From 090bcf89ac0b5593174feff3f4ef419b308f88a8 Mon Sep 17 00:00:00 2001 From: wh1te909 <7434746+wh1te909@users.noreply.github.com> Date: Fri, 26 Jul 2024 19:14:53 +0000 Subject: [PATCH 01/15] potential fix for webhook failures --- api/tacticalrmm/core/utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/tacticalrmm/core/utils.py b/api/tacticalrmm/core/utils.py index b4428991d2..699a092090 100644 --- a/api/tacticalrmm/core/utils.py +++ b/api/tacticalrmm/core/utils.py @@ -237,8 +237,8 @@ def _run_url_rest_action(*, url: str, method, body: str, headers: str, instance= new_body = find_and_replace_db_values_str(text=body, instance=instance) new_headers = find_and_replace_db_values_str(text=headers, instance=instance) new_url = requote_uri(new_url) - new_body = json.loads(new_body) - new_headers = json.loads(new_headers) + new_body = json.loads(new_body, strict=False) + new_headers = json.loads(new_headers, strict=False) if method in ("get", "delete"): return getattr(requests, method)(new_url, headers=new_headers) From 00c0a6ec6083cb5361381a451a43c2d659ff6b42 Mon Sep 17 00:00:00 2001 From: bc24fl Date: Fri, 26 Jul 2024 19:08:40 -0400 Subject: [PATCH 02/15] Enable docker installs to disable web terminal and/or server scripts --- docker/containers/tactical/entrypoint.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/containers/tactical/entrypoint.sh b/docker/containers/tactical/entrypoint.sh index 6f1957a15a..e9e88c3eca 100644 --- a/docker/containers/tactical/entrypoint.sh +++ b/docker/containers/tactical/entrypoint.sh @@ -18,6 +18,8 @@ set -e : "${APP_HOST:=tactical-frontend}" : "${REDIS_HOST:=tactical-redis}" : "${SKIP_UWSGI_CONFIG:=0}" +: "${TRMM_DISABLE_WEB_TERMINAL:=False}" +: "${TRMM_DISABLE_SERVER_SCRIPTS:=False}" : "${CERT_PRIV_PATH:=${TACTICAL_DIR}/certs/privkey.pem}" : "${CERT_PUB_PATH:=${TACTICAL_DIR}/certs/fullchain.pem}" @@ -111,6 +113,8 @@ MESH_TOKEN_KEY = '${MESH_TOKEN}' REDIS_HOST = '${REDIS_HOST}' MESH_WS_URL = '${MESH_WS_URL}' ADMIN_ENABLED = False +TRMM_DISABLE_WEB_TERMINAL = '${TRMM_DISABLE_WEB_TERMINAL}' +TRMM_DISABLE_SERVER_SCRIPTS = '${TRMM_DISABLE_SERVER_SCRIPTS}' EOF )" From 2125a7ffdb26ba9818193e111e570417197b4b1b Mon Sep 17 00:00:00 2001 From: bc24fl Date: Sat, 27 Jul 2024 11:21:45 -0400 Subject: [PATCH 03/15] Update entrypoint.sh --- docker/containers/tactical/entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/containers/tactical/entrypoint.sh b/docker/containers/tactical/entrypoint.sh index e9e88c3eca..4cc7a8cd09 100644 --- a/docker/containers/tactical/entrypoint.sh +++ b/docker/containers/tactical/entrypoint.sh @@ -113,8 +113,8 @@ MESH_TOKEN_KEY = '${MESH_TOKEN}' REDIS_HOST = '${REDIS_HOST}' MESH_WS_URL = '${MESH_WS_URL}' ADMIN_ENABLED = False -TRMM_DISABLE_WEB_TERMINAL = '${TRMM_DISABLE_WEB_TERMINAL}' -TRMM_DISABLE_SERVER_SCRIPTS = '${TRMM_DISABLE_SERVER_SCRIPTS}' +TRMM_DISABLE_WEB_TERMINAL = ${TRMM_DISABLE_WEB_TERMINAL} +TRMM_DISABLE_SERVER_SCRIPTS = ${TRMM_DISABLE_SERVER_SCRIPTS} EOF )" From a394fb8757d3744920cf79c5f7612bb8b1e42e86 Mon Sep 17 00:00:00 2001 From: bc24fl Date: Sat, 27 Jul 2024 12:29:08 -0400 Subject: [PATCH 04/15] Update .env.example --- docker/.env.example | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker/.env.example b/docker/.env.example index f46c5718ae..79f032e2cb 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -24,3 +24,9 @@ MESH_PERSISTENT_CONFIG=0 # database settings POSTGRES_USER=postgres POSTGRES_PASS=postgrespass + +# enable/disable web terminal +TRMM_DISABLE_WEB_TERMINAL=False + +# enable/disable server side scripts +TRMM_DISABLE_SERVER_SCRIPTS=False From 717eeb39038eca84fa4358dd5502083c7db7eb01 Mon Sep 17 00:00:00 2001 From: bc24fl Date: Sat, 27 Jul 2024 12:29:50 -0400 Subject: [PATCH 05/15] Update docker-compose.yml --- docker/docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index af1dc193ae..1ebefee565 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -62,6 +62,8 @@ services: MESH_HOST: ${MESH_HOST} TRMM_USER: ${TRMM_USER} TRMM_PASS: ${TRMM_PASS} + TRMM_DISABLE_WEB_TERMINAL: ${TRMM_DISABLE_WEB_TERMINAL} + TRMM_DISABLE_SERVER_SCRIPTS: ${TRMM_DISABLE_SERVER_SCRIPTS} depends_on: - tactical-postgres - tactical-meshcentral From cfd19e02a7d08a5930ed010ecca298dc83bf2257 Mon Sep 17 00:00:00 2001 From: bc24fl Date: Sat, 27 Jul 2024 12:33:20 -0400 Subject: [PATCH 06/15] Update .env.example --- docker/.env.example | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/.env.example b/docker/.env.example index 79f032e2cb..51c20b98ea 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -25,8 +25,8 @@ MESH_PERSISTENT_CONFIG=0 POSTGRES_USER=postgres POSTGRES_PASS=postgrespass -# enable/disable web terminal +# disable web terminal TRMM_DISABLE_WEB_TERMINAL=False -# enable/disable server side scripts +# disable server side scripts TRMM_DISABLE_SERVER_SCRIPTS=False From d611ab0ee28fe0df129c2f2b4102cf35dda91c0e Mon Sep 17 00:00:00 2001 From: wh1te909 <7434746+wh1te909@users.noreply.github.com> Date: Sun, 28 Jul 2024 22:54:22 +0000 Subject: [PATCH 07/15] log body and headers --- api/tacticalrmm/core/utils.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/api/tacticalrmm/core/utils.py b/api/tacticalrmm/core/utils.py index 699a092090..14bda469d7 100644 --- a/api/tacticalrmm/core/utils.py +++ b/api/tacticalrmm/core/utils.py @@ -237,8 +237,18 @@ def _run_url_rest_action(*, url: str, method, body: str, headers: str, instance= new_body = find_and_replace_db_values_str(text=body, instance=instance) new_headers = find_and_replace_db_values_str(text=headers, instance=instance) new_url = requote_uri(new_url) - new_body = json.loads(new_body, strict=False) - new_headers = json.loads(new_headers, strict=False) + + try: + new_body = json.loads(new_body, strict=False) + except Exception as e: + logger.error(f"{e=} {body=}") + logger.error(f"{new_body=}") + + try: + new_headers = json.loads(new_headers, strict=False) + except Exception as e: + logger.error(f"{e=} {headers=}") + logger.error(f"{new_headers=}") if method in ("get", "delete"): return getattr(requests, method)(new_url, headers=new_headers) From 781282599c1b80b7aeac312a6861719c1868f01a Mon Sep 17 00:00:00 2001 From: wh1te909 <7434746+wh1te909@users.noreply.github.com> Date: Mon, 29 Jul 2024 22:08:39 +0000 Subject: [PATCH 08/15] more webhook json fixes --- api/tacticalrmm/core/utils.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/api/tacticalrmm/core/utils.py b/api/tacticalrmm/core/utils.py index 14bda469d7..4bc1e017bc 100644 --- a/api/tacticalrmm/core/utils.py +++ b/api/tacticalrmm/core/utils.py @@ -238,6 +238,9 @@ def _run_url_rest_action(*, url: str, method, body: str, headers: str, instance= new_headers = find_and_replace_db_values_str(text=headers, instance=instance) new_url = requote_uri(new_url) + # usually for stderr fields that contain windows file paths, like {{alert.get_result.stderr}} + new_body = new_body.replace("\\", "\\\\") + try: new_body = json.loads(new_body, strict=False) except Exception as e: From 282087d0f35db948738dc7b0475104d9d1c86465 Mon Sep 17 00:00:00 2001 From: wh1te909 <7434746+wh1te909@users.noreply.github.com> Date: Tue, 30 Jul 2024 09:03:45 +0000 Subject: [PATCH 09/15] fix custom field view perms fixes #1941 --- api/tacticalrmm/core/permissions.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/tacticalrmm/core/permissions.py b/api/tacticalrmm/core/permissions.py index 83bb975084..bb6cb7ff36 100644 --- a/api/tacticalrmm/core/permissions.py +++ b/api/tacticalrmm/core/permissions.py @@ -36,6 +36,8 @@ class CustomFieldPerms(permissions.BasePermission): def has_permission(self, r, view) -> bool: if r.method == "GET": return _has_perm(r, "can_view_customfields") + elif r.method == "PATCH" and view.__class__.__name__ == "GetAddCustomFields": + return _has_perm(r, "can_view_customfields") return _has_perm(r, "can_manage_customfields") From ac3fb03b2d2b0b5669ba27b67fc433389eda3b1c Mon Sep 17 00:00:00 2001 From: wh1te909 <7434746+wh1te909@users.noreply.github.com> Date: Tue, 30 Jul 2024 09:10:48 +0000 Subject: [PATCH 10/15] add client and site name to script email closes #1945 --- api/tacticalrmm/agents/tasks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/tacticalrmm/agents/tasks.py b/api/tacticalrmm/agents/tasks.py index 6ee0bc23e8..20ddd70171 100644 --- a/api/tacticalrmm/agents/tasks.py +++ b/api/tacticalrmm/agents/tasks.py @@ -175,7 +175,7 @@ def run_script_email_results_task( return CORE = get_core_settings() - subject = f"{agent.hostname} {script.name} Results" + subject = f"{agent.client.name}, {agent.site.name}, {agent.hostname} {script.name} Results" exec_time = "{:.4f}".format(r["execution_time"]) body = ( subject From 511bca9d66170a039a0e9ee947e5b6eb670131a2 Mon Sep 17 00:00:00 2001 From: wh1te909 <7434746+wh1te909@users.noreply.github.com> Date: Tue, 30 Jul 2024 21:17:07 +0000 Subject: [PATCH 11/15] preserve newlines and tabs --- api/tacticalrmm/core/utils.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/api/tacticalrmm/core/utils.py b/api/tacticalrmm/core/utils.py index 4bc1e017bc..f105f9ee5b 100644 --- a/api/tacticalrmm/core/utils.py +++ b/api/tacticalrmm/core/utils.py @@ -1,5 +1,6 @@ import json import os +import re import subprocess import tempfile import time @@ -16,6 +17,7 @@ from django.http import FileResponse from meshctrl.utils import get_auth_token from requests.utils import requote_uri + from tacticalrmm.constants import ( AGENT_TBL_PEND_ACTION_CNT_CACHE_PREFIX, CORESETTINGS_CACHE_KEY, @@ -239,7 +241,8 @@ def _run_url_rest_action(*, url: str, method, body: str, headers: str, instance= new_url = requote_uri(new_url) # usually for stderr fields that contain windows file paths, like {{alert.get_result.stderr}} - new_body = new_body.replace("\\", "\\\\") + # but preserves newlines or tabs + new_body = re.sub(r"(? Date: Tue, 30 Jul 2024 21:24:43 +0000 Subject: [PATCH 12/15] also remove control chars --- api/tacticalrmm/core/utils.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/api/tacticalrmm/core/utils.py b/api/tacticalrmm/core/utils.py index f105f9ee5b..3a9df4300d 100644 --- a/api/tacticalrmm/core/utils.py +++ b/api/tacticalrmm/core/utils.py @@ -233,6 +233,15 @@ def find_and_replace_db_values_str(*, text: str, instance): return return_string +# usually for stderr fields that contain windows file paths, like {{alert.get_result.stderr}} +# but preserves newlines or tabs +# removes all control chars +def _sanitize_webhook(s: str) -> str: + s = re.sub(r"[\x00-\x1f\x7f-\x9f]", " ", s) + s = re.sub(r"(? Date: Thu, 1 Aug 2024 05:38:16 +0000 Subject: [PATCH 13/15] fix regex --- api/tacticalrmm/core/utils.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/api/tacticalrmm/core/utils.py b/api/tacticalrmm/core/utils.py index 3a9df4300d..d66325bb05 100644 --- a/api/tacticalrmm/core/utils.py +++ b/api/tacticalrmm/core/utils.py @@ -237,7 +237,7 @@ def find_and_replace_db_values_str(*, text: str, instance): # but preserves newlines or tabs # removes all control chars def _sanitize_webhook(s: str) -> str: - s = re.sub(r"[\x00-\x1f\x7f-\x9f]", " ", s) + s = re.sub(r"[\x00-\x08\x0b\x0c\x0e-\x1f\x7f-\x9f]", " ", s) s = re.sub(r"(? Date: Sun, 4 Aug 2024 00:30:29 +0000 Subject: [PATCH 14/15] add check for turnkey --- install.sh | 12 +++++++++++- restore.sh | 12 +++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index 069b080158..4750926287 100644 --- a/install.sh +++ b/install.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -SCRIPT_VERSION="84" +SCRIPT_VERSION="85" SCRIPT_URL="https://raw.githubusercontent.com/amidaware/tacticalrmm/master/install.sh" sudo apt install -y curl wget dirmngr gnupg lsb-release ca-certificates @@ -79,6 +79,16 @@ else exit 1 fi +if dpkg -l | grep -qi turnkey; then + echo -ne "${RED}Turnkey linux is not supported. Please use the official debian/ubuntu ISO.${NC}\n" + exit 1 +fi + +if ps aux | grep -v grep | grep -qi webmin; then + echo -ne "${RED}Webmin running, should not be installed. Please use the official debian/ubuntu ISO.${NC}\n" + exit 1 +fi + if [ $EUID -eq 0 ]; then echo -ne "${RED}Do NOT run this script as root. Exiting.${NC}\n" exit 1 diff --git a/restore.sh b/restore.sh index 3e3972f60b..e48157ea6f 100755 --- a/restore.sh +++ b/restore.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -SCRIPT_VERSION="58" +SCRIPT_VERSION="59" SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/restore.sh' sudo apt update @@ -75,6 +75,16 @@ else exit 1 fi +if dpkg -l | grep -qi turnkey; then + echo -ne "${RED}Turnkey linux is not supported. Please use the official debian/ubuntu ISO.${NC}\n" + exit 1 +fi + +if ps aux | grep -v grep | grep -qi webmin; then + echo -ne "${RED}Webmin running, should not be installed. Please use the official debian/ubuntu ISO.${NC}\n" + exit 1 +fi + if [ $EUID -eq 0 ]; then echo -ne "\033[0;31mDo NOT run this script as root. Exiting.\e[0m\n" exit 1 From 751b0ef7165b34522824c4e8d8b602ae00cc40f5 Mon Sep 17 00:00:00 2001 From: wh1te909 <7434746+wh1te909@users.noreply.github.com> Date: Mon, 5 Aug 2024 17:49:11 +0000 Subject: [PATCH 15/15] bump versions --- api/tacticalrmm/tacticalrmm/settings.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/api/tacticalrmm/tacticalrmm/settings.py b/api/tacticalrmm/tacticalrmm/settings.py index 4ad1cab1e5..073e86c918 100644 --- a/api/tacticalrmm/tacticalrmm/settings.py +++ b/api/tacticalrmm/tacticalrmm/settings.py @@ -21,14 +21,14 @@ AUTH_USER_MODEL = "accounts.User" # latest release -TRMM_VERSION = "0.19.2" +TRMM_VERSION = "0.19.3" # https://github.com/amidaware/tacticalrmm-web -WEB_VERSION = "0.101.47" +WEB_VERSION = "0.101.48" # bump this version everytime vue code is changed # to alert user they need to manually refresh their browser -APP_VER = "0.0.193" +APP_VER = "0.0.194" # https://github.com/amidaware/rmmagent LATEST_AGENT_VER = "2.8.0"