MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-04-27 05:14:55 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixed issue where if first remote desktop user was view-only, it would block all input in desktop multiplexor mode.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2021-08-04 21:12:51 -07:00
parent 736fffbe26
commit 90c7fc9854
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
meshdesktopmultiplex.js
View File

@ -989,6 +989,7 @@ function CreateMeshRelayEx2(parent, ws, req, domain, user, cookie) {
}; };
obj.sendAgentMessage = function (command, userid, domainid) { obj.sendAgentMessage = function (command, userid, domainid) {
console.log('sendAgentMessage');
var rights, mesh; var rights, mesh;
if (command.nodeid == null) return false; if (command.nodeid == null) return false;
var user = parent.users[userid]; var user = parent.users[userid];
@ -1006,6 +1007,7 @@ function CreateMeshRelayEx2(parent, ws, req, domain, user, cookie) {
if ((rights != null) && (mesh != null) || ((rights & 16) != 0)) { // TODO: 16 is console permission, may need more gradular permission checking if ((rights != null) && (mesh != null) || ((rights & 16) != 0)) { // TODO: 16 is console permission, may need more gradular permission checking
if (ws.sessionId) { command.sessionid = ws.sessionId; } // Set the session id, required for responses. if (ws.sessionId) { command.sessionid = ws.sessionId; } // Set the session id, required for responses.
command.rights = rights; // Add user rights flags to the message command.rights = rights; // Add user rights flags to the message
if ((command.rights != 0xFFFFFFFF) && ((command.rights & 0x100) != 0)) { command.rights -= 0x100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
if (typeof command.consent == 'number') { command.consent = command.consent | mesh.consent; } else { command.consent = mesh.consent; } // Add user consent if (typeof command.consent == 'number') { command.consent = command.consent | mesh.consent; } else { command.consent = mesh.consent; } // Add user consent
if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
command.username = user.name; // Add user name command.username = user.name; // Add user name
@ -1025,6 +1027,7 @@ function CreateMeshRelayEx2(parent, ws, req, domain, user, cookie) {
if (rights != null || ((rights & 16) != 0)) { // TODO: 16 is console permission, may need more gradular permission checking if (rights != null || ((rights & 16) != 0)) { // TODO: 16 is console permission, may need more gradular permission checking
if (ws.sessionId) { command.fromSessionid = ws.sessionId; } // Set the session id, required for responses. if (ws.sessionId) { command.fromSessionid = ws.sessionId; } // Set the session id, required for responses.
command.rights = rights; // Add user rights flags to the message command.rights = rights; // Add user rights flags to the message
if ((command.rights != 0xFFFFFFFF) && ((command.rights & 0x00000100) != 0)) { command.rights -= 0x00000100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
if (typeof command.consent == 'number') { command.consent = command.consent | mesh.consent; } else { command.consent = mesh.consent; } // Add user consent if (typeof command.consent == 'number') { command.consent = command.consent | mesh.consent; } else { command.consent = mesh.consent; } // Add user consent
if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
command.username = user.name; // Add user name command.username = user.name; // Add user name

11
meshuser.js
View File

@ -225,7 +225,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} }
// Route a command to a target node // Route a command to a target node
function routeCommandToNode(command, requiredRights, requiredNonRights, func) { function routeCommandToNode(command, requiredRights, requiredNonRights, func, options) {
if (common.validateString(command.nodeid, 8, 128) == false) { if (func) { func(false); } return false; } if (common.validateString(command.nodeid, 8, 128) == false) { if (func) { func(false); } return false; }
var splitnodeid = command.nodeid.split('/'); var splitnodeid = command.nodeid.split('/');
// Check that we are in the same domain and the user has rights over this node. // Check that we are in the same domain and the user has rights over this node.
@ -242,6 +242,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
command.sessionid = ws.sessionId; // Set the session id, required for responses command.sessionid = ws.sessionId; // Set the session id, required for responses
command.rights = rights; // Add user rights flags to the message command.rights = rights; // Add user rights flags to the message
if ((options != null) && (options.removeViewOnlyLimitation === true) && (command.rights != 0xFFFFFFFF) && ((command.rights & 0x100) != 0)) { command.rights -= 0x100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
command.consent = 0; command.consent = 0;
if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
if (typeof mesh.consent == 'number') { command.consent |= mesh.consent; } // Add device group user consent if (typeof mesh.consent == 'number') { command.consent |= mesh.consent; } // Add device group user consent
@ -284,6 +285,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if ((node != null) && (mesh != null) && ((rights & MESHRIGHT_REMOTECONTROL) || (rights & MESHRIGHT_REMOTEVIEWONLY))) { // 8 is remote control permission if ((node != null) && (mesh != null) && ((rights & MESHRIGHT_REMOTECONTROL) || (rights & MESHRIGHT_REMOTEVIEWONLY))) { // 8 is remote control permission
command.fromSessionid = ws.sessionId; // Set the session id, required for responses command.fromSessionid = ws.sessionId; // Set the session id, required for responses
command.rights = rights; // Add user rights flags to the message command.rights = rights; // Add user rights flags to the message
if ((options != null) && (options.removeViewOnlyLimitation === true) && (command.rights != 0xFFFFFFFF) && ((command.rights & 0x100) != 0)) { command.rights -= 0x100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
command.consent = 0; command.consent = 0;
if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
if (typeof mesh.consent == 'number') { command.consent |= mesh.consent; } // Add device group user consent if (typeof mesh.consent == 'number') { command.consent |= mesh.consent; } // Add device group user consent
@ -854,7 +856,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} }
// Rights check // Rights check
var requiredRights = null, requiredNonRights = null; var requiredRights = null, requiredNonRights = null, routingOptions = null;
// Complete the nodeid if needed // Complete the nodeid if needed
if (command.nodeid.indexOf('/') == -1) { command.nodeid = 'node/' + domain.id + '/' + command.nodeid; } if (command.nodeid.indexOf('/') == -1) { command.nodeid = 'node/' + domain.id + '/' + command.nodeid; }
@ -876,6 +878,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (url.query.p == '1') { requiredNonRights = MESHRIGHT_NOTERMINAL; } if (url.query.p == '1') { requiredNonRights = MESHRIGHT_NOTERMINAL; }
else if ((url.query.p == '4') || (url.query.p == '5')) { requiredNonRights = MESHRIGHT_NOFILES; } else if ((url.query.p == '4') || (url.query.p == '5')) { requiredNonRights = MESHRIGHT_NOFILES; }
// If we are using the desktop multiplexor, remove the VIEWONLY limitation. The multiplexor will take care of enforcing that limitation when needed.
if (((parent.parent.config.settings.desktopmultiplex === true) || (domain.desktopmultiplex === true)) && (url.query.p == '2')) { routingOptions = { removeViewOnlyLimitation: true }; }
// Add server TLS cert hash // Add server TLS cert hash
var tlsCertHash = null; var tlsCertHash = null;
if ((parent.parent.args.ignoreagenthashcheck == null) || (parent.parent.args.ignoreagenthashcheck === false)) { // TODO: If ignoreagenthashcheck is an array of IP addresses, not sure how to handle this. if ((parent.parent.args.ignoreagenthashcheck == null) || (parent.parent.args.ignoreagenthashcheck === false)) { // TODO: If ignoreagenthashcheck is an array of IP addresses, not sure how to handle this.
@ -910,7 +915,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (command.responseid != null) { func = function (r) { try { ws.send(JSON.stringify({ action: 'msg', result: r ? 'OK' : 'Unable to route', tag: command.tag, responseid: command.responseid })); } catch (ex) { } } } if (command.responseid != null) { func = function (r) { try { ws.send(JSON.stringify({ action: 'msg', result: r ? 'OK' : 'Unable to route', tag: command.tag, responseid: command.responseid })); } catch (ex) { } } }
// Route this command to a target node // Route this command to a target node
routeCommandToNode(command, requiredRights, requiredNonRights, func); routeCommandToNode(command, requiredRights, requiredNonRights, func, routingOptions);
break; break;
} }
case 'events': case 'events':