mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-25 22:55:52 -05:00
Fixed Web-RDP when a default user is set and no users are logged in.
This commit is contained in:
parent
7ccf0993e9
commit
0637412d1b
12
apprelays.js
12
apprelays.js
@ -244,6 +244,8 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
|
||||
if (i > 0) { baseurl = req.url.substring(0, i); }
|
||||
if (baseurl.endsWith('/.websocket')) { req.url = baseurl.substring(0, baseurl.length - 11) + ((i < 1) ? '' : req.url.substring(i)); }
|
||||
|
||||
//console.log('processWebSocket', obj.tunnelId, req.url);
|
||||
|
||||
// Construct the HTTP request and send it out
|
||||
var request = req.method + ' ' + req.url + ' HTTP/' + req.httpVersion + '\r\n';
|
||||
request += 'host: ' + obj.addr + ':' + obj.port + '\r\n';
|
||||
@ -287,6 +289,7 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
|
||||
for (var i = 0; i < payload.length; i++) { payload[i] = (payload[i] ^ mask[i % 4]); }
|
||||
|
||||
// Send the frame
|
||||
//console.log(obj.tunnelId, '-->', op, payload.length);
|
||||
send(Buffer.concat([header, payload]));
|
||||
});
|
||||
obj.ws.on('close', function () { obj.close(); });
|
||||
@ -502,6 +505,7 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
|
||||
const op = buf[0] & 0x0F;
|
||||
const mask = ((buf[1] & 0x80) != 0);
|
||||
var len = buf[1] & 0x7F;
|
||||
//console.log(obj.tunnelId, 'fin: ' + fin + ', rsv: ' + rsv + ', op: ' + op + ', len: ' + len);
|
||||
|
||||
// Calculate the total length
|
||||
var payload = null;
|
||||
@ -513,16 +517,16 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
|
||||
} else if (len == 126) {
|
||||
// 2 byte length
|
||||
if (buf.length < 4) return;
|
||||
len = buf.readInt16BE(2);
|
||||
len = buf.readUInt16BE(2);
|
||||
if (buf.length < (4 + len)) return; // Insuffisent data
|
||||
payload = buf.slice(4, 4 + len);
|
||||
obj.socketAccumulator = obj.socketAccumulator.substring(4 + len); // Remove data from accumulator
|
||||
} if (len == 127) {
|
||||
// 8 byte length
|
||||
if (buf.length < 10) return;
|
||||
len = buf.readInt32BE(2);
|
||||
len = buf.readUInt32BE(2);
|
||||
if (len > 0) { obj.close(); return; } // This frame is larger than 4 gigabyte, close the connection.
|
||||
len = buf.readInt32BE(6);
|
||||
len = buf.readUInt32BE(6);
|
||||
if (buf.length < (10 + len)) return; // Insuffisent data
|
||||
payload = buf.slice(10, 10 + len);
|
||||
obj.socketAccumulator = obj.socketAccumulator.substring(10 + len); // Remove data from accumulator
|
||||
@ -533,6 +537,7 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
|
||||
if ((mask == true) || (rsv == true)) { obj.close(); return; }
|
||||
|
||||
// TODO: If FIN is not set, we need to add support for continue frames
|
||||
//console.log(obj.tunnelId, '<--', op, payload ? payload.length : 0);
|
||||
|
||||
// Perform operation
|
||||
switch (op) {
|
||||
@ -585,6 +590,7 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
|
||||
else if (blockHeaders.indexOf(i) == -1) { obj.res.set(i, header[i]); } // Set the headers if not blocked
|
||||
}
|
||||
obj.res.set('Content-Security-Policy', "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;"); // Set an "allow all" policy, see if the can restrict this in the future
|
||||
obj.res.set('Cache-Control', 'no-cache'); // Tell the browser not to cache the responses since since the relay port can be used for many relays
|
||||
}
|
||||
|
||||
// If there is data, send it
|
||||
|
10
webserver.js
10
webserver.js
@ -6072,7 +6072,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
obj.app.ws(url + 'mstscrelay.ashx', function (ws, req) {
|
||||
const domain = getDomain(req);
|
||||
if (domain == null) { parent.debug('web', 'mstsc: failed checks.'); try { ws.close(); } catch (e) { } return; }
|
||||
require('./apprelays.js').CreateMstscRelay(obj, obj.db, ws, req, obj.args, domain);
|
||||
// If no user is logged in and we have a default user, set it now.
|
||||
if ((req.session.userid == null) && (typeof obj.args.user == 'string') && (obj.users['user/' + domain.id + '/' + obj.args.user.toLowerCase()])) { req.session.userid = 'user/' + domain.id + '/' + obj.args.user.toLowerCase(); }
|
||||
try { require('./apprelays.js').CreateMstscRelay(obj, obj.db, ws, req, obj.args, domain); } catch (ex) { console.log(ex); }
|
||||
});
|
||||
}
|
||||
|
||||
@ -6082,9 +6084,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
obj.app.ws(url + 'sshrelay.ashx', function (ws, req) {
|
||||
const domain = getDomain(req);
|
||||
if (domain == null) { parent.debug('web', 'ssh: failed checks.'); try { ws.close(); } catch (e) { } return; }
|
||||
try {
|
||||
require('./apprelays.js').CreateSshRelay(obj, obj.db, ws, req, obj.args, domain);
|
||||
} catch (ex) { console.log(ex); }
|
||||
// If no user is logged in and we have a default user, set it now.
|
||||
if ((req.session.userid == null) && (typeof obj.args.user == 'string') && (obj.users['user/' + domain.id + '/' + obj.args.user.toLowerCase()])) { req.session.userid = 'user/' + domain.id + '/' + obj.args.user.toLowerCase(); }
|
||||
try { require('./apprelays.js').CreateSshRelay(obj, obj.db, ws, req, obj.args, domain); } catch (ex) { console.log(ex); }
|
||||
});
|
||||
obj.app.ws(url + 'sshterminalrelay.ashx', function (ws, req) {
|
||||
PerformWSSessionAuth(ws, req, true, function (ws1, req1, domain, user, cookie, authData) {
|
||||
|
Loading…
Reference in New Issue
Block a user