external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

fix web-rdp/web-ssh save creds per user

Browse source 
Signed-off-by: si458 <simonsmith5521@gmail.com>
This commit is contained in:
si458 2024-05-24 17:27:22 +01:00
parent 5a7e3d9869
commit 26ac23c80d
3 changed files with 39 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

2
meshcentral-config-schema.json
View file

@ -1754,7 +1754,7 @@
},
"mstsc": {
"type": "boolean",
"default": false,
"default": true,
"description": "When enabled, activates the built-in web-based RDP client."
},
"ssh": {

2
sample-config-advanced.json
View file

@ -318,7 +318,7 @@
"_geoLocation": true,
"_ipLocation": true,
"_novnc": false,
"_mstsc": true,
"_mstsc": false,
"_ssh": true,
"_WebEmailsPath": "/myserver/email-templates",
"_consentMessages": {

66
webserver.js
View file

@ -2105,35 +2105,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
var features = 0;
if (domain.allowsavingdevicecredentials === false) { features |= 1; }
if (req.query.ws != null) {
// This is a query with a websocket relay cookie, check that the cookie is valid and use it.
var rcookie = parent.decodeCookie(req.query.ws, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout
if ((rcookie != null) && (rcookie.domainid == domain.id) && (rcookie.nodeid != null) && (rcookie.tcpport != null)) {
// Fetch the node from the database
obj.db.Get(rcookie.nodeid, function (err, nodes) {
if ((err != null) || (nodes.length != 1)) { res.sendStatus(404); return; }
const node = nodes[0];
// Check if we have SSH/RDP credentials for this device
var serverCredentials = 0;
if (domain.allowsavingdevicecredentials !== false) {
if (page == 'ssh') {
if ((typeof node.ssh == 'object') && (typeof node.ssh.u == 'string') && (typeof node.ssh.p == 'string')) { serverCredentials = 1; } // Username and password
else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string') && (typeof node.ssh.kp == 'string')) { serverCredentials = 2; } // Username, key and password
else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string')) { serverCredentials = 3; } // Username and key. No password.
} else {
if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password
}
}
// Render the page
render(req, res, getRenderPage(page, req, domain), getRenderArgs({ cookie: req.query.ws, name: encodeURIComponent(req.query.name).replace(/'/g, '%27'), serverCredentials: serverCredentials, features: features }, req, domain));
});
return;
}
}
// Get the logged in user if present
var user = null;
@ -2152,6 +2123,39 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// No user login, exit now
if (user == null) { res.sendStatus(401); return; }
if (req.query.ws != null) {
// This is a query with a websocket relay cookie, check that the cookie is valid and use it.
var rcookie = parent.decodeCookie(req.query.ws, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout
if ((rcookie != null) && (rcookie.domainid == domain.id) && (rcookie.nodeid != null) && (rcookie.tcpport != null)) {
// Fetch the node from the database
obj.db.Get(rcookie.nodeid, function (err, nodes) {
if ((err != null) || (nodes.length != 1)) { res.sendStatus(404); return; }
const node = nodes[0];
// Check if we have SSH/RDP credentials for this device
var serverCredentials = 0;
if (domain.allowsavingdevicecredentials !== false) {
if (page == 'ssh') {
if ((typeof node.ssh == 'object') && (typeof node.ssh.u == 'string') && (typeof node.ssh.p == 'string')) { serverCredentials = 1; } // Username and password
else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string') && (typeof node.ssh.kp == 'string')) { serverCredentials = 2; } // Username, key and password
else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string')) { serverCredentials = 3; } // Username and key. No password.
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].u == 'string') && (typeof node.ssh[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string') && (typeof node.ssh[user._id].kp == 'string')) { serverCredentials = 2; } // Username, key and password in per user format
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string')) { serverCredentials = 3; } // Username and key. No password. in per user format
} else {
if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password in legacy format
if ((typeof node.rdp == 'object') && (typeof node.rdp[user._id] == 'object') && (typeof node.rdp[user._id].d == 'string') && (typeof node.rdp[user._id].u == 'string') && (typeof node.rdp[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
}
}
// Render the page
render(req, res, getRenderPage(page, req, domain), getRenderArgs({ cookie: req.query.ws, name: encodeURIComponent(req.query.name).replace(/'/g, '%27'), serverCredentials: serverCredentials, features: features }, req, domain));
});
return;
}
}
// Check the nodeid
if (req.query.node != null) {
var nodeidsplit = req.query.node.split('/');
@ -2187,6 +2191,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if ((typeof node.ssh == 'object') && (typeof node.ssh.u == 'string') && (typeof node.ssh.p == 'string')) { serverCredentials = 1; } // Username and password
else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string') && (typeof node.ssh.kp == 'string')) { serverCredentials = 2; } // Username, key and password
else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string')) { serverCredentials = 3; } // Username and key. No password.
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].u == 'string') && (typeof node.ssh[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string') && (typeof node.ssh[user._id].kp == 'string')) { serverCredentials = 2; } // Username, key and password in per user format
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string')) { serverCredentials = 3; } // Username and key. No password. in per user format
}
} else {
// RDP port
@ -2196,6 +2203,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Check if we have RDP credentials for this device
if (domain.allowsavingdevicecredentials !== false) {
if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password
if ((typeof node.rdp == 'object') && (typeof node.rdp[user._id] == 'object') && (typeof node.rdp[user._id].d == 'string') && (typeof node.rdp[user._id].u == 'string') && (typeof node.rdp[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
}
}
if (req.query.port != null) { var qport = 0; try { qport = parseInt(req.query.port); } catch (ex) { } if ((typeof qport == 'number') && (qport > 0) && (qport < 65536)) { port = qport; } }