re-write security system to be more like WNI
- can get telly and reach stage-two - narrow whitelist of allowed URLS in WTVClientSessionData constructor - enough to show wtv-1800:/unauthorized with trust priv - Times out lockeddown users really fast ;) - untested disk error page
This commit is contained in:
zefie
@@ -162,8 +162,8 @@ if (ssid_sessions[socket.ssid].data_store.wtvsec_login) {
|
||||
|
||||
if (bf0app_update) headers += getServiceString('wtv-star', { "no_star_word": true }) + "\n";
|
||||
else headers += getServiceString('wtv-star') + "\n";
|
||||
if (request_headers.query.reconnect && !ssid_sessions[socket.ssid].getSessionData("registered")) headers += getServiceString('wtv-register') + "\n";
|
||||
headers += getServiceString('wtv-flashrom') + "\n";
|
||||
if (request_headers.query.reconnect && !ssid_sessions[socket.ssid].getSessionData("registered") && !ssid_sessions[socket.ssid].lockdown) headers += getServiceString('wtv-register') + "\n";
|
||||
if (!ssid_sessions[socket.ssid].lockdown) headers += getServiceString('wtv-flashrom') + "\n";
|
||||
if (bf0app_update) headers += "wtv-boot-url: " + gourl + "\n";
|
||||
else {
|
||||
headers += "wtv-boot-url: wtv-head-waiter:/relogin?relogin=true";
|
||||
|
||||
95
zefie_wtvp_minisrv/ServiceVault/wtv-1800/unauthorized.js
Normal file
95
zefie_wtvp_minisrv/ServiceVault/wtv-1800/unauthorized.js
Normal file
@@ -0,0 +1,95 @@
|
||||
headers = `200 OK
|
||||
Content-type: text/html`;
|
||||
|
||||
data = `<html>
|
||||
<head>
|
||||
<title>
|
||||
Access Denied
|
||||
</title>
|
||||
<display nostatus nooptions switchtowebmode nohome>
|
||||
</head>
|
||||
<body noscroll bgcolor="#191919" text="#42CC55" link="36d5ff"
|
||||
hspace=0 vspace=0 fontsize="large"
|
||||
>
|
||||
<table cellspacing=0 cellpadding=0^C>
|
||||
<tr>
|
||||
<td width=104 height=74 valign=middle align=center bgcolor="3B3A4D">
|
||||
<img src="file://ROM/Cache/WebTVLogoJewel.gif" width=86 height=64>
|
||||
<td width=20 valign=top align=left bgcolor="3B3A4D">
|
||||
<img src="ROMCache/Spacer.gif"
|
||||
width=1 height=1>
|
||||
<td colspan=10 width=436 valign=middle align=left bgcolor="3B3A4D">
|
||||
<font color="D6DFD0" size="+2">
|
||||
<blackface>
|
||||
<shadow>
|
||||
<img src="ROMCache/Spacer.gif"
|
||||
width=1 height=4>
|
||||
<br>
|
||||
Access Denied
|
||||
</shadow>
|
||||
</blackface>
|
||||
</font>
|
||||
<tr>
|
||||
<td colspan=12 width=560 height=10 valign=top align=left>
|
||||
<img src="ROMCache/Shadow.gif" width=560 height=6>
|
||||
<tr>
|
||||
<td width=104 height=10 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<td width=67 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<td width=67 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<td width=67 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<td width=67 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<td width=68 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<form action="client:poweroff"
|
||||
>
|
||||
<tr>
|
||||
<td width=104 valign=middle align=center>
|
||||
<td width=20 valign=middle align=center>
|
||||
<td colspan=9 width=100 height=258 valign=top align=left>
|
||||
<font size=-1>You are not authorized to use this service. <p>Reason: ${ssid_sessions[socket.ssid].lockdownReason}</font>
|
||||
<tr>
|
||||
<td width=104 valign=middle align=center>
|
||||
<td width=20 valign=middle align=center>
|
||||
<td colspan=10 height=2 valign=middle align=center bgcolor="2B2B2B">
|
||||
<img src="ROMCache/Spacer.gif" width=436 height=1>
|
||||
<tr>
|
||||
<td width=104 valign=middle align=center>
|
||||
<td width=20 valign=middle align=center>
|
||||
<td colspan=9 height=1 valign=top align=left>
|
||||
<tr>
|
||||
<td width=104 valign=middle align=center>
|
||||
<td width=20 valign=middle align=center>
|
||||
<td colspan=10 height=2 valign=top align=left bgcolor="0D0D0D">
|
||||
<img src="ROMCache/Spacer.gif" width=436 height=1>
|
||||
<tr>
|
||||
<td width=104 valign=middle align=center>
|
||||
<td width=20 valign=middle align=center>
|
||||
<td colspan=9 height=4 valign=top align=left>
|
||||
<tr>
|
||||
<td width=104 valign=middle align=center>
|
||||
<td width=20 valign=middle align=center>
|
||||
<td colspan=9 width=416 valign=top align=left>
|
||||
<table cellspacing=0 cellpadding=0>
|
||||
<tr>
|
||||
<td width=306 valign=top align=left>
|
||||
<font size="-1"><i>
|
||||
</i></font><td width=112 valign=top align=right>
|
||||
<font size="-1" color="#E7CE4A">
|
||||
<shadow>
|
||||
<input selected
|
||||
name="Power Off"
|
||||
value="Power Off"
|
||||
type=submit Value=Continue name="Continue" borderimage="file://ROM/Borders/ButtonBorder2.bif" usestyle width=110>
|
||||
</shadow>
|
||||
</font>
|
||||
</form>
|
||||
</table>
|
||||
<td width=20 valign=middle align=center>
|
||||
</table>
|
||||
</body>
|
||||
</html>`;
|
||||
@@ -80,9 +80,9 @@ Updating now
|
||||
<td width=20 valign=middle align=center>
|
||||
<td colspan=9 width=100 height=258 valign=top align=left>
|
||||
<font size=+1>
|
||||
Your WebTV Unit is being<br>updated automatically.
|
||||
Your ${ssid_sessions[socket.ssid].getBoxName()} is being<br>updated automatically.
|
||||
<p> <font size=+1>
|
||||
This will take a while, and<br>then you can use your WebTV again.
|
||||
This will take a while, and<br>then you can use your ${ssid_sessions[socket.ssid].getBoxName()} again.
|
||||
`;
|
||||
if (flashrom_info.is_bootrom && flashrom_info.part_number == (flashrom_info.part_count - 1)) {
|
||||
data += `<p>
|
||||
|
||||
@@ -64,7 +64,7 @@ Updating complete
|
||||
<font size=+1>
|
||||
The update is complete.<br>
|
||||
<p><font size=+1>Choose <b>Connect Now</b> if you<br>want to connect to ${minisrv_config.config.service_name}.
|
||||
<p><font size=+1>Press the <b>power</b> button to switch<br>off your unit.
|
||||
<p><font size=+1>Press the <b>power</b> button to switch<br>off your ${ssid_sessions[socket.ssid].getBoxName()}.
|
||||
</font>
|
||||
<tr>
|
||||
<td width=104 valign=middle align=center>
|
||||
|
||||
@@ -93,7 +93,7 @@ data = `<html>
|
||||
We ran into a technical problem while updating
|
||||
your unit. (Error: ${error})
|
||||
Choose <b>Try Again</b> to try again now.
|
||||
<p><font size=+1>Press the <b>power</b> button to switch off your unit.
|
||||
<p><font size=+1>Press the <b>power</b> button to switch off your ${ssid_sessions[socket.ssid].getBoxName()}.
|
||||
<tr>
|
||||
<td width=104 valign=middle align=center>
|
||||
<td width=20 valign=middle align=center>
|
||||
|
||||
63
zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/bad-disk.js
Normal file
63
zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/bad-disk.js
Normal file
@@ -0,0 +1,63 @@
|
||||
var minisrv_service_file = true;
|
||||
|
||||
ssid_sessions[socket.ssid].disableLockdown();
|
||||
|
||||
data += `<html>
|
||||
<head>
|
||||
<display switchtowebmode nooptions nostatus skipback clearback> <title>Please Call</title>
|
||||
</head>
|
||||
<body bgcolor="#191919" text="#42CC55" link="36d5ff" fontsize="large" hspace=0 vspace=0>
|
||||
<table cellspacing=0 cellpadding=0>
|
||||
<tr><td width=104 height=74 valign=middle align=center bgcolor="3B3A4D">
|
||||
<img src="wtv-flashrom:/ROMCache/WebTVLogoJewel.gif" width=86 height=64><td width=20 valign=top align=left bgcolor="3B3A4D">
|
||||
<img src="ROMCache/Spacer.gif"
|
||||
width=1 height=1>
|
||||
<td colspan=10 width=436 valign=middle align=left bgcolor="3B3A4D">
|
||||
<font color="D6DFD0" size="+2">
|
||||
<blackface>
|
||||
<shadow>
|
||||
<img src="ROMCache/Spacer.gif"
|
||||
width=1 height=4>
|
||||
<br>
|
||||
Please Call
|
||||
</shadow>
|
||||
</blackface>
|
||||
</font>
|
||||
<tr>
|
||||
<td colspan=12 width=560 height=10 valign=top align=left>
|
||||
<img src="file://ROM/Cache/Shadow.gif" width=560 height=6>
|
||||
<tr>
|
||||
<td width=104 height=10 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<td width=67 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<td width=67 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<td width=67 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<td width=67 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<td width=68 valign=top align=left>
|
||||
<td width=20 valign=top align=left>
|
||||
<tr>
|
||||
<td width=104 valign=middle align=center>
|
||||
<td width=20 valign=middle align=center>
|
||||
<td colspan=9 width=100 height=258 valign=top align=left>
|
||||
<font size=+1>
|
||||
Your Internet terminal needs to be repaired
|
||||
or replaced before you can connect to WebTV.
|
||||
<!-- Disabled until we can reliably grab the user's box manufacturer
|
||||
<p>Call Philips customer service at<br>1-888-813-7069 -->
|
||||
<tr><td colspan=2>
|
||||
<td colspan=99 abswidth=436 absheight=2 bgcolor=2B2B2B> <img src="wtv-flashrom:/ROMCache/Spacer.gif" width=1 height=1> <tr><td absheight=1>
|
||||
<tr><td colspan=2>
|
||||
<td colspan=99 abswidth=436 absheight=2 bgcolor=0D0D0D> <img src="wtv-flashrom:/ROMCache/Spacer.gif" width=1 height=1> <tr><td height=7>
|
||||
<tr>
|
||||
<td width=104 valign=middle align=center> <td width=20 valign=middle align=center> <td colspan=9 width=416 valign=top align=left> <table cellspacing=0 cellpadding=0>
|
||||
<tr>
|
||||
<td width=306 valign=top align=right><td width=20> <td width=112 valign=top align=right>
|
||||
<form action="client:poweroff"> <FONT COLOR="#E7CE4A" SIZE=-1><input type="Submit" value="Power Off" BORDERIMAGE="file://ROM/Borders/ButtonBorder2.bif" usestyle selected></font>
|
||||
<input type="Hidden" name="version" value=""> </form>
|
||||
</table>
|
||||
</BODY>
|
||||
</html>`;
|
||||
@@ -53,7 +53,10 @@ Content-type: text/html`;
|
||||
data = '';
|
||||
}
|
||||
else {
|
||||
if (request_headers.query.guest_login && minisrv_config.config.allow_guests) {
|
||||
if (ssid_sessions[socket.ssid].lockdown) {
|
||||
home_url = minisrv_config.config.unauthorized_url;
|
||||
}
|
||||
else if (request_headers.query.guest_login && minisrv_config.config.allow_guests) {
|
||||
var namerand = Math.floor(Math.random() * 100000);
|
||||
var nickname = (minisrv_config.config.service_name + '_' + namerand)
|
||||
var human_name = nickname;
|
||||
@@ -89,42 +92,66 @@ wtv-expire-all: client:closeallpanels
|
||||
wtv-transition-override: off
|
||||
wtv-force-lightweight-targets: webtv.net:/
|
||||
wtv-smartcard-inserted-message: Contacting service
|
||||
wtv-bypass-proxy: false
|
||||
wtv-bypass-proxy: false`;
|
||||
if (!ssid_sessions[socket.ssid].lockdown) {
|
||||
headers += `
|
||||
wtv-offline-user-list: ${offline_user_list}
|
||||
wtv-messenger-authorized: ${messenger_authorized}
|
||||
wtv-messenger-enable: ${messenger_enabled}
|
||||
wtv-messenger-enable: ${messenger_enabled}`;
|
||||
}
|
||||
headers += `
|
||||
wtv-noback-all: wtv-
|
||||
wtv-service: reset
|
||||
`+ getServiceString('all', { "exceptions": ["wtv-register"] }) + `
|
||||
`;
|
||||
if (!ssid_sessions[socket.ssid].lockdown) {
|
||||
headers += getServiceString('all', { "exceptions": ["wtv-register"] });
|
||||
} else {
|
||||
headers += getServiceString('wtv-1800') + "\n";
|
||||
headers += getServiceString('wtv-head-waiter') + "\n";
|
||||
headers += getServiceString('wtv-star') + "\n";
|
||||
}
|
||||
headers += `
|
||||
wtv-ticket: ${wtvsec_login.ticket_b64}`;
|
||||
if (!ssid_sessions[socket.ssid].lockdown) {
|
||||
headers += `
|
||||
user-id: ${userid}
|
||||
wtv-human-name: ${human_name}
|
||||
${ssid_sessions[socket.ssid].setIRCNick(nickname)}
|
||||
wtv-domain: wtv.zefie.com
|
||||
wtv-input-timeout: 14400
|
||||
wtv-ticket: ${wtvsec_login.ticket_b64}
|
||||
wtv-domain: ${minisrv_config.config.domain_name}
|
||||
wtv-messagewatch-checktimeoffset: off
|
||||
wtv-input-timeout: 14400
|
||||
wtv-connection-timeout: 90
|
||||
wtv-fader-timeout: 900
|
||||
wtv-smartcard-inserted-message: Contacting service
|
||||
wtv-inactive-timeout: 0
|
||||
wtv-connection-timeout: 90
|
||||
wtv-show-time-enabled: true
|
||||
wtv-fader-timeout: 900
|
||||
wtv-tourist-enabled: true`
|
||||
wtv-connection-timeout: 1440
|
||||
wtv-fader-timeout: 1440
|
||||
wtv-inactive-timeout: 1440`;
|
||||
} else {
|
||||
headers += `
|
||||
user-id: 0
|
||||
wtv-human-name: Unauthorized User
|
||||
wtv-domain: ${minisrv_config.config.domain_name}
|
||||
wtv-input-timeout: 30
|
||||
wtv-connection-timeout: 60
|
||||
wtv-fader-timeout: 60
|
||||
wtv-inactive-timeout: 60`;
|
||||
}
|
||||
|
||||
headers += "\nwtv-relogin-url: wtv-head-waiter:/relogin?relogin=true";
|
||||
if (request_headers.query.guest_login) headers += "&guest_login=true";
|
||||
|
||||
headers += "\nwtv-reconnect-url: wtv-head-waiter:/login-stage-two?reconnect=true";
|
||||
if (request_headers.query.guest_login) headers += "&guest_login=true";
|
||||
|
||||
headers += "\nwtv-boot-url: wtv-head-waiter:/relogin?relogin=true";
|
||||
if (request_headers.query.guest_login) headers += "&guest_login=true";
|
||||
headers += "\nwtv-allow-dsc: true";
|
||||
headers += "\nwtv-home-url: wtv-home:/home?";
|
||||
|
||||
if (ssid_sessions[socket.ssid].get('wtv-need-upgrade') != 'true' && !request_headers.query.reconnect) {
|
||||
if (!ssid_sessions[socket.ssid].lockdown) headers += "\nwtv-home-url: wtv-home:/home?";
|
||||
|
||||
if (ssid_sessions[socket.ssid].get('wtv-need-upgrade') != 'true' && !request_headers.query.reconnect && !ssid_sessions[socket.ssid].lockdown)
|
||||
headers += "\nwtv-settings-url: wtv-setup:/get";
|
||||
}
|
||||
|
||||
headers += `
|
||||
wtv-show-time-enabled: true
|
||||
wtv-allow-dsc: true
|
||||
wtv-tourist-enabled: true
|
||||
wtv-log-url: wtv-log:/log
|
||||
wtv-ssl-log-url: wtv-log:/log
|
||||
wtv-ssl-timeout: 240
|
||||
|
||||
@@ -1,31 +1,41 @@
|
||||
var minisrv_service_file = true;
|
||||
|
||||
var settings_obj = ssid_sessions[socket.ssid].getSessionData("wtv-setup");
|
||||
if (settings_obj === null) settings_obj = {};
|
||||
if (ssid_sessions[socket.ssid].lockdown) {
|
||||
headers = `200 OK
|
||||
wtv-printer-model: -1,-1
|
||||
wtv-printer-pen: 0,0,1,0
|
||||
wtv-printer-setup: 0,0,1,0
|
||||
wtv-language-header: en-US,en
|
||||
Content-Type: text/html`;
|
||||
data = "";
|
||||
} else {
|
||||
|
||||
settings_obj["from-server"] = 1;
|
||||
var settings_obj = ssid_sessions[socket.ssid].getSessionData("wtv-setup");
|
||||
if (settings_obj === null) settings_obj = {};
|
||||
|
||||
// defaults
|
||||
if (!settings_obj["setup-advanced-options"]) settings_obj["setup-advanced-options"] = 0;
|
||||
if (!settings_obj["setup-play-bgm"]) settings_obj["setup-play-bgm"] = 0;
|
||||
if (!settings_obj["setup-bgm-tempo"]) settings_obj["setup-bgm-tempo"] = -1;
|
||||
if (!settings_obj["setup-bgm-volume"]) settings_obj["setup-bgm-volume"] = 100;
|
||||
if (!settings_obj["setup-background-color"]) settings_obj["setup-background-color"] = "c6c6c6";
|
||||
if (!settings_obj["setup-font-sizes"]) settings_obj["setup-font-sizes"] = "medium";
|
||||
if (!settings_obj["setup-in-stereo"]) settings_obj["setup-in-stereo"] = 1;
|
||||
if (!settings_obj["setup-keyboard"]) settings_obj["setup-keyboard"] = "alphabetical";
|
||||
if (!settings_obj["setup-link-color"]) settings_obj["setup-link-color"] = "2222bb";
|
||||
if (!settings_obj["setup-play-songs"]) settings_obj["setup-play-songs"] = 1;
|
||||
if (!settings_obj["setup-play-sounds"]) settings_obj["setup-play-sounds"] = 1;
|
||||
if (!settings_obj["setup-text-color"]) settings_obj["setup-text-color"] = 0;
|
||||
if (!settings_obj["setup-visited-color"]) settings_obj["setup-visited-color"] = "8822bb";
|
||||
if (!settings_obj["setup-japan-keyboard"]) settings_obj["setup-japan-keyboard"] = "roman";
|
||||
if (!settings_obj["setup-japan-softkeyboard"]) settings_obj["setup-japan-softkeyboard"] = "roman"
|
||||
if (!settings_obj["setup-chat-access-level"]) settings_obj["setup-chat-access-level"] = 0;
|
||||
if (!settings_obj["setup-chat-on-nontrusted-pages"]) settings_obj["setup-chat-on-nontrusted-pages"] = 1;
|
||||
if (!settings_obj["setup-tv-chat-level"]) settings_obj["setup-tv-chat-level"] = 2;
|
||||
settings_obj["from-server"] = 1;
|
||||
|
||||
headers = `200 OK
|
||||
// defaults
|
||||
if (!settings_obj["setup-advanced-options"]) settings_obj["setup-advanced-options"] = 0;
|
||||
if (!settings_obj["setup-play-bgm"]) settings_obj["setup-play-bgm"] = 0;
|
||||
if (!settings_obj["setup-bgm-tempo"]) settings_obj["setup-bgm-tempo"] = -1;
|
||||
if (!settings_obj["setup-bgm-volume"]) settings_obj["setup-bgm-volume"] = 100;
|
||||
if (!settings_obj["setup-background-color"]) settings_obj["setup-background-color"] = "c6c6c6";
|
||||
if (!settings_obj["setup-font-sizes"]) settings_obj["setup-font-sizes"] = "medium";
|
||||
if (!settings_obj["setup-in-stereo"]) settings_obj["setup-in-stereo"] = 1;
|
||||
if (!settings_obj["setup-keyboard"]) settings_obj["setup-keyboard"] = "alphabetical";
|
||||
if (!settings_obj["setup-link-color"]) settings_obj["setup-link-color"] = "2222bb";
|
||||
if (!settings_obj["setup-play-songs"]) settings_obj["setup-play-songs"] = 1;
|
||||
if (!settings_obj["setup-play-sounds"]) settings_obj["setup-play-sounds"] = 1;
|
||||
if (!settings_obj["setup-text-color"]) settings_obj["setup-text-color"] = 0;
|
||||
if (!settings_obj["setup-visited-color"]) settings_obj["setup-visited-color"] = "8822bb";
|
||||
if (!settings_obj["setup-japan-keyboard"]) settings_obj["setup-japan-keyboard"] = "roman";
|
||||
if (!settings_obj["setup-japan-softkeyboard"]) settings_obj["setup-japan-softkeyboard"] = "roman"
|
||||
if (!settings_obj["setup-chat-access-level"]) settings_obj["setup-chat-access-level"] = 0;
|
||||
if (!settings_obj["setup-chat-on-nontrusted-pages"]) settings_obj["setup-chat-on-nontrusted-pages"] = 1;
|
||||
if (!settings_obj["setup-tv-chat-level"]) settings_obj["setup-tv-chat-level"] = 2;
|
||||
|
||||
headers = `200 OK
|
||||
wtv-backgroundmusic-load-playlist: wtv-setup:/get-playlist
|
||||
wtv-printer-model: -1,-1
|
||||
wtv-printer-pen: 0,0,1,0
|
||||
@@ -33,10 +43,11 @@ wtv-printer-setup: 0,0,1,0
|
||||
wtv-language-header: en-US,en
|
||||
Content-Type: text/html`;
|
||||
|
||||
data = "";
|
||||
data = "";
|
||||
|
||||
Object.keys(settings_obj).forEach(function (k, v) {
|
||||
data += k + "=" + escape(settings_obj[k]) + "&";
|
||||
});
|
||||
Object.keys(settings_obj).forEach(function (k, v) {
|
||||
data += k + "=" + escape(settings_obj[k]) + "&";
|
||||
});
|
||||
|
||||
data = data.substring(0, (data.length - 1));
|
||||
data = data.substring(0, (data.length - 1));
|
||||
}
|
||||
Reference in New Issue
Block a user