From 3f3f89c06e10623805481c2ab8a4503cd68b2a63 Mon Sep 17 00:00:00 2001
From: Ben Meadors <benmmeadors@gmail.com>
Date: Sat, 15 Feb 2025 09:24:37 -0600
Subject: [PATCH] Licensed usage compliance (#6047)

* Prevent psk and legacy admin channel on licensed mode

* Move it

* Consolidate warning strings

* More holes
---
 src/mesh/Channels.cpp       | 29 +++++++++++++++++++++++++++++
 src/mesh/Channels.h         |  2 ++
 src/mesh/NodeDB.cpp         |  5 +++++
 src/modules/AdminModule.cpp | 17 +++++++++++------
 src/modules/AdminModule.h   |  2 ++
 5 files changed, 49 insertions(+), 6 deletions(-)

diff --git a/src/mesh/Channels.cpp b/src/mesh/Channels.cpp
index 4bc91ce4e..5b929002e 100644
--- a/src/mesh/Channels.cpp
+++ b/src/mesh/Channels.cpp
@@ -93,6 +93,35 @@ void Channels::initDefaultLoraConfig()
 #endif
 }
 
+bool Channels::ensureLicensedOperation()
+{
+    if (!owner.is_licensed) {
+        return false;
+    }
+    bool hasEncryptionOrAdmin = false;
+    for (uint8_t i = 0; i < MAX_NUM_CHANNELS; i++) {
+        auto channel = channels.getByIndex(i);
+        if (!channel.has_settings) {
+            continue;
+        }
+        auto &channelSettings = channel.settings;
+        if (strcasecmp(channelSettings.name, Channels::adminChannel) == 0) {
+            channel.role = meshtastic_Channel_Role_DISABLED;
+            channelSettings.psk.bytes[0] = 0;
+            channelSettings.psk.size = 0;
+            hasEncryptionOrAdmin = true;
+            channels.setChannel(channel);
+
+        } else if (channelSettings.psk.size > 0) {
+            channelSettings.psk.bytes[0] = 0;
+            channelSettings.psk.size = 0;
+            hasEncryptionOrAdmin = true;
+            channels.setChannel(channel);
+        }
+    }
+    return hasEncryptionOrAdmin;
+}
+
 /**
  * Write a default channel to the specified channel index
  */
diff --git a/src/mesh/Channels.h b/src/mesh/Channels.h
index b0c9b3d07..7873a306a 100644
--- a/src/mesh/Channels.h
+++ b/src/mesh/Channels.h
@@ -92,6 +92,8 @@ class Channels
     // Returns true if any of our channels have enabled MQTT uplink or downlink
     bool anyMqttEnabled();
 
+    bool ensureLicensedOperation();
+
   private:
     /** Given a channel index, change to use the crypto key specified by that index
      *
diff --git a/src/mesh/NodeDB.cpp b/src/mesh/NodeDB.cpp
index 4a3bbe736..892ac3648 100644
--- a/src/mesh/NodeDB.cpp
+++ b/src/mesh/NodeDB.cpp
@@ -328,6 +328,11 @@ NodeDB::NodeDB()
     moduleConfig.neighbor_info.update_interval =
         Default::getConfiguredOrMinimumValue(moduleConfig.neighbor_info.update_interval, min_neighbor_info_broadcast_secs);
 
+    // Don't let licensed users to rebroadcast encrypted packets
+    if (owner.is_licensed) {
+        config.device.rebroadcast_mode = meshtastic_Config_DeviceConfig_RebroadcastMode_LOCAL_ONLY;
+    }
+
     if (devicestateCRC != crc32Buffer(&devicestate, sizeof(devicestate)))
         saveWhat |= SEGMENT_DEVICESTATE;
     if (nodeDatabaseCRC != crc32Buffer(&nodeDatabase, sizeof(nodeDatabase)))
diff --git a/src/modules/AdminModule.cpp b/src/modules/AdminModule.cpp
index 9428dd505..5e31e0dc0 100644
--- a/src/modules/AdminModule.cpp
+++ b/src/modules/AdminModule.cpp
@@ -448,6 +448,9 @@ void AdminModule::handleSetOwner(const meshtastic_User &o)
     if (owner.is_licensed != o.is_licensed) {
         changed = 1;
         owner.is_licensed = o.is_licensed;
+        if (channels.ensureLicensedOperation()) {
+            sendWarning(licensedModeMessage);
+        }
     }
 
     if (changed) { // If nothing really changed, don't broadcast on the network or write to flash
@@ -729,6 +732,9 @@ void AdminModule::handleSetModuleConfig(const meshtastic_ModuleConfig &c)
 void AdminModule::handleSetChannel(const meshtastic_Channel &cc)
 {
     channels.setChannel(cc);
+    if (channels.ensureLicensedOperation()) {
+        sendWarning(licensedModeMessage);
+    }
     channels.onConfigChanged(); // tell the radios about this change
     saveChanges(SEGMENT_CHANNELS, false);
 }
@@ -1066,15 +1072,14 @@ void AdminModule::handleSetHamMode(const meshtastic_HamParameters &p)
 
     config.device.rebroadcast_mode = meshtastic_Config_DeviceConfig_RebroadcastMode_LOCAL_ONLY;
     // Remove PSK of primary channel for plaintext amateur usage
-    auto primaryChannel = channels.getByIndex(channels.getPrimaryIndex());
-    auto &channelSettings = primaryChannel.settings;
-    channelSettings.psk.bytes[0] = 0;
-    channelSettings.psk.size = 0;
-    channels.setChannel(primaryChannel);
+
+    if (channels.ensureLicensedOperation()) {
+        sendWarning(licensedModeMessage);
+    }
     channels.onConfigChanged();
 
     service->reloadOwner(false);
-    saveChanges(SEGMENT_CONFIG | SEGMENT_DEVICESTATE | SEGMENT_CHANNELS);
+    saveChanges(SEGMENT_CONFIG | SEGMENT_NODEDATABASE | SEGMENT_DEVICESTATE | SEGMENT_CHANNELS);
 }
 
 AdminModule::AdminModule() : ProtobufModule("Admin", meshtastic_PortNum_ADMIN_APP, &meshtastic_AdminMessage_msg)
diff --git a/src/modules/AdminModule.h b/src/modules/AdminModule.h
index ee2ebfd96..3ab8ed4d8 100644
--- a/src/modules/AdminModule.h
+++ b/src/modules/AdminModule.h
@@ -64,6 +64,8 @@ class AdminModule : public ProtobufModule<meshtastic_AdminMessage>, public Obser
     void sendWarning(const char *message);
 };
 
+static constexpr char *licensedModeMessage = "Licensed mode activated, removing admin channel and encryption from all channels";
+
 extern AdminModule *adminModule;
 
 void disableBluetooth();
\ No newline at end of file