Updated packages, new agent rights enforcement

This commit is contained in:
Ylian Saint-Hilaire 2018-11-27 17:13:01 -08:00
parent d636b76da6
commit d968fd8f0f
4 changed files with 1549 additions and 15 deletions

View File

@ -21,6 +21,17 @@ process.on('uncaughtException', function (ex) {
//attachDebugger({ webport: 9999, wait: 1 }).then(function (prt) { console.log('Point Browser for Debug to port: ' + prt); });
// Mesh Rights
const MESHRIGHT_EDITMESH = 1;
const MESHRIGHT_MANAGEUSERS = 2;
const MESHRIGHT_MANAGECOMPUTERS = 4;
const MESHRIGHT_REMOTECONTROL = 8;
const MESHRIGHT_AGENTCONSOLE = 16;
const MESHRIGHT_SERVERFILES = 32;
const MESHRIGHT_WAKEDEVICE = 64;
const MESHRIGHT_SETNOTES = 128;
const MESHRIGHT_REMOTEVIEW = 256;
function createMeshCore(agent) {
var obj = {};
@ -414,11 +425,11 @@ function createMeshCore(agent) {
tunnel.tcpport = data.tcpport;
tunnel.end();
// Put the tunnel in the tunnels list
var index = nextTunnelIndex++;;
var index = nextTunnelIndex++;
tunnel.index = index;
tunnels[index] = tunnel;
sendConsoleText('New tunnel connection #' + index + ': ' + tunnel.url + ', rights: ' + tunnel.rights, data.sessionid);
//sendConsoleText('New tunnel connection #' + index + ': ' + tunnel.url + ', rights: ' + tunnel.rights, data.sessionid);
}
}
break;
@ -554,7 +565,7 @@ function createMeshCore(agent) {
function onTunnelClosed() {
if (tunnels[this.httprequest.index] == null) return; // Stop duplicate calls.
sendConsoleText("Tunnel #" + this.httprequest.index + " closed.", this.httprequest.sessionid);
//sendConsoleText("Tunnel #" + this.httprequest.index + " closed.", this.httprequest.sessionid);
delete tunnels[this.httprequest.index];
/*
@ -584,7 +595,7 @@ function createMeshCore(agent) {
// Clean up WebSocket
this.removeAllListeners('data');
}
function onTunnelSendOk() { sendConsoleText("Tunnel #" + this.index + " SendOK.", this.sessionid); }
function onTunnelSendOk() { /*sendConsoleText("Tunnel #" + this.index + " SendOK.", this.sessionid);*/ }
function onTunnelData(data) {
//console.log("OnTunnelData");
//sendConsoleText('OnTunnelData, ' + data.length + ', ' + typeof data + ', ' + data);
@ -608,7 +619,7 @@ function createMeshCore(agent) {
if (this.httprequest.state == 0) {
// Check if this is a relay connection
if (data == 'c') { this.httprequest.state = 1; sendConsoleText("Tunnel #" + this.httprequest.index + " now active", this.httprequest.sessionid); }
if (data == 'c') { this.httprequest.state = 1; /*sendConsoleText("Tunnel #" + this.httprequest.index + " now active", this.httprequest.sessionid);*/ }
} else {
// Handle tunnel data
if (this.httprequest.protocol == 0) { // 1 = SOL, 2 = KVM, 3 = IDER, 4 = Files, 5 = FileTransfer
@ -616,12 +627,21 @@ function createMeshCore(agent) {
this.httprequest.protocol = parseInt(data);
if (typeof this.httprequest.protocol != 'number') { this.httprequest.protocol = 0; }
if (this.httprequest.protocol == 1) {
// Check user access rights
if ((this.httprequest.rights & MESHRIGHT_REMOTECONTROL) == 0) {
// Disengage this tunnel, user does not have the rights to do this!!
this.httprequest.protocol = 999999;
sendConsoleText('Error: No Remote Control Rights.');
return;
}
// Remote terminal using native pipes
if (process.platform == "win32") {
this.httprequest.process = childProcess.execFile("%windir%\\system32\\cmd.exe");
} else {
this.httprequest.process = childProcess.execFile("/bin/sh", ["sh"], { type: childProcess.SpawnTypes.TERM });
}
this.httprequest.process.tunnel = this;
this.httprequest.process.on('exit', function (ecode, sig) { this.tunnel.end(); });
this.httprequest.process.stderr.on('data', function (chunk) { this.parent.tunnel.write(chunk); });
@ -634,6 +654,14 @@ function createMeshCore(agent) {
if (process.platform == 'linux') { this.httprequest.process.stdin.write("stty erase ^H\nalias ls='ls --color=auto'\nclear\n"); }
} else if (this.httprequest.protocol == 2)
{
// Check user access rights
if (((this.httprequest.rights & MESHRIGHT_REMOTECONTROL) == 0) && ((this.httprequest.rights & MESHRIGHT_REMOTEVIEW) == 0)) {
// Disengage this tunnel, user does not have the rights to do this!!
this.httprequest.protocol = 999999;
sendConsoleText('Error: No Remote Control Rights.');
return;
}
// Remote desktop using native pipes
this.httprequest.desktop = { state: 0, kvm: mesh.getRemoteDesktopStream(), tunnel: this };
this.httprequest.desktop.kvm.parent = this.httprequest.desktop;
@ -653,12 +681,29 @@ function createMeshCore(agent) {
}
};
if (this.httprequest.desktop.kvm.hasOwnProperty("connectionCount")) { this.httprequest.desktop.kvm.connectionCount++; } else { this.httprequest.desktop.kvm.connectionCount = 1; }
this.pipe(this.httprequest.desktop.kvm, { dataTypeSkip: 1, end: false }); // 0 = Binary, 1 = Text.
this.httprequest.desktop.kvm.pipe(this, { dataTypeSkip: 1 }); // 0 = Binary, 1 = Text.
//sendConsoleText('KVM Rights: ' + this.httprequest.rights);
if ((this.httprequest.rights & MESHRIGHT_REMOTECONTROL) != 0) {
// If we have remote control rights, pipe the KVM input
this.pipe(this.httprequest.desktop.kvm, { dataTypeSkip: 1, end: false }); // 0 = Binary, 1 = Text. Pipe the Browser --> KVM input.
} else {
// We need to only pipe non-mouse & non-keyboard inputs.
// TODO!!!
}
this.httprequest.desktop.kvm.pipe(this, { dataTypeSkip: 1 }); // 0 = Binary, 1 = Text. Pipe the KVM --> Browser images.
this.removeAllListeners('data');
this.on('data', onTunnelControlData);
//this.write('MeshCore KVM Hello!1');
} else if (this.httprequest.protocol == 5) {
// Check user access rights
if ((this.httprequest.rights & MESHRIGHT_REMOTECONTROL) == 0) {
// Disengage this tunnel, user does not have the rights to do this!!
this.httprequest.protocol = 999999;
sendConsoleText('Error: No Remote Control Rights.');
return;
}
// Setup files
// NOP
}

View File

@ -35,6 +35,7 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie
const MESHRIGHT_SERVERFILES = 32;
const MESHRIGHT_WAKEDEVICE = 64;
const MESHRIGHT_SETNOTES = 128;
const MESHRIGHT_REMOTEVIEW = 256;
// Site rights
const SITERIGHT_SERVERBACKUP = 1;

1487
package-lock.json generated Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.2.3-g",
"version": "0.2.3-h",
"keywords": [
"Remote Management",
"Intel AMT",
@ -28,19 +28,20 @@
"dependencies": {
"archiver": "^1.3.0",
"body-parser": "^1.18.2",
"compression": "^1.7.1",
"connect-redis": "^3.3.3",
"compression": "^1.7.3",
"connect-redis": "^3.4.0",
"cookie-session": "^2.0.0-beta.3",
"express": "^4.16.2",
"express": "^4.16.4",
"express-handlebars": "^3.0.0",
"express-session": "^1.15.6",
"express-ws": "^2.0.0",
"express-ws": "^3.0.0",
"meshcentral": "*",
"minimist": "^1.2.0",
"multiparty": "^4.1.3",
"multiparty": "^4.2.1",
"nedb": "^1.8.0",
"node-forge": "^0.6.49",
"ws": "^3.3.3",
"node-forge": "^0.7.6",
"node-windows": "^0.1.14",
"ws": "^6.1.2",
"xmldom": "^0.1.27",
"yauzl": "^2.9.1"
},