Added "Consistent key generation"

openwisp · May 12, 2016 · daff21f · daff21f
1 parent e0d4efc
commit daff21f
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 4 deletions.
diff --git a/README.rst b/README.rst
@@ -66,6 +66,7 @@ UCI configuration options must go in ``/etc/config/openwisp``.
 - ``key``: key required to download the configuration
 - ``shared_secret``: shared secret, needed for `Automatic registration`_
 - ``unmanaged``: list of config sections which won't be overwritten, see `Unmanaged Configurations`_
+- ``consistent_key``: whether `Consistent key generation`_ is enabled or not, defaults to ``1``
 - ``test_config``: whether a new configuration must be tested before being considered applied, defaults to ``1``
 - ``test_script``: custom test script, read more about this feature in `Configuration test`_
 - ``capath``: value passed to curl ``--capath`` argument, defaults to ``/etc/ssl/certs``; see also `curl capath argument <https://curl.haxx.se/docs/manpage.html#--capath>`_
@@ -86,6 +87,18 @@ in the latter case it will simply register itself with the current hostname.
 When the registration is completed, the agent will automatically set ``uuid`` and ``key``
 in ``/etc/config/openwisp``.
 
+Consistent key generation
+-------------------------
+
+When using `Automatic registration`_, this feature allows devices to keep the same configuration
+even if reset or reflashed.
+
+The ``key`` is generated consistently with an operation like ``md5sum(mac_address + shared_secret)``;
+this allows the controller application to recognize that an existing device is registering itself again.
+
+This feature is enabled by default, but must be enabled also in the controller application
+in order to work.
+
 Configuration test
 ------------------
 

diff --git a/openwisp-config/files/openwisp.agent b/openwisp-config/files/openwisp.agent
@@ -9,6 +9,7 @@ while [ -n "$1" ]; do
 		--uuid) export UUID="$2"; shift;;
 		--key) export KEY="$2"; shift;;
 		--shared-secret) export SHARED_SECRET="$2"; shift;;
+		--consistent-key) export CONSISTENT_KEY="$2"; shift;;
 		--unmanaged) export UNMANAGED="$2"; shift;;
 		--test-config) export TEST_CONFIG="$2"; shift;;
 		--test-script) export TEST_SCRIPT="$2"; shift;;
@@ -41,6 +42,7 @@ fi
 INTERVAL=${INTERVAL:-120}
 VERIFY_SSL=${VERIFY_SSL:-1}
 TEST_CONFIG=${TEST_CONFIG:-1}
+CONSISTENT_KEY=${CONSISTENT_KEY:-1}
 CONNECT_TIMEOUT=${CONNECT_TIMEOUT:-15}
 MAX_TIME=${MAX_TIME:-30}
 CAPATH=${CAPATH:-/etc/ssl/certs}
@@ -85,12 +87,18 @@ register() {
 		   -t openwisp \
 		   -p daemon.info
 	local hostname=$(uci get system.@system[0].hostname)
+	local macaddr=$(ifconfig | grep -v lo | grep HWaddr | awk '/HWaddr/ { print $5 }' | head -n 1)
+	# use macaddress if hostname has not been changed
 	if [ "$hostname" == "OpenWrt" ] || [ "$hostname" == "lede" ]; then
-		# gets the mac address of the first interface that shows in ifconfig
-		hostname=$(ifconfig | grep -v lo | grep HWaddr | awk '/HWaddr/ { print $5 }' | head -n 1)
+		hostname="$macaddr"
 	fi
 	local backend="netjsonconfig.OpenWrt"
 	local params="secret=$SHARED_SECRET&name=$hostname&backend=$backend"
+	# generate key from macaddress + shared secret
+	if [ "$CONSISTENT_KEY" == "1" ]; then
+		local key=$(echo -n "$macaddr+$SHARED_SECRET" | md5sum | awk '{print $1}')
+		params="$params&key=$key"
+	fi
 	$($FETCH_COMMAND -i --data $params $REGISTRATION_URL > $REGISTRATION_PARAMETERS)
 	local exit_code=$?
 

diff --git a/openwisp-config/files/openwisp.config b/openwisp-config/files/openwisp.config
@@ -7,6 +7,7 @@ config controller 'http'
 	option verify_ssl '1'
 	option uuid ''
 	option key ''
+	option consistent_key '1'
 	option shared_secret ''
 	option test_config '1'
 	#option test_script '/usr/sbin/mytest'

diff --git a/openwisp-config/files/openwisp.init b/openwisp-config/files/openwisp.init
@@ -14,6 +14,7 @@ start_service() {
 	uuid=$(config_get http uuid)
 	key=$(config_get http key)
 	shared_secret=$(config_get http shared_secret)
+	consistent_key=$(config_get http consistent_key)
 	unmanaged=$(config_get http unmanaged)
 	test_config=$(config_get http test_config)
 	test_script=$(config_get http test_script)
@@ -26,6 +27,7 @@ start_service() {
 	if [ $uuid ]; then uuid="--uuid $uuid"; fi
 	if [ $key ]; then key="--key $key"; fi
 	if [ $shared_secret ]; then shared_secret="--shared-secret $shared_secret"; fi
+	if [ $consistent_key ]; then consistent_key="--consistent-key $consistent_key"; fi
 	if [ -n "$unmanaged" ]; then
 		# replace spaces with commas to avoid problems when
 		# passing this arg to procd_set_param command
@@ -53,8 +55,8 @@ start_service() {
 	fi
 
 	procd_open_instance
-	procd_set_param command $PROG $url $interval $verify_ssl $uuid $key \
-	                        $shared_secret $unmanaged $test_config $test_script \
+	procd_set_param command $PROG $url $interval $verify_ssl $uuid $key $shared_secret \
+	                        $consistent_key $unmanaged $test_config $test_script \
 	                        $connect_timeout $max_time $capath
 	procd_set_param respawn
 	procd_close_instance