From c9129a2d2fa63d9cc9f7df58ed415bb808770418 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Sat, 17 Jul 2021 22:16:57 -0700 Subject: [PATCH] Started work on viewonly remote desktop server option. --- agents/meshcore.js | 5 +++-- meshcentral-config-schema.json | 11 +++++++++++ meshuser.js | 3 +++ webserver.js | 1 + 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/agents/meshcore.js b/agents/meshcore.js index fdf3cd30..6d70c325 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -36,7 +36,7 @@ var MESHRIGHT_AGENTCONSOLE = 16; var MESHRIGHT_SERVERFILES = 32; var MESHRIGHT_WAKEDEVICE = 64; var MESHRIGHT_SETNOTES = 128; -var MESHRIGHT_REMOTEVIEW = 256; +var MESHRIGHT_REMOTEVIEW = 256; // Remote View Only var MESHRIGHT_NOTERMINAL = 512; var MESHRIGHT_NOFILES = 1024; var MESHRIGHT_NOAMT = 2048; @@ -884,6 +884,7 @@ function handleServerCommand(data) { tunnel.realname = (data.realname ? data.realname : data.username) + (data.guestname ? (' - ' + data.guestname) : ''); tunnel.guestname = data.guestname; tunnel.userid = data.userid; + tunnel.desktopviewonly = data.desktopviewonly; tunnel.remoteaddr = data.remoteaddr; tunnel.state = 0; tunnel.url = xurl; @@ -2151,7 +2152,7 @@ function onTunnelData(data) { this.httprequest.desktop.kvm.users = [this.httprequest.username]; } - if ((this.httprequest.rights == 0xFFFFFFFF) || (((this.httprequest.rights & MESHRIGHT_REMOTECONTROL) != 0) && ((this.httprequest.rights & MESHRIGHT_REMOTEVIEW) == 0))) { + if ((this.httprequest.desktopviewonly != true) && ((this.httprequest.rights == 0xFFFFFFFF) || (((this.httprequest.rights & MESHRIGHT_REMOTECONTROL) != 0) && ((this.httprequest.rights & MESHRIGHT_REMOTEVIEW) == 0)))) { // If we have remote control rights, pipe the KVM input this.pipe(this.httprequest.desktop.kvm, { dataTypeSkip: 1, end: false }); // 0 = Binary, 1 = Text. Pipe the Browser --> KVM input. } else { diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index 00333ec7..4dd09257 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -510,6 +510,17 @@ } } }, + "desktop": { + "type": "object", + "description": "Values that affect the remote desktop feature", + "properties": { + "viewonly": { + "type": "boolean", + "description": "When set to true, the remote desktop feature is view only.", + "default": "false" + } + } + }, "amtManager": { "type": "object", "additionalProperties": false, diff --git a/meshuser.js b/meshuser.js index 22ab57f3..2e7c3c93 100644 --- a/meshuser.js +++ b/meshuser.js @@ -247,6 +247,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use if (typeof node.consent == 'number') { command.consent |= node.consent; } // Add node user consent if (typeof user.consent == 'number') { command.consent |= user.consent; } // Add user consent + // If desktop is viewonly, add this here. + if ((typeof domain.desktop == 'object') && (domain.desktop.viewonly == true)) { command.desktopviewonly = true; } + // Check if we need to add consent flags because of a user group link if ((user.links != null) && (user.links[mesh._id] == null) && (user.links[node._id] == null)) { // This user does not have a direct link to the device group or device. Find all user groups the would cause the link. diff --git a/webserver.js b/webserver.js index ef0ad9e3..faa1b467 100644 --- a/webserver.js +++ b/webserver.js @@ -2818,6 +2818,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (domain.localsessionrecording === false) { features2 += 0x00000400; } // Disable local recording feature if (domain.clipboardget == false) { features2 += 0x00000800; } // Disable clipboard get if (domain.clipboardset == false) { features2 += 0x00001000; } // Disable clipboard set + if ((typeof domain.desktop != 'object') || (domain.desktop.viewonly != false)) { features2 += 0x00002000; } // Indicates remote desktop is viewonly return { features: features, features2: features2 }; }