Fall 2011 CRM Server Software Design TEAM MEMBERS: MAHSA TABATABAEI ( mahsat@kth.se, 15 ECTS) AMIR ROOZBEH(amirrsk@kth.se, 15 ECTS) ERICSON FERDINAND PASARIBU(pasaribu@kth.se, 24 ECTS) RENE PAVEZFLORES(rene.pavezflores@gmail.com, 18 ECTS) JUNG CHANGSU(changsu@kth.se, 30 ECTS) EKAMBAR SELVAKUMAR(ekambar@kth.se, 30 ECTS) Project Owner: Herve Ntareme Champion: Bjorn Pehrson
Contents Revision history... 3 1. Introduction... 4 2. Software architecture and components... 4 3. Database structure... 5 3.1 Tables created by Gammu... 5 3.2 authenticating... 5 3.3 logged_in... 5 3.3 whitelist... 6 3.4 blacklist... 6 4. Software algorithm... 7 4.1 condroid-serv... 7 4.2 condroid-mysqlcron... 16 5. References... 17 2
Revision history Revision Release date Remarks Authors number 1.0 December 23, 2011 Initial version Ericson F. Pasaribu 3
1. Introduction This document describes the design of the Condroid Remote Management (CRM) server software. The document describes the architecture of the software and the components that build the software. The document also describes the algorithm of processes in the software program. 2. Software architecture and components The structure of CRM server software is depicted in the following diagram. The description of functionality of each component can be read at CRM system architecture design document [1]. CRM server gammu-smsd gammu cron call read/ write call condroid-serv read/write mysql read/write condroid-mysqlcron Figure 2: Condroid Remote Management System server software In the next section of this document, the structure of database used in the CRM server, the condroid-serv algorithm s flowchart, as well as condroid-mysqlcron algorithm s flowchart will be explained. 4
3. Database structure There are 13 tables used in the CRM server. From these 13 tables, 9 are tables that are created and used by Gammu. The other 4 tables are authenticating, logged_in, whitelist, blacklist. These tables are used by condroid-serv and condroid-mysqlcron. 3.1 Tables created by Gammu There are 9 tables that are created by Gammu software: daemons, gammu, inbox, outbox, outbox_multipart, phones, sentitems, pbk, and pbk_groups. The functionality of these tables and their structure can be found online at [GW]ammu project s website [2]. 3.2 authenticating This table is used to hold the information of users that have sent login request to the server and are currently in authenticating state. Fields description: 1. id (INT NOT NULL PRIMARY KEY AUTO_INCREMENT) Unique ID of a user in the table. 2. phonenum (VARCHAR(20)) Phone number of the user from which the login request SMS message is received. 3. randomnum (SMALLINT) The random number generated by the server as response to the login request SMS message from user. The number is used by both server and user to set up a pass code to be used to authenticate messages from user/server. The process of generating this pass code can be found in the 4. timestamp (TIMESTAMP DEFAULT NOW()) Records the timestamp when the a record is inserted into authenticating table. This timestamp is evaluated by condroid-mysqlcron when deleting old records from database. 3.3 logged_in This table is used to hold the information of user that has been authenticated by the server and granted access to manage devices over the server. Fields description: 1. phonenum (VARCHAR(20) NOT NULL PRIMARY KEY) Phone number of the authenticated user. 5
2. passcode (SMALLINT NOT NULL) The pass code calculated by the server and user. 3. lastactive (TIMESTAMP DEFAULT NOW()) Records the latest timestamp when the authenticated user does an activity to the server. This timestamp is evaluated by condroid-mysqlcron when checking idle user. An idle user will be automatically logged out from the server. 3.3 whitelist This table is used to hold the list of users that are allowed to access the server. Fields description: 1. phonenum (VARCHAR(20) NOT NULL PRIMARY KEY) Phone number of the user that is allowed to s SMS to the server. 2. admin (enum('false','true') NOT NULL default 'false') Indicates whether the user is an admin user of a normal user. 3. pin (SMALLINT NOT NULL default 123) Records the PIN code for the user. This PIN code is used to generate pass code during authentication process to the server. 3.4 blacklist This table is used to hold the information of users that have blacklisted by the server. The server blacklist a user if the user has been trying to login to the server but failed the authentication process multiple times consecutively. SMS message from blacklisted user will be ignored by the server. Fields description: [1] phonenum (VARCHAR(20) NOT NULL PRIMARY KEY) Phone number of a user. A user is inserted into this table once they have failed a login attempt. [2] nrattp (SMALLINT NOT NULL) Records the number of consecutive failed login attempt by the user. [3] blacklisted (enum('false','true') NOT NULL default 'false') Indicates whether the user is currently blacklisted by the server or not. [4] lastactive (TIMESTAMP DEFAULT NOW()) Records the timestamp when a user is blacklisted by the server. This timestamp is evaluated by condroid-mysql when clearing old blacklist record. 6
4. Software algorithm 4.1 condroid-serv condroid-serv is called by gammu-smsd when there is a received SMS message. The main function will check for the content of the message and process it accordingly. The algorithm of condroid-serv program is depicted in the following flow charts. 7
Retrieve unprocessed message from inbox table Check whether the message contains CRM keyword Contains CRM? Check for the message ser number Number is blacklisted? Check for the message type LOGIN request? Process LOGIN request LOGIN with pass code? Process LOGIN with pass code MESSAGE? Process MESSAGE MESSAGE with no reply? Process MESSAGE with no reply ADMINISTRAT ION? Process ADMINISTRA TION CHANGE PIN CODE? Process CHANGE PIN CODE LOGOUT request? Process LOGOUT reques It is unknown message type. Do nothing, set message status to processed Figure 2: condroid-serv algorithm 8
Check the ser number The number is in whitelist? Check whether there is user that is currently logged in to the server There is logged in user? S login failed reply message: OTHER USER IS LOGGED IN Generate a random number and s it as challenge to the user Insert the user to authenticating table Figure 3: condroid-serv LOGIN request message processing 9
Check the ser number in authenticating table The user is in authenticating table? Get the random code previously generated for the user in authenticating table Calculate pass code value: (random number XOR PIN code), and compare the result with pass code in the message from user The values are equal? S login failed reply message: BAD PIN CODE Insert the user into logged_in table S login success reply message to the user Figure 4: condroid-serv LOGIN with pass code message processing 10
Check the ser number and the pass code value in the message, compare them with user number and pass code in logged_in table The values are identical? Retrieve command content and target device from the message, s the command to the target device through serial port Wait for response from device There is response from device before wait timeout? S message to user: NO RESPONSE FROM DEVICE S the device response message to the user Figure 5: condroid-serv MESSAGE message processing 11
Check the ser number and the pass code value in the message, compare them with user number and pass code in logged_in table The values are identical? Retrieve command content and target device from the message, s the command to the target device through serial port S the ACK message to user Figure 6: condroid-serv MESSAGE with no reply message processing 12
Check the ser number and the pass code value in the message, compare them with user number and pass code in logged_in table The values are identical? Check wether the user has admin privilege in the server The user is admin? S message to user: YOU ARE NOT ADMIN Perform the command from user on the server S ACK reply message to the user Figure 7: condroid-serv ADMINISTRATION message processing 13
Check the ser number and the pass code value in the message, compare them with user number and pass code in logged_in table The values are identical? Change the PIN code for the user in whitelist table S ACK reply message to the user Figure 8: condroid-serv CHANGE PIN CODE message processing 14
Check the ser number and the pass code value in the message, compare them with user number and pass code in logged_in table The values are identical? Delete user record from logged_in table Figure 9: condroid-serv LOGOUT request message processing 15
4.2 condroid-mysqlcron condroid-mysqlcron is called regularly by cron. The program accepts 1 input parameter which has 3 possible values: 0, 1 or 2. The algorithm of condroid-mysqlcron is depicted in the following flow chart. Check input parameter value 0 Clear old records from authenticating table, inbox table, and sentitems table. 1 Clear idle user record from logged_in table and s log out notification message to the user 2 Clear old records from blacklist table Figure 10: condroid-mysqlcron algorithm 16
5. References [1] Condroid Remote Management System Requirement Specification, ver. 2.1, The 2011 Fall CSD Remote Management System project team, Stockholm, 2011, pp. 8-9 [2] [GW]ammu project (2011, December 22). SMSD Database Structure [Online]. Available http://wammu.eu/docs/manual/smsd/tables.html 17