Added missing profile file.

ocserv.conf

@@ -222,7 +222,7 @@ route-del-cmd = "ip route delete %R dev %D"
 # Client profile xml. A sample file exists in doc/profile.xml.
 # This file must be accessible from inside the worker's chroot. 
 # The profile is ignored by the openconnect client.
-#user-profile = profile.xml
+user-profile = profile.xml
 
 # Unless set to false it is required for clients to present their
 # certificate even if they are authenticating via a previously granted

ocserv.spec

@@ -1,6 +1,6 @@
 Name:		ocserv
 Version:	0.3.1
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	OpenConnect SSL VPN server
 
 # For a breakdown of the licensing, see PACKAGE-LICENSING 
@@ -13,6 +13,7 @@ Source2:	ocserv.service
 Source3:	ocserv-pamd.conf
 Source4:	PACKAGE-LICENSING
 Source5:	org.infradead.ocserv.conf
+Source6:	profile.xml
 
 # Taken from upstream:
 # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
@@ -77,7 +78,7 @@ make %{?_smp_mflags}
 getent group ocserv &>/dev/null || groupadd -r ocserv
 getent passwd ocserv &>/dev/null || \
 	/usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \
-		-d /var/lib/ocserv ocserv
+		-d %{_localstatedir}/lib/ocserv ocserv
 mkdir -p %{_sysconfdir}/pki/ocserv/public
 mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private
 mkdir -p %{_sysconfdir}/pki/ocserv/cacerts
@@ -129,7 +130,9 @@ mkdir -p %{buildroot}/%{_sysconfdir}/dbus-1/system.d/
 install -p -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/dbus-1/system.d/
 mkdir -p %{buildroot}/%{_unitdir}
 install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}
-mkdir -p %{buildroot}/var/lib/ocserv/
+mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/
+#install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/
+install -p -m 644 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/ocserv/
 %make_install
 
 %clean
@@ -138,16 +141,15 @@ rm -rf %{buildroot}
 %files
 %defattr(-,root,root,-)
 
-%dir /var/lib/ocserv
+%dir %{_localstatedir}/lib/ocserv
 %dir %{_sysconfdir}/ocserv
 
 %config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.infradead.ocserv.conf
 %config(noreplace) %{_sysconfdir}/pam.d/ocserv
 
-
 %doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING
-%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT 
+%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT
 %{_mandir}/man8/ocserv.8*
 %{_mandir}/man8/occtl.8*
 %{_mandir}/man8/ocpasswd.8*
@@ -155,8 +157,12 @@ rm -rf %{buildroot}
 %{_bindir}/occtl
 %{_sbindir}/ocserv
 %{_unitdir}/ocserv.service
+%{_localstatedir}/lib/ocserv/profile.xml
 
 %changelog
+#* xxx xxx xx 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-3
+#- Added missing profile.xml
+
 * Mon Feb 17 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-2
 - new upstream release
 

profile.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
+
+	<ClientInitialization>
+		<UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
+		<StrictCertificateTrust>false</StrictCertificateTrust>
+		<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
+		<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
+		<BypassDownloader>true</BypassDownloader>
+		<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
+		<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
+		<CertificateMatch>
+			<KeyUsage>
+				<MatchKey>Digital_Signature</MatchKey>
+			</KeyUsage>
+			<ExtendedKeyUsage>
+				<ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
+			</ExtendedKeyUsage>
+		</CertificateMatch>
+
+		<BackupServerList>
+	            <HostAddress>localhost</HostAddress>
+		</BackupServerList>
+	</ClientInitialization>
+
+	<ServerList>
+		<HostEntry>
+	            <HostName>VPN Server</HostName>
+	            <HostAddress>localhost</HostAddress>
+		</HostEntry>
+	</ServerList>
+</AnyConnectProfile>