mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-26 07:57:56 +03:00
Fixed issue where if first remote desktop user was view-only, it would block all input in desktop multiplexor mode.
This commit is contained in:
parent
736fffbe26
commit
90c7fc9854
@ -989,6 +989,7 @@ function CreateMeshRelayEx2(parent, ws, req, domain, user, cookie) {
|
||||
};
|
||||
|
||||
obj.sendAgentMessage = function (command, userid, domainid) {
|
||||
console.log('sendAgentMessage');
|
||||
var rights, mesh;
|
||||
if (command.nodeid == null) return false;
|
||||
var user = parent.users[userid];
|
||||
@ -1006,6 +1007,7 @@ function CreateMeshRelayEx2(parent, ws, req, domain, user, cookie) {
|
||||
if ((rights != null) && (mesh != null) || ((rights & 16) != 0)) { // TODO: 16 is console permission, may need more gradular permission checking
|
||||
if (ws.sessionId) { command.sessionid = ws.sessionId; } // Set the session id, required for responses.
|
||||
command.rights = rights; // Add user rights flags to the message
|
||||
if ((command.rights != 0xFFFFFFFF) && ((command.rights & 0x100) != 0)) { command.rights -= 0x100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
|
||||
if (typeof command.consent == 'number') { command.consent = command.consent | mesh.consent; } else { command.consent = mesh.consent; } // Add user consent
|
||||
if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
|
||||
command.username = user.name; // Add user name
|
||||
@ -1025,6 +1027,7 @@ function CreateMeshRelayEx2(parent, ws, req, domain, user, cookie) {
|
||||
if (rights != null || ((rights & 16) != 0)) { // TODO: 16 is console permission, may need more gradular permission checking
|
||||
if (ws.sessionId) { command.fromSessionid = ws.sessionId; } // Set the session id, required for responses.
|
||||
command.rights = rights; // Add user rights flags to the message
|
||||
if ((command.rights != 0xFFFFFFFF) && ((command.rights & 0x00000100) != 0)) { command.rights -= 0x00000100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
|
||||
if (typeof command.consent == 'number') { command.consent = command.consent | mesh.consent; } else { command.consent = mesh.consent; } // Add user consent
|
||||
if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
|
||||
command.username = user.name; // Add user name
|
||||
|
11
meshuser.js
11
meshuser.js
@ -225,7 +225,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
|
||||
// Route a command to a target node
|
||||
function routeCommandToNode(command, requiredRights, requiredNonRights, func) {
|
||||
function routeCommandToNode(command, requiredRights, requiredNonRights, func, options) {
|
||||
if (common.validateString(command.nodeid, 8, 128) == false) { if (func) { func(false); } return false; }
|
||||
var splitnodeid = command.nodeid.split('/');
|
||||
// Check that we are in the same domain and the user has rights over this node.
|
||||
@ -242,6 +242,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
|
||||
command.sessionid = ws.sessionId; // Set the session id, required for responses
|
||||
command.rights = rights; // Add user rights flags to the message
|
||||
if ((options != null) && (options.removeViewOnlyLimitation === true) && (command.rights != 0xFFFFFFFF) && ((command.rights & 0x100) != 0)) { command.rights -= 0x100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
|
||||
command.consent = 0;
|
||||
if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
|
||||
if (typeof mesh.consent == 'number') { command.consent |= mesh.consent; } // Add device group user consent
|
||||
@ -284,6 +285,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
if ((node != null) && (mesh != null) && ((rights & MESHRIGHT_REMOTECONTROL) || (rights & MESHRIGHT_REMOTEVIEWONLY))) { // 8 is remote control permission
|
||||
command.fromSessionid = ws.sessionId; // Set the session id, required for responses
|
||||
command.rights = rights; // Add user rights flags to the message
|
||||
if ((options != null) && (options.removeViewOnlyLimitation === true) && (command.rights != 0xFFFFFFFF) && ((command.rights & 0x100) != 0)) { command.rights -= 0x100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
|
||||
command.consent = 0;
|
||||
if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
|
||||
if (typeof mesh.consent == 'number') { command.consent |= mesh.consent; } // Add device group user consent
|
||||
@ -854,7 +856,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
|
||||
// Rights check
|
||||
var requiredRights = null, requiredNonRights = null;
|
||||
var requiredRights = null, requiredNonRights = null, routingOptions = null;
|
||||
|
||||
// Complete the nodeid if needed
|
||||
if (command.nodeid.indexOf('/') == -1) { command.nodeid = 'node/' + domain.id + '/' + command.nodeid; }
|
||||
@ -876,6 +878,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
if (url.query.p == '1') { requiredNonRights = MESHRIGHT_NOTERMINAL; }
|
||||
else if ((url.query.p == '4') || (url.query.p == '5')) { requiredNonRights = MESHRIGHT_NOFILES; }
|
||||
|
||||
// If we are using the desktop multiplexor, remove the VIEWONLY limitation. The multiplexor will take care of enforcing that limitation when needed.
|
||||
if (((parent.parent.config.settings.desktopmultiplex === true) || (domain.desktopmultiplex === true)) && (url.query.p == '2')) { routingOptions = { removeViewOnlyLimitation: true }; }
|
||||
|
||||
// Add server TLS cert hash
|
||||
var tlsCertHash = null;
|
||||
if ((parent.parent.args.ignoreagenthashcheck == null) || (parent.parent.args.ignoreagenthashcheck === false)) { // TODO: If ignoreagenthashcheck is an array of IP addresses, not sure how to handle this.
|
||||
@ -910,7 +915,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
if (command.responseid != null) { func = function (r) { try { ws.send(JSON.stringify({ action: 'msg', result: r ? 'OK' : 'Unable to route', tag: command.tag, responseid: command.responseid })); } catch (ex) { } } }
|
||||
|
||||
// Route this command to a target node
|
||||
routeCommandToNode(command, requiredRights, requiredNonRights, func);
|
||||
routeCommandToNode(command, requiredRights, requiredNonRights, func, routingOptions);
|
||||
break;
|
||||
}
|
||||
case 'events':
|
||||
|
Loading…
Reference in New Issue
Block a user