unEscape ssh/rdp creds from db (#6001)

Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-04-09 11:47:32 +01:00 · 2024-04-09 11:47:32 +01:00 · 4ba08a96f7
parent 548edd13d6
commit 4ba08a96f7
2 changed files with 7 additions and 3 deletions
--- a/apprelays.js
+++ b/apprelays.js
@ -983,6 +983,7 @@ module.exports.CreateMstscRelay = function (parent, db, ws, req, args, domain) {
                        if ((node == null) || (visible == false) || ((rights & MESHRIGHT_REMOTECONTROL) == 0)) { obj.close(); return; }
                        if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_REMOTEVIEWONLY) != 0)) { obj.viewonly = true; }
                        if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_DESKLIMITEDINPUT) != 0)) { obj.limitedinput = true; }
+                        node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials
                        obj.mtype = node.mtype; // Store the device group type
                        obj.meshid = node.meshid; // Store the MeshID

@ -1315,7 +1316,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
                            // Check if we have SSH credentials for this device
                            parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) {
                                if ((err != null) || (nodes == null) || (nodes.length != 1)) return;
-                                const node = nodes[0];
+                                const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials
                                if ((domain.allowsavingdevicecredentials === false) || (node.ssh == null) || (typeof node.ssh != 'object') || (node.ssh[obj.userid] == null) || (typeof node.ssh[obj.userid].u != 'string') || ((typeof node.ssh[obj.userid].p != 'string') && (typeof node.ssh[obj.userid].k != 'string'))) {
                                    // Send a request for SSH authentication
                                    try { ws.send(JSON.stringify({ action: 'sshauth' })) } catch (ex) { }
@ -1363,7 +1364,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
                        obj.termSize = msg;
                        parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) {
                            if ((err != null) || (nodes == null) || (nodes.length != 1)) return;
-                            const node = nodes[0];
+                            const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials
                            if (node.ssh != null) {
                                obj.username = node.ssh.u;
                                obj.privateKey = node.ssh.k;
@ -1405,7 +1406,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
    parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) {
        if (obj.cookie == null) return; // obj has been cleaned up, just exit.
        if ((err != null) || (nodes == null) || (nodes.length != 1)) { parent.parent.debug('relay', 'SSH: Invalid device'); obj.close(); }
-        const node = nodes[0];
+        const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials
        obj.nodeid = node._id; // Store the NodeID
        obj.meshid = node.meshid; // Store the MeshID
        obj.mtype = node.mtype; // Store the device group type
@ -1738,6 +1739,7 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
    if ((user == null) || (req.query.nodeid == null)) { obj.close(); return; } // Invalid nodeid
    parent.GetNodeWithRights(domain, user, req.query.nodeid, function (node, rights, visible) {
        if (obj.ws == null) return; // obj has been cleaned up, just exit.
+        node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials

        // Check permissions
        if ((rights & 8) == 0) { obj.close(); return; } // No MESHRIGHT_REMOTECONTROL rights
@ -2267,6 +2269,7 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user
    if ((user == null) || (req.query.nodeid == null)) { obj.close(); return; } // Invalid nodeid
    parent.GetNodeWithRights(domain, user, req.query.nodeid, function (node, rights, visible) {
        if (obj.ws == null) return; // obj has been cleaned up, just exit.
+        node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials

        // Check permissions
        if ((rights & 8) == 0) { obj.close(); return; } // No MESHRIGHT_REMOTECONTROL rights
--- a/meshuser.js
+++ b/meshuser.js
@ -3226,6 +3226,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                            if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'changedevice', responseid: command.responseid, result: 'Access Denied' })); } catch (ex) { } }
                            return;
                        }
+                        node = common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials
                        var mesh = parent.meshes[node.meshid], amtchange = 0;

                        // Ready the node change event