ClientConsole error about alertr HOT 11 CLOSED

No this is something new.

It happens directly during the initialization process of the console. Somehow the "node" object is not set inside the "sensor" object. This means there exists a sensor in the database, that has a node id which does not exist. I do not know how this could happen (because the node id of the sensor is a foreign key to the id in the node tables, this means the object could not be stored inside the database of the server if something like this happens).

The only idea I have now is the following:

This code searches the node the sensor belongs to (in the console manager):

nodeSensorBelongs = None
for node in self.nodes:
    if node.nodeType != "sensor":
        continue
    if sensor.nodeId == node.nodeId:
        nodeSensorBelongs = node
        break

This code skips nodes that are not of the type "sensor". This means you could have a node not of the type sensor in your database (for example of type "manager") that has sensors. This can happen if you use the same username for more than one client. Can you please check your configuration? And if this is not the case, can you please post a dump of you database?

[edit]
Just pushed an update to make some more checks to avoid problems with misconfigured clients.

from alertr.

Thanks for the quick reply - i will set up a new VM and test it until monday and give you feedback.
It is possible that i double used the username (..i know you promised strange things could happen...)

What is the best way to dump the sqlite database? Specific table? Did not look into the database for now .

from alertr.

from alertr.

from alertr.

from alertr.

Ok thanks for the images.

Your database is totally messed up. For example your first two sensors point to node 1 and this node is of type "manager". The last two sensors point to node 4 and this one is of type "alert". The only thing I can think about how this could happen is multiple use of the same username.

To fix this I would recommend to delete your database and all "registered" files on the client side. Then restart the server and all clients. This should rebuild the database and fix everything.

Because of a feature I want to implement over Christmas (a kind of rule engine so you can configure a specific order in which sensors have to trigger in a specific time frame to trigger an alert => need this for a path of motion sensors), I have to change the config file format (unfortunately, XML is the only format that models the things I need) and parts of the client registration. I think this messed up database when you use the same username multiple times should then also be fixed.

from alertr.

Sounds like a good improvement!
Maybe you can disable check for certificates if the option is set to false - an option to
completely turn off certificates ( in this case the values could be empty ).
Tell me if i should open a new topic for that.

from alertr.

Sorry, I intentionally did not add the feature to disable the server certificate check. The reason why I will not do this is because it completely undermines the security you gain with TLS. When someone disables it, it is absolutely no problem to gain the user credentials via a MITM attack. And by forcing the server certificate check, I prevent a misconfiguration of the complete alerting system (because someone does not know how or do not want to generate a certificate). You do not even need a CA and the whole certificate signing part to be secure. You only need to generate one certificate for the server (which is one OpenSSL command) and put the certificate on all clients.

Perhaps to get a better usability for the "not so technical" users one could add an install/setup script or something like that. I also thought about a web interface to configure the server/clients. But one step at a time ;)

from alertr.

Security first - it´s important, but in a single homed environment no one should gain access to the systems :) - but i think i should follow the secure way too, started from here to create a CA
http://www.freebsdmadeeasy.com/tutorials/web-server/apache-ssl-certs.php
...it´s a lot of work to generate certificates for each client - and in the future to maintain them...

How should a config with just one cert look like? Maybe you can give an example - currently there are three cert files required in each config file.

Thank you and best regards.

from alertr.

Ok, a whole CA for an isolated home environment is much to maintain. The one cert solution is the one I gave in the example configurations ( https://github.com/sqall01/alertR/blob/master/server/README.md ):

On the server you can do this to create a certificate and key:

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Then you can use this for your server configuration in the configuration file:

[...]
[server]
certificateFile = /home/pi/server/server.crt
keyFile = /home/pi/server/server.key
[...]

Now the server certificate is configured. To disable the clients from offering a client certificate, you have to disable this check first on the server with this switch in the configuration file (which I just see I forgot to update in the example, but it is described in the config template):

[...]
[server]
[...]
useClientCertificates = False
clientCAFile = value not processed
[...]

Now the server is configured to have a self-made certificate without any CA and does not require the clients to offer a certificate for the authentication.

When we now configure a client, we can again use the example ( https://github.com/sqall01/alertR/blob/master/alertClientRaspberryPi/README.md ). We first disable the client certificate authentication:

[general]
[...]
certificateRequired = False
certificateFile = value not processed
keyFile = value not processed
[...]

Ok, now the client needs the CA to check the certificate offered by the server. Because there does not exist any CA for this, we use the certificate (public key) of the server itself (the created file "server.crt"). The configuration on the client would look like this:

[...]
[general]
[...]
serverCAFile = /home/pi/alertClientRaspberryPi/server.crt
[...]

When you use this configuration, you do not need any CA and just have to create one server certificate (and still have a moderate secure connection).

Perhaps I should create a configuration how to for a simple setup. But I do not know when I will do it. The configuration file has changed a lot in the dev branch (now it is with xml instead of ini).

from alertr.

Ok, merged the dev branch with the master branch and updated the basic configuration examples. Everything should be solved now.

from alertr.