rename mosquitto-auth-shadow->mosquitto-auth-plugin

- Implement whitelist/blacklist subnet filtering for MQTT users
- Add support for CIDR notation (e.g., 192.168.1.0/24)
- Parse subnet ACL files via auth_opt_subnet_acl_file option
- Support multiple subnets per user (up to 32 allow + 32 deny rules)
- Deny rules take precedence over allow rules
- Localhost (127.0.0.1/::1) always allowed
- IPv6 addresses gracefully deferred to other ACL handlers
- Backward compatible: users without subnet rules are not affected
- Configuration format: 'subnet allow|deny <username> <cidr>'
- Integrates with existing shadow/PAM authentication and topic ACLs

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.18.12
+PKG_VERSION:=1.18.10
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=adfdb54d625b952c533670f093dae008782ff56a
+PKG_SOURCE_VERSION:=1a86b8a4432a2c3a9d41a9b18ccfc830bd0083cb
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

decollector/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.3.2
+PKG_VERSION:=6.2.2.4
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=2f618a85b4d9dab443319ee355355c526f6429c9
+PKG_SOURCE_VERSION:=b632ef13fed94c683d65dedcbc91afdee9ee980f
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.7.12
+PKG_VERSION:=3.7.11
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=a62611a36fa85f9fba1b8ec946397dc725c57630
+PKG_SOURCE_VERSION:=815ee44808169b8e1efa2cac44bd7d238ad33cdc
 PKG_MIRROR_HASH:=skip
 endif
 

dhcpmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dhcpmngr
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.0.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dhcpmngr.git
-PKG_SOURCE_VERSION:=5787de10680719d0c4b72e1ffcfffa895d4c0571
+PKG_SOURCE_VERSION:=986f66608959f4f589009d580b046e250d8c620d
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

dnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.19
+PKG_VERSION:=1.0.18
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=205938aa1f686d5b43460e4a17f3900ed82bd29f
+PKG_SOURCE_VERSION:=80fa147e6f1f0d9c1a62a62a693ff3adaef45363
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

firewallmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.12
+PKG_VERSION:=1.0.10
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
-PKG_SOURCE_VERSION:=30319c67fb4db285a2bcd272b1c10bc040eecf19
+PKG_SOURCE_VERSION:=05ad0d6f7f21520eecd05429c14d1963de2a8463
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

gateway-info/files/etc/uci-defaults/86-set-gateway-device-info

@@ -110,7 +110,7 @@ configure_send_op125() {
 
 
 	if [ "${uci}" = "network" ]; then
-		[ -n "${sendopt}" ] && new_send_opt="$sendopt $opt125" || new_send_opt="$opt125"
+		new_send_opt="$sendopt $opt125"
 		uci -q set network."${intf}".sendopts="$new_send_opt"
 	else
 		new_send_opt="$sendopt$opt125"
@@ -228,7 +228,7 @@ enable_dhcp_option125() {
 
 	if [ "${proto}" = "dhcp" ]; then
 		if [ ${req125_present} -eq 0 ]; then
-			[ -n "${reqopts}" ] && newreqopts="$reqopts 125" || newreqopts="125"
+			newreqopts="$reqopts 125"
 			uci -q set network."${wan}".reqopts="$newreqopts"
 		fi
 

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.4.2
+PKG_VERSION:=1.4.0
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ac50f621e19f74b7af4e4b8c1e810503507cc3dd
+PKG_SOURCE_VERSION:=230d55ae6769e1ebde02cef3f718e6c4cf1b1962
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.10.10
+PKG_VERSION:=9.10.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=63251b6c9789b1428604af0a5c1d23d32d14a8b8
+PKG_SOURCE_VERSION:=7f4a159f6ff49584655e57bb801218eb083fba67
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -84,7 +84,6 @@ define Package/icwmp/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
 	$(INSTALL_BIN) ./files/etc/init.d/icwmpd $(1)/etc/init.d/icwmpd
-	$(INSTALL_BIN) ./files/etc/uci-defaults/50-cwmp-align-keep-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-cwmp-set-userid $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-set-random-inform-time $(1)/etc/uci-defaults/

icwmp/files/etc/config/cwmp

@@ -42,9 +42,7 @@ config cpe 'cpe'
 	option periodic_notify_interval '10'
 	option incoming_rule 'Port_Only'
 	option active_notif_throttle '0'
-	#option KeepConfig '1'
-	#option KeepOpConf '1'
-	#option ConfigScope 'UserOnly'
+	option fw_upgrade_keep_settings '1'
 	option clock_sync_timeout '128'
 	option disable_datatype_check '0'
 	#list allowed_cr_ip '10.5.1.0/24'

icwmp/files/etc/init.d/icwmpd

@@ -97,9 +97,7 @@ validate_cpe_section()
 		'periodic_notify_enable:bool' \
 		'enable:bool:1' \
 		'periodic_notify_interval:uinteger' \
-		'KeepConfig:bool' \
-		'KeepOpConf:bool' \
-		'ConfigScope:string'
+		'fw_upgrade_keep_settings:bool'
 }
 
 validate_defaults() {
@@ -170,21 +168,13 @@ start_service() {
 
 stop_service()
 {
-	local switch_bank KeepConfig KeepOpConf ConfigScope
+	local switch_bank
 
 	copy_cwmp_varstate_files_to_etc
+	
 	switch_bank=$(uci -q -c /var/state/ get icwmp.cpe.switch_bank)
-	if [ "$switch_bank" = "1" ] && [ -x /etc/sysmngr/fwbank ]; then
-		KeepConfig="$(uci -q get cwmp.cpe.KeepConfig)"
-		KeepOpConf="$(uci -q get cwmp.cpe.KeepOpConf)"
-		ConfigScope="$(uci -q get cwmp.cpe.ConfigScope)"
-
-		json_init
-		[ -n "${KeepConfig}" ] && json_add_boolean "keep_config" "${KeepConfig}"
-		[ -n "${KeepOpConf}" ] && json_add_boolean "keep_opconf" "${KeepOpConf}"
-		[ -n "${ConfigScope}" ] && json_add_string "config_scope" "${ConfigScope}"
-
-		json_dump| /etc/sysmngr/fwbank call copy_config
+	if [ -n "$switch_bank" ] && [ "$switch_bank" = "1" ]; then
+		[ -x /etc/sysmngr/fwbank ] && /etc/sysmngr/fwbank call copy_config
 	fi
 }
 

icwmp/files/etc/uci-defaults/50-cwmp-align-keep-config

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-keep_settings="$(uci -q get cwmp.cpe.fw_upgrade_keep_settings)"
-if [ -n "${keep_settings}" ]; then
-	uci -q delete cwmp.cpe.fw_upgrade_keep_settings
-	uci -q set cwmp.cpe.KeepConfig="${keep_settings}"
-fi

ieee1905/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.41
+PKG_VERSION:=8.7.38
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=9a61dcdd89be917a5a34caef8170074f117a53b2
+PKG_SOURCE_VERSION:=c685111f87aaca4dc17cc03b0d34e20b47c83a03
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

iopsys-analytics/Makefile

@@ -34,9 +34,6 @@ define Package/$(PKG_NAME)
     +@PACKAGE_syslog-ng:SYSLOGNG_LOGROTATE              \
     +PACKAGE_fluent-bit:logrotate                       \
     +@DMCLI_REMOTE_CONNECTION
-  # tools used in development/testing
-  DEPENDS+=                                             \
-    +iperf3
 
 endef
 

libeasy/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libeasy
-PKG_VERSION:=7.5.1
+PKG_VERSION:=7.5.0
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b981f7e1bd51f66041cd0c25d15af74ae1e3bc75
+PKG_SOURCE_VERSION:=18f93677bb4d33ebb6249324a5043294f0eae16c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libeasy.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

libvoice-airoha/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.1.8
+PKG_VERSION:=1.1.7
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=9763c574ec69e2aa492db4f1296d4bcd53776fba
+PKG_SOURCE_VERSION:=3a30086a68a3409f0396acb01380f91daabf7a2f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha

@@ -25,5 +25,6 @@ db commit
 # configure the PCM for DECT/DCX81
 [ -f "/proc/device-tree/aliases/dcx81-uart" ] && {
     uci set dect.global.pcm_fsync='SHORT_LF'
+    uci set dect.global.pcm_slot_start='8'
     uci set dect.global.dect_channel_start='3'
 }

libwifi/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.22.9
+PKG_VERSION:=7.22.4
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=8e6dfd1f0d0d6b5a39dbb10a5820f3b80120564b
+PKG_SOURCE_VERSION:=fadbe86a2ea05037ee9df6040b74bec683a6ca66
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libwifi.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

logmngr/files/etc/init.d/logmngr

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=09
+START=12
 
 USE_PROCD=1
 

map-agent/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.4.3.11
+PKG_VERSION:=6.4.3.5
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=9c74ba03e3f543961afe54bb08668f87f4ae169f
+PKG_SOURCE_VERSION:=eeea7b39112717639046ac347e30ed0991ca490f
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-agent/files/etc/init.d/mapagent

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=97
+START=98
 STOP=20
 
 USE_PROCD=1

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.4.4.11
+PKG_VERSION:=6.4.4.4
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=7e0d6921fad51c446777acf93ddb9bad87eccf76
+PKG_SOURCE_VERSION:=3d10c21efbb0b0da7206435a1ecfeed107d55e83
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0

map-controller/files/etc/config/mapcontroller

@@ -13,7 +13,7 @@ config controller 'controller'
 
 config sta_steering 'sta_steering'
 	option enable_sta_steer '1'
-	option enable_bsta_steer '1'
+	option enable_bsta_steer '0'
 	option rcpi_threshold_2g '70'
 	option rcpi_threshold_5g '86'
 	option rcpi_threshold_6g '86'

map-plugins/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-plugins
-PKG_VERSION:=1.2.7
+PKG_VERSION:=1.2.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=dd873ca4e2cb321302dae1955da24d1be271b2b1
+PKG_SOURCE_VERSION:=03524191711a50a07b9c26f3be2c16b845140e49
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-plugins.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -71,11 +71,5 @@ define Build/Compile
 	$(foreach p,$(plugins),$(call Build/Compile/map-plugins-$(p), $(1)))
 endef
 
-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-        rsync -r --exclude=.* ~/git/map-plugins/ $(PKG_BUILD_DIR)/
-endef
-endif
-
 $(eval $(call BuildPackage,map-plugins))
 $(eval $(foreach p,$(ppkg),$(call BuildPackage,$(p))))

mosquitto-auth-plugin/Makefile

@@ -47,7 +47,7 @@ endif
 
 define Package/mosquitto-auth-plugin/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_plugin.so $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_shadow.so $(1)/usr/lib/
 	$(CP) ./files/* $(1)/
 endef
 

mosquitto-auth-plugin/src/mosquitto_auth_plugin.c

@@ -30,169 +30,101 @@
 #define MAX_SUBNETS_PER_USER 32
 
 typedef struct {
-	union {
-		uint32_t ipv4_network;
-		uint8_t ipv6_network[16];
-	};
-	union {
-		uint32_t ipv4_netmask;
-		uint8_t ipv6_netmask[16];
-	};
-	int is_ipv6;
+    uint32_t network;
+    uint32_t netmask;
 } subnet_t;
 
 typedef struct {
-	char username[64];
-	subnet_t allow_subnets[MAX_SUBNETS_PER_USER];
-	int allow_count;
-	subnet_t deny_subnets[MAX_SUBNETS_PER_USER];
-	int deny_count;
+    char username[64];
+    subnet_t allow_subnets[MAX_SUBNETS_PER_USER];
+    int allow_count;
+    subnet_t deny_subnets[MAX_SUBNETS_PER_USER];
+    int deny_count;
 } user_acl_t;
 
 typedef struct {
-	user_acl_t users[MAX_USERS];
-	int user_count;
-	mosquitto_plugin_id_t *identifier;
+    user_acl_t users[MAX_USERS];
+    int user_count;
+    mosquitto_plugin_id_t *identifier;
 } plugin_data_t;
 
-/* Parse CIDR notation for IPv4 or IPv6 (e.g., "192.168.1.0/24" or "2001:db8::/32") */
+/* Parse CIDR notation (e.g., "192.168.1.0/24") */
 static int parse_subnet(const char *cidr, subnet_t *subnet)
 {
-	char ip_str[128];
-	char *slash;
-	int prefix_len;
-	struct in_addr addr4;
-	struct in6_addr addr6;
+    char ip_str[64];
+    char *slash;
+    int prefix_len;
+    struct in_addr addr;
 
-	strncpy(ip_str, cidr, sizeof(ip_str) - 1);
-	ip_str[sizeof(ip_str) - 1] = '\0';
+    strncpy(ip_str, cidr, sizeof(ip_str) - 1);
+    ip_str[sizeof(ip_str) - 1] = '\0';
 
-	slash = strchr(ip_str, '/');
-	if (slash != NULL) {
-		*slash = '\0';
-		prefix_len = atoi(slash + 1);
-	}
+    slash = strchr(ip_str, '/');
+    if (slash == NULL) {
+        /* No prefix length, assume /32 */
+        prefix_len = 32;
+    } else {
+        *slash = '\0';
+        prefix_len = atoi(slash + 1);
+        if (prefix_len < 0 || prefix_len > 32)
+            return -1;
+    }
 
-	/* Try IPv4 first */
-	if (inet_pton(AF_INET, ip_str, &addr4) == 1) {
-		subnet->is_ipv6 = 0;
-		if (slash == NULL)
-			prefix_len = 32;
-		if (prefix_len < 0 || prefix_len > 32)
-			return -1;
+    if (inet_pton(AF_INET, ip_str, &addr) != 1)
+        return -1;
 
-		subnet->ipv4_network = ntohl(addr4.s_addr);
-		subnet->ipv4_netmask = prefix_len == 0 ? 0 : (~0U << (32 - prefix_len));
-		subnet->ipv4_network &= subnet->ipv4_netmask;
-		return 0;
-	}
+    subnet->network = ntohl(addr.s_addr);
+    subnet->netmask = prefix_len == 0 ? 0 : (~0U << (32 - prefix_len));
+    subnet->network &= subnet->netmask;
 
-	/* Try IPv6 */
-	if (inet_pton(AF_INET6, ip_str, &addr6) == 1) {
-		subnet->is_ipv6 = 1;
-		if (slash == NULL)
-			prefix_len = 128;
-		if (prefix_len < 0 || prefix_len > 128)
-			return -1;
-
-		/* Copy network address */
-		memcpy(subnet->ipv6_network, addr6.s6_addr, 16);
-
-		/* Generate netmask */
-		memset(subnet->ipv6_netmask, 0, 16);
-		for (int i = 0; i < prefix_len / 8; i++)
-			subnet->ipv6_netmask[i] = 0xff;
-		if (prefix_len % 8)
-			subnet->ipv6_netmask[prefix_len / 8] = ~((1 << (8 - (prefix_len % 8))) - 1);
-
-		/* Apply netmask to network address */
-		for (int i = 0; i < 16; i++)
-			subnet->ipv6_network[i] &= subnet->ipv6_netmask[i];
-
-		return 0;
-	}
-
-	return -1;
+    return 0;
 }
 
-/* Check if IPv4 address is in subnet */
-static int ipv4_in_subnet(uint32_t ip, const subnet_t *subnet)
+/* Check if IP is in subnet */
+static int ip_in_subnet(uint32_t ip, const subnet_t *subnet)
 {
-	if (subnet->is_ipv6)
-		return 0;
-	return (ip & subnet->ipv4_netmask) == subnet->ipv4_network;
-}
-
-/* Check if IPv6 address is in subnet */
-static int ipv6_in_subnet(const uint8_t *ip, const subnet_t *subnet)
-{
-	if (!subnet->is_ipv6)
-		return 0;
-	for (int i = 0; i < 16; i++) {
-		if ((ip[i] & subnet->ipv6_netmask[i]) != subnet->ipv6_network[i])
-			return 0;
-	}
-	return 1;
+    return (ip & subnet->netmask) == subnet->network;
 }
 
 /* Check if IP is in any subnet in the list */
-static int ip_in_subnet_list(const char *client_address, const subnet_t *subnets, int count)
+static int ip_in_subnet_list(uint32_t ip, const subnet_t *subnets, int count)
 {
-	struct in_addr addr4;
-	struct in6_addr addr6;
-	uint32_t ipv4;
-
-	/* Try IPv4 */
-	if (inet_pton(AF_INET, client_address, &addr4) == 1) {
-		ipv4 = ntohl(addr4.s_addr);
-		for (int i = 0; i < count; i++) {
-			if (ipv4_in_subnet(ipv4, &subnets[i]))
-				return 1;
-		}
-		return 0;
-	}
-
-	/* Try IPv6 */
-	if (inet_pton(AF_INET6, client_address, &addr6) == 1) {
-		for (int i = 0; i < count; i++) {
-			if (ipv6_in_subnet(addr6.s6_addr, &subnets[i]))
-				return 1;
-		}
-		return 0;
-	}
-
-	return 0;
+    for (int i = 0; i < count; i++) {
+        if (ip_in_subnet(ip, &subnets[i]))
+            return 1;
+    }
+    return 0;
 }
 
 /* Find or create user ACL entry */
 static user_acl_t* find_or_create_user_acl(plugin_data_t *pdata, const char *username)
 {
-	user_acl_t *user;
+    user_acl_t *user;
 
-	/* Find existing user */
-	for (int i = 0; i < pdata->user_count; i++) {
-		if (strcmp(pdata->users[i].username, username) == 0)
-			return &pdata->users[i];
-	}
+    /* Find existing user */
+    for (int i = 0; i < pdata->user_count; i++) {
+        if (strcmp(pdata->users[i].username, username) == 0)
+            return &pdata->users[i];
+    }
 
-	/* Create new user if not found */
-	if (pdata->user_count >= MAX_USERS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Max users exceeded");
-		return NULL;
-	}
+    /* Create new user if not found */
+    if (pdata->user_count >= MAX_USERS) {
+        mosquitto_log_printf(MOSQ_LOG_ERR,
+            "subnet_acl: Max users exceeded");
+        return NULL;
+    }
 
-	user = &pdata->users[pdata->user_count];
-	strncpy(user->username, username, sizeof(user->username) - 1);
-	user->username[sizeof(user->username) - 1] = '\0';
-	user->allow_count = 0;
-	user->deny_count = 0;
-	pdata->user_count++;
+    user = &pdata->users[pdata->user_count];
+    strncpy(user->username, username, sizeof(user->username) - 1);
+    user->username[sizeof(user->username) - 1] = '\0';
+    user->allow_count = 0;
+    user->deny_count = 0;
+    pdata->user_count++;
 
-	return user;
+    return user;
 }
 
-/* Parse subnet ACL file with simplified format
+/* Parse subnet ACL file
  * Format:
  * # Comment lines
  * subnet allow <username> <cidr>
@@ -200,417 +132,399 @@ static user_acl_t* find_or_create_user_acl(plugin_data_t *pdata, const char *use
  */
 static int load_subnet_acl_config(plugin_data_t *pdata, const char *config_file)
 {
-	FILE *fp;
-	char line[512];
-	int line_num = 0;
+    FILE *fp;
+    char line[512];
+    int line_num = 0;
 
-	/* Initialize user count */
-	pdata->user_count = 0;
+    if (config_file == NULL) {
+        mosquitto_log_printf(MOSQ_LOG_INFO,
+            "subnet_acl: No subnet ACL file specified, subnet filtering disabled");
+        return 0;
+    }
 
-	/* Config file is optional - if not provided, no subnet filtering */
-	if (config_file == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_INFO,
-			"subnet_acl: No subnet ACL file specified, subnet filtering disabled");
-		return 0;
-	}
+    fp = fopen(config_file, "r");
+    if (fp == NULL) {
+        mosquitto_log_printf(MOSQ_LOG_WARNING,
+            "subnet_acl: Could not open subnet ACL file %s, subnet filtering disabled",
+            config_file);
+        return 0; /* Non-fatal */
+    }
 
-	/* If config file is specified but cannot be opened, this is a fatal error */
-	fp = fopen(config_file, "r");
-	if (fp == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to open subnet ACL file '%s'", config_file);
-		return -1;
-	}
+    pdata->user_count = 0;
 
-	while (fgets(line, sizeof(line), fp) != NULL) {
-		char *token, *saveptr;
-		char *action, *username, *cidr;
-		user_acl_t *user;
-		subnet_t subnet;
+    while (fgets(line, sizeof(line), fp) != NULL) {
+        char *token, *saveptr;
+        char *action, *username, *cidr;
+        user_acl_t *user;
+        subnet_t subnet;
 
-		line_num++;
+        line_num++;
 
-		/* Remove newline and comments */
-		line[strcspn(line, "\r\n")] = '\0';
-		char *comment = strchr(line, '#');
-		if (comment)
-			*comment = '\0';
+        /* Remove newline and comments */
+        line[strcspn(line, "\r\n")] = '\0';
+        char *comment = strchr(line, '#');
+        if (comment)
+            *comment = '\0';
 
-		/* Trim leading whitespace */
-		char *line_start = line;
-		while (*line_start == ' ' || *line_start == '\t')
-			line_start++;
+        /* Trim leading whitespace */
+        char *line_start = line;
+        while (*line_start == ' ' || *line_start == '\t')
+            line_start++;
 
-		/* Skip empty lines */
-		if (*line_start == '\0')
-			continue;
+        /* Skip empty lines */
+        if (*line_start == '\0')
+            continue;
 
-		/* Parse: subnet allow|deny <username> <cidr> */
-		token = strtok_r(line_start, " \t", &saveptr);
-		if (token == NULL)
-			continue;
+        /* Parse: subnet allow|deny <username> <cidr> */
+        token = strtok_r(line_start, " \t", &saveptr);
+        if (token == NULL)
+            continue;
 
-		/* Must start with "subnet" */
-		if (strcmp(token, "subnet") != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid directive '%s' at line %d (expected 'subnet')",
-				token, line_num);
-			fclose(fp);
-			return -1;
-		}
+        /* Must start with "subnet" */
+        if (strcmp(token, "subnet") != 0) {
+            mosquitto_log_printf(MOSQ_LOG_WARNING,
+                "subnet_acl: Unknown directive '%s' at line %d (expected 'subnet')",
+                token, line_num);
+            continue;
+        }
 
-		/* Get allow/deny */
-		action = strtok_r(NULL, " \t", &saveptr);
-		if (action == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing allow/deny at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
+        /* Get allow/deny */
+        action = strtok_r(NULL, " \t", &saveptr);
+        if (action == NULL) {
+            mosquitto_log_printf(MOSQ_LOG_WARNING,
+                "subnet_acl: Missing allow/deny at line %d", line_num);
+            continue;
+        }
 
-		if (strcmp(action, "allow") != 0 && strcmp(action, "deny") != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid action '%s' at line %d (use 'allow' or 'deny')",
-				action, line_num);
-			fclose(fp);
-			return -1;
-		}
+        if (strcmp(action, "allow") != 0 && strcmp(action, "deny") != 0) {
+            mosquitto_log_printf(MOSQ_LOG_WARNING,
+                "subnet_acl: Unknown action '%s' at line %d (use 'allow' or 'deny')",
+                action, line_num);
+            continue;
+        }
 
-		/* Get username */
-		username = strtok_r(NULL, " \t", &saveptr);
-		if (username == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing username at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
+        /* Get username */
+        username = strtok_r(NULL, " \t", &saveptr);
+        if (username == NULL) {
+            mosquitto_log_printf(MOSQ_LOG_WARNING,
+                "subnet_acl: Missing username at line %d", line_num);
+            continue;
+        }
 
-		/* Get CIDR */
-		cidr = strtok_r(NULL, " \t", &saveptr);
-		if (cidr == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing CIDR at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
+        /* Get CIDR */
+        cidr = strtok_r(NULL, " \t", &saveptr);
+        if (cidr == NULL) {
+            mosquitto_log_printf(MOSQ_LOG_WARNING,
+                "subnet_acl: Missing CIDR at line %d", line_num);
+            continue;
+        }
 
-		/* Parse subnet */
-		if (parse_subnet(cidr, &subnet) != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid CIDR '%s' at line %d", cidr, line_num);
-			fclose(fp);
-			return -1;
-		}
+        /* Parse subnet */
+        if (parse_subnet(cidr, &subnet) != 0) {
+            mosquitto_log_printf(MOSQ_LOG_WARNING,
+                "subnet_acl: Invalid CIDR '%s' at line %d", cidr, line_num);
+            continue;
+        }
 
-		/* Find or create user */
-		user = find_or_create_user_acl(pdata, username);
-		if (user == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Max users (%d) exceeded at line %d", MAX_USERS, line_num);
-			fclose(fp);
-			return -1;
-		}
+        /* Find or create user */
+        user = find_or_create_user_acl(pdata, username);
+        if (user == NULL) {
+            mosquitto_log_printf(MOSQ_LOG_ERR,
+                "subnet_acl: Failed to create user at line %d", line_num);
+            continue;
+        }
 
-		/* Add to appropriate list */
-		if (strcmp(action, "allow") == 0) {
-			if (user->allow_count >= MAX_SUBNETS_PER_USER) {
-				mosquitto_log_printf(MOSQ_LOG_ERR,
-					"subnet_acl: Max allow subnets (%d) exceeded for user '%s' at line %d",
-					MAX_SUBNETS_PER_USER, user->username, line_num);
-				fclose(fp);
-				return -1;
-			}
-			user->allow_subnets[user->allow_count] = subnet;
-			user->allow_count++;
+        /* Add to appropriate list */
+        if (strcmp(action, "allow") == 0) {
+            if (user->allow_count >= MAX_SUBNETS_PER_USER) {
+                mosquitto_log_printf(MOSQ_LOG_WARNING,
+                    "subnet_acl: Max allow subnets exceeded for user '%s' at line %d",
+                    user->username, line_num);
+                continue;
+            }
+            user->allow_subnets[user->allow_count] = subnet;
+            user->allow_count++;
 
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' allow subnet %s",
-				user->username, cidr);
+            mosquitto_log_printf(MOSQ_LOG_DEBUG,
+                "subnet_acl: User '%s' allow subnet %s",
+                user->username, cidr);
 
-		} else { /* deny */
-			if (user->deny_count >= MAX_SUBNETS_PER_USER) {
-				mosquitto_log_printf(MOSQ_LOG_ERR,
-					"subnet_acl: Max deny subnets (%d) exceeded for user '%s' at line %d",
-					MAX_SUBNETS_PER_USER, user->username, line_num);
-				fclose(fp);
-				return -1;
-			}
-			user->deny_subnets[user->deny_count] = subnet;
-			user->deny_count++;
+        } else { /* deny */
+            if (user->deny_count >= MAX_SUBNETS_PER_USER) {
+                mosquitto_log_printf(MOSQ_LOG_WARNING,
+                    "subnet_acl: Max deny subnets exceeded for user '%s' at line %d",
+                    user->username, line_num);
+                continue;
+            }
+            user->deny_subnets[user->deny_count] = subnet;
+            user->deny_count++;
 
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' deny subnet %s",
-				user->username, cidr);
-		}
-	}
+            mosquitto_log_printf(MOSQ_LOG_DEBUG,
+                "subnet_acl: User '%s' deny subnet %s",
+                user->username, cidr);
+        }
+    }
 
-	fclose(fp);
+    fclose(fp);
 
-	/* Log summary */
-	for (int i = 0; i < pdata->user_count; i++) {
-		user_acl_t *user = &pdata->users[i];
-		if (user->allow_count > 0 || user->deny_count > 0) {
-			mosquitto_log_printf(MOSQ_LOG_INFO,
-				"subnet_acl: User '%s' has %d allow and %d deny subnet rules",
-				user->username, user->allow_count, user->deny_count);
-		}
-	}
+    /* Log summary */
+    for (int i = 0; i < pdata->user_count; i++) {
+        user_acl_t *user = &pdata->users[i];
+        if (user->allow_count > 0 || user->deny_count > 0) {
+            mosquitto_log_printf(MOSQ_LOG_INFO,
+                "subnet_acl: User '%s' has %d allow and %d deny subnet rules",
+                user->username, user->allow_count, user->deny_count);
+        }
+    }
 
-	mosquitto_log_printf(MOSQ_LOG_NOTICE,
-		"subnet_acl: Loaded subnet restrictions for %d user(s)", pdata->user_count);
+    mosquitto_log_printf(MOSQ_LOG_NOTICE,
+        "subnet_acl: Loaded subnet restrictions for %d user(s)", pdata->user_count);
 
-	return 0;
+    return 0;
 }
 
 /* Find user ACL entry */
 static const user_acl_t* find_user_acl(const plugin_data_t *pdata, const char *username)
 {
-	for (int i = 0; i < pdata->user_count; i++) {
-		if (strcmp(pdata->users[i].username, username) == 0)
-			return &pdata->users[i];
-	}
-	return NULL;
+    for (int i = 0; i < pdata->user_count; i++) {
+        if (strcmp(pdata->users[i].username, username) == 0)
+            return &pdata->users[i];
+    }
+    return NULL;
 }
 
-/* Check subnet access on authentication (connection time)
- * Returns: MOSQ_ERR_SUCCESS if allowed, MOSQ_ERR_AUTH if denied
- */
-static int check_subnet_on_auth(plugin_data_t *pdata, struct mosquitto_evt_basic_auth *ed)
+/* ACL check for subnet validation */
+static int acl_check_callback(int event, void *event_data, void *userdata)
 {
-	const user_acl_t *user_acl;
-	const char *client_address;
+    struct mosquitto_evt_acl_check *ed = event_data;
+    plugin_data_t *pdata = userdata;
+    const user_acl_t *user_acl;
+    const char *client_address;
+    const char *username;
+    struct in_addr addr;
+    uint32_t client_ip;
 
-	/* Skip if no subnet config loaded */
-	if (pdata == NULL || pdata->user_count == 0)
-		return MOSQ_ERR_SUCCESS;
+    /* Skip if no subnet config loaded */
+    if (pdata == NULL || pdata->user_count == 0) {
+        return MOSQ_ERR_PLUGIN_DEFER;
+    }
 
-	/* Skip anonymous users */
-	if (ed->username == NULL)
-		return MOSQ_ERR_SUCCESS;
+    /* Get username from client */
+    username = mosquitto_client_username(ed->client);
 
-	/* Find user's subnet ACL */
-	user_acl = find_user_acl(pdata, ed->username);
+    /* Skip anonymous users */
+    if (username == NULL) {
+        return MOSQ_ERR_PLUGIN_DEFER;
+    }
 
-	/* If user not in config or has no subnet rules, allow */
-	if (user_acl == NULL || (user_acl->allow_count == 0 && user_acl->deny_count == 0))
-		return MOSQ_ERR_SUCCESS;
+    /* Find user's subnet ACL */
+    user_acl = find_user_acl(pdata, username);
 
-	/* Get client IP address */
-	client_address = mosquitto_client_address(ed->client);
-	if (client_address == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_WARNING,
-			"subnet_acl: Could not get client address for user '%s', denying connection",
-			ed->username);
-		return MOSQ_ERR_AUTH;
-	}
+    /* If user not in config or has no subnet rules, allow */
+    if (user_acl == NULL || (user_acl->allow_count == 0 && user_acl->deny_count == 0)) {
+        return MOSQ_ERR_PLUGIN_DEFER;
+    }
 
-	/* Check deny list first - deny takes precedence */
-	if (user_acl->deny_count > 0) {
-		if (ip_in_subnet_list(client_address, user_acl->deny_subnets, user_acl->deny_count)) {
-			mosquitto_log_printf(MOSQ_LOG_NOTICE,
-				"subnet_acl: User '%s' from %s DENIED by deny rule",
-				ed->username, client_address);
-			return MOSQ_ERR_AUTH;
-		}
-	}
+    /* Get client IP address */
+    client_address = mosquitto_client_address(ed->client);
+    if (client_address == NULL) {
+        mosquitto_log_printf(MOSQ_LOG_WARNING,
+            "subnet_acl: Could not get client address for user '%s'", username);
+        return MOSQ_ERR_PLUGIN_DEFER;
+    }
 
-	/* If there are allow rules, IP must match one of them */
-	if (user_acl->allow_count > 0) {
-		if (ip_in_subnet_list(client_address, user_acl->allow_subnets, user_acl->allow_count)) {
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' from %s allowed by allow rule",
-				ed->username, client_address);
-			return MOSQ_ERR_SUCCESS;
-		} else {
-			mosquitto_log_printf(MOSQ_LOG_NOTICE,
-				"subnet_acl: User '%s' from %s DENIED (not in allowed subnets)",
-				ed->username, client_address);
-			return MOSQ_ERR_AUTH;
-		}
-	}
+    /* Skip localhost checks - always allow */
+    if (strcmp(client_address, "127.0.0.1") == 0 || strcmp(client_address, "::1") == 0) {
+        return MOSQ_ERR_PLUGIN_DEFER;
+    }
 
-	/* No subnet rules for this user - allow */
-	return MOSQ_ERR_SUCCESS;
+    /* Parse client IP */
+    if (inet_pton(AF_INET, client_address, &addr) != 1) {
+        mosquitto_log_printf(MOSQ_LOG_DEBUG,
+            "subnet_acl: Non-IPv4 address '%s' for user '%s', allowing",
+            client_address, username);
+        /* For IPv6 or parse errors, defer to other plugins */
+        return MOSQ_ERR_PLUGIN_DEFER;
+    }
+
+    client_ip = ntohl(addr.s_addr);
+
+    /* Check deny list first - deny takes precedence */
+    if (user_acl->deny_count > 0) {
+        if (ip_in_subnet_list(client_ip, user_acl->deny_subnets, user_acl->deny_count)) {
+            mosquitto_log_printf(MOSQ_LOG_NOTICE,
+                "subnet_acl: User '%s' from %s DENIED (matches deny rule)",
+                username, client_address);
+            return MOSQ_ERR_ACL_DENIED;
+        }
+    }
+
+    /* If there are allow rules, IP must match one of them */
+    if (user_acl->allow_count > 0) {
+        if (ip_in_subnet_list(client_ip, user_acl->allow_subnets, user_acl->allow_count)) {
+            mosquitto_log_printf(MOSQ_LOG_DEBUG,
+                "subnet_acl: User '%s' from %s allowed (matches allow rule)",
+                username, client_address);
+            return MOSQ_ERR_PLUGIN_DEFER;
+        } else {
+            mosquitto_log_printf(MOSQ_LOG_NOTICE,
+                "subnet_acl: User '%s' from %s DENIED (no matching allow rule)",
+                username, client_address);
+            return MOSQ_ERR_ACL_DENIED;
+        }
+    }
+
+    /* No subnet rules for this user - allow */
+    return MOSQ_ERR_PLUGIN_DEFER;
 }
 
 #ifdef ENABLE_PAM_SUPPORT
-static int pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
+static int pam_conversation(int num_msg, const struct pam_message **msg,
+                           struct pam_response **resp, void *appdata_ptr)
 {
-	int i;
-	const char *pass = (const char *)appdata_ptr;
-
-	*resp = calloc(num_msg, sizeof(struct pam_response));
-	if (*resp == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
-		return PAM_BUF_ERR;
-	}
-
-	if (pass == NULL)
-		return PAM_SUCCESS;
-
-	for (i = 0; i < num_msg; ++i) {
-		if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
-			(*resp)[i].resp = strdup(pass);
-			if ((*resp)[i].resp == NULL) {
-				for (int j = 0; j < i ; j++)
-					free((*resp)[j].resp);
-
-				free(*resp);
-				*resp = NULL;
-				mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
-				return PAM_BUF_ERR;
-			}
-		}
-	}
-	return PAM_SUCCESS;
+    int i;
+    const char *pass = (const char *)appdata_ptr;
+    *resp = calloc(num_msg, sizeof(struct pam_response));
+    if (*resp == NULL) {
+        mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
+        return PAM_BUF_ERR;
+    }
+    if (pass == NULL)
+        return PAM_SUCCESS;
+    for (i = 0; i < num_msg; ++i) {
+        if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
+            (*resp)[i].resp = strdup(pass);
+            if ((*resp)[i].resp == NULL) {
+                for (int j = 0; j < i ; j++)
+                    free((*resp)[j].resp);
+                free(*resp);
+                *resp = NULL;
+                mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
+                return PAM_BUF_ERR;
+            }
+        }
+    }
+    return PAM_SUCCESS;
 }
 
 static int process_pam_auth_callback(struct mosquitto_evt_basic_auth *ed)
 {
-	struct pam_conv conv;
-	int retval;
-	pam_handle_t *pamh = NULL;
-
-	conv.conv = pam_conversation;
-	conv.appdata_ptr = (void *)ed->password;
-
-	retval = pam_start("mosquitto", ed->username, &conv, &pamh);
-	if (retval != PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
-		return MOSQ_ERR_AUTH;
-	}
-
-	retval = pam_authenticate(pamh, 0);
-	pam_end(pamh, retval);
-	if (retval == PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
-		return MOSQ_ERR_SUCCESS;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]", ed->username, pam_strerror(pamh, retval));
-	return MOSQ_ERR_AUTH;
+    struct pam_conv conv;
+    int retval;
+    pam_handle_t *pamh = NULL;
+    conv.conv = pam_conversation;
+    conv.appdata_ptr = (void *)ed->password;
+    retval = pam_start("mosquitto", ed->username, &conv, &pamh);
+    if (retval != PAM_SUCCESS) {
+        mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
+        return MOSQ_ERR_AUTH;
+    }
+    retval = pam_authenticate(pamh, 0);
+    pam_end(pamh, retval);
+    if (retval == PAM_SUCCESS) {
+        mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
+        return MOSQ_ERR_SUCCESS;
+    }
+    mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]",
+                        ed->username, pam_strerror(pamh, retval));
+    return MOSQ_ERR_AUTH;
 }
 #else
 static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
 {
-	struct spwd spbuf, *sp = NULL;
-	char buf[256];
-	struct crypt_data data;
-	char *hash;
-
-	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
-
-	if (sp == NULL || sp->sp_pwdp == NULL)
-		return MOSQ_ERR_AUTH;
-
-	/* Empty string as hash means password is not required */
-	if (sp->sp_pwdp[0] == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	if (ed->password == NULL)
-		return MOSQ_ERR_AUTH;
-
-	memset(&data, 0, sizeof(data));
-	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
-
-	if (hash == NULL)
-		return MOSQ_ERR_AUTH;
-
-	if (strcmp(hash, sp->sp_pwdp) == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	return MOSQ_ERR_AUTH;
+    struct spwd spbuf, *sp = NULL;
+    char buf[256];
+    struct crypt_data data;
+    char *hash;
+    getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
+    if (sp == NULL || sp->sp_pwdp == NULL)
+        return MOSQ_ERR_AUTH;
+    /* Empty string as hash means password is not required */
+    if (sp->sp_pwdp[0] == 0)
+        return MOSQ_ERR_SUCCESS;
+    if (ed->password == NULL)
+        return MOSQ_ERR_AUTH;
+    memset(&data, 0, sizeof(data));
+    hash = crypt_r(ed->password, sp->sp_pwdp, &data);
+    if (hash == NULL)
+        return MOSQ_ERR_AUTH;
+    if (strcmp(hash, sp->sp_pwdp) == 0)
+        return MOSQ_ERR_SUCCESS;
+    return MOSQ_ERR_AUTH;
 }
 #endif
 
 static int basic_auth_callback(int event, void *event_data, void *userdata)
 {
-	struct mosquitto_evt_basic_auth *ed = event_data;
-	plugin_data_t *pdata = userdata;
-	int auth_result;
-
-	/* Let other plugins or broker decide about anonymous login */
-	if (ed->username == NULL)
-		return MOSQ_ERR_PLUGIN_DEFER;
-
-	/* First check username/password authentication */
+    struct mosquitto_evt_basic_auth *ed = event_data;
+    /* Let other plugins or broker decide about anonymous login */
+    if (ed->username == NULL)
+        return MOSQ_ERR_PLUGIN_DEFER;
 #ifdef ENABLE_PAM_SUPPORT
-	auth_result = process_pam_auth_callback(ed);
+    return process_pam_auth_callback(ed);
 #else
-	auth_result = process_shadow_auth_callback(ed);
+    return process_shadow_auth_callback(ed);
 #endif
-
-	/* If authentication failed, reject immediately */
-	if (auth_result != MOSQ_ERR_SUCCESS)
-		return auth_result;
-
-	/* Authentication succeeded, now check subnet restrictions */
-	return check_subnet_on_auth(pdata, ed);
 }
 
 int mosquitto_plugin_version(int supported_version_count,
-			     const int *supported_versions)
+                             const int *supported_versions)
 {
-	return 5;
+    return 5;
 }
 
 int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
-			  void **user_data,
-			  struct mosquitto_opt *opts, int opt_count)
+                          void **user_data,
+                          struct mosquitto_opt *opts, int opt_count)
 {
-	plugin_data_t *pdata;
-	const char *config_file = NULL;
-	int rc;
+    plugin_data_t *pdata;
+    const char *config_file = NULL;
 
-	/* Find subnet config file option */
-	for (int i = 0; i < opt_count; i++) {
-		if (strcmp(opts[i].key, "subnet_acl_file") == 0) {
-			config_file = opts[i].value;
-			break;
-		}
-	}
+    /* Find subnet config file option */
+    for (int i = 0; i < opt_count; i++) {
+        if (strcmp(opts[i].key, "subnet_acl_file") == 0) {
+            config_file = opts[i].value;
+            break;
+        }
+    }
 
-	pdata = calloc(1, sizeof(plugin_data_t));
-	if (pdata == NULL)
-		return MOSQ_ERR_NOMEM;
+    pdata = calloc(1, sizeof(plugin_data_t));
+    if (pdata == NULL)
+        return MOSQ_ERR_NOMEM;
 
-	pdata->identifier = identifier;
+    pdata->identifier = identifier;
+    *user_data = pdata;
 
-	/* Load subnet ACL configuration */
-	if (load_subnet_acl_config(pdata, config_file) != 0) {
-		free(pdata);
-		return MOSQ_ERR_UNKNOWN;
-	}
+    /* Load subnet ACL configuration */
+    if (load_subnet_acl_config(pdata, config_file) != 0) {
+        free(pdata);
+        return MOSQ_ERR_UNKNOWN;
+    }
 
-	/* Register authentication callback only - subnet check is done during auth */
-	rc = mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
-	                                 basic_auth_callback, NULL, pdata);
-	if (rc != MOSQ_ERR_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to register authentication callback");
-		free(pdata);
-		return rc;
-	}
+    /* Register both authentication and ACL callbacks */
+    mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
+                                basic_auth_callback, NULL, pdata);
+    mosquitto_callback_register(identifier, MOSQ_EVT_ACL_CHECK,
+                                acl_check_callback, NULL, pdata);
 
-	mosquitto_log_printf(MOSQ_LOG_INFO,
-		"subnet_acl: Plugin initialized with %d user(s)", pdata->user_count);
+    mosquitto_log_printf(MOSQ_LOG_INFO,
+        "subnet_acl: Plugin initialized with %d user(s)", pdata->user_count);
 
-	/* Only assign user_data after all possible error paths */
-	*user_data = pdata;
-
-	return MOSQ_ERR_SUCCESS;
+    return MOSQ_ERR_SUCCESS;
 }
 
 int mosquitto_plugin_cleanup(void *user_data,
-			     struct mosquitto_opt *opts, int opt_count)
+                             struct mosquitto_opt *opts, int opt_count)
 {
-	plugin_data_t *pdata = user_data;
+    plugin_data_t *pdata = user_data;
 
-	if (pdata) {
-		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_BASIC_AUTH,
-		                              basic_auth_callback, NULL);
-		free(pdata);
-	}
+    if (pdata) {
+        mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_BASIC_AUTH,
+                                      basic_auth_callback, NULL);
+        mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_ACL_CHECK,
+                                      acl_check_callback, NULL);
+        free(pdata);
+    }
 
-	return MOSQ_ERR_SUCCESS;
+    return MOSQ_ERR_SUCCESS;
 }

netmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmngr
-PKG_VERSION:=1.2.1
+PKG_VERSION:=1.2.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/netmngr.git
-PKG_SOURCE_VERSION:=1ece805d04b1d7843f57cae83f904268579ab4e6
+PKG_SOURCE_VERSION:=ff08a8cc5c860056a022e5376a973dee5a323595
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

netmode/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmode
-PKG_VERSION:=1.1.8
+PKG_VERSION:=1.1.7
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only

netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp

@@ -59,8 +59,6 @@ l3_network_config() {
 	uci -q set network.wan.device="$wandev"
 	uci -q set network.wan6.device="$wandev"
 
-	uci -q set network.WAN.mtu="$NETMODE_mtu"
-
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
 		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"

netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe

@@ -57,8 +57,6 @@ l3_network_pppoe_config() {
 	uci -q set network.wan.device="$wandev"
 	uci -q set network.wan6.device="$wandev"
 
-	uci -q set network.WAN.mtu="$NETMODE_mtu"
-
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
 		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"

netmode/files/etc/netmodes/routed-static/scripts/10-routed-static

@@ -58,8 +58,6 @@ l3_network_config() {
 	uci -q set network.wan.device="$wandev"
 	uci -q set network.wan6.device="$wandev"
 
-	uci -q set network.WAN.mtu="$NETMODE_mtu"
-
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
 		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"

netmode/files/etc/netmodes/supported_modes.json

@@ -43,12 +43,6 @@
           "required": false,
           "type": "integer"
         },
-        {
-          "name": "mtu",
-          "description": "MTU",
-          "required": false,
-          "type": "integer"
-        },
         {
           "name": "dns_servers",
           "description": "DNS Servers",

netmode/files/etc/uci-defaults/40_netmode_set_default_netmode

@@ -4,19 +4,13 @@ enabled="$(uci -q get netmode.global.enabled)"
 [ "$enabled" == "1" ] || exit 0
 
 mode="$(uci -q get netmode.global.mode)"
-wanproto=$(uci -q get network.wan.proto)
-
-if [ -n "$mode" ]; then
-	# check if wanproto and mode aligned
-	if [ "${mode}" = "routed-${wanproto}" ]; then
-		exit 0
-	fi
-fi
+[ -n "$mode" ] && exit 0
 
 [ -f /etc/netmodes/supported_modes.json ] || exit 0
 
 # NetMode is enabled without a Mode being set
 # Figure out the current mode from network config
+wanproto=$(uci -q get network.wan.proto)
 curmode=""
 case "$wanproto" in
 	dhcp) curmode="routed-dhcp" ;;

netmode/files/lib/upgrade/keep.d/netmode

@@ -1 +0,0 @@
-/etc/netmodes/.last_mode

obuspa/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=10.0.7.7
+PKG_VERSION:=10.0.7.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)

obuspa/files/etc/init.d/obuspa

@@ -715,7 +715,7 @@ start_service() {
 
 	mkdir -p /tmp/obuspa/
 	config_load obuspa
-	config_get_bool enabled global enabled 1
+	config_get_bool enabled global enabled 0
 
 	procd_open_instance ${CONFIGURATION}
 	if [ "${enabled}" -eq 1 ]; then

obuspa/files/etc/uci-defaults/93-obuspa_mdns_adv

@@ -53,7 +53,13 @@ add_mdns_advertise() {
 	json_dump > /etc/umdns/obuspa_mdns.json
 }
 
-role="$(get_device_role)"
-if [ "${role}" == "gateway" ]; then
-	add_mdns_advertise
+config_load obuspa
+config_get_bool enable_obuspa global enabled 1
+
+if [ "${enable_obuspa}" -eq 1 ]; then
+	role="$(get_device_role)"
+
+	if [ "${role}" == "gateway" ]; then
+		add_mdns_advertise
+	fi
 fi

obuspa/files/etc/uci-defaults/obuspa-set-dhcp-option

@@ -19,11 +19,19 @@ get_access_role()
 
 configure_dhcp_options() {
 	local enabled inerface discovery
-
+	config_load obuspa
 	config_get_bool enabled global enabled 1
 	config_get interface global interface
 	config_get_bool discovery global dhcp_discovery 1
 
+	if [ "${enabled}" -eq 0 ]; then
+		return 0
+	fi
+
+	if [ "${discovery}" -eq 0 ]; then
+		return 0
+	fi
+
 	if [ -z "${interface}" ]; then
 		role="$(get_access_role)"
 
@@ -58,12 +66,12 @@ configure_dhcp_options() {
 
 	if [ "${proto}" = "dhcp" ]; then
 		if [ ${req125_present} -eq 0 ]; then
-			[ -n "${reqopts}" ] && newreqopts="$reqopts 125" || newreqopts="125"
+			newreqopts="$reqopts 125"
 			uci -q set network."${interface}".reqopts="$newreqopts"
 		fi
 
 		if [ ${send124_present} -eq 0 ]; then
-			[ -n "${sendopts}" ] && newsendopts="${sendopts} 124:00:00:0D:E9:04:03:75:73:70" ||  newsendopts="124:00:00:0D:E9:04:03:75:73:70"
+			newsendopts="${sendopts} 124:00:00:0D:E9:04:03:75:73:70"
 			uci -q set network."${interface}".sendopts="$newsendopts"
 		fi
 	fi

qosmngr/files/airoha/lib/qos/airoha.sh

@@ -411,35 +411,33 @@ hw_commit_all() {
         /userfs/bin/qosrule discpline Enable 0
     fi
 
-    if ! strings /proc/device-tree/compatible | grep -qFx econet,en7523; then
-        if [ -x /userfs/bin/blapi_cmd ]; then
-            echo 1 > /proc/ifc_send_to_ppe
-            for tc in $(seq 0 7); do
-                if [ -s "/tmp/qos/dscp_values_${tc}_4" ]; then
-                    sort -un "/tmp/qos/dscp_values_${tc}_4" | awk 'NR==1{first=$1;last=$1;next}
-                                                                   $1 == last+1 {last=$1;next}
-                                                                   {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1");first=$1;last=first}
-                                                                   END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1")}'
-                fi
-                if [ -s "/tmp/qos/dscp_values_${tc}_6" ]; then
-                    [ -s "/tmp/qos/dscp_values_${tc}_4" ] && sort -un "/tmp/qos/dscp_values_${tc}_6" | awk 'NR==1{first=$1;last=$1;next}
-                                                                                                            $1 == last+1 {last=$1;next}
-                                                                                                            {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 0");first=$1;last=first}
-                                                                                                            END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 0")}'
-                    sort -un "/tmp/qos/dscp_values_${tc}_6" | awk 'NR==1{first=$1;last=$1;next}
-                                                                   $1 == last+1 {last=$1;next}
-                                                                   {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1");first=$1;last=first}
-                                                                   END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1")}'
-                fi
-            done
-        fi
+    if [ -x /userfs/bin/blapi_cmd ]; then
+        echo 1 > /proc/ifc_send_to_ppe
+        for tc in $(seq 0 7); do
+            if [ -s "/tmp/qos/dscp_values_${tc}_4" ]; then
+                sort -un "/tmp/qos/dscp_values_${tc}_4" | awk 'NR==1{first=$1;last=$1;next}
+                                                               $1 == last+1 {last=$1;next}
+                                                               {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1");first=$1;last=first}
+                                                               END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1")}'
+            fi
+            if [ -s "/tmp/qos/dscp_values_${tc}_6" ]; then
+                [ -s "/tmp/qos/dscp_values_${tc}_4" ] && sort -un "/tmp/qos/dscp_values_${tc}_6" | awk 'NR==1{first=$1;last=$1;next}
+                                                                                                        $1 == last+1 {last=$1;next}
+                                                                                                        {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 0");first=$1;last=first}
+                                                                                                        END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 0")}'
+                sort -un "/tmp/qos/dscp_values_${tc}_6" | awk 'NR==1{first=$1;last=$1;next}
+                                                               $1 == last+1 {last=$1;next}
+                                                               {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1");first=$1;last=first}
+                                                               END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1")}'
+            fi
+        done
+    fi
 
-        if [ -x /userfs/bin/ifc ]; then
-            echo 1 > /proc/ifc_send_to_ppe
-            for pbit in $(seq 0 7); do
-                /userfs/bin/ifc add vip pbit $pbit
-            done
-        fi
+    if [ -x /userfs/bin/ifc ]; then
+        echo 1 > /proc/ifc_send_to_ppe
+        for pbit in $(seq 0 7); do
+            /userfs/bin/ifc add vip pbit $pbit
+        done
     fi
 
     hw_nat -! > /dev/null 2>&1

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=5.2.10
+PKG_VERSION:=5.1.1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=4aa93571b341c3a5da47fbb64b254f5ac602b5e8
+PKG_SOURCE_VERSION:=08195779cbc2d1d7410cb324b9e35692b0579a7e
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=5.2.10
+PKG_VERSION:=5.1.1
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=ec76b7e0564b9db0ef3db50aac3110fa3b7a30af
+PKG_SOURCE_VERSION:=7f646ecf643967f4b4b2c545a31bbef0514b34bc
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
@@ -28,7 +28,7 @@ define Package/sulu/default
 	CATEGORY:=Utilities
 	SUBMENU:=SULU
 	TITLE:=SULU-CE
-	DEPENDS:=+mosquitto-auth-plugin +usermngr +userinterface +obuspa
+	DEPENDS:=+mosquitto-auth-shadow +usermngr +userinterface +obuspa
 	DEPENDS+=+@OBUSPA_LOCAL_MQTT_LISTENER
 	EXTRA_DEPENDS:=nginx
 endef
@@ -98,12 +98,8 @@ define Package/sulu/install/Default
 	$(INSTALL_DIR) $(1)/sulu/
 	$(INSTALL_DIR) $(1)/etc/sulu
 
-	$(INSTALL_DATA) ./files/maintenance.html $(1)/sulu/
-	$(LN) /tmp/sulu $(1)/sulu/connection
-
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
 	$(INSTALL_DATA) ./files/etc/sulu/nginx.locations $(1)/etc/sulu/
-	$(INSTALL_BIN) ./files/etc/sulu/sulu_watcher.sh $(1)/etc/sulu/
 
 	$(INSTALL_DIR) $(1)/etc/users/roles
 	$(INSTALL_DATA) ./files/etc/users/roles/*.json $(1)/etc/users/roles/
@@ -113,8 +109,6 @@ define Package/sulu/install/Default
 ifneq ($(CONFIG_SULU_DEFAULT_UI)$(CONFIG_SULU_BUILDER_DEFAULT_UI),)
 	$(INSTALL_DATA) ./files/etc/uci-defaults/41-make-sulu-default-ui $(1)/etc/uci-defaults/
 endif
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/
 endef
 
 define Package/sulu/install/Post

sulu/sulu-builder/files/etc/init.d/sulu

@@ -1,15 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=9
-STOP=01
-
-USE_PROCD=1
-
-PROG=/etc/sulu/sulu_watcher.sh
-
-start_service()
-{
-	procd_open_instance "sulu"
-	procd_set_param command ${PROG}
-	procd_close_instance "sulu"
-}

sulu/sulu-builder/files/etc/sulu/nginx.locations

@@ -8,10 +8,6 @@ location /sitemap.xml {
 	return 200 "User-agent: *\nDisallow: /\n";
 }
 
-location /maintenance.html {
-	internal;
-}
-
 location /wss {
 	proxy_pass_request_headers      on;
 	proxy_cache        off;
@@ -20,7 +16,7 @@ location /wss {
 	proxy_set_header Connection $connection_upgrade;
 	proxy_set_header    Host               $host;
 	proxy_set_header    X-Real-IP          $remote_addr;
-	proxy_set_header    X-Forwarded-For    $remote_addr;
+	proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
 	proxy_set_header    X-Forwarded-Host   $host;
 	proxy_set_header    X-Forwarded-Server $host;
 	proxy_set_header    X-Forwarded-Port   $server_port;
@@ -52,10 +48,5 @@ location / {
 	}
 	add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
 	add_header Pragma 'no-cache';
-
-	if (!-f $document_root/connection/ready) {
-		return 503;
-	}
-
 	expires 0;
 }

sulu/sulu-builder/files/etc/sulu/sulu.sh

@@ -5,9 +5,8 @@
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
 
-SULU_CON_CONFIG="/sulu/presets/connection-config.json"
-SULU_ACL_FILE=""
-SULU_CON_ROLES=""
+RESTART_REQ=0
+_RESTART_SERVICES="0"
 
 slog() {
 	echo "$*" | logger -t sulu.sh -p debug
@@ -28,21 +27,49 @@ _get_agent_id() {
 	fi
 }
 
+_get_sulu_user_roles() {
+	roles=$(uci -q get userinterface._sulu_s.role)
+
+	for role in ${roles}; do
+		sulu_user_roles="${sulu_user_roles} ${role}"
+	done
+
+	if [ -n "${sulu_user_roles}" ]; then
+		sulu_user_roles=$(echo -e "${sulu_user_roles// /\\n}" | sort | uniq)
+	fi
+
+	echo "${sulu_user_roles}"
+}
+
+_get_sulu_root() {
+	local root
+
+	root="$(uci -q get nginx._sulu_s.root)"
+	echo "${root:-/sulu}"
+}
+
+_get_sulu_connection_config() {
+	local config
+
+	config="$(_get_sulu_root)/presets/connection-config.json"
+	echo "${config}"
+}
+
+_get_sulu_session_mode() {
+	uci -q get sulu.global.SessionMode
+}
+
 _get_sulu_acl_file() {
 	uci -q get mosquitto.sulu.acl_file
 }
 
-_sulu_conn_config_users() {
-	for user in ${SULU_CON_ROLES}; do
-		json_add_object "${user}"
-		json_add_string 'fromId' "self::sulu-${user}"
-		json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${user}/endpoint"
-		json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${user}/controller"
-		json_close_object
-	done
-}
-
 generate_sulu_conn_config() {
+	local users SCONFIG session
+
+	users="$(_get_sulu_user_roles)"
+	session="$(_get_sulu_session_mode)"
+	SCONFIG="$(_get_sulu_connection_config)"
+
 	json_init
 	json_add_string 'Current-connection' 'main'
 	json_add_object 'Connections'
@@ -52,25 +79,41 @@ generate_sulu_conn_config() {
 			json_add_string 'toId' "os::$(_get_agent_id)"
 			json_add_string 'port' "auto"
 			json_add_string 'path' "/wss"
-			json_add_string 'protocol' 'autoWs'
 
+			if [ "${session}" = "Require" ]; then
+				json_add_boolean 'useSession' 1
+			fi
+
+			json_add_string 'protocol' 'autoWs'
 			json_add_object 'overrides'
 			{
-				_sulu_conn_config_users
+				for user in ${users}; do
+					json_add_object "${user}"
+					{
+						json_add_string 'fromId' "self::sulu-${user}"
+						json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${user}/endpoint"
+						json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${user}/controller"
+						json_close_object
+					}
+				done
 				json_close_object
 			}
 			json_close_object
 		}
 		json_close_object
 	}
-	json_dump >"${SULU_CON_CONFIG}"
+
+	json_dump >"${SCONFIG}"
 }
 
-update_obuspa_config() {
-	local agent
+_update_obuspa_config_rbac() {
+	local agent users session
 
 	agent="$(_get_agent_id)"
-	for user in ${SULU_CON_ROLES}; do
+	users="$(_get_sulu_user_roles)"
+	session="$(_get_sulu_session_mode)"
+
+	for user in ${users}; do
 		local section
 
 		# Add mqtt
@@ -80,6 +123,7 @@ update_obuspa_config() {
 			uci_set obuspa "${section}" BrokerAddress "127.0.0.1"
 			uci_set obuspa "${section}" BrokerPort "1883"
 			uci_set obuspa "${section}" TransportProtocol "TCP/IP"
+			RESTART_REQ=1
 		fi
 
 		# Add mtp
@@ -89,6 +133,7 @@ update_obuspa_config() {
 			uci_set obuspa "${section}" Protocol "MQTT"
 			uci_set obuspa "${section}" ResponseTopicConfigured "/usp/${agent}/${user}/endpoint"
 			uci_set obuspa "${section}" mqtt "mqtt_sulu_$user"
+			RESTART_REQ=1
 		fi
 
 		# Add controller
@@ -100,59 +145,88 @@ update_obuspa_config() {
 			uci_set obuspa "${section}" Topic "/usp/${agent}/${user}/controller"
 			uci_set obuspa "${section}" mqtt "mqtt_sulu_$user"
 			uci_set obuspa "${section}" assigned_role_name "$user"
+			RESTART_REQ=1
+		fi
+
+		obMode="$(uci_get obuspa "${section}" SessionMode)"
+		if [ "${session}" != "${obMode}" ]; then
+			uci_set obuspa "${section}" SessionMode "${session}"
+			RESTART_REQ=1
 		fi
 	done
 }
 
-create_mosquitto_acl() {
-	local agentid
-	local acl_users
+_create_mosquitto_acl() {
+	local agentid users
+	local ACL_FILE acl_users
 
-	SULU_ACL_FILE="$(_get_sulu_acl_file)"
-	if [ -z "${SULU_ACL_FILE}" ]; then
+	RESTART_REQ="0"
+
+	ACL_FILE="$(_get_sulu_acl_file)"
+	if [ -z "${ACL_FILE}" ]; then
 		return 0
 	fi
 
-	echo > "${SULU_ACL_FILE}"
+	users="$(_get_sulu_user_roles)"
+	if [ -f "${ACL_FILE}" ]; then
+		acl_users="$(awk '/^user / {print $2}' "${ACL_FILE}")"
+		for user in ${acl_users}; do
+			if ! echo "$users" | grep -qwF "$user"; then
+				rm -f "${ACL_FILE}"
+				RESTART_REQ="1"
+				break
+			fi
+		done
+	fi
+	[ -f "${ACL_FILE}" ] || touch "${ACL_FILE}"
+
 	agentid="$(_get_agent_id)"
-	for user in ${SULU_CON_ROLES}; do
-		if ! grep -qxF "user $user" "${SULU_ACL_FILE}"; then
+	for user in ${users}; do
+		if ! grep -qxF "user $user" "${ACL_FILE}"; then
 			{
 				echo "user ${user}"
 				echo "topic read  /usp/${agentid}/${user}/controller/reply-to"
 				echo "topic write /usp/${agentid}/${user}/endpoint"
 				echo "topic read  /usp/${agentid}/${user}/controller"
 				echo ""
-			} >> "${SULU_ACL_FILE}"
+			} >> "${ACL_FILE}"
+			RESTART_REQ="1"
 		fi
 	done
-}
 
-get_sulu_roles() {
-	local sec path_prefix redirect role
-
-	sec="${1}"
-
-	config_get path_prefix "${sec}" path_prefix ""
-	config_get redirect "${sec}" redirect ""
-	config_get role "${sec}" role ""
-
-	if [ -n "${redirect}" ]; then
-		return 0
-	fi
-
-	if [ "${path_prefix}" != "/sulu" ]; then
-		return 0
-	fi
-
-	if [ -n "${role}" ]; then
-		SULU_CON_ROLES="${SULU_CON_ROLES} ${role}"
+	if [ "${_RESTART_SERVICES}" -eq "1" ] && [ "${RESTART_REQ}" -gt "0" ]; then
+		slog "Restarting mosquitto..."
+		ubus call uci commit '{"config":"mosquitto"}'
 	fi
 }
 
-config_load userinterface
-config_foreach get_sulu_roles http_access
+update_obuspa_config() {
+	RESTART_REQ=0
+	_update_obuspa_config_rbac
+	uci_commit obuspa
 
-generate_sulu_conn_config
-create_mosquitto_acl
-update_obuspa_config
+	if [ "${_RESTART_SERVICES}" -eq "1" ] && [ "${RESTART_REQ}" -gt "0" ]; then
+		slog "Restarting obuspa..."
+		ubus call uci commit '{"config":"obuspa"}'
+	fi
+}
+
+configure_sulu() {
+	_create_mosquitto_acl
+	update_obuspa_config
+	generate_sulu_conn_config
+}
+
+while getopts ":r" opt; do
+	case ${opt} in
+	r)
+		_RESTART_SERVICES="1"
+		;;
+	*)
+		slog "Invalid option: ${OPTARG}"
+		exit 1
+		;;
+	esac
+done
+
+configure_sulu

sulu/sulu-builder/files/etc/sulu/sulu_watcher.sh

@@ -1,29 +0,0 @@
-#!/bin/sh
-
-if ! command -v obuspa >/dev/null 2>&1; then
-	exit 0
-fi
-
-USP_PATH="/tmp/sulu/"
-
-log() {
-	logger -t sulu_watcher "$*"
-}
-
-wait_for_obuspa() {
-	while true; do
-		ENDPOINTID="$(obuspa -c get Device.LocalAgent.EndpointID |grep Device.|awk '{print $3}')"
-		sleep 2
-		if [ -n "${ENDPOINTID}" ]; then
-			break;
-		fi
-	done
-}
-
-mark_usp_ready() {
-	mkdir -p "${USP_PATH}"
-	touch ${USP_PATH}/ready
-}
-
-wait_for_obuspa
-mark_usp_ready

sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config

@@ -33,14 +33,13 @@ add_sulu_config_to_mosquitto()
 	uci_set mosquitto sulu port '9009'
 	uci_set mosquitto sulu no_remote_access '1'
 	uci_set mosquitto sulu protocol 'websockets'
-	uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_plugin.so'
+	uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
 	uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
 }
 
 add_sulu_userinterface_uci()
 {
-	# check if sulu already configured
-	if ! uci show userinterface| grep -q "path_prefix='/sulu'"; then
+	if [ -f "/etc/config/userinterface" ]; then
 		uci_add userinterface http_access _sulu_s
 		uci_set userinterface _sulu_s path_prefix '/sulu'
 		uci_set userinterface _sulu_s port '8443'
@@ -49,7 +48,6 @@ add_sulu_userinterface_uci()
 		uci_set userinterface _sulu_s _nginx_ssl_certificate '/etc/nginx/conf.d/_lan.crt'
 		uci_set userinterface _sulu_s _nginx_ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
 		uci_set userinterface _sulu_s _nginx_ssl_session_cache 'none'
-		uci_set userinterface _sulu_s _nginx_error_page '503 /maintenance.html'
 		uci_set userinterface _sulu_s protocol 'HTTPS'
 		uci_set userinterface _sulu_s role 'admin user'
 

sulu/sulu-builder/files/etc/users/roles/admin.json

@@ -6,7 +6,554 @@
     "permission": [
       {
         "object": "Device.",
-        "perm": ["PERMIT_ALL"]
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Reboot()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SelfTestDiagnostics()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.FactoryReset()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DeviceInfo.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Time.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UPnP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Bridging.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Ethernet.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv6.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Hosts.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.NAT.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Firewall.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_SET",
+          "PERMIT_SUBS_VAL_CHANGE"
+        ]
+      },
+      {
+        "object": "Device.Firewall.DMZ.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PPP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Routing.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IEEE1905.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.InterfaceStack.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DynamicDNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LANConfigSecurity.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Security.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.RouterAdvertisement.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Services.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UserInterface.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PeriodicStatistics.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SoftwareModules.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.Users.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.Subscription.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.WiFi.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SSH.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LEDs.LED.{i}.CycleElement.{i}.Brightness",
+        "perm": ["PERMIT_GET", "PERMIT_SET", "PERMIT_GET_INST"]
       }
     ]
   }

sulu/sulu-builder/files/etc/users/roles/user.json

@@ -2,19 +2,533 @@
   "tr181": {
     "name": "user",
     "instance": 5,
-    "secure_role": true,
     "permission": [
       {
         "object": "Device.",
-        "perm": ["PERMIT_ALL"]
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
       },
       {
-        "object": "Device.Firewall.Enable",
-        "perm": ["PERMIT_GET", "PERMIT_SUBS_VAL_CHANGE", "PERMIT_OBJ_INFO"]
+        "object": "Device.Reboot()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
       },
       {
-        "object": "Device.Firewall.Chain.*.Rule.",
+        "object": "Device.SelfTestDiagnostics()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.FactoryReset()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DeviceInfo.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Time.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UPnP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Bridging.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Ethernet.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv6.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Hosts.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.NAT.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Firewall.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_SET",
+          "PERMIT_SUBS_VAL_CHANGE"
+        ]
+      },
+      {
+        "object": "Device.Firewall.DMZ.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PPP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Routing.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IEEE1905.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.InterfaceStack.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DynamicDNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LANConfigSecurity.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Security.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.RouterAdvertisement.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Services.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UserInterface.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PeriodicStatistics.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SoftwareModules.",
         "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.Users.User.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.LocalAgent.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.Subscription.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.WiFi.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SSH.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.LEDs.LED.{i}.CycleElement.{i}.Brightness",
+        "perm": ["PERMIT_GET", "PERMIT_SET", "PERMIT_GET_INST"]
       }
     ]
   }

sulu/sulu-builder/files/maintenance.html

@@ -1,248 +0,0 @@
-<!doctype html>
-<html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Router Interface Loading...</title>
-    <style>
-      * {
-        margin: 0;
-        padding: 0;
-        box-sizing: border-box;
-      }
-
-      body {
-        font-family:
-          -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu,
-          sans-serif;
-        background: linear-gradient(135deg, #3399ff 0%, #012669 100%);
-        height: 100vh;
-        display: flex;
-        justify-content: center;
-        align-items: center;
-        color: #fff;
-      }
-
-      .container {
-        text-align: center;
-        padding: 2rem;
-        background: rgba(255, 255, 255, 0.1);
-        border-radius: 20px;
-        backdrop-filter: blur(10px);
-        box-shadow: 0 20px 40px rgba(0, 0, 0, 0.1);
-        max-width: 400px;
-        width: 90%;
-      }
-
-      .spinner {
-        width: 60px;
-        height: 60px;
-        margin: 0 auto 2rem;
-        position: relative;
-      }
-
-      .spinner::before,
-      .spinner::after {
-        content: "";
-        position: absolute;
-        top: 0;
-        left: 0;
-        width: 100%;
-        height: 100%;
-        border-radius: 50%;
-        border: 3px solid transparent;
-        border-top-color: #fff;
-        animation: spin 1.5s ease-in-out infinite;
-      }
-
-      .spinner::after {
-        animation-delay: 0.15s;
-        border-top-color: rgba(255, 255, 255, 0.5);
-      }
-
-      @keyframes spin {
-        0% {
-          transform: rotate(0deg);
-        }
-        100% {
-          transform: rotate(360deg);
-        }
-      }
-
-      h1 {
-        font-size: 1.8rem;
-        margin-bottom: 1rem;
-        font-weight: 600;
-      }
-
-      p {
-        font-size: 1rem;
-        opacity: 0.9;
-        line-height: 1.5;
-        margin-bottom: 1rem;
-      }
-
-      .status {
-        font-size: 0.9rem;
-        opacity: 0.8;
-        margin-top: 1.5rem;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        gap: 0.5rem;
-      }
-
-      .status-dot {
-        width: 8px;
-        height: 8px;
-        background: #fff;
-        border-radius: 50%;
-        animation: pulse 1.5s ease-in-out infinite;
-      }
-
-      @keyframes pulse {
-        0%,
-        100% {
-          opacity: 0.3;
-        }
-        50% {
-          opacity: 1;
-        }
-      }
-
-      .retry-count {
-        font-size: 0.85rem;
-        opacity: 0.7;
-        margin-top: 0.5rem;
-      }
-
-      .error-message {
-        background: rgba(255, 59, 48, 0.2);
-        border: 1px solid rgba(255, 59, 48, 0.5);
-        padding: 0.75rem;
-        border-radius: 8px;
-        margin-top: 1rem;
-        font-size: 0.9rem;
-        display: none;
-      }
-    </style>
-  </head>
-  <body>
-    <div class="container">
-      <div class="spinner"></div>
-      <h1>Router Starting Up</h1>
-      <p>
-        The web interface is initializing. You'll be redirected automatically
-        once it's ready.
-      </p>
-
-      <div class="status">
-        <span class="status-dot"></span>
-        <span id="statusText">Checking availability...</span>
-      </div>
-
-      <div class="retry-count" id="retryCount"></div>
-      <div class="error-message" id="errorMessage"></div>
-    </div>
-
-    <script>
-      let retryCount = 0;
-      let checkInterval = 2000; // Start with 2 seconds
-      let maxInterval = 10000; // Max 10 seconds between checks
-      let consecutiveFailures = 0;
-      let maxConsecutiveFailures = 100; // Stop after 100 consecutive failures (~8-10 minutes)
-
-      function updateStatus(message) {
-        document.getElementById("statusText").textContent = message;
-      }
-
-      function updateRetryCount() {
-        retryCount++;
-        const retryElement = document.getElementById("retryCount");
-        retryElement.textContent = `Attempt ${retryCount}`;
-      }
-
-      function showError(message) {
-        const errorElement = document.getElementById("errorMessage");
-        errorElement.textContent = message;
-        errorElement.style.display = "block";
-      }
-
-      async function checkAvailability() {
-        updateRetryCount();
-        updateStatus("Connecting to router...");
-
-        try {
-          // Try to fetch the index page
-          const response = await fetch("/index.html", {
-            method: "HEAD", // Use HEAD to minimize bandwidth
-            cache: "no-cache",
-            mode: "no-cors", // Allow checking even with CORS restrictions
-          });
-
-          // If we get any response (even 404), the server is responding
-          // For a router, we typically want to redirect on 200 or 304
-          if (response.ok || response.status === 304) {
-            updateStatus("Router ready! Redirecting...");
-            consecutiveFailures = 0;
-
-            // Small delay for user feedback
-            setTimeout(() => {
-              window.location.reload();
-            }, 500);
-            return true;
-          } else if (response.status !== 503) {
-            // Server is responding but page not ready yet
-            updateStatus(`Server responding (${response.status}), waiting...`);
-            consecutiveFailures = 0;
-          }
-        } catch (error) {
-          // Network error - server not reachable
-          consecutiveFailures++;
-
-          if (consecutiveFailures > maxConsecutiveFailures) {
-            updateStatus("Connection timeout");
-            showError(
-              "Unable to connect to router. Please check your connection and refresh this page.",
-            );
-            return true; // Stop checking
-          }
-
-          updateStatus("Router not ready yet...");
-
-          // Implement exponential backoff
-          if (consecutiveFailures > 5) {
-            checkInterval = Math.min(checkInterval * 1.2, maxInterval);
-          }
-        }
-
-        return false;
-      }
-
-      async function startChecking() {
-        // Initial check
-        const isReady = await checkAvailability();
-        if (isReady) return;
-
-        // Continue checking
-        const intervalId = setInterval(async () => {
-          const isReady = await checkAvailability();
-          if (isReady) {
-            clearInterval(intervalId);
-          }
-        }, checkInterval);
-      }
-
-      // Start checking when page loads
-      window.addEventListener("DOMContentLoaded", () => {
-        // Small initial delay to show the UI
-        setTimeout(startChecking, 500);
-      });
-
-      // Also try to check if user clicks anywhere on the page
-      document.addEventListener("click", () => {
-        checkAvailability();
-      });
-    </script>
-  </body>
-</html>

sulu/sulu-theme-genexis/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-theme-genexis
-PKG_VERSION:=5.2.10
+PKG_VERSION:=5.1.1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/sulu-theme-genexis
-PKG_SOURCE_VERSION:=d329108aa49a0d57325cd8e639c80ba70c126f3f
+PKG_SOURCE_VERSION:=69b72c2e589a3f73db3cb219ee7f59ab40b1bf48
 PKG_MIRROR_HASH:=skip
 
 include ../sulu-builder/sulu.mk

sysmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sysmngr
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.0.30
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/sysmngr.git
-PKG_SOURCE_VERSION:=42b129059007cec121c900c33ece6e40dbca7a78
+PKG_SOURCE_VERSION:=8d150fae12ad42885c270051189572d59255244d
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

sysmngr/files/etc/init.d/sysmngr

@@ -1,19 +1,10 @@
 #!/bin/sh /etc/rc.common
 
-START=12
+START=15
 STOP=8
 
 USE_PROCD=1
 PROG=/usr/sbin/sysmngr
-RESET_REASON="/etc/sysmngr/reset_reason"
-
-boot()
-{
-	if [ -x "${RESET_REASON}" ]; then
-		eval ${RESET_REASON}
-	fi
-	start
-}
 
 start_service()
 {

sysmngr/files/etc/sysmngr/fwbank

@@ -22,30 +22,7 @@ fwbank_get_bootbank() {
 
 case "$1" in
 	list)
-		json_init
-		json_add_object "dump"
-		json_close_object
-
-		json_add_object "set_bootbank"
-		json_add_int "bank" 32
-		json_close_object
-
-		json_add_object "copy_config"
-		json_add_boolean "keep_settings" 1
-		json_add_boolean "keep_opconf" 1
-		json_add_string "config_scope" "String"
-		json_close_object
-
-		json_add_object "upgrade"
-		json_add_string "path" "String"
-		json_add_boolean "auto_activate" 1
-		json_add_int "bank" 32
-		json_add_boolean "keep_settings" 1
-		json_add_boolean "keep_opconf" 1
-		json_add_string "config_scope" "String"
-		json_add_boolean "reboot" 1
-		json_close_object
-		json_dump
+		echo '{ "dump" : {}, "set_bootbank" : {"bank":32}, "copy_config" : {}, "upgrade": {"path":"String","auto_activate":true,"bank":32,"keep_settings":true}}'
 	;;
 	call)
 		case "$2" in
@@ -148,44 +125,19 @@ case "$1" in
 				fi
 			;;
 			copy_config)
-				read -r input
-				json_load "${input}"
-				json_get_var keep_settings keep_settings
-				json_get_var keep_opconf keep_opconf
-				json_get_var config_scope config_scope
-
-				# Set the default value for keep_settings
-				keep_settings=${keep_settings:-1}
-
-				if command -v "opconf_conf_handler" >/dev/null 2>&1; then
-					if ! mountpoint -q /usr_data; then
-						logger -t sysmngr.fwbank "copy_config: usr_data partition not present"
-						config_scope="All"
-					fi
-
-					arg="-k ${keep_settings}"
-					[ -n  "${keep_opconf}" ] && arg="${arg} -o ${keep_opconf}"
-					[ -n  "${config_scope}" ] && arg="${arg} -s ${config_scope}"
-
-					opconf_conf_handler ${arg}
-				else
-					# Fallback to default old behaviour in case opconf not present
-					config_scope="All"
+				if [ -z "$UPGRADE_BACKUP" ]; then
+					UPGRADE_BACKUP=/tmp/sysupgrade.tgz
 				fi
 
 				ret=0
-				if [ "${keep_settings}" -eq "1" ] && [ "${config_scope}" = "All" ]; then
-					if [ -z "$UPGRADE_BACKUP" ]; then
-						UPGRADE_BACKUP=/tmp/sysupgrade.tgz
-					fi
 
-					sysupgrade -b "$UPGRADE_BACKUP" || ret=1
-					if [ "$ret" -eq 0 ]; then
-						if command -v platform_copy_config >/dev/null 2>&1; then
-							platform_copy_config 1>&2 || ret=1
-						else
-							ret=1
-						fi
+				sysupgrade -b "$UPGRADE_BACKUP" || ret=1
+
+				if [ "$ret" -eq 0 ]; then
+					if command -v platform_copy_config >/dev/null 2>&1; then
+						platform_copy_config 1>&2 || ret=1
+					else
+						ret=1
 					fi
 				fi
 
@@ -205,9 +157,6 @@ case "$1" in
 				json_get_var auto_activate auto_activate
 				json_get_var bank bank
 				json_get_var keep_settings keep_settings
-				json_get_var keep_opconf keep_opconf
-				json_get_var config_scope config_scope
-				json_get_var reboot reboot
 
 				ret=0
 
@@ -231,7 +180,6 @@ case "$1" in
 
 				# Set the default value for keep_settings
 				keep_settings=${keep_settings:-1}
-				reboot=${reboot:-0}
 
 				# This ubus call does not reboot the system at any one time.
 				# Although, the newly upgraded bank is activated by default.
@@ -239,36 +187,14 @@ case "$1" in
 				# "--no-activate" otherwise.
 				sysupgrade_flag=""
 				if [ "${auto_activate}" -eq 1 ]; then
-					if [ "${reboot}" -eq 0 ]; then
-						sysupgrade_flag="--no-reboot"
-					fi
+					sysupgrade_flag="--no-reboot"
 				else
 					sysupgrade_flag="--no-activate"
 				fi
 
-				if command -v "opconf_conf_handler" >/dev/null 2>&1; then
-					if ! mountpoint -q /usr_data; then
-						logger -t sysmngr.fwbank "upgrade: usr_data partition not present"
-						config_scope="All"
-					fi
-
-					arg="-k ${keep_settings}"
-					[ -n  "${keep_opconf}" ] && arg="${arg} -o ${keep_opconf}"
-					[ -n  "${config_scope}" ] && arg="${arg} -s ${config_scope}"
-
-					opconf_conf_handler ${arg}
-				else
-					# Fallback to default old behaviour in case opconf not present
-					config_scope="All"
-				fi
-
 				# Set the flag to do not save configuration over reflash
 				if [ "${keep_settings}" -eq 0 ]; then
 					sysupgrade_flag="${sysupgrade_flag} -n"
-				elif [ "${keep_settings}" -eq 1 ]; then
-					if [ "${config_scope}" != "All" ]; then
-						sysupgrade_flag="${sysupgrade_flag} -n"
-					fi
 				fi
 
 				# Call sysupgrade synchonously. It should not time out the ubus call,

usermngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=usermngr
-PKG_VERSION:=1.4.7
+PKG_VERSION:=1.4.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/usermngr.git
-PKG_SOURCE_VERSION:=62390ff8d9e1c80babf3621f8b374dcd2078ff6f
+PKG_SOURCE_VERSION:=416c49b53ed2fbbc983f404c65b8a8ce722152bd
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -75,7 +75,6 @@ define Package/usermngr/install
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DIR) $(1)/etc/users/roles
-	$(INSTALL_DIR) $(1)/etc/users/schema
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-sync-shells $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-sync-roles $(1)/etc/uci-defaults/
@@ -89,7 +88,6 @@ endif
 	$(INSTALL_BIN) ./files/etc/init.d/users $(1)/etc/init.d/users
 	$(INSTALL_BIN) ./files/etc/config/users $(1)/etc/config/users
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/usermngr $(1)/usr/sbin/usermngr
-	$(CP) ./acl.schema.json $(1)/etc/users/schema/acl.schema.json
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 endef
 

usermngr/acl.schema.json

@@ -1,68 +0,0 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "title": "TR-181 Permissions Schema",
-  "type": "object",
-  "properties": {
-    "tr181": {
-      "type": "object",
-      "required": ["name", "instance", "secure_role", "permission"],
-      "properties": {
-        "name": {
-          "type": "string",
-          "description": "Name of the TR-181 profile or configuration"
-        },
-        "instance": {
-          "type": "integer",
-          "description": "Instance identifier"
-        },
-        "secure_role": {
-          "type": "boolean",
-          "description": "Whether this role is secure"
-        },
-        "permission": {
-          "type": "array",
-          "description": "List of TR-181 permissions by object path",
-          "items": {
-            "type": "object",
-            "required": ["object", "perm"],
-            "properties": {
-              "object": {
-                "type": "string",
-                "description": "TR-181 object path or parameter name"
-              },
-              "perm": {
-                "type": "array",
-                "description": "List of permissions for the given object",
-                "items": {
-                  "type": "string",
-                  "enum": [
-                    "PERMIT_NONE",
-                    "PERMIT_ALL",
-                    "PERMIT_GET",
-                    "PERMIT_GET_INST",
-                    "PERMIT_OBJ_INFO",
-                    "PERMIT_CMD_INFO",
-                    "PERMIT_SET",
-                    "PERMIT_ADD",
-                    "PERMIT_DEL",
-                    "PERMIT_OPER",
-                    "PERMIT_SUBS_VAL_CHANGE",
-                    "PERMIT_SUBS_OBJ_ADD",
-                    "PERMIT_SUBS_OBJ_DEL",
-                    "PERMIT_SUBS_EVT_OPER_COMP"
-                  ]
-                },
-                "uniqueItems": true
-              }
-            },
-            "additionalProperties": false
-          },
-          "minItems": 1
-        }
-      },
-      "additionalProperties": false
-    }
-  },
-  "required": ["tr181"],
-  "additionalProperties": false
-}

usermngr/files/etc/init.d/users

@@ -112,8 +112,6 @@ build_pam_passwdqc_line() {
 		base="$base $k=$v"
 	done
 
-	base="$base match=0"
-
 	echo "$base"
 }
 
@@ -143,7 +141,7 @@ update_password() {
 		fi
 	fi
 
-	write_line "$tmp_file" "password	[success=1 default=ignore]	pam_unix.so sha512"
+	write_line "$tmp_file" "password	[success=1 default=ignore]	pam_unix.so obscure sha512"
 	write_line "$tmp_file" ""
 	write_line "$tmp_file" "password	requisite			pam_deny.so"
 	write_line "$tmp_file" "password	required			pam_permit.so"

wifidmd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifidmd
-PKG_VERSION:=1.4.3
+PKG_VERSION:=1.4.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/wifidmd.git
-PKG_SOURCE_VERSION:=a399309c31ecadc77ec347898c99dbd70cf35d98
+PKG_SOURCE_VERSION:=006359c351be70a45f5bc1ef3d78e14e270aa7cf
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

wifidmd/files/etc/wifidmd/bbf_config_reload.sh

@@ -42,95 +42,23 @@ for arg in ${input}; do
 	fi
 done
 
-
-################################################################################
-# wait_for_wifi_reload
-#
-# Description:
-#   Currently, there is no direct way to determine when WiFi reload
-#   operations have fully completed. The ubus API does not provide any
-#   event or flag indicating that WiFi services have finished reloading.
-#
-#   To work around this, we use a timing-based heuristic:
-#     - We repeatedly run `ubus call wifi status` every 1 second.
-#     - Each call is timed (using `date +%s` before and after).
-#     - Normally, this command returns almost instantly (<1s).
-#     - However, during a WiFi reload, the call may take longer
-#       (several seconds) while the subsystem is busy.
-#     - Once we detect that `ubus call wifi status` takes longer than
-#       2 seconds to return, we assume the reload has been applied
-#       and completed successfully.
-#
-#   Additional wait constraints:
-#     - Minimum wait: 5 seconds (to ensure reload started).
-#     - Maximum wait: 15 seconds (to prevent indefinite blocking).
-#     - If the threshold is not met within 15s, we log a timeout warning.
-################################################################################
-wait_for_wifi_reload() {
-	MAX_ITER=15
-	MIN_ITER=5
-	THRESH=2  # seconds
-
-	# Check if wifi ubus object exists
-	ubus -t 2 wait_for wifi >/dev/null 2>&1
-	if [ "$?" -ne 0 ]; then
-		log "wifi ubus object not available, skipping wait logic"
-		return 0
-	fi
-
-	#log "Waiting for WiFi reload (min ${MIN_ITER}s, max ${MAX_ITER}s)..."
-
-	iter=0
-	while [ "${iter}" -lt "${MAX_ITER}" ]; do
-		iter=$((iter + 1))
-		start=$(date +%s)
-		ubus call wifi status >/dev/null 2>&1
-		#rc=$?
-		end=$(date +%s)
-		elapsed=$((end - start))
-
-		#log "wait_for_wifi_reload: iter=${iter}, rc=${rc}, elapsed=${elapsed}s"
-
-		# If ubus took >2s and we've waited at least MIN_ITER → assume reload done
-		if [ "${elapsed}" -gt "${THRESH}" ] && [ "${iter}" -ge "${MIN_ITER}" ]; then
-			log "Detected long ubus response (${elapsed}s) after ${iter}s → assuming WiFi reload complete"
-			return 0
-		fi
-
-		# Sleep 1s between checks
-		if [ "${iter}" -lt "${MAX_ITER}" ]; then
-			sleep 1
-		fi
-	done
-
-	log "Timeout after ${MAX_ITER}s — WiFi reload not confirmed"
-	return 1
-}
-
 # Define function to reload mapcontroller
 reload_mapcontroller() {
 	pid=$(pidof mapcontroller)
 	if [ -n "$pid" ]; then
 		log "Reloading mapcontroller (PID: $pid)..."
 		kill -SIGHUP "$pid"
-		wait_for_wifi_reload
 	else
 		log "Warning: mapcontroller process not found"
 	fi
 }
 
-# Define function to commit wireless config
-commit_wireless_config() {
-	log "Committing wireless config..."
-	ubus call uci commit '{"config":"wireless"}'
-	wait_for_wifi_reload
-}
-
 # Apply logic based on flags
 if [ "$mapcontroller" -eq 1 ]; then
 	reload_mapcontroller
 elif [ "$wireless" -eq 1 ]; then
-	commit_wireless_config
+	log "Committing wireless config..."
+	ubus call uci commit '{"config":"wireless"}'
 else
 	log "No action needed."
 	exit 1

wifimngr/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifimngr
-PKG_VERSION:=20.1.9
+PKG_VERSION:=20.1.7
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=479e4b737d7af8ec9d1c6088f7ae42871a61c601
+PKG_SOURCE_VERSION:=3ed71c1a4a46ad38dfa1088339fe92d2f2d44f41
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/wifimngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip