From aab50dcbef60847a9615b673ffbf3df1b7ab41ff Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Wed, 10 Nov 2021 17:56:12 -0800 Subject: [PATCH] Fixed event dispatching bug. --- meshagent.js | 7 +++--- meshcentral.js | 48 ++++++++++++++++++++++++++++++----------- meshdesktopmultiplex.js | 6 +++--- meshrelay.js | 8 ++++--- webserver.js | 6 ++++-- 5 files changed, 52 insertions(+), 23 deletions(-) diff --git a/meshagent.js b/meshagent.js index e4026a78..c84b1871 100644 --- a/meshagent.js +++ b/meshagent.js @@ -1706,8 +1706,9 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { function addGuestSharing(flags, viewOnly, func) { // Create cookie - var publicid = 'AS:' + obj.dbNodeKey; - var cookie = { a: 6, pid: publicid }; // New style sharing cookie + const publicid = 'AS:' + obj.dbNodeKey; + const extrakey = getRandomAmtPassword(); + const cookie = { a: 6, pid: publicid, k: extrakey }; // New style sharing cookie const inviteCookie = parent.parent.encodeCookie(cookie, parent.parent.invitationLinkEncryptionKey); if (inviteCookie == null) return; @@ -1720,7 +1721,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { if (serverName.split('.') == 1) { url = '/' + xdomain + page + '?c=' + inviteCookie; } // Create a device sharing database entry - var shareEntry = { _id: 'deviceshare-' + publicid, type: 'deviceshare', nodeid: obj.dbNodeKey, p: flags, domain: domain.id, publicid: publicid, guestName: 'Agent', consent: 0x7F, url: url }; + var shareEntry = { _id: 'deviceshare-' + publicid, type: 'deviceshare', nodeid: obj.dbNodeKey, p: flags, domain: domain.id, publicid: publicid, guestName: 'Agent', consent: 0x7F, url: url, extrakey: extrakey }; if (viewOnly === true) { shareEntry.viewOnly = true; } parent.db.Set(shareEntry); diff --git a/meshcentral.js b/meshcentral.js index 40a84f60..0f74bac1 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -1969,7 +1969,21 @@ function CreateMeshCentralServer(config, args) { }; obj.RemoveEventDispatch = function (ids, target) { obj.debug('dispatch', 'RemoveEventDispatch', ids); - for (var i in ids) { var id = ids[i]; if (obj.eventsDispatch[id]) { var j = obj.eventsDispatch[id].indexOf(target); if (j >= 0) { if (obj.eventsDispatch[id].length == 1) { delete obj.eventsDispatch[id]; } else { obj.eventsDispatch[id].splice(j, 1); } } } } + for (var i in ids) { + const id = ids[i]; + if (obj.eventsDispatch[id]) { + var j = obj.eventsDispatch[id].indexOf(target); + if (j >= 0) { + if (obj.eventsDispatch[id].length == 1) { + delete obj.eventsDispatch[id]; + } else { + const newList = []; // We create a new list so not to modify the original list. Allows this function to be called during an event dispatch. + for (var k in obj.eventsDispatch[i]) { if (obj.eventsDispatch[i][k] != target) { newList.push(obj.eventsDispatch[i][k]); } } + obj.eventsDispatch[i] = newList; + } + } + } + } }; obj.RemoveEventDispatchId = function (id) { obj.debug('dispatch', 'RemoveEventDispatchId', id); @@ -1977,7 +1991,18 @@ function CreateMeshCentralServer(config, args) { }; obj.RemoveAllEventDispatch = function (target) { obj.debug('dispatch', 'RemoveAllEventDispatch'); - for (var i in obj.eventsDispatch) { var j = obj.eventsDispatch[i].indexOf(target); if (j >= 0) { if (obj.eventsDispatch[i].length == 1) { delete obj.eventsDispatch[i]; } else { obj.eventsDispatch[i].splice(j, 1); } } } + for (var i in obj.eventsDispatch) { + const j = obj.eventsDispatch[i].indexOf(target); + if (j >= 0) { + if (obj.eventsDispatch[i].length == 1) { + delete obj.eventsDispatch[i]; + } else { + const newList = []; // We create a new list so not to modify the original list. Allows this function to be called during an event dispatch. + for (var k in obj.eventsDispatch[i]) { if (obj.eventsDispatch[i][k] != target) { newList.push(obj.eventsDispatch[i][k]); } } + obj.eventsDispatch[i] = newList; + } + } + } }; obj.DispatchEvent = function (ids, source, event, fromPeerServer) { // If the database is not setup, exit now. @@ -1992,7 +2017,7 @@ function CreateMeshCentralServer(config, args) { if ((typeof event == 'object') && (!event.nolog)) { event.time = new Date(); // The event we store is going to skip some of the fields so we don't store too much stuff in the database. - var storeEvent = Object.assign({}, event); + const storeEvent = Object.assign({}, event); if (storeEvent.node) { delete storeEvent.node; } // Skip the "node" field. May skip more in the future. if (storeEvent.links) { // Escape "links" names that may have "." and/or "$" @@ -2002,16 +2027,15 @@ function CreateMeshCentralServer(config, args) { storeEvent.ids = ids; obj.db.StoreEvent(storeEvent); } - var targets = []; // List of targets we dispatched the event to, we don't want to dispatch to the same target twice. + const targets = []; // List of targets we dispatched the event to, we don't want to dispatch to the same target twice. for (var j in ids) { - var id = ids[j]; - if (obj.eventsDispatch[id]) { - for (var i in obj.eventsDispatch[id]) { - if (targets.indexOf(obj.eventsDispatch[id][i]) == -1) { // Check if we already displatched to this target - targets.push(obj.eventsDispatch[id][i]); - try { obj.eventsDispatch[id][i].HandleEvent(source, event, ids, id); } catch (ex) { - console.log(ex, obj.eventsDispatch[id][i]); - } + const id = ids[j]; + const eventsDispatch = obj.eventsDispatch[id]; + if (eventsDispatch) { + for (var i in eventsDispatch) { + if (targets.indexOf(eventsDispatch[i]) == -1) { // Check if we already displatched to this target + targets.push(eventsDispatch[i]); + try { eventsDispatch[i].HandleEvent(source, event, ids, id); } catch (ex) { console.log(ex, eventsDispatch[i]); } } } } diff --git a/meshdesktopmultiplex.js b/meshdesktopmultiplex.js index 684e391c..a742a09c 100644 --- a/meshdesktopmultiplex.js +++ b/meshdesktopmultiplex.js @@ -941,21 +941,21 @@ function CreateDesktopMultiplexor(parent, domain, nodeid, func) { return obj; } -function checkDeviceSharePublicIdentifier(parent, domain, nodeid, pid, func) { +function checkDeviceSharePublicIdentifier(parent, domain, nodeid, pid, extraKey, func) { // Check the public id parent.db.GetAllTypeNodeFiltered([nodeid], domain.id, 'deviceshare', null, function (err, docs) { if ((err != null) || (docs.length == 0)) { func(false); return; } // Search for the device share public identifier var found = false; - for (var i = 0; i < docs.length; i++) { if (docs[i].publicid == pid) { found = true; } } + for (var i = 0; i < docs.length; i++) { if ((docs[i].publicid == pid) && ((docs[i].extrakey == null) || (docs[i].extrakey === extraKey))) { found = true; } } func(found); }); } module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie) { if ((cookie != null) && (typeof cookie.nid == 'string') && (typeof cookie.pid == 'string')) { - checkDeviceSharePublicIdentifier(parent, domain, cookie.nid, cookie.pid, function (result) { + checkDeviceSharePublicIdentifier(parent, domain, cookie.nid, cookie.pid, cookie.k, function (result) { // If the identifier if not found, close the connection if (result == false) { try { ws.close(); } catch (e) { } return; } // Public device sharing identifier found, continue as normal. diff --git a/meshrelay.js b/meshrelay.js index 43a83821..de8f138f 100644 --- a/meshrelay.js +++ b/meshrelay.js @@ -47,21 +47,23 @@ const MESHRIGHT_ADMIN = 0xFFFFFFFF; // 101 = Intel AMT Redirection // 200 = Messenger -function checkDeviceSharePublicIdentifier(parent, domain, nodeid, pid, func) { +function checkDeviceSharePublicIdentifier(parent, domain, nodeid, pid, extraKey, func) { // Check the public id parent.db.GetAllTypeNodeFiltered([nodeid], domain.id, 'deviceshare', null, function (err, docs) { if ((err != null) || (docs.length == 0)) { func(false); return; } // Search for the device share public identifier var found = false; - for (var i = 0; i < docs.length; i++) { if (docs[i].publicid == pid) { found = true; } } + for (var i = 0; i < docs.length; i++) { + for (var i = 0; i < docs.length; i++) { if ((docs[i].publicid == pid) && ((docs[i].extrakey == null) || (docs[i].extrakey === extraKey))) { found = true; } } + } func(found); }); } module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie) { if ((cookie != null) && (typeof cookie.nid == 'string') && (typeof cookie.pid == 'string')) { - checkDeviceSharePublicIdentifier(parent, domain, cookie.nid, cookie.pid, function (result) { + checkDeviceSharePublicIdentifier(parent, domain, cookie.nid, cookie.pid, cookie.k, function (result) { // If the identifier if not found, close the connection if (result == false) { try { ws.close(); } catch (e) { } return; } // Public device sharing identifier found, continue as normal. diff --git a/webserver.js b/webserver.js index 9ca6bb28..3aef1f11 100644 --- a/webserver.js +++ b/webserver.js @@ -3583,7 +3583,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if ((err != null) || (docs == null) || (docs.length != 1)) { res.sendStatus(404); return; } const doc = docs[0]; // Generate an old style cookie from the information in the database - var cookie = { a: 5, p: doc.p, uid: doc.userid, gn: doc.guestName, nid: doc.nodeid, cf: doc.consent, pid: doc.publicid }; + var cookie = { a: 5, p: doc.p, gn: doc.guestName, nid: doc.nodeid, cf: doc.consent, pid: doc.publicid, k: doc.extrakey }; + if (doc.userid) { cookie.uid = doc.userid; } if ((cookie.userid == null) && (cookie.pid.startsWith('AS:node/'))) { cookie.nouser = 1; } if ((doc.startTime != null) && (doc.expireTime != null)) { cookie.start = doc.startTime; cookie.expire = doc.expireTime; } if (doc.viewOnly === true) { cookie.vo = 1; } @@ -3606,7 +3607,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Search for the device share public identifier, expire message. var found = false; - for (var i = 0; i < docs.length; i++) { if (docs[i].publicid == c.pid) { found = true; } } + for (var i = 0; i < docs.length; i++) { if ((docs[i].publicid == c.pid) && ((docs[i].extrakey == null) || (docs[i].extrakey === c.k))) { found = true; } } if (found == false) { render(req, res, getRenderPage((domain.sitestyle == 2) ? 'message2' : 'message', req, domain), getRenderArgs({ titleid: 2, msgid: 12, domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27') }, req, domain)); return; } // Get information about this node @@ -3621,6 +3622,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Consent flags are 1 = Notify, 8 = Prompt, 64 = Privacy Bar. const authCookieData = { userid: c.uid, domainid: domain.id, nid: c.nid, ip: req.clientIp, p: c.p, gn: c.gn, cf: c.cf, r: 8, expire: c.expire, pid: c.pid, vo: c.vo }; if ((authCookieData.userid == null) && (authCookieData.pid.startsWith('AS:node/'))) { authCookieData.nouser = 1; } + if (c.k != null) { authCookieData.k = c.k; } const authCookie = obj.parent.encodeCookie(authCookieData, obj.parent.loginCookieEncryptionKey); // Server features