mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2026-01-28 01:47:19 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'origin/devel' into agnau-fawe-phase2

Browse source
This commit is contained in:
Andreas Gnau 2025-03-12 14:12:51 +01:00
commit 67da186cba
No known key found for this signature in database
25 changed files with 978 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
gateway-info/Makefile
View file

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=gateway-info
PKG_VERSION:=1.0.0
PKG_VERSION:=1.0.2
LOCAL_DEV:=0
ifneq ($(LOCAL_DEV),1)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/gateway-info.git
PKG_SOURCE_VERSION:=26e407a25b156da75e3941d54ddd74294cd9eae8
PKG_SOURCE_VERSION:=dd15893a8291e556a8c49ff9e143c763db0379b5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MIRROR_HASH:=skip
endif
@ -29,7 +29,7 @@ define Package/gateway-info
CATEGORY:=Utilities
TITLE:=GatewayInfo Data Model Support
DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +umdns
DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +iputils-arping
endef
define Package/gateway-info/description

115
gateway-info/files/etc/udhcpc.user.d/udhcpc_gateway_info.user
View file

@ -243,11 +243,42 @@ get_usp_agent_id() {
get_mac_address() {
ip="${1}"
device="${2}"
mac="$(cat /proc/net/arp | grep $ip | awk '{print $4}')"
if [ -z "${mac}" ]; then
arp_resp="$(arping -b -f -c 5 -I $device $ip | grep 'Unicast reply from' | awk '{print $5}')"
if [ -n "${arp_resp}" ]; then
mac=${arp_resp:1:-1}
fi
fi
echo "${mac}"
}
send_unknown_gw_event() {
mac="${1}"
cmd="ubus -t 5 send gateway-info.gateway.unknown '{\"hwaddr\":\"$mac\"}'"
eval $cmd
}
send_cwmp_gw_event() {
oui="${1}"
class="${2}"
serial="${3}"
cmd="ubus -t 5 send gateway-info.gateway.cwmp '{\"oui\":\"$oui\",\"class\":\"$class\",\"serial\":\"$serial\"}'"
eval $cmd
}
send_usp_gw_event() {
endpoint="${1}"
cmd="ubus -t 5 send gateway-info.gateway.usp '{\"endpoint\":\"$endpoint\"}'"
eval $cmd
}
config_load gateway
config_get wan_intf global wan_interface "wan"
@ -257,39 +288,6 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
return 0
fi
if [ -z "$opt125" ]; then
return 0
fi
len=$(printf "$opt125"|wc -c)
get_vivsoi "$opt125" "$len"
if [ "${GW_DISCOVERED}" -eq 0 ]; then
return 0
fi
mkdir -p /var/state
touch /var/state/gwinfo
sec=$(uci -q -c /var/state get gwinfo.gatewayinfo)
if [ -z "${sec}" ]; then
sec=$(uci -q -c /var/state add gwinfo gatewayinfo)
uci -q -c /var/state rename gwinfo."${sec}"="gatewayinfo"
fi
uci -q -c /var/state set gwinfo.gatewayinfo.hwaddr=""
uci -q -c /var/state set gwinfo.gatewayinfo.endpoint=""
uci -q -c /var/state set gwinfo.gatewayinfo.class="$CLASS"
uci -q -c /var/state set gwinfo.gatewayinfo.oui="$OUI"
uci -q -c /var/state set gwinfo.gatewayinfo.serial="$SERIAL"
uci -q -c /var/state set gwinfo.gatewayinfo.proto="CWMP"
uci -q -c /var/state commit gwinfo
# Check for USP parameters
ubus -t 15 wait_for umdns
if [ "${?}" -ne 0 ]; then
return 0
fi
json_load "$(ifstatus ${INTERFACE})"
json_get_var dev_name device ""
json_select data
@ -300,20 +298,65 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
return 0
fi
MAC="$(get_mac_address $dhcp_ip $dev_name)"
mkdir -p /var/state
touch /var/state/gwinfo
sec=$(uci -q -c /var/state get gwinfo.gatewayinfo)
if [ -z "${sec}" ]; then
sec=$(uci -q -c /var/state add gwinfo gatewayinfo)
uci -q -c /var/state rename gwinfo."${sec}"="gatewayinfo"
fi
uci -q -c /var/state set gwinfo.gatewayinfo.hwaddr="$MAC"
uci -q -c /var/state set gwinfo.gatewayinfo.endpoint=""
uci -q -c /var/state set gwinfo.gatewayinfo.class=""
uci -q -c /var/state set gwinfo.gatewayinfo.oui=""
uci -q -c /var/state set gwinfo.gatewayinfo.serial=""
uci -q -c /var/state set gwinfo.gatewayinfo.proto=""
uci -q -c /var/state commit gwinfo
if [ -z "$opt125" ]; then
send_unknown_gw_event "${MAC}"
return 0
fi
len=$(printf "$opt125"|wc -c)
get_vivsoi "$opt125" "$len"
if [ "${GW_DISCOVERED}" -eq 0 ]; then
send_unknown_gw_event "${MAC}"
return 0
fi
uci -q -c /var/state set gwinfo.gatewayinfo.class="$CLASS"
uci -q -c /var/state set gwinfo.gatewayinfo.oui="$OUI"
uci -q -c /var/state set gwinfo.gatewayinfo.serial="$SERIAL"
uci -q -c /var/state set gwinfo.gatewayinfo.proto="CWMP"
uci -q -c /var/state commit gwinfo
# Check for USP parameters
ubus -t 15 wait_for umdns
if [ "${?}" -ne 0 ]; then
send_cwmp_gw_event "${OUI}" "${CLASS}" "${SERIAL}"
return 0
fi
resp=$(send_host_query $dev_name)
if [ "${resp}" -ne 0 ]; then
send_cwmp_gw_event "${OUI}" "${CLASS}" "${SERIAL}"
return 0
fi
ID="$(get_usp_agent_id $dhcp_ip)"
if [ -z "${ID}" ]; then
send_cwmp_gw_event "${OUI}" "${CLASS}" "${SERIAL}"
return 0
fi
MAC="$(get_mac_address $dhcp_ip)"
uci -q -c /var/state set gwinfo.gatewayinfo.hwaddr="$MAC"
uci -q -c /var/state set gwinfo.gatewayinfo.endpoint="$ID"
uci -q -c /var/state set gwinfo.gatewayinfo.proto="USP"
uci -q -c /var/state commit gwinfo
send_usp_gw_event "${ID}"
fi

1
libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha
View file

@ -14,4 +14,3 @@ for p in $(seq 0 $((ports-1))); do
uci set asterisk.extension${p}.txgain='10'
uci set asterisk.extension${p}.rxgain='-15'
done
uci commit asterisk

4
libwifi/Makefile
View file

@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libwifi
PKG_VERSION:=7.10.4
PKG_VERSION:=7.10.6
LOCAL_DEV=0
ifneq ($(LOCAL_DEV),1)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=853b68af7aa86ec6598bd6940cc4d281b631e6de
PKG_SOURCE_VERSION:=2b76a71eb99f41523ad86592e7efefa0a3682bba
PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

38
linux-pam/Makefile Normal file
View file

@ -0,0 +1,38 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=linux-pam
PKG_VERSION:=1.7.0
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/linux-pam/linux-pam.git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_MIRROR_HASH:=skip
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/meson.mk
define Package/linux-pam
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Linux PAM Module
DEPENDS:=+libpam
endef
MESON_ARGS += \
-Dprefix=/usr \
-Ddefault_library=shared \
-Ddocs=disabled \
-Deconf=disabled \
-Dselinux=disabled \
-Dnis=disabled \
-Dexamples=false \
-Dxtests=false
define Package/linux-pam/install
$(INSTALL_DIR) $(1)/usr/lib/security
$(INSTALL_DIR) $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/pam_faillock.uci_default $(1)/etc/uci-defaults/99-add_pam_faillock
endef
$(eval $(call BuildPackage,linux-pam))

43
linux-pam/files/pam_faillock.uci_default Normal file
View file

@ -0,0 +1,43 @@
#!/bin/sh
create_faillock_files()
{
# also create files needed by pam_faillock
touch /var/log/faillock
chmod 700 /var/log/faillock
touch /var/log/btmp
chmod 700 /var/log/btmp
}
update_pam_common_auth()
{
local file="/etc/pam.d/common-auth"
local deny=6
local unlock_time=300
# update pam_unix.so line
sed -i -E 's|^.*pam_unix\.so.*|auth\t sufficient\tpam_unix.so nullok_secure|' "$file"
# Insert pam_faillock lines before and after pam_unix.so
sed -i -E "/pam_unix.so nullok_secure/i auth required pam_faillock.so preauth deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
sed -i -E "/pam_unix.so nullok_secure/a auth [default=die] pam_faillock.so authfail audit deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
}
update_pam_common_account()
{
# update account file
sed -i "/pam_unix.so/ i account required pam_faillock.so" /etc/pam.d/common-account
}
if [ -f "/usr/lib/security/pam_faillock.so" ]; then
update_pam_common_auth
update_pam_common_account
create_faillock_files
fi
if [ -f /etc/config/sshd ]; then
uci -q set sshd.@sshd[0].UsePAM=1
uci commit sshd
fi
exit 0

4
map-agent/Makefile
View file

@ -5,9 +5,9 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=map-agent
PKG_VERSION:=6.3.3.4
PKG_VERSION:=6.3.3.6
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=5216fab84585fd1bd9d25b5b1eea151aeb79071d
PKG_SOURCE_VERSION:=0d084ae70917e109c9e929464b170521e0547c3c
PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
PKG_LICENSE:=BSD-3-Clause

5
obuspa/Makefile
View file

@ -5,13 +5,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=obuspa
PKG_VERSION:=9.0.4.11
PKG_VERSION:=9.0.4.12
LOCAL_DEV:=0
ifneq ($(LOCAL_DEV),1)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
PKG_SOURCE_VERSION:=79e066a3997b46ea3bcc48c4589c5a4c4cb05630
PKG_SOURCE_VERSION:=9bd0c3c895cbcf34b922329c55a8262180b1fa86
PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MIRROR_HASH:=skip
@ -133,6 +133,7 @@ define Package/obuspa/install
$(INSTALL_BIN) ./files/etc/uci-defaults/obuspa-set-dhcp-option $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/etc/uci-defaults/92-obuspa_firewall $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/etc/uci-defaults/93-obuspa_mdns_adv $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/etc/uci-defaults/94-obuspa_set_credential $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/etc/firewall.usp $(1)/etc/
$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
ifeq ($(CONFIG_OBUSPA_CWMP_DATAMODEL_SUPPORT),y)

38
obuspa/files/etc/obuspa/usp_utils.sh
View file

@ -3,6 +3,7 @@
CTRUST_RESET_FILE="/tmp/obuspa/ctrust_reset"
VENDOR_PREFIX_FILE="/etc/obuspa/vendor_prefix"
FW_DEFAULT_ROLE_DIR="/etc/users/roles"
SECURE_ROLES=""
mkdir -p /tmp/obuspa/
@ -145,7 +146,7 @@ configure_permission()
configure_roles()
{
local rinst rname
local rinst rname is_secure
if [ "$#" -ne 2 ]; then
echo "Illegal number of parameters"
@ -154,6 +155,7 @@ configure_roles()
json_select $2
json_get_var rname name
json_get_var is_secure secure_role
if [ "${rname}" = "full_access" ]; then
rinst=1
@ -167,13 +169,21 @@ configure_roles()
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Enable 1
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Name ${rname}
if [ "${is_secure}" = "1" ] || [ "${is_secure}" = "true" ]; then
if [ -z "${SECURE_ROLES}" ]; then
SECURE_ROLES="Device.LocalAgent.ControllerTrust.Role.${rinst}"
else
SECURE_ROLES="${SECURE_ROLES},Device.LocalAgent.ControllerTrust.Role.${rinst}"
fi
fi
json_for_each_item configure_permission permission "${name}" ${rinst}
json_select ..
}
configure_roles_dir()
{
local rinst rname
local rinst rname is_secure
if [ "$#" -ne 1 ]; then
echo "Illegal number of parameters"
@ -195,11 +205,28 @@ configure_roles_dir()
return 0
fi
fi
json_get_var is_secure secure_role
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Alias cpe-${rinst}
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Enable 1
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Name ${rname}
if [ "${is_secure}" = "1" ] || [ "${is_secure}" = "true" ]; then
if [ -z "${SECURE_ROLES}" ]; then
SECURE_ROLES="Device.LocalAgent.ControllerTrust.Role.${rinst}"
else
SECURE_ROLES="${SECURE_ROLES},Device.LocalAgent.ControllerTrust.Role.${rinst}"
fi
fi
if [ "${is_secure}" = "1" ] || [ "${is_secure}" = "true" ]; then
if [ -z "${SECURE_ROLES}" ]; then
SECURE_ROLES="Device.LocalAgent.ControllerTrust.Role.${rinst}"
else
SECURE_ROLES="${SECURE_ROLES},Device.LocalAgent.ControllerTrust.Role.${rinst}"
fi
fi
json_for_each_item configure_permission permission "${name}" "$((rinst))"
json_select ..
}
@ -214,6 +241,8 @@ configure_ctrust_role()
fi
mkdir -p /tmp/obuspa/
SECURE_ROLES=""
if [ -f "${1}" ]; then
json_init
json_load_file "${1}"
@ -227,6 +256,11 @@ configure_ctrust_role()
configure_roles_dir "${f/.json/}"
done
fi
if [ -n "${SECURE_ROLES}" ]; then
db_add Device.LocalAgent.ControllerTrust.SecuredRoles "${SECURE_ROLES}"
fi
}
# configure_ctrust_role "${@}"

29
obuspa/files/etc/uci-defaults/94-obuspa_set_credential Normal file
View file

@ -0,0 +1,29 @@
#!/bin/sh
. /lib/functions.sh
# Get Manufacturer OUI.
oui=$(db -q get device.deviceinfo.ManufacturerOUI)
oui=$(echo "${oui}" | tr 'a-f' 'A-F')
# Get system serial number.
serial=$(db -q get device.deviceinfo.SerialNumber)
username="${oui}-${serial}"
password="iopsys"
# Get userid values
config_load obuspa
config_get user global username ""
config_get pass global password ""
# Only set if they are empty or not same
if [ -z "${user}" ] || [ "${user}" != "${username}" ]; then
uci -q set obuspa.global.username="${username}"
fi
if [ -z "${pass}" ] || [ "${pass}" != "${password}" ]; then
uci -q set obuspa.global.password="${password}"
fi
# No need for commit here, it is done by uci_apply_defaults().

11
obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
View file

@ -391,10 +391,15 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
uci_change=1
else
if [ -z "${dhcp_mqtt}" ]; then
user="$(uci -q get obuspa.global.username)"
pass="$(uci -q get obuspa.global.password)"
sec=$(uci -q add obuspa mqtt)
uci -q rename obuspa."${sec}"='dhcpmqtt'
dhcp_mqtt="dhcpmqtt"
uci -q set obuspa.$dhcp_mqtt.Enable='1'
uci -q set obuspa.$dhcp_mqtt.Username="${user}"
uci -q set obuspa.$dhcp_mqtt.Password="${pass}"
fi
uci -q set obuspa.$dhcp_mqtt.BrokerAddress="${ip}"
@ -476,6 +481,9 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
if [ -n "${offered_proto}" ]; then
if [ "${offered_proto}" == "MQTT" ]; then
user="$(uci -q get obuspa.global.username)"
pass="$(uci -q get obuspa.global.password)"
uci -q set obuspa.dhcpcontroller.Topic="${topic}"
uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
@ -486,6 +494,9 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
uci -q set obuspa.dhcpmqtt.Enable='1'
uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
uci -q set obuspa.dhcpmqtt.Username="${user}"
uci -q set obuspa.dhcpmqtt.Password="${pass}"
agent_topic=$(get_agent_topic)
sec=$(uci -q add obuspa mtp)

562
obuspa/patches/0005-CTrust-SecureRoles.patch Normal file
View file

@ -0,0 +1,562 @@
Index: obuspa-9.0.4.3/src/core/data_model.c
===================================================================
--- obuspa-9.0.4.3.orig/src/core/data_model.c
+++ obuspa-9.0.4.3/src/core/data_model.c
@@ -57,6 +57,7 @@
#include "iso8601.h"
#include "group_get_vector.h"
#include "plugin.h"
+#include "device_ctrust.h"
#ifdef ENABLE_COAP
#include "usp_coap.h"
@@ -507,6 +508,14 @@ int DATA_MODEL_GetParameterValue(char *p
return USP_ERR_INVALID_PATH;
}
+ // Check if the parameter is secured and the controller has a secured role, and if the SHOW_PASSWORD flag is not set
+ if (!(flags & SHOW_PASSWORD) && node->registered.param_info.type_flags & DM_SECURE && !DEVICE_CTRUST_IsControllerSecured())
+ {
+ // Return an empty string for secured parameters when controller doesn't have secured role
+ *buf = '\0';
+ return USP_ERR_OK;
+ }
+
// NOTE: We do not check 'is_qualified_instance' here, because the only time it would be unqualified, is if the
// path represented a multi-instance object. If path does represent this, then it will be caught below (switch statement)
@@ -537,8 +546,8 @@ int DATA_MODEL_GetParameterValue(char *p
break;
case kDMNodeType_DBParam_Secure:
- // Return an empty string, if special flag is not set
- if ((flags & SHOW_PASSWORD)==0)
+ // Return an empty string if the parameter is secured and the controller has a secured role, and if the SHOW_PASSWORD flag is not set
+ if (!(flags & SHOW_PASSWORD) && node->registered.param_info.type_flags & DM_SECURE && !DEVICE_CTRUST_IsControllerSecured())
{
*buf = '\0';
break;
Index: obuspa-9.0.4.3/src/core/device_ctrust.c
===================================================================
--- obuspa-9.0.4.3.orig/src/core/device_ctrust.c
+++ obuspa-9.0.4.3/src/core/device_ctrust.c
@@ -64,6 +64,7 @@
#include "text_utils.h"
#include "dm_inst_vector.h"
#include "database.h"
+#include "device_ctrust.h"
//------------------------------------------------------------------------------
// Location of the controller trust tables within the data model
@@ -228,6 +229,7 @@ credential_t *FindCredentialByCertInstan
int Get_CredentialRole(dm_req_t *req, char *buf, int len);
int Get_CredentialCertificate(dm_req_t *req, char *buf, int len);
int Get_CredentialNumEntries(dm_req_t *req, char *buf, int len);
+int Validate_SecuredRoles(dm_req_t *req, char *value);
#ifndef REMOVE_DEVICE_SECURITY
int InitChallengeTable();
@@ -347,6 +349,10 @@ int DEVICE_CTRUST_Init(void)
challenge_response_input_args, NUM_ELEM(challenge_response_input_args),
NULL, 0);
#endif
+
+ // Register Device.LocalAgent.ControllerTrust.SecuredRoles parameter
+ err |= USP_REGISTER_DBParam_ReadWrite(DEVICE_CTRUST_ROOT ".SecuredRoles", "", Validate_SecuredRoles, NULL, DM_STRING);
+
// Exit if any errors occurred
if (err != USP_ERR_OK)
{
@@ -2793,3 +2799,128 @@ exit:
return err;
}
#endif // REMOVE_DEVICE_SECURITY
+
+
+/*********************************************************************//**
+**
+** Validate_SecuredRoles
+**
+** Validates Device.LocalAgent.ControllerTrust.SecuredRoles
+** Each list item MUST be the Path Name of a row in the Device.LocalAgent.ControllerTrust.Role table
+**
+** \param req - pointer to structure identifying the parameter
+** \param value - value that the controller would like to set the parameter to
+**
+** \return USP_ERR_OK if successful
+**
+**************************************************************************/
+int Validate_SecuredRoles(dm_req_t *req, char *value)
+{
+ char *role_path;
+ char *saveptr;
+ char *str;
+ char temp[MAX_DM_PATH];
+ int role_instance;
+ int err;
+
+ // Empty string is valid
+ if (*value == '\0')
+ {
+ return USP_ERR_OK;
+ }
+
+ // Copy the value as strtok_r modifies the string
+ USP_STRNCPY(temp, value, sizeof(temp));
+
+ // Iterate through comma-separated list
+ str = temp;
+ role_path = strtok_r(str, ",", &saveptr);
+ while (role_path != NULL)
+ {
+ // Trim whitespace
+ role_path = TEXT_UTILS_TrimBuffer(role_path);
+
+ // Verify that this path exists in the Role table using DM_ACCESS_ValidateReference
+ err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
+ if (err != USP_ERR_OK)
+ {
+ USP_ERR_SetMessage("%s: Role path '%s' does not exist in Device.LocalAgent.ControllerTrust.Role table", __FUNCTION__, role_path);
+ return USP_ERR_INVALID_VALUE;
+ }
+
+ role_path = strtok_r(NULL, ",", &saveptr);
+ }
+
+ return USP_ERR_OK;
+}
+
+/*********************************************************************//**
+**
+** DEVICE_CTRUST_IsControllerSecured
+**
+** Determines whether the specified controller has a secured role
+**
+** \param combined_role - pointer to structure containing the role indexes for this controller
+**
+** \return true if the controller has a secured role, false otherwise
+**
+**************************************************************************/
+bool DEVICE_CTRUST_IsControllerSecured()
+{
+ char secured_roles[MAX_DM_PATH];
+ char *role_path;
+ char *saveptr;
+ char *str;
+ char temp[MAX_DM_PATH];
+ int err;
+ role_t *role;
+ int role_instance;
+ combined_role_t combined_role;
+
+ // Exit if unable to get the secured roles
+ err = DATA_MODEL_GetParameterValue("Device.LocalAgent.ControllerTrust.SecuredRoles", secured_roles, sizeof(secured_roles), 0);
+ if (err != USP_ERR_OK)
+ {
+ return false;
+ }
+
+ // Empty string means no secured roles
+ if (*secured_roles == '\0')
+ {
+ return false;
+ }
+
+ MSG_HANDLER_GetMsgRole(&combined_role);
+ // Copy the value as strtok_r modifies the string
+ USP_STRNCPY(temp, secured_roles, sizeof(temp));
+
+ // Iterate through comma-separated list
+ str = temp;
+ role_path = strtok_r(str, ",", &saveptr);
+ while (role_path != NULL)
+ {
+ // Trim whitespace
+ role_path = TEXT_UTILS_TrimBuffer(role_path);
+
+ // Extract the instance number from the role path
+ err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
+ if (err == USP_ERR_OK)
+ {
+ // Find the role in our internal array
+ role = FindRoleByInstance(role_instance);
+ if (role != NULL)
+ {
+ // Check if this role matches either the inherited or assigned role
+ if ((role - roles == combined_role.inherited_index) ||
+ (role - roles == combined_role.assigned_index))
+ {
+ return true;
+ }
+ }
+ }
+
+ role_path = strtok_r(NULL, ",", &saveptr);
+ }
+
+ return false;
+}
Index: obuspa-9.0.4.3/src/core/device_ctrust.h
===================================================================
--- /dev/null
+++ obuspa-9.0.4.3/src/core/device_ctrust.h
@@ -0,0 +1,48 @@
+/*
+ *
+ * Copyright (C) 2019-2025, Broadband Forum
+ * Copyright (C) 2016-2025, CommScope, Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/**
+ * \file device_ctrust.h
+ *
+ * Header file containing the API functions provided by Controller Trust component
+ *
+ */
+#ifndef DEVICE_CTRUST_H
+#define DEVICE_CTRUST_H
+
+#include "device.h"
+
+bool DEVICE_CTRUST_IsControllerSecured(void);
+
+#endif
Index: obuspa-9.0.4.3/src/include/usp_api.h
===================================================================
--- obuspa-9.0.4.3.orig/src/include/usp_api.h
+++ obuspa-9.0.4.3/src/include/usp_api.h
@@ -418,6 +418,7 @@ typedef struct
#define DM_DECIMAL 0x00000100 // 64 bit floating point number (double)
#define DM_LONG 0x00000200 // 64 bit signed integer (long long)
#define DM_VALUE_CHANGE_WILL_IGNORE 0x00000400 // Do not emit value change notifications for this parameter
+#define DM_SECURE 0x00000800 // secure parameter
//-------------------------------------------------------------------------
// Functions to register the data model
Index: obuspa-9.0.4.3/src/core/group_get_vector.c
===================================================================
--- obuspa-9.0.4.3.orig/src/core/group_get_vector.c
+++ obuspa-9.0.4.3/src/core/group_get_vector.c
@@ -49,6 +49,16 @@
#include "group_get_vector.h"
#include "int_vector.h"
#include "data_model.h"
+#include "device_ctrust.h" // Added to use DEVICE_CTRUST_IsControllerSecured()
+
+//------------------------------------------------------------------------------
+// New function to check secure flag and controller state
+static int IsSecuredParamNotAccessible(char *path)
+{
+ dm_instances_t inst;
+ dm_node_t *node = DM_PRIV_GetNodeFromPath(path, &inst, NULL, 0);
+ return (node && (node->registered.param_info.type_flags & DM_SECURE) && !DEVICE_CTRUST_IsControllerSecured());
+}
//------------------------------------------------------------------------------
// Forward declarations. Note these are not static, because we need them in the symbol table for USP_LOG_Callstack() to show them
@@ -282,14 +292,14 @@ void GROUP_GET_VECTOR_GetValues(group_ge
return;
#endif
- // Iterate over all parameters, getting them if non grouped, otherwise adding them to the relevant group to get
+ // Iterate over all parameters, getting them if non-grouped, otherwise adding them to the relevant group to get
memset(ggv_indexes, 0, sizeof(ggv_indexes));
for (i=0; i < ggv->num_entries; i++)
{
gge = &ggv->vector[i];
if (gge->group_id == NON_GROUPED)
{
- // If the parameter is not grouped, then get its value now.
+ // For non-grouped parameters, directly call DATA_MODEL_GetParameterValue which handles secure parameters internally
gge->err_code = DATA_MODEL_GetParameterValue(gge->path, buf, sizeof(buf), 0);
if (gge->err_code != USP_ERR_OK)
{
@@ -320,7 +330,6 @@ void GROUP_GET_VECTOR_GetValues(group_ge
chunk_size = MIN(GROUP_GET_CHUNK_SIZE, iv->num_entries - start_index);
GetParameterGroup(i, ggv, iv, start_index, chunk_size);
}
-
}
}
@@ -378,88 +387,101 @@ void GetParameterGroup(int group_id, gro
return;
}
- // Add all parameters to get in this group to a key value vector
- // NOTE: We form the key value vector manually to avoid copying the param paths.
- // Ownership of the param paths stay with the group get vector
- params.num_entries = chunk_size;
- params.vector = USP_MALLOC(sizeof(kv_pair_t) * chunk_size);
+ // Prepare a mapping for non-secure parameters and process secure ones directly
+ int non_secure_count = 0;
+ int *non_secure_map = USP_MALLOC(chunk_size * sizeof(int));
for (i=0; i < chunk_size; i++)
{
index = iv->vector[start_index + i];
gge = &ggv->vector[index];
USP_ASSERT(gge->path != NULL);
-
- kv = &params.vector[i];
- kv->key = gge->path;
- kv->value = NULL;
+ if (IsSecuredParamNotAccessible(gge->path))
+ {
+ // For secure parameter when controller is not secured, return empty value
+ gge->value = USP_STRDUP("");
+ gge->err_code = USP_ERR_OK;
+ }
+ else
+ {
+ non_secure_map[non_secure_count] = index;
+ non_secure_count++;
+ }
}
- // Exit if group callback fails
- USP_ERR_ClearMessage();
- err = get_group_cb(group_id, &params);
- if (err != USP_ERR_OK)
+ // If there are non-secure parameters, call the group callback for them
+ if (non_secure_count > 0)
{
- // Mark all results for params in this group with an error
- usp_err_msg = USP_ERR_GetMessage();
- for (i=0; i < chunk_size; i++)
+ params.num_entries = non_secure_count;
+ params.vector = USP_MALLOC(sizeof(kv_pair_t) * non_secure_count);
+ for (i=0; i < non_secure_count; i++)
{
- index = iv->vector[start_index + i];
+ index = non_secure_map[i];
gge = &ggv->vector[index];
- gge->err_code = USP_ERR_INTERNAL_ERROR;
+ USP_ASSERT(gge->path != NULL);
+ kv = &params.vector[i];
+ kv->key = gge->path;
+ kv->value = NULL;
+ }
- // Assign an error message to this param
- if (usp_err_msg[0] != '\0')
- {
- gge->err_msg = USP_STRDUP(usp_err_msg);
- }
- else
+ USP_ERR_ClearMessage();
+ err = get_group_cb(group_id, &params);
+ if (err != USP_ERR_OK)
+ {
+ // Mark all non-secure results with an error
+ usp_err_msg = USP_ERR_GetMessage();
+ for (i=0; i < non_secure_count; i++)
{
- // Form an error message if none was provided
- USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback failed for param %s", __FUNCTION__, gge->path);
- gge->err_msg = USP_STRDUP(err_msg);
+ index = non_secure_map[i];
+ gge = &ggv->vector[index];
+ gge->err_code = USP_ERR_INTERNAL_ERROR;
+ if (usp_err_msg[0] != '\0')
+ {
+ gge->err_msg = USP_STRDUP(usp_err_msg);
+ }
+ else
+ {
+ USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback failed for param %s", __FUNCTION__, gge->path);
+ gge->err_msg = USP_STRDUP(err_msg);
+ }
+ USP_SAFE_FREE(params.vector[i].value);
}
-
- // NOTE: The group get might have populated a value for some params, so free these values
- USP_SAFE_FREE(params.vector[i].value);
+ USP_FREE(params.vector);
+ USP_FREE(non_secure_map);
+ return;
}
- goto exit;
- }
- // Move all parameter values obtained to the group get vector
- // NOTE: Ownership of the value string transfers from the params vector to the group get vector
- usp_err_msg = USP_ERR_GetMessage();
- empty_count = 0;
- for (i=0; i < chunk_size; i++)
- {
- kv = &params.vector[i];
- index = iv->vector[start_index + i];
- gge = &ggv->vector[index];
-
- if (kv->value != NULL)
- {
- gge->value = kv->value;
- }
- else
+ // Move all parameter values obtained to the group get vector for non-secure parameters
+ usp_err_msg = USP_ERR_GetMessage();
+ empty_count = 0;
+ for (i=0; i < non_secure_count; i++)
{
- // If this is the first parameter with no value, and an error message has been set, then use the error message
- if ((usp_err_msg[0] != '\0') && (empty_count == 0))
+ index = non_secure_map[i];
+ gge = &ggv->vector[index];
+ kv = &params.vector[i];
+
+ if (kv->value != NULL)
{
- USP_SNPRINTF(err_msg, sizeof(err_msg), "%s", usp_err_msg);
+ gge->value = kv->value;
}
else
{
- USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
+ if ((usp_err_msg[0] != '\0') && (empty_count == 0))
+ {
+ USP_SNPRINTF(err_msg, sizeof(err_msg), "%s", usp_err_msg);
+ }
+ else
+ {
+ USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
+ }
+ gge->err_code = USP_ERR_INTERNAL_ERROR;
+ gge->err_msg = USP_STRDUP(err_msg);
+ empty_count++;
}
- gge->err_code = USP_ERR_INTERNAL_ERROR;
- gge->err_msg = USP_STRDUP(err_msg);
- empty_count++;
}
+ USP_FREE(params.vector);
}
-exit:
- // Destroy the key-value vector.
- // As ownership of all strings in it have transferred to the group get vector, we only have to free the array itself
- USP_FREE(params.vector);
+ USP_FREE(non_secure_map);
}
/*********************************************************************//**
@@ -486,9 +508,10 @@ void GetParametersIndividually(group_get
for (i=0; i < ggv->num_entries; i++)
{
gge = &ggv->vector[i];
+
if (gge->group_id == NON_GROUPED)
{
- // Non-grouped parameters can directly call DATA_MODEL_GetParameterValue()
+ // For non-grouped parameters, directly call DATA_MODEL_GetParameterValue which handles secure parameters internally
gge->err_code = DATA_MODEL_GetParameterValue(gge->path, buf, sizeof(buf), 0);
if (gge->err_code == USP_ERR_OK)
{
@@ -497,42 +520,51 @@ void GetParametersIndividually(group_get
}
else
{
- // Grouped parameters cannot call DATA_MODEL_GetParameterValue(), as that would cause infinite recursion
- get_group_cb = group_vendor_hooks[gge->group_id].get_group_cb;
- if (get_group_cb == NULL)
+ // For grouped parameters, check if the parameter is secure and the controller is not secured
+ if (IsSecuredParamNotAccessible(gge->path))
{
- // Set an error message, if no group callback registered for this parameter
- USP_ERR_SetMessage("%s: No registered group callback to get param %s", __FUNCTION__, gge->path);
- gge->err_code = USP_ERR_INTERNAL_ERROR;
+ gge->value = USP_STRDUP("");
+ gge->err_code = USP_ERR_OK;
}
else
{
- // Get this grouped parameter individually using the group get callback
- pv.num_entries = 1;
- pv.vector = &param;
- param.key = gge->path;
- param.value = NULL;
-
- USP_ERR_ClearMessage();
- gge->err_code = get_group_cb(gge->group_id, &pv);
- if (gge->err_code != USP_ERR_OK)
+ // Grouped parameters cannot call DATA_MODEL_GetParameterValue(), as that would cause infinite recursion
+ get_group_cb = group_vendor_hooks[gge->group_id].get_group_cb;
+ if (get_group_cb == NULL)
{
- USP_ERR_ReplaceEmptyMessage("%s: group get failed for '%s' (%s)", __FUNCTION__, gge->path, USP_ERR_UspErrToString(gge->err_code));
- USP_SAFE_FREE(param.value)
+ // Set an error message, if no group callback registered for this parameter
+ USP_ERR_SetMessage("%s: No registered group callback to get param %s", __FUNCTION__, gge->path);
+ gge->err_code = USP_ERR_INTERNAL_ERROR;
}
else
{
- if (param.value != NULL)
+ // Get this grouped parameter individually using the group get callback
+ pv.num_entries = 1;
+ pv.vector = &param;
+ param.key = gge->path;
+ param.value = NULL;
+
+ USP_ERR_ClearMessage();
+ gge->err_code = get_group_cb(gge->group_id, &pv);
+ if (gge->err_code != USP_ERR_OK)
{
- // Move ownership of the returned string from param.value to gge->value
- gge->value = param.value;
- param.value = NULL; // not strictly necessary
+ USP_ERR_ReplaceEmptyMessage("%s: group get failed for '%s' (%s)", __FUNCTION__, gge->path, USP_ERR_UspErrToString(gge->err_code));
+ USP_SAFE_FREE(param.value)
}
else
{
- // If no value was returned, then this is also reported as an error in the group get array
- USP_ERR_ReplaceEmptyMessage("%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
- gge->err_code = USP_ERR_INTERNAL_ERROR;
+ if (param.value != NULL)
+ {
+ // Move ownership of the returned string from param.value to gge->value
+ gge->value = param.value;
+ param.value = NULL; // not strictly necessary
+ }
+ else
+ {
+ // If no value was returned, then this is also reported as an error in the group get array
+ USP_ERR_ReplaceEmptyMessage("%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
+ gge->err_code = USP_ERR_INTERNAL_ERROR;
+ }
}
}
}
@@ -545,3 +577,4 @@ void GetParametersIndividually(group_get
}
}
}
+

3
owsd/uproxy-files/etc/uci-defaults/60-owsd-ubusproxy
View file

@ -8,7 +8,6 @@ uci set owsd.ubusproxy.enable="1"
uci set owsd.ubusproxy.peer_key="/etc/ubusx/ubusx_demo_only.key"
uci set owsd.ubusproxy.peer_cert="/etc/ubusx/ubusx_demo_only.crt"
uci set owsd.ubusproxy.peer_ca="/etc/ubusx/ubusxDemoCA.crt"
uci commit owsd
# do not create wan_https section if it exists already
[ "$(uci -q get owsd.wan_https)" == "owsd-listen" ] && exit 0
@ -25,5 +24,3 @@ uci set owsd.wan_https.ca="/etc/ubusx/ubusxDemoCA.crt"
uci set owsd.wan_https.whitelist_interface_as_origin="1"
uci del_list owsd.wan_https.origin="*"
uci add_list owsd.wan_https.origin="*"
uci commit owsd

47
passwdqc/Makefile Normal file
View file

@ -0,0 +1,47 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=passwdqc
PKG_VERSION:=2.0.3
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/openwall/passwdqc.git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_MIRROR_HASH:=skip
PKG_LICENSE:=BSD-3
PKG_LICENSE_FILES:=LICENSE
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
SECTION:=utils
CATEGORY:=Utilities
TITLE:=libpam password checking module
DEPENDS:=+libpam
endef
define Package/$(PKG_NAME)/description
pam_passwdqc is a simple password strength checking module for
PAM-aware password changing programs
endef
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
CC="$(TARGET_CC)" \
LDFLAGS="$(TARGET_LDFLAGS)" \
pam_wrapped
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/libpasswdqc.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/security
$(INSTALL_BIN) $(PKG_BUILD_DIR)/pam_passwdqc.so $(1)/usr/lib/security/
$(INSTALL_DIR) $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/passwdqc.uci_default $(1)/etc/uci-defaults/99-add_passwdqc_pam
endef
$(eval $(call BuildPackage,$(PKG_NAME)))

19
passwdqc/files/passwdqc.uci_default Normal file
View file

@ -0,0 +1,19 @@
#!/bin/sh
CONFIG_FILE="/etc/pam.d/common-password"
# for some reason setting to 8 makes passwdqc accept minimum 12 letter password with this configuration
# if we set it to 12 then we need atleast 16 characters and so on
# passphrase = 0 means no space separated words
# rest can be figured out from passwdqc man page
MODULE_LINE="password requisite pam_passwdqc.so min=disabled,disabled,disabled,disabled,8 max=20 passphrase=0 retry=3 enforce=everyone"
# Ensure the file exists before modifying
[ -f "$CONFIG_FILE" ] || exit 0
# Check if pam_passwdqc is already in the file
if ! grep -q "pam_passwdqc.so" "$CONFIG_FILE"; then
# Insert before pam_unix.so
sed -i "/pam_unix.so/ i\\$MODULE_LINE" "$CONFIG_FILE"
fi
exit 0

2
self-diagnostics/Makefile
View file

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=self-diagnostics
PKG_VERSION:=1.0.13
PKG_VERSION:=1.0.14
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0-only

2
self-diagnostics/files/usr/share/self-diagnostics/spec/multiap.json
View file

@ -65,7 +65,7 @@
},
{
"description": "Data Elements Dump",
"cmd": "ubus call wifi.dataelements.collector refresh; sleep 2; ubus call wifi.dataelements.collector dump2"
"cmd": "ubus call wifi.dataelements refresh; sleep 2; ubus call wifi.dataelements dump"
}
]
}

14
self-diagnostics/files/usr/share/self-diagnostics/spec/network.json
View file

@ -80,6 +80,20 @@
{
"description": "IGMP Snooping Table",
"cmd": "ubus call mcast stats"
},
{
"description": "DHCP Leases",
"cmd": "cat /tmp/dhcp.leases"
},
{
"description": "DHCP Leases Options",
"cmd": "cat /tmp/dhcp.client.options",
"dependency": [
{
"type": "file",
"file": "/tmp/dhcp.client.options"
}
]
}
]
}

14
self-diagnostics/files/usr/share/self-diagnostics/spec/system.json
View file

@ -5,6 +5,16 @@
"description": "Firmware banks",
"cmd": "ubus call fwbank dump"
},
{
"description": "Firmware banks via script",
"cmd": "/etc/sysmngr/fwbank call dump",
"dependency": [
{
"type": "file",
"file": "/etc/sysmngr/fwbank"
}
]
},
{
"description": "System Info",
"cmd": "ubus call system info"
@ -62,6 +72,10 @@
"dependency" : {
"file": "/usr/sbin/ubinfo"
}
},
{
"description": "NTP Status",
"cmd": "ntpq -c 'rv 0 stratum'"
}
]
}

60
self-diagnostics/files/usr/share/self-diagnostics/spec/trx69.json
View file

@ -7,13 +7,17 @@
}
],
"exec" : [
{
"description": "Datamodel UCI save list",
"cmd": "ls -laR /tmp/bbfdm/"
},
{
"description": "Datamodel microservices",
"cmd": "ubus call service list '{\"name\":\"bbfdm.services\"}'"
},
{
"description": "Datamodel microservices registration",
"cmd": "ubus call bbfdm service"
"cmd": "ubus call bbfdm services"
},
{
"description": "Datamodel plugins and services list",
@ -31,10 +35,64 @@
"description": "TR-181 Parameters via CWMP",
"cmd": "icwmpd -c get Device."
},
{
"description": "TR-069 Internal Configs list",
"cmd": "ls -R /etc/icwmpd/"
},
{
"description": "TR-069 status",
"cmd": "ubus call tr069 status"
},
{
"description": "TR-069 Backup Session",
"cmd": "cat /etc/icwmpd/icwmpd_backup_session.xml",
"dependency": [
{
"type": "file",
"file": "/etc/icwmpd/icwmpd_backup_session.xml"
}
]
},
{
"description": "TR-069 Temporary Config",
"cmd": "cat /var/state/icwmp",
"dependency": [
{
"type": "file",
"file": "/var/state/icwmp"
}
]
},
{
"description": "TR-069 Internal Config",
"cmd": "cat /etc/icwmpd/cwmp",
"dependency": [
{
"type": "file",
"file": "/etc/icwmpd/cwmp"
}
]
},
{
"description": "TR-069 Force Inform Parameters",
"cmd": "cat /etc/icwmpd/force_inform.json",
"dependency": [
{
"type": "file",
"file": "/etc/icwmpd/force_inform.json"
}
]
},
{
"description": "TR-069 Obj/Param with Notification",
"cmd": "cat /etc/icwmpd/cwmp_notifications",
"dependency": [
{
"type": "file",
"file": "/etc/icwmpd/cwmp_notifications"
}
]
},
{
"description": "TR-069 Logs",
"cmd": "cat /var/log/icwmpd.log",

1
sulu/sulu-builder/files/etc/users/roles/admin.json
View file

@ -2,6 +2,7 @@
"tr181": {
"name": "admin",
"instance": 4,
"secure_role": true,
"permission": [
{
"object": "Device.",

4
swmodd/Makefile
View file

@ -5,13 +5,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=swmodd
PKG_VERSION:=2.5.24
PKG_VERSION:=2.5.25
LOCAL_DEV:=0
ifneq ($(LOCAL_DEV),1)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://dev.iopsys.eu/lcm/swmodd.git
PKG_SOURCE_VERSION:=a5663a3f38868554c619d06cfc5f19aa8679d685
PKG_SOURCE_VERSION:=9b3b87f6a24a39f8917576e3cda8d9dc5f4a8f18
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MIRROR_HASH:=skip
endif

2
usermngr/Makefile
View file

@ -5,7 +5,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=usermngr
PKG_VERSION:=1.3.4
PKG_VERSION:=1.3.5
LOCAL_DEV:=0
ifneq ($(LOCAL_DEV),1)

9
usermngr/files/etc/uci-defaults/91-sync-shells
View file

@ -6,6 +6,10 @@ add_system_shells() {
system_shells=$(cat /etc/shells)
for line in $system_shells
do
if [ "${line}" = "/bin/ash" ]; then
continue
fi
shell_name=$(basename "${line}")
# Add the shell in UCI if not exists
sec=$(uci -q show users | grep -E "^users\.@shell\[[0-9]+\]\.name=\'$shell_name\'$")
@ -60,3 +64,8 @@ remove_shell() {
config_load users
add_system_shells
config_foreach remove_shell shell
# Remove ash
uci -q delete users.shell_ash
exit 0

4
wifimngr/Makefile
View file

@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=wifimngr
PKG_VERSION:=17.5.8
PKG_VERSION:=17.5.9
LOCAL_DEV=0
ifneq ($(LOCAL_DEV),1)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=d06375af320eb0f3a75946d450a01e68bac3ed7b
PKG_SOURCE_VERSION:=dca2859f6bb2c0ba68dff996d693d00a4a21bdf0
PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/wifimngr.git
PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz