BroadbandForum
diff --git a/‎CHANGELOG.md‎
Lines changed: 26 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 2 additions & 2 deletions b/‎Dockerfile‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎INTERNAL_SERVICES_GUIDE.md‎
100755100644
Lines changed: 29 additions & 2 deletions b/‎INTERNAL_SERVICES_GUIDE.md‎
100755100644
Lines changed: 29 additions & 2 deletions
diff --git a/‎Makefile.am‎
100755100644
Lines changed: 5 additions & 0 deletions b/‎Makefile.am‎
100755100644
Lines changed: 5 additions & 0 deletions
diff --git a/‎QUICK_START_GUIDE.md‎
Lines changed: 4 additions & 4 deletions b/‎QUICK_START_GUIDE.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎README.md‎
Lines changed: 4 additions & 0 deletions b/‎README.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎RELEASES.md‎
Lines changed: 74 additions & 1 deletion b/‎RELEASES.md‎
Lines changed: 74 additions & 1 deletion
@@ -1,5 +1,31 @@
 # OB-USP-AGENT Changelog
 
+## 2026-02-20 v11.0.0
+### Added
+- Authenticated UDS connections: USP Services must provide a passsword in the UDS Handshake frame if 
+  UnixDomainSocket.{i}.AuthRequired is set to true. Passwords are configured in UnixDomainSockets.Authentication.{i}
+- Data model registration permissions: USP Services are only permitted to register the DM elements specified
+  in USPServices.Trust.{i}, if UnixDomainSocket.{i}.RegistrationRestricted is set to true.
+- File descriptor passing via Unix domain socket ancilliary data for USP Services. Currently this feature is
+  being discussed for inclusion in the USP v1.6 specification. Disabled by default, this feature
+  may be enabled by defining FD_PASSING_EXPERIMENTAL in vendor_defs.h
+- Lines in the factory reset text file that begin with `+` automatically add the parameter to OBUSPA's database. 
+  If it is already present, its existing value is left unchanged.
+- TP-469 Conformance Test Plan Results for each release are checked in at 
+  [conformance_test_results.txt](https://github.com/BroadbandForum/obuspa/blob/master/conformance_test_results.txt).
+  The CI directory contains the files used by the test procedure.
+
+### Modified
+- factory_reset_example.txt renamed as stomp_factory_reset_example.txt
+- OBUSPA's database may configure DeviceInfo.ProductClass, Manufacturer and ModelName, overriding compile time defaults.
+
+### Fixed
+- Crash that occurred if invalid UDS MTP parameters were present in OBUSPA's database at startup.
+- OBUSPA was not automatically creating intermediate directories in the MUTABLE_CERT_DIR path.
+- Alias uniqueness validation failures returned error code 7004 instead of 7025.
+
+
+
 ## 2026-02-09 v10.0.14
 ### Fixed
 - Changes introduced in v10.0.13 could cause FactoryReset() to hit an assert. The cause has been fixed.
 
@@ -91,8 +91,8 @@ RUN apt update && apt -y install libssl-dev libsqlite3-dev libcurl4-openssl-dev
 WORKDIR /
 COPY --from=build-stage /usr/local/lib/libwebsockets.* /usr/local/lib/
 COPY --from=build-stage /usr/local/bin/obuspa /bin
-COPY --from=build-stage /usr/local/src/obuspa/factory_reset_example.txt /etc
+COPY --from=build-stage /usr/local/src/obuspa/stomp_factory_reset_example.txt /etc
 RUN ldconfig
 
 ENTRYPOINT ["/bin/obuspa"]
-CMD ["-p", "-v4", "-r", "/etc/factory_reset_example.txt", "-f", "/tmp/usp.db"]
+CMD ["-p", "-v4", "-r", "/etc/stomp_factory_reset_example.txt", "-f", "/tmp/usp.db"]
@@ -24,29 +24,43 @@ The Broker is enabled by default.  However, some configuration is necessary in o
 
 OBUSPA stores its configuration in a database file, the path of which can be provided as a command line option. https://github.com/BroadbandForum/OBUSPA/blob/master/QUICK_START_GUIDE.md contains a detailed description of this database in the section entitled "Running OB-USP-AGENT for the first time".
 
-We need to copy and modify the factory_reset_example.txt to broker_reset.txt and add additional data model entries that OBUSPA uses to instantiate the domain sockets used by the UDS backend.  Though different configurations are possible, it is recommended (for interoperability) that the Broker creates two listening sockets.  Each USP Service will connect/disconnect as necessary and register its data model with the Broker.  One of these sockets is used when the USP Service is acting as an data model provider to the Broker's Controller.  The other socket is used when the USP Service is acting as a Controller of the Broker's Agent.
+We need to copy and modify the stomp_factory_reset_example.txt to broker_reset.txt and add additional data model entries that OBUSPA uses to instantiate the domain sockets used by the UDS backend.  Though different configurations are possible, it is recommended (for interoperability) that the Broker creates two listening sockets.  Each USP Service will connect/disconnect as necessary and register its data model with the Broker.  One of these sockets is used when the USP Service is acting as an data model provider to the Broker's Controller.  The other socket is used when the USP Service is acting as a Controller of the Broker's Agent.
 
 ### Configuring the Broker's Controller socket
 The following well known path should be used to configure the Broker's Controller socket.  OBUSPA will use this information to create a listening socket at the specified path that a USP Service's Agent can connect to. 
 ```
 Device.UnixDomainSockets.UnixDomainSocket.1.Alias "cpe-1"
 Device.UnixDomainSockets.UnixDomainSocket.1.Mode "Listen"
 Device.UnixDomainSockets.UnixDomainSocket.1.Path "/var/run/usp/broker_controller_path"
+Device.UnixDomainSockets.UnixDomainSocket.1.AuthRequired "false"
+Device.UnixDomainSockets.UnixDomainSocket.1.RegistrationRestricted "false"
 ```
 OBUSPA will create and configure the database the first time it is run.  Note that OBUSPA will only use these factory default values if no database already exists.  If you wish to change the default parameters then you must remove the existing database.  In the below command, '-f' selects usp_broker.db as the database (instead of the default usp.db) and '-s' selects broker_cli as the CLI socket (instead of the default usp_cli).
 
 ```
 obuspa -f /usr/local/var/obuspa/usp_broker.db -s /tmp/broker_cli -p -v 4 -r broker_reset.txt -i enp0s3
 ```
 ### Configuring a USP Service to connect to the Broker
-A second instance of OBUSPA can be used as the basis for a USP Service.  It must also be told to connect to the Broker's (listening socket) Controller path. Using factory_reset_example.txt as a starting point, copy and modify to service1_reset.txt and add the following lines:-
+A second instance of OBUSPA can be used as the basis for a USP Service.  It must also be told to connect to the Broker's (listening socket) Controller path. Using stomp_factory_reset_example.txt as a starting point, copy and modify to service1_reset.txt and add the following lines:-
 ```
 Device.LocalAgent.EndpointID "proto::service1"
 Device.UnixDomainSockets.UnixDomainSocket.1.Alias "cpe-1"
 Device.UnixDomainSockets.UnixDomainSocket.1.Mode "Connect"
 Device.UnixDomainSockets.UnixDomainSocket.1.Path "/var/run/usp/broker_controller_path"
+Device.UnixDomainSockets.UnixDomainSocket.1.AuthRequired "false"
+Device.UnixDomainSockets.UnixDomainSocket.1.RegistrationRestricted "false"
 ```
 Note the the Endpoint ID is set differently for the USP Service to "proto::service1".  By default the USP Endpoint ID is derived from the network adapter MAC address.  Each Endpoint ID must be unique which will plainly not be the case if we continue to use the default MAC address besed endpoint ID.  For each USP Service we set an appropriate Endpoint ID in the settings database that identifies that Service.
+
+On this connection, the USP Service is acting as an Agent, so we must indicate this:
+```
+Device.LocalAgent.MTP.1.Alias  "cpe-1"
+Device.LocalAgent.MTP.1.Protocol  "UDS"
+Device.LocalAgent.MTP.1.UDS.UnixDomainSocketRef  "Device.UnixDomainSockets.UnixDomainSocket.1"
+Device.LocalAgent.MTP.1.Enable  "true"
+```
+
+To start the USP Service use:
 ```
 obuspa -f /usr/local/var/obuspa/usp_server1.db -s /tmp/service1_cli -p -v4 -r service1_reset.txt -i enp0s3
 ```
@@ -254,7 +268,18 @@ Before we can launch our USP Service acting as a Controller we need to re-config
 Device.UnixDomainSockets.UnixDomainSocket.2.Alias "cpe-2"
 Device.UnixDomainSockets.UnixDomainSocket.2.Mode "Listen"
 Device.UnixDomainSockets.UnixDomainSocket.2.Path "/var/run/usp/broker_agent_path"
+Device.UnixDomainSockets.UnixDomainSocket.2.AuthRequired "false"
+Device.UnixDomainSockets.UnixDomainSocket.2.RegistrationRestricted "false"
 ````
+
+On this connection, the USP Broker is acting as an Agent, so we must indicate this:
+```
+Device.LocalAgent.MTP.2.Alias  "cpe-2"
+Device.LocalAgent.MTP.2.Protocol  "UDS"
+Device.LocalAgent.MTP.2.UDS.UnixDomainSocketRef  "Device.UnixDomainSockets.UnixDomainSocket.2"
+Device.LocalAgent.MTP.2.Enable  "true"
+```
+
 The USP Broker must be running:-
 ````
 obuspa -i wan -v 3 -r /fac_reset_broker.txt -f /obuspa_broker.db
@@ -270,6 +295,8 @@ In order for a USP Service to act as a Controller it must connect to the Broker
 Device.UnixDomainSockets.UnixDomainSocket.2.Alias "cpe-2"
 Device.UnixDomainSockets.UnixDomainSocket.2.Mode "Connect"
 Device.UnixDomainSockets.UnixDomainSocket.2.Path "/var/run/usp/broker_agent_path"
+Device.UnixDomainSockets.UnixDomainSocket.2.AuthRequired "false"
+Device.UnixDomainSockets.UnixDomainSocket.2.RegistrationRestricted "false"
 ````
 Finally we can launch service2 acting as a Controller:-
 ````
 
@@ -108,6 +108,7 @@ SOURCES = src/core/main.c \
                     src/core/e2e_context.c \
                     src/core/plugin.c \
                     src/core/device_uds.c \
+                    src/core/fd_vector.c \
                     src/core/uds.c \
                     src/core/usp_service.c \
                     src/core/usp_broker.c
@@ -134,6 +135,10 @@ obuspa_LDADD += $(openssl_LIBS) $(sqlite3_LIBS) $(libcurl_LIBS) $(zlib_LIBS) $(l
 # Import vendor makefile
 include src/vendor/vendor.am
 
+# Import plugin makefiles
+pkglib_LTLIBRARIES = 
+include examples/test_uds/Makefile.am
+
 # Include files
 public_includedir = $(includedir)/obuspa/include
 public_include_HEADERS = \
 
@@ -85,7 +85,7 @@ To start with, use the last option, as this is the simplest method.
 If OB-USP-AGENT cannot find a database when it starts up, then it will create one using the parameter values specified
 in the file located by the `-r` option.
 
-To specify the data model parameters and values used to create the factory reset database, modify `factory_reset_example.txt`.
+To specify the data model parameters and values used to create the factory reset database, modify `stomp_factory_reset_example.txt`.
 You will need to modify the STOMP connection parameters and the USP EndpointID of the controller to connect to.
 
 When using this option, to prevent the code in vendor_factory_reset_example.c from overriding the values specified in the
@@ -94,7 +94,7 @@ file located by the `-r` option, ensure that `INCLUDE_PROGRAMMATIC_FACTORY_RESET
 To create the database and run OB-USP-AGENT connecting to a STOMP server from network interface eth0 with protocol and trace
 logging enabled to stdout, use the following command:
 ```
-$ obuspa -p -v 4 -r factory_reset_example.txt -i eth0
+$ obuspa -p -v 4 -r stomp_factory_reset_example.txt -i eth0
 ```
 
 If OB-USP-AGENT successfully connected to your STOMP server you should see trace like the following on stdout:
@@ -128,7 +128,7 @@ If OB-USP-AGENT successfully connected to your STOMP server you should see trace
 ```
 
 If OB-USP-AGENT failed to connect, review the settings in your factory reset database and the STOMP server.
-If you subsequently change the settings in `factory_reset_example.txt`, then you must delete the database,
+If you subsequently change the settings in `stomp_factory_reset_example.txt`, then you must delete the database,
 in order that the database is re-created the next time you run OB-USP-AGENT.
 To delete the database in the default location:
 ```
@@ -510,7 +510,7 @@ A shared object will be created in `obuspa/examples/plugin/.libs/plugin.so` and
 
 ```
 cd obuspa
-obuspa -p -v 4 -r factory_reset_example.txt -i eth0 -x examples/plugin/.libs/plugin.so
+obuspa -p -v 4 -r stomp_factory_reset_example.txt -i eth0 -x examples/plugin/.libs/plugin.so
 ```
  OB-USP-AGENT supports the loading of multiple plug-ins at start-up, each one specified using a '-x' command line switch.
 
 
@@ -6,6 +6,10 @@ Open Broadband-User Services Platform-Agent (OB-USP-Agent) is an open source pro
 
 For build instructions, please refer to [QUICK_START_GUIDE](https://github.com/BroadbandForum/obuspa/blob/master/QUICK_START_GUIDE.md).
 
+## TP-469 Conformance Test Plan Results
+
+Test results for all MTPs are available in [conformance_test_results.txt](https://github.com/BroadbandForum/obuspa/blob/master/conformance_test_results.txt).
+
 ## Contributing
 
 Thank you for your interest in contributing! Please refer to [CONTRIBUTING.md](https://github.com/BroadbandForum/obuspa/blob/master/CONTRIBUTING.md) for guidance.
 
@@ -1,4 +1,77 @@
-# Release History
+# Major Release History
+
+## Release 11.0.0
+  * Highlights
+    * Authenticated UDS connections support: USP Services must provide a passsword if connecting via an authenticated UDS socket
+    * Data model registration permissions support: The USP Broker can control which DM elements a USP Service is allowed to register
+    * Support for permission Targets containing search expressions
+    * Experimental file descriptor passing via Unix domain socket ancilliary data for USP Services. To enable, define FD_PASSING_EXPERIMENTAL in vendor_defs.h
+    * Device.LocalAgent.AddCertificate() support. See QUICK_START_GUIDE.md for how to use this feature
+    * TP-469 Conformance Test Plan Results for each release are now checked into the repo, in the file conformance_test_results.txt
+    * 'obuspa -c add' CLI command now supports setting child parameters
+    * Functions to access the data model from vendor threads (USP_PROCESS_DoWorkSync, USP_PROCESS_DM_GetParameterValue, USP_PROCESS_DM_SetParameterValue)
+    * If USP database file is corrupt, a new database is created using the factory reset configuration
+    * Maximum allowed MTP frame size received has been increased to 5MB (from 64K)
+
+  * USP Broker, USP Services and UDS MTP
+    * Fixed crash that occurred if invalid UDS MTP parameters were present in OBUSPA's database at startup
+    * Fixed crash if USP Service registers a DM element, but does not provide it in the GSDM response
+    * Fixed race hazard causing USP Broker to reject all messages from a USP Service. Occurs when USP Service disconnects, then immediately reconnects over UDS MTP, whilst USP Broker is waiting for a synchronous USP response
+    * USP Command and Event arguments should not be allowed to be registered more than once
+    * USP Services should not reuse group_ids registered by internal data model providers
+    * Prevented assert when changing LocalAgent.MTP.Enable and Protocol is UDS
+    * LocalAgent.MTP.{i}.Status is now working for UDS MTP
+
+  * MQTT
+    * MQTT client should not disconnect if no Response Topic
+    * MQTT connection should be retried if TLS handshake fails and libmoquitto version<2.0.13
+    * MQTT Send message queue should not get stuck if packet too large
+    * MQTT client should not assert if no Response Topic
+
+  * WebSockets
+    * Fixed memory leak with WebSockets MTP, if from_id does not match EID in Sec-WebSocket-Extensions header
+    * Websocket server thread should not prevent graceful shutdown after disabling it, or after duplicate messages in its send queue
+
+  * CLI
+    * 'obuspa -c' output has been made cleaner, containing only logs from the data model thread
+    * Concurrent CLI invocations should not get stuck
+    * CLI initiated event arguments should support JSON formatted data
+
+  * Build Options
+    * Device.Security.Certificate may be removed from OBUSPA's data model using the define REMOVE_DEVICE_SECURITY_CERTIFICATE in vendor_defs.h.
+    * Configure options to enable address sanitizer (--enable-asan) and thread sanitizer builds (--enable-tsan) have been added. These options are disabled by default.
+    * Configure option (--enable-hardening) to enable compiler hardening flags (disabled by default)
+    * To support compilation of OBUSPA data model plug-ins, the build process now installs header files to $(includedir)/obuspa
+    * Fixed compilation failure when #include'ing only usp_api.h (enable_callstack_debug should be declared in usp_api.h)
+
+  * USP API
+    * Added USP_LOG_GetLogLevel and USP_LOG_SetLogLevel API functions to atomically access the log level at runtime
+    * Added USP_SIGNAL_Reboot API function to initiate shutting down, then rebooting the device
+    * can_mtp_connect vendor hook should also control Bulk Data Collection report generation
+
+  * Database
+    * OBUSPA's database may configure DeviceInfo.ProductClass, Manufacturer and ModelName, overriding compile time defaults
+    * Lines in the factory reset text file that begin with `+` automatically add the parameter to OBUSPA's database (existing value is left unchanged)
+    * factory_reset_example.txt renamed as stomp_factory_reset_example.txt
+    * Removed automatic creation of the default database directory during make install (GitHub Issue #148)
+
+  * Misc
+    * Code has been updated to use the latest v1.5.2 release of protobuf-c
+    * Fixed R-GET.0 not working for invalid object names in path
+    * Fixed R-GET.0 not applied for partial paths
+    * Fixed race hazard preventing graceful shutdown. Occurs if re-initiating shutdown whilst in the process of shutting down
+    * Fixed crash if object creation notification contains too many keys
+    * Wildcarded delete response with allow_partial=true now correct, if one instance not permitted to be deleted
+    * Fixed regression (introduced in v10.0.0) with Async Operation max concurrency limit
+    * ControllerTrust Permission Order uniqueness is now enforced when Add request with allow_partial=false adds multiple permissions with the same Order
+    * GSDM response does not contain unique keys for child objects when first_level_only=true
+    * Prevented first object creation notification after bootup being missed
+    * OBUSPA now returns correct error code to pass conformance test 1.100
+    * Alias uniqueness validation failures now return error code 7004 instead of 7025.
+    * Added SIGTERM signal handler to cleanly shutdown
+    * Added support for Device.BulkData.Profile.{i}.Controller parameter
+
+
 
 ## Release 10.0.0
   * USP v1.4 and TR-181 v2.18