mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-03-09 15:40:18 +00:00
SSH/RDP credentials are now stored per user account, #3995
This commit is contained in:
parent
ec254d8e11
commit
753b6c240a
3 changed files with 141 additions and 98 deletions
31
meshuser.js
31
meshuser.js
|
@ -423,9 +423,16 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
else if (event == 'updatefiles') { updateUserFiles(user, ws, domain); }
|
||||
else {
|
||||
// If updating guest device shares, if we are updating a user that is not creator of the share, remove the URL.
|
||||
if ((event.action == 'deviceShareUpdate') && (Array.isArray(event.deviceShares))) {
|
||||
if (((event.action == 'deviceShareUpdate') && (Array.isArray(event.deviceShares))) || ((event.action == 'changenode') && (event.node != null) && ((event.node.rdp != null) || (event.node.ssh != null)))) {
|
||||
event = common.Clone(event);
|
||||
for (var i in event.deviceShares) { if (event.deviceShares[i].userid != user._id) { delete event.deviceShares[i].url; } }
|
||||
if ((event.action == 'deviceShareUpdate') && (Array.isArray(event.deviceShares))) {
|
||||
for (var i in event.deviceShares) { if (event.deviceShares[i].userid != user._id) { delete event.deviceShares[i].url; } }
|
||||
}
|
||||
if ((event.action == 'changenode') && (event.node != null) && ((event.node.rdp != null) || (event.node.ssh != null))) {
|
||||
// Clean up RDP & SSH credentials
|
||||
if ((event.node.rdp != null) && (typeof event.node.rdp[user._id] == 'number')) { event.node.rdp = event.node.rdp[user._id]; } else { delete event.node.rdp; }
|
||||
if ((event.node.ssh != null) && (typeof event.node.ssh[user._id] == 'number')) { event.node.ssh = event.node.ssh[user._id]; } else { delete event.node.ssh; }
|
||||
}
|
||||
}
|
||||
|
||||
// This is a MeshCentral Satellite message
|
||||
|
@ -730,18 +737,18 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
|
||||
// Remove SSH credentials if present
|
||||
if (docs[i].ssh != null) {
|
||||
if (docs[i].ssh.u) {
|
||||
if (docs[i].ssh.k && docs[i].ssh.kp) { docs[i].ssh = 2; } // Username, key and password
|
||||
else if (docs[i].ssh.k) { docs[i].ssh = 3; } // Username and key. No password.
|
||||
else if (docs[i].ssh.p) { docs[i].ssh = 1; } // Username and password
|
||||
if ((docs[i].ssh[obj.user._id] != null) && (docs[i].ssh[obj.user._id].u)) {
|
||||
if (docs[i].ssh.k && docs[i].ssh[obj.user._id].kp) { docs[i].ssh = 2; } // Username, key and password
|
||||
else if (docs[i].ssh[obj.user._id].k) { docs[i].ssh = 3; } // Username and key. No password.
|
||||
else if (docs[i].ssh[obj.user._id].p) { docs[i].ssh = 1; } // Username and password
|
||||
else { delete docs[i].ssh; }
|
||||
} else {
|
||||
delete docs[i].ssh;
|
||||
}
|
||||
}
|
||||
|
||||
// Remove RDP credentials if present
|
||||
if (docs[i].rdp != null) { docs[i].rdp = 1; }
|
||||
// Remove RDP credentials if present, only set to 1 if our userid has RDP credentials
|
||||
if ((docs[i].rdp != null) && (docs[i].rdp[obj.user._id] != null)) { docs[i].rdp = 1; } else { delete docs[i].rdp; }
|
||||
|
||||
// Remove Intel AMT credential if present
|
||||
if (docs[i].intelamt != null) {
|
||||
|
@ -3014,13 +3021,17 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
}
|
||||
|
||||
if ((typeof command.ssh == 'number') && (command.ssh == 0)) {
|
||||
if (node.ssh != null) { delete node.ssh; change = 1; changes.push('ssh'); } // Delete the SSH cendentials
|
||||
if ((node.ssh != null) && (node.ssh[user._id] != null)) { delete node.ssh[user._id]; change = 1; changes.push('ssh'); } // Delete the SSH cendentials
|
||||
}
|
||||
|
||||
if ((typeof command.rdp == 'number') && (command.rdp == 0)) {
|
||||
if (node.rdp != null) { delete node.rdp; change = 1; changes.push('rdp'); } // Delete the RDP cendentials
|
||||
if ((node.rdp != null) && (node.rdp[user._id] != null)) { delete node.rdp[user._id]; change = 1; changes.push('rdp'); } // Delete the RDP cendentials
|
||||
}
|
||||
|
||||
// Clean up any legacy RDP and SSH credentials
|
||||
if (node.rdp != null) { delete node.rdp.d; delete node.rdp.u; delete node.rdp.p; }
|
||||
if (node.ssh != null) { delete node.ssh.u; delete node.ssh.p; delete node.ssh.k; delete node.ssh.kp; }
|
||||
|
||||
if (domain.geolocation && command.userloc && ((node.userloc == null) || (command.userloc[0] != node.userloc[0]) || (command.userloc[1] != node.userloc[1]))) {
|
||||
change = 1;
|
||||
if ((command.userloc.length == 0) && (node.userloc)) {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue