From 50490ebb14fba43b79922972c1efb06ea53a94d4 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 17 Feb 2014 15:52:29 +0100 Subject: [PATCH] Added missing profile file. --- ocserv.conf | 2 +- ocserv.spec | 18 ++++++++++++------ profile.xml | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 7 deletions(-) create mode 100644 profile.xml diff --git a/ocserv.conf b/ocserv.conf index 43391e2..36d4987 100644 --- a/ocserv.conf +++ b/ocserv.conf @@ -222,7 +222,7 @@ route-del-cmd = "ip route delete %R dev %D" # Client profile xml. A sample file exists in doc/profile.xml. # This file must be accessible from inside the worker's chroot. # The profile is ignored by the openconnect client. -#user-profile = profile.xml +user-profile = profile.xml # Unless set to false it is required for clients to present their # certificate even if they are authenticating via a previously granted diff --git a/ocserv.spec b/ocserv.spec index 29ce110..1655528 100644 --- a/ocserv.spec +++ b/ocserv.spec @@ -1,6 +1,6 @@ Name: ocserv Version: 0.3.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: OpenConnect SSL VPN server # For a breakdown of the licensing, see PACKAGE-LICENSING @@ -13,6 +13,7 @@ Source2: ocserv.service Source3: ocserv-pamd.conf Source4: PACKAGE-LICENSING Source5: org.infradead.ocserv.conf +Source6: profile.xml # Taken from upstream: # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09 @@ -77,7 +78,7 @@ make %{?_smp_mflags} getent group ocserv &>/dev/null || groupadd -r ocserv getent passwd ocserv &>/dev/null || \ /usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \ - -d /var/lib/ocserv ocserv + -d %{_localstatedir}/lib/ocserv ocserv mkdir -p %{_sysconfdir}/pki/ocserv/public mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private mkdir -p %{_sysconfdir}/pki/ocserv/cacerts @@ -129,7 +130,9 @@ mkdir -p %{buildroot}/%{_sysconfdir}/dbus-1/system.d/ install -p -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/dbus-1/system.d/ mkdir -p %{buildroot}/%{_unitdir} install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir} -mkdir -p %{buildroot}/var/lib/ocserv/ +mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/ +#install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/ +install -p -m 644 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/ocserv/ %make_install %clean @@ -138,16 +141,15 @@ rm -rf %{buildroot} %files %defattr(-,root,root,-) -%dir /var/lib/ocserv +%dir %{_localstatedir}/lib/ocserv %dir %{_sysconfdir}/ocserv %config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.infradead.ocserv.conf %config(noreplace) %{_sysconfdir}/pam.d/ocserv - %doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING -%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT +%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT %{_mandir}/man8/ocserv.8* %{_mandir}/man8/occtl.8* %{_mandir}/man8/ocpasswd.8* @@ -155,8 +157,12 @@ rm -rf %{buildroot} %{_bindir}/occtl %{_sbindir}/ocserv %{_unitdir}/ocserv.service +%{_localstatedir}/lib/ocserv/profile.xml %changelog +#* xxx xxx xx 2014 Nikos Mavrogiannopoulos - 0.3.1-3 +#- Added missing profile.xml + * Mon Feb 17 2014 Nikos Mavrogiannopoulos - 0.3.1-2 - new upstream release diff --git a/profile.xml b/profile.xml new file mode 100644 index 0000000..3ceb4d7 --- /dev/null +++ b/profile.xml @@ -0,0 +1,32 @@ + + + + + false + false + false + IPSec + true + AllowRemoteUsers + pinAllowed + + + Digital_Signature + + + ClientAuth + + + + + localhost + + + + + + VPN Server + localhost + + +