search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
3.68k stars 511 forks source link

Saved credentials not appearing between users #6119

Closed suiciety closed 1 month ago

suiciety commented 1 month ago

Describe the bug This is another bug report around the issue fixed in #5994

While the credentials are now being saved they are still not available across users.

To Reproduce Steps to reproduce the behavior:

  1. Log in as one user
  2. Click on for instance RDP connect
  3. Enter in credentials and tick the 'save credentials' option
  4. Log out and in as a different user

Expected behavior Our config has the allowSavingDeviceCredentials set to true which should enable this function and allow all users to access saved credentials.

Screenshots If applicable, add screenshots to help explain your problem.

Server Software (please complete the following information):

Client Device (please complete the following information):

Remote Device (please complete the following information):

Your config.json file

{
    "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
    "settings": {
        "cert": "***",
        "TLSOffload": "***",
        "trustedProxy": "***",
        "agentTimeStampServer": false,
        "webRTC": true,
        "selfUpdate": true,
        "amtManager": false,
        "wsCompression": true,
        "agentWsCompression": true,
        "compression": true,
        "MongoDb": "mongodb://127.0.0.1:27017/meshcentral",
        "_ignoreagenthashcheck": true
    },
    "domains": {
        "": {
            "title": "***",
            "loginPicture": "***",
            "titlePicture": "***",
            "trustedCert": true,
            "allowSavingDeviceCredentials": true,
            "loginfooter": "***",
            "nightMode": 1,
            "welcomePicture": "backgroundpeak.png",
            "_rootRedirect": "***",
            "unknownUserRootRedirect": "***",
            "_showPasswordLogin": false,
            "minify": true,
            "allowedOrigin": [
                "rmm.***",
                "*.***"
            ],
            "autoRemoveInactiveDevices": 190,
            "deviceSearchBarServerAndCilentName": true,
            "agentFileInfo": {
                "icon": "merici.ico",
                "fileDescription": "***",
                "productName": "***"
            },
            "agentCustomization": {
                "displayName": "***",
                "description": "***",
                "companyName": "***",
                "serviceName": "***",
                "image": "***",
                "installText": "***",
                "filename": "***",
                "backgroundColor": "#0e3468"
            },
            "ipkvm": true,
            "ssh": true,
            "userNameIsEmail": true,
            "newAccountEmailDomains": "***",
            "authStrategies": {
                "azure": {
                    "callbackurl": "https://***/auth-azure-callback",
                    "newAccounts": true,
                    "newAccountsUserGroups": [
                        "ugrp//***"
                    ],
                    "clientid": "***",
                    "clientsecret": "***",
                    "tenantid": "***"
                }
            },
            "meshMessengerTitle": "***t",
            "meshMessengerPicture": "***.png"
        }
    }
}
si458 commented 1 month ago

ok yes i can confirm this issue, will look into it over weekend as running out of time today

si458 commented 1 month ago

ok just had another quick look and this is not a bug but by design.

allowSavingDeviceCredentials should read Allow users to save SSH, RDP, VNC device credentials on the server

it is not used to share credentials between each user, but rather for each user to save there own credentials.

this is because the backend saves the credentials against the node and used the userid to identify which credentials to use

SO

if user1 saves generic creds, then user2 saves his own creds, when user3 says lets see creds, which credentials would you use?

we would have to display a list of saved credentials, and by which user, then u select which creds to use and use them

so in theory what your asking for is actually a feature request, to allow another option like allowSharingOfSavedCredentials: true

that way when we see allowSharingOfSavedCredentials == true we can then display all credentials and u pick

rather than just displaying your own credentials

p.s: commit here to fix description https://github.com/Ylianst/MeshCentral/commit/5a7e3d98693186884a7d2fa873fcc7dc24ec75d9

si458 commented 1 month ago

ive also spotted the mstsc.html page which is the Web-RDP should also pre-fill credentials but it doesnt. this is because its using old code to look for node.rdp.u and node.rdp.p (user/pass) but the new code saves data in node.rdp[obj.userid].u and node.rdp[obj.userid].p (user/pass) BUT it also clears legacy credentials

delete node.rdp.u;
delete node.rdp.p;

p.s: old commit here changing from a global store to per user store https://github.com/Ylianst/MeshCentral/commit/753b6c240a4050449267e6b10ca7d0692eb6e257

p.s: commit here to fixing the mstsc not reading credentials https://github.com/Ylianst/MeshCentral/commit/26ac23c80df7c2830947eb6c7904b16076c3d4ec

si458 commented 1 month ago

duplicate feature request is here - https://github.com/Ylianst/MeshCentral/issues/5285 so will close this for now