Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-09-11 08:55:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed permissions on uploading custom mesh core.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2021-02-04 13:44:40 -08:00
parent 7a34e8c169
commit 9ed135e08c
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
webserver.js
View File

@ -3317,22 +3317,27 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((loginCookie != null) && (domain.id == loginCookie.domainid)) { authUserid = loginCookie.userid; } // Use cookie authentication if ((loginCookie != null) && (domain.id == loginCookie.domainid)) { authUserid = loginCookie.userid; } // Use cookie authentication
} }
if (authUserid == null) { res.sendStatus(401); return; } if (authUserid == null) { res.sendStatus(401); return; }
if ((fields == null) || (fields.attrib == null) || (fields.attrib.length != 1)) { res.sendStatus(404); return; }
// Get the user // Get the user
const user = obj.users[authUserid]; const user = obj.users[authUserid];
if (user.siteadmin != 0xFFFFFFFF) { res.sendStatus(401); return; } // Check if we have mesh core upload rights (Full admin only) if (user == null) { res.sendStatus(401); return; } // Check this user exists
if ((fields == null) || (fields.attrib == null) || (fields.attrib.length != 1)) { res.sendStatus(404); return; } // Get the node and check node rights
for (var i in files.files) { const nodeid = fields.attrib[0];
var file = files.files[i]; obj.GetNodeWithRights(domain, user, nodeid, function (node, rights, visible) {
obj.fs.readFile(file.path, 'utf8', function (err, data) { if ((node == null) || (rights != 0xFFFFFFFF) || (visible == false)) { res.sendStatus(404); return; } // We don't have remote control rights to this device
if (err != null) return; for (var i in files.files) {
data = obj.common.IntToStr(0) + data; // Add the 4 bytes encoding type & flags (Set to 0 for raw) var file = files.files[i];
obj.sendMeshAgentCore(user, domain, fields.attrib[0], 'custom', data); // Upload the core obj.fs.readFile(file.path, 'utf8', function (err, data) {
try { obj.fs.unlinkSync(file.path); } catch (e) { } if (err != null) return;
}); data = obj.common.IntToStr(0) + data; // Add the 4 bytes encoding type & flags (Set to 0 for raw)
} obj.sendMeshAgentCore(user, domain, fields.attrib[0], 'custom', data); // Upload the core
res.send(''); try { obj.fs.unlinkSync(file.path); } catch (e) { }
});
}
res.send('');
});
}); });
} }