Skip to content

Commit

Permalink
fix web-rdp/web-ssh save creds per user
Browse files Browse the repository at this point in the history
Signed-off-by: si458 <[email protected]>
  • Loading branch information
si458 committed May 24, 2024
1 parent 5a7e3d9 commit 26ac23c
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 21 deletions.
2 changes: 1 addition & 1 deletion meshcentral-config-schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -1754,7 +1754,7 @@
},
"mstsc": {
"type": "boolean",
"default": false,
"default": true,
"description": "When enabled, activates the built-in web-based RDP client."
},
"ssh": {
Expand Down
2 changes: 1 addition & 1 deletion sample-config-advanced.json
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,7 @@
"_geoLocation": true,
"_ipLocation": true,
"_novnc": false,
"_mstsc": true,
"_mstsc": false,
"_ssh": true,
"_WebEmailsPath": "/myserver/email-templates",
"_consentMessages": {
Expand Down
46 changes: 27 additions & 19 deletions webserver.js
Original file line number Diff line number Diff line change
Expand Up @@ -2105,6 +2105,24 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
var features = 0;
if (domain.allowsavingdevicecredentials === false) { features |= 1; }

// Get the logged in user if present
var user = null;

// If there is a login token, use that
if (req.query.login != null) {
var ucookie = parent.decodeCookie(req.query.login, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout
if ((ucookie != null) && (ucookie.a === 3) && (typeof ucookie.u == 'string')) { user = obj.users[ucookie.u]; }
}

// If no token, see if we have an active session
if ((user == null) && (req.session.userid != null)) { user = obj.users[req.session.userid]; }

// If still no user, see if we have a default user
if ((user == null) && (obj.args.user)) { user = obj.users['user/' + domain.id + '/' + obj.args.user.toLowerCase()]; }

// No user login, exit now
if (user == null) { res.sendStatus(401); return; }

if (req.query.ws != null) {
// This is a query with a websocket relay cookie, check that the cookie is valid and use it.
var rcookie = parent.decodeCookie(req.query.ws, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout
Expand All @@ -2122,8 +2140,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if ((typeof node.ssh == 'object') && (typeof node.ssh.u == 'string') && (typeof node.ssh.p == 'string')) { serverCredentials = 1; } // Username and password
else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string') && (typeof node.ssh.kp == 'string')) { serverCredentials = 2; } // Username, key and password
else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string')) { serverCredentials = 3; } // Username and key. No password.
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].u == 'string') && (typeof node.ssh[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string') && (typeof node.ssh[user._id].kp == 'string')) { serverCredentials = 2; } // Username, key and password in per user format
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string')) { serverCredentials = 3; } // Username and key. No password. in per user format
} else {
if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password
if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password in legacy format
if ((typeof node.rdp == 'object') && (typeof node.rdp[user._id] == 'object') && (typeof node.rdp[user._id].d == 'string') && (typeof node.rdp[user._id].u == 'string') && (typeof node.rdp[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
}
}

Expand All @@ -2134,24 +2156,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
}
}

// Get the logged in user if present
var user = null;

// If there is a login token, use that
if (req.query.login != null) {
var ucookie = parent.decodeCookie(req.query.login, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout
if ((ucookie != null) && (ucookie.a === 3) && (typeof ucookie.u == 'string')) { user = obj.users[ucookie.u]; }
}

// If no token, see if we have an active session
if ((user == null) && (req.session.userid != null)) { user = obj.users[req.session.userid]; }

// If still no user, see if we have a default user
if ((user == null) && (obj.args.user)) { user = obj.users['user/' + domain.id + '/' + obj.args.user.toLowerCase()]; }

// No user login, exit now
if (user == null) { res.sendStatus(401); return; }

// Check the nodeid
if (req.query.node != null) {
var nodeidsplit = req.query.node.split('/');
Expand Down Expand Up @@ -2187,6 +2191,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if ((typeof node.ssh == 'object') && (typeof node.ssh.u == 'string') && (typeof node.ssh.p == 'string')) { serverCredentials = 1; } // Username and password
else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string') && (typeof node.ssh.kp == 'string')) { serverCredentials = 2; } // Username, key and password
else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string')) { serverCredentials = 3; } // Username and key. No password.
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].u == 'string') && (typeof node.ssh[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string') && (typeof node.ssh[user._id].kp == 'string')) { serverCredentials = 2; } // Username, key and password in per user format
else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string')) { serverCredentials = 3; } // Username and key. No password. in per user format
}
} else {
// RDP port
Expand All @@ -2196,6 +2203,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Check if we have RDP credentials for this device
if (domain.allowsavingdevicecredentials !== false) {
if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password
if ((typeof node.rdp == 'object') && (typeof node.rdp[user._id] == 'object') && (typeof node.rdp[user._id].d == 'string') && (typeof node.rdp[user._id].u == 'string') && (typeof node.rdp[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
}
}
if (req.query.port != null) { var qport = 0; try { qport = parseInt(req.query.port); } catch (ex) { } if ((typeof qport == 'number') && (qport > 0) && (qport < 65536)) { port = qport; } }
Expand Down

0 comments on commit 26ac23c

Please sign in to comment.