diff --git a/amtmanager.js b/amtmanager.js
index 7b9008bb..fb73bb27 100644
--- a/amtmanager.js
+++ b/amtmanager.js
@@ -255,6 +255,7 @@ module.exports.CreateAmtManager = function (parent) {
// Handle server events
// Make sure to only manage devices with connections to this server. In a multi-server setup, we don't want multiple managers talking to the same device.
obj.HandleEvent = function (source, event, ids, id) {
+ if (event.noact == 1) return; // Take no action on these events. We are likely in peering mode and need to only act when the database signals the change in state.
switch (event.action) {
case 'removenode': { // React to node being removed
removeDevice(event.nodeid);
@@ -266,22 +267,21 @@ module.exports.CreateAmtManager = function (parent) {
}
case 'changenode': { // React to changes in a device
var devices = obj.amtDevices[event.nodeid];
- if (devices = null) break; // We are not managing this device
- if (event.amtchange === 1) {
- // TODO
- } else {
- /*
- var dev = obj.amtDevices[event.nodeid];
- if (dev != null) {
- var amtchange = 0;
- if (dev.name != event.node.name) { dev.name = event.node.name; }
- if (dev.host != event.node.host) {
- dev.host = event.node.host;
- // The host has changed, if we are connected to this device locally, we need to reset.
- if ((dev.conn & 4) != 0) { removeDevice(dev.nodeid); return; } // We are going to wait for the AMT scanned to find this device again.
- }
+ if (devices == null) break; // We are not managing this device
+ for (var i in devices) {
+ var dev = devices[i];
+ if (dev.name != event.node.name) {
+ //console.log('device name change');
+ dev.name = event.node.name;
+ }
+ if (event.node.intelamt != null) {
+ dev.intelamt = event.node.intelamt;
+ }
+ if ((dev.connType == 3) && (dev.host != event.node.host)) {
+ //console.log('device host change', dev.host, event.node.host);
+ dev.host = event.node.host; // The host has changed, if we are connected to this device locally, we need to reset.
+ removeAmtDevice(dev); // We are going to wait for the AMT scanned to find this device again.
}
- */
}
break;
}
@@ -486,7 +486,6 @@ module.exports.CreateAmtManager = function (parent) {
dev.amtstack.dev = dev;
obj.activeLocalConnections[dev.host] = dev;
dev.amtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], attemptLocalConnectResponse);
- dev.conntype = 1; // LOCAL
}
break;
}
diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json
index e7625324..724f1fd7 100644
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -336,16 +336,16 @@
}
},
"urlSwitching": { "type": "boolean", "default": true, "description": "When users navigate thru the web interface, the URL on top will change to point to the current screen. This allows a user to refresh or bookmark the URL and come back to the correct screen. Setting false here will disable this feature." },
- "desktopPrivacyBarText": { "type": "string" },
+ "desktopPrivacyBarText": { "type": "string", "description": "This is the text that will be shown in the remote desktop privacy bar. You can use {0} to display the account realname or {1} to display the account identifier in the string." },
"limits": {
"type": "object",
"additionalProperties": false,
"properties": {
- "MaxDevices": { "type": "integer" },
- "MaxUserAccounts": { "type": "integer" },
- "MaxUserSessions": { "type": "integer" },
- "MaxAgentSessions": { "type": "integer" },
- "MaxSingleUserSessions": { "type": "integer" }
+ "MaxDevices": { "type": "integer", "default": null, "description": "Maximum number of devices in this domain." },
+ "MaxUserAccounts": { "type": "integer", "default": null, "description": "Maximum number of devices in this domain." },
+ "MaxUserSessions": { "type": "integer", "default": null, "description": "Maximum number of user sessions that can connect to this server for this domain." },
+ "MaxAgentSessions": { "type": "integer", "default": null, "description": "Maximum number of agents that can connect to this server for this domain." },
+ "MaxSingleUserSessions": { "type": "integer", "default": null, "description": "Maximum number of sessions a single user can have. Each time a user opens a new browser tab or opens a new browser on a different computer, a new user session is created." }
}
},
"terminal": {
diff --git a/meshcentral.js b/meshcentral.js
index 8108845c..6aa3b6a8 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -3039,7 +3039,7 @@ function mainStart() {
var allsspi = true;
var yubikey = false;
var mstsc = false;
- var recordingIndex = false;
+ var sessionRecording = false;
var domainCount = 0;
var wildleek = false;
var nodemailer = false;
@@ -3062,7 +3062,7 @@ function mainStart() {
if ((typeof config.domains[i].authstrategies.azure == 'object') && (typeof config.domains[i].authstrategies.azure.clientid == 'string') && (typeof config.domains[i].authstrategies.azure.clientsecret == 'string') && (typeof config.domains[i].authstrategies.azure.tenantid == 'string') && (passport.indexOf('passport-azure-oauth2') == -1)) { passport.push('passport-azure-oauth2'); passport.push('jwt-simple'); }
if ((typeof config.domains[i].authstrategies.saml == 'object') || (typeof config.domains[i].authstrategies.jumpcloud == 'object')) { passport.push('passport-saml'); }
}
- if ((config.domains[i].sessionrecording != null) && (config.domains[i].sessionrecording.index == true)) { recordingIndex = true; }
+ if (config.domains[i].sessionrecording != null) { sessionRecording = true; }
if ((config.domains[i].passwordrequirements != null) && (config.domains[i].passwordrequirements.bancommonpasswords == true)) { if (nodeVersion < 8) { config.domains[i].passwordrequirements = false; addServerWarning('Common password checking requires NodeJS v8 or above.'); } else { wildleek = true; } }
}
@@ -3072,7 +3072,7 @@ function mainStart() {
if (ldap == true) { modules.push('ldapauth-fork'); }
if (mstsc == true) { modules.push('node-rdpjs-2'); }
if (passport != null) { modules.push(...passport); }
- if (recordingIndex == true) { modules.push('image-size'); } // Need to get the remote desktop JPEG sizes to index the recodring file.
+ if (sessionRecording == true) { modules.push('image-size'); } // Need to get the remote desktop JPEG sizes to index the recodring file.
if (config.letsencrypt != null) { if (nodeVersion < 8) { addServerWarning("Let's Encrypt support requires Node v8.x or higher.", !args.launch); } else { modules.push('acme-client'); } } // Add acme-client module
if (config.settings.mqtt != null) { modules.push('aedes'); } // Add MQTT Modules
if (config.settings.mysql != null) { modules.push('mysql'); } // Add MySQL, official driver.
diff --git a/meshuser.js b/meshuser.js
index 48de10b5..428ae120 100644
--- a/meshuser.js
+++ b/meshuser.js
@@ -4047,8 +4047,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
}
if (command.desc != null && (command.desc != node.desc)) { change = 1; node.desc = command.desc; changes.push('description'); }
if (command.intelamt != null) {
- if ((parent.parent.amtManager == null) || (node.intelamt.user == null) || (node.intelamt.user == '') || ((node.intelamt.warn != null) && ((node.intelamt.warn) & 1 != 0))) { // Only allow changes to Intel AMT credentials if AMT manager is not running, or manager warned of unknown credentials.
- if ((command.intelamt.user != null) && (command.intelamt.pass != null) && ((command.intelamt.user != node.intelamt.user) || (command.intelamt.pass != node.intelamt.pass))) { change = 1; node.intelamt.user = command.intelamt.user; node.intelamt.pass = command.intelamt.pass; changes.push('Intel AMT credentials'); amtchange = 1; }
+ if ((parent.parent.amtManager == null) || (node.intelamt.user == null) || (node.intelamt.user == '') || ((node.intelamt.warn != null) && ((node.intelamt.warn) & 3 != 0))) { // Only allow changes to Intel AMT credentials if AMT manager is not running, or manager warned of unknown/trying credentials.
+ if ((command.intelamt.user != null) && (command.intelamt.pass != null) && ((command.intelamt.user != node.intelamt.user) || (command.intelamt.pass != node.intelamt.pass))) {
+ change = 1;
+ node.intelamt.user = command.intelamt.user;
+ node.intelamt.pass = command.intelamt.pass;
+ node.intelamt.warn = 2; // Change warning to "Trying". Bit flags: 0 = Valid credentials, 1 = Invalid credentials, 2 = Trying new credentials.
+ changes.push('Intel AMT credentials');
+ amtchange = 1;
+ }
}
// Only allow the user to set Intel AMT TLS state if AMT Manager is not active. AMT manager will auto-detect TLS state.
if ((parent.parent.amtManager != null) && (command.intelamt.tls != null) && (command.intelamt.tls != node.intelamt.tls)) { change = 1; node.intelamt.tls = command.intelamt.tls; changes.push('Intel AMT TLS'); }
diff --git a/views/default-mobile.handlebars b/views/default-mobile.handlebars
index c436007b..49de7955 100644
--- a/views/default-mobile.handlebars
+++ b/views/default-mobile.handlebars
@@ -3125,12 +3125,17 @@
} else {
str += ', ' + "No Credentials" + '';
}
- } else if (((features2 & 1) != 0) && (node.intelamt.warn != null) && ((node.intelamt.warn & 1) != 0)) { // If AMT manager is running and warned of invalid credentials, allow setting them.
- if ((meshrights & 4) != 0) {
- str += ', ' + "Invalid Credentials" + '';
- editUserCredentialsIcon = true;
- } else {
- str += ', ' + "Invalid Credentials" + '';
+ } else if (((features2 & 1) != 0) && (node.intelamt.warn != null)) { // If AMT manager is running and warned of invalid credentials, allow setting them.
+ var warn = null;
+ if ((node.intelamt.warn & 1) != 0) { warn = "Invalid Credentials"; }
+ if ((node.intelamt.warn & 2) != 0) { warn = "Trying Credentials"; }
+ if (warn != null) {
+ if ((meshrights & 4) != 0) {
+ str += ', ' + warn + '';
+ editUserCredentialsIcon = true;
+ } else {
+ str += ', ' + warn + '';
+ }
}
}
diff --git a/views/default.handlebars b/views/default.handlebars
index fc4d6e51..e6d2d279 100644
--- a/views/default.handlebars
+++ b/views/default.handlebars
@@ -5924,12 +5924,17 @@
} else {
str += ', ' + "No Credentials" + '';
}
- } else if (((features2 & 1) != 0) && (node.intelamt.warn != null) && ((node.intelamt.warn & 1) != 0)) { // If AMT manager is running and warned of invalid credentials, allow setting them.
- if ((meshrights & 4) != 0) {
- str += ', ' + "Invalid Credentials" + '';
- editUserCredentialsIcon = true;
- } else {
- str += ', ' + "Invalid Credentials" + '';
+ } else if (((features2 & 1) != 0) && (node.intelamt.warn != null)) { // If AMT manager is running and warned of invalid credentials, allow setting them.
+ var warn = null;
+ if ((node.intelamt.warn & 1) != 0) { warn = "Invalid Credentials"; }
+ if ((node.intelamt.warn & 2) != 0) { warn = "Trying Credentials"; }
+ if (warn != null) {
+ if ((meshrights & 4) != 0) {
+ str += ', ' + warn + '';
+ editUserCredentialsIcon = true;
+ } else {
+ str += ', ' + warn + '';
+ }
}
}