diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index 0a8af53e..ddc68d6c 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -1754,7 +1754,7 @@ }, "mstsc": { "type": "boolean", - "default": false, + "default": true, "description": "When enabled, activates the built-in web-based RDP client." }, "ssh": { diff --git a/sample-config-advanced.json b/sample-config-advanced.json index 2fd5360e..a3c83b3d 100644 --- a/sample-config-advanced.json +++ b/sample-config-advanced.json @@ -318,7 +318,7 @@ "_geoLocation": true, "_ipLocation": true, "_novnc": false, - "_mstsc": true, + "_mstsc": false, "_ssh": true, "_WebEmailsPath": "/myserver/email-templates", "_consentMessages": { diff --git a/webserver.js b/webserver.js index de2c8eca..0fa43117 100644 --- a/webserver.js +++ b/webserver.js @@ -2105,35 +2105,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF var features = 0; if (domain.allowsavingdevicecredentials === false) { features |= 1; } - if (req.query.ws != null) { - // This is a query with a websocket relay cookie, check that the cookie is valid and use it. - var rcookie = parent.decodeCookie(req.query.ws, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout - if ((rcookie != null) && (rcookie.domainid == domain.id) && (rcookie.nodeid != null) && (rcookie.tcpport != null)) { - - // Fetch the node from the database - obj.db.Get(rcookie.nodeid, function (err, nodes) { - if ((err != null) || (nodes.length != 1)) { res.sendStatus(404); return; } - const node = nodes[0]; - - // Check if we have SSH/RDP credentials for this device - var serverCredentials = 0; - if (domain.allowsavingdevicecredentials !== false) { - if (page == 'ssh') { - if ((typeof node.ssh == 'object') && (typeof node.ssh.u == 'string') && (typeof node.ssh.p == 'string')) { serverCredentials = 1; } // Username and password - else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string') && (typeof node.ssh.kp == 'string')) { serverCredentials = 2; } // Username, key and password - else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string')) { serverCredentials = 3; } // Username and key. No password. - } else { - if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password - } - } - - // Render the page - render(req, res, getRenderPage(page, req, domain), getRenderArgs({ cookie: req.query.ws, name: encodeURIComponent(req.query.name).replace(/'/g, '%27'), serverCredentials: serverCredentials, features: features }, req, domain)); - }); - return; - } - } - // Get the logged in user if present var user = null; @@ -2152,6 +2123,39 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF // No user login, exit now if (user == null) { res.sendStatus(401); return; } + if (req.query.ws != null) { + // This is a query with a websocket relay cookie, check that the cookie is valid and use it. + var rcookie = parent.decodeCookie(req.query.ws, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout + if ((rcookie != null) && (rcookie.domainid == domain.id) && (rcookie.nodeid != null) && (rcookie.tcpport != null)) { + + // Fetch the node from the database + obj.db.Get(rcookie.nodeid, function (err, nodes) { + if ((err != null) || (nodes.length != 1)) { res.sendStatus(404); return; } + const node = nodes[0]; + + // Check if we have SSH/RDP credentials for this device + var serverCredentials = 0; + if (domain.allowsavingdevicecredentials !== false) { + if (page == 'ssh') { + if ((typeof node.ssh == 'object') && (typeof node.ssh.u == 'string') && (typeof node.ssh.p == 'string')) { serverCredentials = 1; } // Username and password + else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string') && (typeof node.ssh.kp == 'string')) { serverCredentials = 2; } // Username, key and password + else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string')) { serverCredentials = 3; } // Username and key. No password. + else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].u == 'string') && (typeof node.ssh[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format + else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string') && (typeof node.ssh[user._id].kp == 'string')) { serverCredentials = 2; } // Username, key and password in per user format + else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string')) { serverCredentials = 3; } // Username and key. No password. in per user format + } else { + if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password in legacy format + if ((typeof node.rdp == 'object') && (typeof node.rdp[user._id] == 'object') && (typeof node.rdp[user._id].d == 'string') && (typeof node.rdp[user._id].u == 'string') && (typeof node.rdp[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format + } + } + + // Render the page + render(req, res, getRenderPage(page, req, domain), getRenderArgs({ cookie: req.query.ws, name: encodeURIComponent(req.query.name).replace(/'/g, '%27'), serverCredentials: serverCredentials, features: features }, req, domain)); + }); + return; + } + } + // Check the nodeid if (req.query.node != null) { var nodeidsplit = req.query.node.split('/'); @@ -2187,6 +2191,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF if ((typeof node.ssh == 'object') && (typeof node.ssh.u == 'string') && (typeof node.ssh.p == 'string')) { serverCredentials = 1; } // Username and password else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string') && (typeof node.ssh.kp == 'string')) { serverCredentials = 2; } // Username, key and password else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string')) { serverCredentials = 3; } // Username and key. No password. + else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].u == 'string') && (typeof node.ssh[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format + else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string') && (typeof node.ssh[user._id].kp == 'string')) { serverCredentials = 2; } // Username, key and password in per user format + else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string')) { serverCredentials = 3; } // Username and key. No password. in per user format } } else { // RDP port @@ -2196,6 +2203,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF // Check if we have RDP credentials for this device if (domain.allowsavingdevicecredentials !== false) { if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password + if ((typeof node.rdp == 'object') && (typeof node.rdp[user._id] == 'object') && (typeof node.rdp[user._id].d == 'string') && (typeof node.rdp[user._id].u == 'string') && (typeof node.rdp[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format } } if (req.query.port != null) { var qport = 0; try { qport = parseInt(req.query.port); } catch (ex) { } if ((typeof qport == 'number') && (qport > 0) && (qport < 65536)) { port = qport; } }