mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 22:25:52 -05:00
Updated packages, new agent rights enforcement
This commit is contained in:
parent
d636b76da6
commit
d968fd8f0f
@ -21,6 +21,17 @@ process.on('uncaughtException', function (ex) {
|
|||||||
|
|
||||||
//attachDebugger({ webport: 9999, wait: 1 }).then(function (prt) { console.log('Point Browser for Debug to port: ' + prt); });
|
//attachDebugger({ webport: 9999, wait: 1 }).then(function (prt) { console.log('Point Browser for Debug to port: ' + prt); });
|
||||||
|
|
||||||
|
// Mesh Rights
|
||||||
|
const MESHRIGHT_EDITMESH = 1;
|
||||||
|
const MESHRIGHT_MANAGEUSERS = 2;
|
||||||
|
const MESHRIGHT_MANAGECOMPUTERS = 4;
|
||||||
|
const MESHRIGHT_REMOTECONTROL = 8;
|
||||||
|
const MESHRIGHT_AGENTCONSOLE = 16;
|
||||||
|
const MESHRIGHT_SERVERFILES = 32;
|
||||||
|
const MESHRIGHT_WAKEDEVICE = 64;
|
||||||
|
const MESHRIGHT_SETNOTES = 128;
|
||||||
|
const MESHRIGHT_REMOTEVIEW = 256;
|
||||||
|
|
||||||
function createMeshCore(agent) {
|
function createMeshCore(agent) {
|
||||||
var obj = {};
|
var obj = {};
|
||||||
|
|
||||||
@ -414,11 +425,11 @@ function createMeshCore(agent) {
|
|||||||
tunnel.tcpport = data.tcpport;
|
tunnel.tcpport = data.tcpport;
|
||||||
tunnel.end();
|
tunnel.end();
|
||||||
// Put the tunnel in the tunnels list
|
// Put the tunnel in the tunnels list
|
||||||
var index = nextTunnelIndex++;;
|
var index = nextTunnelIndex++;
|
||||||
tunnel.index = index;
|
tunnel.index = index;
|
||||||
tunnels[index] = tunnel;
|
tunnels[index] = tunnel;
|
||||||
|
|
||||||
sendConsoleText('New tunnel connection #' + index + ': ' + tunnel.url + ', rights: ' + tunnel.rights, data.sessionid);
|
//sendConsoleText('New tunnel connection #' + index + ': ' + tunnel.url + ', rights: ' + tunnel.rights, data.sessionid);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -554,7 +565,7 @@ function createMeshCore(agent) {
|
|||||||
|
|
||||||
function onTunnelClosed() {
|
function onTunnelClosed() {
|
||||||
if (tunnels[this.httprequest.index] == null) return; // Stop duplicate calls.
|
if (tunnels[this.httprequest.index] == null) return; // Stop duplicate calls.
|
||||||
sendConsoleText("Tunnel #" + this.httprequest.index + " closed.", this.httprequest.sessionid);
|
//sendConsoleText("Tunnel #" + this.httprequest.index + " closed.", this.httprequest.sessionid);
|
||||||
delete tunnels[this.httprequest.index];
|
delete tunnels[this.httprequest.index];
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -584,7 +595,7 @@ function createMeshCore(agent) {
|
|||||||
// Clean up WebSocket
|
// Clean up WebSocket
|
||||||
this.removeAllListeners('data');
|
this.removeAllListeners('data');
|
||||||
}
|
}
|
||||||
function onTunnelSendOk() { sendConsoleText("Tunnel #" + this.index + " SendOK.", this.sessionid); }
|
function onTunnelSendOk() { /*sendConsoleText("Tunnel #" + this.index + " SendOK.", this.sessionid);*/ }
|
||||||
function onTunnelData(data) {
|
function onTunnelData(data) {
|
||||||
//console.log("OnTunnelData");
|
//console.log("OnTunnelData");
|
||||||
//sendConsoleText('OnTunnelData, ' + data.length + ', ' + typeof data + ', ' + data);
|
//sendConsoleText('OnTunnelData, ' + data.length + ', ' + typeof data + ', ' + data);
|
||||||
@ -608,7 +619,7 @@ function createMeshCore(agent) {
|
|||||||
|
|
||||||
if (this.httprequest.state == 0) {
|
if (this.httprequest.state == 0) {
|
||||||
// Check if this is a relay connection
|
// Check if this is a relay connection
|
||||||
if (data == 'c') { this.httprequest.state = 1; sendConsoleText("Tunnel #" + this.httprequest.index + " now active", this.httprequest.sessionid); }
|
if (data == 'c') { this.httprequest.state = 1; /*sendConsoleText("Tunnel #" + this.httprequest.index + " now active", this.httprequest.sessionid);*/ }
|
||||||
} else {
|
} else {
|
||||||
// Handle tunnel data
|
// Handle tunnel data
|
||||||
if (this.httprequest.protocol == 0) { // 1 = SOL, 2 = KVM, 3 = IDER, 4 = Files, 5 = FileTransfer
|
if (this.httprequest.protocol == 0) { // 1 = SOL, 2 = KVM, 3 = IDER, 4 = Files, 5 = FileTransfer
|
||||||
@ -616,12 +627,21 @@ function createMeshCore(agent) {
|
|||||||
this.httprequest.protocol = parseInt(data);
|
this.httprequest.protocol = parseInt(data);
|
||||||
if (typeof this.httprequest.protocol != 'number') { this.httprequest.protocol = 0; }
|
if (typeof this.httprequest.protocol != 'number') { this.httprequest.protocol = 0; }
|
||||||
if (this.httprequest.protocol == 1) {
|
if (this.httprequest.protocol == 1) {
|
||||||
|
// Check user access rights
|
||||||
|
if ((this.httprequest.rights & MESHRIGHT_REMOTECONTROL) == 0) {
|
||||||
|
// Disengage this tunnel, user does not have the rights to do this!!
|
||||||
|
this.httprequest.protocol = 999999;
|
||||||
|
sendConsoleText('Error: No Remote Control Rights.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Remote terminal using native pipes
|
// Remote terminal using native pipes
|
||||||
if (process.platform == "win32") {
|
if (process.platform == "win32") {
|
||||||
this.httprequest.process = childProcess.execFile("%windir%\\system32\\cmd.exe");
|
this.httprequest.process = childProcess.execFile("%windir%\\system32\\cmd.exe");
|
||||||
} else {
|
} else {
|
||||||
this.httprequest.process = childProcess.execFile("/bin/sh", ["sh"], { type: childProcess.SpawnTypes.TERM });
|
this.httprequest.process = childProcess.execFile("/bin/sh", ["sh"], { type: childProcess.SpawnTypes.TERM });
|
||||||
}
|
}
|
||||||
|
|
||||||
this.httprequest.process.tunnel = this;
|
this.httprequest.process.tunnel = this;
|
||||||
this.httprequest.process.on('exit', function (ecode, sig) { this.tunnel.end(); });
|
this.httprequest.process.on('exit', function (ecode, sig) { this.tunnel.end(); });
|
||||||
this.httprequest.process.stderr.on('data', function (chunk) { this.parent.tunnel.write(chunk); });
|
this.httprequest.process.stderr.on('data', function (chunk) { this.parent.tunnel.write(chunk); });
|
||||||
@ -634,6 +654,14 @@ function createMeshCore(agent) {
|
|||||||
if (process.platform == 'linux') { this.httprequest.process.stdin.write("stty erase ^H\nalias ls='ls --color=auto'\nclear\n"); }
|
if (process.platform == 'linux') { this.httprequest.process.stdin.write("stty erase ^H\nalias ls='ls --color=auto'\nclear\n"); }
|
||||||
} else if (this.httprequest.protocol == 2)
|
} else if (this.httprequest.protocol == 2)
|
||||||
{
|
{
|
||||||
|
// Check user access rights
|
||||||
|
if (((this.httprequest.rights & MESHRIGHT_REMOTECONTROL) == 0) && ((this.httprequest.rights & MESHRIGHT_REMOTEVIEW) == 0)) {
|
||||||
|
// Disengage this tunnel, user does not have the rights to do this!!
|
||||||
|
this.httprequest.protocol = 999999;
|
||||||
|
sendConsoleText('Error: No Remote Control Rights.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Remote desktop using native pipes
|
// Remote desktop using native pipes
|
||||||
this.httprequest.desktop = { state: 0, kvm: mesh.getRemoteDesktopStream(), tunnel: this };
|
this.httprequest.desktop = { state: 0, kvm: mesh.getRemoteDesktopStream(), tunnel: this };
|
||||||
this.httprequest.desktop.kvm.parent = this.httprequest.desktop;
|
this.httprequest.desktop.kvm.parent = this.httprequest.desktop;
|
||||||
@ -653,12 +681,29 @@ function createMeshCore(agent) {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
if (this.httprequest.desktop.kvm.hasOwnProperty("connectionCount")) { this.httprequest.desktop.kvm.connectionCount++; } else { this.httprequest.desktop.kvm.connectionCount = 1; }
|
if (this.httprequest.desktop.kvm.hasOwnProperty("connectionCount")) { this.httprequest.desktop.kvm.connectionCount++; } else { this.httprequest.desktop.kvm.connectionCount = 1; }
|
||||||
this.pipe(this.httprequest.desktop.kvm, { dataTypeSkip: 1, end: false }); // 0 = Binary, 1 = Text.
|
|
||||||
this.httprequest.desktop.kvm.pipe(this, { dataTypeSkip: 1 }); // 0 = Binary, 1 = Text.
|
//sendConsoleText('KVM Rights: ' + this.httprequest.rights);
|
||||||
|
if ((this.httprequest.rights & MESHRIGHT_REMOTECONTROL) != 0) {
|
||||||
|
// If we have remote control rights, pipe the KVM input
|
||||||
|
this.pipe(this.httprequest.desktop.kvm, { dataTypeSkip: 1, end: false }); // 0 = Binary, 1 = Text. Pipe the Browser --> KVM input.
|
||||||
|
} else {
|
||||||
|
// We need to only pipe non-mouse & non-keyboard inputs.
|
||||||
|
// TODO!!!
|
||||||
|
}
|
||||||
|
|
||||||
|
this.httprequest.desktop.kvm.pipe(this, { dataTypeSkip: 1 }); // 0 = Binary, 1 = Text. Pipe the KVM --> Browser images.
|
||||||
this.removeAllListeners('data');
|
this.removeAllListeners('data');
|
||||||
this.on('data', onTunnelControlData);
|
this.on('data', onTunnelControlData);
|
||||||
//this.write('MeshCore KVM Hello!1');
|
//this.write('MeshCore KVM Hello!1');
|
||||||
} else if (this.httprequest.protocol == 5) {
|
} else if (this.httprequest.protocol == 5) {
|
||||||
|
// Check user access rights
|
||||||
|
if ((this.httprequest.rights & MESHRIGHT_REMOTECONTROL) == 0) {
|
||||||
|
// Disengage this tunnel, user does not have the rights to do this!!
|
||||||
|
this.httprequest.protocol = 999999;
|
||||||
|
sendConsoleText('Error: No Remote Control Rights.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Setup files
|
// Setup files
|
||||||
// NOP
|
// NOP
|
||||||
}
|
}
|
||||||
|
@ -35,6 +35,7 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie
|
|||||||
const MESHRIGHT_SERVERFILES = 32;
|
const MESHRIGHT_SERVERFILES = 32;
|
||||||
const MESHRIGHT_WAKEDEVICE = 64;
|
const MESHRIGHT_WAKEDEVICE = 64;
|
||||||
const MESHRIGHT_SETNOTES = 128;
|
const MESHRIGHT_SETNOTES = 128;
|
||||||
|
const MESHRIGHT_REMOTEVIEW = 256;
|
||||||
|
|
||||||
// Site rights
|
// Site rights
|
||||||
const SITERIGHT_SERVERBACKUP = 1;
|
const SITERIGHT_SERVERBACKUP = 1;
|
||||||
|
1487
package-lock.json
generated
Normal file
1487
package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load Diff
17
package.json
17
package.json
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "meshcentral",
|
"name": "meshcentral",
|
||||||
"version": "0.2.3-g",
|
"version": "0.2.3-h",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"Remote Management",
|
"Remote Management",
|
||||||
"Intel AMT",
|
"Intel AMT",
|
||||||
@ -28,19 +28,20 @@
|
|||||||
"dependencies": {
|
"dependencies": {
|
||||||
"archiver": "^1.3.0",
|
"archiver": "^1.3.0",
|
||||||
"body-parser": "^1.18.2",
|
"body-parser": "^1.18.2",
|
||||||
"compression": "^1.7.1",
|
"compression": "^1.7.3",
|
||||||
"connect-redis": "^3.3.3",
|
"connect-redis": "^3.4.0",
|
||||||
"cookie-session": "^2.0.0-beta.3",
|
"cookie-session": "^2.0.0-beta.3",
|
||||||
"express": "^4.16.2",
|
"express": "^4.16.4",
|
||||||
"express-handlebars": "^3.0.0",
|
"express-handlebars": "^3.0.0",
|
||||||
"express-session": "^1.15.6",
|
"express-session": "^1.15.6",
|
||||||
"express-ws": "^2.0.0",
|
"express-ws": "^3.0.0",
|
||||||
"meshcentral": "*",
|
"meshcentral": "*",
|
||||||
"minimist": "^1.2.0",
|
"minimist": "^1.2.0",
|
||||||
"multiparty": "^4.1.3",
|
"multiparty": "^4.2.1",
|
||||||
"nedb": "^1.8.0",
|
"nedb": "^1.8.0",
|
||||||
"node-forge": "^0.6.49",
|
"node-forge": "^0.7.6",
|
||||||
"ws": "^3.3.3",
|
"node-windows": "^0.1.14",
|
||||||
|
"ws": "^6.1.2",
|
||||||
"xmldom": "^0.1.27",
|
"xmldom": "^0.1.27",
|
||||||
"yauzl": "^2.9.1"
|
"yauzl": "^2.9.1"
|
||||||
},
|
},
|
||||||
|
Loading…
Reference in New Issue
Block a user