diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe index f1e80efd..0c62c8a4 100644 Binary files a/agents/MeshCmd-signed.exe and b/agents/MeshCmd-signed.exe differ diff --git a/agents/MeshCmd64-signed.exe b/agents/MeshCmd64-signed.exe index 04924cb0..67971279 100644 Binary files a/agents/MeshCmd64-signed.exe and b/agents/MeshCmd64-signed.exe differ diff --git a/amtscanner.js b/amtscanner.js index 73a1d14f..6a27b88f 100644 --- a/amtscanner.js +++ b/amtscanner.js @@ -39,7 +39,7 @@ module.exports.CreateAmtScanner = function (parent) { // Build a RMCP packet with a given tag field obj.buildRmcpPing = function (tag) { - var packet = new Buffer(obj.common.hex2rstr('06000006000011BE80000000'), 'ascii'); + var packet = Buffer.from(obj.common.hex2rstr('06000006000011BE80000000'), 'ascii'); packet[9] = tag; return packet; }; diff --git a/certoperations.js b/certoperations.js index 699c3abb..e308541a 100644 --- a/certoperations.js +++ b/certoperations.js @@ -43,7 +43,7 @@ module.exports.CertificateOperations = function () { if (err) { func(url, null, tag); return; } var x1 = data.indexOf('-----BEGIN CERTIFICATE-----'), x2 = data.indexOf('-----END CERTIFICATE-----'); if ((x1 >= 0) && (x2 > x1)) { - func(url, new Buffer(data.substring(x1 + 27, x2), 'base64').toString('binary'), tag); + func(url, Buffer.from(data.substring(x1 + 27, x2), 'base64').toString('binary'), tag); } else { func(url, data, tag); } @@ -67,7 +67,7 @@ module.exports.CertificateOperations = function () { // If this is not an RSA certificate, hash the raw PKCS7 out of the PEM file var x1 = cert.indexOf('-----BEGIN CERTIFICATE-----'), x2 = cert.indexOf('-----END CERTIFICATE-----'); if ((x1 >= 0) && (x2 > x1)) { - return obj.crypto.createHash('sha384').update(new Buffer(cert.substring(x1 + 27, x2), 'base64')).digest('hex'); + return obj.crypto.createHash('sha384').update(Buffer.from(cert.substring(x1 + 27, x2), 'base64')).digest('hex'); } else { console.log('ERROR: Unable to decode certificate.'); return null; } } }; @@ -89,7 +89,7 @@ module.exports.CertificateOperations = function () { // If this is not an RSA certificate, hash the raw PKCS7 out of the PEM file var x1 = cert.indexOf('-----BEGIN CERTIFICATE-----'), x2 = cert.indexOf('-----END CERTIFICATE-----'); if ((x1 >= 0) && (x2 > x1)) { - return obj.crypto.createHash('sha384').update(new Buffer(cert.substring(x1 + 27, x2), 'base64')).digest('binary'); + return obj.crypto.createHash('sha384').update(Buffer.from(cert.substring(x1 + 27, x2), 'base64')).digest('binary'); } else { console.log('ERROR: Unable to decode certificate.'); return null; } } }; @@ -497,7 +497,7 @@ module.exports.CertificateOperations = function () { // No accelerators available if (typeof privatekey == "number") { privatekey = obj.acceleratorCertStore[privatekey].key; } const sign = obj.crypto.createSign("SHA384"); - sign.end(new Buffer(data, "binary")); + sign.end(Buffer.from(data, "binary")); func(tag, sign.sign(privatekey).toString("binary")); } else { var acc = obj.getAccelerator(); diff --git a/db.js b/db.js index 9e4c9abb..76152045 100644 --- a/db.js +++ b/db.js @@ -55,7 +55,7 @@ module.exports.CreateDB = function (parent) { if ((docs.length == 1) && (docs[0].value != null)) { obj.identifier = docs[0].value; } else { - obj.identifier = new Buffer(require('crypto').randomBytes(48), 'binary').toString('hex'); + obj.identifier = Buffer.from(require('crypto').randomBytes(48), 'binary').toString('hex'); obj.Set({ _id: 'DatabaseIdentifier', value: obj.identifier }); } }); diff --git a/meshaccelerator.js b/meshaccelerator.js index cf3a0f19..79874eac 100644 --- a/meshaccelerator.js +++ b/meshaccelerator.js @@ -23,7 +23,7 @@ process.on('message', function (message) { if (typeof message.key == 'number') { message.key = certStore[message.key].key; } try { const sign = crypto.createSign('SHA384'); - sign.end(new Buffer(message.data, 'binary')); + sign.end(Buffer.from(message.data, 'binary')); process.send(sign.sign(message.key).toString('binary')); } catch (e) { process.send(null); } break; diff --git a/meshagent.js b/meshagent.js index 9f75150c..75070d8c 100644 --- a/meshagent.js +++ b/meshagent.js @@ -45,7 +45,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { ws._socket.setKeepAlive(true, 240000); // Set TCP keep alive, 4 minutes // Send a message to the mesh agent - obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(new Buffer(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } }; + obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(Buffer.from(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } }; // Disconnect this agent obj.close = function (arg) { @@ -159,7 +159,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { if (obj.nodeid != null) { obj.parent.parent.debug(1, 'Agent update required, NodeID=0x' + obj.nodeid.substring(0, 16) + ', ' + obj.agentExeInfo.desc); } obj.fs.open(obj.agentExeInfo.path, 'r', function (err, fd) { if (err) { return console.error(err); } - obj.agentUpdate = { oldHash: agenthash, ptr: 0, buf: new Buffer(agentUpdateBlockSize + 4), fd: fd }; + obj.agentUpdate = { oldHash: agenthash, ptr: 0, buf: Buffer.from(agentUpdateBlockSize + 4), fd: fd }; // We got the agent file open on the server side, tell the agent we are sending an update starting with the SHA384 hash of the result //console.log("Agent update file open."); @@ -229,7 +229,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { obj.send(obj.common.ShortToStr(1) + msg.substring(2, 50) + obj.nonce); // Command 1, hash + nonce. Use the web hash given by the agent. } else { // Check that the server hash matches our own web certificate hash (SHA384) - if ((getWebCertHash(obj.domain) != msg.substring(2, 50)) && (getWebCertFullHash(obj.domain) != msg.substring(2, 50))) { console.log('Agent bad web cert hash (Agent:' + (new Buffer(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (new Buffer(getWebCertHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); return; } + if ((getWebCertHash(obj.domain) != msg.substring(2, 50)) && (getWebCertFullHash(obj.domain) != msg.substring(2, 50))) { console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (new Buffer(getWebCertHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); return; } } // Use our server private key to sign the ServerHash + AgentNonce + ServerNonce @@ -266,8 +266,8 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { // Decode the certificate var certlen = obj.common.ReadShort(msg, 2); obj.unauth = {}; - try { obj.unauth.nodeid = new Buffer(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { md: obj.forge.md.sha384.create() }).data, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return; } - obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + new Buffer(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; + try { obj.unauth.nodeid = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { md: obj.forge.md.sha384.create() }).data, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return; } + obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + Buffer.from(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; // Check the agent signature if we can if (obj.agentnonce == null) { obj.unauthsign = msg.substring(4 + certlen); } else { if (processAgentSignature(msg.substring(4 + certlen)) == false) { console.log('Agent connected with bad signature, holding connection (' + obj.remoteaddrport + ').'); return; } } @@ -286,9 +286,9 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { obj.agentInfo.platformType = obj.common.ReadInt(msg, 14); if (obj.agentInfo.platformType > 6 || obj.agentInfo.platformType < 1) { obj.agentInfo.platformType = 1; } if (msg.substring(50, 66) == '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0') { - obj.meshid = new Buffer(msg.substring(18, 50), 'binary').toString('hex'); // Older HEX MeshID + obj.meshid = Buffer.from(msg.substring(18, 50), 'binary').toString('hex'); // Older HEX MeshID } else { - obj.meshid = new Buffer(msg.substring(18, 66), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // New Base64 MeshID + obj.meshid = Buffer.from(msg.substring(18, 66), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // New Base64 MeshID } //console.log('MeshID', obj.meshid); obj.agentInfo.capabilities = obj.common.ReadInt(msg, 66); @@ -464,11 +464,11 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { if (obj.args.ignoreagenthashcheck !== true) { // Verify the signature. This is the fast way, without using forge. const verify = obj.parent.crypto.createVerify('SHA384'); - verify.end(new Buffer(getWebCertHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the private key hash - if (verify.verify(obj.unauth.nodeCertPem, new Buffer(msg, 'binary')) !== true) { + verify.end(Buffer.from(getWebCertHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the private key hash + if (verify.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) { const verify2 = obj.parent.crypto.createVerify('SHA384'); - verify2.end(new Buffer(getWebCertFullHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the full cert hash - if (verify2.verify(obj.unauth.nodeCertPem, new Buffer(msg, 'binary')) !== true) { return false; } + verify2.end(Buffer.from(getWebCertFullHash(obj.domain) + obj.nonce + obj.agentnonce, 'binary')); // Test using the full cert hash + if (verify2.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) { return false; } } } diff --git a/meshcentral.js b/meshcentral.js index 34184908..5f71e785 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -56,7 +56,7 @@ function CreateMeshCentralServer(config, args) { obj.maintenanceTimer = null; obj.serverId = null; obj.currentVer = null; - obj.serverKey = new Buffer(obj.crypto.randomBytes(48), 'binary'); + obj.serverKey = Buffer.from(obj.crypto.randomBytes(48), 'binary'); obj.loginCookieEncryptionKey = null; obj.serverSelfWriteAllowed = true; try { obj.currentVer = JSON.parse(obj.fs.readFileSync(obj.path.join(__dirname, 'package.json'), 'utf8')).version; } catch (e) { } // Fetch server version @@ -1138,7 +1138,7 @@ function CreateMeshCentralServer(config, args) { // Generate a cryptographic key used to encode and decode cookies obj.generateCookieKey = function () { - return new Buffer(obj.crypto.randomBytes(80), 'binary'); + return Buffer.from(obj.crypto.randomBytes(80), 'binary'); //return Buffer.alloc(80, 0); // Sets the key to zeros, debug only. }; @@ -1147,7 +1147,7 @@ function CreateMeshCentralServer(config, args) { try { if (key == null) { key = obj.serverKey; } o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time - const iv = new Buffer(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv); + const iv = Buffer.from(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv); const crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]); return Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return null; } @@ -1164,7 +1164,7 @@ function CreateMeshCentralServer(config, args) { obj.decodeCookieAESGCM = function (cookie, key, timeout) { try { if (key == null) { key = obj.serverKey; } - cookie = new Buffer(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); + cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); const decipher = obj.crypto.createDecipheriv('aes-256-gcm', key.slice(0, 32), cookie.slice(0, 12)); decipher.setAuthTag(cookie.slice(12, 16)); const o = JSON.parse(decipher.update(cookie.slice(28), 'binary', 'utf8') + decipher.final('utf8')); @@ -1183,7 +1183,7 @@ function CreateMeshCentralServer(config, args) { try { if (key == null) { key = obj.serverKey; } if (key.length < 80) { return null; } - cookie = new Buffer(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); + cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), 'base64'); const decipher = obj.crypto.createDecipheriv('aes-256-cbc', key.slice(48, 80), cookie.slice(0, 16)); const rawmsg = decipher.update(cookie.slice(16), 'binary', 'binary') + decipher.final('binary'); const hmac = obj.crypto.createHmac('sha384', key.slice(0, 48)); @@ -1238,7 +1238,7 @@ function CreateMeshCentralServer(config, args) { obj.fs.open(filepath, 'r', function (err, fd) { if (fd == null) { func(null); return; } obj.fs.fstat(fd, function (err, stats) { - var bufferSize = stats.size, chunkSize = 512, buffer = new Buffer(bufferSize), bytesRead = 0; + var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.from(bufferSize), bytesRead = 0; while (bytesRead < bufferSize) { if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); } obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead); diff --git a/meshrelay.js b/meshrelay.js index 9a6f87ed..4c755db6 100644 --- a/meshrelay.js +++ b/meshrelay.js @@ -191,14 +191,19 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie } }); - // If error, do nothing + // If error, do nothing. ws.on('error', function (err) { - console.log('Relay Error', err); - obj.close(); + console.log('Relay error from ' + obj.remoteaddr + ', ' + err.toString().split('\r')[0] + '.'); + closeBothSides(); }); - // If the mesh relay web socket is closed + // If the mesh relay web socket is closed. ws.on('close', function (req) { + closeBothSides(); + }); + + // Close both our side and the peer side. + function closeBothSides() { if (obj.id != null) { var relayinfo = parent.wsrelays[obj.id]; if (relayinfo != null) { @@ -217,7 +222,7 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie obj.peer = null; obj.id = null; } - }); + } // Mark this relay session as authenticated if this is the user end. obj.authenticated = (obj.user != null); diff --git a/meshuser.js b/meshuser.js index 2590c5ee..5dd051f3 100644 --- a/meshuser.js +++ b/meshuser.js @@ -28,7 +28,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use obj.serverStatsTimer = null; // Send a message to the user - //obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(new Buffer(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } } + //obj.send = function (data) { try { if (typeof data == 'string') { obj.ws.send(Buffer.from(data, 'binary')); } else { obj.ws.send(data); } } catch (e) { } } // Disconnect this user obj.close = function (arg) { @@ -1391,7 +1391,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use try { obj.fs.open(filepath, 'r', function (err, fd) { obj.fs.fstat(fd, function (err, stats) { - var bufferSize = stats.size, chunkSize = 512, buffer = new Buffer(bufferSize), bytesRead = 0; + var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.from(bufferSize), bytesRead = 0; while (bytesRead < bufferSize) { if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); } obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead); diff --git a/mpsserver.js b/mpsserver.js index 6fd012aa..f95dca18 100644 --- a/mpsserver.js +++ b/mpsserver.js @@ -113,7 +113,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { socket.on("timeout", () => { Debug(1, "MPS:CIRA timeout, disconnecting."); try { socket.end(); } catch (e) { } }); socket.addListener("data", function (data) { - if (args.mpsdebug) { var buf = new Buffer(data, "binary"); console.log("MPS <-- (" + buf.length + "):" + buf.toString('hex')); } // Print out received bytes + if (args.mpsdebug) { var buf = Buffer.from(data, "binary"); console.log("MPS <-- (" + buf.length + "):" + buf.toString('hex')); } // Print out received bytes socket.tag.accumulator += data; // Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port. @@ -249,7 +249,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { if (mesh.mtype == 1) { // Intel AMT GUID (socket.tag.SystemId) will be used as NodeID var systemid = socket.tag.SystemId.split('-').join(''); - var nodeid = new Buffer(systemid + systemid + systemid, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); + var nodeid = Buffer.from(systemid + systemid + systemid, 'hex').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); socket.tag.name = ''; socket.tag.nodeid = 'node/' + mesh.domain + '/' + nodeid; // Turn 16bit systemid guid into 48bit nodeid that is base64 encoded socket.tag.meshid = mesh._id; @@ -630,11 +630,11 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { function Write(socket, data) { if (args.mpsdebug) { // Print out sent bytes - var buf = new Buffer(data, "binary"); + var buf = Buffer.from(data, "binary"); console.log('MPS --> (' + buf.length + '):' + buf.toString('hex')); socket.write(buf); } else { - socket.write(new Buffer(data, "binary")); + socket.write(Buffer.from(data, "binary")); } } diff --git a/multiserver.js b/multiserver.js index db0a8ad0..5632ada0 100644 --- a/multiserver.js +++ b/multiserver.js @@ -111,21 +111,21 @@ module.exports.CreateMultiServer = function (parent, args) { case 2: { // Server certificate var certlen = obj.common.ReadShort(msg, 2), serverCert = null; - var serverCertPem = '-----BEGIN CERTIFICATE-----\r\n' + new Buffer(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; + var serverCertPem = '-----BEGIN CERTIFICATE-----\r\n' + Buffer.from(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; try { serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))); } catch (e) { } if (serverCert == null) { obj.parent.parent.debug(1, 'OutPeer: Invalid server certificate.'); disconnect(); return; } - var serverid = new Buffer(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); + var serverid = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); if (serverid !== obj.agentCertificateHashBase64) { obj.parent.parent.debug(1, 'OutPeer: Server hash mismatch.'); disconnect(); return; } // Server signature, verify it. This is the fast way, without using forge. (TODO: Use accelerator for this?) const verify = obj.parent.crypto.createVerify('SHA384'); - verify.end(new Buffer(obj.serverCertHash + obj.nonce + obj.servernonce, 'binary')); - if (verify.verify(serverCertPem, new Buffer(msg.substring(4 + certlen), 'binary')) !== true) { obj.parent.parent.debug(1, 'OutPeer: Server sign check failed.'); disconnect(); return; } + verify.end(Buffer.from(obj.serverCertHash + obj.nonce + obj.servernonce, 'binary')); + if (verify.verify(serverCertPem, Buffer.from(msg.substring(4 + certlen), 'binary')) !== true) { obj.parent.parent.debug(1, 'OutPeer: Server sign check failed.'); disconnect(); return; } // Connection is a success, clean up delete obj.nonce; delete obj.servernonce; - obj.serverCertHash = new Buffer(obj.serverCertHash, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // Change this value to base64 + obj.serverCertHash = Buffer.from(obj.serverCertHash, 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // Change this value to base64 obj.connectionState |= 4; obj.retryBackoff = 0; // Set backoff connection timer back to fast. obj.parent.parent.debug(1, 'OutPeer ' + obj.serverid + ': Verified peer connection to ' + obj.url); @@ -189,7 +189,7 @@ module.exports.CreateMultiServer = function (parent, args) { if (command.dbid != obj.parent.parent.db.identifier) { console.log('ERROR: Database ID mismatch. Trying to peer to a server with the wrong database. (' + obj.url + ', ' + command.serverid + ').'); return; } if (obj.serverCertHash != command.serverCertHash) { console.log('ERROR: Outer certificate hash mismatch (2). (' + obj.url + ', ' + command.serverid + ').'); return; } obj.peerServerId = command.serverid; - obj.peerServerKey = new Buffer(command.key, 'hex'); + obj.peerServerKey = Buffer.from(command.key, 'hex'); obj.authenticated = 3; obj.parent.SetupPeerServer(obj, obj.peerServerId); } @@ -228,7 +228,7 @@ module.exports.CreateMultiServer = function (parent, args) { // Send a message to the peer server obj.send = function (data) { try { - if (typeof data == 'string') { obj.ws.send(new Buffer(data, 'binary')); return; } + if (typeof data == 'string') { obj.ws.send(Buffer.from(data, 'binary')); return; } if (typeof data == 'object') { obj.ws.send(JSON.stringify(data)); return; } obj.ws.send(data); } catch (e) { } @@ -282,8 +282,8 @@ module.exports.CreateMultiServer = function (parent, args) { // Decode the certificate var certlen = obj.common.ReadShort(msg, 2); obj.unauth = {}; - try { obj.unauth.nodeid = new Buffer(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { console.log(e); return; } - obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + new Buffer(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; + try { obj.unauth.nodeid = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(msg.substring(4, 4 + certlen))).publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { console.log(e); return; } + obj.unauth.nodeCertPem = '-----BEGIN CERTIFICATE-----\r\n' + Buffer.from(msg.substring(4, 4 + certlen), 'binary').toString('base64') + '\r\n-----END CERTIFICATE-----'; // Check the peer server signature if we can if (obj.peernonce == null) { @@ -325,8 +325,8 @@ module.exports.CreateMultiServer = function (parent, args) { function processPeerSignature(msg) { // Verify the signature. This is the fast way, without using forge. const verify = obj.parent.crypto.createVerify('SHA384'); - verify.end(new Buffer(obj.parent.parent.webserver.webCertificateHash + obj.nonce + obj.peernonce, 'binary')); - if (verify.verify(obj.unauth.nodeCertPem, new Buffer(msg, 'binary')) !== true) { console.log('Peer sign fail 1'); return false; } + verify.end(Buffer.from(obj.parent.parent.webserver.webCertificateHash + obj.nonce + obj.peernonce, 'binary')); + if (verify.verify(obj.unauth.nodeCertPem, Buffer.from(msg, 'binary')) !== true) { console.log('Peer sign fail 1'); return false; } if (obj.unauth.nodeid !== obj.agentCertificateHashBase64) { console.log('Peer sign fail 2'); return false; } // Connection is a success, clean up @@ -353,7 +353,7 @@ module.exports.CreateMultiServer = function (parent, args) { if (command.dbid != obj.parent.parent.db.identifier) { console.log('ERROR: Database ID mismatch. Trying to peer to a server with the wrong database. (' + obj.remoteaddr + ', ' + command.serverid + ').'); return; } if (obj.parent.peerConfig.servers[command.serverid] == null) { console.log('ERROR: Unknown peer serverid: ' + command.serverid + ' (' + obj.remoteaddr + ').'); return; } obj.peerServerId = command.serverid; - obj.peerServerKey = new Buffer(command.key, 'hex'); + obj.peerServerKey = Buffer.from(command.key, 'hex'); obj.serverCertHash = command.serverCertHash; obj.authenticated = 3; obj.parent.SetupPeerServer(obj, obj.peerServerId); @@ -599,7 +599,7 @@ module.exports.CreateMultiServer = function (parent, args) { // Get the peer server's certificate and compute the server public key hash var serverCert = obj.forge.pki.certificateFromAsn1(obj.forge.asn1.fromDer(peerTunnel.ws2._socket.getPeerCertificate().raw.toString('binary'))); - var serverCertHashHex = new Buffer(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); + var serverCertHashHex = Buffer.from(obj.forge.pki.getPublicKeyFingerprint(serverCert.publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() }), 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); // Check if the peer certificate is the expected one for this serverid if (obj.peerServers[serverid] == null || obj.peerServers[serverid].serverCertHash != serverCertHashHex) { console.log('ERROR: Outer certificate hash mismatch (1). (' + peerTunnel.url + ', ' + peerTunnel.serverid + ').'); peerTunnel.close(); return; } diff --git a/package.json b/package.json index 71f7e8b7..02f27f1c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.2.5-k", + "version": "0.2.5-l", "keywords": [ "Remote Management", "Intel AMT", diff --git a/pass.js b/pass.js index 68d9f7e6..ce7e52d5 100644 --- a/pass.js +++ b/pass.js @@ -53,7 +53,7 @@ exports.iishash = function (type, pwd, salt, fn) { fn(null, pwd); } else if (type == 1) { const hash = crypto.createHash('sha1'); - hash.update(Buffer.concat([new Buffer(salt, 'base64'), new Buffer(pwd, 'utf16le')])); + hash.update(Buffer.concat([Buffer.from(salt, 'base64'), Buffer.from(pwd, 'utf16le')])); fn(null, hash.digest().toString('base64')); } else { fn('invalid type'); diff --git a/redirserver.js b/redirserver.js index 523a5d06..ddf761c9 100644 --- a/redirserver.js +++ b/redirserver.js @@ -60,7 +60,7 @@ module.exports.CreateRedirServer = function (parent, db, args, func) { if (i >= 0) { rootcert = rootcert.substring(i + 29); } i = rootcert.indexOf("-----END CERTIFICATE-----"); if (i >= 0) { rootcert = rootcert.substring(i, 0); } - res.send(new Buffer(rootcert, "base64")); + res.send(Buffer.from(rootcert, "base64")); } else { res.sendStatus(404); } diff --git a/swarmserver.js b/swarmserver.js index 631775ce..2f41eee5 100644 --- a/swarmserver.js +++ b/swarmserver.js @@ -153,7 +153,7 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) { Debug(1, 'SWARM:New legacy agent connection'); socket.addListener("data", function (data) { - if (args.swarmdebug) { var buf = new Buffer(data, "binary"); console.log('SWARM <-- (' + buf.length + '):' + buf.toString('hex')); } // Print out received bytes + if (args.swarmdebug) { var buf = Buffer.from(data, "binary"); console.log('SWARM <-- (' + buf.length + '):' + buf.toString('hex')); } // Print out received bytes socket.tag.accumulator += data; // Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port. @@ -333,11 +333,11 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) { function Write(socket, data) { if (args.swarmdebug) { // Print out sent bytes - var buf = new Buffer(data, "binary"); + var buf = Buffer.from(data, "binary"); console.log('SWARM --> (' + buf.length + '):' + buf.toString('hex')); socket.write(buf); } else { - socket.write(new Buffer(data, "binary")); + socket.write(Buffer.from(data, "binary")); } } diff --git a/views/default-mobile-min.handlebars b/views/default-mobile-min.handlebars index a9145768..36396cc8 100644 --- a/views/default-mobile-min.handlebars +++ b/views/default-mobile-min.handlebars @@ -1 +1 @@ -