MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleaned up deprecation warning on NodeJS 10.x.

This commit is contained in:
Ylian Saint-Hilaire 2019-01-02 18:03:34 -08:00
parent dac97f819a
commit 6ecba46362
19 changed files with 97 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
agents/MeshCmd-signed.exe
View File

Binary file not shown.

BIN
agents/MeshCmd64-signed.exe
View File

Binary file not shown.

2
amtscanner.js
View File

@ -39,7 +39,7 @@ module.exports.CreateAmtScanner = function (parent) {
// Build a RMCP packet with a given tag field // Build a RMCP packet with a given tag field
obj.buildRmcpPing = function (tag) { obj.buildRmcpPing = function (tag) {
var packet = new Buffer(obj.common.hex2rstr('06000006000011BE80000000'), 'ascii'); var packet = Buffer.from(obj.common.hex2rstr('06000006000011BE80000000'), 'ascii');
packet[9] = tag; packet[9] = tag;
return packet; return packet;
}; };

8
certoperations.js
View File

@ -43,7 +43,7 @@ module.exports.CertificateOperations = function () {
if (err) { func(url, null, tag); return; } if (err) { func(url, null, tag); return; }
var x1 = data.indexOf('-----BEGIN CERTIFICATE-----'), x2 = data.indexOf('-----END CERTIFICATE-----'); var x1 = data.indexOf('-----BEGIN CERTIFICATE-----'), x2 = data.indexOf('-----END CERTIFICATE-----');
if ((x1 >= 0) && (x2 > x1)) { if ((x1 >= 0) && (x2 > x1)) {
func(url, new Buffer(data.substring(x1 + 27, x2), 'base64').toString('binary'), tag); func(url, Buffer.from(data.substring(x1 + 27, x2), 'base64').toString('binary'), tag);
} else { } else {
func(url, data, tag); func(url, data, tag);
} }
@ -67,7 +67,7 @@ module.exports.CertificateOperations = function () {
// If this is not an RSA certificate, hash the raw PKCS7 out of the PEM file // If this is not an RSA certificate, hash the raw PKCS7 out of the PEM file
var x1 = cert.indexOf('-----BEGIN CERTIFICATE-----'), x2 = cert.indexOf('-----END CERTIFICATE-----'); var x1 = cert.indexOf('-----BEGIN CERTIFICATE-----'), x2 = cert.indexOf('-----END CERTIFICATE-----');
if ((x1 >= 0) && (x2 > x1)) { if ((x1 >= 0) && (x2 > x1)) {
return obj.crypto.createHash('sha384').update(new Buffer(cert.substring(x1 + 27, x2), 'base64')).digest('hex'); return obj.crypto.createHash('sha384').update(Buffer.from(cert.substring(x1 + 27, x2), 'base64')).digest('hex');
} else { console.log('ERROR: Unable to decode certificate.'); return null; } } else { console.log('ERROR: Unable to decode certificate.'); return null; }
} }
}; };
@ -89,7 +89,7 @@ module.exports.CertificateOperations = function () {
// If this is not an RSA certificate, hash the raw PKCS7 out of the PEM file // If this is not an RSA certificate, hash the raw PKCS7 out of the PEM file
var x1 = cert.indexOf('-----BEGIN CERTIFICATE-----'), x2 = cert.indexOf('-----END CERTIFICATE-----'); var x1 = cert.indexOf('-----BEGIN CERTIFICATE-----'), x2 = cert.indexOf('-----END CERTIFICATE-----');
if ((x1 >= 0) && (x2 > x1)) { if ((x1 >= 0) && (x2 > x1)) {
return obj.crypto.createHash('sha384').update(new Buffer(cert.substring(x1 + 27, x2), 'base64')).digest('binary'); return obj.crypto.createHash('sha384').update(Buffer.from(cert.substring(x1 + 27, x2), 'base64')).digest('binary');
} else { console.log('ERROR: Unable to decode certificate.'); return null; } } else { console.log('ERROR: Unable to decode certificate.'); return null; }
} }
}; };
@ -497,7 +497,7 @@ module.exports.CertificateOperations = function () {
// No accelerators available // No accelerators available
if (typeof privatekey == "number") { privatekey = obj.acceleratorCertStore[privatekey].key; } if (typeof privatekey == "number") { privatekey = obj.acceleratorCertStore[privatekey].key; }
const sign = obj.crypto.createSign("SHA384"); const sign = obj.crypto.createSign("SHA384");
sign.end(new Buffer(data, "binary")); sign.end(Buffer.from(data, "binary"));
func(tag, sign.sign(privatekey).toString("binary")); func(tag, sign.sign(privatekey).toString("binary"));
} else { } else {
var acc = obj.getAccelerator(); var acc = obj.getAccelerator();

2
db.js
View File

@ -55,7 +55,7 @@ module.exports.CreateDB = function (parent) {
if ((docs.length == 1) && (docs[0].value != null)) { if ((docs.length == 1) && (docs[0].value != null)) {
obj.identifier = docs[0].value; obj.identifier = docs[0].value;
} else { } else {
obj.identifier = new Buffer(require('crypto').randomBytes(48), 'binary').toString('hex'); obj.identifier = Buffer.from(require('crypto').randomBytes(48), 'binary').toString('hex');
obj.Set({ _id: 'DatabaseIdentifier', value: obj.identifier }); obj.Set({ _id: 'DatabaseIdentifier', value: obj.identifier });
} }
}); });

2
meshaccelerator.js
View File

@ -23,7 +23,7 @@ process.on('message', function (message) {
if (typeof message.key == 'number') { message.key = certStore[message.key].key; } if (typeof message.key == 'number') { message.key = certStore[message.key].key; }
try { try {
const sign = crypto.createSign('SHA384'); const sign = crypto.createSign('SHA384');
sign.end(new Buffer(message.data, 'binary')); sign.end(Buffer.from(message.data, 'binary'));
process.send(sign.sign(message.key).toString('binary')); process.send(sign.sign(message.key).toString('binary'));
} catch (e) { process.send(null); } } catch (e) { process.send(null); }
break; break;

22
meshagent.js
View File

@ -45,7 +45,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
ws._socket.setKeepAlive(true, 240000); // Set TCP keep alive, 4 minutes ws._socket.setKeepAlive(true, 240000); // Set TCP keep alive, 4 minutes
// Send a message to the mesh agent // Send a message to the mesh agent
obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(new Buffer(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } }; obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(Buffer.from(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } };
// Disconnect this agent // Disconnect this agent
obj.close = function (arg) { obj.close = function (arg) {
@ -159,7 +159,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
if (obj.nodeid != null) { obj.parent.parent.debug(1, 'Agent update required, NodeID=0x' + obj.nodeid.substring(0, 16) + ', ' + obj.agentExeInfo.desc); } if (obj.nodeid != null) { obj.parent.parent.debug(1, 'Agent update required, NodeID=0x' + obj.nodeid.substring(0, 16) + ', ' + obj.agentExeInfo.desc); }
obj.fs.open(obj.agentExeInfo.path, 'r', function (err, fd) { obj.fs.open(obj.agentExeInfo.path, 'r', function (err, fd) {
if (err) { return console.error(err); } if (err) { return console.error(err); }
obj.agentUpdate = { oldHash: agenthash, ptr: 0, buf: new Buffer(agentUpdateBlockSize + 4), fd: fd }; obj.agentUpdate = { oldHash: agenthash, ptr: 0, buf: Buffer.from(agentUpdateBlockSize + 4), fd: fd };
// We got the agent file open on the server side, tell the agent we are sending an update starting with the SHA384 hash of the result // We got the agent file open on the server side, tell the agent we are sending an update starting with the SHA384 hash of the result
//console.log("Agent update file open."); //console.log("Agent update file open.");
@ -229,7 +229,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
obj.send(obj.common.ShortToStr(1) + msg.substring(2, 50) + obj.nonce); // Command 1, hash + nonce. Use the web hash given by the agent. obj.send(obj.common.ShortToStr(1) + msg.substring(2, 50) + obj.nonce); // Command 1, hash + nonce. Use the web hash given by the agent.
} else { } else {
// Check that the server hash matches our own web certificate hash (SHA384) // Check that the server hash matches our own web certificate hash (SHA384)
if ((getWebCertHash(obj.domain) != msg.substring(2, 50)) && (getWebCertFullHash(obj.domain) != msg.substring(2, 50))) { console.log('Agent bad web cert hash (Agent:' + (new Buffer(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (new Buffer(getWebCertHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); return; } if ((getWebCertHash(obj.domain) != msg.substring(2, 50)) && (getWebCertFullHash(obj.domain) != msg.substring(2, 50))) { console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (new Buffer(getWebCertHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); return; }
} }
// Use our server private key to sign the ServerHash + AgentNonce + ServerNonce // Use our server private key to sign the ServerHash + AgentNonce + ServerNonce
@ -266,8 +266,8 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
// Decode the certificate // Decode the certificate
var certlen = obj.common.ReadShort(msg, 2); var certlen = obj.common.ReadShort(msg, 2);
obj.unauth = {}; obj.unauth = {};
try { obj.unauth.nodeid = new Buffer(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { md: obj.forge.md.sha384.create() }).data, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return; } try { obj.unauth.nodeid = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { md: obj.forge.md.sha384.create() }).data, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return; }
obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + new Buffer(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + Buffer.from(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----';
// Check the agent signature if we can // Check the agent signature if we can
if (obj.agentnonce == null) { obj.unauthsign = msg.substring(4 + certlen); } else { if (processAgentSignature(msg.substring(4 + certlen)) == false) { console.log('Agent connected with bad signature, holding connection (' + obj.remoteaddrport + ').'); return; } } if (obj.agentnonce == null) { obj.unauthsign = msg.substring(4 + certlen); } else { if (processAgentSignature(msg.substring(4 + certlen)) == false) { console.log('Agent connected with bad signature, holding connection (' + obj.remoteaddrport + ').'); return; } }
@ -286,9 +286,9 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
obj.agentInfo.platformType = obj.common.ReadInt(msg, 14); obj.agentInfo.platformType = obj.common.ReadInt(msg, 14);
if (obj.agentInfo.platformType > 6 || obj.agentInfo.platformType < 1) { obj.agentInfo.platformType = 1; } if (obj.agentInfo.platformType > 6 || obj.agentInfo.platformType < 1) { obj.agentInfo.platformType = 1; }
if (msg.substring(50, 66) == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0') { if (msg.substring(50, 66) == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0') {
obj.meshid = new Buffer(msg.substring(18, 50), 'binary').toString('hex'); // Older HEX MeshID obj.meshid = Buffer.from(msg.substring(18, 50), 'binary').toString('hex'); // Older HEX MeshID
} else { } else {
obj.meshid = new Buffer(msg.substring(18, 66), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // New Base64 MeshID obj.meshid = Buffer.from(msg.substring(18, 66), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // New Base64 MeshID
} }
//console.log('MeshID', obj.meshid); //console.log('MeshID', obj.meshid);
obj.agentInfo.capabilities = obj.common.ReadInt(msg, 66); obj.agentInfo.capabilities = obj.common.ReadInt(msg, 66);
@ -464,11 +464,11 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
if (obj.args.ignoreagenthashcheck !== true) { if (obj.args.ignoreagenthashcheck !== true) {
// Verify the signature. This is the fast way, without using forge. // Verify the signature. This is the fast way, without using forge.
const verify = obj.parent.crypto.createVerify('SHA384'); const verify = obj.parent.crypto.createVerify('SHA384');
verify.end(new Buffer(getWebCertHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the private key hash verify.end(Buffer.from(getWebCertHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the private key hash
if (verify.verify(obj.unauth.nodeCertPem, new Buffer(msg, 'binary')) !== true) { if (verify.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) {
const verify2 = obj.parent.crypto.createVerify('SHA384'); const verify2 = obj.parent.crypto.createVerify('SHA384');
verify2.end(new Buffer(getWebCertFullHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the full cert hash verify2.end(Buffer.from(getWebCertFullHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the full cert hash
if (verify2.verify(obj.unauth.nodeCertPem, new Buffer(msg, 'binary')) !== true) { return false; } if (verify2.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) { return false; }
} }
} }

12
meshcentral.js
View File

@ -56,7 +56,7 @@ function CreateMeshCentralServer(config, args) {
obj.maintenanceTimer = null; obj.maintenanceTimer = null;
obj.serverId = null; obj.serverId = null;
obj.currentVer = null; obj.currentVer = null;
obj.serverKey = new Buffer(obj.crypto.randomBytes(48), 'binary'); obj.serverKey = Buffer.from(obj.crypto.randomBytes(48), 'binary');
obj.loginCookieEncryptionKey = null; obj.loginCookieEncryptionKey = null;
obj.serverSelfWriteAllowed = true; obj.serverSelfWriteAllowed = true;
try { obj.currentVer = JSON.parse(obj.fs.readFileSync(obj.path.join(__dirname, 'package.json'), 'utf8')).version; } catch (e) { } // Fetch server version try { obj.currentVer = JSON.parse(obj.fs.readFileSync(obj.path.join(__dirname, 'package.json'), 'utf8')).version; } catch (e) { } // Fetch server version
@ -1138,7 +1138,7 @@ function CreateMeshCentralServer(config, args) {
// Generate a cryptographic key used to encode and decode cookies // Generate a cryptographic key used to encode and decode cookies
obj.generateCookieKey = function () { obj.generateCookieKey = function () {
return new Buffer(obj.crypto.randomBytes(80), 'binary'); return Buffer.from(obj.crypto.randomBytes(80), 'binary');
//return Buffer.alloc(80, 0); // Sets the key to zeros, debug only. //return Buffer.alloc(80, 0); // Sets the key to zeros, debug only.
}; };
@ -1147,7 +1147,7 @@ function CreateMeshCentralServer(config, args) {
try { try {
if (key == null) { key = obj.serverKey; } if (key == null) { key = obj.serverKey; }
o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time
const iv = new Buffer(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv); const iv = Buffer.from(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv);
const crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]); const crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]);
return Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); return Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
} catch (e) { return null; } } catch (e) { return null; }
@ -1164,7 +1164,7 @@ function CreateMeshCentralServer(config, args) {
obj.decodeCookieAESGCM = function (cookie, key, timeout) { obj.decodeCookieAESGCM = function (cookie, key, timeout) {
try { try {
if (key == null) { key = obj.serverKey; } if (key == null) { key = obj.serverKey; }
cookie = new Buffer(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64');
const decipher = obj.crypto.createDecipheriv('aes-256-gcm', key.slice(0, 32), cookie.slice(0, 12)); const decipher = obj.crypto.createDecipheriv('aes-256-gcm', key.slice(0, 32), cookie.slice(0, 12));
decipher.setAuthTag(cookie.slice(12, 16)); decipher.setAuthTag(cookie.slice(12, 16));
const o = JSON.parse(decipher.update(cookie.slice(28), 'binary', 'utf8') + decipher.final('utf8')); const o = JSON.parse(decipher.update(cookie.slice(28), 'binary', 'utf8') + decipher.final('utf8'));
@ -1183,7 +1183,7 @@ function CreateMeshCentralServer(config, args) {
try { try {
if (key == null) { key = obj.serverKey; } if (key == null) { key = obj.serverKey; }
if (key.length < 80) { return null; } if (key.length < 80) { return null; }
cookie = new Buffer(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64');
const decipher = obj.crypto.createDecipheriv('aes-256-cbc', key.slice(48, 80), cookie.slice(0, 16)); const decipher = obj.crypto.createDecipheriv('aes-256-cbc', key.slice(48, 80), cookie.slice(0, 16));
const rawmsg = decipher.update(cookie.slice(16), 'binary', 'binary') + decipher.final('binary'); const rawmsg = decipher.update(cookie.slice(16), 'binary', 'binary') + decipher.final('binary');
const hmac = obj.crypto.createHmac('sha384', key.slice(0, 48)); const hmac = obj.crypto.createHmac('sha384', key.slice(0, 48));
@ -1238,7 +1238,7 @@ function CreateMeshCentralServer(config, args) {
obj.fs.open(filepath, 'r', function (err, fd) { obj.fs.open(filepath, 'r', function (err, fd) {
if (fd == null) { func(null); return; } if (fd == null) { func(null); return; }
obj.fs.fstat(fd, function (err, stats) { obj.fs.fstat(fd, function (err, stats) {
var bufferSize = stats.size, chunkSize = 512, buffer = new Buffer(bufferSize), bytesRead = 0; var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.from(bufferSize), bytesRead = 0;
while (bytesRead < bufferSize) { while (bytesRead < bufferSize) {
if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); } if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); }
obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead); obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead);

15
meshrelay.js
View File

@ -191,14 +191,19 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie
} }
}); });
// If error, do nothing // If error, do nothing.
ws.on('error', function (err) { ws.on('error', function (err) {
console.log('Relay Error', err); console.log('Relay error from ' + obj.remoteaddr + ', ' + err.toString().split('\r')[0] + '.');
obj.close(); closeBothSides();
}); });
// If the mesh relay web socket is closed // If the mesh relay web socket is closed.
ws.on('close', function (req) { ws.on('close', function (req) {
closeBothSides();
});
// Close both our side and the peer side.
function closeBothSides() {
if (obj.id != null) { if (obj.id != null) {
var relayinfo = parent.wsrelays[obj.id]; var relayinfo = parent.wsrelays[obj.id];
if (relayinfo != null) { if (relayinfo != null) {
@ -217,7 +222,7 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie
obj.peer = null; obj.peer = null;
obj.id = null; obj.id = null;
} }
}); }
// Mark this relay session as authenticated if this is the user end. // Mark this relay session as authenticated if this is the user end.
obj.authenticated = (obj.user != null); obj.authenticated = (obj.user != null);

4
meshuser.js
View File

@ -28,7 +28,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
obj.serverStatsTimer = null; obj.serverStatsTimer = null;
// Send a message to the user // Send a message to the user
//obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(new Buffer(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } } //obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(Buffer.from(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } }
// Disconnect this user // Disconnect this user
obj.close = function (arg) { obj.close = function (arg) {
@ -1391,7 +1391,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
try { try {
obj.fs.open(filepath, 'r', function (err, fd) { obj.fs.open(filepath, 'r', function (err, fd) {
obj.fs.fstat(fd, function (err, stats) { obj.fs.fstat(fd, function (err, stats) {
var bufferSize = stats.size, chunkSize = 512, buffer = new Buffer(bufferSize), bytesRead = 0; var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.from(bufferSize), bytesRead = 0;
while (bytesRead < bufferSize) { while (bytesRead < bufferSize) {
if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); } if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); }
obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead); obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead);

8
mpsserver.js
View File

@ -113,7 +113,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) {
socket.on("timeout", () => { Debug(1, "MPS:CIRA timeout, disconnecting."); try { socket.end(); } catch (e) { } }); socket.on("timeout", () => { Debug(1, "MPS:CIRA timeout, disconnecting."); try { socket.end(); } catch (e) { } });
socket.addListener("data", function (data) { socket.addListener("data", function (data) {
if (args.mpsdebug) { var buf = new Buffer(data, "binary"); console.log("MPS <-- (" + buf.length + "):" + buf.toString('hex')); } // Print out received bytes if (args.mpsdebug) { var buf = Buffer.from(data, "binary"); console.log("MPS <-- (" + buf.length + "):" + buf.toString('hex')); } // Print out received bytes
socket.tag.accumulator += data; socket.tag.accumulator += data;
// Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port. // Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port.
@ -249,7 +249,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) {
if (mesh.mtype == 1) { if (mesh.mtype == 1) {
// Intel AMT GUID (socket.tag.SystemId) will be used as NodeID // Intel AMT GUID (socket.tag.SystemId) will be used as NodeID
var systemid = socket.tag.SystemId.split('-').join(''); var systemid = socket.tag.SystemId.split('-').join('');
var nodeid = new Buffer(systemid + systemid + systemid, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); var nodeid = Buffer.from(systemid + systemid + systemid, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
socket.tag.name = ''; socket.tag.name = '';
socket.tag.nodeid = 'node/' + mesh.domain + '/' + nodeid; // Turn 16bit systemid guid into 48bit nodeid that is base64 encoded socket.tag.nodeid = 'node/' + mesh.domain + '/' + nodeid; // Turn 16bit systemid guid into 48bit nodeid that is base64 encoded
socket.tag.meshid = mesh._id; socket.tag.meshid = mesh._id;
@ -630,11 +630,11 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) {
function Write(socket, data) { function Write(socket, data) {
if (args.mpsdebug) { if (args.mpsdebug) {
// Print out sent bytes // Print out sent bytes
var buf = new Buffer(data, "binary"); var buf = Buffer.from(data, "binary");
console.log('MPS --> (' + buf.length + '):' + buf.toString('hex')); console.log('MPS --> (' + buf.length + '):' + buf.toString('hex'));
socket.write(buf); socket.write(buf);
} else { } else {
socket.write(new Buffer(data, "binary")); socket.write(Buffer.from(data, "binary"));
} }
} }

26
multiserver.js
View File

@ -111,21 +111,21 @@ module.exports.CreateMultiServer = function (parent, args) {
case 2: { case 2: {
// Server certificate // Server certificate
var certlen = obj.common.ReadShort(msg, 2), serverCert = null; var certlen = obj.common.ReadShort(msg, 2), serverCert = null;
var serverCertPem = '-----BEGIN CERTIFICATE-----\r\n' + new Buffer(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; var serverCertPem = '-----BEGIN CERTIFICATE-----\r\n' + Buffer.from(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----';
try { serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))); } catch (e) { } try { serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))); } catch (e) { }
if (serverCert == null) { obj.parent.parent.debug(1, 'OutPeer: Invalid server certificate.'); disconnect(); return; } if (serverCert == null) { obj.parent.parent.debug(1, 'OutPeer: Invalid server certificate.'); disconnect(); return; }
var serverid = new Buffer(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); var serverid = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
if (serverid !== obj.agentCertificateHashBase64) { obj.parent.parent.debug(1, 'OutPeer: Server hash mismatch.'); disconnect(); return; } if (serverid !== obj.agentCertificateHashBase64) { obj.parent.parent.debug(1, 'OutPeer: Server hash mismatch.'); disconnect(); return; }
// Server signature, verify it. This is the fast way, without using forge. (TODO: Use accelerator for this?) // Server signature, verify it. This is the fast way, without using forge. (TODO: Use accelerator for this?)
const verify = obj.parent.crypto.createVerify('SHA384'); const verify = obj.parent.crypto.createVerify('SHA384');
verify.end(new Buffer(obj.serverCertHash + obj.nonce + obj.servernonce, 'binary')); verify.end(Buffer.from(obj.serverCertHash + obj.nonce + obj.servernonce, 'binary'));
if (verify.verify(serverCertPem, new Buffer(msg.substring(4 + certlen), 'binary')) !== true) { obj.parent.parent.debug(1, 'OutPeer: Server sign check failed.'); disconnect(); return; } if (verify.verify(serverCertPem, Buffer.from(msg.substring(4 + certlen), 'binary')) !== true) { obj.parent.parent.debug(1, 'OutPeer: Server sign check failed.'); disconnect(); return; }
// Connection is a success, clean up // Connection is a success, clean up
delete obj.nonce; delete obj.nonce;
delete obj.servernonce; delete obj.servernonce;
obj.serverCertHash = new Buffer(obj.serverCertHash, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // Change this value to base64 obj.serverCertHash = Buffer.from(obj.serverCertHash, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // Change this value to base64
obj.connectionState |= 4; obj.connectionState |= 4;
obj.retryBackoff = 0; // Set backoff connection timer back to fast. obj.retryBackoff = 0; // Set backoff connection timer back to fast.
obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Verified peer connection to ' + obj.url); obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Verified peer connection to ' + obj.url);
@ -189,7 +189,7 @@ module.exports.CreateMultiServer = function (parent, args) {
if (command.dbid != obj.parent.parent.db.identifier) { console.log('ERROR: Database ID mismatch. Trying to peer to a server with the wrong database. (' + obj.url + ', ' + command.serverid + ').'); return; } if (command.dbid != obj.parent.parent.db.identifier) { console.log('ERROR: Database ID mismatch. Trying to peer to a server with the wrong database. (' + obj.url + ', ' + command.serverid + ').'); return; }
if (obj.serverCertHash != command.serverCertHash) { console.log('ERROR: Outer certificate hash mismatch (2). (' + obj.url + ', ' + command.serverid + ').'); return; } if (obj.serverCertHash != command.serverCertHash) { console.log('ERROR: Outer certificate hash mismatch (2). (' + obj.url + ', ' + command.serverid + ').'); return; }
obj.peerServerId = command.serverid; obj.peerServerId = command.serverid;
obj.peerServerKey = new Buffer(command.key, 'hex'); obj.peerServerKey = Buffer.from(command.key, 'hex');
obj.authenticated = 3; obj.authenticated = 3;
obj.parent.SetupPeerServer(obj, obj.peerServerId); obj.parent.SetupPeerServer(obj, obj.peerServerId);
} }
@ -228,7 +228,7 @@ module.exports.CreateMultiServer = function (parent, args) {
// Send a message to the peer server // Send a message to the peer server
obj.send = function (data) { obj.send = function (data) {
try { try {
if (typeof data == 'string') { obj.ws.send(new Buffer(data, 'binary')); return; } if (typeof data == 'string') { obj.ws.send(Buffer.from(data, 'binary')); return; }
if (typeof data == 'object') { obj.ws.send(JSON.stringify(data)); return; } if (typeof data == 'object') { obj.ws.send(JSON.stringify(data)); return; }
obj.ws.send(data); obj.ws.send(data);
} catch (e) { } } catch (e) { }
@ -282,8 +282,8 @@ module.exports.CreateMultiServer = function (parent, args) {
// Decode the certificate // Decode the certificate
var certlen = obj.common.ReadShort(msg, 2); var certlen = obj.common.ReadShort(msg, 2);
obj.unauth = {}; obj.unauth = {};
try { obj.unauth.nodeid = new Buffer(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { console.log(e); return; } try { obj.unauth.nodeid = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { console.log(e); return; }
obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + new Buffer(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + Buffer.from(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----';
// Check the peer server signature if we can // Check the peer server signature if we can
if (obj.peernonce == null) { if (obj.peernonce == null) {
@ -325,8 +325,8 @@ module.exports.CreateMultiServer = function (parent, args) {
function processPeerSignature(msg) { function processPeerSignature(msg) {
// Verify the signature. This is the fast way, without using forge. // Verify the signature. This is the fast way, without using forge.
const verify = obj.parent.crypto.createVerify('SHA384'); const verify = obj.parent.crypto.createVerify('SHA384');
verify.end(new Buffer(obj.parent.parent.webserver.webCertificateHash + obj.nonce + obj.peernonce, 'binary')); verify.end(Buffer.from(obj.parent.parent.webserver.webCertificateHash + obj.nonce + obj.peernonce, 'binary'));
if (verify.verify(obj.unauth.nodeCertPem, new Buffer(msg, 'binary')) !== true) { console.log('Peer sign fail 1'); return false; } if (verify.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) { console.log('Peer sign fail 1'); return false; }
if (obj.unauth.nodeid !== obj.agentCertificateHashBase64) { console.log('Peer sign fail 2'); return false; } if (obj.unauth.nodeid !== obj.agentCertificateHashBase64) { console.log('Peer sign fail 2'); return false; }
// Connection is a success, clean up // Connection is a success, clean up
@ -353,7 +353,7 @@ module.exports.CreateMultiServer = function (parent, args) {
if (command.dbid != obj.parent.parent.db.identifier) { console.log('ERROR: Database ID mismatch. Trying to peer to a server with the wrong database. (' + obj.remoteaddr + ', ' + command.serverid + ').'); return; } if (command.dbid != obj.parent.parent.db.identifier) { console.log('ERROR: Database ID mismatch. Trying to peer to a server with the wrong database. (' + obj.remoteaddr + ', ' + command.serverid + ').'); return; }
if (obj.parent.peerConfig.servers[command.serverid] == null) { console.log('ERROR: Unknown peer serverid: ' + command.serverid + ' (' + obj.remoteaddr + ').'); return; } if (obj.parent.peerConfig.servers[command.serverid] == null) { console.log('ERROR: Unknown peer serverid: ' + command.serverid + ' (' + obj.remoteaddr + ').'); return; }
obj.peerServerId = command.serverid; obj.peerServerId = command.serverid;
obj.peerServerKey = new Buffer(command.key, 'hex'); obj.peerServerKey = Buffer.from(command.key, 'hex');
obj.serverCertHash = command.serverCertHash; obj.serverCertHash = command.serverCertHash;
obj.authenticated = 3; obj.authenticated = 3;
obj.parent.SetupPeerServer(obj, obj.peerServerId); obj.parent.SetupPeerServer(obj, obj.peerServerId);
@ -599,7 +599,7 @@ module.exports.CreateMultiServer = function (parent, args) {
// Get the peer server's certificate and compute the server public key hash // Get the peer server's certificate and compute the server public key hash
var serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(peerTunnel.ws2._socket.getPeerCertificate().raw.toString('binary'))); var serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(peerTunnel.ws2._socket.getPeerCertificate().raw.toString('binary')));
var serverCertHashHex = new Buffer(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); var serverCertHashHex = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
// Check if the peer certificate is the expected one for this serverid // Check if the peer certificate is the expected one for this serverid
if (obj.peerServers[serverid] == null || obj.peerServers[serverid].serverCertHash != serverCertHashHex) { console.log('ERROR: Outer certificate hash mismatch (1). (' + peerTunnel.url + ', ' + peerTunnel.serverid + ').'); peerTunnel.close(); return; } if (obj.peerServers[serverid] == null || obj.peerServers[serverid].serverCertHash != serverCertHashHex) { console.log('ERROR: Outer certificate hash mismatch (1). (' + peerTunnel.url + ', ' + peerTunnel.serverid + ').'); peerTunnel.close(); return; }

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.2.5-k", "version": "0.2.5-l",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",

2
pass.js
View File

@ -53,7 +53,7 @@ exports.iishash = function (type, pwd, salt, fn) {
fn(null, pwd); fn(null, pwd);
} else if (type == 1) { } else if (type == 1) {
const hash = crypto.createHash('sha1'); const hash = crypto.createHash('sha1');
hash.update(Buffer.concat([new Buffer(salt, 'base64'), new Buffer(pwd, 'utf16le')])); hash.update(Buffer.concat([Buffer.from(salt, 'base64'), Buffer.from(pwd, 'utf16le')]));
fn(null, hash.digest().toString('base64')); fn(null, hash.digest().toString('base64'));
} else { } else {
fn('invalid type'); fn('invalid type');

2
redirserver.js
View File

@ -60,7 +60,7 @@ module.exports.CreateRedirServer = function (parent, db, args, func) {
if (i >= 0) { rootcert = rootcert.substring(i + 29); } if (i >= 0) { rootcert = rootcert.substring(i + 29); }
i = rootcert.indexOf("-----END CERTIFICATE-----"); i = rootcert.indexOf("-----END CERTIFICATE-----");
if (i >= 0) { rootcert = rootcert.substring(i, 0); } if (i >= 0) { rootcert = rootcert.substring(i, 0); }
res.send(new Buffer(rootcert, "base64")); res.send(Buffer.from(rootcert, "base64"));
} else { } else {
res.sendStatus(404); res.sendStatus(404);
} }

6
swarmserver.js
View File

@ -153,7 +153,7 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) {
Debug(1, 'SWARM:New legacy agent connection'); Debug(1, 'SWARM:New legacy agent connection');
socket.addListener("data", function (data) { socket.addListener("data", function (data) {
if (args.swarmdebug) { var buf = new Buffer(data, "binary"); console.log('SWARM <-- (' + buf.length + '):' + buf.toString('hex')); } // Print out received bytes if (args.swarmdebug) { var buf = Buffer.from(data, "binary"); console.log('SWARM <-- (' + buf.length + '):' + buf.toString('hex')); } // Print out received bytes
socket.tag.accumulator += data; socket.tag.accumulator += data;
// Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port. // Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port.
@ -333,11 +333,11 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) {
function Write(socket, data) { function Write(socket, data) {
if (args.swarmdebug) { if (args.swarmdebug) {
// Print out sent bytes // Print out sent bytes
var buf = new Buffer(data, "binary"); var buf = Buffer.from(data, "binary");
console.log('SWARM --> (' + buf.length + '):' + buf.toString('hex')); console.log('SWARM --> (' + buf.length + '):' + buf.toString('hex'));
socket.write(buf); socket.write(buf);
} else { } else {
socket.write(new Buffer(data, "binary")); socket.write(Buffer.from(data, "binary"));
} }
} }

2
views/default-mobile-min.handlebars
View File

File diff suppressed because one or more lines are too long

5
views/default-mobile.handlebars
View File

@ -1088,7 +1088,6 @@
r += '</div></div>'; r += '</div></div>';
} }
//meshcount = count;
QH('p3meshes', r); QH('p3meshes', r);
QV('p3noMeshFound', count == 0); QV('p3noMeshFound', count == 0);
} }
@ -1456,7 +1455,11 @@
} }
} }
if (count == 0) {
QH('xdevices', '<div style="margin-top:50px;text-align:center"><span style="font-size:30px">No devices</span><br /><br />Use the desktop version of this website to add devices.</div>');
} else {
QH('xdevices', r); QH('xdevices', r);
}
deviceHeaderSet(); deviceHeaderSet();
for (var i in deviceHeaders) { QH(i, deviceHeaders[i]); } for (var i in deviceHeaders) { QH(i, deviceHeaders[i]); }
for (var i in deviceHeadersTitles) { Q(i).title = deviceHeadersTitles[i]; } for (var i in deviceHeadersTitles) { Q(i).title = deviceHeadersTitles[i]; }

64
webserver.js
View File

@ -104,19 +104,19 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Perform hash on web certificate and agent certificate // Perform hash on web certificate and agent certificate
obj.webCertificateHash = parent.certificateOperations.getPublicKeyHashBinary(obj.certificates.web.cert); obj.webCertificateHash = parent.certificateOperations.getPublicKeyHashBinary(obj.certificates.web.cert);
obj.webCertificateHashs = { '': obj.webCertificateHash }; obj.webCertificateHashs = { '': obj.webCertificateHash };
obj.webCertificateHashBase64 = new Buffer(obj.webCertificateHash, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); obj.webCertificateHashBase64 = Buffer.from(obj.webCertificateHash, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
obj.webCertificateFullHash = parent.certificateOperations.getCertHashBinary(obj.certificates.web.cert); obj.webCertificateFullHash = parent.certificateOperations.getCertHashBinary(obj.certificates.web.cert);
obj.webCertificateFullHashs = { '': obj.webCertificateFullHash }; obj.webCertificateFullHashs = { '': obj.webCertificateFullHash };
obj.agentCertificateHashHex = parent.certificateOperations.getPublicKeyHash(obj.certificates.agent.cert); obj.agentCertificateHashHex = parent.certificateOperations.getPublicKeyHash(obj.certificates.agent.cert);
obj.agentCertificateHashBase64 = new Buffer(obj.agentCertificateHashHex, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); obj.agentCertificateHashBase64 = Buffer.from(obj.agentCertificateHashHex, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
obj.agentCertificateAsn1 = parent.certificateOperations.forge.asn1.toDer(parent.certificateOperations.forge.pki.certificateToAsn1(parent.certificateOperations.forge.pki.certificateFromPem(parent.certificates.agent.cert))).getBytes(); obj.agentCertificateAsn1 = parent.certificateOperations.forge.asn1.toDer(parent.certificateOperations.forge.pki.certificateToAsn1(parent.certificateOperations.forge.pki.certificateFromPem(parent.certificates.agent.cert))).getBytes();
// Compute the hash of all of the web certificates for each domain // Compute the hash of all of the web certificates for each domain
for (var i in obj.parent.config.domains) { for (var i in obj.parent.config.domains) {
if (obj.parent.config.domains[i].certhash != null) { if (obj.parent.config.domains[i].certhash != null) {
// If the web certificate hash is provided, use it. // If the web certificate hash is provided, use it.
obj.webCertificateHashs[i] = obj.webCertificateFullHashs[i] = new Buffer(obj.parent.config.domains[i].certhash, 'hex').toString('binary'); obj.webCertificateHashs[i] = obj.webCertificateFullHashs[i] = Buffer.from(obj.parent.config.domains[i].certhash, 'hex').toString('binary');
if (obj.parent.config.domains[i].certkeyhash != null) { obj.webCertificateHashs[i] = new Buffer(obj.parent.config.domains[i].certkeyhash, 'hex').toString('binary'); } if (obj.parent.config.domains[i].certkeyhash != null) { obj.webCertificateHashs[i] = Buffer.from(obj.parent.config.domains[i].certkeyhash, 'hex').toString('binary'); }
} else if ((obj.parent.config.domains[i].dns != null) && (obj.parent.config.domains[i].certs != null)) { } else if ((obj.parent.config.domains[i].dns != null) && (obj.parent.config.domains[i].certs != null)) {
// If the domain has a different DNS name, use a different certificate hash. // If the domain has a different DNS name, use a different certificate hash.
// Hash the full certificate // Hash the full certificate
@ -181,8 +181,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
var tlsOptions = { cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.web.ca, rejectUnauthorized: true, secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE | obj.constants.SSL_OP_NO_TLSv1 | obj.constants.SSL_OP_NO_TLSv11 }; var tlsOptions = { cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.web.ca, rejectUnauthorized: true, secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE | obj.constants.SSL_OP_NO_TLSv1 | obj.constants.SSL_OP_NO_TLSv11 };
if (obj.tlsSniCredentials != null) { tlsOptions.SNICallback = TlsSniCallback; } // We have multiple web server certificate used depending on the domain name if (obj.tlsSniCredentials != null) { tlsOptions.SNICallback = TlsSniCallback; } // We have multiple web server certificate used depending on the domain name
obj.tlsServer = require('https').createServer(tlsOptions, obj.app); obj.tlsServer = require('https').createServer(tlsOptions, obj.app);
obj.tlsServer.on('secureConnection', function () { }); obj.tlsServer.on('secureConnection', function () { /*console.log('tlsServer secureConnection');*/ });
obj.tlsServer.on('error', function (a, b, c) { console.log('tlsServer error', a, b, c); }); obj.tlsServer.on('error', function () { console.log('tlsServer error'); });
obj.expressWs = require('express-ws')(obj.app, obj.tlsServer); obj.expressWs = require('express-ws')(obj.app, obj.tlsServer);
} }
@ -783,14 +783,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (obj.args.minify && !req.query.nominify) { if (obj.args.minify && !req.query.nominify) {
// Try to server the minified version if we can. // Try to server the minified version if we can.
try { try {
res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile-min' : 'views/default-min'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: new Buffer(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer }); res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile-min' : 'views/default-min'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: Buffer.from(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer });
} catch (ex) { } catch (ex) {
// In case of an exception, serve the non-minified version. // In case of an exception, serve the non-minified version.
res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile' : 'views/default'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: new Buffer(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer }); res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile' : 'views/default'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: Buffer.from(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer });
} }
} else { } else {
// Serve non-minified version of web pages. // Serve non-minified version of web pages.
res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile' : 'views/default'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: new Buffer(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer }); res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile' : 'views/default'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: Buffer.from(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer });
} }
} else { } else {
// Send back the login application // Send back the login application
@ -880,14 +880,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (i >= 0) { rootcert = rootcert.substring(i + 29); } if (i >= 0) { rootcert = rootcert.substring(i + 29); }
i = rootcert.indexOf("-----END CERTIFICATE-----"); i = rootcert.indexOf("-----END CERTIFICATE-----");
if (i >= 0) { rootcert = rootcert.substring(i, 0); } if (i >= 0) { rootcert = rootcert.substring(i, 0); }
return new Buffer(rootcert, 'base64').toString('base64'); return Buffer.from(rootcert, 'base64').toString('base64');
} }
// Returns the mesh server root certificate // Returns the mesh server root certificate
function handleRootCertRequest(req, res) { function handleRootCertRequest(req, res) {
if (checkUserIpAddress(req, res, true) == false) { return; } if (checkUserIpAddress(req, res, true) == false) { return; }
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + certificates.RootName + '.cer' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + certificates.RootName + '.cer' });
res.send(new Buffer(getRootCertBase64(), 'base64')); res.send(Buffer.from(getRootCertBase64(), 'base64'));
} }
// Returns an mescript for Intel AMT configuration // Returns an mescript for Intel AMT configuration
@ -922,11 +922,11 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Compile the script // Compile the script
var scriptEngine = require('./amtscript.js').CreateAmtScriptEngine(); var scriptEngine = require('./amtscript.js').CreateAmtScriptEngine();
var runscript = scriptEngine.script_blocksToScript(scriptFile.blocks, scriptFile.scriptBlocks); var runscript = scriptEngine.script_blocksToScript(scriptFile.blocks, scriptFile.scriptBlocks);
scriptFile.mescript = new Buffer(scriptEngine.script_compile(runscript), 'binary').toString('base64'); scriptFile.mescript = Buffer.from(scriptEngine.script_compile(runscript), 'binary').toString('base64');
scriptFile.scriptText = runscript; scriptFile.scriptText = runscript;
// Send the script // Send the script
res.send(new Buffer(JSON.stringify(scriptFile, null, ' '))); res.send(Buffer.from(JSON.stringify(scriptFile, null, ' ')));
}); });
} else { } else {
// Server name is a hostname // Server name is a hostname
@ -948,11 +948,11 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Compile the script // Compile the script
var scriptEngine = require('./amtscript.js').CreateAmtScriptEngine(); var scriptEngine = require('./amtscript.js').CreateAmtScriptEngine();
var runscript = scriptEngine.script_blocksToScript(scriptFile.blocks, scriptFile.scriptBlocks); var runscript = scriptEngine.script_blocksToScript(scriptFile.blocks, scriptFile.scriptBlocks);
scriptFile.mescript = new Buffer(scriptEngine.script_compile(runscript), 'binary').toString('base64'); scriptFile.mescript = Buffer.from(scriptEngine.script_compile(runscript), 'binary').toString('base64');
scriptFile.scriptText = runscript; scriptFile.scriptText = runscript;
// Send the script // Send the script
res.send(new Buffer(JSON.stringify(scriptFile, null, ' '))); res.send(Buffer.from(JSON.stringify(scriptFile, null, ' ')));
}); });
} }
} }
@ -962,7 +962,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
var filepath = obj.parent.path.join(__dirname, 'public/scripts/cira_cleanup.mescript'); var filepath = obj.parent.path.join(__dirname, 'public/scripts/cira_cleanup.mescript');
readEntireTextFile(filepath, function (data) { readEntireTextFile(filepath, function (data) {
if (data == null) { res.sendStatus(404); return; } if (data == null) { res.sendStatus(404); return; }
res.send(new Buffer(data)); res.send(Buffer.from(data));
}); });
} }
} }
@ -1099,7 +1099,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((names.length == sizes.length) && (types.length == datas.length) && (names.length == types.length)) { if ((names.length == sizes.length) && (types.length == datas.length) && (names.length == types.length)) {
for (var i = 0; i < names.length; i++) { for (var i = 0; i < names.length; i++) {
if (obj.common.IsFilenameValid(names[i]) == false) { res.sendStatus(404); return; } if (obj.common.IsFilenameValid(names[i]) == false) { res.sendStatus(404); return; }
var filedata = new Buffer(datas[i].split(',')[1], 'base64'); var filedata = Buffer.from(datas[i].split(',')[1], 'base64');
if ((xfile.quota == null) || ((totalsize + filedata.length) < xfile.quota)) { // Check if quota would not be broken if we add this file if ((xfile.quota == null) || ((totalsize + filedata.length) < xfile.quota)) { // Check if quota would not be broken if we add this file
// Create the user folder if needed // Create the user folder if needed
(function (fullpath, filename, filedata) { (function (fullpath, filename, filedata) {
@ -1280,7 +1280,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
ws.forwardclient.onData = function (ciraconn, data) { ws.forwardclient.onData = function (ciraconn, data) {
Debug(4, 'Relay CIRA data', data.length); Debug(4, 'Relay CIRA data', data.length);
if (ws.interceptor) { data = ws.interceptor.processAmtData(data); } // Run data thru interceptor if (ws.interceptor) { data = ws.interceptor.processAmtData(data); } // Run data thru interceptor
if (data.length > 0) { try { ws.send(new Buffer(data, 'binary')); } catch (e) { } } // TODO: Add TLS support if (data.length > 0) { try { ws.send(Buffer.from(data, 'binary')); } catch (e) { } } // TODO: Add TLS support
}; };
ws.forwardclient.onSendOk = function (ciraconn) { ws.forwardclient.onSendOk = function (ciraconn) {
@ -1315,7 +1315,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} }
msg = msg.toString('binary'); msg = msg.toString('binary');
if (ws.interceptor) { msg = ws.interceptor.processBrowserData(msg); } // Run data thru interceptor if (ws.interceptor) { msg = ws.interceptor.processBrowserData(msg); } // Run data thru interceptor
ws.forwardclient.write(new Buffer(msg, 'binary')); // Forward data to the associated TCP connection. ws.forwardclient.write(Buffer.from(msg, 'binary')); // Forward data to the associated TCP connection.
}); });
// If error, do nothing // If error, do nothing
@ -1357,10 +1357,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
ws.forwardclient.on('data', function (data) { ws.forwardclient.on('data', function (data) {
if (obj.parent.debugLevel >= 1) { // DEBUG if (obj.parent.debugLevel >= 1) { // DEBUG
Debug(1, 'TCP relay data from ' + node.host + ', ' + data.length + ' bytes.'); Debug(1, 'TCP relay data from ' + node.host + ', ' + data.length + ' bytes.');
if (obj.parent.debugLevel >= 4) { Debug(4, ' ' + new Buffer(data, 'binary').toString('hex')); } if (obj.parent.debugLevel >= 4) { Debug(4, ' ' + Buffer.from(data, 'binary').toString('hex')); }
} }
if (ws.interceptor) { data = ws.interceptor.processAmtData(data); } // Run data thru interceptor if (ws.interceptor) { data = ws.interceptor.processAmtData(data); } // Run data thru interceptor
try { ws.send(new Buffer(data, 'binary')); } catch (e) { } try { ws.send(Buffer.from(data, 'binary')); } catch (e) { }
}); });
// If the TCP connection closes, disconnect the associated web socket. // If the TCP connection closes, disconnect the associated web socket.
@ -1592,8 +1592,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (domain.id != mesh.domain) { res.sendStatus(401); return; } if (domain.id != mesh.domain) { res.sendStatus(401); return; }
} }
var meshidhex = new Buffer(req.query.meshid.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); var meshidhex = Buffer.from(req.query.meshid.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase();
var serveridhex = new Buffer(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); var serveridhex = Buffer.from(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase();
var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
// Build the agent connection URL. If we are using a sub-domain or one with a DNS, we need to craft the URL correctly. // Build the agent connection URL. If we are using a sub-domain or one with a DNS, we need to craft the URL correctly.
@ -1637,7 +1637,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
res.sendFile(argentInfo.signedMeshCmdPath); res.sendFile(argentInfo.signedMeshCmdPath);
} else { } else {
// Merge JavaScript to a unsigned agent and send that. // Merge JavaScript to a unsigned agent and send that.
obj.parent.exeHandler.streamExeWithJavaScript({ platform: argentInfo.platform, sourceFileName: argentInfo.path, destinationStream: res, js: new Buffer(obj.parent.defaultMeshCmd, 'utf8'), peinfo: argentInfo.pe }); obj.parent.exeHandler.streamExeWithJavaScript({ platform: argentInfo.platform, sourceFileName: argentInfo.path, destinationStream: res, js: Buffer.from(obj.parent.defaultMeshCmd, 'utf8'), peinfo: argentInfo.pe });
} }
} else if (req.query.meshaction != null) { } else if (req.query.meshaction != null) {
var domain = checkUserIpAddress(req, res); var domain = checkUserIpAddress(req, res);
@ -1657,7 +1657,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
username: '', username: '',
password: '', password: '',
serverId: obj.agentCertificateHashHex.toUpperCase(), // SHA384 of server HTTPS public key serverId: obj.agentCertificateHashHex.toUpperCase(), // SHA384 of server HTTPS public key
serverHttpsHash: new Buffer(obj.webCertificateHash, 'binary').toString('hex').toUpperCase(), // SHA384 of server HTTPS certificate serverHttpsHash: Buffer.from(obj.webCertificateHash, 'binary').toString('hex').toUpperCase(), // SHA384 of server HTTPS certificate
debugLevel: 0 debugLevel: 0
}; };
if (user != null) { meshaction.username = user.name; } if (user != null) { meshaction.username = user.name; }
@ -1672,7 +1672,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
username: '', username: '',
password: '', password: '',
serverId: obj.agentCertificateHashHex.toUpperCase(), // SHA384 of server HTTPS public key serverId: obj.agentCertificateHashHex.toUpperCase(), // SHA384 of server HTTPS public key
serverHttpsHash: new Buffer(obj.webCertificateHash, 'binary').toString('hex').toUpperCase(), // SHA384 of server HTTPS certificate serverHttpsHash: Buffer.from(obj.webCertificateHash, 'binary').toString('hex').toUpperCase(), // SHA384 of server HTTPS certificate
debugLevel: 0 debugLevel: 0
}; };
if (user != null) { meshaction.username = user.name; } if (user != null) { meshaction.username = user.name; }
@ -1730,8 +1730,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (domain.id != mesh.domain) { res.sendStatus(401); return; } if (domain.id != mesh.domain) { res.sendStatus(401); return; }
} }
var meshidhex = new Buffer(req.query.meshid.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); var meshidhex = Buffer.from(req.query.meshid.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase();
var serveridhex = new Buffer(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); var serveridhex = Buffer.from(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase();
var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
// Build the agent connection URL. If we are using a sub-domain or one with a DNS, we need to craft the URL correctly. // Build the agent connection URL. If we are using a sub-domain or one with a DNS, we need to craft the URL correctly.
@ -1811,8 +1811,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (domain.id != mesh.domain) { res.sendStatus(401); return; } if (domain.id != mesh.domain) { res.sendStatus(401); return; }
} }
var meshidhex = new Buffer(req.query.id.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); var meshidhex = Buffer.from(req.query.id.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase();
var serveridhex = new Buffer(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); var serveridhex = Buffer.from(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase();
// Build the agent connection URL. If we are using a sub-domain or one with a DNS, we need to craft the URL correctly. // Build the agent connection URL. If we are using a sub-domain or one with a DNS, we need to craft the URL correctly.
var xdomain = (domain.dns == null) ? domain.id : ''; var xdomain = (domain.dns == null) ? domain.id : '';
@ -2078,7 +2078,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} else { } else {
agent.agentCoreCheck = 1000; // Tell the agent object we are not using a custom core. agent.agentCoreCheck = 1000; // Tell the agent object we are not using a custom core.
// Perform a SHA384 hash on the core module // Perform a SHA384 hash on the core module
var hash = obj.crypto.createHash('sha384').update(new Buffer(core, 'binary')).digest().toString('binary'); var hash = obj.crypto.createHash('sha384').update(Buffer.from(core, 'binary')).digest().toString('binary');
// Send the code module to the agent // Send the code module to the agent
agent.send(obj.common.ShortToStr(10) + obj.common.ShortToStr(0) + hash + core); agent.send(obj.common.ShortToStr(10) + obj.common.ShortToStr(0) + hash + core);
@ -2101,7 +2101,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
try { try {
obj.fs.open(filepath, 'r', function (err, fd) { obj.fs.open(filepath, 'r', function (err, fd) {
obj.fs.fstat(fd, function (err, stats) { obj.fs.fstat(fd, function (err, stats) {
var bufferSize = stats.size, chunkSize = 512, buffer = new Buffer(bufferSize), bytesRead = 0; var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.alloc(bufferSize), bytesRead = 0;
while (bytesRead < bufferSize) { while (bytesRead < bufferSize) {
if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); } if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); }
obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead); obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead);