From cb521b44443db2b76ad32d5ac1ab1682e618925e Mon Sep 17 00:00:00 2001 From: hank Date: Tue, 28 Apr 2026 20:58:11 -0700 Subject: [PATCH] handleLoginReq: layer ACL between admin pw and guest/blank pw MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reorder login auth so that, in priority: 1. Admin password match -> ADMIN (overrides ACL — a region_mgr or other ACL'd client who knows the admin pw can still upgrade). 2. Sender pubkey is in the ACL -> use the stored permissions (no password required; pubkey is itself an identity assertion). 3. Guest password match (or blank pw when guest pw is unset) -> GUEST. 4. Otherwise -> reject. Previously the ACL was consulted only when `data[0] == 0` (blank pw), so a non-blank password would skip the ACL entirely and fall through to the password block. Phones that sent any non-empty password field — even a stale one — would never see their ACL-granted role; they'd either be rejected or assigned the role implied by the password match. Implementation is a single-line change: gate the ACL lookup on "the admin pw did NOT match". When admin matches, we skip the lookup so the existing password block sets ADMIN unconditionally (the right behavior for the upgrade case). When admin does not match, the ACL takes over; only on an ACL miss do we fall through to guest/reject. --- examples/simple_repeater/MyMesh.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/simple_repeater/MyMesh.cpp b/examples/simple_repeater/MyMesh.cpp index 666f79fc5c..71176db9e2 100644 --- a/examples/simple_repeater/MyMesh.cpp +++ b/examples/simple_repeater/MyMesh.cpp @@ -89,7 +89,7 @@ void MyMesh::putNeighbour(const mesh::Identity &id, uint32_t timestamp, float sn uint8_t MyMesh::handleLoginReq(const mesh::Identity& sender, const uint8_t* secret, uint32_t sender_timestamp, const uint8_t* data, bool is_flood) { ClientInfo* client = NULL; - if (data[0] == 0) { // blank password, just check if sender is in ACL + if (strcmp((char *)data, _prefs.password) != 0) { // admin pw bypasses ACL (allows upgrade) client = acl.getClient(sender.pub_key, PUB_KEY_SIZE); if (client == NULL) { #if MESH_DEBUG