From 85f8db041b51755e9d8c9c50bb4b5c2e00350e2a Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Wed, 30 Jun 2021 00:01:44 -0700 Subject: [PATCH] Fixed desktop multiplexor view-only mode. --- agents/meshcore.js | 2 +- meshdesktopmultiplex.js | 32 +++++++++++++++++---- meshuser.js | 64 ++++++++++++++++++++--------------------- 3 files changed, 60 insertions(+), 38 deletions(-) diff --git a/agents/meshcore.js b/agents/meshcore.js index c9fefbe7..44c447ff 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -2156,7 +2156,7 @@ function onTunnelData(data) { this.pipe(this.httprequest.desktop.kvm, { dataTypeSkip: 1, end: false }); // 0 = Binary, 1 = Text. Pipe the Browser --> KVM input. } else { // We need to only pipe non-mouse & non-keyboard inputs. - //sendConsoleText('Warning: No Remote Desktop Input Rights.'); + // sendConsoleText('Warning: No Remote Desktop Input Rights.'); // TODO!!! } diff --git a/meshdesktopmultiplex.js b/meshdesktopmultiplex.js index e3510465..72cbc951 100644 --- a/meshdesktopmultiplex.js +++ b/meshdesktopmultiplex.js @@ -339,6 +339,12 @@ function CreateDesktopMultiplexor(parent, domain, nodeid, func) { for (var i in obj.viewers) { obj.sendToViewer(obj.viewers[i], data); } } + // Send this command to all viewers + obj.sendToAllInputViewers = function (data) { + if (obj.viewers == null) return; + for (var i in obj.viewers) { if (obj.viewers[i].viewOnly != true) { obj.sendToViewer(obj.viewers[i], data); } } + } + // Send data to the viewer or queue it up for sending obj.sendToViewer = function (viewer, data) { if ((viewer == null) || (obj.viewers == null)) return; @@ -665,10 +671,10 @@ function CreateDesktopMultiplexor(parent, domain, nodeid, func) { case 11: // GetDisplays // Store and send this to all viewers right away obj.lastDisplayInfoData = data; - obj.sendToAllViewers(data); + obj.sendToAllInputViewers(data); break; case 12: // SetDisplay - obj.sendToAllViewers(data); + obj.sendToAllInputViewers(data); break; case 14: // KVM_INIT_TOUCH break; @@ -688,16 +694,16 @@ function CreateDesktopMultiplexor(parent, domain, nodeid, func) { // Display information if ((data.length < 14) || (((data.length - 4) % 10) != 0)) break; // Command must be 14 bytes and have header + 10 byte for each display. obj.lastDisplayLocationData = data; - obj.sendToAllViewers(data); + obj.sendToAllInputViewers(data); break; case 87: // MNG_KVM_INPUT_LOCK // Send this to all viewers right away // This will update all views on the current state of the input lock - obj.sendToAllViewers(data); + obj.sendToAllInputViewers(data); break; case 88: // MNG_KVM_MOUSE_CURSOR // Send this to all viewers right away - obj.sendToAllViewers(data); + obj.sendToAllInputViewers(data); break; default: console.log('Un-handled agent command: ' + command); @@ -915,6 +921,22 @@ function CreateMeshRelayEx2(parent, ws, req, domain, user, cookie) { // If there is no authentication, drop this connection if ((obj.id != null) && (obj.user == null) && (obj.ruserid == null)) { try { ws.close(); parent.parent.debug('relay', 'DesktopRelay: Connection with no authentication (' + obj.req.clientIp + ')'); } catch (e) { console.log(e); } return; } + // Check if this user has input access on the device + if ((obj.user != null) && (obj.viewOnly == false)) { + obj.viewOnly = true; // Set a view only for now until we figure out otherwise + parent.db.Get(obj.nodeid, function (err, docs) { + if (obj.req == null) return; // This connection was closed. + if (docs.length == 0) { console.log('ERR: Node not found'); try { obj.close(); } catch (e) { } return; } // Disconnect websocket + const node = docs[0]; + + // Check if this user has permission to manage this computer + const rights = parent.GetNodeRights(obj.user, node.meshid, node._id); + if ((rights & 0x00000008) == 0) { try { obj.close(); } catch (e) { } return; } // Check MESHRIGHT_ADMIN or MESHRIGHT_REMOTECONTROL + if ((rights != 0xFFFFFFFF) && ((rights & 0x00010000) != 0)) { try { obj.close(); } catch (e) { } return; } // Check MESHRIGHT_NODESKTOP + if ((rights == 0xFFFFFFFF) || ((rights & 0x00000100) == 0)) { obj.viewOnly = false; } // Check MESHRIGHT_REMOTEVIEWONLY + }); + } + // Relay session count (we may remove this in the future) obj.relaySessionCounted = true; parent.relaySessionCount++; diff --git a/meshuser.js b/meshuser.js index 34b3219f..48c72017 100644 --- a/meshuser.js +++ b/meshuser.js @@ -31,41 +31,41 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use const USERCONSENT_ShowConnectionToolbar = 64; // Mesh Rights - const MESHRIGHT_EDITMESH = 0x00000001; - const MESHRIGHT_MANAGEUSERS = 0x00000002; - const MESHRIGHT_MANAGECOMPUTERS = 0x00000004; - const MESHRIGHT_REMOTECONTROL = 0x00000008; - const MESHRIGHT_AGENTCONSOLE = 0x00000010; - const MESHRIGHT_SERVERFILES = 0x00000020; - const MESHRIGHT_WAKEDEVICE = 0x00000040; - const MESHRIGHT_SETNOTES = 0x00000080; - const MESHRIGHT_REMOTEVIEWONLY = 0x00000100; - const MESHRIGHT_NOTERMINAL = 0x00000200; - const MESHRIGHT_NOFILES = 0x00000400; - const MESHRIGHT_NOAMT = 0x00000800; - const MESHRIGHT_DESKLIMITEDINPUT = 0x00001000; - const MESHRIGHT_LIMITEVENTS = 0x00002000; - const MESHRIGHT_CHATNOTIFY = 0x00004000; - const MESHRIGHT_UNINSTALL = 0x00008000; - const MESHRIGHT_NODESKTOP = 0x00010000; - const MESHRIGHT_REMOTECOMMAND = 0x00020000; - const MESHRIGHT_RESETOFF = 0x00040000; - const MESHRIGHT_GUESTSHARING = 0x00080000; + const MESHRIGHT_EDITMESH = 0x00000001; // 1 + const MESHRIGHT_MANAGEUSERS = 0x00000002; // 2 + const MESHRIGHT_MANAGECOMPUTERS = 0x00000004; // 4 + const MESHRIGHT_REMOTECONTROL = 0x00000008; // 8 + const MESHRIGHT_AGENTCONSOLE = 0x00000010; // 16 + const MESHRIGHT_SERVERFILES = 0x00000020; // 32 + const MESHRIGHT_WAKEDEVICE = 0x00000040; // 64 + const MESHRIGHT_SETNOTES = 0x00000080; // 128 + const MESHRIGHT_REMOTEVIEWONLY = 0x00000100; // 256 + const MESHRIGHT_NOTERMINAL = 0x00000200; // 512 + const MESHRIGHT_NOFILES = 0x00000400; // 1024 + const MESHRIGHT_NOAMT = 0x00000800; // 2048 + const MESHRIGHT_DESKLIMITEDINPUT = 0x00001000; // 4096 + const MESHRIGHT_LIMITEVENTS = 0x00002000; // 8192 + const MESHRIGHT_CHATNOTIFY = 0x00004000; // 16384 + const MESHRIGHT_UNINSTALL = 0x00008000; // 32768 + const MESHRIGHT_NODESKTOP = 0x00010000; // 65536 + const MESHRIGHT_REMOTECOMMAND = 0x00020000; // 131072 + const MESHRIGHT_RESETOFF = 0x00040000; // 262144 + const MESHRIGHT_GUESTSHARING = 0x00080000; // 524288 const MESHRIGHT_ADMIN = 0xFFFFFFFF; // Site rights - const SITERIGHT_SERVERBACKUP = 0x00000001; - const SITERIGHT_MANAGEUSERS = 0x00000002; - const SITERIGHT_SERVERRESTORE = 0x00000004; - const SITERIGHT_FILEACCESS = 0x00000008; - const SITERIGHT_SERVERUPDATE = 0x00000010; - const SITERIGHT_LOCKED = 0x00000020; - const SITERIGHT_NONEWGROUPS = 0x00000040; - const SITERIGHT_NOMESHCMD = 0x00000080; - const SITERIGHT_USERGROUPS = 0x00000100; - const SITERIGHT_RECORDINGS = 0x00000200; - const SITERIGHT_LOCKSETTINGS = 0x00000400; - const SITERIGHT_ALLEVENTS = 0x00000800; + const SITERIGHT_SERVERBACKUP = 0x00000001; // 1 + const SITERIGHT_MANAGEUSERS = 0x00000002; // 2 + const SITERIGHT_SERVERRESTORE = 0x00000004; // 4 + const SITERIGHT_FILEACCESS = 0x00000008; // 8 + const SITERIGHT_SERVERUPDATE = 0x00000010; // 16 + const SITERIGHT_LOCKED = 0x00000020; // 32 + const SITERIGHT_NONEWGROUPS = 0x00000040; // 64 + const SITERIGHT_NOMESHCMD = 0x00000080; // 128 + const SITERIGHT_USERGROUPS = 0x00000100; // 256 + const SITERIGHT_RECORDINGS = 0x00000200; // 512 + const SITERIGHT_LOCKSETTINGS = 0x00000400; // 1024 + const SITERIGHT_ALLEVENTS = 0x00000800; // 2048 const SITERIGHT_ADMIN = 0xFFFFFFFF; // Events