mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-03-09 15:40:18 +00:00
More work on device self-sharing.
This commit is contained in:
Ylian Saint-Hilaire
parent
d001699c8c
commit
ecd25f3eb2
5 changed files with 35 additions and 23 deletions
39
meshrelay.js
39
meshrelay.js
|
|
@ -84,6 +84,7 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
|
|||
obj.user = user;
|
||||
obj.ruserid = null;
|
||||
obj.req = req; // Used in multi-server.js
|
||||
if ((cookie != null) && (cookie.nouser == 1)) { obj.nouser = true; } // This is a relay without user authentication
|
||||
|
||||
// Setup subscription for desktop sharing public identifier
|
||||
// If the identifier is removed, drop the connection
|
||||
|
|
@ -96,11 +97,11 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
|
|||
// Check relay authentication
|
||||
if ((user == null) && (obj.req.query != null) && (obj.req.query.rauth != null)) {
|
||||
const rcookie = parent.parent.decodeCookie(obj.req.query.rauth, parent.parent.loginCookieEncryptionKey, 240); // Cookie with 4 hour timeout
|
||||
if (rcookie.ruserid != null) { obj.ruserid = rcookie.ruserid; }
|
||||
if (rcookie.ruserid != null) { obj.ruserid = rcookie.ruserid; } else if (rcookie.nouser === 1) { obj.rnouser = true; }
|
||||
}
|
||||
|
||||
// If there is no authentication, drop this connection
|
||||
if ((obj.id != null) && (obj.id.startsWith('meshmessenger/') == false) && (obj.user == null) && (obj.ruserid == null)) { try { ws.close(); parent.parent.debug('relay', 'Relay: Connection with no authentication (' + obj.req.clientIp + ')'); } catch (e) { console.log(e); } return; }
|
||||
if ((obj.id != null) && (obj.id.startsWith('meshmessenger/') == false) && (obj.user == null) && (obj.ruserid == null) && (obj.nouser !== true) && (obj.rnouser !== true)) { try { ws.close(); parent.parent.debug('relay', 'Relay: Connection with no authentication (' + obj.req.clientIp + ')'); } catch (e) { console.log(e); } return; }
|
||||
|
||||
// Relay session count (we may remove this in the future)
|
||||
obj.relaySessionCounted = true;
|
||||
|
|
@ -153,8 +154,8 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
|
|||
obj.sendAgentMessage = function (command, userid, domainid) {
|
||||
var rights, mesh;
|
||||
if (command.nodeid == null) return false;
|
||||
var user = parent.users[userid];
|
||||
if (user == null) return false;
|
||||
var user = null;
|
||||
if (userid != null) { user = parent.users[userid]; if (user == null) return false; }
|
||||
var splitnodeid = command.nodeid.split('/');
|
||||
// Check that we are in the same domain and the user has rights over this node.
|
||||
if ((splitnodeid[0] == 'node') && (splitnodeid[1] == domainid)) {
|
||||
|
|
@ -163,15 +164,17 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
|
|||
var agent = parent.wsagents[command.nodeid];
|
||||
if (agent != null) {
|
||||
// Check if we have permission to send a message to that node
|
||||
rights = parent.GetNodeRights(user, agent.dbMeshKey, agent.dbNodeKey);
|
||||
if (userid == null) { rights = MESHRIGHT_REMOTECONTROL; } else { rights = parent.GetNodeRights(user, agent.dbMeshKey, agent.dbNodeKey); }
|
||||
mesh = parent.meshes[agent.dbMeshKey];
|
||||
if ((rights != null) && (mesh != null) || ((rights & MESHRIGHT_REMOTECONTROL) != 0)) {
|
||||
if (ws.sessionId) { command.sessionid = ws.sessionId; } // Set the session id, required for responses.
|
||||
command.rights = rights; // Add user rights flags to the message
|
||||
if (typeof command.consent == 'number') { command.consent = command.consent | mesh.consent; } else { command.consent = mesh.consent; } // Add user consent
|
||||
if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
|
||||
command.username = user.name; // Add user name
|
||||
command.realname = user.realname; // Add real name
|
||||
if (user != null) {
|
||||
command.username = user.name; // Add user name
|
||||
command.realname = user.realname; // Add real name
|
||||
}
|
||||
if (typeof domain.desktopprivacybartext == 'string') { command.privacybartext = domain.desktopprivacybartext; } // Privacy bar text
|
||||
delete command.nodeid; // Remove the nodeid since it's implyed.
|
||||
agent.send(JSON.stringify(command));
|
||||
|
|
@ -182,15 +185,17 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
|
|||
var routing = parent.parent.GetRoutingServerIdNotSelf(command.nodeid, 1); // 1 = MeshAgent routing type
|
||||
if (routing != null) {
|
||||
// Check if we have permission to send a message to that node
|
||||
rights = parent.GetNodeRights(user, routing.meshid, command.nodeid);
|
||||
if (userid == null) { rights = MESHRIGHT_REMOTECONTROL; } else { rights = parent.GetNodeRights(user, routing.meshid, command.nodeid); }
|
||||
mesh = parent.meshes[routing.meshid];
|
||||
if (rights != null || ((rights & MESHRIGHT_REMOTECONTROL) != 0)) {
|
||||
if (ws.sessionId) { command.fromSessionid = ws.sessionId; } // Set the session id, required for responses.
|
||||
command.rights = rights; // Add user rights flags to the message
|
||||
if (typeof command.consent == 'number') { command.consent = command.consent | mesh.consent; } else { command.consent = mesh.consent; } // Add user consent
|
||||
if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
|
||||
command.username = user.name; // Add user name
|
||||
command.realname = user.realname; // Add real name
|
||||
if (user != null) {
|
||||
command.username = user.name; // Add user name
|
||||
command.realname = user.realname; // Add real name
|
||||
}
|
||||
if (typeof domain.desktopprivacybartext == 'string') { command.privacybartext = domain.desktopprivacybartext; } // Privacy bar text
|
||||
parent.parent.multiServer.DispatchMessageSingleServer(command, routing.serverid);
|
||||
return true;
|
||||
|
|
@ -285,7 +290,7 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
|
|||
if (u1 != null) { u1 = 'user/' + domain.id + '/' + parent.args.user.toLowerCase(); }
|
||||
if (u2 != null) { u2 = 'user/' + domain.id + '/' + parent.args.user.toLowerCase(); }
|
||||
}
|
||||
if (u1 != u2) {
|
||||
if ((u1 != u2) && (obj.nouser !== true) && (relayinfo.peer1.nouser !== true)) {
|
||||
ws.close();
|
||||
parent.parent.debug('relay', 'Relay auth mismatch (' + u1 + ' != ' + u2 + '): ' + obj.id + ' (' + obj.req.clientIp + ')');
|
||||
delete obj.id;
|
||||
|
|
@ -829,7 +834,7 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
|
|||
setExpireTimer();
|
||||
|
||||
// Mark this relay session as authenticated if this is the user end.
|
||||
obj.authenticated = (user != null);
|
||||
obj.authenticated = ((user != null) || (obj.nouser === true));
|
||||
if (obj.authenticated) {
|
||||
// To build the connection URL, if we are using a sub-domain or one with a DNS, we need to craft the URL correctly.
|
||||
var xdomain = (domain.dns == null) ? domain.id : '';
|
||||
|
|
@ -931,7 +936,7 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
|
|||
const node = docs[0];
|
||||
|
||||
// Check if this user has permission to manage this computer
|
||||
if ((parent.GetNodeRights(user, node.meshid, node._id) & MESHRIGHT_REMOTECONTROL) == 0) { console.log('ERR: Access denied (2)'); try { obj.close(); } catch (e) { } return; }
|
||||
if ((obj.nouser !== true) && ((parent.GetNodeRights(user, node.meshid, node._id) & MESHRIGHT_REMOTECONTROL) == 0)) { console.log('ERR: Access denied (2)'); try { obj.close(); } catch (e) { } return; }
|
||||
|
||||
// Set nodeid and meshid
|
||||
obj.nodeid = node._id;
|
||||
|
|
@ -939,8 +944,10 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
|
|||
|
||||
// Send connection request to agent
|
||||
if (obj.id == null) { obj.id = ('' + Math.random()).substring(2); }
|
||||
const rcookie = parent.parent.encodeCookie({ ruserid: user._id, nodeid: node._id }, parent.parent.loginCookieEncryptionKey);
|
||||
const command = { nodeid: node._id, action: 'msg', type: 'tunnel', userid: user._id, value: '*/' + xdomain + 'meshrelay.ashx?p=' + obj.req.query.p + '&id=' + obj.id + '&rauth=' + rcookie + '&nodeid=' + node._id, soptions: {}, rights: cookie.r, guestname: cookie.gn, consent: cookie.cf, remoteaddr: cleanRemoteAddr(obj.req.clientIp) };
|
||||
const rcookieData = { nodeid: node._id };
|
||||
if (user != null) { rcookieData.ruserid = user._id; } else if (obj.nouser === true) { rcookieData.nouser = 1; }
|
||||
const rcookie = parent.parent.encodeCookie(rcookieData, parent.parent.loginCookieEncryptionKey);
|
||||
const command = { nodeid: node._id, action: 'msg', type: 'tunnel', value: '*/' + xdomain + 'meshrelay.ashx?p=' + obj.req.query.p + '&id=' + obj.id + '&rauth=' + rcookie + '&nodeid=' + node._id, soptions: {}, rights: cookie.r, guestname: cookie.gn, consent: cookie.cf, remoteaddr: cleanRemoteAddr(obj.req.clientIp) };
|
||||
obj.guestname = cookie.gn;
|
||||
|
||||
// Limit what this relay connection can do
|
||||
|
|
@ -966,7 +973,7 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
|
|||
if (typeof domain.notificationmessages.files == 'string') { command.soptions.notifyMsgFiles = domain.notificationmessages.files; }
|
||||
}
|
||||
parent.parent.debug('relay', 'Relay: Sending agent tunnel command: ' + JSON.stringify(command));
|
||||
if (obj.sendAgentMessage(command, user._id, domain.id) == false) { delete obj.id; parent.parent.debug('relay', 'Relay: Unable to contact this agent (' + obj.req.clientIp + ')'); }
|
||||
if (obj.sendAgentMessage(command, user?user._id:null, domain.id) == false) { delete obj.id; parent.parent.debug('relay', 'Relay: Unable to contact this agent (' + obj.req.clientIp + ')'); }
|
||||
|
||||
performRelay(0);
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue