mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 22:25:52 -05:00
Added option to hex encode the cookies for Azure Application Proxy.
This commit is contained in:
parent
ab57626a03
commit
b07f4114e4
@ -1993,7 +1993,7 @@ function CreateMeshCentralServer(config, args) {
|
|||||||
o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time
|
o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time
|
||||||
const iv = Buffer.from(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv);
|
const iv = Buffer.from(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv);
|
||||||
const crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]);
|
const crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]);
|
||||||
var r = Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
|
var r = Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString(obj.args.cookieencoding ? obj.args.cookieencoding : 'base64').replace(/\+/g, '@').replace(/\//g, '$');
|
||||||
obj.debug('cookie', 'Encoded AESGCM cookie: ' + JSON.stringify(o));
|
obj.debug('cookie', 'Encoded AESGCM cookie: ' + JSON.stringify(o));
|
||||||
return r;
|
return r;
|
||||||
} catch (ex) { obj.debug('cookie', 'ERR: Failed to encode AESGCM cookie due to exception: ' + ex); return null; }
|
} catch (ex) { obj.debug('cookie', 'ERR: Failed to encode AESGCM cookie due to exception: ' + ex); return null; }
|
||||||
@ -2003,6 +2003,10 @@ function CreateMeshCentralServer(config, args) {
|
|||||||
obj.decodeCookie = function (cookie, key, timeout) {
|
obj.decodeCookie = function (cookie, key, timeout) {
|
||||||
var r = obj.decodeCookieAESGCM(cookie, key, timeout);
|
var r = obj.decodeCookieAESGCM(cookie, key, timeout);
|
||||||
if (r == null) { r = obj.decodeCookieAESSHA(cookie, key, timeout); }
|
if (r == null) { r = obj.decodeCookieAESSHA(cookie, key, timeout); }
|
||||||
|
if ((r == null) && (obj.args.cookieencoding == null) && ((cookie == cookie.toLowerCase()) || (cookie == cookie.toUpperCase()))) {
|
||||||
|
obj.debug('cookie', 'Upper/Lowercase cookie, try "CookieEncoding":"hex" in settings section of config.json.');
|
||||||
|
console.log('Upper/Lowercase cookie, try "CookieEncoding":"hex" in settings section of config.json.');
|
||||||
|
}
|
||||||
if ((r != null) && (typeof r.once == 'string') && (r.once.length > 0)) {
|
if ((r != null) && (typeof r.once == 'string') && (r.once.length > 0)) {
|
||||||
// This cookie must only be used once.
|
// This cookie must only be used once.
|
||||||
if (timeout == null) { timeout = 2; }
|
if (timeout == null) { timeout = 2; }
|
||||||
@ -2033,7 +2037,7 @@ function CreateMeshCentralServer(config, args) {
|
|||||||
obj.decodeCookieAESGCM = function (cookie, key, timeout) {
|
obj.decodeCookieAESGCM = function (cookie, key, timeout) {
|
||||||
try {
|
try {
|
||||||
if (key == null) { key = obj.serverKey; }
|
if (key == null) { key = obj.serverKey; }
|
||||||
cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64');
|
cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), obj.args.cookieencoding ? obj.args.cookieencoding : 'base64');
|
||||||
const decipher = obj.crypto.createDecipheriv('aes-256-gcm', key.slice(0, 32), cookie.slice(0, 12));
|
const decipher = obj.crypto.createDecipheriv('aes-256-gcm', key.slice(0, 32), cookie.slice(0, 12));
|
||||||
decipher.setAuthTag(cookie.slice(12, 16));
|
decipher.setAuthTag(cookie.slice(12, 16));
|
||||||
const o = JSON.parse(decipher.update(cookie.slice(28), 'binary', 'utf8') + decipher.final('utf8'));
|
const o = JSON.parse(decipher.update(cookie.slice(28), 'binary', 'utf8') + decipher.final('utf8'));
|
||||||
@ -2059,7 +2063,7 @@ function CreateMeshCentralServer(config, args) {
|
|||||||
try {
|
try {
|
||||||
if (key == null) { key = obj.serverKey; }
|
if (key == null) { key = obj.serverKey; }
|
||||||
if (key.length < 80) { return null; }
|
if (key.length < 80) { return null; }
|
||||||
cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64');
|
cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), obj.args.cookieencoding ? obj.args.cookieencoding : 'base64');
|
||||||
const decipher = obj.crypto.createDecipheriv('aes-256-cbc', key.slice(48, 80), cookie.slice(0, 16));
|
const decipher = obj.crypto.createDecipheriv('aes-256-cbc', key.slice(48, 80), cookie.slice(0, 16));
|
||||||
const rawmsg = decipher.update(cookie.slice(16), 'binary', 'binary') + decipher.final('binary');
|
const rawmsg = decipher.update(cookie.slice(16), 'binary', 'binary') + decipher.final('binary');
|
||||||
const hmac = obj.crypto.createHmac('sha384', key.slice(0, 48));
|
const hmac = obj.crypto.createHmac('sha384', key.slice(0, 48));
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "meshcentral",
|
"name": "meshcentral",
|
||||||
"version": "0.4.8-i",
|
"version": "0.4.8-k",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"Remote Management",
|
"Remote Management",
|
||||||
"Intel AMT",
|
"Intel AMT",
|
||||||
|
Loading…
Reference in New Issue
Block a user