Skip to content

Commit

Permalink
unEscape ssh/rdp creds from db (Ylianst#6001)
Browse files Browse the repository at this point in the history
Signed-off-by: si458 <simonsmith5521@gmail.com>
  • Loading branch information
si458 authored Apr 9, 2024
1 parent 548edd1 commit 4ba08a9
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
9 changes: 6 additions & 3 deletions apprelays.js
Original file line number Diff line number Diff line change
Expand Up @@ -983,6 +983,7 @@ module.exports.CreateMstscRelay = function (parent, db, ws, req, args, domain) {
if ((node == null) || (visible == false) || ((rights & MESHRIGHT_REMOTECONTROL) == 0)) { obj.close(); return; }
if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_REMOTEVIEWONLY) != 0)) { obj.viewonly = true; }
if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_DESKLIMITEDINPUT) != 0)) { obj.limitedinput = true; }
node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials
obj.mtype = node.mtype; // Store the device group type
obj.meshid = node.meshid; // Store the MeshID

Expand Down Expand Up @@ -1315,7 +1316,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
// Check if we have SSH credentials for this device
parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) {
if ((err != null) || (nodes == null) || (nodes.length != 1)) return;
const node = nodes[0];
const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials
if ((domain.allowsavingdevicecredentials === false) || (node.ssh == null) || (typeof node.ssh != 'object') || (node.ssh[obj.userid] == null) || (typeof node.ssh[obj.userid].u != 'string') || ((typeof node.ssh[obj.userid].p != 'string') && (typeof node.ssh[obj.userid].k != 'string'))) {
// Send a request for SSH authentication
try { ws.send(JSON.stringify({ action: 'sshauth' })) } catch (ex) { }
Expand Down Expand Up @@ -1363,7 +1364,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
obj.termSize = msg;
parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) {
if ((err != null) || (nodes == null) || (nodes.length != 1)) return;
const node = nodes[0];
const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials
if (node.ssh != null) {
obj.username = node.ssh.u;
obj.privateKey = node.ssh.k;
Expand Down Expand Up @@ -1405,7 +1406,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) {
if (obj.cookie == null) return; // obj has been cleaned up, just exit.
if ((err != null) || (nodes == null) || (nodes.length != 1)) { parent.parent.debug('relay', 'SSH: Invalid device'); obj.close(); }
const node = nodes[0];
const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials
obj.nodeid = node._id; // Store the NodeID
obj.meshid = node.meshid; // Store the MeshID
obj.mtype = node.mtype; // Store the device group type
Expand Down Expand Up @@ -1738,6 +1739,7 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
if ((user == null) || (req.query.nodeid == null)) { obj.close(); return; } // Invalid nodeid
parent.GetNodeWithRights(domain, user, req.query.nodeid, function (node, rights, visible) {
if (obj.ws == null) return; // obj has been cleaned up, just exit.
node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials

// Check permissions
if ((rights & 8) == 0) { obj.close(); return; } // No MESHRIGHT_REMOTECONTROL rights
Expand Down Expand Up @@ -2267,6 +2269,7 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user
if ((user == null) || (req.query.nodeid == null)) { obj.close(); return; } // Invalid nodeid
parent.GetNodeWithRights(domain, user, req.query.nodeid, function (node, rights, visible) {
if (obj.ws == null) return; // obj has been cleaned up, just exit.
node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials

// Check permissions
if ((rights & 8) == 0) { obj.close(); return; } // No MESHRIGHT_REMOTECONTROL rights
Expand Down
1 change: 1 addition & 0 deletions meshuser.js
Original file line number Diff line number Diff line change
Expand Up @@ -3226,6 +3226,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'changedevice', responseid: command.responseid, result: 'Access Denied' })); } catch (ex) { } }
return;
}
node = common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials
var mesh = parent.meshes[node.meshid], amtchange = 0;

// Ready the node change event
Expand Down

0 comments on commit 4ba08a9

Please sign in to comment.