diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe index f1e80efd..0c62c8a4 100644 Binary files a/agents/MeshCmd-signed.exe and b/agents/MeshCmd-signed.exe differ diff --git a/agents/MeshCmd64-signed.exe b/agents/MeshCmd64-signed.exe index 04924cb0..67971279 100644 Binary files a/agents/MeshCmd64-signed.exe and b/agents/MeshCmd64-signed.exe differ diff --git a/amtscanner.js b/amtscanner.js index 73a1d14f..6a27b88f 100644 --- a/amtscanner.js +++ b/amtscanner.js @@ -39,7 +39,7 @@ module.exports.CreateAmtScanner = function (parent) { // Build a RMCP packet with a given tag field obj.buildRmcpPing = function (tag) { - var packet = new Buffer(obj.common.hex2rstr('06000006000011BE80000000'), 'ascii'); + var packet = Buffer.from(obj.common.hex2rstr('06000006000011BE80000000'), 'ascii'); packet[9] = tag; return packet; }; diff --git a/certoperations.js b/certoperations.js index 699c3abb..e308541a 100644 --- a/certoperations.js +++ b/certoperations.js @@ -43,7 +43,7 @@ module.exports.CertificateOperations = function () { if (err) { func(url, null, tag); return; } var x1 = data.indexOf('-----BEGIN CERTIFICATE-----'), x2 = data.indexOf('-----END CERTIFICATE-----'); if ((x1 >= 0) && (x2 > x1)) { - func(url, new Buffer(data.substring(x1 + 27, x2), 'base64').toString('binary'), tag); + func(url, Buffer.from(data.substring(x1 + 27, x2), 'base64').toString('binary'), tag); } else { func(url, data, tag); } @@ -67,7 +67,7 @@ module.exports.CertificateOperations = function () { // If this is not an RSA certificate, hash the raw PKCS7 out of the PEM file var x1 = cert.indexOf('-----BEGIN CERTIFICATE-----'), x2 = cert.indexOf('-----END CERTIFICATE-----'); if ((x1 >= 0) && (x2 > x1)) { - return obj.crypto.createHash('sha384').update(new Buffer(cert.substring(x1 + 27, x2), 'base64')).digest('hex'); + return obj.crypto.createHash('sha384').update(Buffer.from(cert.substring(x1 + 27, x2), 'base64')).digest('hex'); } else { console.log('ERROR: Unable to decode certificate.'); return null; } } }; @@ -89,7 +89,7 @@ module.exports.CertificateOperations = function () { // If this is not an RSA certificate, hash the raw PKCS7 out of the PEM file var x1 = cert.indexOf('-----BEGIN CERTIFICATE-----'), x2 = cert.indexOf('-----END CERTIFICATE-----'); if ((x1 >= 0) && (x2 > x1)) { - return obj.crypto.createHash('sha384').update(new Buffer(cert.substring(x1 + 27, x2), 'base64')).digest('binary'); + return obj.crypto.createHash('sha384').update(Buffer.from(cert.substring(x1 + 27, x2), 'base64')).digest('binary'); } else { console.log('ERROR: Unable to decode certificate.'); return null; } } }; @@ -497,7 +497,7 @@ module.exports.CertificateOperations = function () { // No accelerators available if (typeof privatekey == "number") { privatekey = obj.acceleratorCertStore[privatekey].key; } const sign = obj.crypto.createSign("SHA384"); - sign.end(new Buffer(data, "binary")); + sign.end(Buffer.from(data, "binary")); func(tag, sign.sign(privatekey).toString("binary")); } else { var acc = obj.getAccelerator(); diff --git a/db.js b/db.js index 9e4c9abb..76152045 100644 --- a/db.js +++ b/db.js @@ -55,7 +55,7 @@ module.exports.CreateDB = function (parent) { if ((docs.length == 1) && (docs[0].value != null)) { obj.identifier = docs[0].value; } else { - obj.identifier = new Buffer(require('crypto').randomBytes(48), 'binary').toString('hex'); + obj.identifier = Buffer.from(require('crypto').randomBytes(48), 'binary').toString('hex'); obj.Set({ _id: 'DatabaseIdentifier', value: obj.identifier }); } }); diff --git a/meshaccelerator.js b/meshaccelerator.js index cf3a0f19..79874eac 100644 --- a/meshaccelerator.js +++ b/meshaccelerator.js @@ -23,7 +23,7 @@ process.on('message', function (message) { if (typeof message.key == 'number') { message.key = certStore[message.key].key; } try { const sign = crypto.createSign('SHA384'); - sign.end(new Buffer(message.data, 'binary')); + sign.end(Buffer.from(message.data, 'binary')); process.send(sign.sign(message.key).toString('binary')); } catch (e) { process.send(null); } break; diff --git a/meshagent.js b/meshagent.js index 9f75150c..75070d8c 100644 --- a/meshagent.js +++ b/meshagent.js @@ -45,7 +45,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { ws._socket.setKeepAlive(true, 240000); // Set TCP keep alive, 4 minutes // Send a message to the mesh agent - obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(new Buffer(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } }; + obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(Buffer.from(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } }; // Disconnect this agent obj.close = function (arg) { @@ -159,7 +159,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { if (obj.nodeid != null) { obj.parent.parent.debug(1, 'Agent update required, NodeID=0x' + obj.nodeid.substring(0, 16) + ', ' + obj.agentExeInfo.desc); } obj.fs.open(obj.agentExeInfo.path, 'r', function (err, fd) { if (err) { return console.error(err); } - obj.agentUpdate = { oldHash: agenthash, ptr: 0, buf: new Buffer(agentUpdateBlockSize + 4), fd: fd }; + obj.agentUpdate = { oldHash: agenthash, ptr: 0, buf: Buffer.from(agentUpdateBlockSize + 4), fd: fd }; // We got the agent file open on the server side, tell the agent we are sending an update starting with the SHA384 hash of the result //console.log("Agent update file open."); @@ -229,7 +229,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { obj.send(obj.common.ShortToStr(1) + msg.substring(2, 50) + obj.nonce); // Command 1, hash + nonce. Use the web hash given by the agent. } else { // Check that the server hash matches our own web certificate hash (SHA384) - if ((getWebCertHash(obj.domain) != msg.substring(2, 50)) && (getWebCertFullHash(obj.domain) != msg.substring(2, 50))) { console.log('Agent bad web cert hash (Agent:' + (new Buffer(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (new Buffer(getWebCertHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); return; } + if ((getWebCertHash(obj.domain) != msg.substring(2, 50)) && (getWebCertFullHash(obj.domain) != msg.substring(2, 50))) { console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (new Buffer(getWebCertHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); return; } } // Use our server private key to sign the ServerHash + AgentNonce + ServerNonce @@ -266,8 +266,8 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { // Decode the certificate var certlen = obj.common.ReadShort(msg, 2); obj.unauth = {}; - try { obj.unauth.nodeid = new Buffer(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { md: obj.forge.md.sha384.create() }).data, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return; } - obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + new Buffer(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; + try { obj.unauth.nodeid = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { md: obj.forge.md.sha384.create() }).data, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return; } + obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + Buffer.from(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; // Check the agent signature if we can if (obj.agentnonce == null) { obj.unauthsign = msg.substring(4 + certlen); } else { if (processAgentSignature(msg.substring(4 + certlen)) == false) { console.log('Agent connected with bad signature, holding connection (' + obj.remoteaddrport + ').'); return; } } @@ -286,9 +286,9 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { obj.agentInfo.platformType = obj.common.ReadInt(msg, 14); if (obj.agentInfo.platformType > 6 || obj.agentInfo.platformType < 1) { obj.agentInfo.platformType = 1; } if (msg.substring(50, 66) == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0') { - obj.meshid = new Buffer(msg.substring(18, 50), 'binary').toString('hex'); // Older HEX MeshID + obj.meshid = Buffer.from(msg.substring(18, 50), 'binary').toString('hex'); // Older HEX MeshID } else { - obj.meshid = new Buffer(msg.substring(18, 66), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // New Base64 MeshID + obj.meshid = Buffer.from(msg.substring(18, 66), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // New Base64 MeshID } //console.log('MeshID', obj.meshid); obj.agentInfo.capabilities = obj.common.ReadInt(msg, 66); @@ -464,11 +464,11 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { if (obj.args.ignoreagenthashcheck !== true) { // Verify the signature. This is the fast way, without using forge. const verify = obj.parent.crypto.createVerify('SHA384'); - verify.end(new Buffer(getWebCertHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the private key hash - if (verify.verify(obj.unauth.nodeCertPem, new Buffer(msg, 'binary')) !== true) { + verify.end(Buffer.from(getWebCertHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the private key hash + if (verify.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) { const verify2 = obj.parent.crypto.createVerify('SHA384'); - verify2.end(new Buffer(getWebCertFullHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the full cert hash - if (verify2.verify(obj.unauth.nodeCertPem, new Buffer(msg, 'binary')) !== true) { return false; } + verify2.end(Buffer.from(getWebCertFullHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the full cert hash + if (verify2.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) { return false; } } } diff --git a/meshcentral.js b/meshcentral.js index 34184908..5f71e785 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -56,7 +56,7 @@ function CreateMeshCentralServer(config, args) { obj.maintenanceTimer = null; obj.serverId = null; obj.currentVer = null; - obj.serverKey = new Buffer(obj.crypto.randomBytes(48), 'binary'); + obj.serverKey = Buffer.from(obj.crypto.randomBytes(48), 'binary'); obj.loginCookieEncryptionKey = null; obj.serverSelfWriteAllowed = true; try { obj.currentVer = JSON.parse(obj.fs.readFileSync(obj.path.join(__dirname, 'package.json'), 'utf8')).version; } catch (e) { } // Fetch server version @@ -1138,7 +1138,7 @@ function CreateMeshCentralServer(config, args) { // Generate a cryptographic key used to encode and decode cookies obj.generateCookieKey = function () { - return new Buffer(obj.crypto.randomBytes(80), 'binary'); + return Buffer.from(obj.crypto.randomBytes(80), 'binary'); //return Buffer.alloc(80, 0); // Sets the key to zeros, debug only. }; @@ -1147,7 +1147,7 @@ function CreateMeshCentralServer(config, args) { try { if (key == null) { key = obj.serverKey; } o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time - const iv = new Buffer(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv); + const iv = Buffer.from(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv); const crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]); return Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return null; } @@ -1164,7 +1164,7 @@ function CreateMeshCentralServer(config, args) { obj.decodeCookieAESGCM = function (cookie, key, timeout) { try { if (key == null) { key = obj.serverKey; } - cookie = new Buffer(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); + cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); const decipher = obj.crypto.createDecipheriv('aes-256-gcm', key.slice(0, 32), cookie.slice(0, 12)); decipher.setAuthTag(cookie.slice(12, 16)); const o = JSON.parse(decipher.update(cookie.slice(28), 'binary', 'utf8') + decipher.final('utf8')); @@ -1183,7 +1183,7 @@ function CreateMeshCentralServer(config, args) { try { if (key == null) { key = obj.serverKey; } if (key.length < 80) { return null; } - cookie = new Buffer(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); + cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); const decipher = obj.crypto.createDecipheriv('aes-256-cbc', key.slice(48, 80), cookie.slice(0, 16)); const rawmsg = decipher.update(cookie.slice(16), 'binary', 'binary') + decipher.final('binary'); const hmac = obj.crypto.createHmac('sha384', key.slice(0, 48)); @@ -1238,7 +1238,7 @@ function CreateMeshCentralServer(config, args) { obj.fs.open(filepath, 'r', function (err, fd) { if (fd == null) { func(null); return; } obj.fs.fstat(fd, function (err, stats) { - var bufferSize = stats.size, chunkSize = 512, buffer = new Buffer(bufferSize), bytesRead = 0; + var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.from(bufferSize), bytesRead = 0; while (bytesRead < bufferSize) { if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); } obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead); diff --git a/meshrelay.js b/meshrelay.js index 9a6f87ed..4c755db6 100644 --- a/meshrelay.js +++ b/meshrelay.js @@ -191,14 +191,19 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie } }); - // If error, do nothing + // If error, do nothing. ws.on('error', function (err) { - console.log('Relay Error', err); - obj.close(); + console.log('Relay error from ' + obj.remoteaddr + ', ' + err.toString().split('\r')[0] + '.'); + closeBothSides(); }); - // If the mesh relay web socket is closed + // If the mesh relay web socket is closed. ws.on('close', function (req) { + closeBothSides(); + }); + + // Close both our side and the peer side. + function closeBothSides() { if (obj.id != null) { var relayinfo = parent.wsrelays[obj.id]; if (relayinfo != null) { @@ -217,7 +222,7 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie obj.peer = null; obj.id = null; } - }); + } // Mark this relay session as authenticated if this is the user end. obj.authenticated = (obj.user != null); diff --git a/meshuser.js b/meshuser.js index 2590c5ee..5dd051f3 100644 --- a/meshuser.js +++ b/meshuser.js @@ -28,7 +28,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use obj.serverStatsTimer = null; // Send a message to the user - //obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(new Buffer(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } } + //obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(Buffer.from(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } } // Disconnect this user obj.close = function (arg) { @@ -1391,7 +1391,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use try { obj.fs.open(filepath, 'r', function (err, fd) { obj.fs.fstat(fd, function (err, stats) { - var bufferSize = stats.size, chunkSize = 512, buffer = new Buffer(bufferSize), bytesRead = 0; + var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.from(bufferSize), bytesRead = 0; while (bytesRead < bufferSize) { if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); } obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead); diff --git a/mpsserver.js b/mpsserver.js index 6fd012aa..f95dca18 100644 --- a/mpsserver.js +++ b/mpsserver.js @@ -113,7 +113,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { socket.on("timeout", () => { Debug(1, "MPS:CIRA timeout, disconnecting."); try { socket.end(); } catch (e) { } }); socket.addListener("data", function (data) { - if (args.mpsdebug) { var buf = new Buffer(data, "binary"); console.log("MPS <-- (" + buf.length + "):" + buf.toString('hex')); } // Print out received bytes + if (args.mpsdebug) { var buf = Buffer.from(data, "binary"); console.log("MPS <-- (" + buf.length + "):" + buf.toString('hex')); } // Print out received bytes socket.tag.accumulator += data; // Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port. @@ -249,7 +249,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { if (mesh.mtype == 1) { // Intel AMT GUID (socket.tag.SystemId) will be used as NodeID var systemid = socket.tag.SystemId.split('-').join(''); - var nodeid = new Buffer(systemid + systemid + systemid, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); + var nodeid = Buffer.from(systemid + systemid + systemid, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); socket.tag.name = ''; socket.tag.nodeid = 'node/' + mesh.domain + '/' + nodeid; // Turn 16bit systemid guid into 48bit nodeid that is base64 encoded socket.tag.meshid = mesh._id; @@ -630,11 +630,11 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { function Write(socket, data) { if (args.mpsdebug) { // Print out sent bytes - var buf = new Buffer(data, "binary"); + var buf = Buffer.from(data, "binary"); console.log('MPS --> (' + buf.length + '):' + buf.toString('hex')); socket.write(buf); } else { - socket.write(new Buffer(data, "binary")); + socket.write(Buffer.from(data, "binary")); } } diff --git a/multiserver.js b/multiserver.js index db0a8ad0..5632ada0 100644 --- a/multiserver.js +++ b/multiserver.js @@ -111,21 +111,21 @@ module.exports.CreateMultiServer = function (parent, args) { case 2: { // Server certificate var certlen = obj.common.ReadShort(msg, 2), serverCert = null; - var serverCertPem = '-----BEGIN CERTIFICATE-----\r\n' + new Buffer(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; + var serverCertPem = '-----BEGIN CERTIFICATE-----\r\n' + Buffer.from(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; try { serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))); } catch (e) { } if (serverCert == null) { obj.parent.parent.debug(1, 'OutPeer: Invalid server certificate.'); disconnect(); return; } - var serverid = new Buffer(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); + var serverid = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); if (serverid !== obj.agentCertificateHashBase64) { obj.parent.parent.debug(1, 'OutPeer: Server hash mismatch.'); disconnect(); return; } // Server signature, verify it. This is the fast way, without using forge. (TODO: Use accelerator for this?) const verify = obj.parent.crypto.createVerify('SHA384'); - verify.end(new Buffer(obj.serverCertHash + obj.nonce + obj.servernonce, 'binary')); - if (verify.verify(serverCertPem, new Buffer(msg.substring(4 + certlen), 'binary')) !== true) { obj.parent.parent.debug(1, 'OutPeer: Server sign check failed.'); disconnect(); return; } + verify.end(Buffer.from(obj.serverCertHash + obj.nonce + obj.servernonce, 'binary')); + if (verify.verify(serverCertPem, Buffer.from(msg.substring(4 + certlen), 'binary')) !== true) { obj.parent.parent.debug(1, 'OutPeer: Server sign check failed.'); disconnect(); return; } // Connection is a success, clean up delete obj.nonce; delete obj.servernonce; - obj.serverCertHash = new Buffer(obj.serverCertHash, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // Change this value to base64 + obj.serverCertHash = Buffer.from(obj.serverCertHash, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // Change this value to base64 obj.connectionState |= 4; obj.retryBackoff = 0; // Set backoff connection timer back to fast. obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Verified peer connection to ' + obj.url); @@ -189,7 +189,7 @@ module.exports.CreateMultiServer = function (parent, args) { if (command.dbid != obj.parent.parent.db.identifier) { console.log('ERROR: Database ID mismatch. Trying to peer to a server with the wrong database. (' + obj.url + ', ' + command.serverid + ').'); return; } if (obj.serverCertHash != command.serverCertHash) { console.log('ERROR: Outer certificate hash mismatch (2). (' + obj.url + ', ' + command.serverid + ').'); return; } obj.peerServerId = command.serverid; - obj.peerServerKey = new Buffer(command.key, 'hex'); + obj.peerServerKey = Buffer.from(command.key, 'hex'); obj.authenticated = 3; obj.parent.SetupPeerServer(obj, obj.peerServerId); } @@ -228,7 +228,7 @@ module.exports.CreateMultiServer = function (parent, args) { // Send a message to the peer server obj.send = function (data) { try { - if (typeof data == 'string') { obj.ws.send(new Buffer(data, 'binary')); return; } + if (typeof data == 'string') { obj.ws.send(Buffer.from(data, 'binary')); return; } if (typeof data == 'object') { obj.ws.send(JSON.stringify(data)); return; } obj.ws.send(data); } catch (e) { } @@ -282,8 +282,8 @@ module.exports.CreateMultiServer = function (parent, args) { // Decode the certificate var certlen = obj.common.ReadShort(msg, 2); obj.unauth = {}; - try { obj.unauth.nodeid = new Buffer(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { console.log(e); return; } - obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + new Buffer(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; + try { obj.unauth.nodeid = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { console.log(e); return; } + obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + Buffer.from(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; // Check the peer server signature if we can if (obj.peernonce == null) { @@ -325,8 +325,8 @@ module.exports.CreateMultiServer = function (parent, args) { function processPeerSignature(msg) { // Verify the signature. This is the fast way, without using forge. const verify = obj.parent.crypto.createVerify('SHA384'); - verify.end(new Buffer(obj.parent.parent.webserver.webCertificateHash + obj.nonce + obj.peernonce, 'binary')); - if (verify.verify(obj.unauth.nodeCertPem, new Buffer(msg, 'binary')) !== true) { console.log('Peer sign fail 1'); return false; } + verify.end(Buffer.from(obj.parent.parent.webserver.webCertificateHash + obj.nonce + obj.peernonce, 'binary')); + if (verify.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) { console.log('Peer sign fail 1'); return false; } if (obj.unauth.nodeid !== obj.agentCertificateHashBase64) { console.log('Peer sign fail 2'); return false; } // Connection is a success, clean up @@ -353,7 +353,7 @@ module.exports.CreateMultiServer = function (parent, args) { if (command.dbid != obj.parent.parent.db.identifier) { console.log('ERROR: Database ID mismatch. Trying to peer to a server with the wrong database. (' + obj.remoteaddr + ', ' + command.serverid + ').'); return; } if (obj.parent.peerConfig.servers[command.serverid] == null) { console.log('ERROR: Unknown peer serverid: ' + command.serverid + ' (' + obj.remoteaddr + ').'); return; } obj.peerServerId = command.serverid; - obj.peerServerKey = new Buffer(command.key, 'hex'); + obj.peerServerKey = Buffer.from(command.key, 'hex'); obj.serverCertHash = command.serverCertHash; obj.authenticated = 3; obj.parent.SetupPeerServer(obj, obj.peerServerId); @@ -599,7 +599,7 @@ module.exports.CreateMultiServer = function (parent, args) { // Get the peer server's certificate and compute the server public key hash var serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(peerTunnel.ws2._socket.getPeerCertificate().raw.toString('binary'))); - var serverCertHashHex = new Buffer(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); + var serverCertHashHex = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // Check if the peer certificate is the expected one for this serverid if (obj.peerServers[serverid] == null || obj.peerServers[serverid].serverCertHash != serverCertHashHex) { console.log('ERROR: Outer certificate hash mismatch (1). (' + peerTunnel.url + ', ' + peerTunnel.serverid + ').'); peerTunnel.close(); return; } diff --git a/package.json b/package.json index 71f7e8b7..02f27f1c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.2.5-k", + "version": "0.2.5-l", "keywords": [ "Remote Management", "Intel AMT", diff --git a/pass.js b/pass.js index 68d9f7e6..ce7e52d5 100644 --- a/pass.js +++ b/pass.js @@ -53,7 +53,7 @@ exports.iishash = function (type, pwd, salt, fn) { fn(null, pwd); } else if (type == 1) { const hash = crypto.createHash('sha1'); - hash.update(Buffer.concat([new Buffer(salt, 'base64'), new Buffer(pwd, 'utf16le')])); + hash.update(Buffer.concat([Buffer.from(salt, 'base64'), Buffer.from(pwd, 'utf16le')])); fn(null, hash.digest().toString('base64')); } else { fn('invalid type'); diff --git a/redirserver.js b/redirserver.js index 523a5d06..ddf761c9 100644 --- a/redirserver.js +++ b/redirserver.js @@ -60,7 +60,7 @@ module.exports.CreateRedirServer = function (parent, db, args, func) { if (i >= 0) { rootcert = rootcert.substring(i + 29); } i = rootcert.indexOf("-----END CERTIFICATE-----"); if (i >= 0) { rootcert = rootcert.substring(i, 0); } - res.send(new Buffer(rootcert, "base64")); + res.send(Buffer.from(rootcert, "base64")); } else { res.sendStatus(404); } diff --git a/swarmserver.js b/swarmserver.js index 631775ce..2f41eee5 100644 --- a/swarmserver.js +++ b/swarmserver.js @@ -153,7 +153,7 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) { Debug(1, 'SWARM:New legacy agent connection'); socket.addListener("data", function (data) { - if (args.swarmdebug) { var buf = new Buffer(data, "binary"); console.log('SWARM <-- (' + buf.length + '):' + buf.toString('hex')); } // Print out received bytes + if (args.swarmdebug) { var buf = Buffer.from(data, "binary"); console.log('SWARM <-- (' + buf.length + '):' + buf.toString('hex')); } // Print out received bytes socket.tag.accumulator += data; // Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port. @@ -333,11 +333,11 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) { function Write(socket, data) { if (args.swarmdebug) { // Print out sent bytes - var buf = new Buffer(data, "binary"); + var buf = Buffer.from(data, "binary"); console.log('SWARM --> (' + buf.length + '):' + buf.toString('hex')); socket.write(buf); } else { - socket.write(new Buffer(data, "binary")); + socket.write(Buffer.from(data, "binary")); } } diff --git a/views/default-mobile-min.handlebars b/views/default-mobile-min.handlebars index a9145768..36396cc8 100644 --- a/views/default-mobile-min.handlebars +++ b/views/default-mobile-min.handlebars @@ -1 +1 @@ - MeshCentral
{{{title}}}
{{{title2}}}
\ No newline at end of file + MeshCentral
{{{title}}}
{{{title2}}}
\ No newline at end of file diff --git a/views/default-mobile.handlebars b/views/default-mobile.handlebars index fca4fe71..4cbae92c 100644 --- a/views/default-mobile.handlebars +++ b/views/default-mobile.handlebars @@ -1088,7 +1088,6 @@ r += ''; } - //meshcount = count; QH('p3meshes', r); QV('p3noMeshFound', count == 0); } @@ -1456,7 +1455,11 @@ } } - QH('xdevices', r); + if (count == 0) { + QH('xdevices', '
No devices

Use the desktop version of this website to add devices.
'); + } else { + QH('xdevices', r); + } deviceHeaderSet(); for (var i in deviceHeaders) { QH(i, deviceHeaders[i]); } for (var i in deviceHeadersTitles) { Q(i).title = deviceHeadersTitles[i]; } diff --git a/webserver.js b/webserver.js index f3890f8d..7299ad31 100644 --- a/webserver.js +++ b/webserver.js @@ -104,19 +104,19 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Perform hash on web certificate and agent certificate obj.webCertificateHash = parent.certificateOperations.getPublicKeyHashBinary(obj.certificates.web.cert); obj.webCertificateHashs = { '': obj.webCertificateHash }; - obj.webCertificateHashBase64 = new Buffer(obj.webCertificateHash, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); + obj.webCertificateHashBase64 = Buffer.from(obj.webCertificateHash, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); obj.webCertificateFullHash = parent.certificateOperations.getCertHashBinary(obj.certificates.web.cert); obj.webCertificateFullHashs = { '': obj.webCertificateFullHash }; obj.agentCertificateHashHex = parent.certificateOperations.getPublicKeyHash(obj.certificates.agent.cert); - obj.agentCertificateHashBase64 = new Buffer(obj.agentCertificateHashHex, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); + obj.agentCertificateHashBase64 = Buffer.from(obj.agentCertificateHashHex, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); obj.agentCertificateAsn1 = parent.certificateOperations.forge.asn1.toDer(parent.certificateOperations.forge.pki.certificateToAsn1(parent.certificateOperations.forge.pki.certificateFromPem(parent.certificates.agent.cert))).getBytes(); // Compute the hash of all of the web certificates for each domain for (var i in obj.parent.config.domains) { if (obj.parent.config.domains[i].certhash != null) { // If the web certificate hash is provided, use it. - obj.webCertificateHashs[i] = obj.webCertificateFullHashs[i] = new Buffer(obj.parent.config.domains[i].certhash, 'hex').toString('binary'); - if (obj.parent.config.domains[i].certkeyhash != null) { obj.webCertificateHashs[i] = new Buffer(obj.parent.config.domains[i].certkeyhash, 'hex').toString('binary'); } + obj.webCertificateHashs[i] = obj.webCertificateFullHashs[i] = Buffer.from(obj.parent.config.domains[i].certhash, 'hex').toString('binary'); + if (obj.parent.config.domains[i].certkeyhash != null) { obj.webCertificateHashs[i] = Buffer.from(obj.parent.config.domains[i].certkeyhash, 'hex').toString('binary'); } } else if ((obj.parent.config.domains[i].dns != null) && (obj.parent.config.domains[i].certs != null)) { // If the domain has a different DNS name, use a different certificate hash. // Hash the full certificate @@ -181,8 +181,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { var tlsOptions = { cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.web.ca, rejectUnauthorized: true, secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE | obj.constants.SSL_OP_NO_TLSv1 | obj.constants.SSL_OP_NO_TLSv11 }; if (obj.tlsSniCredentials != null) { tlsOptions.SNICallback = TlsSniCallback; } // We have multiple web server certificate used depending on the domain name obj.tlsServer = require('https').createServer(tlsOptions, obj.app); - obj.tlsServer.on('secureConnection', function () { }); - obj.tlsServer.on('error', function (a, b, c) { console.log('tlsServer error', a, b, c); }); + obj.tlsServer.on('secureConnection', function () { /*console.log('tlsServer secureConnection');*/ }); + obj.tlsServer.on('error', function () { console.log('tlsServer error'); }); obj.expressWs = require('express-ws')(obj.app, obj.tlsServer); } @@ -783,14 +783,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (obj.args.minify && !req.query.nominify) { // Try to server the minified version if we can. try { - res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile-min' : 'views/default-min'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: new Buffer(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer }); + res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile-min' : 'views/default-min'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: Buffer.from(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer }); } catch (ex) { // In case of an exception, serve the non-minified version. - res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile' : 'views/default'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: new Buffer(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer }); + res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile' : 'views/default'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: Buffer.from(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer }); } } else { // Serve non-minified version of web pages. - res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile' : 'views/default'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: new Buffer(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer }); + res.render(obj.path.join(__dirname, isMobileBrowser(req) ? 'views/default-mobile' : 'views/default'), { viewmode: viewmode, currentNode: currentNode, logoutControl: logoutcontrol, title: domain.title, title2: domain.title2, domainurl: domain.url, domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, webcerthash: Buffer.from(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer }); } } else { // Send back the login application @@ -880,14 +880,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (i >= 0) { rootcert = rootcert.substring(i + 29); } i = rootcert.indexOf("-----END CERTIFICATE-----"); if (i >= 0) { rootcert = rootcert.substring(i, 0); } - return new Buffer(rootcert, 'base64').toString('base64'); + return Buffer.from(rootcert, 'base64').toString('base64'); } // Returns the mesh server root certificate function handleRootCertRequest(req, res) { if (checkUserIpAddress(req, res, true) == false) { return; } res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + certificates.RootName + '.cer' }); - res.send(new Buffer(getRootCertBase64(), 'base64')); + res.send(Buffer.from(getRootCertBase64(), 'base64')); } // Returns an mescript for Intel AMT configuration @@ -922,11 +922,11 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Compile the script var scriptEngine = require('./amtscript.js').CreateAmtScriptEngine(); var runscript = scriptEngine.script_blocksToScript(scriptFile.blocks, scriptFile.scriptBlocks); - scriptFile.mescript = new Buffer(scriptEngine.script_compile(runscript), 'binary').toString('base64'); + scriptFile.mescript = Buffer.from(scriptEngine.script_compile(runscript), 'binary').toString('base64'); scriptFile.scriptText = runscript; // Send the script - res.send(new Buffer(JSON.stringify(scriptFile, null, ' '))); + res.send(Buffer.from(JSON.stringify(scriptFile, null, ' '))); }); } else { // Server name is a hostname @@ -948,11 +948,11 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Compile the script var scriptEngine = require('./amtscript.js').CreateAmtScriptEngine(); var runscript = scriptEngine.script_blocksToScript(scriptFile.blocks, scriptFile.scriptBlocks); - scriptFile.mescript = new Buffer(scriptEngine.script_compile(runscript), 'binary').toString('base64'); + scriptFile.mescript = Buffer.from(scriptEngine.script_compile(runscript), 'binary').toString('base64'); scriptFile.scriptText = runscript; // Send the script - res.send(new Buffer(JSON.stringify(scriptFile, null, ' '))); + res.send(Buffer.from(JSON.stringify(scriptFile, null, ' '))); }); } } @@ -962,7 +962,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { var filepath = obj.parent.path.join(__dirname, 'public/scripts/cira_cleanup.mescript'); readEntireTextFile(filepath, function (data) { if (data == null) { res.sendStatus(404); return; } - res.send(new Buffer(data)); + res.send(Buffer.from(data)); }); } } @@ -1099,7 +1099,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if ((names.length == sizes.length) && (types.length == datas.length) && (names.length == types.length)) { for (var i = 0; i < names.length; i++) { if (obj.common.IsFilenameValid(names[i]) == false) { res.sendStatus(404); return; } - var filedata = new Buffer(datas[i].split(',')[1], 'base64'); + var filedata = Buffer.from(datas[i].split(',')[1], 'base64'); if ((xfile.quota == null) || ((totalsize + filedata.length) < xfile.quota)) { // Check if quota would not be broken if we add this file // Create the user folder if needed (function (fullpath, filename, filedata) { @@ -1280,7 +1280,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { ws.forwardclient.onData = function (ciraconn, data) { Debug(4, 'Relay CIRA data', data.length); if (ws.interceptor) { data = ws.interceptor.processAmtData(data); } // Run data thru interceptor - if (data.length > 0) { try { ws.send(new Buffer(data, 'binary')); } catch (e) { } } // TODO: Add TLS support + if (data.length > 0) { try { ws.send(Buffer.from(data, 'binary')); } catch (e) { } } // TODO: Add TLS support }; ws.forwardclient.onSendOk = function (ciraconn) { @@ -1315,7 +1315,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { } msg = msg.toString('binary'); if (ws.interceptor) { msg = ws.interceptor.processBrowserData(msg); } // Run data thru interceptor - ws.forwardclient.write(new Buffer(msg, 'binary')); // Forward data to the associated TCP connection. + ws.forwardclient.write(Buffer.from(msg, 'binary')); // Forward data to the associated TCP connection. }); // If error, do nothing @@ -1357,10 +1357,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { ws.forwardclient.on('data', function (data) { if (obj.parent.debugLevel >= 1) { // DEBUG Debug(1, 'TCP relay data from ' + node.host + ', ' + data.length + ' bytes.'); - if (obj.parent.debugLevel >= 4) { Debug(4, ' ' + new Buffer(data, 'binary').toString('hex')); } + if (obj.parent.debugLevel >= 4) { Debug(4, ' ' + Buffer.from(data, 'binary').toString('hex')); } } if (ws.interceptor) { data = ws.interceptor.processAmtData(data); } // Run data thru interceptor - try { ws.send(new Buffer(data, 'binary')); } catch (e) { } + try { ws.send(Buffer.from(data, 'binary')); } catch (e) { } }); // If the TCP connection closes, disconnect the associated web socket. @@ -1592,8 +1592,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (domain.id != mesh.domain) { res.sendStatus(401); return; } } - var meshidhex = new Buffer(req.query.meshid.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); - var serveridhex = new Buffer(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); + var meshidhex = Buffer.from(req.query.meshid.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); + var serveridhex = Buffer.from(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified // Build the agent connection URL. If we are using a sub-domain or one with a DNS, we need to craft the URL correctly. @@ -1637,7 +1637,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { res.sendFile(argentInfo.signedMeshCmdPath); } else { // Merge JavaScript to a unsigned agent and send that. - obj.parent.exeHandler.streamExeWithJavaScript({ platform: argentInfo.platform, sourceFileName: argentInfo.path, destinationStream: res, js: new Buffer(obj.parent.defaultMeshCmd, 'utf8'), peinfo: argentInfo.pe }); + obj.parent.exeHandler.streamExeWithJavaScript({ platform: argentInfo.platform, sourceFileName: argentInfo.path, destinationStream: res, js: Buffer.from(obj.parent.defaultMeshCmd, 'utf8'), peinfo: argentInfo.pe }); } } else if (req.query.meshaction != null) { var domain = checkUserIpAddress(req, res); @@ -1657,7 +1657,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { username: '', password: '', serverId: obj.agentCertificateHashHex.toUpperCase(), // SHA384 of server HTTPS public key - serverHttpsHash: new Buffer(obj.webCertificateHash, 'binary').toString('hex').toUpperCase(), // SHA384 of server HTTPS certificate + serverHttpsHash: Buffer.from(obj.webCertificateHash, 'binary').toString('hex').toUpperCase(), // SHA384 of server HTTPS certificate debugLevel: 0 }; if (user != null) { meshaction.username = user.name; } @@ -1672,7 +1672,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { username: '', password: '', serverId: obj.agentCertificateHashHex.toUpperCase(), // SHA384 of server HTTPS public key - serverHttpsHash: new Buffer(obj.webCertificateHash, 'binary').toString('hex').toUpperCase(), // SHA384 of server HTTPS certificate + serverHttpsHash: Buffer.from(obj.webCertificateHash, 'binary').toString('hex').toUpperCase(), // SHA384 of server HTTPS certificate debugLevel: 0 }; if (user != null) { meshaction.username = user.name; } @@ -1730,8 +1730,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (domain.id != mesh.domain) { res.sendStatus(401); return; } } - var meshidhex = new Buffer(req.query.meshid.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); - var serveridhex = new Buffer(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); + var meshidhex = Buffer.from(req.query.meshid.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); + var serveridhex = Buffer.from(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified // Build the agent connection URL. If we are using a sub-domain or one with a DNS, we need to craft the URL correctly. @@ -1811,8 +1811,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (domain.id != mesh.domain) { res.sendStatus(401); return; } } - var meshidhex = new Buffer(req.query.id.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); - var serveridhex = new Buffer(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); + var meshidhex = Buffer.from(req.query.id.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); + var serveridhex = Buffer.from(obj.agentCertificateHashBase64.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64').toString('hex').toUpperCase(); // Build the agent connection URL. If we are using a sub-domain or one with a DNS, we need to craft the URL correctly. var xdomain = (domain.dns == null) ? domain.id : ''; @@ -2078,7 +2078,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { } else { agent.agentCoreCheck = 1000; // Tell the agent object we are not using a custom core. // Perform a SHA384 hash on the core module - var hash = obj.crypto.createHash('sha384').update(new Buffer(core, 'binary')).digest().toString('binary'); + var hash = obj.crypto.createHash('sha384').update(Buffer.from(core, 'binary')).digest().toString('binary'); // Send the code module to the agent agent.send(obj.common.ShortToStr(10) + obj.common.ShortToStr(0) + hash + core); @@ -2101,7 +2101,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { try { obj.fs.open(filepath, 'r', function (err, fd) { obj.fs.fstat(fd, function (err, stats) { - var bufferSize = stats.size, chunkSize = 512, buffer = new Buffer(bufferSize), bytesRead = 0; + var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.alloc(bufferSize), bytesRead = 0; while (bytesRead < bufferSize) { if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); } obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead);