&' + message.qsappend : '');
var node = getNodeFromId(message.nodeid);
if (node != null) { sshurl += '&name=' + encodeURIComponentEx(node.name); }
if (message.localRelay) { sshurl += '&local=1'; }
@ -3469,6 +3471,7 @@
// If we are looking at a node that is no longer visible, move back to "My Devices"
if ((xxcurrentView >= 10) && (xxcurrentView < 20) && currentNode && !IsNodeViewable(currentNode)) { setDialogMode(0); go(1); }
}
mainUpdate(131072);
}
mainUpdate(4 + 128 + 8192 + 16384);
if (currentNode && !IsNodeViewable(currentNode)) { currentNode = null; if ((xxcurrentView >= 10) && (xxcurrentView < 20)) { go(1); } }
@ -6561,12 +6564,12 @@
QV('cxfiles', (node.mtype != 4) && ((node.mtype == 2) && ((node.agent == null) || (node.agent.caps == null) || ((node.agent.caps & 4) != 0))) && (rights & 8) && fileAccess);
QV('cxevents', (node.intelamt != null) && ((node.intelamt.state == 2) || (node.conn & 2)) && (rights & 8));
QV('cxdetails', node.mtype < 3);
QV('cxwebvnc', ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights & 8) != 0) && ((features & 0x20000000) == 0)));
QV('cxwebrdp', ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights & 8) != 0) && ((features & 0x40000000) == 0)));
QV('cxwebssh', ((features2 & 0x200) && (((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights & 8) != 0)));
QV('cxwebvnc', ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights == 0xFFFFFFFF) || ((rights & (8 | (features3 & 0x00000001 ? 65536 : 0))) == 8)) && ((features & 0x20000000) == 0)));
QV('cxwebrdp', ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights == 0xFFFFFFFF) || ((rights & (8 | (features3 & 0x00000001 ? 256 | 65536 : 0))) == 8)) && ((features & 0x40000000) == 0)));
QV('cxwebssh', ((features2 & 0x200) && (((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights == 0xFFFFFFFF) || ((rights & (8 | (features3 & 0x00000001 ? 512 : 0))) == 8))));
QV('cxconsole', (consoleRights && (node.mtype == 2) && ((node.agent == null) || (node.agent.caps == null) || ((node.agent.caps & 8) != 0))) && (rights & 8));
QV('cxrdp', false); // always have the RDP hidden
if ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights & 8) != 0)) {
if ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights == 0xFFFFFFFF) || ((rights & (8 | (features3 & 0x00000001 ? 256 | 65536 : 0))) == 8))) {
if ((node.agent.id > 0) && (node.agent.id < 5)) {
if (navigator.platform.toLowerCase() == 'win32') {
if ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.rdp != false)) {
@ -7875,19 +7878,19 @@
}
if ((node.agent.id > 0) && (node.agent.id < 5)) {
if (navigator.platform.toLowerCase() == 'win32') {
if ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.rdp != false)) {
if (((meshrights == 0xFFFFFFFF) || ((meshrights & (8 | (features3 & 0x00000001 ? 256 | 65536 : 0))) == 8)) && ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.rdp != false))) {
x += '<a href=# cmenu=altPortContextMenu id=rdpMCRouterLink onclick=p10MCRouter("' + node._id + '",3) title="' + "Requires installation of MeshCentral Router" + '.">' + "RDP" + ((node.rdpport && (node.rdpport != 3389)) ? '/' + node.rdpport : '') + '</a>&nbsp;';
}
}
}
if (node.agent.id > 4) {
if ((navigator.platform.toLowerCase() == 'win32') || (navigator.platform.toLowerCase() == 'macintel')) {
if (((meshrights == 0xFFFFFFFF) || ((meshrights & ( 8 | (features3 & 0x00000001 ? 512 : 0))) == 8)) && ((navigator.platform.toLowerCase() == 'win32') || (navigator.platform.toLowerCase() == 'macintel'))) {
if ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.ssh != false)) {
x += '<a href=# cmenu=sshPortContextMenu onclick=p10MCRouter("' + node._id + '",4,' + (node.sshport ? node.sshport : 22) + ') title="' + "Requires installation of MeshCentral Router." + '">' + "SSH" + ((node.sshport && (node.sshport != 22)) ? '/' + node.sshport : '') + '</a>&nbsp;';
}
}
if (navigator.platform.toLowerCase() == 'win32') {
if ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.scp != false)) {
if (((meshrights == 0xFFFFFFFF) || ((meshrights & (8 | (features3 & 0x00000001 ? 1024 : 0))) == 8)) && ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.scp != false))) {
x += '<a href=# cmenu=sshPortContextMenu onclick=p10MCRouter("' + node._id + '",5,' + (node.sshport ? node.sshport : 22) + ') title="' + "Requires installation of MeshCentral Router." + '">' + "SCP" + ((node.sshport && (node.sshport != 22)) ? '/' + node.sshport : '') + '</a>&nbsp;';
}
}
@ -7907,17 +7910,17 @@
}
// noVNC link
if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights & 8) != 0) && ((features & 0x20000000) == 0)) {
if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights == 0xFFFFFFFF) || ((meshrights & (8 | (features3 & 0x00000001 ? 65536 : 0))) == 8 )) && ((features & 0x20000000) == 0)) {
x += '<a href=# cmenu=rfbPortContextMenu id=rfbLink onclick=p10rfb("' + node._id + '") title="' + "Launch web-based VNC session to this device" + '.">' + "Web-VNC" + '</a>&nbsp;';
}
// MSTSC.js link
if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights & 8) != 0) && ((features & 0x40000000) == 0)) {
if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights == 0xFFFFFFFF) || ((meshrights & (8 | (features3 & 0x00000001 ? 256 | 65536 : 0))) == 8)) && ((features & 0x40000000) == 0)) {
x += '<a href=# cmenu=altPortContextMenu id=mstscLink onclick=p10mstsc("' + node._id + '") title="' + "Launch web-based RDP session to this device" + '.">' + "Web-RDP" + '</a>&nbsp;';
}
// SSH link
if ((features2 & 0x200) && (((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights & 8) != 0)) {
if ((features2 & 0x200) && (((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights == 0xFFFFFFFF) || ((meshrights & (8 | (features3 & 0x00000001 ? 512 : 0))) == 8))) {
x += '<a href=# cmenu=sshPortContextMenu id=sshLink onclick=p10ssh("' + node._id + '") title="' + "Launch web-based SSH session to this device" + '.">' + "Web-SSH" + '</a>&nbsp;';
}
@ -8230,6 +8233,7 @@
if (rights & 512) str1.push("No Terminal");
if (rights & 1024) str1.push("No Files");
if (rights & 2048) str1.push("No AMT");
if (rights & 4194304) str1.push("Hide RDP");
if (rights & 4096) str1.push("Limited Input");
if (rights & 65536) str1.push("No Desktop");
if ((rights & 524288) && (serverinfo.guestdevicesharing !== false)) str1.push("Guest Share");
@ -8264,6 +8268,7 @@
if (rights & 1024) str1.push("No Files");
if (rights & 2048) str1.push("No AMT");
if (rights & 4096) str1.push("Limited Input");
if (rights & 4194304) str1.push("Hide RDP");
if (rights & 65536) str1.push("No Desktop");
if ((rights & 524288) && (serverinfo.guestdevicesharing !== false)) str1.push("Guest Share");
if (str1.length > 0) { str.push('Control (' + str1.join(', ') + ')'); } else { str.push("Control"); }
@ -9242,7 +9247,7 @@
// Show the right buttons
QV('disconnectbutton1span', (deskState != 0));
QV('connectbutton1span', (deskState == 0) && ((rights & 8) || (rights & 256)) && (currentNode.agent != null) && (currentNode.agent.caps & 1));
QV('connectbutton1rspan', ((features & 0x40000000) == 0) && (deskState == 0) && (rights & 8) && (currentNode.agent != null) && ((currentNode.agent.id == 3) || (currentNode.agent.id == 4)));
QV('connectbutton1rspan', ((features & 0x40000000) == 0) && (deskState == 0) && ((rights == 0XFFFFFFFF) || ((rights & (8 | (features3 & 0x00000001 ? 256 : 0))) == 8)) && (currentNode.agent != null) && ((currentNode.agent.id == 3) || (currentNode.agent.id == 4)));
if (mtype == 1) {
QV('connectbutton1hspan',
(deskState == 0) &&
@ -14269,6 +14274,7 @@
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20remotecontrol>' + "Remote Control & Relay" + '</label><br>';
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20remoteview style=margin-left:12px>' + "Remote View Only" + '</label><br>';
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20remotelimitedinput style=margin-left:12px>' + "Limited Input Only" + '</label><br>';
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20hiderdpsessions style=margin-left:12px>' + "Hide RDP Sessionss" + '</label><br>';
if (serverinfo.guestdevicesharing !== false) { x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20guestshare style=margin-left:12px>' + "Guest Sharing" + '</label><br>'; }
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20nodesktop style=margin-left:12px>' + "No Desktop Access" + '</label><br>';
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20noterminal style=margin-left:12px>' + "No Terminal Access" + '</label><br>';
@ -14350,6 +14356,7 @@
if (urights & 1024) { Q('p20nofiles').checked = true; }
if (urights & 2048) { Q('p20noamt').checked = true; }
if (urights & 4096) { Q('p20remotelimitedinput').checked = true; }
if (urights & 4194304) { Q('p20hiderdpsessions').checked = true; }
}
if (urights & 16) { Q('p20meshagentconsole').checked = true; }
if (urights & 32) { Q('p20meshserverfiles').checked = true; }
@ -14403,6 +14410,7 @@
Q('p20nofiles').checked = ((devrights & 1024) != 0);
Q('p20noamt').checked = ((devrights & 2048) != 0);
Q('p20remotelimitedinput').checked = ((devrights & 4096) != 0);
Q('p20hiderdpsessions').checked = ((devrights & 4194304) != 0);
Q('p20limitevents').checked = ((devrights & 8192) != 0);
Q('p20chatnotify').checked = ((devrights & 16384) != 0);
Q('p20uninstall').checked = ((devrights & 32768) != 0);
@ -14484,6 +14492,7 @@
QE('p20remoteview', nc && Q('p20remotecontrol').checked);
if (serverinfo.guestdevicesharing !== false) { QE('p20guestshare', nc && Q('p20remotecontrol').checked && (Q('p20remoteview').checked || !Q('p20remotelimitedinput').checked)); }
QE('p20remotelimitedinput', nc && Q('p20remotecontrol').checked && !Q('p20remoteview').checked);
QE('p20hiderdpsessions', nc && Q('p20remotecontrol').checked);
QE('p20nodesktop', nc && Q('p20remotecontrol').checked);
QE('p20noterminal', nc && Q('p20remotecontrol').checked);
QE('p20nofiles', nc && Q('p20remotecontrol').checked);
@ -14516,6 +14525,7 @@
if (Q('p20nofiles').checked == true) meshadmin += 1024;
if (Q('p20noamt').checked == true) meshadmin += 2048;
if ((Q('p20remotelimitedinput').checked == true) && (!Q('p20remoteview').checked)) meshadmin += 4096;
if ((Q('p20hiderdpsessions').checked == true)) meshadmin += 4194304;
if (Q('p20limitevents').checked == true) meshadmin += 8192;
if (Q('p20chatnotify').checked == true) meshadmin += 16384;
if (Q('p20uninstall').checked == true) meshadmin += 32768;
@ -14528,13 +14538,14 @@
// Clean up incorrect rights. If Remote Control is not selected, remove flags that don't make sense.
if ((meshadmin & 8) == 0) {
// Remove 256, 512, 1024, 2048, 4096, 65536
// Remove 256, 512, 1024, 2048, 4096, 65536, 4194304
if (meshadmin & 256) { meshadmin -= 256; }
if (meshadmin & 512) { meshadmin -= 512; }
if (meshadmin & 1024) { meshadmin -= 1024; }
if (meshadmin & 2048) { meshadmin -= 2048; }
if (meshadmin & 4096) { meshadmin -= 4096; }
if (meshadmin & 65536) { meshadmin -= 65536; }
if (meshadmin & 4194304) { meshadmin -= 4194304; }
}
// Send the action to the server
@ -14597,11 +14608,13 @@
if ((meshrights & 64) != 0) r.push("Wake Devices");
if ((meshrights & 128) != 0) r.push("Edit Notes");
if (((meshrights & 8) != 0) && (meshrights & 256) != 0) r.push("Remote View Only");
if (((meshrights & 8) != 0) && (meshrights & 4194304) != 0) r.push("Hide RDP Sessionss");
if (((meshrights & 8) != 0) && (meshrights & 65536) != 0) r.push("No Desktop");
if (((meshrights & 8) != 0) && (meshrights & 512) != 0) r.push("No Terminal");
if (((meshrights & 8) != 0) && (meshrights & 1024) != 0) r.push("No Files");
if (((meshrights & 8) != 0) && (meshrights & 2048) != 0) r.push("No Intel&reg; AMT");
if (((meshrights & 8) != 0) && ((meshrights & 4096) != 0) && ((meshrights & 256) == 0)) r.push("Limited Input");
if (((meshrights & 8) != 0) && ((meshrights & 4194304) != 0) && ((meshrights & 256) == 0)) r.push("Hide RDP");
if ((meshrights & 8192) != 0) r.push("Self Events Only");
if ((meshrights & 16384) != 0) r.push("Chat & Notify");
if ((meshrights & 32768) != 0) r.push("Uninstall");
@ -16534,8 +16547,8 @@
var cr = 0, mesh = omeshes[i], r = currentUserGroup.links[mesh._id].rights, trash = '', rights = makeDeviceGroupRightsString(r);
if ((userinfo.links) && (userinfo.links[mesh._id] != null) && (userinfo.links[mesh._id].rights != null)) { cr = userinfo.links[mesh._id].rights; }
var meshname = '<i>' + "Unknown Device Group" + '</i>';
if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + mesh.name + '</a>'; } else {}
if ((cr & 2) != 0) {
if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + mesh.name + '</a>'; } else { }
if ((userinfo.siteadmin == 0xFFFFFFFF) || ((cr & 2) != 0)) {
trash = '<a href=# onclick=\'return p51removeMeshFromUserGroup(event,"' + encodeURIComponentEx(mesh._id) + '")\' title="' + "Remove user group rights to this device group" + '" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>';
rights = '<span style=cursor:pointer onclick=p20showAddMeshUserDialog(3,"' + encodeURIComponentEx(mesh._id) + '")>' + rights + ' <img class=hoverButton style=cursor:pointer src=images/link5.png></span>';
}
@ -16835,8 +16848,11 @@
if ((serverinfo.usersSessionRecording == 1) && (user.flags) && (user.flags & 2)) { userFeatures.push("Record Sessions"); }
if (user.removeRights) {
if ((user.removeRights & 0x00000008) != 0) { userFeatures.push("No Remote Control"); } else {
if ((user.removeRights & 0x00010000) != 0) { userFeatures.push("No Desktop"); }
else if ((user.removeRights & 0x00000100) != 0) { userFeatures.push("Desktop View Only"); }
if ((user.removeRights & 0x00010000) != 0) { userFeatures.push("No Desktop"); } else {
if ((user.removeRights & 0x00000100) != 0) { userFeatures.push("Desktop View Only"); }
else if ((user.removeRights & 0x00001000) != 0) { userFeatures.push("Limited Input"); }
if ((user.removeRights & 0x00400000) != 0) { userFeatures.push("Hide RDP"); }
}
if ((user.removeRights & 0x00000200) != 0) { userFeatures.push("No Terminal"); }
if ((user.removeRights & 0x00000400) != 0) { userFeatures.push("No Files"); }
}
@ -17061,6 +17077,8 @@
x += '<div><label><input type=checkbox id=d20flag7 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000008) ? 'checked' : '') + '>' + "No Remote Control" + '</label><br></div>';
x += '<div style=margin-left:8px><label><input type=checkbox id=d20flag2 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00010000) ? 'checked' : '') + '>' + "No Desktop Access" + '</label><br></div>';
x += '<div style=margin-left:16px><label><input type=checkbox id=d20flag3 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000100) ? 'checked' : '') + '>' + "Remote View Only" + '</label><br></div>';
x += '<div style=margin-left:16px><label><input type=checkbox id=d20flag12 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00001000) ? 'checked' : '') + '>' + "Limited Input Only" + '</label><br></div>';
x += '<div style=margin-left:16px><label><input type=checkbox id=d20flag13 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00400000) ? 'checked' : '') + '>' + "Hide RDP Sessions" + '</label><br></div>';
x += '<div style=margin-left:8px><label><input type=checkbox id=d20flag4 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000200) ? 'checked' : '') + '>' + "No Terminal Access" + '</label><br></div>';
x += '<div style=margin-left:8px><label><input type=checkbox id=d20flag5 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000400) ? 'checked' : '') + '>' + "No File Access" + '</label><br></div>';
x += '<div><label><input type=checkbox id=d20flag6 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000010) ? 'checked' : '') + '>' + "No Agent Console" + '</label><br></div>';
@ -17077,6 +17095,8 @@
QE('d20flag3', !Q('d20flag7').checked && !Q('d20flag2').checked);
QE('d20flag4', !Q('d20flag7').checked);
QE('d20flag5', !Q('d20flag7').checked);
QE('d20flag12', !Q('d20flag7').checked && !Q('d20flag2').checked && !Q('d20flag3').checked);
QE('d20flag13', !Q('d20flag7').checked && !Q('d20flag2').checked);
}
// Send to the server the new user's real name
@ -17090,7 +17110,11 @@
var r = 0;
if (Q('d20flag7').checked) { r += 0x00000008; } else {
if (Q('d20flag2').checked) { r += 0x00010000; }
else if (Q('d20flag3').checked) { r += 0x00000100; }
else {
if (Q('d20flag3').checked) { r += 0x00000100; }
else if (Q('d20flag12').checked) { r += 0x00001000; }
if (Q('d20flag13').checked) { r += 0x00400000; }
}
if (Q('d20flag4').checked) { r += 0x00000200; }
if (Q('d20flag5').checked) { r += 0x00000400; }
}
@ -17233,7 +17257,7 @@
if ((userinfo.links) && (userinfo.links[mesh._id] != null) && (userinfo.links[mesh._id].rights != null)) { cr = userinfo.links[mesh._id].rights; }
var meshname = '<i>' + "Unknown Device Group" + '</i>';
if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + EscapeHtml(mesh.name) + '</a>'; }
if ((currentUser._id != userinfo._id) && ((cr & 2) != 0)) { // 2 = MESHRIGHT_MANAGEUSERS
if ((userinfo.siteadmin == 0xFFFFFFFF) || ((currentUser._id != userinfo._id) && ((cr & 2) != 0))) { // 2 = MESHRIGHT_MANAGEUSERS
trash = '<a href=# onclick=\'return p30removeMeshFromUser(event,"' + encodeURIComponentEx(mesh._id) + '")\' title="' + "Remove user rights to this device group" + '" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>';
rights = '<span style=cursor:pointer onclick=p20showAddMeshUserDialog(1,"' + encodeURIComponentEx(mesh._id) + '")>' + rights + ' <img class=hoverButton style=cursor:pointer src=images/link5.png></span>';
}
@ -19112,6 +19136,8 @@
if ((userinfo.removeRights & 0x00000100) != 0) { add += 0x00000100; } // Desktop View Only
if ((userinfo.removeRights & 0x00000200) != 0) { add += 0x00000200; } // No Terminal
if ((userinfo.removeRights & 0x00000400) != 0) { add += 0x00000400; } // No Files
if ((userinfo.removeRights & 0x00001000) != 0) { add += 0x00001000; } // Limited Input Only
if ((userinfo.removeRights & 0x00400000) != 0) { add += 0x00400000; } // Hide RDP Sessions
if ((userinfo.removeRights & 0x00000010) != 0) { substract += 0x00000010; } // No Console
if ((userinfo.removeRights & 0x00008000) != 0) { substract += 0x00008000; } // No Uninstall
if ((userinfo.removeRights & 0x00020000) != 0) { substract += 0x00020000; } // No Remote Command

66
views/default3.handlebars
View File

@ -1975,6 +1975,7 @@
var debugLevel = parseInt('{{{debuglevel}}}');
var features = parseInt('{{{features}}}');
var features2 = parseInt('{{{features2}}}');
var features3 = parseInt('{{{features3}}}');
var sessionTime = parseInt('{{{sessiontime}}}');
var webRelayPort = parseInt('{{{webRelayPort}}}');
var webRelayDns = '{{{webRelayDns}}}';
@ -3000,6 +3001,7 @@
if (updateNaggleFlags & 16384) { updateUsers(); }
if (updateNaggleFlags & 32768) { updateRecordings(); }
if (updateNaggleFlags & 65536) { updateLoginTokens(); }
if (currentNode && (updateNaggleFlags & 131072)) { updateDesktopButtons(); }
updateNaggleTimer = null;
updateNaggleFlags = 0;
gotoStartViewPage();
@ -3659,18 +3661,18 @@
//console.log(url);
downloadFile(url, '');
} else if (message.tag == 'novnc') {
var vncurl = window.location.origin + domainUrl + 'novnc/vnc.html?ws=wss%3A%2F%2F' + window.location.host + encodeURIComponentEx(domainUrl) + (message.localRelay ? 'local' : 'mesh') + 'relay.ashx%3Fauth%3D' + message.cookie + '&show_dot=1' + (urlargs.key ? ('&key=' + urlargs.key) : '') + '&l={{{lang}}}';
var vncurl = window.location.origin + domainUrl + 'novnc/vnc.html?ws=wss%3A%2F%2F' + window.location.host + encodeURIComponentEx(domainUrl) + (message.localRelay ? 'local' : 'mesh') + 'relay.ashx%3Fauth%3D' + message.cookie + (urlargs.key?('&key=' + urlargs.key):'') + '&l={{{lang}}}' + (message.qsappend ? '&' + message.qsappend : '');
var node = getNodeFromId(message.nodeid);
if (node != null) { vncurl += '&name=' + encodeURIComponentEx(node.name); }
safeNewWindow(vncurl, 'mcnovnc/' + message.nodeid);
} else if (message.tag == 'mstsc') {
var rdpurl = window.location.origin + domainUrl + 'mstsc.html?ws=' + message.cookie + (urlargs.key ? ('&key=' + urlargs.key) : '');
var rdpurl = window.location.origin + domainUrl + 'mstsc.html?ws=' + message.cookie + (urlargs.key ? ('&key=' + urlargs.key) : '') + (message.qsappend ? '&' + message.qsappend : '');
var node = getNodeFromId(message.nodeid);
if (node != null) { rdpurl += '&name=' + encodeURIComponentEx(node.name); }
if (message.localRelay) { rdpurl += '&local=1'; }
safeNewWindow(rdpurl, 'mcmstsc/' + message.nodeid);
} else if (message.tag == 'ssh') {
var sshurl = window.location.origin + domainUrl + 'ssh.html?ws=' + message.cookie + (urlargs.key ? ('&key=' + urlargs.key) : '');
var sshurl = window.location.origin + domainUrl + 'ssh.html?ws=' + message.cookie + (urlargs.key ? ('&key=' + urlargs.key) : '') + (message.qsappend ? '&' + message.qsappend : '');
var node = getNodeFromId(message.nodeid);
if (node != null) { sshurl += '&name=' + encodeURIComponentEx(node.name); }
if (message.localRelay) { sshurl += '&local=1'; }
@ -4125,6 +4127,7 @@
// If we are looking at a node that is no longer visible, move back to "My Devices"
if ((xxcurrentView >= 10) && (xxcurrentView < 20) && currentNode && !IsNodeViewable(currentNode)) { setDialogMode(0); go(1); }
}
mainUpdate(131072);
}
mainUpdate(4 + 128 + 8192 + 16384);
if (currentNode && !IsNodeViewable(currentNode)) { currentNode = null; if ((xxcurrentView >= 10) && (xxcurrentView < 20)) { go(1); } }
@ -7413,12 +7416,12 @@
QV('cxfiles', (node.mtype != 4) && ((node.mtype == 2) && ((node.agent == null) || (node.agent.caps == null) || ((node.agent.caps & 4) != 0))) && (rights & 8) && fileAccess);
QV('cxevents', (node.intelamt != null) && ((node.intelamt.state == 2) || (node.conn & 2)) && (rights & 8));
QV('cxdetails', node.mtype < 3);
QV('cxwebvnc', ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights & 8) != 0) && ((features & 0x20000000) == 0)));
QV('cxwebrdp', ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights & 8) != 0) && ((features & 0x40000000) == 0)));
QV('cxwebssh', ((features2 & 0x200) && (((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights & 8) != 0)));
QV('cxwebvnc', ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights == 0xFFFFFFFF) || ((rights & (8 | (features3 & 0x00000001 ? 65536 : 0))) == 8)) && ((features & 0x20000000) == 0)));
QV('cxwebrdp', ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights == 0xFFFFFFFF) || ((rights & (8 | (features3 & 0x00000001 ? 256 | 65536 : 0))) == 8)) && ((features & 0x40000000) == 0)));
QV('cxwebssh', ((features2 & 0x200) && (((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights == 0xFFFFFFFF) || ((rights & (8 | (features3 & 0x00000001 ? 512 : 0))) == 8))));
QV('cxconsole', (consoleRights && (node.mtype == 2) && ((node.agent == null) || (node.agent.caps == null) || ((node.agent.caps & 8) != 0))) && (rights & 8));
QV('cxrdp', false); // always have the RDP hidden
if ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights & 8) != 0)) {
if ((((node.conn & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((rights == 0xFFFFFFFF) || ((rights & (8 | (features3 & 0x00000001 ? 256 | 65536 : 0))) == 8))) {
if ((node.agent.id > 0) && (node.agent.id < 5)) {
if (navigator.platform.toLowerCase() == 'win32') {
if ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.rdp != false)) {
@ -8738,19 +8741,19 @@
}
if ((node.agent.id > 0) && (node.agent.id < 5)) {
if (navigator.platform.toLowerCase() == 'win32') {
if ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.rdp != false)) {
if (((meshrights == 0xFFFFFFFF) || ((meshrights & (8 | (features3 & 0x00000001 ? 256 | 65536 : 0))) == 8)) && ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.rdp != false))) {
x += '<a href=# cmenu=altPortContextMenu id=rdpMCRouterLink onclick=p10MCRouter("' + node._id + '",3) title="' + "Requires installation of MeshCentral Router" + '.">' + "RDP" + ((node.rdpport && (node.rdpport != 3389)) ? '/' + node.rdpport : '') + '</a>&nbsp;';
}
}
}
if (node.agent.id > 4) {
if ((navigator.platform.toLowerCase() == 'win32') || (navigator.platform.toLowerCase() == 'macintel')) {
if (((meshrights == 0xFFFFFFFF) || ((meshrights & ( 8 | (features3 & 0x00000001 ? 512 : 0))) == 8)) && ((navigator.platform.toLowerCase() == 'win32') || (navigator.platform.toLowerCase() == 'macintel'))) {
if ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.ssh != false)) {
x += '<a href=# cmenu=sshPortContextMenu onclick=p10MCRouter("' + node._id + '",4,' + (node.sshport ? node.sshport : 22) + ') title="' + "Requires installation of MeshCentral Router." + '">' + "SSH" + ((node.sshport && (node.sshport != 22)) ? '/' + node.sshport : '') + '</a>&nbsp;';
}
}
if (navigator.platform.toLowerCase() == 'win32') {
if ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.scp != false)) {
if (((meshrights == 0xFFFFFFFF) || ((meshrights & (8 | (features3 & 0x00000001 ? 1024 : 0))) == 8)) && ((serverinfo.devicemeshrouterlinks == null) || (serverinfo.devicemeshrouterlinks.scp != false))) {
x += '<a href=# cmenu=sshPortContextMenu onclick=p10MCRouter("' + node._id + '",5,' + (node.sshport ? node.sshport : 22) + ') title="' + "Requires installation of MeshCentral Router." + '">' + "SCP" + ((node.sshport && (node.sshport != 22)) ? '/' + node.sshport : '') + '</a>&nbsp;';
}
}
@ -8770,17 +8773,17 @@
}
// noVNC link
if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights & 8) != 0) && ((features & 0x20000000) == 0)) {
if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights == 0xFFFFFFFF) || ((meshrights & (8 | (features3 & 0x00000001 ? 65536 : 0))) == 8 )) && ((features & 0x20000000) == 0)) {
x += '<a href=# cmenu=rfbPortContextMenu id=rfbLink onclick=p10rfb("' + node._id + '") title="' + "Launch web-based VNC session to this device" + '.">' + "Web-VNC" + '</a>&nbsp;';
}
// MSTSC.js link
if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights & 8) != 0) && ((features & 0x40000000) == 0)) {
if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights == 0xFFFFFFFF) || ((meshrights & (8 | (features3 & 0x00000001 ? 256 | 65536 : 0))) == 8)) && ((features & 0x40000000) == 0)) {
x += '<a href=# cmenu=altPortContextMenu id=mstscLink onclick=p10mstsc("' + node._id + '") title="' + "Launch web-based RDP session to this device" + '.">' + "Web-RDP" + '</a>&nbsp;';
}
// SSH link
if ((features2 & 0x200) && (((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights & 8) != 0)) {
if ((features2 & 0x200) && (((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights == 0xFFFFFFFF) || ((meshrights & (8 | (features3 & 0x00000001 ? 512 : 0))) == 8))) {
x += '<a href=# cmenu=sshPortContextMenu id=sshLink onclick=p10ssh("' + node._id + '") title="' + "Launch web-based SSH session to this device" + '.">' + "Web-SSH" + '</a>&nbsp;';
}
@ -9098,6 +9101,7 @@
if (rights & 512) str1.push("No Terminal");
if (rights & 1024) str1.push("No Files");
if (rights & 2048) str1.push("No AMT");
if (rights & 4194304) str1.push("Hide RDP");
if (rights & 4096) str1.push("Limited Input");
if (rights & 65536) str1.push("No Desktop");
if ((rights & 524288) && (serverinfo.guestdevicesharing !== false)) str1.push("Guest Share");
@ -9132,6 +9136,7 @@
if (rights & 1024) str1.push("No Files");
if (rights & 2048) str1.push("No AMT");
if (rights & 4096) str1.push("Limited Input");
if (rights & 4194304) str1.push("Hide RDP");
if (rights & 65536) str1.push("No Desktop");
if ((rights & 524288) && (serverinfo.guestdevicesharing !== false)) str1.push("Guest Share");
if (str1.length > 0) { str.push('Control (' + str1.join(', ') + ')'); } else { str.push("Control"); }
@ -10184,7 +10189,7 @@
// Show the right buttons
QV('disconnectbutton1span', (deskState != 0));
QV('connectbutton1span', (deskState == 0) && ((rights & 8) || (rights & 256)) && (currentNode.agent != null) && (currentNode.agent.caps & 1));
QV('connectbutton1rspan', ((features & 0x40000000) == 0) && (deskState == 0) && (rights & 8) && (currentNode.agent != null) && ((currentNode.agent.id == 3) || (currentNode.agent.id == 4)));
QV('connectbutton1rspan', ((features & 0x40000000) == 0) && (deskState == 0) && ((rights == 0XFFFFFFFF) || ((rights & (8 | (features3 & 0x00000001 ? 256 : 0))) == 8)) && (currentNode.agent != null) && ((currentNode.agent.id == 3) || (currentNode.agent.id == 4)));
if (mtype == 1) {
QV('connectbutton1hspan',
(deskState == 0) &&
@ -15527,6 +15532,7 @@
x += '<label><input type=checkbox class="form-check-input me-2" onchange=p20validateAddMeshUserDialog() id=p20remotecontrol>' + "Remote Control & Relay" + '</label><br>';
x += '<label><input type=checkbox class="form-check-input me-2" onchange=p20validateAddMeshUserDialog() id=p20remoteview style=margin-left:12px>' + "Remote View Only" + '</label><br>';
x += '<label><input type=checkbox class="form-check-input me-2" onchange=p20validateAddMeshUserDialog() id=p20remotelimitedinput style=margin-left:12px>' + "Limited Input Only" + '</label><br>';
x += '<label><input type=checkbox class="form-check-input me-2" onchange=p20validateAddMeshUserDialog() id=p20hiderdpsessions style=margin-left:12px>' + "Hide RDP Sessionss" + '</label><br>';
if (serverinfo.guestdevicesharing !== false) { x += '<label><input type=checkbox class="form-check-input me-2" onchange=p20validateAddMeshUserDialog() id=p20guestshare style=margin-left:12px>' + "Guest Sharing" + '</label><br>'; }
x += '<label><input type=checkbox class="form-check-input me-2" onchange=p20validateAddMeshUserDialog() id=p20nodesktop style=margin-left:12px>' + "No Desktop Access" + '</label><br>';
x += '<label><input type=checkbox class="form-check-input me-2" onchange=p20validateAddMeshUserDialog() id=p20noterminal style=margin-left:12px>' + "No Terminal Access" + '</label><br>';
@ -15645,6 +15651,7 @@
if (urights & 1024) { Q('p20nofiles').checked = true; }
if (urights & 2048) { Q('p20noamt').checked = true; }
if (urights & 4096) { Q('p20remotelimitedinput').checked = true; }
if (urights & 4194304) { Q('p20hiderdpsessions').checked = true; }
}
if (urights & 16) { Q('p20meshagentconsole').checked = true; }
if (urights & 32) { Q('p20meshserverfiles').checked = true; }
@ -15698,6 +15705,7 @@
Q('p20nofiles').checked = ((devrights & 1024) != 0);
Q('p20noamt').checked = ((devrights & 2048) != 0);
Q('p20remotelimitedinput').checked = ((devrights & 4096) != 0);
Q('p20hiderdpsessions').checked = ((devrights & 4194304) != 0);
Q('p20limitevents').checked = ((devrights & 8192) != 0);
Q('p20chatnotify').checked = ((devrights & 16384) != 0);
Q('p20uninstall').checked = ((devrights & 32768) != 0);
@ -15779,6 +15787,7 @@
QE('p20remoteview', nc && Q('p20remotecontrol').checked);
if (serverinfo.guestdevicesharing !== false) { QE('p20guestshare', nc && Q('p20remotecontrol').checked && (Q('p20remoteview').checked || !Q('p20remotelimitedinput').checked)); }
QE('p20remotelimitedinput', nc && Q('p20remotecontrol').checked && !Q('p20remoteview').checked);
QE('p20hiderdpsessions', nc && Q('p20remotecontrol').checked);
QE('p20nodesktop', nc && Q('p20remotecontrol').checked);
QE('p20noterminal', nc && Q('p20remotecontrol').checked);
QE('p20nofiles', nc && Q('p20remotecontrol').checked);
@ -15811,6 +15820,7 @@
if (Q('p20nofiles').checked == true) meshadmin += 1024;
if (Q('p20noamt').checked == true) meshadmin += 2048;
if ((Q('p20remotelimitedinput').checked == true) && (!Q('p20remoteview').checked)) meshadmin += 4096;
if ((Q('p20hiderdpsessions').checked == true)) meshadmin += 4194304;
if (Q('p20limitevents').checked == true) meshadmin += 8192;
if (Q('p20chatnotify').checked == true) meshadmin += 16384;
if (Q('p20uninstall').checked == true) meshadmin += 32768;
@ -15823,13 +15833,14 @@
// Clean up incorrect rights. If Remote Control is not selected, remove flags that don't make sense.
if ((meshadmin & 8) == 0) {
// Remove 256, 512, 1024, 2048, 4096, 65536
// Remove 256, 512, 1024, 2048, 4096, 65536, 4194304
if (meshadmin & 256) { meshadmin -= 256; }
if (meshadmin & 512) { meshadmin -= 512; }
if (meshadmin & 1024) { meshadmin -= 1024; }
if (meshadmin & 2048) { meshadmin -= 2048; }
if (meshadmin & 4096) { meshadmin -= 4096; }
if (meshadmin & 65536) { meshadmin -= 65536; }
if (meshadmin & 4194304) { meshadmin -= 4194304; }
}
// Send the action to the server
@ -15892,11 +15903,13 @@
if ((meshrights & 64) != 0) r.push("Wake Devices");
if ((meshrights & 128) != 0) r.push("Edit Notes");
if (((meshrights & 8) != 0) && (meshrights & 256) != 0) r.push("Remote View Only");
if (((meshrights & 8) != 0) && (meshrights & 4194304) != 0) r.push("Hide RDP Sessionss");
if (((meshrights & 8) != 0) && (meshrights & 65536) != 0) r.push("No Desktop");
if (((meshrights & 8) != 0) && (meshrights & 512) != 0) r.push("No Terminal");
if (((meshrights & 8) != 0) && (meshrights & 1024) != 0) r.push("No Files");
if (((meshrights & 8) != 0) && (meshrights & 2048) != 0) r.push("No Intel&reg; AMT");
if (((meshrights & 8) != 0) && ((meshrights & 4096) != 0) && ((meshrights & 256) == 0)) r.push("Limited Input");
if (((meshrights & 8) != 0) && ((meshrights & 4194304) != 0) && ((meshrights & 256) == 0)) r.push("Hide RDP");
if ((meshrights & 8192) != 0) r.push("Self Events Only");
if ((meshrights & 16384) != 0) r.push("Chat & Notify");
if ((meshrights & 32768) != 0) r.push("Uninstall");
@ -17930,7 +17943,7 @@
if ((userinfo.links) && (userinfo.links[mesh._id] != null) && (userinfo.links[mesh._id].rights != null)) { cr = userinfo.links[mesh._id].rights; }
var meshname = '<i>' + "Unknown Device Group" + '</i>';
if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + mesh.name + '</a>'; } else { }
if ((cr & 2) != 0) {
if ((userinfo.siteadmin == 0xFFFFFFFF) || ((cr & 2) != 0)) {
trash = '<a href=# onclick=\'return p51removeMeshFromUserGroup(event,"' + encodeURIComponentEx(mesh._id) + '")\' title="' + "Remove user group rights to this device group" + '" style=cursor:pointer><i class="fa-solid fa-trash text-danger hoverButton"></i></a>';
rights = '<span style=cursor:pointer onclick=p20showAddMeshUserDialog(3,"' + encodeURIComponentEx(mesh._id) + '")>' + rights + ' <img class=hoverButton style=cursor:pointer src=images/link5.png></span>';
}
@ -18245,8 +18258,11 @@
if ((serverinfo.usersSessionRecording == 1) && (user.flags) && (user.flags & 2)) { userFeatures.push("Record Sessions"); }
if (user.removeRights) {
if ((user.removeRights & 0x00000008) != 0) { userFeatures.push("No Remote Control"); } else {
if ((user.removeRights & 0x00010000) != 0) { userFeatures.push("No Desktop"); }
else if ((user.removeRights & 0x00000100) != 0) { userFeatures.push("Desktop View Only"); }
if ((user.removeRights & 0x00010000) != 0) { userFeatures.push("No Desktop"); } else {
if ((user.removeRights & 0x00000100) != 0) { userFeatures.push("Desktop View Only"); }
else if ((user.removeRights & 0x00001000) != 0) { userFeatures.push("Limited Input"); }
if ((user.removeRights & 0x00400000) != 0) { userFeatures.push("Hide RDP"); }
}
if ((user.removeRights & 0x00000200) != 0) { userFeatures.push("No Terminal"); }
if ((user.removeRights & 0x00000400) != 0) { userFeatures.push("No Files"); }
}
@ -18475,6 +18491,8 @@
x += '<div><label><input type=checkbox id=d20flag7 class="form-check-input me-2" onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000008) ? 'checked' : '') + '>' + "No Remote Control" + '</label><br></div>';
x += '<div style=margin-left:8px><label><input type=checkbox id=d20flag2 class="form-check-input me-2" onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00010000) ? 'checked' : '') + '>' + "No Desktop Access" + '</label><br></div>';
x += '<div style=margin-left:16px><label><input type=checkbox id=d20flag3 class="form-check-input me-2" onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000100) ? 'checked' : '') + '>' + "Remote View Only" + '</label><br></div>';
x += '<div style=margin-left:16px><label><input type=checkbox id=d20flag12 class="form-check-input me-2" onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00001000) ? 'checked' : '') + '>' + "Limited Input Only" + '</label><br></div>';
x += '<div style=margin-left:16px><label><input type=checkbox id=d20flag13 class="form-check-input me-2" onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00400000) ? 'checked' : '') + '>' + "Hide RDP Sessions" + '</label><br></div>';
x += '<div style=margin-left:8px><label><input type=checkbox id=d20flag4 class="form-check-input me-2" onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000200) ? 'checked' : '') + '>' + "No Terminal Access" + '</label><br></div>';
x += '<div style=margin-left:8px><label><input type=checkbox id=d20flag5 class="form-check-input me-2" onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000400) ? 'checked' : '') + '>' + "No File Access" + '</label><br></div>';
x += '<div><label><input type=checkbox id=d20flag6 class="form-check-input me-2" onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000010) ? 'checked' : '') + '>' + "No Agent Console" + '</label><br></div>';
@ -18494,6 +18512,8 @@
QE('d20flag3', !Q('d20flag7').checked && !Q('d20flag2').checked);
QE('d20flag4', !Q('d20flag7').checked);
QE('d20flag5', !Q('d20flag7').checked);
QE('d20flag12', !Q('d20flag7').checked && !Q('d20flag2').checked && !Q('d20flag3').checked);
QE('d20flag13', !Q('d20flag7').checked && !Q('d20flag2').checked);
}
// Send to the server the new user's real name
@ -18507,7 +18527,11 @@
var r = 0;
if (Q('d20flag7').checked) { r += 0x00000008; } else {
if (Q('d20flag2').checked) { r += 0x00010000; }
else if (Q('d20flag3').checked) { r += 0x00000100; }
else {
if (Q('d20flag3').checked) { r += 0x00000100; }
else if (Q('d20flag12').checked) { r += 0x00001000; }
if (Q('d20flag13').checked) { r += 0x00400000; }
}
if (Q('d20flag4').checked) { r += 0x00000200; }
if (Q('d20flag5').checked) { r += 0x00000400; }
}
@ -18661,7 +18685,7 @@
if ((userinfo.links) && (userinfo.links[mesh._id] != null) && (userinfo.links[mesh._id].rights != null)) { cr = userinfo.links[mesh._id].rights; }
var meshname = '<i>' + "Unknown Device Group" + '</i>';
if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + EscapeHtml(mesh.name) + '</a>'; }
if ((currentUser._id != userinfo._id) && ((cr & 2) != 0)) { // 2 = MESHRIGHT_MANAGEUSERS
if ((userinfo.siteadmin == 0xFFFFFFFF) || ((currentUser._id != userinfo._id) && ((cr & 2) != 0))) { // 2 = MESHRIGHT_MANAGEUSERS
trash = '<a href=# onclick=\'return p30removeMeshFromUser(event,"' + encodeURIComponentEx(mesh._id) + '")\' title="' + "Remove user rights to this device group" + '" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>';
rights = '<span style=cursor:pointer onclick=p20showAddMeshUserDialog(1,"' + encodeURIComponentEx(mesh._id) + '")>' + rights + ' <img class=hoverButton style=cursor:pointer src=images/link5.png></span>';
}
@ -20639,6 +20663,8 @@
if ((userinfo.removeRights & 0x00000100) != 0) { add += 0x00000100; } // Desktop View Only
if ((userinfo.removeRights & 0x00000200) != 0) { add += 0x00000200; } // No Terminal
if ((userinfo.removeRights & 0x00000400) != 0) { add += 0x00000400; } // No Files
if ((userinfo.removeRights & 0x00001000) != 0) { add += 0x00001000; } // Limited Input Only
if ((userinfo.removeRights & 0x00400000) != 0) { add += 0x00400000; } // Hide RDP Sessions
if ((userinfo.removeRights & 0x00000010) != 0) { substract += 0x00000010; } // No Console
if ((userinfo.removeRights & 0x00008000) != 0) { substract += 0x00008000; } // No Uninstall
if ((userinfo.removeRights & 0x00020000) != 0) { substract += 0x00020000; } // No Remote Command

10
webserver.js
View File

@ -131,6 +131,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
const MESHRIGHT_REMOTECOMMAND = 0x00020000;
const MESHRIGHT_RESETOFF = 0x00040000;
const MESHRIGHT_GUESTSHARING = 0x00080000;
const MESHRIGHT_DEVICEDETAILS = 0x00100000;
const MESHRIGHT_RELAY = 0x00200000;
const MESHRIGHT_HIDERDPSESSIONS = 0x00400000;
const MESHRIGHT_ADMIN = 0xFFFFFFFF;
// Site rights
@ -3243,6 +3246,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
serverfeatures: serverFeatures,
features: allFeatures.features,
features2: allFeatures.features2,
features3: allFeatures.features3,
sessiontime: (args.sessiontime) ? args.sessiontime : 60,
mpspass: args.mpspass,
passRequirements: passRequirements,
@ -3317,6 +3321,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
obj.getDomainUserFeatures = function (domain, user, req) {
var features = 0;
var features2 = 0;
var features3 = 0;
if (obj.args.wanonly == true) { features += 0x00000001; } // WAN-only mode
if (obj.args.lanonly == true) { features += 0x00000002; } // LAN-only mode
if (obj.args.nousers == true) { features += 0x00000004; } // Single user mode
@ -3389,7 +3394,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if (domain.devicesearchbargroupname === true) { features2 += 0x10000000; } // Search bar will find by group name too
if (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.duo2factor != false)) && (typeof domain.duo2factor == 'object') && (typeof domain.duo2factor.integrationkey == 'string') && (typeof domain.duo2factor.secretkey == 'string') && (typeof domain.duo2factor.apihostname == 'string')) { features2 += 0x20000000; } // using Duo for 2FA is allowed
if (domain.showmodernuitoggle == true) { features2 += 0x40000000; } // Indicates that the new UI should be shown
return { features: features, features2: features2 };
if (domain.applyfeaturepermissionstorouterandwebtools !== false) {features3 += 0x00000001; }
return { features: features, features2: features2, features3 };
}
function handleRootRequestLogin(req, res, domain, hardwareKeyChallenge, passRequirements) {
@ -8997,6 +9003,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if ((user.removeRights & 0x00000100) != 0) { add += 0x00000100; } // Desktop View Only
if ((user.removeRights & 0x00000200) != 0) { add += 0x00000200; } // No Terminal
if ((user.removeRights & 0x00000400) != 0) { add += 0x00000400; } // No Files
if ((user.removeRights & 0x00001000) != 0) { add += 0x00001000; } // Limited Input Only
if ((user.removeRights & 0x00400000) != 0) { add += 0x00400000; } // Hide RDP Sessions
if ((user.removeRights & 0x00000010) != 0) { substract += 0x00000010; } // No Console
if ((user.removeRights & 0x00008000) != 0) { substract += 0x00008000; } // No Uninstall
if ((user.removeRights & 0x00020000) != 0) { substract += 0x00020000; } // No Remote Command