extend netmode

firewallmngr/Config.in

@@ -10,7 +10,7 @@ config FIREWALLMNGR_PORT_TRIGGER
 
 config FIREWALLMNGR_NAT_INTERFACE_SETTING
 	bool "Include Device.NAT.InterfaceSetting"
-	default y
+	default n
 	help
 	   Set this option to include support for NAT InterfaceSetting object.
 

firewallmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.9.2
+PKG_VERSION:=1.0.9.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
-PKG_SOURCE_VERSION:=fdabd33cf42ac02adadbdf43bd8bf86a62d7d1e3
+PKG_SOURCE_VERSION:=3ce0550dbbc49617c36202fc8d63e453467a246e
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.9.9.5
+PKG_VERSION:=9.9.9.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=f3d5843c54a4c1c3e74629f0953a3bf144c2fa8e
+PKG_SOURCE_VERSION:=868f749f3fd61a094cc4792ea842a261443a99ad
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

logmngr/files/etc/config/logmngr

@@ -8,7 +8,7 @@ config source 'default_source'
 
 config template 'default_template'
 	option name 'default_template'
-	option expression '{time} {hostname} {ident}[{pid}]: {message}'
+	option expression '{time} {hostname} {ident}: {message}'
 
 config action 'default_action'
 	option name 'default_action'

logmngr/files/etc/uci-defaults/10-logmngr_config_migrate

@@ -11,7 +11,7 @@ fi
 if ! uci -q get logmngr.default_template > /dev/null; then
 	uci -q set logmngr.default_template=template
 	uci -q set logmngr.default_template.name='default_template'
-	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}[{pid}]: {message}'
+	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}: {message}'
 fi
 
 if uci -q get logmngr.a1 >/dev/null; then

mosquitto-auth-shadow/Config.in

@@ -1,7 +0,0 @@
-if PACKAGE_mosquitto-auth-shadow
-
-config MOSQUITTO_AUTH_PAM_SUPPORT
-	bool "Enable support of Linux PAM module for Authentication"
-	default y
-
-endif

mosquitto-auth-shadow/Makefile

@@ -14,13 +14,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mosquitto-auth-shadow
-PKG_VERSION:=1.1.0
+PKG_VERSION:=1.0.1
 
 PKG_MAINTAINER:=Erik Karlsson <erik.karlsson@genexis.eu>
 PKG_LICENSE:=EPL-2.0
 
 PKG_BUILD_PARALLEL:=1
-PKG_CONFIG_DEPENDS:=CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -28,7 +27,7 @@ define Package/mosquitto-auth-shadow
   SECTION:=net
   CATEGORY:=Network
   TITLE:=mosquitto - /etc/shadow authentication plugin
-  DEPENDS:=+mosquitto-ssl +MOSQUITTO_AUTH_PAM_SUPPORT:libpam
+  DEPENDS:=+mosquitto-ssl
   USERID:=mosquitto=200:mosquitto=200 mosquitto=200:shadow=11
 endef
 
@@ -37,14 +36,6 @@ define Package/mosquitto-auth-shadow/description
   users using /etc/shadow
 endef
 
-define Package/mosquitto-auth-shadow/config
-	source "$(SOURCE)/Config.in"
-endef
-
-ifeq ($(CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT),y)
-TARGET_CFLAGS+=-DENABLE_PAM_SUPPORT
-endif
-
 define Package/mosquitto-auth-shadow/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_shadow.so $(1)/usr/lib/

mosquitto-auth-shadow/src/Makefile

@@ -19,7 +19,7 @@ all: $(TARGETS)
 	$(CC) $(CFLAGS) -Wall -Werror -fPIC -c -o $@ $<
 
 mosquitto_auth_shadow.so: mosquitto_auth_shadow.pic.o
-	$(CC) $(LDFLAGS) -shared -o $@ $^ $(if $(filter -DENABLE_PAM_SUPPORT,$(CFLAGS)),-lpam)
+	$(CC) $(LDFLAGS) -shared -o $@ $^
 
 clean:
 	rm -f *.o $(TARGETS)

mosquitto-auth-shadow/src/mosquitto_auth_shadow.c

@@ -15,78 +15,22 @@
 #include <string.h>
 #include <shadow.h>
 #include <crypt.h>
-#include <stdlib.h>
 #include <mosquitto.h>
 #include <mosquitto_broker.h>
 #include <mosquitto_plugin.h>
 
-#ifdef ENABLE_PAM_SUPPORT
-#include <security/pam_appl.h>
-
-static int pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
-{
-	int i;
-	const char *pass = (const char *)appdata_ptr;
-
-	*resp = calloc(num_msg, sizeof(struct pam_response));
-	if (*resp == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
-		return PAM_BUF_ERR;
-	}
-
-	if (pass == NULL)
-		return PAM_SUCCESS;
-
-	for (i = 0; i < num_msg; ++i) {
-		if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
-			(*resp)[i].resp = strdup(pass);
-			if ((*resp)[i].resp == NULL) {
-				for (int j = 0; j < i ; j++)
-					free((*resp)[j].resp);
-
-				free(*resp);
-				*resp = NULL;
-				mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
-				return PAM_BUF_ERR;
-			}
-		}
-	}
-	return PAM_SUCCESS;
-}
-
-static int process_pam_auth_callback(struct mosquitto_evt_basic_auth *ed)
-{
-	struct pam_conv conv;
-	int retval;
-	pam_handle_t *pamh = NULL;
-
-	conv.conv = pam_conversation;
-	conv.appdata_ptr = (void *)ed->password;
-
-	retval = pam_start("mosquitto", ed->username, &conv, &pamh);
-	if (retval != PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
-		return MOSQ_ERR_AUTH;
-	}
-
-	retval = pam_authenticate(pamh, 0);
-	pam_end(pamh, retval);
-	if (retval == PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
-		return MOSQ_ERR_SUCCESS;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]", ed->username, pam_strerror(pamh, retval));
-	return MOSQ_ERR_AUTH;
-}
-#else
-static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
+static int basic_auth_callback(int event, void *event_data, void *userdata)
 {
+	struct mosquitto_evt_basic_auth *ed = event_data;
 	struct spwd spbuf, *sp = NULL;
 	char buf[256];
 	struct crypt_data data;
 	char *hash;
 
+	/* Let other plugins or broker decide about anonymous login */
+	if (ed->username == NULL)
+		return MOSQ_ERR_PLUGIN_DEFER;
+
 	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
 
 	if (sp == NULL || sp->sp_pwdp == NULL)
@@ -110,22 +54,6 @@ static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
 
 	return MOSQ_ERR_AUTH;
 }
-#endif
-
-static int basic_auth_callback(int event, void *event_data, void *userdata)
-{
-	struct mosquitto_evt_basic_auth *ed = event_data;
-
-	/* Let other plugins or broker decide about anonymous login */
-	if (ed->username == NULL)
-		return MOSQ_ERR_PLUGIN_DEFER;
-
-#ifdef ENABLE_PAM_SUPPORT
-	return process_pam_auth_callback(ed);
-#else
-	return process_shadow_auth_callback(ed);
-#endif
-}
 
 int mosquitto_plugin_version(int supported_version_count,
 			     const int *supported_versions)

netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp

@@ -16,7 +16,7 @@ l3_mcast_config() {
 
 l3_network_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
-
+	
 	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode
@@ -46,26 +46,23 @@ l3_network_config() {
 	uci -q set network.wan6.proto='dhcpv6'
 	uci -q delete network.wan6.disabled
 
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
+	if [ -n "$wandev" -a -n "$NETMODE_vlanid" -a $NETMODE_vlanid -gt 0 ]; then
 		uci -q set network.vlan_${NETMODE_vlanid}=device
 		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
 		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
 		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
 		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
 
-		wandev="$wandev.$NETMODE_vlanid"
+		uci -q set network.wan.device="$wandev.$NETMODE_vlanid"
 	fi
-
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
-
+	
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
 		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
 		for server in $dns_servers; do
 		    uci -q add_list network.wan.dns=$server
 		done
-	fi
+	fi	
 
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
@@ -87,6 +84,12 @@ l3_network_config() {
 			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
 		fi
 		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		if [ -n "$device" ]; then
+			uci -q set network.wan.device="$device"
+			uci -q set network.wan6.device="$device"
+		fi
 		json_cleanup
 	fi
 

netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe

@@ -16,7 +16,7 @@ l3_mcast_config() {
 
 l3_network_pppoe_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
-
+	
 	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode
@@ -44,19 +44,16 @@ l3_network_pppoe_config() {
 
 	uci -q set network.wan6.disabled='1'
 
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
+	if [ -n "$wandev" -a -n "$NETMODE_vlanid" -a $NETMODE_vlanid -gt 0 ]; then
 		uci -q set network.vlan_${NETMODE_vlanid}=device
 		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
 		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
 		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
 		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
 
-		wandev="$wandev.$NETMODE_vlanid"
+		uci -q set network.wan.device="$wandev.$NETMODE_vlanid"
 	fi
-
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
-
+	
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
 		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
@@ -85,6 +82,12 @@ l3_network_pppoe_config() {
 			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
 		fi
 		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		if [ -n "$device" ]; then
+			uci -q set network.wan.device="$device"
+			uci -q set network.wan6.device="$device"
+		fi
 		json_cleanup
 	fi
 

netmode/files/etc/netmodes/routed-static/scripts/10-routed-static

@@ -16,7 +16,7 @@ l3_mcast_config() {
 
 l3_network_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
-
+	
 	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode
@@ -45,19 +45,6 @@ l3_network_config() {
 
 	uci -q set network.wan6.disabled='1'
 
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
-
-		wandev="$wandev.$NETMODE_vlanid"
-	fi
-
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
-
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
 		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
@@ -66,6 +53,14 @@ l3_network_config() {
 		done
 	fi
 
+	uci -q delete network.wan.dns
+	if [ -n "$NETMODE_dns_servers" ]; then
+		IFS=',' read -ra ADDRS <<< "$NETMODE_dns_servers"
+		for ip in "${ADDRS[@]}"; do
+			uci -q add_list network.wan.dns=$ip
+		done
+	fi
+
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
 
@@ -86,6 +81,12 @@ l3_network_config() {
 			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
 		fi
 		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		if [ -n "$device" ]; then
+			uci -q set network.wan.device="$device"
+			uci -q set network.wan6.device="$device"
+		fi
 		json_cleanup
 	fi
 

netmode/files/etc/netmodes/supported_modes.json

@@ -13,7 +13,7 @@
         },
         {
           "name": "dns_servers",
-          "description": "DNS Servers",
+          "description": "DNS Servers, comma separated",
           "required": false,
           "type": "string"
         }
@@ -45,7 +45,7 @@
         },
         {
           "name": "dns_servers",
-          "description": "DNS Servers",
+          "description": "DNS Servers, comma separated",
           "required": false,
           "type": "string"
         }
@@ -84,7 +84,7 @@
         },
         {
           "name": "dns_servers",
-          "description": "DNS Servers",
+          "description": "DNS servers, comma separated",
           "required": false,
           "type": "string"
         }

netmode/files/etc/uci-defaults/40_netmode_set_default_netmode

@@ -1,29 +0,0 @@
-#!/bin/sh
-
-enabled="$(uci -q get netmode.global.enabled)"
-[ "$enabled" == "1" ] || exit 0
-
-mode="$(uci -q get netmode.global.mode)"
-[ -n "$mode" ] && exit 0
-
-[ -f /etc/netmodes/supported_modes.json ] || exit 0
-
-# NetMode is enabled without a Mode being set
-# Figure out the current mode from network config
-wanproto=$(uci -q get network.wan.proto)
-curmode=""
-case "$wanproto" in
-	dhcp) curmode="routed-dhcp" ;;
-	pppoe) curmode="routed-pppoe" ;;
-	static) curmode="routed-static" ;;
-esac
-
-found=0
-for md in $(jsonfilter -i /etc/netmodes/supported_modes.json -e "@.supported_modes.*.name"); do
-	[ "$md" == "$curmode" ] && found=1
-done
-
-if [ $found -eq 1 ]; then
-	uci -q set netmode.global.mode="$curmode"
-	echo "$curmode" > /etc/netmodes/.last_mode
-fi

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=10.0.0.17
+PKG_VERSION:=10.0.0.16
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=8f0f8cfc2c4048bfed674163030d0b06f96f2da1
+PKG_SOURCE_VERSION:=479ffb3582aa245a84829502d9412ca2539eefca
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -32,9 +32,8 @@ define Package/obuspa
   SUBMENU:=TRx69
   TITLE:=USP agent
   MENU:=1
-  DEPENDS:=+libopenssl +libcurl +libsqlite3 +libmosquitto-ssl +libwebsockets-openssl
-  DEPENDS+=+libjson-c +libubox +libubus +libuci +libblobmsg-json
-  DEPENDS+=+ca-certificates +OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl
+  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
+		+OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl +libjson-c
   DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
 

obuspa/files/etc/init.d/obuspa

@@ -6,18 +6,19 @@ USE_PROCD=1
 
 PROG=/usr/sbin/obuspa
 CONFIGURATION=obuspa
+FIRST_BOOT="/etc/obuspa/boot_marker"
 ENV_PROFILE="/root/.profile"
 KEEP_FILE="/lib/upgrade/keep.d/obuspa"
 
 RESET_FILE="/tmp/obuspa/fw_defaults"
-
-OBUSPA_BOOT_MARKER="/etc/obuspa/.boot"
+SQL_DB_FILE="/tmp/obuspa/usp.db"
+DB_DUMP="/tmp/obuspa/usp.dump_$(date +%s)"
 
 BASEPATH=""
 INSTANCE_COUNT=0
-CLIENT_ID_PREFIX=""
 
 . /lib/functions/network.sh
+. /usr/share/libubox/jshn.sh
 . /etc/obuspa/usp_utils.sh
 
 global_init()
@@ -29,7 +30,6 @@ global_init()
 log()
 {
 	echo "$*"|logger -t obuspa.init -p debug
-	echo "$*" >/dev/console
 }
 
 db_set_reset_file()
@@ -47,9 +47,37 @@ db_set_reset_file()
 	fi
 }
 
+db_set_sql()
+{
+	local param value
+
+	param="${1}"
+	shift
+	value="$*"
+
+	if [ -n "${param}" ] && [ -n "${value}" ]; then
+		if grep -q "${param} " ${DB_DUMP}; then
+			value="${value//\//\\/}"
+			sed -i "s/${param} .*/${param} \"${value}\"/g" ${DB_DUMP}
+		else
+			echo "${param} \"${value}\"" >> ${DB_DUMP}
+		fi
+	fi
+}
+
 db_set()
 {
-	db_set_reset_file "$@"
+	# if sql db dump file present, update it
+	if [ -f "${DB_DUMP}" ]; then
+		db_set_sql "$@"
+	else
+		db_set_reset_file "$@"
+	fi
+}
+
+dump_db()
+{
+	${PROG} -v0 -f ${SQL_DB_FILE} -c show database |grep "^Internal.\|^Device."|sed '{s/=> /"/g;s/$/"/g}' | sort  > ${DB_DUMP}
 }
 
 # if db present then check if it matches with existing instances
@@ -64,6 +92,21 @@ get_base_path()
 	path=""
 	count=0
 
+	if [ -f "${DB_DUMP}" ]; then
+		path=$(grep -E "${refpath}\d+.Alias \"${value}\"" ${DB_DUMP})
+		path=${path%.*}
+		if [ -z "${path}" ]; then
+			path=$(grep -oE "${refpath}\d+" ${DB_DUMP} |sort -r|head -n 1)
+			if [ -n "${path}" ]; then
+				count=${path##*.}
+				count=$(( count + 1 ))
+			else
+				count=1
+			fi
+			path="${refpath}${count}"
+		fi
+	fi
+
 	if [ -z "${path}" ]; then
 		INSTANCE_COUNT=$(( INSTANCE_COUNT + 1 ))
 		path="${refpath}${INSTANCE_COUNT}"
@@ -79,7 +122,9 @@ get_refrence_path()
 	value="${2}"
 	path=""
 
-	if [ -f "${RESET_FILE}" ]; then
+	if [ -f "${DB_DUMP}" ]; then
+		path=$(grep -E "${dmref}\d+.Alias " ${DB_DUMP}|grep -w "${value}")
+	elif [ -f "${RESET_FILE}" ]; then
 		path=$(grep -E "${dmref}\d+.Alias " ${RESET_FILE}|grep -w "${value}")
 	fi
 	path=${path%.*}
@@ -91,7 +136,7 @@ update_keep()
 	file=${1}
 
 	if [ -z "${file}" ]; then
-		return 0
+		return;
 	fi
 
 	if [ ! -f "${KEEP_FILE}" ]; then
@@ -218,7 +263,7 @@ configure_localagent()
 
 	validate_localagent_section "${1}" || {
 		log "Validation of localagent section failed"
-		return 0
+		return 0;
 	}
 
 	db_set Device.LocalAgent.EndpointID "${EndpointID}"
@@ -226,7 +271,7 @@ configure_localagent()
 
 update_reset_reason()
 {
-	[ -f "/tmp/reset_reason" ] || return 0
+	[ -f "/tmp/reset_reason" ] || return 0;
 
 	if grep -qwi "defaultreset" /tmp/reset_reason; then
 		db_set Internal.Reboot.Cause "FactoryReset"
@@ -265,6 +310,10 @@ get_role_index()
 		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${CTRUST_RESET_FILE} |grep $name)"
 		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
 		echo "$val"
+	elif [ -f "${DB_DUMP}" ]; then
+		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${DB_DUMP} |grep $name)"
+		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
+		echo "$val"
 	else
 		log "Not able to get role ${name}, use Untrusted role"
 		echo "${drole}"
@@ -282,19 +331,19 @@ configure_controller()
 	sec="${1}"
 	validate_controller_section "${1}" || {
 		log "Validation of controller section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/controller_/cpe-}"
 	get_base_path "Device.LocalAgent.Controller." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -z "${Protocol}" ]; then
 		log "controller:: Protocol cannot be empty"
-		return 1
+		return 1;
 	fi
 
 	dm_ref=""
@@ -390,14 +439,14 @@ configure_subscription()
 	sec="${1}"
 	validate_subscription_section "${1}" || {
 		log "Validation of subscription section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/sub_/cpe-}"
 	get_base_path "Device.LocalAgent.Subscription." "sub_${1}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -n "${controller}" ]; then
@@ -434,12 +483,12 @@ configure_challenges()
 	get_base_path "Device.LocalAgent.ControllerTrust.Challenge." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -z "${role_name}" ] && [ -z "${Role}" ]; then
-		log "Either role_name or Role must defined for a challenge"
-		return 1
+		log "Either role_name or Role must defined for a challenge";
+		return 1;
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -466,18 +515,18 @@ configure_mtp() {
 	sec="${1}"
 	validate_mtp_section "${1}" || {
 		log "Validation of mtp section failed"
-		return 1
+		return 1;
 	}
 	sec="${sec/mtp_/cpe-}"
 	get_base_path "Device.LocalAgent.MTP." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -z "${Protocol}" ]; then
 		log "Protocol not defined for the mtp[${1}] section"
-		return 1
+		return 1;
 	fi
 
 	dm_ref=""
@@ -535,14 +584,14 @@ configure_stomp_connection() {
 	sec="${1}"
 	validate_stomp_connection_section "${1}" || {
 		log "Validation of stomp section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/stomp_/cpe-}"
 	get_base_path "Device.STOMP.Connection." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -565,18 +614,14 @@ configure_mqtt_client() {
 	sec="${1}"
 	validate_mqtt_client_section "${1}" || {
 		log "Validation of mqtt section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/mqtt_/cpe-}"
 	get_base_path "Device.MQTT.Client." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
-	fi
-
-	if [ -z "${ClientID}" ]; then
-		ClientID="${CLIENT_ID_PREFIX}-${sec}"
+		return 1;
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -603,9 +648,6 @@ configure_obuspa() {
 	fi
 
 	if [ -n "${log_level}" ]; then
-		if [ "${log_level}" -gt "4" ]; then
-			log_level="4"
-		fi
 		procd_append_param command -v "${log_level}"
 	fi
 
@@ -634,13 +676,13 @@ configure_obuspa() {
 
 	if [ -n "${db_file}" ]; then
 		update_keep "${db_file}"
-		procd_append_param command -f "${db_file}"
-		if [ -f "${db_file}-journal" ]; then
-			log "SQL Journal detected ..."
-		fi
+		procd_append_param command -f "${SQL_DB_FILE}"
 	fi
 
 	if [ -f "${RESET_FILE}" ]; then
+		if [ -f "${SQL_DB_FILE}" ]; then
+			mv ${SQL_DB_FILE} ${SQL_DB_FILE}.old
+		fi
 		procd_append_param command -r ${RESET_FILE}
 	fi
 
@@ -659,34 +701,306 @@ configure_obuspa() {
 	fi
 }
 
-# Create factory reset file
-db_init()
+get_instances_from_db_dump()
 {
-	local reason
+	local obj inst
 
-	reason="${1}"
-	# remove usp.db, in case of reload
-	if [ -f "${OBUSPA_BOOT_MARKER}" ] && [ "${reason}" = "update" ]; then
-		log "Deleting ${OBUSPA_BOOT_MARKER} to enforce values from uci ...."
-		rm -f "${OBUSPA_BOOT_MARKER}"
+	obj="${1}\d+"
+	if [ ! -f "${DB_DUMP}" ]; then
+		echo ""
+		return 0;
 	fi
 
-	if [ -f "${OBUSPA_BOOT_MARKER}" ]; then
+	inst="$(grep -oE "${obj}" "${DB_DUMP}"|uniq)"
+	echo "$inst"
+}
+
+get_param_value_from_dump()
+{
+	local param value
+
+	param="${1}"
+
+	if [ -z "${param}" ] || [ ! -f "${DB_DUMP}" ]; then
+		log "error getting param"
+		echo ""
 		return 0
 	fi
 
-	# Remove reset file if present
-	[ -f "${RESET_FILE}" ] && rm ${RESET_FILE}
+	value="$(grep "^${param} " ${DB_DUMP}|awk '{print $2}')"
 
-	CLIENT_ID_PREFIX="$(db -q get device.deviceinfo.ManufacturerOUI)"
-	CLIENT_ID_PREFIX="${CLIENT_ID_PREFIX}-$(db -q get device.deviceinfo.SerialNumber)"
-	CLIENT_ID_PREFIX="${CLIENT_ID_PREFIX//+/%2b}"
+	echo "${value//\"/}"
+}
+
+update_uci_sec()
+{
+	local sec tmp
+
+	sec="${1}"
+	stype="${2}"
+	if [ -z "$sec" ] || [ -z "$stype" ]; then
+		log "No section name, error"
+		return 0
+	fi
+
+	tmp="$(uci_get obuspa "${sec}")"
+	if [ "$tmp" != "$stype" ]; then
+		uci_add obuspa "${stype}" "${sec}"
+	fi
+}
+
+sync_db_controller()
+{
+	local cntrs copts sec pvalue protocol
+
+	copts="Enable EndpointID PeriodicNotifInterval"
+	popts="Destination Topic Host Port Path EnableEncryption"
+
+	cntrs="$(get_instances_from_db_dump Device.LocalAgent.Controller.)"
+	for cntr in $cntrs; do
+		sec="$(get_param_value_from_dump "${cntr}".Alias)"
+		sec="${sec/cpe-/controller_}"
+		sec="${sec/-/_}"
+
+		update_uci_sec "${sec}" controller
+		for param in ${copts}; do
+			pvalue="$(get_param_value_from_dump "${cntr}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+
+		protocol="$(get_param_value_from_dump "${cntr}".MTP.1.Protocol)"
+		if [ -z "${protocol}" ]; then
+			break;
+		fi
+		uci_set obuspa "${sec}" "Protocol" "${protocol}"
+		for param in ${popts}; do
+			pvalue="$(get_param_value_from_dump "${cntr}".MTP.1."${protocol}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+	done
+}
+
+sync_db_localagent_mtp()
+{
+	local mtps opts popts sec pvalue protocol
+
+	opts="Enable"
+	popts="ResponseTopicConfigured Destination Port Path EnableEncryption PublishQoS"
+
+	mtps="$(get_instances_from_db_dump Device.LocalAgent.MTP.)"
+	for inst in $mtps; do
+		sec="$(get_param_value_from_dump "${inst}".Alias)"
+		sec="${sec/cpe-/mtp_}"
+		sec="${sec/-/_}"
+		update_uci_sec "${sec}" mtp
+		for param in ${opts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+
+		protocol="$(get_param_value_from_dump "${inst}".Protocol)"
+		if [ -z "${protocol}" ]; then
+			break;
+		fi
+		uci_set obuspa "${sec}" "Protocol" "${protocol}"
+		for param in ${popts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${protocol}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+	done
+}
+
+
+sync_db_mqtt_client()
+{
+	local mtps copts sec pvalue protocol
+
+	opts="Enable BrokerAddress BrokerPort Username ProtocolVersion TransportProtocol ClientID"
+
+	mtps="$(get_instances_from_db_dump Device.MQTT.Client.)"
+	for inst in $mtps; do
+		sec="$(get_param_value_from_dump "${inst}".Alias)"
+		sec="${sec/cpe-/mqtt_}"
+		sec="${sec/-/_}"
+		update_uci_sec "${sec}" mqtt
+		for param in ${opts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+	done
+}
+
+sync_db_stomp_connection()
+{
+	local mtps copts sec pvalue protocol
+
+	opts="Enable Host Port Username EnableEncryption EnableHeartbeats VirtualHost"
+
+	mtps="$(get_instances_from_db_dump Device.STOMP.Connection.)"
+	for inst in $mtps; do
+		sec="$(get_param_value_from_dump "${inst}".Alias)"
+		sec="${sec/cpe-/stomp_}"
+		sec="${sec/-/_}"
+		update_uci_sec "${sec}" stomp
+		for param in ${opts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+	done
+}
+
+sync_update_sec()
+{
+	local _sync
+	config_get _sync "${1}" _sync ""
+	if [ -z "${_sync}" ]; then
+		uci_remove obuspa "${1}"
+		log "Deleting obuspa.${1} section ..."
+	else
+		uci_remove obuspa "${1}" _sync
+	fi
+}
+
+sync_uci_with_db()
+{
+	if [ ! -f "${DB_DUMP}" ]; then
+		return 0;
+	fi
+
+	# Skip overriding uci in case of Firstboot
+	if [ ! -f "${FIRST_BOOT}" ]; then
+		return 0
+	fi
+
+	log "Syncing obuspa uci with usp.db ...."
+	config_load obuspa
+	sync_db_controller
+	sync_db_localagent_mtp
+	sync_db_mqtt_client
+	sync_db_stomp_connection
+	uci_commit obuspa
+
+	config_load obuspa
+	config_foreach sync_update_sec controller
+	config_foreach sync_update_sec mtp
+	config_foreach sync_update_sec mqtt
+	config_foreach sync_update_sec stomp
+	uci_commit obuspa
+}
+
+delete_sql_db_entry_with_pattern()
+{
+	local params pattern
+
+	pattern="${1}"
+	if [ ! -f "${DB_DUMP}" ]; then
+		return 0;
+	fi
+
+	if [ "${#pattern}" -lt 7 ]; then
+		return 0;
+	fi
+
+	#log "Deleting with pattern [${pattern}] from ${DB_DUMP}"
+	sed -i "/${pattern}/d" ${DB_DUMP}
+}
+
+check_n_delete_db()
+{
+	local sec t r path
+
+	sec="${1}"
+	if uci -q get obuspa."${sec}" >/dev/null 2>&1; then
+		return 0
+	fi
+
+	t="${2}"
+	r="${3}"
+	sec="${sec/${t}_/cpe-}"
+
+	path=$(grep -E "${r}\d+.Alias \"${sec}\"" ${DB_DUMP})
+	path=${path%.*}
+
+	delete_sql_db_entry_with_pattern "${path}"
+}
+
+workaround_remove_download_pattern()
+{
+	local inst
+
+	inst="$(cat ${DB_DUMP} |grep -E "Device.DeviceInfo.FirmwareImage.\d.Download()"|grep -oE "Device.LocalAgent.Request.\d.")"
+
+	if [ -n "${inst}" ]; then
+		log "Workaround to remove the old download Request [$inst]"
+		delete_sql_db_entry_with_pattern "${inst}"
+	fi
+}
+
+reverse_update_db_with_uci()
+{
+	if [ ! -f "${DB_DUMP}" ]; then
+		return 0;
+	fi
+
+	export UCI_CONFIG_DIR="/tmp/obuspa"
+	config_load obuspa
+	config_foreach check_n_delete_db controller controller "Device.LocalAgent.Controller."
+	config_foreach check_n_delete_db mtp mtp "Device.LocalAgent.MTP."
+	config_foreach check_n_delete_db mqtt mqtt "Device.MQTT.Client."
+	config_foreach check_n_delete_db stomp stomp "Device.STOMP.Connection."
+	unset UCI_CONFIG_DIR
+}
+
+# Create factory reset file
+db_init()
+{
+	local reason role_file
+
+	reason="${1}"
+	mkdir -p /tmp/obuspa/
+
+	# Load configuration
+	config_load $CONFIGURATION
+	config_get SQL_DB_FILE global db_file "/tmp/obuspa/usp.db"
+	config_get role_file global role_file ""
+
+	if [ -f "${SQL_DB_FILE}.old" ] && [ ! -f "${SQL_DB_FILE}" ]; then
+		log "Copying old db, since new db not present ..."
+		mv ${SQL_DB_FILE}.old ${SQL_DB_FILE}
+	fi
+
+	# Dump datamodel parameters from DB
+	if [ -f "${SQL_DB_FILE}" ]; then
+		dump_db
+	fi
+
+	# In case of Reboot or service restart update the uci
+        # from usp.db file
+	if [ -f "${DB_DUMP}" ] && [ "${reason}" != "update" ]; then
+		# Only do this if db have reasonable data
+		val="$(awk 'END{print NR}' ${DB_DUMP})"
+		if [ "$val" -gt 15 ]; then
+			sync_uci_with_db
+		fi
+	fi
+
+	# remove entries from db if deleted from uci, only in case of reload
+	if [ -f "${DB_DUMP}" ] && [ "${reason}" = "update" ] && [ -f "/tmp/obuspa/obuspa" ]; then
+		log "Deleting entries from usp.db if uci not present ...."
+		reverse_update_db_with_uci
+	fi
+
+	# Remove reset file if present
+	[ -f "${RESET_FILE}" ] && mv ${RESET_FILE} ${RESET_FILE}.old
 
 	#log "Create reset file ...."
 	config_load $CONFIGURATION
 	config_get dualstack_pref global dualstack_pref "IPv6"
 
-	log "Enforce uci values, no boot marker"
 	global_init
 	config_foreach configure_localagent localagent
 	global_init
@@ -702,12 +1016,22 @@ db_init()
 	global_init
 	config_foreach configure_challenges challenge
 
-	# enforce ctrust only on upgrades, not on reloads
-	if [ -f "${CTRUST_RESET_FILE}" ] && [ -z "${reason}" ]; then
-		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
-	fi
 	update_reset_reason
 	update_dual_stack_pref "${dualstack_pref}"
+
+	uci_commit ${CONFIGURATION}
+
+	cp /etc/config/obuspa /tmp/obuspa/
+	if [ -f "${DB_DUMP}" ]; then
+		workaround_remove_download_pattern
+		mv ${DB_DUMP} ${RESET_FILE}
+	fi
+
+	if [ -f "${CTRUST_RESET_FILE}" ]; then
+		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
+		rm ${CTRUST_RESET_FILE}
+	fi
+	[ -f "${FIRST_BOOT}" ] || touch "${FIRST_BOOT}"
 }
 
 start_service() {
@@ -719,8 +1043,8 @@ start_service() {
 
 	procd_open_instance ${CONFIGURATION}
 	if [ "${enabled}" -eq 1 ]; then
-		procd_set_param command ${PROG}
 		db_init "${1}"
+		procd_set_param command ${PROG}
 		configure_obuspa
 		procd_set_param respawn \
 			"${respawn_threshold:-10}" \
@@ -730,7 +1054,9 @@ start_service() {
 }
 
 stop_service() {
-	${PROG} -c stop
+	if command -v timeout >/dev/null 2>&1; then
+		timeout 5 ${PROG} -c stop
+	fi
 }
 
 reload_service() {
@@ -739,6 +1065,5 @@ reload_service() {
 }
 
 service_triggers() {
-	export PROCD_RELOAD_DELAY=3000
 	procd_add_reload_trigger "obuspa"
 }

obuspa/files/etc/obuspa/usp_utils.sh

@@ -1,12 +1,10 @@
 #!/bin/sh
 
-CTRUST_RESET_FILE="/etc/obuspa/ctrust_reset"
+CTRUST_RESET_FILE="/tmp/obuspa/ctrust_reset"
 VENDOR_PREFIX_FILE="/etc/obuspa/vendor_prefix"
 FW_DEFAULT_ROLE_DIR="/etc/users/roles"
 SECURE_ROLES=""
 
-CTRUST_RESET_FILE_TEMP="/tmp/obuspa/ctrust_reset"
-
 mkdir -p /tmp/obuspa/
 
 # include jshn.sh
@@ -25,9 +23,9 @@ db_add()
 	value="$*"
 
 	if [ -n "${param}" ] && [ -n "${value}" ]; then
-		echo "${param} \"${value}\"">>${CTRUST_RESET_FILE_TEMP}
+		echo "${param} \"${value}\"">>${CTRUST_RESET_FILE}
 	else
-		echo >>${CTRUST_RESET_FILE_TEMP}
+		echo >>${CTRUST_RESET_FILE}
 	fi
 }
 
@@ -254,10 +252,7 @@ configure_ctrust_role()
 	if [ -n "${SECURE_ROLES}" ]; then
 		db_add Device.LocalAgent.ControllerTrust.SecuredRoles "${SECURE_ROLES}"
 	fi
-
-	if [ -f "${CTRUST_RESET_FILE_TEMP}" ]; then
-		mv -f "${CTRUST_RESET_FILE_TEMP}" "${CTRUST_RESET_FILE}"
-	fi
 }
 
 # configure_ctrust_role "${@}"
+

obuspa/files/etc/uci-defaults/61-override-ct-roles

@@ -4,3 +4,5 @@
 . /etc/obuspa/usp_utils.sh
 
 configure_ctrust_role
+
+exit 0

obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user

@@ -8,7 +8,6 @@ RETRY_MIN_INTERVAL="5"
 RETRY_INTERVAL_MUL="2000"
 ENDPOINT_ID=""
 CONTROLLER_DISCOVERED=0
-OBUSPA_BOOT_MARKER="/etc/obuspa/.boot"
 
 log()
 {
@@ -58,18 +57,18 @@ get_vivsoi() {
 
 	data="${opt125}"
 	rem_len="${len}"
-	while [ "${rem_len}" -gt 0 ]; do
+	while [ $rem_len -gt 0 ]; do
 		ent_id=${data:0:8}
 		ent_id=$(printf "%d\n" "0x$ent_id")
 
-		if [ "${ent_id}" -ne  3561 ]; then
+		if [ $ent_id -ne  3561 ]; then
 			len_val=${data:8:2}
 			data_len=$(printf "%d\n" "0x$len_val")
 			# add 4 byte for ent_id and 1 byte for len
 			data_len=$(( data_len * 2 + 10 ))
 			# move ahead data to next enterprise id
 			data=${data:"${data_len}":"${rem_len}"}
-			rem_len=$(( rem_len - data_len ))
+			rem_len=$(( rem_len - $data_len ))
 			continue
 		fi
 
@@ -80,7 +79,7 @@ get_vivsoi() {
 		data_len=$(( data_len * 2 + 10 ))
 
 		opt_len=$(printf "%d\n" "0x$len_val")
-		[ "${opt_len}" -eq 0 ] && return
+		[ $opt_len -eq 0 ] && return
 
 		# populate the option data of enterprise id
 		sub_data_len=$(( opt_len * 2))
@@ -99,28 +98,28 @@ get_vivsoi() {
 			sub_opt_len=$(( sub_opt_len * 2 ))
 
 			# get the value of sub option starting 4 means starting after length
-			sub_opt_val=${sub_data:4:"${sub_opt_len}"}
+			sub_opt_val=${sub_data:4:${sub_opt_len}}
 
 			# assign the value found in sub option
 			case "${sub_opt_id}" in
 				"25")
-					URL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					URL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 					CONTROLLER_DISCOVERED=1
 				;;
 				"26")
-					PROV_CODE=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					PROV_CODE=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 					CONTROLLER_DISCOVERED=1
 				;;
 				"27")
-					RETRY_MIN_INTERVAL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					RETRY_MIN_INTERVAL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 					CONTROLLER_DISCOVERED=1
 				;;
 				"28")
-					RETRY_INTERVAL_MUL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					RETRY_INTERVAL_MUL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 					CONTROLLER_DISCOVERED=1
 				;;
 				"29")
-					ENDPOINT_ID=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					ENDPOINT_ID=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 					CONTROLLER_DISCOVERED=1
 				;;
 			esac
@@ -132,7 +131,7 @@ get_vivsoi() {
 			sub_data_len=$((sub_data_len - sub_opt_end))
 
 			# fetch next sub option hex string
-			sub_data=${sub_data:"${sub_opt_end}":"${sub_data_len}"}
+			sub_data=${sub_data:${sub_opt_end}:${sub_data_len}}
 		done
 
 		# move ahead data to next enterprise id
@@ -147,7 +146,7 @@ get_access_role()
 
 	lan_proto="$(uci -q get network.lan.proto)"
 
-	if [ "${lan_proto}" = "dhcp" ]; then
+	if [ "${lan_proto}" == "dhcp" ]; then
 		mode="extender"
 	else
 		mode="full_access"
@@ -175,7 +174,7 @@ config_get_bool enable_obuspa global enabled 1
 config_get wan_intf global interface
 config_get_bool dhcp_discovery global dhcp_discovery 1
 
-if [ "${enable_obuspa}" -eq 0 ] || [ "${dhcp_discovery}" -eq 0 ]; then
+if [ "$enable_obuspa" = "0" ] || [ "$dhcp_discovery" = "0" ]; then
 	return 0
 fi
 
@@ -191,9 +190,9 @@ if [ -z "${wan_intf}" ]; then
 	fi
 fi
 
-if [ "${wan_intf}" = "${INTERFACE}" ]; then
+if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	if [ -n "$opt125" ]; then
-		len=$(echo -n "${opt125}"|wc -c)
+		len=$(printf "$opt125"|wc -c)
 		get_vivsoi "$opt125" "$len"
 	fi
 
@@ -229,10 +228,10 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 				;;
 			*)
 				# This is an FQDN, perform DNS query
-				nslookup "${URL}" > /tmp/fqdn_ip
-				nslookup -type=ptr "${URL}" > /tmp/fqdn_ptr
-				nslookup -type=srv "${URL}" > /tmp/fqdn_srv
-				nslookup -type=txt "${URL}" > /tmp/fqdn_srv
+				nslookup $URL > /tmp/fqdn_ip
+				nslookup -type=ptr $URL > /tmp/fqdn_ptr
+				nslookup -type=srv $URL > /tmp/fqdn_srv
+				nslookup -type=txt $URL > /tmp/fqdn_srv
 
 				# TODO extend to collect information from dns-sd records
 				;;
@@ -248,16 +247,16 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 		fi
 	fi
 
-	if [ "${proto}" = "mqtt" ] || [ "${proto}" = "mqtts" ]; then
+	if [ "${proto}" == "mqtt" ] || [ "${proto}" == "mqtts" ]; then
 		offered_proto="MQTT"
-		if [ "${proto}" = "mqtt" ]; then
+		if [ "${proto}" == "mqtt" ]; then
 			mtp_encrypt="TCP/IP"
 		else
 			mtp_encrypt="TLS"
 		fi
-	elif [ "${proto}" = "ws" ] || [ "${proto}" = "wss" ]; then
+	elif [ "${proto}" == "ws" ] || [ "${proto}" == "wss" ]; then
 		offered_proto="WebSocket"
-		if [ "${proto}" = "wss" ]; then
+		if [ "${proto}" == "wss" ]; then
 			mtp_encrypt="1"
 		else
 			mtp_encrypt="0"
@@ -266,46 +265,35 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 
 	controllers=$(uci -q show obuspa | grep "=controller" | cut -d'=' -f1 | cut -d'.' -f2)
 	for controller in $controllers; do
-		dhcp_disc=$(uci -q get obuspa."${controller}".dhcp_discovered)
+		dhcp_disc=$(uci -q get obuspa.$controller.dhcp_discovered)
 		if [ "${dhcp_disc}" -eq 1 ]; then
 			dhcp_controller="${controller}"
 			break
 		fi
 	done
 
-	# Check if any of the existing controller section matches with the endpointid
-	if [ -z "${dhcp_controller}" ] && [ -n "${ENDPOINT_ID}" ]; then
-		for controller in $controllers; do
-			endpointid=$(uci -q get obuspa."${controller}".EndpointID)
-			if [ "${endpointid}" = "${ENDPOINT_ID}" ]; then
-				dhcp_controller="${controller}"
-				break
-			fi
-		done
-	fi
-
 	if [ -n "${dhcp_controller}" ]; then
-		cont_proto=$(uci -q get obuspa."${dhcp_controller}".Protocol)
-		if [ "${cont_proto}" = "MQTT" ]; then
-			dhcp_mqtt=$(uci -q get obuspa."${dhcp_controller}".mqtt)
+		cont_proto="$(uci -q get obuspa.$dhcp_controller.Protocol)"
+		if [ "${cont_proto}" == "MQTT" ]; then
+			dhcp_mqtt="$(uci -q get obuspa.$dhcp_controller.mqtt)"
 
 			mtps=$(uci -q show obuspa | grep "=mtp" | cut -d'=' -f1 | cut -d'.' -f2)
 			for mtp in $mtps; do
-				mtp_mqtt=$(uci -q get obuspa."${mtp}".mqtt)
-				if [ "${mtp_mqtt}" = "${dhcp_mqtt}" ]; then
+				mtp_mqtt="$(uci -q get obuspa.$mtp.mqtt)"
+				if [ "${mtp_mqtt}" == "${dhcp_mqtt}" ]; then
 					dhcp_mtp="${mtp}"
 					break
 				fi
 			done
-		elif [ "${cont_proto}" = "WebSocket" ]; then
-			cont_port=$(uci -q get obuspa."${dhcp_controller}".Port)
-			cont_encr=$(uci -q get obuspa."${dhcp_controller}".EnableEncryption)
+		elif [ "${cont_proto}" == "WebSocket" ]; then
+			cont_port="$(uci -q get obuspa.$dhcp_controller.Port)"
+			cont_encr="$(uci -q get obuspa.$dhcp_controller.EnableEncryption)"
 
 			mtps=$(uci -q show obuspa | grep "=mtp" | cut -d'=' -f1 | cut -d'.' -f2)
 			for mtp in $mtps; do
-				mtp_port=$(uci -q get obuspa."${mtp}".Port)
-				mtp_encr=$(uci -q get obuspa."${mtp}".EnableEncryption)
-				if [ "${mtp_port}" = "${cont_port}" ] && [ "${mtp_encr}" = "${cont_encr}" ]; then
+				mtp_port="$(uci -q get obuspa.$mtp.Port)"
+				mtp_encr="$(uci -q get obuspa.$mtp.EnableEncryption)"
+				if [ "${mtp_port}" == "${cont_port}" ] && [ "${mtp_encr}" == "${cont_encr}" ]; then
 					dhcp_mtp="${mtp}"
 					break
 				fi
@@ -318,43 +306,43 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 
 	if [ -n "${dhcp_controller}" ]; then
 		## Handling of controller section
-		ct_endpoint=$(uci -q get obuspa."${dhcp_controller}".EndpointID)
-		ct_proto=$(uci -q get obuspa."${dhcp_controller}".Protocol)
-		ct_prov=$(uci -q get obuspa."${dhcp_controller}".ProvisioningCode)
+		ct_endpoint=$(uci -q get obuspa.$dhcp_controller.EndpointID)
+		ct_proto=$(uci -q get obuspa.$dhcp_controller.Protocol)
+		ct_prov=$(uci -q get obuspa.$dhcp_controller.ProvisioningCode)
 
 		if [ "${ct_proto}" = "MQTT" ]; then
-			ct_topic=$(uci -q get obuspa."${dhcp_controller}".Topic)
+			ct_topic=$(uci -q get obuspa.$dhcp_controller.Topic)
 		else
-			ct_topic=$(uci -q get obuspa."${dhcp_controller}".Path)
+			ct_topic=$(uci -q get obuspa.$dhcp_controller.Path)
 		fi
 
 		if [ -n "${ENDPOINT_ID}" ] && [ "${ct_endpoint}" != "${ENDPOINT_ID}" ]; then
-			uci -q set obuspa."${dhcp_controller}".EndpointID="${ENDPOINT_ID}"
+			uci -q set obuspa.$dhcp_controller.EndpointID="${ENDPOINT_ID}"
 			uci_change=1
 		fi
 
 		if [ -n "${offered_proto}" ] && [ "${ct_proto}" != "${offered_proto}" ]; then
-			uci -q set obuspa."${dhcp_controller}".Protocol="${offered_proto}"
+			uci -q set obuspa.$dhcp_controller.Protocol="${offered_proto}"
 			if [ "${offered_proto}" != "MQTT" ]; then
-				uci -q delete obuspa."${dhcp_controller}".mqtt
-				uci -q delete obuspa."${dhcp_controller}".Topic
-				uci -q set obuspa."${dhcp_controller}".Host="${ip}"
-				uci -q set obuspa."${dhcp_controller}".Port="${port}"
-				uci -q set obuspa."${dhcp_controller}".Path="${ct_topic}"
-				uci -q set obuspa."${dhcp_controller}".EnableEncryption="${mtp_encrypt}"
+				uci -q set obuspa.$dhcp_controller.mqtt=""
+				uci -q set obuspa.$dhcp_controller.Topic=""
+				uci -q set obuspa.$dhcp_controller.Host="${ip}"
+				uci -q set obuspa.$dhcp_controller.Port="${port}"
+				uci -q set obuspa.$dhcp_controller.Path="${ct_topic}"
+				uci -q set obuspa.$dhcp_controller.EnableEncryption="${mtp_encrypt}"
 			else
-				uci -q delete obuspa."${dhcp_controller}".EnableEncryption
-				uci -q delete obuspa."${dhcp_controller}".Path
-				uci -q delete obuspa."${dhcp_controller}".Host
-				uci -q delete obuspa."${dhcp_controller}".Port
+				uci -q set obuspa.$dhcp_controller.EnableEncryption=""
+				uci -q set obuspa.$dhcp_controller.Path=""
+				uci -q set obuspa.$dhcp_controller.Host=""
+				uci -q set obuspa.$dhcp_controller.Port=""
 
 				if [ -z "${dhcp_mqtt}" ]; then
-					uci -q set obuspa."${dhcp_controller}".mqtt='dhcpmqtt'
+					uci -q set obuspa.$dhcp_controller.mqtt='dhcpmqtt'
 				else
-					uci -q set obuspa."${dhcp_controller}".mqtt="${dhcp_mqtt}"
+					uci -q set obuspa.$dhcp_controller.mqtt="${dhcp_mqtt}"
 				fi
 
-				uci -q set obuspa."${dhcp_controller}".Topic="${ct_topic}"
+				uci -q set obuspa.$dhcp_controller.Topic="${ct_topic}"
 			fi
 
 			proto_changed=1
@@ -367,37 +355,38 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 				protocol="${offered_proto}"
 			fi
 
-			if [ "${protocol}" = "MQTT" ]; then
-				uci -q set obuspa."${dhcp_controller}".Topic="${topic}"
+			if [ "${protocol}" == "MQTT" ]; then
+				uci -q set obuspa.$dhcp_controller.Topic="${topic}"
 			else
-				uci -q set obuspa."${dhcp_controller}".Path="${topic}"
+				uci -q set obuspa.$dhcp_controller.Path="${topic}"
 			fi
 
 			uci_change=1
 		fi
 
 		if [ -n "${PROV_CODE}" ] && [ "${ct_prov}" != "${PROV_CODE}" ]; then
-			uci -q set obuspa."${dhcp_controller}".ProvisioningCode="${PROV_CODE}"
+			uci -q set obuspa.$dhcp_controller.ProvisioningCode="${PROV_CODE}"
 			uci_change=1
 		fi
 
 		if [ "${proto_changed}" -eq 1 ]; then
-			if [ "${offered_proto}" = "WebSocket" ]; then
+			if [ "${offered_proto}" == "WebSocket" ]; then
 				if [ -n "${dhcp_mqtt}" ]; then
-					uci -q delete obuspa."${dhcp_mqtt}"
+					uci -q del obuspa.$dhcp_mqtt
 				fi
 
 				if [ -z "${dhcp_mtp}" ]; then
-					uci -q set obuspa.dhcpmtp="mtp"
+					sec=$(uci -q add obuspa mtp)
+					uci -q rename obuspa."${sec}"='dhcpmtp'
 					dhcp_mtp="dhcpmtp"
-					uci -q set obuspa."${dhcp_mtp}".Enable='1'
+					uci -q set obuspa.$dhcp_mtp.Enable='1'
 				fi
 
-				uci -q set obuspa."${dhcp_mtp}".mqtt=''
-				uci -q set obuspa."${dhcp_mtp}".ResponseTopicConfigured=''
-				uci -q set obuspa."${dhcp_mtp}".Protocol='WebSocket'
-				uci -q set obuspa."${dhcp_mtp}".Port="${port}"
-				uci -q set obuspa."${dhcp_mtp}".EnableEncryption="${mtp_encrypt}"
+				uci -q set obuspa.$dhcp_mtp.mqtt=''
+				uci -q set obuspa.$dhcp_mtp.ResponseTopicConfigured=''
+				uci -q set obuspa.$dhcp_mtp.Protocol='WebSocket'
+				uci -q set obuspa.$dhcp_mtp.Port="${port}"
+				uci -q set obuspa.$dhcp_mtp.EnableEncryption="${mtp_encrypt}"
 
 				uci_change=1
 			else
@@ -405,135 +394,137 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 					user="$(uci -q get obuspa.global.username)"
 					pass="$(uci -q get obuspa.global.password)"
 
-					uci -q set obuspa.dhcpmqtt="mqtt"
+					sec=$(uci -q add obuspa mqtt)
+					uci -q rename obuspa."${sec}"='dhcpmqtt'
 					dhcp_mqtt="dhcpmqtt"
-					uci -q set obuspa."${dhcp_mqtt}".Enable='1'
-					uci -q set obuspa."${dhcp_mqtt}".Username="${user}"
-					uci -q set obuspa."${dhcp_mqtt}".Password="${pass}"
+					uci -q set obuspa.$dhcp_mqtt.Enable='1'
+					uci -q set obuspa.$dhcp_mqtt.Username="${user}"
+					uci -q set obuspa.$dhcp_mqtt.Password="${pass}"
 				fi
 
-				uci -q set obuspa."${dhcp_mqtt}".BrokerAddress="${ip}"
-				uci -q set obuspa."${dhcp_mqtt}".BrokerPort="${port}"
-				uci -q set obuspa."${dhcp_mqtt}".TransportProtocol="${mtp_encrypt}"
-				uci -q set obuspa."${dhcp_mqtt}".ProtocolVersion='5.0'
+				uci -q set obuspa.$dhcp_mqtt.BrokerAddress="${ip}"
+				uci -q set obuspa.$dhcp_mqtt.BrokerPort="${port}"
+				uci -q set obuspa.$dhcp_mqtt.TransportProtocol="${mtp_encrypt}"
+				uci -q set obuspa.$dhcp_mqtt.ProtocolVersion='5.0'
 
 				if [ -z "${dhcp_mtp}" ]; then
-					uci -q set obuspa.dhcpmtp="mtp"
+					sec=$(uci -q add obuspa mtp)
+					uci -q rename obuspa."${sec}"='dhcpmtp'
 					dhcp_mtp="dhcpmtp"
-					uci -q set obuspa."${dhcp_mtp}".Enable='1'
+					uci -q set obuspa.$dhcp_mtp.Enable='1'
 				fi
 
 				agent_topic=$(get_agent_topic)
-				uci -q delete obuspa."${dhcp_mtp}".Port
-				uci -q delete obuspa."${dhcp_mtp}".EnableEncryption
-				uci -q set obuspa."${dhcp_mtp}".Protocol='MQTT'
-				uci -q set obuspa."${dhcp_mtp}".ResponseTopicConfigured="${agent_topic}"
-				uci -q set obuspa."${dhcp_mtp}".mqtt="${dhcp_mqtt}"
+				uci -q set obuspa.$dhcp_mtp.Port=""
+				uci -q set obuspa.$dhcp_mtp.EnableEncryption=""
+				uci -q set obuspa.$dhcp_mtp.Protocol='MQTT'
+				uci -q set obuspa.$dhcp_mtp.ResponseTopicConfigured="${agent_topic}"
+				uci -q set obuspa.$dhcp_mtp.mqtt="${dhcp_mqtt}"
 
 				uci_change=1
 			fi
 		else
-			if [ "${ct_proto}" = "WebSocket" ]; then
-				conf_ip="$(uci -q get obuspa."${dhcp_controller}".Host)"
-				conf_port="$(uci -q get obuspa."${dhcp_mtp}".Port)"
-				conf_encr="$(uci -q get obuspa."${dhcp_mtp}".EnableEncryption)"
+			if [ "${ct_proto}" == "WebSocket" ]; then
+				conf_ip="$(uci -q get obuspa.$dhcp_controller.Host)"
+				conf_port="$(uci -q get obuspa.$dhcp_mtp.Port)"
+				conf_encr="$(uci -q get obuspa.$dhcp_mtp.EnableEncryption)"
 
 				if [ -n "${ip}" ] && [ "${conf_ip}" != "${ip}" ]; then
-					uci -q set obuspa."${dhcp_controller}".Host="${ip}"
+					uci -q set obuspa.$dhcp_controller.Host="${ip}"
 					uci_change=1
 				fi
 
 				if [ -n "${port}" ] && [ "${conf_port}" != "${port}" ]; then
-					uci -q set obuspa."${dhcp_mtp}".Port="${port}"
-					uci -q set obuspa."${dhcp_controller}".Port="${port}"
+					uci -q set obuspa.$dhcp_mtp.Port="${port}"
+					uci -q set obuspa.$dhcp_controller.Port="${port}"
 					uci_change=1
 				fi
 
 				if [ -n "${mtp_encrypt}" ] && [ "${conf_encr}" != "${mtp_encrypt}" ]; then
-					uci -q set obuspa."${dhcp_mtp}".EnableEncryption="${mtp_encrypt}"
-					uci -q set obuspa."${dhcp_controller}".EnableEncryption="${mtp_encrypt}"
+					uci -q set obuspa.$dhcp_mtp.EnableEncryption="${mtp_encrypt}"
+					uci -q set obuspa.$dhcp_controller.EnableEncryption="${mtp_encrypt}"
 					uci_change=1
 				fi
 			else
-				conf_ip=$(uci -q get obuspa."${dhcp_mqtt}".BrokerAddress)
-				conf_port=$(uci -q get obuspa."${dhcp_mqtt}".BrokerPort)
-				conf_encr=$(uci -q get obuspa."${dhcp_mqtt}".TransportProtocol)
+				conf_ip="$(uci -q get obuspa.$dhcp_mqtt.BrokerAddress)"
+				conf_port="$(uci -q get obuspa.$dhcp_mqtt.BrokerPort)"
+				conf_encr="$(uci -q get obuspa.$dhcp_mqtt.TransportProtocol)"
 
 				if [ -n "${port}" ] && [ "${conf_port}" != "${port}" ]; then
-					uci -q set obuspa."${dhcp_mqtt}".BrokerPort="${port}"
+					uci -q set obuspa.$dhcp_mqtt.BrokerPort="${port}"
 					uci_change=1
 				fi
 
 				if [ -n "${mtp_encrypt}" ] && [ "${conf_encr}" != "${mtp_encrypt}" ]; then
-					uci -q set obuspa."${dhcp_mqtt}".TransportProtocol="${mtp_encrypt}"
+					uci -q set obuspa.$dhcp_mqtt.TransportProtocol="${mtp_encrypt}"
 					uci_change=1
 				fi
 
 				if [ -n "${ip}" ] && [ "${conf_ip}" != "${ip}" ]; then
-					uci -q set obuspa."${dhcp_mqtt}".BrokerAddress="${ip}"
+					uci -q set obuspa.$dhcp_mqtt.BrokerAddress="${ip}"
 					uci_change=1
 				fi
 			fi
 		fi
 	else
-		# Only setup a new controller, only if mandatory param present
-		if [ -n "${ENDPOINT_ID}" ] && [ -n "${URL}" ]; then
-			uci -q delete obuspa.dhcpmtp
-			uci -q delete obuspa.dhcpmqtt
+		uci -q del obuspa.dhcpmtp
+		uci -q del obuspa.dhcpmqtt
 
-			uci -q set obuspa.dhcpcontroller="controller"
-			uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
-			uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
-			uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
-			uci -q set obuspa.dhcpcontroller.Protocol="${offered_proto}"
-			uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
-			uci -q set obuspa.dhcpcontroller.Enable='1'
+		sec=$(uci -q add obuspa controller)
+		uci -q rename obuspa."${sec}"='dhcpcontroller'
+		uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
+		uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
+		uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
+		uci -q set obuspa.dhcpcontroller.Protocol="${offered_proto}"
+		uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
+		uci -q set obuspa.dhcpcontroller.Enable='1'
 
-			if [ -n "${offered_proto}" ]; then
-				if [ "${offered_proto}" = "MQTT" ]; then
-					user="$(uci -q get obuspa.global.username)"
-					pass="$(uci -q get obuspa.global.password)"
+		if [ -n "${offered_proto}" ]; then
+			if [ "${offered_proto}" == "MQTT" ]; then
+				user="$(uci -q get obuspa.global.username)"
+				pass="$(uci -q get obuspa.global.password)"
 
-					uci -q set obuspa.dhcpcontroller.Topic="${topic}"
-					uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
+				uci -q set obuspa.dhcpcontroller.Topic="${topic}"
+				uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
 
-					uci -q set obuspa.dhcpmqtt="mqtt"
-					uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
-					uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
-					uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
-					uci -q set obuspa.dhcpmqtt.Enable='1'
-					uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
-					uci -q set obuspa.dhcpmqtt.Username="${user}"
-					uci -q set obuspa.dhcpmqtt.Password="${pass}"
+				sec=$(uci -q add obuspa mqtt)
+				uci -q rename obuspa."${sec}"='dhcpmqtt'
+				uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
+				uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
+				uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
+				uci -q set obuspa.dhcpmqtt.Enable='1'
+				uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
+				uci -q set obuspa.dhcpmqtt.Username="${user}"
+				uci -q set obuspa.dhcpmqtt.Password="${pass}"
 
 
-					agent_topic=$(get_agent_topic)
-					uci -q set obuspa.dhcpmtp="mtp"
-					uci -q set obuspa.dhcpmtp.Protocol='MQTT'
-					uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
-					uci -q set obuspa.dhcpmtp.Enable='1'
-					uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
-				else
-					uci -q set obuspa.dhcpcontroller.Path="${topic}"
-					uci -q set obuspa.dhcpcontroller.Host="${ip}"
-					uci -q set obuspa.dhcpcontroller.Port="${port}"
-					uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
+				agent_topic=$(get_agent_topic)
+				sec=$(uci -q add obuspa mtp)
+				uci -q rename obuspa."${sec}"='dhcpmtp'
+				uci -q set obuspa.dhcpmtp.Protocol='MQTT'
+				uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
+				uci -q set obuspa.dhcpmtp.Enable='1'
+				uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
+			else
+				uci -q set obuspa.dhcpcontroller.Path="${topic}"
+				uci -q set obuspa.dhcpcontroller.Host="${ip}"
+				uci -q set obuspa.dhcpcontroller.Port="${port}"
+				uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
 
-					uci -q set obuspa.dhcpmtp="mtp"
-					uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
-					uci -q set obuspa.dhcpmtp.Port="${port}"
-					uci -q set obuspa.dhcpmtp.Enable='1'
-					uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
-				fi
+				sec=$(uci -q add obuspa mtp)
+				uci -q rename obuspa."${sec}"='dhcpmtp'
+
+				uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
+				uci -q set obuspa.dhcpmtp.Port="${port}"
+				uci -q set obuspa.dhcpmtp.Enable='1'
+				uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
 			fi
-			uci_change=1
 		fi
+
+		uci_change=1
 	fi
 
 	if [ ${uci_change} -eq 1 ]; then
-		if [ -f "${OBUSPA_BOOT_MARKER}" ]; then
-			rm -f "${OBUSPA_BOOT_MARKER}"
-		fi
 		log "# Reloading obuspa as dhcp config changed"
 		ubus call uci commit '{"config":"obuspa"}'
 	fi

obuspa/patches/2005-set-sql-journal-mode.patch

@@ -1,28 +0,0 @@
-diff --git a/src/core/database.c b/src/core/database.c
-index 7ad9dae..edebd7c 100644
---- a/src/core/database.c
-+++ b/src/core/database.c
-@@ -955,6 +955,7 @@ void DATABASE_Dump(void)
- int OpenUspDatabase(char *db_file)
- {
-     int err;
-+    char *err_msg = 0;
- 
-     // Exit if unable to open the database
-     err = sqlite3_open(db_file, &db_handle);
-@@ -965,6 +966,15 @@ int OpenUspDatabase(char *db_file)
-         return USP_ERR_INTERNAL_ERROR;
-     }
- 
-+    // Execute the PRAGMA statement
-+    const char *sql = "PRAGMA journal_mode = MEMORY;";
-+    err = sqlite3_exec(db_handle, sql, 0, 0, &err_msg);
-+    if (err != SQLITE_OK) {
-+        USP_LOG_Error("%s: Failed to set journal_mode: %s", __func__, err_msg);
-+        sqlite3_free(err_msg);
-+        return USP_ERR_INTERNAL_ERROR;
-+    }
-+
-     // Exit if unable to create the data model parameter table (if it does not already exist)
-     #define CREATE_TABLE_STR "create table if not exists data_model (hash integer, instances text, value text, primary key (hash, instances));"
-     err = sqlite3_exec(db_handle, CREATE_TABLE_STR, NULL, NULL, NULL);

obuspa/patches/2006-force-db-update.patch

@@ -1,23 +0,0 @@
-diff --git a/src/core/database.c b/src/core/database.c
-index 7ad9dae..0bf9c90 100644
---- a/src/core/database.c
-+++ b/src/core/database.c
-@@ -1479,3 +1479,7 @@ int GetAllEntriesForParameter(db_hash_t hash, kv_vector_t *kvv)
-     return result;
- }
- 
-+void DATABASE_force_reset_file()
-+{
-+    schedule_factory_reset_init = true;
-+}
-diff --git a/src/core/database.h b/src/core/database.h
-index c88cf3a..376aa7a 100644
---- a/src/core/database.h
-+++ b/src/core/database.h
-@@ -67,5 +67,6 @@ void DATABASE_Dump(void);
- int DATABASE_ReadDataModelInstanceNumbers(bool remove_unknown_params);
- db_hash_t DATABASE_GetMigratedHash(db_hash_t hash);
- 
-+void DATABASE_force_reset_file();
- #endif
- 

passwdqc/Makefile

@@ -30,7 +30,7 @@ define Build/Compile
 	$(MAKE) -C $(PKG_BUILD_DIR) \
 		CC="$(TARGET_CC)" \
 		LDFLAGS="$(TARGET_LDFLAGS)" \
-		all_wrapped
+		pam_wrapped
 endef
 
 define Package/$(PKG_NAME)/install
@@ -39,9 +39,6 @@ define Package/$(PKG_NAME)/install
 
 	$(INSTALL_DIR) $(1)/usr/lib/security
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/pam_passwdqc.so $(1)/usr/lib/security/
-
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/pwqcheck $(1)/usr/sbin/
 endef
 
 $(eval $(call BuildPackage,$(PKG_NAME)))

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=5.1.8
+PKG_VERSION:=5.1.7
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=24cb862a27b4282668b434044a20fdc2c437316b
+PKG_SOURCE_VERSION:=c87ba4d9648280dde6987493fc423cdd64128b09
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=5.1.8
+PKG_VERSION:=5.1.7
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=89f778534565e4ee9cea80fe881e9739c83d4c57
+PKG_SOURCE_VERSION:=ff551283f7b05674f3215a0ece2de777223347ee
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)

sulu/sulu-theme-genexis/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-theme-genexis
-PKG_VERSION:=5.1.8
+PKG_VERSION:=5.1.7
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/sulu-theme-genexis

sulu/sulu-vendorext/Makefile

@@ -22,6 +22,8 @@ define Build/Compile
 endef
 
 define Package/sulu-vendorext/install
+	$(BBFDM_INSTALL_MS_PLUGIN) ./extn/X_GENEXIS_EU_firewall.json $(1) firewallmngr
+
 	$(BBFDM_INSTALL_MS_PLUGIN) ./extn/X_GENEXIS_EU.json $(1) sysmngr
 	$(BBFDM_INSTALL_MS_PLUGIN) ./extn/X_GENEXIS_EU_wan.json $(1) sysmngr
 

sulu/sulu-vendorext/extn/X_GENEXIS_EU_firewall.json

@@ -0,0 +1,723 @@
+{
+        "Device.Firewall.X_GENEXIS_EU.": {
+                "type": "object",
+                "protocols": [
+                        "cwmp",
+                        "usp"
+                ],
+                "access": false,
+                "array": false,
+                "Mode": {
+                        "type": "string",
+			"enumerations": [
+				"Low",
+				"low",
+				"Medium",
+				"medium",
+				"High",
+				"high",
+				"Custom",
+				"custom"
+			],
+                        "read": true,
+                        "write": true,
+                        "protocols": [
+                                "cwmp",
+                                "usp"
+                        ],
+                        "datatype": "string",
+                        "mapping": [
+                                {
+                                        "rpc": "get",
+                                        "type": "ubus",
+                                        "ubus": {
+                                                "object": "firewall_mode",
+                                                "method": "get",
+                                                "key": "mode"
+                                        }
+                                },
+                                {
+                                        "rpc": "set",
+                                        "type": "ubus",
+                                        "ubus": {
+                                                "object": "firewall_mode",
+                                                "method": "set",
+                                                "args": {
+                                                        "mode": "@Value"
+                                                }
+                                        }
+                                }
+                        ]
+		},
+		"Input": {
+			"type": "string",
+			"enumerations": [
+				"ACCEPT",
+				"REJECT",
+				"DROP"
+			],
+                        "read": true,
+                        "write": true,
+                        "protocols": [
+                                "cwmp",
+                                "usp"
+                        ],
+                        "datatype": "string",
+                        "mapping": [
+                                {
+                                        "type": "uci",
+                                        "uci": {
+                                                "file": "firewall",
+                                                "section": {
+                                                        "name": "@defaults[0]"
+                                                },
+                                                "option": {
+                                                        "name": "input"
+                                                }
+                                        }
+                                }
+                        ]
+		},
+		"Forward": {
+			"type": "string",
+			"enumerations": [
+				"ACCEPT",
+				"REJECT",
+				"DROP"
+			],
+                        "read": true,
+                        "write": true,
+                        "protocols": [
+                                "cwmp",
+                                "usp"
+                        ],
+                        "datatype": "string",
+                        "mapping": [
+                                {
+                                        "type": "uci",
+                                        "uci": {
+                                                "file": "firewall",
+                                                "section": {
+                                                        "name": "@defaults[0]"
+                                                },
+                                                "option": {
+                                                        "name": "forward"
+                                                }
+                                        }
+                                }
+                        ]
+                },
+		"Output": {
+			"type": "string",
+			"enumerations": [
+				"ACCEPT",
+				"REJECT",
+				"DROP"
+			],
+                        "read": true,
+                        "write": true,
+                        "protocols": [
+                                "cwmp",
+                                "usp"
+                        ],
+                        "datatype": "string",
+                        "mapping": [
+                                {
+                                        "type": "uci",
+                                        "uci": {
+                                                "file": "firewall",
+                                                "section": {
+                                                        "name": "@defaults[0]"
+                                                },
+                                                "option": {
+                                                        "name": "output"
+                                                }
+                                        }
+                                }
+                        ]
+		},
+		"Drop_invalid": {
+			"type": "boolean",
+                        "read": true,
+                        "write": true,
+                        "protocols": [
+                                "cwmp",
+                                "usp"
+                        ],
+			"datatype": "boolean",
+                        "mapping": [
+                                {
+                                        "type": "uci",
+                                        "uci": {
+                                                "file": "firewall",
+                                                "section": {
+                                                        "name": "@defaults[0]"
+                                                },
+                                                "option": {
+                                                        "name": "drop_invalid"
+                                                }
+                                        }
+                                }
+                        ]
+		},
+		"Synflood_protect": {
+			"type": "boolean",
+                        "read": true,
+                        "write": true,
+                        "protocols": [
+                                "cwmp",
+                                "usp"
+                        ],
+			"datatype": "boolean",
+                        "mapping": [
+                                {
+                                        "type": "uci",
+                                        "uci": {
+                                                "file": "firewall",
+                                                "section": {
+                                                        "name": "@defaults[0]"
+                                                },
+                                                "option": {
+                                                        "name": "synflood_protect"
+                                                }
+                                        }
+                                }
+                        ]
+		},
+		"ZoneNumberOfEntries": {
+			"type": "unsignedInt",
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"read": true,
+			"write": false,
+			"mapping": [
+				{
+					"type": "uci",
+					"uci": {
+						"file": "firewall",
+						"section": {
+							"type": "zone"
+						},
+						"option": {
+							"name": "@Count"
+						}
+					}
+				}
+			]
+		},
+		"Device.Firewall.X_GENEXIS_EU.Zone.{i}.": {
+			"type": "object",
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"access": true,
+			"array": true,
+			"mapping": {
+				"type": "uci",
+				"uci": {
+					"file": "firewall",
+					"section": {
+						"type": "zone"
+					},
+					"dmmapfile": "dmmap_firewall"
+				}
+			},
+			"Name": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "string",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "name"
+							}
+						}
+					}
+				]
+			},
+			"Network": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"list": {
+					"datatype": "string"
+				},
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "network"
+							}
+						}
+					}
+				]
+			},
+			"Masq": {
+				"type": "boolean",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "boolean",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "masq"
+							}
+						}
+					}
+				]
+			},
+			"Masq_src": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"list": {
+					"datatype": "string"
+				},
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "masq_src"
+							}
+						}
+					}
+				]
+			},
+			"Masq_dest": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"list": {
+					"datatype": "string"
+				},
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "masq_dest"
+							}
+						}
+					}
+				]
+			},
+			"Masq_allow_invalid": {
+				"type": "boolean",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "boolean",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "masq_allow_invalid"
+							}
+						}
+					}
+				]
+			},
+			"Mtu_fix": {
+				"type": "boolean",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"description": "MSS clamping",
+				"datatype": "boolean",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "mtu_fix"
+							}
+						}
+					}
+				]
+			},
+			"Input": {
+				"type": "string",
+				"enumerations": [
+					"ACCEPT",
+					"REJECT",
+					"DROP"
+				],
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "string",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "input"
+							}
+						}
+					}
+				]
+			},
+			"Forward": {
+				"type": "string",
+				"enumerations": [
+					"ACCEPT",
+					"REJECT",
+					"DROP"
+				],
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "string",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "forward"
+							}
+						}
+					}
+				]
+			},
+			"Output": {
+				"type": "string",
+				"enumerations": [
+					"ACCEPT",
+					"REJECT",
+					"DROP"
+				],
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "string",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "output"
+							}
+						}
+					}
+				]
+			},
+			"Family": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "string",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "family"
+							}
+						}
+					}
+				]
+			},
+			"Log": {
+				"type": "unsignedInt",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "unsignedInt",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "log"
+							}
+						}
+					}
+				]
+			},
+			"Device": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"list": {
+					"datatype": "string"
+				},
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "device"
+							}
+						}
+					}
+				]
+			},
+			"Subnet": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"list": {
+					"datatype": "string"
+				},
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "subnet"
+							}
+						}
+					}
+				]
+			},
+			"Auto_helper": {
+				"type": "boolean",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "boolean",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "zone",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "auto_helper"
+							}
+						}
+					}
+				]
+			}
+		},
+		"ForwardingNumberOfEntries": {
+			"type": "unsignedInt",
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"read": true,
+			"write": false,
+			"mapping": [
+				{
+					"type": "uci",
+					"uci": {
+						"file": "firewall",
+						"section": {
+							"type": "forwarding"
+						},
+						"option": {
+							"name": "@Count"
+						}
+					}
+				}
+			]
+		},
+		"Device.Firewall.X_GENEXIS_EU.Forwarding.{i}.": {
+			"type": "object",
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"access": true,
+			"array": true,
+			"mapping": {
+				"type": "uci",
+				"uci": {
+					"file": "firewall",
+					"section": {
+						"type": "forwarding"
+					},
+					"dmmapfile": "dmmap_firewall"
+				}
+			},
+			"Src": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "string",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "forwarding",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "src"
+							}
+						}
+					}
+				]
+			},
+			"Dest": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "string",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "firewall",
+							"section": {
+								"type": "forwarding",
+								"index": "@i-1"
+							},
+							"option": {
+								"name": "dest"
+							}
+						}
+					}
+				]
+			}
+		}
+	}
+}

sulu/sulu-vendorext/extn/X_IOWRT_EU_MAPController.json

@@ -127,6 +127,153 @@
         ]
       }
     },
+    "Device.X_IOWRT_EU_MAPController.AccessPoint.{i}.": {
+      "type": "object",
+      "protocols": [
+        "usp"
+      ],
+      "access": true,
+      "array": true,
+      "mapping": [
+        {
+          "type": "uci",
+          "uci": {
+            "file": "mapcontroller",
+            "section": {
+              "type": "ap"
+            },
+            "dmmapfile": "dmmap_mapcontroller"
+          }
+        }
+      ],
+      "Band": {
+        "type": "string",
+        "read": true,
+        "write": true,
+        "protocols": [
+          "usp"
+        ],
+        "mapping": [
+          {
+            "type": "uci_sec",
+            "data": "@Parent",
+            "key": "band"
+          }
+        ]
+      },
+      "SSID": {
+        "type": "string",
+        "read": true,
+        "write": true,
+        "protocols": [
+          "usp"
+        ],
+        "mapping": [
+          {
+            "type": "uci_sec",
+            "data": "@Parent",
+            "key": "ssid"
+          }
+        ]
+      },
+      "Encryption": {
+        "type": "string",
+        "read": true,
+        "write": true,
+        "protocols": [
+          "usp"
+        ],
+        "mapping": [
+          {
+            "type": "uci_sec",
+            "data": "@Parent",
+            "key": "encryption"
+          }
+        ]
+      },
+      "Key": {
+        "type": "string",
+        "read": true,
+        "write": true,
+        "protocols": [
+          "usp"
+        ],
+        "flags": [
+          "Secure"
+        ],
+        "mapping": [
+          {
+            "type": "uci_sec",
+            "data": "@Parent",
+            "key": "key"
+          }
+        ]
+      },
+      "HaulType": {
+        "type": "string",
+        "read": true,
+        "write": true,
+        "protocols": [
+          "usp"
+        ],
+        "default": "fronthaul",
+        "mapping": [
+          {
+            "type": "uci_sec",
+            "data": "@Parent",
+            "key": "type"
+          }
+        ]
+      },
+      "NetworkType": {
+        "type": "string",
+        "read": true,
+        "write": true,
+        "protocols": [
+          "usp"
+        ],
+        "default": "Primary",
+        "mapping": [
+          {
+            "type": "uci_sec",
+            "data": "@Parent",
+            "key": "network_type"
+          }
+        ]
+      },
+      "VID": {
+        "type": "unsignedInt",
+        "read": true,
+        "write": true,
+        "protocols": [
+          "usp"
+        ],
+        "default": 1,
+        "mapping": [
+          {
+            "type": "uci_sec",
+            "data": "@Parent",
+            "key": "vid"
+          }
+        ]
+      },
+      "Enable": {
+        "type": "boolean",
+        "read": true,
+        "write": true,
+        "protocols": [
+          "usp"
+        ],
+        "default": true,
+        "mapping": [
+          {
+            "type": "uci_sec",
+            "data": "@Parent",
+            "key": "enabled"
+          }
+        ]
+      }
+    },
     "Device.X_IOWRT_EU_MAPController.STASteering.": {
       "type": "object",
       "protocols": [

sulu/sulu-vendorext/files/usr/libexec/rpcd/firewall_mode

@@ -0,0 +1,147 @@
+#!/bin/sh
+
+. /usr/share/libubox/jshn.sh
+
+get_fwmode() {
+	uci -q get firewall.globals.mode || echo "custom"
+}
+
+set_fwmode() {
+	local mode=$1
+	local allow_gw_rule="allow_gw_in"
+	local services="http https smtp pop3 imap ssh"
+	local ports="80 443 25 110 143 22"
+
+	uci set firewall.globals.mode="$mode"
+
+	# Set some defaults and start from a clean slate
+	uci set firewall.lan.input='ACCEPT'
+	uci set firewall.lan.output='ACCEPT'
+	uci set firewall.lan.forward='ACCEPT'
+
+	uci set firewall.wan.input='REJECT'
+	uci set firewall.wan.output='ACCEPT'
+	uci set firewall.wan.forward='REJECT'
+
+	# remove rules from low mode
+	uci -q delete firewall.${allow_gw_rule}
+
+	# remove rules from high mode
+	for service in $services; do
+		uci -q delete firewall.allow_${service}_out
+	done
+
+	# handle any custom zones and forwardings
+	for zone in $(uci show firewall | grep "=zone" | cut -d'.' -f2 | cut -d'=' -f1); do
+		if [ "$zone" == "lan" ] || [ "$zone" == "wan" ]; then
+			continue
+		fi
+		if [ "$mode" == "custom" ]; then
+			uci set firewall.${zone}.enabled=1
+		else
+			uci set firewall.${zone}.enabled=0
+		fi
+	done
+	for forwarding in $(uci show firewall | grep "=forwarding" | cut -d'.' -f2 | cut -d'=' -f1); do
+		if [ "$forwarding" == "default_fwd_1" ]; then
+			continue
+		fi
+		if [ "$mode" == "custom" ]; then
+			uci set firewall.${forwarding}.enabled=1
+		else
+			uci set firewall.${forwarding}.enabled=0
+		fi
+	done
+
+	# Now set mode specific presets
+	case "$mode" in
+	low)
+		# add rule for incoming gateway
+		json_init
+		json_load "$(ubus -S call genexis.wan status)"
+		json_get_var gateway gateway
+
+		if [ -n "$gateway" ]; then
+			uci set firewall.${allow_gw_rule}=rule
+			uci set firewall.${allow_gw_rule}.name='Allow-Gateway-In'
+			uci set firewall.${allow_gw_rule}.src='wan'
+			uci set firewall.${allow_gw_rule}.src_ip="$gateway"
+			uci set firewall.${allow_gw_rule}.target='ACCEPT'
+			uci reorder firewall.${allow_gw_rule}=1
+		fi
+		;;
+	medium)
+		uci set firewall.wan.input='DROP'
+		uci set firewall.wan.forward='DROP'
+		;;
+	high)
+		uci set firewall.wan.input='DROP'
+		uci set firewall.wan.output='REJECT'
+		uci set firewall.wan.forward='DROP'
+
+		# add rules for outgoing services
+		i=1
+		for service in $services; do
+			port=$(echo $ports | cut -d' ' -f$i)
+			uci set firewall.allow_${service}_out=rule
+			uci set firewall.allow_${service}_out.name="Allow-${service}-Out"
+			uci set firewall.allow_${service}_out.src='lan'
+			uci set firewall.allow_${service}_out.dest='wan'
+			uci set firewall.allow_${service}_out.proto='tcp'
+			uci set firewall.allow_${service}_out.dest_port="$port"
+			uci set firewall.allow_${service}_out.target='ACCEPT'
+			uci reorder firewall.allow_${service}_out=1
+			i=$((i + 1))
+		done
+		;;
+	custom)
+		uci -q delete firewall.globals.mode # keep or not keep?
+		# in custom mode we will get additional usp calls to set config directly towards uci
+		;;
+	esac
+
+	ubus call uci commit '{"config": "firewall"}'
+	logger -t "firewall.ubus" "Commited and applied new firewall config"
+}
+
+fwmode="$(get_fwmode)"
+
+case "$1" in
+list)
+	echo '{ "get" : {}, "set" : {"mode":"String"}}'
+	;;
+call)
+	case "$2" in
+	get)
+
+		if [ -n "$fwmode" ]; then
+			echo '{"mode": "'"$fwmode"'"}'
+		else
+			echo '{"error": "Could not detect mode"}'
+		fi
+		;;
+	set)
+		# Read the JSON object provided for the arguments
+		read -r input
+
+		json_load "${input}"
+		json_get_var mode mode
+
+		mode=$(echo "$mode" | tr 'A-Z' 'a-z')
+		case "$mode" in
+		low | medium | high | custom)
+			if [ "$mode" == "$fwmode" ]; then
+				echo '{"status": "No change"}'
+				return
+			fi
+			set_fwmode "$mode"
+			echo '{"status": "Ok"}'
+			;;
+		*)
+			echo '{"error": "Incorrect mode ('"$mode"')"}'
+			;;
+		esac
+		;;
+	esac
+	;;
+esac

sulu/sulu-vendorext/files/usr/libexec/rpcd/voip

@@ -0,0 +1,32 @@
+#!/bin/sh
+. /usr/share/libubox/jshn.sh
+
+case "$1" in
+        list)
+                echo '{ "reset" : {"sip": "string"} }'
+        ;;
+        call)
+                case "$2" in
+                        reset)
+                                read input;
+                                sip=`echo $input | jsonfilter -e '@.sip'`
+                                
+				if [ "$sip" == "" ] || [ ! $(uci -q get asterisk.$sip) ]; then
+					result="incorrect parameter $input"
+				else
+					ubus call uci set '{"config":"asterisk", "section":"'$sip'", "values": {"enable":"0"}}'
+					ubus call uci commit '{"config":"asterisk"}'
+					ubus call uci set '{"config":"asterisk", "section":"'$sip'", "values": {"enable":"1"}}'
+					ubus call uci commit '{"config":"asterisk"}'
+					result="ok"
+				fi
+
+                                json_init
+                                json_add_string "status" "$result"
+                                json_dump
+                        ;;
+
+                esac
+        ;;
+esac
+

usermngr/Config.in

@@ -5,17 +5,4 @@ config USERMNGR_SECURITY_HARDENING
 	default y
 	help
 	   Enable this option to use PAM based faillock, passwdqc, faildelay for security hardening.
-
-config USERMNGR_ENABLE_AUTH_VENDOR_EXT
-	depends on USERMNGR_SECURITY_HARDENING
-	bool "Exposes vendor datamodel extensions for AuthenticationPolicy"
-	default y
-	help
-	   Enable this option to expose TR181 vendor extensions for AuthenticationPolicy.
-
-config USERMNGR_VENDOR_PREFIX
-	depends on USERMNGR_ENABLE_AUTH_VENDOR_EXT
-	string "Package specific datamodel Vendor Prefix for TR181 extensions"
-	default ""
-
 endif

usermngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=usermngr
-PKG_VERSION:=1.4.4
+PKG_VERSION:=1.4.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/usermngr.git
-PKG_SOURCE_VERSION:=defe0165931a1cee032ff2bd9e9911a4f1874e18
+PKG_SOURCE_VERSION:=b8611c2b71a178bc4bfd4161be4e5b6513b45e57
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -32,7 +32,7 @@ define Package/usermngr
   DEPENDS+=+libbbfdm-api +libbbfdm-ubus +bbfdmd
   DEPENDS+=+@BUSYBOX_CONFIG_ADDUSER +@BUSYBOX_CONFIG_DELUSER +@BUSYBOX_CONFIG_ADDGROUP +@BUSYBOX_CONFIG_DELGROUP +shadow-usermod
   DEPENDS+=+@BUSYBOX_CONFIG_CMP
-  DEPENDS+=+@USERMNGR_SECURITY_HARDENING:SHADOW_UTILS_USE_PAM
+  DEPENDS+=+@SHADOW_UTILS_USE_PAM
   DEPENDS+=+@USERMNGR_SECURITY_HARDENING:BUSYBOX_CONFIG_PAM
   DEPENDS+=+USERMNGR_SECURITY_HARDENING:linux-pam
   DEPENDS+=+USERMNGR_SECURITY_HARDENING:passwdqc
@@ -53,22 +53,6 @@ define Build/Prepare
 endef
 endif
 
-ifeq ($(CONFIG_USERMNGR_SECURITY_HARDENING),y)
-MAKE_FLAGS += USERMNGR_SECURITY_HARDENING=y
-endif
-
-ifeq ($(CONFIG_USERMNGR_ENABLE_AUTH_VENDOR_EXT),y)
-MAKE_FLAGS += USERMNGR_ENABLE_AUTH_VENDOR_EXT=y
-endif
-
-ifeq ($(CONFIG_USERMNGR_VENDOR_PREFIX),"")
-VENDOR_PREFIX = $(CONFIG_BBF_VENDOR_PREFIX)
-else
-VENDOR_PREFIX = $(CONFIG_USERMNGR_VENDOR_PREFIX)
-endif
-
-TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
-
 define Package/usermngr/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/config
@@ -80,9 +64,6 @@ define Package/usermngr/install
 ifeq ($(CONFIG_USERMNGR_SECURITY_HARDENING),y)
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-security-hardening $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-set-ssh-pam $(1)/etc/uci-defaults/
-else
-	$(INSTALL_BIN) ./files/etc/uci-defaults/91-disabled-security $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/91-unset-ssh-pam $(1)/etc/uci-defaults/
 endif
 	$(INSTALL_BIN) ./files/etc/init.d/users $(1)/etc/init.d/users
 	$(INSTALL_BIN) ./files/etc/config/users $(1)/etc/config/users

usermngr/files/etc/config/users

@@ -1,3 +1,17 @@
+config security_policy 'security_policy'
+	option enabled '1'
+	option fail_delay '3'
+	option faillock_attempts '6'
+	option faillock_lockout_time '300'
+
+config passwdqc 'passwdqc'
+	option enabled '1'
+	option min 'disabled,disabled,disabled,8,8'
+	option max '20'
+	option passphrase '0'
+	option retry '3'
+	option enforce 'everyone'
+
 config users 'users'
 	option enabled '1'
 	option loglevel '3'

usermngr/files/etc/init.d/users

@@ -51,31 +51,17 @@ update_auth() {
 	tmp_file="/tmp/common-auth"
 	pam_file="/etc/pam.d/common-auth"
 
-	local auth_enabled="${1}"
-	local enabled="${2}"
-
-	local faildelay="$(uci -q get users.authentication_policy.fail_delay)"
-	local faillock_lockout_time="$(uci -q get users.authentication_policy.faillock_lockout_time)"
-	local faillock_attempts="$(uci -q get users.authentication_policy.faillock_attempts)"
-
-	[ -n "$faildelay" ] || faildelay=3
-	[ -n "$faillock_attempts" ] || faillock_attempts=6
-	[ -n "$faillock_lockout_time" ] || faillock_lockout_time=300
-
-	# Convert seconds to microseconds for pam_faildelay
-	local faildelay_usec=$((faildelay * 1000000))
-
 	rm -f "$tmp_file"
 	touch "$tmp_file"
 
-	if [ "${auth_enabled}" -eq 1 ] && [ "${enabled}" -eq 1 ]; then
+	if [ "$enabled" != "0" ]; then
 		write_line "$tmp_file" "auth	optional	pam_faildelay.so delay=$faildelay_usec"
 		write_line "$tmp_file" "auth	required	pam_faillock.so preauth deny=$faillock_attempts even_deny_root unlock_time=$faillock_lockout_time"
 	fi
 
 	write_line "$tmp_file" "auth	sufficient	pam_unix.so nullok_secure"
 
-	if [ "${auth_enabled}" -eq 1 ] && [ "${enabled}" -eq 1 ]; then
+	if [ "$enabled" != "0" ]; then
 		write_line "$tmp_file" "auth	[default=die]	pam_faillock.so authfail audit deny=$faillock_attempts even_deny_root unlock_time=$faillock_lockout_time"
 		write_line "$tmp_file" ""
 	fi
@@ -117,8 +103,7 @@ update_password() {
 	local tmp_file pam_file enabled line
 	tmp_file="/tmp/common-password"
 	pam_file="/etc/pam.d/common-password"
-
-	local auth_enabled="${1}"
+	enabled=1
 
 	rm -f "$tmp_file"
 	touch "$tmp_file"
@@ -127,7 +112,7 @@ update_password() {
 	if uci -q get users.passwdqc >/dev/null 2>&1; then
 		# if enabled is not present it is assumed to be 0
 		enabled=$(uci -q get users.passwdqc.enabled || echo "0")
-		if [ "${auth_enabled}" -eq 1 ] && [ "${enabled}" -eq 1 ]; then
+		if [ "$enabled" != "0" ]; then
 			line="$(build_pam_passwdqc_line)"
 			write_line "$tmp_file" "$line"
 		fi
@@ -147,13 +132,10 @@ update_account() {
 	tmp_file="/tmp/common-account"
 	pam_file="/etc/pam.d/common-account"
 
-	local auth_enabled="${1}"
-	local enabled="${2}"
-
 	rm -f "$tmp_file"
 	touch "$tmp_file"
 
-	if [ "${auth_enabled}" -eq 1 ] && [ "${enabled}" -eq 1 ]; then
+	if [ "$enabled" != "0" ]; then
 		write_line "$tmp_file" "account 	required       		pam_faillock.so"
 	fi
 
@@ -166,20 +148,28 @@ update_account() {
 }
 
 handle_security_policy() {
-	local auth_enabled enabled
+	local enabled faildelay faillock_lockout_time faillock_attempts faildelay_usec
 
 	# Read UCI values
-	auth_enabled="$(uci -q get users.users.auth_policy_enable || echo 0)"
-	enabled="$(uci -q get users.authentication_policy.enabled || echo 0)"
+	enabled="$(uci -q get users.security_policy.enabled)"
+	faildelay="$(uci -q get users.security_policy.fail_delay)"
+	faillock_lockout_time="$(uci -q get users.security_policy.faillock_lockout_time)"
+	faillock_attempts="$(uci -q get users.security_policy.faillock_attempts)"
 
 	# if any .so files are missing, then we cannot setup security
 	if ! check_required_modules; then
 		return
 	fi
 
-	update_auth "${auth_enabled}" "${enabled}"
-	update_account "${auth_enabled}" "${enabled}"
-	update_password "${auth_enabled}"
+	[ -n "$faildelay" ] || faildelay=3
+	[ -n "$faillock_attempts" ] || faillock_attempts=6
+	[ -n "$faillock_lockout_time" ] || faillock_lockout_time=300
+	# Convert seconds to microseconds for pam_faildelay
+	faildelay_usec=$((faildelay * 1000000))
+
+	update_auth
+	update_account
+	update_password
 }
 
 start_service() {
@@ -206,7 +196,6 @@ reload_service() {
 		stop
 		start
 	else
-		handle_security_policy
 		ubus send usermngr.reload
 	fi
 

usermngr/files/etc/uci-defaults/91-disabled-security

@@ -1,16 +0,0 @@
-#!/bin/sh
-
-# Remove auth_policy_enable from global
-if uci -q get users.users; then
-	uci -q set users.users.auth_policy_enable=''
-else
-	uci -q set users.users='users'
-fi
-
-# Remove authentication_policy section
-uci -q del users.authentication_policy
-
-# Remove passwdqc section
-uci -q del users.passwdqc
-
-exit 0

usermngr/files/etc/uci-defaults/91-security-hardening

@@ -1,19 +1,12 @@
 #!/bin/sh
 
-# Create global section
-if ! uci -q get users.users; then
-	uci -q set users.users='users'
-fi
-
-uci -q set users.users.auth_policy_enable='1'
-
-# Create default authentication_policy section if missing
-if ! uci -q get users.authentication_policy; then
-	uci -q set users.authentication_policy='authentication_policy'
-	uci -q set users.authentication_policy.enabled='1'
-	uci -q set users.authentication_policy.fail_delay='3'
-	uci -q set users.authentication_policy.faillock_attempts='6'
-	uci -q set users.authentication_policy.faillock_lockout_time='300'
+# Create default security_policy section if missing
+if ! uci -q get users.security_policy; then
+	uci -q set users.security_policy='security_policy'
+	uci -q set users.security_policy.enabled='1'
+	uci -q set users.security_policy.fail_delay='3'
+	uci -q set users.security_policy.faillock_attempts='6'
+	uci -q set users.security_policy.faillock_lockout_time='300'
 fi
 
 # Create default passwdqc section if missing

usermngr/files/etc/uci-defaults/91-unset-ssh-pam

@@ -1,8 +0,0 @@
-#!/bin/sh
-
-if [ -f /etc/config/sshd ]; then
-	uci -q set sshd.@sshd[0].UsePAM=0
-fi
-
-exit 0
-

wifidmd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifidmd
-PKG_VERSION:=1.1.33.4
+PKG_VERSION:=1.1.33.3
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/wifidmd.git
-PKG_SOURCE_VERSION:=9fe191bb4b8c442668ad98c9b2119274f513ea5d
+PKG_SOURCE_VERSION:=98dbea71e67b4fb962fc5abd6657d143a12b39e4
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

wifimngr/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifimngr
-PKG_VERSION:=17.7.8
+PKG_VERSION:=17.7.7
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=f0c953cfbfbde7fc0a2b37378de3417412418791
+PKG_SOURCE_VERSION:=af4fb95993a41210f558d5e8a65c0c1597b7db41
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/wifimngr.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@genexis.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz