From b07f4114e4651083d86a539bb77ce351a9136423 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Mon, 3 Feb 2020 10:45:09 -0800 Subject: [PATCH] Added option to hex encode the cookies for Azure Application Proxy. --- meshcentral.js | 10 +++++++--- package.json | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/meshcentral.js b/meshcentral.js index 602d63b7..b7f8b8b5 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -1993,7 +1993,7 @@ function CreateMeshCentralServer(config, args) { o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time const iv = Buffer.from(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv); const crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]); - var r = Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); + var r = Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString(obj.args.cookieencoding ? obj.args.cookieencoding : 'base64').replace(/\+/g, '@').replace(/\//g, '$'); obj.debug('cookie', 'Encoded AESGCM cookie: ' + JSON.stringify(o)); return r; } catch (ex) { obj.debug('cookie', 'ERR: Failed to encode AESGCM cookie due to exception: ' + ex); return null; } @@ -2003,6 +2003,10 @@ function CreateMeshCentralServer(config, args) { obj.decodeCookie = function (cookie, key, timeout) { var r = obj.decodeCookieAESGCM(cookie, key, timeout); if (r == null) { r = obj.decodeCookieAESSHA(cookie, key, timeout); } + if ((r == null) && (obj.args.cookieencoding == null) && ((cookie == cookie.toLowerCase()) || (cookie == cookie.toUpperCase()))) { + obj.debug('cookie', 'Upper/Lowercase cookie, try "CookieEncoding":"hex" in settings section of config.json.'); + console.log('Upper/Lowercase cookie, try "CookieEncoding":"hex" in settings section of config.json.'); + } if ((r != null) && (typeof r.once == 'string') && (r.once.length > 0)) { // This cookie must only be used once. if (timeout == null) { timeout = 2; } @@ -2033,7 +2037,7 @@ function CreateMeshCentralServer(config, args) { obj.decodeCookieAESGCM = function (cookie, key, timeout) { try { if (key == null) { key = obj.serverKey; } - cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); + cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), obj.args.cookieencoding ? obj.args.cookieencoding : 'base64'); const decipher = obj.crypto.createDecipheriv('aes-256-gcm', key.slice(0, 32), cookie.slice(0, 12)); decipher.setAuthTag(cookie.slice(12, 16)); const o = JSON.parse(decipher.update(cookie.slice(28), 'binary', 'utf8') + decipher.final('utf8')); @@ -2059,7 +2063,7 @@ function CreateMeshCentralServer(config, args) { try { if (key == null) { key = obj.serverKey; } if (key.length < 80) { return null; } - cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); + cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), obj.args.cookieencoding ? obj.args.cookieencoding : 'base64'); const decipher = obj.crypto.createDecipheriv('aes-256-cbc', key.slice(48, 80), cookie.slice(0, 16)); const rawmsg = decipher.update(cookie.slice(16), 'binary', 'binary') + decipher.final('binary'); const hmac = obj.crypto.createHmac('sha384', key.slice(0, 48)); diff --git a/package.json b/package.json index d09daec5..117a9e4c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.4.8-i", + "version": "0.4.8-k", "keywords": [ "Remote Management", "Intel AMT",