Fixed issue where if first remote desktop user was view-only, it would block all input in desktop multiplexor mode.

2024-11-22 22:17:31 +03:00 · 2021-08-04 21:12:51 -07:00 · 2021-08-04 21:12:51 -07:00 · 90c7fc9854
commit 90c7fc9854
parent 736fffbe26
2 changed files with 11 additions and 3 deletions
--- a/meshdesktopmultiplex.js
+++ b/meshdesktopmultiplex.js
@ -989,6 +989,7 @@ function CreateMeshRelayEx2(parent, ws, req, domain, user, cookie) {
    };

    obj.sendAgentMessage = function (command, userid, domainid) {
+        console.log('sendAgentMessage');
        var rights, mesh;
        if (command.nodeid == null) return false;
        var user = parent.users[userid];
@ -1006,6 +1007,7 @@ function CreateMeshRelayEx2(parent, ws, req, domain, user, cookie) {
                if ((rights != null) && (mesh != null) || ((rights & 16) != 0)) { // TODO: 16 is console permission, may need more gradular permission checking
                    if (ws.sessionId) { command.sessionid = ws.sessionId; }   // Set the session id, required for responses.
                    command.rights = rights;            // Add user rights flags to the message
+                    if ((command.rights != 0xFFFFFFFF) && ((command.rights & 0x100) != 0)) { command.rights -= 0x100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
                    if (typeof command.consent == 'number') { command.consent = command.consent | mesh.consent; } else { command.consent = mesh.consent; } // Add user consent
                    if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
                    command.username = user.name;       // Add user name
@ -1025,6 +1027,7 @@ function CreateMeshRelayEx2(parent, ws, req, domain, user, cookie) {
                    if (rights != null || ((rights & 16) != 0)) { // TODO: 16 is console permission, may need more gradular permission checking
                        if (ws.sessionId) { command.fromSessionid = ws.sessionId; }   // Set the session id, required for responses.
                        command.rights = rights;                // Add user rights flags to the message
+                        if ((command.rights != 0xFFFFFFFF) && ((command.rights & 0x00000100) != 0)) { command.rights -= 0x00000100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
                        if (typeof command.consent == 'number') { command.consent = command.consent | mesh.consent; } else { command.consent = mesh.consent; } // Add user consent
                        if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
                        command.username = user.name;           // Add user name
--- a/meshuser.js
+++ b/meshuser.js
@ -225,7 +225,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
    }

    // Route a command to a target node
-    function routeCommandToNode(command, requiredRights, requiredNonRights, func) {
+    function routeCommandToNode(command, requiredRights, requiredNonRights, func, options) {
        if (common.validateString(command.nodeid, 8, 128) == false) { if (func) { func(false); } return false; }
        var splitnodeid = command.nodeid.split('/');
        // Check that we are in the same domain and the user has rights over this node.
@ -242,6 +242,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use

                        command.sessionid = ws.sessionId;   // Set the session id, required for responses
                        command.rights = rights;            // Add user rights flags to the message
+                        if ((options != null) && (options.removeViewOnlyLimitation === true) && (command.rights != 0xFFFFFFFF) && ((command.rights & 0x100) != 0)) { command.rights -= 0x100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
                        command.consent = 0;
                        if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
                        if (typeof mesh.consent == 'number') { command.consent |= mesh.consent; } // Add device group user consent
@ -284,6 +285,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                        if ((node != null) && (mesh != null) && ((rights & MESHRIGHT_REMOTECONTROL) || (rights & MESHRIGHT_REMOTEVIEWONLY))) { // 8 is remote control permission
                            command.fromSessionid = ws.sessionId;   // Set the session id, required for responses
                            command.rights = rights;                // Add user rights flags to the message
+                            if ((options != null) && (options.removeViewOnlyLimitation === true) && (command.rights != 0xFFFFFFFF) && ((command.rights & 0x100) != 0)) { command.rights -= 0x100; } // Since the multiplexor will enforce view-only, remove MESHRIGHT_REMOTEVIEWONLY
                            command.consent = 0;
                            if (typeof domain.userconsentflags == 'number') { command.consent |= domain.userconsentflags; } // Add server required consent flags
                            if (typeof mesh.consent == 'number') { command.consent |= mesh.consent; } // Add device group user consent
@ -854,7 +856,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                    }

                    // Rights check
-                    var requiredRights = null, requiredNonRights = null;
+                    var requiredRights = null, requiredNonRights = null, routingOptions = null;

                    // Complete the nodeid if needed
                    if (command.nodeid.indexOf('/') == -1) { command.nodeid = 'node/' + domain.id + '/' + command.nodeid; }
@ -876,6 +878,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                        if (url.query.p == '1') { requiredNonRights = MESHRIGHT_NOTERMINAL; }
                        else if ((url.query.p == '4') || (url.query.p == '5')) { requiredNonRights = MESHRIGHT_NOFILES; }

+                        // If we are using the desktop multiplexor, remove the VIEWONLY limitation. The multiplexor will take care of enforcing that limitation when needed.
+                        if (((parent.parent.config.settings.desktopmultiplex === true) || (domain.desktopmultiplex === true)) && (url.query.p == '2')) { routingOptions = { removeViewOnlyLimitation: true }; }
+
                        // Add server TLS cert hash
                        var tlsCertHash = null;
                        if ((parent.parent.args.ignoreagenthashcheck == null) || (parent.parent.args.ignoreagenthashcheck === false)) { // TODO: If ignoreagenthashcheck is an array of IP addresses, not sure how to handle this.
@ -910,7 +915,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                    if (command.responseid != null) { func = function (r) { try { ws.send(JSON.stringify({ action: 'msg', result: r ? 'OK' : 'Unable to route', tag: command.tag, responseid: command.responseid })); } catch (ex) { } } }

                    // Route this command to a target node
-                    routeCommandToNode(command, requiredRights, requiredNonRights, func);
+                    routeCommandToNode(command, requiredRights, requiredNonRights, func, routingOptions);
                    break;
                }
            case 'events':