[Commotion-admin] [luci-commotion] Mesh key-rings are not created by clicking first add button (#172)

Seamus Tuohy notifications at github.com
Wed Feb 26 22:08:46 UTC 2014 

The default "add" functionality of the mesh key-chain page does not create a new key or update the current commotion profiles mdp values.

The correct behavior when the "add" button is clicked should be as follows:
  * Any key-ring at /etc/commotion/keys.d/mdp.keyring/serval.keyring should be deleted
  * A new key should be created at the above location
  * All active mesh profiles should have their   "mdp_keyring" and "mdp_sid"'s updated
  * finally the values in /etc/config/olsrd in the olsrd_mdp section should be updated

Related Documentation Bug/Fix that will allow R1.1 to be put out regardless of this bug can be found @ https://github.com/opentechinstitute/commotion-docs/issues/45

To re-create:

KEY:
  Node 1 = N1
  Node 1 command line argument = root at n1: <COMMAND>
  Node 2 = N2
  Node 2 command line argument = root at n2: <COMMAND>

N1: Create a new shared mesh keychain following these instructions.
  * Go to the  “Basic –> Security –> Shared Mesh Keychain” menu
    * If the menu is populated with the options to "upload, download, and create" a shared mesh keychain follow the "Delete a keychain" instructions below and then continue.
  * Click the add button
  * Click the "Save" button
  * Click "Save and Apply" when asked to confirm the configuration.
  * Wait for the "Applying Changes" page to redirect you back to the status page.

N1: Download the created keychain using these instructions.
  * Go to the  “Basic –> Security –> Shared Mesh Keychain” menu
    * If the menu shows ONLY the "help text" and "add"  button follow the "Add a new key-chain" instructions above then continue.
  * Click the "Download Shared Mesh Keychain" button.
  * This will start the download of a file called serval.keyring
  * This file is your shared mesh key-chain.

N2: Upload a keychain using these instructions.
  * Make sure you have a valid key-chain on the device you will be uploading a key from
  * Go to the  “Basic –> Security –> Shared Mesh Keychain” menu
    * If the menu shows ONLY the "help text" and "add"  button follow the "Add a new key-chain" instructions above then continue. This not only adds a new key, which you don't need, but configures the device to require a key-chain file.
  * In the "Upload Shared Mesh Keychain File" box click on the "Choose File" button.
  * Select a key-ring file from your device and click "Open"
  * Click the "Save" Button
  * You do not have to click the "Save and Apply" button because we have not changed any settings, we have only replaced the keyring.


root at n1: cat /etc/commotion/profiles.d/profile_name

```
{
  "announce": "true",
  "bssid": "02:CA:FF:EE:BA:BE",
  "bssidgen": "true",
  "channel": "5",
  "dns": "208.67.222.222",
  "domain": "mesh.local",
  "encryption": "psk2",
  "ip": "100.64.0.0",
  "ipgen": "true",
  "ipgenmask": "255.192.0.0",
  "key": "c0MM0t10n!r0cks",
  "mdp_keyring": "/etc/commotion/keys.d/mdp.keyring/serval.keyring",
  "mdp_sid": "0000000000000000000000000000000000000000000000000000000000000000",
  "mode": "adhoc",
  "netmask": "255.192.0.0",
  "serval": "false",
  "ssid": "commotionwireless.net",
  "type": "mesh"
}
```
root at n2: cat /etc/commotion/profiles.d/profile_name
```
{
  "announce": "true",
  "bssid": "02:CA:FF:EE:BA:BE",
  "bssidgen": "true",
  "channel": "5",
  "dns": "208.67.222.222",
  "domain": "mesh.local",
  "encryption": "psk2",
  "ip": "100.64.0.0",
  "ipgen": "true",
  "ipgenmask": "255.192.0.0",
  "key": "c0MM0t10n!r0cks",
  "mdp_keyring": "/etc/commotion/keys.d/mdp/serval.keyring",
  "mdp_sid": "0000000000000000000000000000000000000000000000000000000000000000",
  "mode": "adhoc",
  "netmask": "255.192.0.0",
  "serval": "false",
  "ssid": "commotionwireless.net",
  "type": "mesh"
}
```
N1 & N2: Note the difference between the mdp_keyring lines and the mdp_sid lines.
```
     N2:
	     "mdp_keyring": "/etc/commotion/keys.d/mdp/serval.keyring",
	     "mdp_sid": "0000000000000000000000000000000000000000000000000000000000000000",
	 N1:
	     "mdp_keyring": "/etc/commotion/keys.d/mdp.keyring/serval.keyring",
             "mdp_sid": "A6D29C35D0409F176B22AEF2FAC447572540F39D8AEB8C48C107F9A11D224B06"
```

root at n2: logread
```
Feb 25 23:25:26 commotion user.notice luci: get sid
Feb 25 23:25:27 commotion user.notice luci: changes NOT found
Feb 25 23:25:27 commotion user.notice luci: lib parse
Feb 25 23:25:27 commotion user.notice luci: olsrd_mdp.so.0.1
Feb 25 23:25:27 commotion user.notice luci: sp parse
Feb 25 23:25:27 commotion user.notice luci: /etc/commotion/keys.d/mdp/serval.keyring
Feb 25 23:25:27 commotion user.notice luci: sid parse
Feb 25 23:25:50 commotion user.notice luci: uploader write
Feb 25 23:25:51 commotion user.notice luci: get sid
Feb 25 23:25:51 commotion user.notice luci: get sid
Feb 25 23:25:51 commotion user.notice luci: set
Feb 25 23:25:51 commotion user.notice luci: get sid
Feb 25 23:25:51 commotion user.notice luci: get sid
```
N2: The important line is the one that states "set"

root at n1: logread
```
Feb 25 23:25:26 commotion user.notice luci: get sid
Feb 25 23:25:27 commotion user.notice luci: changes NOT found
Feb 25 23:25:27 commotion user.notice luci: lib parse
Feb 25 23:25:27 commotion user.notice luci: olsrd_mdp.so.0.1
Feb 25 23:25:27 commotion user.notice luci: sp parse
Feb 25 23:25:27 commotion user.notice luci: /etc/commotion/keys.d/mdp/serval.keyring
Feb 25 23:25:27 commotion user.notice luci: sid parse
Feb 25 23:25:50 commotion user.notice luci: get sid
Feb 25 23:25:51 commotion user.notice luci: changes NOT found
Feb 25 23:25:51 commotion user.notice luci: lib parse
Feb 25 23:25:51 commotion user.notice luci: olsrd_mdp.so.0.1
Feb 25 23:25:51 commotion user.notice luci: sp parse
Feb 25 23:25:51 commotion user.notice luci: /etc/commotion/keys.d/mdp/serval.keyring
Feb 25 23:25:51 commotion user.notice luci: sid parse
```
N1: Notice that there is no "set" command announced on new key creation. This means that the function that sets the commotion profile values was never run when "adding" a new key.

Conclusion:

Upon running firstboot and then restarting to set the node back to its defaults it seems that the node has defaults that are not getting overwritten.

root at test-01-1011232331:~# reboot
root at test-01-1011232331:~# Connection to 10.46.75.1 closed by remote host.
me at my_computer:~$  telnet 10.46.75.1
root at commotion:/# ls /etc/commotion/keys.d/mdp/serval.keyring 
```
/etc/commotion/keys.d/mdp/serval.keyring
```
root at commotion:/# SERVALINSTANCE_PATH=/etc/commotion/keys.d/mdp serval-client keyring list
```
INFO: Local date/time: 2014-02-25 21:00:08 +0000
INFO: Serval DNA version: UNKNOWN-VERSION
WARN: conf.c:85:reload()  config file /etc/commotion/keys.d/mdp/serval.conf does not exist -- using all defaults
A6D29C35D0409F176B22AEF2FAC447572540F39D8AEB8C48C107F9A11D224B06::
```
root at commotion:/# commotion new newProfile
```
{
  "newProfile": "Created."
}
```
root at commotion:/# commotion profiles
```
{
  "commotionwireless_46net": "commotionwireless_46net",
  "newProfile": "newProfile"
}
```
root at commotion:/# commotion save newProfile
```
{
  "newProfile": "Saved."
}
```
root at commotion:/# cat /etc/commotion/profiles.d/newProfile 
```
{
  "announce": "true",
  "bssid": "02:CA:FF:EE:BA:BE",
  "bssidgen": "true",
  "channel": "5",
  "dns": "208.67.222.222",
  "domain": "mesh.local",
  "encryption": "psk2",
  "ip": "100.64.0.0",
  "ipgen": "true",
  "ipgenmask": "255.192.0.0",
  "key": "c0MM0t10n!r0cks",
  "mdp_keyring": "/etc/commotion/keys.d/mdp.keyring/serval.keyring",
  "mdp_sid": "0000000000000000000000000000000000000000000000000000000000000000",
  "mode": "adhoc",
  "netmask": "255.192.0.0",
  "serval": "false",
  "ssid": "commotionwireless.net",
  "type": "mesh"
```

A node contains a default mdp serval keyring file, which it should not for security reasons, but that is besides the point. Beyond this, when a new serval-keyring is added in the security menu it only creates a new keyring if a key does NOT already exist. The act of adding a new keyring also does not trigger the modification of the commotion profile values when using the basic "add" command. As such, adding a new serval keyring without using one of the sub-options does not work.

BUT! If a user adds a new serval keyring AND then uses the "Create a new Shared Mesh Keychain file" button on that page it will properly set the new serval keyring.



---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/luci-commotion/issues/172
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20140226/ff20fa0f/attachment.html>

More information about the Commotion-admin mailing list