From 55686471c8cfa1367c481bcd62b51fa52aa2f383 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Mon, 26 Oct 2020 11:13:27 -0700
Subject: [PATCH] Fixed meshagent PDB download.

---
 webserver.js | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/webserver.js b/webserver.js
index 1e4a48ba..5f3fd3c3 100644
--- a/webserver.js
+++ b/webserver.js
@@ -4028,9 +4028,15 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
             if (argentInfo == null) { res.sendStatus(404); return; }
 
             // Download PDB debug files, only allowed for administrator or accounts with agent dump access
-            if ((req.query.pdb == 1) && ((user.siteadmin == 0xFFFFFFFF) || ((Array.isArray(obj.parent.config.settings.agentcoredumpusers)) && (obj.parent.config.settings.agentcoredumpusers.indexOf(user._id) >= 0)))) {
-                if (argentInfo.id == 3) { setContentDispositionHeader(res, 'application/octet-stream', 'MeshService.pdb', null, 'MeshService.pdb'); res.sendFile(argentInfo.path.split('MeshService-signed.exe').join('MeshService.pdb')); return; }
-                if (argentInfo.id == 4) { setContentDispositionHeader(res, 'application/octet-stream', 'MeshService64.pdb', null, 'MeshService64.pdb'); res.sendFile(argentInfo.path.split('MeshService64-signed.exe').join('MeshService64.pdb')); return; }
+            if (req.query.pdb == 1) {
+                if ((req.session == null) || (req.session.userid == null)) { res.sendStatus(404); return; }
+                var user = obj.users[req.session.userid];
+                if (user == null) { res.sendStatus(404); return; }
+                if ((user != null) && ((user.siteadmin == 0xFFFFFFFF) || ((Array.isArray(obj.parent.config.settings.agentcoredumpusers)) && (obj.parent.config.settings.agentcoredumpusers.indexOf(user._id) >= 0)))) {
+                    if (argentInfo.id == 3) { setContentDispositionHeader(res, 'application/octet-stream', 'MeshService.pdb', null, 'MeshService.pdb'); res.sendFile(argentInfo.path.split('MeshService-signed.exe').join('MeshService.pdb')); return; }
+                    if (argentInfo.id == 4) { setContentDispositionHeader(res, 'application/octet-stream', 'MeshService64.pdb', null, 'MeshService64.pdb'); res.sendFile(argentInfo.path.split('MeshService64-signed.exe').join('MeshService64.pdb')); return; }
+                }
+                res.sendStatus(404); return;
             }
 
             if ((req.query.meshid == null) || (argentInfo.platform != 'win32')) {