external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Started work on web-based SSH support.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2021-04-28 23:22:54 -07:00
parent ee3581aa31
commit 110195d8c6
9 changed files with 2151 additions and 1701 deletions
Download patch file Download diff file Expand all files Collapse all files

3
MeshCentralServer.njsproj
View file

@ -178,6 +178,7 @@
<Compile Include="public\novnc\vendor\promise.js" /> <Compile Include="public\novnc\vendor\promise.js" />
<Compile Include="public\scripts\agent-redir-rtc-0.1.0.js" /> <Compile Include="public\scripts\agent-redir-rtc-0.1.0.js" />
<Compile Include="public\serviceworker.js" /> <Compile Include="public\serviceworker.js" />
<Compile Include="ssh.js" />
<Compile Include="swarmserver.js" /> <Compile Include="swarmserver.js" />
<Compile Include="multiserver.js" /> <Compile Include="multiserver.js" />
<Compile Include="pass.js" /> <Compile Include="pass.js" />
@ -570,6 +571,8 @@
<Content Include="views\messenger.handlebars" /> <Content Include="views\messenger.handlebars" />
<Content Include="views\mstsc.handlebars" /> <Content Include="views\mstsc.handlebars" />
<Content Include="views\player.handlebars" /> <Content Include="views\player.handlebars" />
<Content Include="views\sharing.handlebars" />
<Content Include="views\ssh.handlebars" />
<Content Include="views\terminal.handlebars" /> <Content Include="views\terminal.handlebars" />
<Content Include="views\terms-mobile.handlebars" /> <Content Include="views\terms-mobile.handlebars" />
<Content Include="views\terms.handlebars" /> <Content Include="views\terms.handlebars" />

3
meshcentral.js
View file

@ -3092,6 +3092,7 @@ function mainStart() {
var allsspi = true; var allsspi = true;
var yubikey = false; var yubikey = false;
var mstsc = false; var mstsc = false;
var ssh = false;
var sessionRecording = false; var sessionRecording = false;
var domainCount = 0; var domainCount = 0;
var wildleek = false; var wildleek = false;
@ -3106,6 +3107,7 @@ function mainStart() {
if (config.domains[i].yubikey != null) { yubikey = true; } if (config.domains[i].yubikey != null) { yubikey = true; }
if (config.domains[i].auth == 'ldap') { ldap = true; } if (config.domains[i].auth == 'ldap') { ldap = true; }
if (config.domains[i].mstsc === true) { mstsc = true; } if (config.domains[i].mstsc === true) { mstsc = true; }
if (config.domains[i].ssh === true) { ssh = true; }
if ((typeof config.domains[i].authstrategies == 'object')) { if ((typeof config.domains[i].authstrategies == 'object')) {
if (passport == null) { passport = ['passport']; } if (passport == null) { passport = ['passport']; }
if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.clientid == 'string') && (typeof config.domains[i].authstrategies.twitter.clientsecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); } if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.clientid == 'string') && (typeof config.domains[i].authstrategies.twitter.clientsecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); }
@ -3124,6 +3126,7 @@ function mainStart() {
if (require('os').platform() == 'win32') { modules.push('node-windows'); modules.push('loadavg-windows'); if (sspi == true) { modules.push('node-sspi'); } } // Add Windows modules if (require('os').platform() == 'win32') { modules.push('node-windows'); modules.push('loadavg-windows'); if (sspi == true) { modules.push('node-sspi'); } } // Add Windows modules
if (ldap == true) { modules.push('ldapauth-fork'); } if (ldap == true) { modules.push('ldapauth-fork'); }
if (mstsc == true) { modules.push('node-rdpjs-2'); } if (mstsc == true) { modules.push('node-rdpjs-2'); }
if (ssh == true) { modules.push('ssh2'); }
if (passport != null) { modules.push(...passport); } if (passport != null) { modules.push(...passport); }
if (sessionRecording == true) { modules.push('image-size'); } // Need to get the remote desktop JPEG sizes to index the recodring file. if (sessionRecording == true) { modules.push('image-size'); } // Need to get the remote desktop JPEG sizes to index the recodring file.
if (config.letsencrypt != null) { if (nodeVersion < 8) { addServerWarning("Let's Encrypt support requires Node v8.x or higher.", !args.launch); } else { modules.push('acme-client'); } } // Add acme-client module if (config.letsencrypt != null) { if (nodeVersion < 8) { addServerWarning("Let's Encrypt support requires Node v8.x or higher.", !args.launch); } else { modules.push('acme-client'); } } // Add acme-client module

2
public/scripts/agent-desktop-0.0.2-min.js vendored
View file

File diff suppressed because one or more lines are too long

157
ssh.js Normal file
View file

@ -0,0 +1,157 @@
/**
* @description MeshCentral SSH relay
* @author Ylian Saint-Hilaire
* @copyright Intel Corporation 2018-2021
* @license Apache-2.0
* @version v0.0.1
*/
/*jslint node: true */
/*jshint node: true */
/*jshint strict:false */
/*jshint -W097 */
/*jshint esversion: 6 */
"use strict";
// Construct a SSH Relay object, called upon connection
module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
const Net = require('net');
const WebSocket = require('ws');
var obj = {};
obj.domain = domain;
obj.ws = ws;
obj.wsClient = null;
obj.tcpServer = null;
obj.tcpServerPort = 0;
obj.relaySocket = null;
obj.relayActive = false;
obj.infos = null;
var sshClient = null;
parent.parent.debug('relay', 'SSH: Request for SSH relay (' + req.clientIp + ')');
// Disconnect
obj.close = function (arg) {
if ((arg == 1) || (arg == null)) { try { ws.close(); } catch (e) { console.log(e); } } // Soft close, close the websocket
if (arg == 2) { try { ws._socket._parent.end(); } catch (e) { console.log(e); } } // Hard close, close the TCP socket
if (obj.wsClient) { obj.wsClient.close(); obj.wsClient = null; }
if (obj.tcpServer) { obj.tcpServer.close(); obj.tcpServer = null; }
if (sshClient) { sshClient.close(); sshClient = null; }
delete obj.domain;
delete obj.ws;
};
// Start the looppback server
function startTcpServer() {
obj.tcpServer = new Net.Server();
obj.tcpServer.listen(0, '127.0.0.1', function () { obj.tcpServerPort = obj.tcpServer.address().port; startSSH(obj.tcpServerPort); });
obj.tcpServer.on('connection', function (socket) {
if (obj.relaySocket != null) {
socket.close();
} else {
obj.relaySocket = socket;
obj.relaySocket.pause();
obj.relaySocket.on('data', function (chunk) { // Make sure to handle flow control.
if (obj.relayActive == true) { obj.relaySocket.pause(); obj.wsClient.send(chunk, function () { obj.relaySocket.resume(); }); }
});
obj.relaySocket.on('end', function () { obj.close(); });
obj.relaySocket.on('error', function (err) { obj.close(); });
// Decode the authentication cookie
var cookie = parent.parent.decodeCookie(obj.infos.ip, parent.parent.loginCookieEncryptionKey);
if (cookie == null) return;
// Setup the correct URL with domain and use TLS only if needed.
var options = { rejectUnauthorized: false };
if (domain.dns != null) { options.servername = domain.dns; }
var protocol = 'wss';
if (args.tlsoffload) { protocol = 'ws'; }
var domainadd = '';
if ((domain.dns == null) && (domain.id != '')) { domainadd = domain.id + '/' }
var url = protocol + '://127.0.0.1:' + args.port + '/' + domainadd + ((cookie.lc == 1)?'local':'mesh') + 'relay.ashx?noping=1&auth=' + obj.infos.ip;
parent.parent.debug('relay', 'SSH: Connection websocket to ' + url);
obj.wsClient = new WebSocket(url, options);
obj.wsClient.on('open', function () { parent.parent.debug('relay', 'SSH: Relay websocket open'); });
obj.wsClient.on('message', function (data) { // Make sure to handle flow control.
if ((obj.relayActive == false) && (data == 'c')) {
obj.relayActive = true; obj.relaySocket.resume();
} else {
obj.wsClient._socket.pause();
obj.relaySocket.write(data, function () { obj.wsClient._socket.resume(); });
}
});
obj.wsClient.on('close', function () { parent.parent.debug('relay', 'SSH: Relay websocket closed'); obj.close(); });
obj.wsClient.on('error', function (err) { parent.parent.debug('relay', 'SSH: Relay websocket error: ' + err); obj.close(); });
obj.tcpServer.close();
obj.tcpServer = null;
}
});
}
// Start the SSH client
function startSSH(port) {
parent.parent.debug('relay', 'SSH: Starting SSH client on loopback port ' + port);
try {
sshClient = require('node-rdpjs-2').createClient({
logLevel: 'ERROR',
domain: obj.infos.domain,
userName: obj.infos.username,
password: obj.infos.password,
enablePerf: true,
autoLogin: true,
screen: obj.infos.screen,
locale: obj.infos.locale
}).on('connect', function () {
send(['rdp-connect']);
}).on('bitmap', function (bitmap) {
try { ws.send(bitmap.data); } catch (ex) { } // Send the bitmap data as binary
delete bitmap.data;
send(['rdp-bitmap', bitmap]); // Send the bitmap metadata seperately, without bitmap data.
}).on('close', function () {
send(['rdp-close']);
}).on('error', function (err) {
send(['rdp-error', err]);
}).connect('127.0.0.1', obj.tcpServerPort);
} catch (ex) {
console.log('startSshException', ex);
obj.close();
}
}
// When data is received from the web socket
// SSH default port is 22
ws.on('message', function (msg) {
try {
msg = JSON.parse(msg);
switch (msg[0]) {
case 'infos': { obj.infos = msg[1]; startTcpServer(); break; }
case 'mouse': { if (sshClient) { sshClient.sendPointerEvent(msg[1], msg[2], msg[3], msg[4]); } break; }
case 'wheel': { if (sshClient) { sshClient.sendWheelEvent(msg[1], msg[2], msg[3], msg[4]); } break; }
case 'scancode': { if (sshClient) { sshClient.sendKeyEventScancode(msg[1], msg[2]); } break; }
case 'unicode': { if (sshClient) { sshClient.sendKeyEventUnicode(msg[1], msg[2]); } break; }
case 'disconnect': { obj.close(); break; }
}
} catch (ex) {
console.log('SSHMessageException', msg, ex);
obj.close();
}
});
// If error, do nothing
ws.on('error', function (err) { parent.parent.debug('relay', 'SSH: Browser websocket error: ' + err); obj.close(); });
// If the web socket is closed
ws.on('close', function (req) { parent.parent.debug('relay', 'SSH: Browser websocket closed'); obj.close(); });
// Send an object with flow control
function send(obj) {
try { sshClient.bufferLayer.socket.pause(); } catch (ex) { }
try { ws.send(JSON.stringify(obj), function () { try { sshClient.bufferLayer.socket.resume(); } catch (ex) { } }); } catch (ex) { }
}
// We are all set, start receiving data
ws._socket.resume();
return obj;
};

2
translate/translate.js
View file

@ -40,6 +40,7 @@ var meshCentralSourceFiles = [
"../views/terminal.handlebars", "../views/terminal.handlebars",
"../views/sharing.handlebars", "../views/sharing.handlebars",
"../views/mstsc.handlebars", "../views/mstsc.handlebars",
"../views/ssh.handlebars",
"../emails/account-check.html", "../emails/account-check.html",
"../emails/account-invite.html", "../emails/account-invite.html",
"../emails/account-login.html", "../emails/account-login.html",
@ -78,6 +79,7 @@ var minifyMeshCentralSourceFiles = [
"../views/terminal.handlebars", "../views/terminal.handlebars",
"../views/sharing.handlebars", "../views/sharing.handlebars",
"../views/mstsc.handlebars", "../views/mstsc.handlebars",
"../views/ssh.handlebars",
"../public/scripts/agent-desktop-0.0.2.js", "../public/scripts/agent-desktop-0.0.2.js",
"../public/scripts/agent-redir-rtc-0.1.0.js", "../public/scripts/agent-redir-rtc-0.1.0.js",
"../public/scripts/agent-redir-ws-0.1.1.js", "../public/scripts/agent-redir-ws-0.1.1.js",

3422
translate/translate.json
View file

File diff suppressed because it is too large Load diff

19
views/default.handlebars
View file

@ -2480,6 +2480,12 @@
if (node != null) { rdpurl += '&name=' + encodeURIComponentEx(node.name); } if (node != null) { rdpurl += '&name=' + encodeURIComponentEx(node.name); }
if (message.localRelay) { rdpurl += '&local=1'; } if (message.localRelay) { rdpurl += '&local=1'; }
safeNewWindow(rdpurl, 'mcmstsc/' + message.nodeid); safeNewWindow(rdpurl, 'mcmstsc/' + message.nodeid);
} else if (message.tag == 'ssh') {
var sshurl = window.location.origin + domainUrl + 'ssh.html?ws=' + message.cookie + (urlargs.key?('&key=' + urlargs.key):'');
var node = getNodeFromId(message.nodeid);
if (node != null) { sshurl += '&name=' + encodeURIComponentEx(node.name); }
if (message.localRelay) { sshurl += '&local=1'; }
safeNewWindow(sshurl, 'mcssh/' + message.nodeid);
} }
break; break;
} }
@ -6442,7 +6448,7 @@
// noVNC link // noVNC link
if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights & 8) != 0) && ((features & 0x20000000) == 0) && (node.agent.id != 14)) { if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights & 8) != 0) && ((features & 0x20000000) == 0) && (node.agent.id != 14)) {
x += '<a href=# cmenu=rfbPortContextMenu id=rfbLink onclick=p10rfb("' + node._id + '") title="' + "Launch noVNC session to this device" + '.">' + "noVNC" + '</a>&nbsp;'; x += '<a href=# cmenu=rfbPortContextMenu id=rfbLink onclick=p10rfb("' + node._id + '") title="' + "Launch web-based VNC session to this device" + '.">' + "Web-VNC" + '</a>&nbsp;';
} }
// MSTSC.js link // MSTSC.js link
@ -6450,6 +6456,11 @@
x += '<a href=# cmenu=altPortContextMenu id=mstscLink onclick=p10mstsc("' + node._id + '") title="' + "Launch web-based RDP session to this device" + '.">' + "Web-RDP" + '</a>&nbsp;'; x += '<a href=# cmenu=altPortContextMenu id=mstscLink onclick=p10mstsc("' + node._id + '") title="' + "Launch web-based RDP session to this device" + '.">' + "Web-RDP" + '</a>&nbsp;';
} }
// SSH link
if ((((connectivity & 1) != 0) || (node.mtype == 3)) && (node.agent) && ((meshrights & 8) != 0) && ((features & 0x40000000) == 0) && (node.agent.id != 14)) {
x += '<a href=# cmenu=altPortContextMenu id=sshLink onclick=p10ssh("' + node._id + '") title="' + "Launch web-based SSH session to this device" + '.">' + "Web-SSH" + '</a>&nbsp;';
}
// MQTT options // MQTT options
if ((meshrights == 0xFFFFFFFF) && (features & 0x00400000)) { x += '<a href=# onclick=p10showMqttLoginDialog("' + node._id + '") title="' + "Get MQTT login credentials for this device." + '">' + "MQTT Login" + '</a>&nbsp;'; } if ((meshrights == 0xFFFFFFFF) && (features & 0x00400000)) { x += '<a href=# onclick=p10showMqttLoginDialog("' + node._id + '") title="' + "Get MQTT login credentials for this device." + '">' + "MQTT Login" + '</a>&nbsp;'; }
x += '</div><br>' x += '</div><br>'
@ -7224,6 +7235,12 @@
meshserver.send({ action: 'getcookie', nodeid: nodeid, tcpport: port, tag: 'mstsc' }); meshserver.send({ action: 'getcookie', nodeid: nodeid, tcpport: port, tag: 'mstsc' });
} }
function p10ssh(nodeid, port) {
var node = getNodeFromId(nodeid);
if (port == null) { if (node.sshport != null) { port = node.sshport; } else { port = 22; } }
meshserver.send({ action: 'getcookie', nodeid: nodeid, tcpport: port, tag: 'ssh' });
}
// Show current location // Show current location
var d2map = null; var d2map = null;
function p10showNodeLocationDialog() { function p10showNodeLocationDialog() {

212
views/ssh.handlebars Normal file
View file

@ -0,0 +1,212 @@
<!DOCTYPE html>
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml">
<head lang="en">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta content="text/html;charset=utf-8" http-equiv="Content-Type" />
<meta name="viewport" content="user-scalable=1.0,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0" />
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="format-detection" content="telephone=no" />
<meta name="robots" content="noindex,nofollow">
<link type="text/css" href="styles/style.css" media="screen" rel="stylesheet" title="CSS" />
<link type="text/css" href="styles/xterm.css" media="screen" rel="stylesheet" title="CSS" />
<link rel="apple-touch-icon" href="/favicon-303x303.png" />
<script type="text/javascript" src="scripts/common-0.0.1{{min}}.js"></script>
<script type="text/javascript" src="scripts/meshcentral{{min}}.js"></script>
<script type="text/javascript" src="scripts/agent-redir-ws-0.1.1{{min}}.js"></script>
<script type="text/javascript" src="scripts/agent-redir-rtc-0.1.0{{min}}.js"></script>
<script type="text/javascript" src="scripts/xterm-min.js"></script>
<script type="text/javascript" src="scripts/xterm-addon-fit-min.js"></script>
<title>SSH</title>
</head>
<body style="overflow:hidden;background-color:black" onload="start()">
<div id=p11 class="noselect" style="overflow:hidden">
<div id=deskarea0 style="position:relative">
<div id=deskarea1 class="areaHead">
<div class="toright2">
</div>
<div>
<input id="ConnectButton" style="display:none" type=button value="Connect" onclick="connectButton()">
<input id="DisconnectButton" type=button value="Disconnect" onclick="connectButton()">
<span><b>{{{name}}}</b></span> - <span id="termstatus"></span>
</div>
</div>
<div id=deskarea2 style="">
<div class="areaProgress"><div id="progressbar" style=""></div></div>
</div>
<div id=deskarea3x style="max-height:calc(100vh - 54px);height:calc(100vh - 54px);">
<div id="bigok" style="display:none;left:calc((100vh / 2))"><b>&checkmark;</b></div>
<div id="bigfail" style="display:none;left:calc((100vh / 2))"><b>&#10007;</b></div>
<div id="metadatadiv" style="padding:20px;color:lightgrey;text-align:left;display:none"></div>
<div id=terminal style="max-height:calc(100vh - 54px);height:calc(100vh - 54px);"></div>
<div id=TermConsoleMsg style="display:none;cursor:pointer;z-index:10;position:absolute;left:30px;top:17px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=clearConsoleMsg()></div>
</div>
<div id=deskarea4 class="areaHead">
<div class="toright2">
</div>
<div style="height:21px;max-height:21px">
</div>
</div>
</div>
<div id=dialog class="noselect" style="display:none">
<div id=dialogHeader>
<div tabindex=0 id=id_dialogclose onclick=setDialogMode() onkeypress="if (event.key == 'Enter') setDialogMode()">&#x2716;</div>
<div id=id_dialogtitle></div>
</div>
<div id=dialogBody>
<div id=dialog1>
<div id=id_dialogMessage style=""></div>
</div>
<div id=dialog2 style="">
<div id=id_dialogOptions></div>
</div>
</div>
<div id="idx_dlgButtonBar">
<input id="idx_dlgCancelButton" type="button" value="Cancel" style="" onclick="dialogclose(0)">
<input id="idx_dlgOkButton" type="button" value="OK" style="" onclick="dialogclose(1)">
<div><input id="idx_dlgDeleteButton" type="button" value="Delete" style="display:none" onclick="dialogclose(2)"></div>
</div>
</div>
</div>
<script>
var term = null;
var termfit = null;
var resizeTimer = null;
var urlargs = parseUriArgs();
if (urlargs.key && (isAlphaNumeric(urlargs.key) == false)) { delete urlargs.key; }
var cookie = '{{{cookie}}}';
var domainurl = '{{{domainurl}}}';
var name = decodeURIComponent('{{{name}}}');
if (name != '') { document.title = name + ' - ' + document.title; }
var StatusStrs = ["Disconnected", "Connecting...", "Setup...", "Connected"];
var state = 0;
var socket = null;
function start() {
// When the user resizes the window, re-fit
window.onresize = function () { if (termfit != null) { termfit.fit(); } }
// Update the terminal status and buttons
updateState();
// Setup the terminal with auto-fit
if (term != null) { term.dispose(); }
if (urlargs.fixsize != 1) { termfit = new FitAddon.FitAddon(); }
term = new Terminal();
if (termfit) { term.loadAddon(termfit); }
term.open(Q('terminal'));
term.onData(function (data) {
//if (tunnel != null) { tunnel.sendText(data); }
});
if (termfit) { termfit.fit(); }
term.onResize(function (size) {
// Despam resize
if (resizeTimer) clearTimeout(resizeTimer);
resizeTimer = setTimeout(sendResize, 200);
});
//term.setOption('convertEol', true); // Consider \n to be \r\n, this should be taken care of by "termios"
}
// Send the new terminal size to the agent
function sendResize() {
resizeTimer = null;
//if ((term != null) && (tunnel != null)) { tunnel.sendCtrlMsg(JSON.stringify({ ctrlChannel: '102938', type: 'termsize', cols: term.cols, rows: term.rows })); }
}
function connectButton() {
if (state == 0) {
state = 1;
var url = window.location.protocol.replace('http', 'ws') + '//' + window.location.host + domainurl + 'ssh/relay.ashx?auth=' + cookie + (urlargs.key ? ('&key=' + urlargs.key) : '');
console.log('Connecting to ' + url);
socket = new WebSocket(url);
socket.onopen = function (e) { console.log('open'); state = 2; updateState(); }
socket.onmessage = function (e) { console.log('message'); }
socket.onclose = function (e) { console.log('close'); disconnect(); }
socket.onerror = function (e) { console.log('error'); disconnect(); }
updateState();
} else {
disconnect();
}
}
function disconnect() {
console.log('disconnect');
if (socket != null) { socket.close(); socket = null; }
state = 0;
updateState();
}
function updateState() {
QV('ConnectButton', state == 0);
QV('DisconnectButton', state != 0);
QH('termstatus', StatusStrs[state]);
}
//
// POPUP DIALOG
//
// null = Hidden, 1 = Generic Message
var xxdialogMode;
var xxdialogFunc;
var xxdialogButtons;
var xxdialogTag;
var xxcurrentView = -1;
// Display a dialog box
// Parameters: Dialog Mode (0 = none), Dialog Title, Buttons (1 = OK, 2 = Cancel, 3 = OK & Cancel), Call back function(0 = Cancel, 1 = OK), Dialog Content (Mode 2 only)
function setDialogMode(x, y, b, f, c, tag) {
xxdialogMode = x;
xxdialogFunc = f;
xxdialogButtons = b;
xxdialogTag = tag;
QE('idx_dlgOkButton', true);
QV('idx_dlgOkButton', b & 1);
QV('idx_dlgCancelButton', b & 2);
QV('id_dialogclose', (b & 2) || (b & 8));
QV('idx_dlgDeleteButton', b & 4);
QV('idx_dlgButtonBar', b & 7);
if (y) QH('id_dialogtitle', y);
for (var i = 1; i < 3; i++) { QV('dialog' + i, i == x); } // Edit this line when more dialogs are added
QV('dialog', x);
if (c) { if (x == 2) { QH('id_dialogOptions', c); } else { QH('id_dialogMessage', c); } }
}
// Called when the dialog box must be closed
function dialogclose(x) {
var f = xxdialogFunc, b = xxdialogButtons, t = xxdialogTag;
setDialogMode();
if (((b & 8) || x) && f) f(x, t);
}
function messagebox(t, m) { setSessionActivity(); QH('id_dialogMessage', m); setDialogMode(1, t, 1); }
function statusbox(t, m) { setSessionActivity(); QH('id_dialogMessage', m); setDialogMode(1, t); }
function haltEvent(e) { if (e.preventDefault) e.preventDefault(); if (e.stopPropagation) e.stopPropagation(); return false; }
function pad2(num) { var s = '00' + num; return s.substr(s.length - 2); }
function format(format) { var args = Array.prototype.slice.call(arguments, 1); return format.replace(/{(\d+)}/g, function (match, number) { return typeof args[number] != 'undefined' ? args[number] : match; }); };
function isAlphaNumeric(str) { return (str.match(/^[A-Za-z0-9]+$/) != null); };
function isSafeString(str) { return ((typeof str == 'string') && (str.indexOf('<') == -1) && (str.indexOf('>') == -1) && (str.indexOf('&') == -1) && (str.indexOf('"') == -1) && (str.indexOf('\'') == -1) && (str.indexOf('+') == -1) && (str.indexOf('(') == -1) && (str.indexOf(')') == -1) && (str.indexOf('#') == -1) && (str.indexOf('%') == -1) && (str.indexOf(':') == -1)) };
// Parse URL arguments, only keep safe values
function parseUriArgs() {
var href = window.document.location.href;
if (href.endsWith('#')) { href = href.substring(0, href.length - 1); }
var name, r = {}, parsedUri = href.split(/[\?&|\=]/);
parsedUri.splice(0, 1);
for (x in parsedUri) {
switch (x % 2) {
case 0: { name = decodeURIComponent(parsedUri[x]); break; }
case 1: {
r[name] = decodeURIComponent(parsedUri[x]);
if (!isSafeString(r[name])) { delete r[name]; } else { var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } }
break;
} default: { break; }
}
}
return r;
}
start();
</script>
</body>
</html>

32
webserver.js
View file

@ -1801,8 +1801,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
render(req, res, getRenderPage('invite', req, domain), getRenderArgs({ messageid: 100 }, req, domain)); // Bad invitation code render(req, res, getRenderPage('invite', req, domain), getRenderArgs({ messageid: 100 }, req, domain)); // Bad invitation code
} }
// Called to render the MSTSC (RDP) web page // Called to render the MSTSC (RDP) or SSH web page
function handleMSTSCRequest(req, res) { function handleMSTSCRequest(req, res, page) {
const domain = getDomain(req); const domain = getDomain(req);
if (domain == null) { parent.debug('web', 'handleMSTSCRequest: failed checks.'); res.sendStatus(404); return; } if (domain == null) { parent.debug('web', 'handleMSTSCRequest: failed checks.'); res.sendStatus(404); return; }
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
@ -1817,7 +1817,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// This is a query with a websocket relay cookie, check that the cookie is valid and use it. // This is a query with a websocket relay cookie, check that the cookie is valid and use it.
var rcookie = parent.decodeCookie(req.query.ws, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout var rcookie = parent.decodeCookie(req.query.ws, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout
if ((rcookie != null) && (rcookie.domainid == domain.id) && (rcookie.nodeid != null) && (rcookie.tcpport != null)) { if ((rcookie != null) && (rcookie.domainid == domain.id) && (rcookie.nodeid != null) && (rcookie.tcpport != null)) {
render(req, res, getRenderPage('mstsc', req, domain), getRenderArgs({ cookie: req.query.ws, name: encodeURIComponent(req.query.name).replace(/'/g, '%27') }, req, domain)); return; render(req, res, getRenderPage(page, req, domain), getRenderArgs({ cookie: req.query.ws, name: encodeURIComponent(req.query.name).replace(/'/g, '%27') }, req, domain)); return;
} }
} }
@ -1852,7 +1852,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} }
// If there is no nodeid, exit now // If there is no nodeid, exit now
if (req.query.node == null) { render(req, res, getRenderPage('mstsc', req, domain), getRenderArgs({ cookie: '', name: '' }, req, domain)); return; } if (req.query.node == null) { render(req, res, getRenderPage(page, req, domain), getRenderArgs({ cookie: '', name: '' }, req, domain)); return; }
// Fetch the node from the database // Fetch the node from the database
obj.db.Get(req.query.node, function (err, nodes) { obj.db.Get(req.query.node, function (err, nodes) {
@ -1864,15 +1864,21 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Figure out the target port // Figure out the target port
var port = 3389; var port = 3389;
if (typeof node.rdpport == 'number') { port = node.rdpport; } if (page == 'ssh') {
// SSH port
port = 22;
} else {
// RDP port
if (typeof node.rdpport == 'number') { port = node.rdpport; }
}
if (req.query.port != null) { var qport = 0; try { qport = parseInt(req.query.port); } catch (ex) { } if ((typeof qport == 'number') && (qport > 0) && (qport < 65536)) { port = qport; } } if (req.query.port != null) { var qport = 0; try { qport = parseInt(req.query.port); } catch (ex) { } if ((typeof qport == 'number') && (qport > 0) && (qport < 65536)) { port = qport; } }
// Generate a cookie and respond // Generate a cookie and respond
var cookie = parent.encodeCookie({ userid: user._id, domainid: user.domain, nodeid: node._id, tcpport: port }, parent.loginCookieEncryptionKey); var cookie = parent.encodeCookie({ userid: user._id, domainid: user.domain, nodeid: node._id, tcpport: port }, parent.loginCookieEncryptionKey);
render(req, res, getRenderPage('mstsc', req, domain), getRenderArgs({ cookie: cookie, name: encodeURIComponent(node.name).replace(/'/g, '%27') }, req, domain)); render(req, res, getRenderPage(page, req, domain), getRenderArgs({ cookie: cookie, name: encodeURIComponent(node.name).replace(/'/g, '%27') }, req, domain));
}); });
} }
// Called to handle push-only requests // Called to handle push-only requests
function handleFirebasePushOnlyRelayRequest(req, res) { function handleFirebasePushOnlyRelayRequest(req, res) {
parent.debug('email', 'handleFirebasePushOnlyRelayRequest'); parent.debug('email', 'handleFirebasePushOnlyRelayRequest');
@ -5561,7 +5567,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Setup MSTSC.js if needed // Setup MSTSC.js if needed
if (domain.mstsc === true) { if (domain.mstsc === true) {
obj.app.get(url + 'mstsc.html', handleMSTSCRequest); obj.app.get(url + 'mstsc.html', function (req, res) { handleMSTSCRequest(req, res, 'mstsc'); });
obj.app.ws(url + 'mstsc/relay.ashx', function (ws, req) { obj.app.ws(url + 'mstsc/relay.ashx', function (ws, req) {
const domain = getDomain(req); const domain = getDomain(req);
if (domain == null) { parent.debug('web', 'mstsc: failed checks.'); try { ws.close(); } catch (e) { } return; } if (domain == null) { parent.debug('web', 'mstsc: failed checks.'); try { ws.close(); } catch (e) { } return; }
@ -5569,6 +5575,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}); });
} }
// Setup SSH if needed
if (domain.mstsc === true) {
obj.app.get(url + 'ssh.html', function (req, res) { handleMSTSCRequest(req, res, 'ssh'); });
obj.app.ws(url + 'ssh/relay.ashx', function (ws, req) {
const domain = getDomain(req);
if (domain == null) { parent.debug('web', 'ssh: failed checks.'); try { ws.close(); } catch (e) { } return; }
require('./ssh.js').CreateSshRelay(obj, obj.db, ws, req, obj.args, domain);
});
}
// Setup firebase push only server // Setup firebase push only server
if ((obj.parent.firebase != null) && (obj.parent.config.firebase)) { if ((obj.parent.firebase != null) && (obj.parent.config.firebase)) {
if (obj.parent.config.firebase.pushrelayserver) { parent.debug('email', 'Firebase-pushrelay-handler'); obj.app.post(url + 'firebaserelay.aspx', handleFirebasePushOnlyRelayRequest); } if (obj.parent.config.firebase.pushrelayserver) { parent.debug('email', 'Firebase-pushrelay-handler'); obj.app.post(url + 'firebaserelay.aspx', handleFirebasePushOnlyRelayRequest); }