MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed refresh.ashx reload loop, added user consent strings to config.json.

This commit is contained in:
Ylian Saint-Hilaire 2020-06-13 05:41:53 -07:00
parent 2156b27db2
commit f8604d5b61
7 changed files with 68 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
agents/meshcore.js
View File

@ -705,6 +705,7 @@ function createMeshCore(agent) {
tunnel.state = 0; tunnel.state = 0;
tunnel.url = xurl; tunnel.url = xurl;
tunnel.protocol = 0; tunnel.protocol = 0;
tunnel.soptions = data.soptions;
tunnel.tcpaddr = data.tcpaddr; tunnel.tcpaddr = data.tcpaddr;
tunnel.tcpport = data.tcpport; tunnel.tcpport = data.tcpport;
tunnel.udpaddr = data.udpaddr; tunnel.udpaddr = data.udpaddr;
@ -1257,7 +1258,9 @@ function createMeshCore(agent) {
if (this.httprequest.consent && (this.httprequest.consent & 16)) if (this.httprequest.consent && (this.httprequest.consent & 16))
{ {
this.write(JSON.stringify({ ctrlChannel: '102938', type: 'console', msg: "Waiting for user to grant access...", msgid: 1 })); this.write(JSON.stringify({ ctrlChannel: '102938', type: 'console', msg: "Waiting for user to grant access...", msgid: 1 }));
this.httprequest.tpromise._consent = require('message-box').create('MeshCentral', this.httprequest.username + " requesting Terminal Access. Grant access?", 30); var consentMessage = this.httprequest.username + " requesting remote terminal access. Grant access?";
if ((this.httprequest.soptions != null) && (this.httprequest.soptions.consentMsgTerminal != null)) { consentMessage = this.httprequest.soptions.consentMsgTerminal.replace('{0}', this.httprequest.username); }
this.httprequest.tpromise._consent = require('message-box').create('MeshCentral', consentMessage, 30);
this.httprequest.tpromise._consent.retPromise = this.httprequest.tpromise; this.httprequest.tpromise._consent.retPromise = this.httprequest.tpromise;
this.httprequest.tpromise._consent.then( this.httprequest.tpromise._consent.then(
function () function ()
@ -1605,7 +1608,10 @@ function createMeshCore(agent) {
// User Consent Prompt is required // User Consent Prompt is required
// Send a console message back using the console channel, "\n" is supported. // Send a console message back using the console channel, "\n" is supported.
this.write(JSON.stringify({ ctrlChannel: '102938', type: 'console', msg: "Waiting for user to grant access...", msgid: 1 })); this.write(JSON.stringify({ ctrlChannel: '102938', type: 'console', msg: "Waiting for user to grant access...", msgid: 1 }));
var pr = require('message-box').create('MeshCentral', this.httprequest.username + " requesting KVM Access. Grant access?", 30, null, tsid); var consentMessage = this.httprequest.username + " requesting remote desktop access. Grant access?";
if ((this.httprequest.soptions != null) && (this.httprequest.soptions.consentMsgDesktop != null)) { consentMessage = this.httprequest.soptions.consentMsgDesktop.replace('{0}', this.httprequest.username); }
sendConsoleText('ConsentMSG: ' + consentMessage);
var pr = require('message-box').create('MeshCentral', consentMessage, 30, null, tsid);
pr.ws = this; pr.ws = this;
this.pause(); this.pause();
this._consentpromise = pr; this._consentpromise = pr;
@ -1734,7 +1740,9 @@ function createMeshCore(agent) {
// User Consent Prompt is required // User Consent Prompt is required
// Send a console message back using the console channel, "\n" is supported. // Send a console message back using the console channel, "\n" is supported.
this.write(JSON.stringify({ ctrlChannel: '102938', type: 'console', msg: "Waiting for user to grant access...", msgid: 1 })); this.write(JSON.stringify({ ctrlChannel: '102938', type: 'console', msg: "Waiting for user to grant access...", msgid: 1 }));
var pr = require('message-box').create('MeshCentral', this.httprequest.username + " requesting remote file access. Grant access?", 30); var consentMessage = this.httprequest.username + " requesting remote file Access. Grant access?";
if ((this.httprequest.soptions != null) && (this.httprequest.soptions.consentMsgFiles != null)) { consentMessage = this.httprequest.soptions.consentMsgFiles.replace('{0}', this.httprequest.username); }
var pr = require('message-box').create('MeshCentral', consentMessage, 30);
pr.ws = this; pr.ws = this;
this.pause(); this.pause();
this._consentpromise = pr; this._consentpromise = pr;

21
meshrelay.js
View File

@ -492,7 +492,12 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie
// Send connection request to agent // Send connection request to agent
const rcookie = parent.parent.encodeCookie({ ruserid: user._id }, parent.parent.loginCookieEncryptionKey); const rcookie = parent.parent.encodeCookie({ ruserid: user._id }, parent.parent.loginCookieEncryptionKey);
if (obj.id == undefined) { obj.id = ('' + Math.random()).substring(2); } // If there is no connection id, generate one. if (obj.id == undefined) { obj.id = ('' + Math.random()).substring(2); } // If there is no connection id, generate one.
const command = { nodeid: cookie.nodeid, action: 'msg', type: 'tunnel', value: '*/meshrelay.ashx?id=' + obj.id + '&rauth=' + rcookie, tcpport: cookie.tcpport, tcpaddr: cookie.tcpaddr }; const command = { nodeid: cookie.nodeid, action: 'msg', type: 'tunnel', value: '*/meshrelay.ashx?id=' + obj.id + '&rauth=' + rcookie, tcpport: cookie.tcpport, tcpaddr: cookie.tcpaddr, soptions: {} };
if (typeof domain.consentmessages == 'object') {
if (typeof domain.consentmessages.desktop == 'string') { command.soptions.consentMsgDesktop = domain.consentmessages.desktop; }
if (typeof domain.consentmessages.terminal == 'string') { command.soptions.consentMsgTerminal = domain.consentmessages.terminal; }
if (typeof domain.consentmessages.files == 'string') { command.soptions.consentMsgFiles = domain.consentmessages.files; }
}
parent.parent.debug('relay', 'Relay: Sending agent tunnel command: ' + JSON.stringify(command)); parent.parent.debug('relay', 'Relay: Sending agent tunnel command: ' + JSON.stringify(command));
if (obj.sendAgentMessage(command, user._id, cookie.domainid) == false) { delete obj.id; parent.parent.debug('relay', 'Relay: Unable to contact this agent (' + obj.req.clientIp + ')'); } if (obj.sendAgentMessage(command, user._id, cookie.domainid) == false) { delete obj.id; parent.parent.debug('relay', 'Relay: Unable to contact this agent (' + obj.req.clientIp + ')'); }
performRelay(); performRelay();
@ -512,11 +517,21 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie
const rcookie = parent.parent.encodeCookie({ ruserid: user._id }, parent.parent.loginCookieEncryptionKey); const rcookie = parent.parent.encodeCookie({ ruserid: user._id }, parent.parent.loginCookieEncryptionKey);
if (obj.req.query.tcpport != null) { if (obj.req.query.tcpport != null) {
const command = { nodeid: obj.req.query.nodeid, action: 'msg', type: 'tunnel', value: '*/meshrelay.ashx?id=' + obj.id + '&rauth=' + rcookie, tcpport: obj.req.query.tcpport, tcpaddr: ((obj.req.query.tcpaddr == null) ? '127.0.0.1' : obj.req.query.tcpaddr) }; const command = { nodeid: obj.req.query.nodeid, action: 'msg', type: 'tunnel', value: '*/meshrelay.ashx?id=' + obj.id + '&rauth=' + rcookie, tcpport: obj.req.query.tcpport, tcpaddr: ((obj.req.query.tcpaddr == null) ? '127.0.0.1' : obj.req.query.tcpaddr), soptions: {} };
if (typeof domain.consentmessages == 'object') {
if (typeof domain.consentmessages.desktop == 'string') { command.soptions.consentMsgDesktop = domain.consentmessages.desktop; }
if (typeof domain.consentmessages.terminal == 'string') { command.soptions.consentMsgTerminal = domain.consentmessages.terminal; }
if (typeof domain.consentmessages.files == 'string') { command.soptions.consentMsgFiles = domain.consentmessages.files; }
}
parent.parent.debug('relay', 'Relay: Sending agent TCP tunnel command: ' + JSON.stringify(command)); parent.parent.debug('relay', 'Relay: Sending agent TCP tunnel command: ' + JSON.stringify(command));
if (obj.sendAgentMessage(command, user._id, domain.id) == false) { delete obj.id; parent.parent.debug('relay', 'Relay: Unable to contact this agent (' + obj.req.clientIp + ')'); } if (obj.sendAgentMessage(command, user._id, domain.id) == false) { delete obj.id; parent.parent.debug('relay', 'Relay: Unable to contact this agent (' + obj.req.clientIp + ')'); }
} else if (obj.req.query.udpport != null) { } else if (obj.req.query.udpport != null) {
const command = { nodeid: obj.req.query.nodeid, action: 'msg', type: 'tunnel', value: '*/meshrelay.ashx?id=' + obj.id + '&rauth=' + rcookie, udpport: obj.req.query.udpport, udpaddr: ((obj.req.query.udpaddr == null) ? '127.0.0.1' : obj.req.query.udpaddr) }; const command = { nodeid: obj.req.query.nodeid, action: 'msg', type: 'tunnel', value: '*/meshrelay.ashx?id=' + obj.id + '&rauth=' + rcookie, udpport: obj.req.query.udpport, udpaddr: ((obj.req.query.udpaddr == null) ? '127.0.0.1' : obj.req.query.udpaddr), soptions: {} };
if (typeof domain.consentmessages == 'object') {
if (typeof domain.consentmessages.desktop == 'string') { command.soptions.consentMsgDesktop = domain.consentmessages.desktop; }
if (typeof domain.consentmessages.terminal == 'string') { command.soptions.consentMsgTerminal = domain.consentmessages.terminal; }
if (typeof domain.consentmessages.files == 'string') { command.soptions.consentMsgFiles = domain.consentmessages.files; }
}
parent.parent.debug('relay', 'Relay: Sending agent UDP tunnel command: ' + JSON.stringify(command)); parent.parent.debug('relay', 'Relay: Sending agent UDP tunnel command: ' + JSON.stringify(command));
if (obj.sendAgentMessage(command, user._id, domain.id) == false) { delete obj.id; parent.parent.debug('relay', 'Relay: Unable to contact this agent (' + obj.req.clientIp + ')'); } if (obj.sendAgentMessage(command, user._id, domain.id) == false) { delete obj.id; parent.parent.debug('relay', 'Relay: Unable to contact this agent (' + obj.req.clientIp + ')'); }
} }

8
meshuser.js
View File

@ -1179,6 +1179,14 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
try { url = require('url').parse(command.value, true); } catch (ex) { } try { url = require('url').parse(command.value, true); } catch (ex) { }
if (url == null) break; // Bad URL if (url == null) break; // Bad URL
if (url.query && url.query.nodeid && (url.query.nodeid != command.nodeid)) break; // Bad NodeID in URL query string if (url.query && url.query.nodeid && (url.query.nodeid != command.nodeid)) break; // Bad NodeID in URL query string
// Add user consent messages
command.soptions = {};
if (typeof domain.consentmessages == 'object') {
if (typeof domain.consentmessages.desktop == 'string') { command.soptions.consentMsgDesktop = domain.consentmessages.desktop; }
if (typeof domain.consentmessages.terminal == 'string') { command.soptions.consentMsgTerminal = domain.consentmessages.terminal; }
if (typeof domain.consentmessages.files == 'string') { command.soptions.consentMsgFiles = domain.consentmessages.files; }
}
} }
// Route this command to a target node // Route this command to a target node

2
public/scripts/amt-wsman-0.2.0-min.js vendored
View File

File diff suppressed because one or more lines are too long

6
sample-config-advanced.json
View File

@ -122,6 +122,12 @@
"_AgentNoProxy": true, "_AgentNoProxy": true,
"_GeoLocation": true, "_GeoLocation": true,
"_novnc": false, "_novnc": false,
"_mstsc": true,
"_consentMessages": {
"Desktop": "{0} requesting remote desktop access. Grant access?",
"Terminal": "{0} requesting remote terminal access. Grant access?",
"Files": "{0} requesting remote files access. Grant access?"
},
"_UserAllowedIP": "127.0.0.1,192.168.1.0/24", "_UserAllowedIP": "127.0.0.1,192.168.1.0/24",
"_UserBlockedIP": "127.0.0.1,::1,192.168.0.100", "_UserBlockedIP": "127.0.0.1,::1,192.168.0.100",
"_AgentAllowedIP": "192.168.0.100/24", "_AgentAllowedIP": "192.168.0.100/24",

21
views/default-mobile.handlebars
View File

@ -802,15 +802,18 @@
if (args.webrtc != null) { attemptWebRTC = (args.webrtc == 1); } if (args.webrtc != null) { attemptWebRTC = (args.webrtc == 1); }
// Session Refresh Timer // Session Refresh Timer
sessionRefreshTimer = setInterval(function () { if (sessionTime >= 10) { sessionRefreshTimer = setTimeout(refreshCookieSession, Math.round((sessionTime * 60000) * 0.8)); }
var xdr = null; }
try { xdr = new XDomainRequest(); } catch (e) { }
if (!xdr) xdr = new XMLHttpRequest(); function refreshCookieSession() {
xdr.open('GET', window.location.origin + domainUrl + 'refresh.ashx'); var xdr = null;
xdr.timeout = 15000; try { xdr = new XDomainRequest(); } catch (e) { }
xdr.onload = xdr.onerror = xdr.ontimeout = function () { }; if (!xdr) xdr = new XMLHttpRequest();
xdr.send(); xdr.open('GET', window.location.origin + domainUrl + 'refresh.ashx');
}, Math.round((sessionTime * 60000) * 0.8)) xdr.timeout = 15000;
xdr.onload = function () { sessionRefreshTimer = setTimeout(refreshCookieSession, Math.round((sessionTime * 60000) * 0.8)); };
xdr.onerror = xdr.ontimeout = function () { sessionRefreshTimer = null; };
xdr.send();
} }
function onStateChanged(server, state, prevState, errorCode) { function onStateChanged(server, state, prevState, errorCode) {

21
views/default.handlebars
View File

@ -1422,15 +1422,18 @@
} }
// Session Refresh Timer // Session Refresh Timer
sessionRefreshTimer = setInterval(function () { if (sessionTime >= 10) { sessionRefreshTimer = setTimeout(refreshCookieSession, Math.round((sessionTime * 60000) * 0.8)); }
var xdr = null; }
try { xdr = new XDomainRequest(); } catch (e) { }
if (!xdr) xdr = new XMLHttpRequest(); function refreshCookieSession() {
xdr.open('GET', window.location.origin + domainUrl + 'refresh.ashx'); var xdr = null;
xdr.timeout = 15000; try { xdr = new XDomainRequest(); } catch (e) { }
xdr.onload = xdr.onerror = xdr.ontimeout = function () { }; if (!xdr) xdr = new XMLHttpRequest();
xdr.send(); xdr.open('GET', window.location.origin + domainUrl + 'refresh.ashx');
}, Math.round((sessionTime * 60000) * 0.8)) xdr.timeout = 15000;
xdr.onload = function () { sessionRefreshTimer = setTimeout(refreshCookieSession, Math.round((sessionTime * 60000) * 0.8)); };
xdr.onerror = xdr.ontimeout = function () { sessionRefreshTimer = null; };
xdr.send();
} }
// Generic handling of custom actions // Generic handling of custom actions