Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mesh key-rings are not created by clicking first add button #172

Closed
seamustuohy opened this issue Feb 26, 2014 · 1 comment
Closed

Mesh key-rings are not created by clicking first add button #172

seamustuohy opened this issue Feb 26, 2014 · 1 comment
Assignees
@seamustuohy
Labels
bug
Milestone
Router-1.1

Comments

@seamustuohy
Copy link
Collaborator

The default "add" functionality of the mesh key-chain page does not create a new key or update the current commotion profiles mdp values.

The correct behavior when the "add" button is clicked should be as follows:

  • Any key-ring at /etc/commotion/keys.d/mdp.keyring/serval.keyring should be deleted
  • A new key should be created at the above location
  • All active mesh profiles should have their "mdp_keyring" and "mdp_sid"'s updated
  • finally the values in /etc/config/olsrd in the olsrd_mdp section should be updated

Related Documentation Bug/Fix that will allow R1.1 to be put out regardless of this bug can be found @ opentechinstitute/commotion-docs#45

To re-create:

KEY:
Node 1 = N1
Node 1 command line argument = root@n1:
Node 2 = N2
Node 2 command line argument = root@n2:

N1: Create a new shared mesh keychain following these instructions.

  • Go to the “Basic –> Security –> Shared Mesh Keychain” menu
    • If the menu is populated with the options to "upload, download, and create" a shared mesh keychain follow the "Delete a keychain" instructions below and then continue.
  • Click the add button
  • Click the "Save" button
  • Click "Save and Apply" when asked to confirm the configuration.
  • Wait for the "Applying Changes" page to redirect you back to the status page.

N1: Download the created keychain using these instructions.

  • Go to the “Basic –> Security –> Shared Mesh Keychain” menu
    • If the menu shows ONLY the "help text" and "add" button follow the "Add a new key-chain" instructions above then continue.
  • Click the "Download Shared Mesh Keychain" button.
  • This will start the download of a file called serval.keyring
  • This file is your shared mesh key-chain.

N2: Upload a keychain using these instructions.

  • Make sure you have a valid key-chain on the device you will be uploading a key from
  • Go to the “Basic –> Security –> Shared Mesh Keychain” menu
    • If the menu shows ONLY the "help text" and "add" button follow the "Add a new key-chain" instructions above then continue. This not only adds a new key, which you don't need, but configures the device to require a key-chain file.
  • In the "Upload Shared Mesh Keychain File" box click on the "Choose File" button.
  • Select a key-ring file from your device and click "Open"
  • Click the "Save" Button
  • You do not have to click the "Save and Apply" button because we have not changed any settings, we have only replaced the keyring.

root@n1: cat /etc/commotion/profiles.d/profile_name

{
  "announce": "true",
  "bssid": "02:CA:FF:EE:BA:BE",
  "bssidgen": "true",
  "channel": "5",
  "dns": "208.67.222.222",
  "domain": "mesh.local",
  "encryption": "psk2",
  "ip": "100.64.0.0",
  "ipgen": "true",
  "ipgenmask": "255.192.0.0",
  "key": "c0MM0t10n!r0cks",
  "mdp_keyring": "/etc/commotion/keys.d/mdp.keyring/serval.keyring",
  "mdp_sid": "0000000000000000000000000000000000000000000000000000000000000000",
  "mode": "adhoc",
  "netmask": "255.192.0.0",
  "serval": "false",
  "ssid": "commotionwireless.net",
  "type": "mesh"
}

root@n2: cat /etc/commotion/profiles.d/profile_name

{
  "announce": "true",
  "bssid": "02:CA:FF:EE:BA:BE",
  "bssidgen": "true",
  "channel": "5",
  "dns": "208.67.222.222",
  "domain": "mesh.local",
  "encryption": "psk2",
  "ip": "100.64.0.0",
  "ipgen": "true",
  "ipgenmask": "255.192.0.0",
  "key": "c0MM0t10n!r0cks",
  "mdp_keyring": "/etc/commotion/keys.d/mdp/serval.keyring",
  "mdp_sid": "0000000000000000000000000000000000000000000000000000000000000000",
  "mode": "adhoc",
  "netmask": "255.192.0.0",
  "serval": "false",
  "ssid": "commotionwireless.net",
  "type": "mesh"
}

N1 & N2: Note the difference between the mdp_keyring lines and the mdp_sid lines.

     N2:
         "mdp_keyring": "/etc/commotion/keys.d/mdp/serval.keyring",
         "mdp_sid": "0000000000000000000000000000000000000000000000000000000000000000",
     N1:
         "mdp_keyring": "/etc/commotion/keys.d/mdp.keyring/serval.keyring",
             "mdp_sid": "A6D29C35D0409F176B22AEF2FAC447572540F39D8AEB8C48C107F9A11D224B06"

root@n2: logread

Feb 25 23:25:26 commotion user.notice luci: get sid
Feb 25 23:25:27 commotion user.notice luci: changes NOT found
Feb 25 23:25:27 commotion user.notice luci: lib parse
Feb 25 23:25:27 commotion user.notice luci: olsrd_mdp.so.0.1
Feb 25 23:25:27 commotion user.notice luci: sp parse
Feb 25 23:25:27 commotion user.notice luci: /etc/commotion/keys.d/mdp/serval.keyring
Feb 25 23:25:27 commotion user.notice luci: sid parse
Feb 25 23:25:50 commotion user.notice luci: uploader write
Feb 25 23:25:51 commotion user.notice luci: get sid
Feb 25 23:25:51 commotion user.notice luci: get sid
Feb 25 23:25:51 commotion user.notice luci: set
Feb 25 23:25:51 commotion user.notice luci: get sid
Feb 25 23:25:51 commotion user.notice luci: get sid

N2: The important line is the one that states "set"

root@n1: logread

Feb 25 23:25:26 commotion user.notice luci: get sid
Feb 25 23:25:27 commotion user.notice luci: changes NOT found
Feb 25 23:25:27 commotion user.notice luci: lib parse
Feb 25 23:25:27 commotion user.notice luci: olsrd_mdp.so.0.1
Feb 25 23:25:27 commotion user.notice luci: sp parse
Feb 25 23:25:27 commotion user.notice luci: /etc/commotion/keys.d/mdp/serval.keyring
Feb 25 23:25:27 commotion user.notice luci: sid parse
Feb 25 23:25:50 commotion user.notice luci: get sid
Feb 25 23:25:51 commotion user.notice luci: changes NOT found
Feb 25 23:25:51 commotion user.notice luci: lib parse
Feb 25 23:25:51 commotion user.notice luci: olsrd_mdp.so.0.1
Feb 25 23:25:51 commotion user.notice luci: sp parse
Feb 25 23:25:51 commotion user.notice luci: /etc/commotion/keys.d/mdp/serval.keyring
Feb 25 23:25:51 commotion user.notice luci: sid parse

N1: Notice that there is no "set" command announced on new key creation. This means that the function that sets the commotion profile values was never run when "adding" a new key.

Conclusion:

Upon running firstboot and then restarting to set the node back to its defaults it seems that the node has defaults that are not getting overwritten.

root@test-01-1011232331:# reboot
root@test-01-1011232331:# Connection to 10.46.75.1 closed by remote host.
me@my_computer:~$ telnet 10.46.75.1
root@commotion:/# ls /etc/commotion/keys.d/mdp/serval.keyring

/etc/commotion/keys.d/mdp/serval.keyring

root@commotion:/# SERVALINSTANCE_PATH=/etc/commotion/keys.d/mdp serval-client keyring list

INFO: Local date/time: 2014-02-25 21:00:08 +0000
INFO: Serval DNA version: UNKNOWN-VERSION
WARN: conf.c:85:reload()  config file /etc/commotion/keys.d/mdp/serval.conf does not exist -- using all defaults
A6D29C35D0409F176B22AEF2FAC447572540F39D8AEB8C48C107F9A11D224B06::

root@commotion:/# commotion new newProfile

{
  "newProfile": "Created."
}

root@commotion:/# commotion profiles

{
  "commotionwireless_46net": "commotionwireless_46net",
  "newProfile": "newProfile"
}

root@commotion:/# commotion save newProfile

{
  "newProfile": "Saved."
}

root@commotion:/# cat /etc/commotion/profiles.d/newProfile

{
  "announce": "true",
  "bssid": "02:CA:FF:EE:BA:BE",
  "bssidgen": "true",
  "channel": "5",
  "dns": "208.67.222.222",
  "domain": "mesh.local",
  "encryption": "psk2",
  "ip": "100.64.0.0",
  "ipgen": "true",
  "ipgenmask": "255.192.0.0",
  "key": "c0MM0t10n!r0cks",
  "mdp_keyring": "/etc/commotion/keys.d/mdp.keyring/serval.keyring",
  "mdp_sid": "0000000000000000000000000000000000000000000000000000000000000000",
  "mode": "adhoc",
  "netmask": "255.192.0.0",
  "serval": "false",
  "ssid": "commotionwireless.net",
  "type": "mesh"

A node contains a default mdp serval keyring file, which it should not for security reasons, but that is besides the point. Beyond this, when a new serval-keyring is added in the security menu it only creates a new keyring if a key does NOT already exist. The act of adding a new keyring also does not trigger the modification of the commotion profile values when using the basic "add" command. As such, adding a new serval keyring without using one of the sub-options does not work.

BUT! If a user adds a new serval keyring AND then uses the "Create a new Shared Mesh Keychain file" button on that page it will properly set the new serval keyring.
@seamustuohy seamustuohy added this to the 1.1 milestone Feb 28, 2014
@seamustuohy seamustuohy self-assigned this Mar 4, 2014
@seamustuohy seamustuohy mentioned this issue Mar 5, 2014
Merged
@seamustuohy
Copy link
Collaborator Author

Pull request #190, if accepted will close this issue.

critzo pushed a commit that referenced this issue Mar 6, 2014
Merge pull request #190 from opentechinstitute/172
a25bc66 
Fix for issue #172
@areynold areynold closed this as completed Mar 6, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seamustuohy seamustuohy

Labels
bug
Projects
None yet
Milestone
Router-1.1
Development

No branches or pull requests
2 participants
@areynold @seamustuohy