external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Added DB record encryption support for SSH/RDP credentials, #3960

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2022-05-10 11:57:01 -07:00
parent 71c1c3bad9
commit b0c2bcd715
1 changed files with 18 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

23
db.js
View file

@ -504,9 +504,10 @@ module.exports.CreateDB = function (parent, func) {
if (data[i] == null) continue; if (data[i] == null) continue;
if (data[i].type == 'user') { if (data[i].type == 'user') {
data[i] = performPartialRecordDecrypt(data[i]); data[i] = performPartialRecordDecrypt(data[i]);
} else if ((data[i].type == 'node') && (data[i].intelamt != null)) { } else if (data[i].type == 'node') {
data[i].intelamt = performPartialRecordDecrypt(data[i].intelamt); data[i] = performPartialRecordDecrypt(data[i]);
} else if ((data[i].type == 'mesh') && (data[i].amt != null)) { if (data[i].intelamt) { data[i].intelamt = performPartialRecordDecrypt(data[i].intelamt); }
} else if ((data[i].type == 'mesh') && (data[i].amt)) {
data[i].amt = performPartialRecordDecrypt(data[i].amt); data[i].amt = performPartialRecordDecrypt(data[i].amt);
} }
} }
@ -517,7 +518,12 @@ module.exports.CreateDB = function (parent, func) {
function performTypedRecordEncrypt(data) { function performTypedRecordEncrypt(data) {
if (obj.dbRecordsEncryptKey == null) return data; if (obj.dbRecordsEncryptKey == null) return data;
if (data.type == 'user') { return performPartialRecordEncrypt(Clone(data), ['otpkeys', 'otphkeys', 'otpsecret', 'salt', 'hash', 'oldpasswords']); } if (data.type == 'user') { return performPartialRecordEncrypt(Clone(data), ['otpkeys', 'otphkeys', 'otpsecret', 'salt', 'hash', 'oldpasswords']); }
else if ((data.type == 'node') && (data.intelamt != null)) { var xdata = Clone(data); xdata.intelamt = performPartialRecordEncrypt(xdata.intelamt, ['user', 'pass', 'mpspass']); return xdata; } else if ((data.type == 'node') && (data.ssh || data.rdp || data.intelamt)) {
var xdata = Clone(data);
if (data.ssh || data.rdp) { xdata = performPartialRecordEncrypt(xdata, ['ssh', 'rdp']); }
if (data.intelamt) { xdata.intelamt = performPartialRecordEncrypt(xdata.intelamt, ['user', 'pass', 'mpspass']); }
return xdata;
}
else if ((data.type == 'mesh') && (data.amt != null)) { var xdata = Clone(data); xdata.amt = performPartialRecordEncrypt(xdata.amt, ['password']); return xdata; } else if ((data.type == 'mesh') && (data.amt != null)) { var xdata = Clone(data); xdata.amt = performPartialRecordEncrypt(xdata.amt, ['password']); return xdata; }
return data; return data;
} }
@ -526,7 +532,14 @@ module.exports.CreateDB = function (parent, func) {
function performPartialRecordEncrypt(plainobj, encryptNames) { function performPartialRecordEncrypt(plainobj, encryptNames) {
if (typeof plainobj != 'object') return plainobj; if (typeof plainobj != 'object') return plainobj;
var enc = {}, enclen = 0; var enc = {}, enclen = 0;
for (var i in encryptNames) { if (plainobj[encryptNames[i]] != null) { enclen++; enc[encryptNames[i]] = plainobj[encryptNames[i]]; delete plainobj[encryptNames[i]]; } } for (var i in encryptNames) {
if (plainobj[encryptNames[i]] != null) {
console.log('ENCRYPT', encryptNames[i]);
enclen++;
enc[encryptNames[i]] = plainobj[encryptNames[i]];
delete plainobj[encryptNames[i]];
}
}
if (enclen > 0) { plainobj._CRYPT = performRecordEncrypt(enc); } else { delete plainobj._CRYPT; } if (enclen > 0) { plainobj._CRYPT = performRecordEncrypt(enc); } else { delete plainobj._CRYPT; }
return plainobj; return plainobj;
} }