From 4ba08a96f7419401e4f769bf08d0bce6a809fe3c Mon Sep 17 00:00:00 2001 From: Simon Smith Date: Tue, 9 Apr 2024 11:47:32 +0100 Subject: [PATCH] unEscape ssh/rdp creds from db (#6001) Signed-off-by: si458 --- apprelays.js | 9 ++++++--- meshuser.js | 1 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/apprelays.js b/apprelays.js index aeb4d63577..388a0fcd08 100644 --- a/apprelays.js +++ b/apprelays.js @@ -983,6 +983,7 @@ module.exports.CreateMstscRelay = function (parent, db, ws, req, args, domain) { if ((node == null) || (visible == false) || ((rights & MESHRIGHT_REMOTECONTROL) == 0)) { obj.close(); return; } if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_REMOTEVIEWONLY) != 0)) { obj.viewonly = true; } if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_DESKLIMITEDINPUT) != 0)) { obj.limitedinput = true; } + node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials obj.mtype = node.mtype; // Store the device group type obj.meshid = node.meshid; // Store the MeshID @@ -1315,7 +1316,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) { // Check if we have SSH credentials for this device parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) { if ((err != null) || (nodes == null) || (nodes.length != 1)) return; - const node = nodes[0]; + const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials if ((domain.allowsavingdevicecredentials === false) || (node.ssh == null) || (typeof node.ssh != 'object') || (node.ssh[obj.userid] == null) || (typeof node.ssh[obj.userid].u != 'string') || ((typeof node.ssh[obj.userid].p != 'string') && (typeof node.ssh[obj.userid].k != 'string'))) { // Send a request for SSH authentication try { ws.send(JSON.stringify({ action: 'sshauth' })) } catch (ex) { } @@ -1363,7 +1364,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) { obj.termSize = msg; parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) { if ((err != null) || (nodes == null) || (nodes.length != 1)) return; - const node = nodes[0]; + const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials if (node.ssh != null) { obj.username = node.ssh.u; obj.privateKey = node.ssh.k; @@ -1405,7 +1406,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) { parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) { if (obj.cookie == null) return; // obj has been cleaned up, just exit. if ((err != null) || (nodes == null) || (nodes.length != 1)) { parent.parent.debug('relay', 'SSH: Invalid device'); obj.close(); } - const node = nodes[0]; + const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials obj.nodeid = node._id; // Store the NodeID obj.meshid = node.meshid; // Store the MeshID obj.mtype = node.mtype; // Store the device group type @@ -1738,6 +1739,7 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u if ((user == null) || (req.query.nodeid == null)) { obj.close(); return; } // Invalid nodeid parent.GetNodeWithRights(domain, user, req.query.nodeid, function (node, rights, visible) { if (obj.ws == null) return; // obj has been cleaned up, just exit. + node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials // Check permissions if ((rights & 8) == 0) { obj.close(); return; } // No MESHRIGHT_REMOTECONTROL rights @@ -2267,6 +2269,7 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user if ((user == null) || (req.query.nodeid == null)) { obj.close(); return; } // Invalid nodeid parent.GetNodeWithRights(domain, user, req.query.nodeid, function (node, rights, visible) { if (obj.ws == null) return; // obj has been cleaned up, just exit. + node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials // Check permissions if ((rights & 8) == 0) { obj.close(); return; } // No MESHRIGHT_REMOTECONTROL rights diff --git a/meshuser.js b/meshuser.js index c809b8b49d..7fead97133 100644 --- a/meshuser.js +++ b/meshuser.js @@ -3226,6 +3226,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'changedevice', responseid: command.responseid, result: 'Access Denied' })); } catch (ex) { } } return; } + node = common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials var mesh = parent.meshes[node.meshid], amtchange = 0; // Ready the node change event