Licensed usage compliance (#6047)

* Prevent psk and legacy admin channel on licensed mode * Move it * Consolidate warning strings * More holes
2025-08-11 16:07:13 +00:00 · 2025-02-15 09:24:37 -06:00 · 2025-02-15 09:24:37 -06:00 · 3f3f89c06e
commit 3f3f89c06e
parent 919085379e
5 changed files with 49 additions and 6 deletions
--- a/src/mesh/Channels.cpp
+++ b/src/mesh/Channels.cpp
@ -93,6 +93,35 @@ void Channels::initDefaultLoraConfig()
 #endif
 }

+bool Channels::ensureLicensedOperation()
+{
+    if (!owner.is_licensed) {
+        return false;
+    }
+    bool hasEncryptionOrAdmin = false;
+    for (uint8_t i = 0; i < MAX_NUM_CHANNELS; i++) {
+        auto channel = channels.getByIndex(i);
+        if (!channel.has_settings) {
+            continue;
+        }
+        auto &channelSettings = channel.settings;
+        if (strcasecmp(channelSettings.name, Channels::adminChannel) == 0) {
+            channel.role = meshtastic_Channel_Role_DISABLED;
+            channelSettings.psk.bytes[0] = 0;
+            channelSettings.psk.size = 0;
+            hasEncryptionOrAdmin = true;
+            channels.setChannel(channel);
+
+        } else if (channelSettings.psk.size > 0) {
+            channelSettings.psk.bytes[0] = 0;
+            channelSettings.psk.size = 0;
+            hasEncryptionOrAdmin = true;
+            channels.setChannel(channel);
+        }
+    }
+    return hasEncryptionOrAdmin;
+}
+
 /**
 * Write a default channel to the specified channel index
 */
--- a/src/mesh/Channels.h
+++ b/src/mesh/Channels.h
@ -92,6 +92,8 @@ class Channels
    // Returns true if any of our channels have enabled MQTT uplink or downlink
    bool anyMqttEnabled();

+    bool ensureLicensedOperation();
+
  private:
    /** Given a channel index, change to use the crypto key specified by that index
     *
--- a/src/mesh/NodeDB.cpp
+++ b/src/mesh/NodeDB.cpp
@ -328,6 +328,11 @@ NodeDB::NodeDB()
    moduleConfig.neighbor_info.update_interval =
        Default::getConfiguredOrMinimumValue(moduleConfig.neighbor_info.update_interval, min_neighbor_info_broadcast_secs);

+    // Don't let licensed users to rebroadcast encrypted packets
+    if (owner.is_licensed) {
+        config.device.rebroadcast_mode = meshtastic_Config_DeviceConfig_RebroadcastMode_LOCAL_ONLY;
+    }
+
    if (devicestateCRC != crc32Buffer(&devicestate, sizeof(devicestate)))
        saveWhat |= SEGMENT_DEVICESTATE;
    if (nodeDatabaseCRC != crc32Buffer(&nodeDatabase, sizeof(nodeDatabase)))
--- a/src/modules/AdminModule.cpp
+++ b/src/modules/AdminModule.cpp
@ -448,6 +448,9 @@ void AdminModule::handleSetOwner(const meshtastic_User &o)
    if (owner.is_licensed != o.is_licensed) {
        changed = 1;
        owner.is_licensed = o.is_licensed;
+        if (channels.ensureLicensedOperation()) {
+            sendWarning(licensedModeMessage);
+        }
    }

    if (changed) { // If nothing really changed, don't broadcast on the network or write to flash
@ -729,6 +732,9 @@ void AdminModule::handleSetModuleConfig(const meshtastic_ModuleConfig &c)
 void AdminModule::handleSetChannel(const meshtastic_Channel &cc)
 {
    channels.setChannel(cc);
+    if (channels.ensureLicensedOperation()) {
+        sendWarning(licensedModeMessage);
+    }
    channels.onConfigChanged(); // tell the radios about this change
    saveChanges(SEGMENT_CHANNELS, false);
 }
@ -1066,15 +1072,14 @@ void AdminModule::handleSetHamMode(const meshtastic_HamParameters &p)

    config.device.rebroadcast_mode = meshtastic_Config_DeviceConfig_RebroadcastMode_LOCAL_ONLY;
    // Remove PSK of primary channel for plaintext amateur usage
-    auto primaryChannel = channels.getByIndex(channels.getPrimaryIndex());
-    auto &channelSettings = primaryChannel.settings;
-    channelSettings.psk.bytes[0] = 0;
-    channelSettings.psk.size = 0;
-    channels.setChannel(primaryChannel);
+
+    if (channels.ensureLicensedOperation()) {
+        sendWarning(licensedModeMessage);
+    }
    channels.onConfigChanged();

    service->reloadOwner(false);
-    saveChanges(SEGMENT_CONFIG | SEGMENT_DEVICESTATE | SEGMENT_CHANNELS);
+    saveChanges(SEGMENT_CONFIG | SEGMENT_NODEDATABASE | SEGMENT_DEVICESTATE | SEGMENT_CHANNELS);
 }

 AdminModule::AdminModule() : ProtobufModule("Admin", meshtastic_PortNum_ADMIN_APP, &meshtastic_AdminMessage_msg)
--- a/src/modules/AdminModule.h
+++ b/src/modules/AdminModule.h
@ -64,6 +64,8 @@ class AdminModule : public ProtobufModule<meshtastic_AdminMessage>, public Obser
    void sendWarning(const char *message);
 };

+static constexpr char *licensedModeMessage = "Licensed mode activated, removing admin channel and encryption from all channels";
+
 extern AdminModule *adminModule;

 void disableBluetooth();