rpms/ocserv
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added missing profile file.

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos 2014-02-17 15:52:29 +01:00
parent 2e7890b870
commit 50490ebb14
3 changed files with 45 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ocserv.conf
View File

@ -222,7 +222,7 @@ route-del-cmd = "ip route delete %R dev %D"
# Client profile xml. A sample file exists in doc/profile.xml. # Client profile xml. A sample file exists in doc/profile.xml.
# This file must be accessible from inside the worker's chroot. # This file must be accessible from inside the worker's chroot.
# The profile is ignored by the openconnect client. # The profile is ignored by the openconnect client.
#user-profile = profile.xml user-profile = profile.xml
# Unless set to false it is required for clients to present their # Unless set to false it is required for clients to present their
# certificate even if they are authenticating via a previously granted # certificate even if they are authenticating via a previously granted

18
ocserv.spec
View File

@ -1,6 +1,6 @@
Name: ocserv Name: ocserv
Version: 0.3.1 Version: 0.3.1
Release: 2%{?dist} Release: 3%{?dist}
Summary: OpenConnect SSL VPN server Summary: OpenConnect SSL VPN server
# For a breakdown of the licensing, see PACKAGE-LICENSING # For a breakdown of the licensing, see PACKAGE-LICENSING
@ -13,6 +13,7 @@ Source2: ocserv.service
Source3: ocserv-pamd.conf Source3: ocserv-pamd.conf
Source4: PACKAGE-LICENSING Source4: PACKAGE-LICENSING
Source5: org.infradead.ocserv.conf Source5: org.infradead.ocserv.conf
Source6: profile.xml
# Taken from upstream: # Taken from upstream:
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09 # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
@ -77,7 +78,7 @@ make %{?_smp_mflags}
getent group ocserv &>/dev/null || groupadd -r ocserv getent group ocserv &>/dev/null || groupadd -r ocserv
getent passwd ocserv &>/dev/null || \ getent passwd ocserv &>/dev/null || \
/usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \ /usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \
-d /var/lib/ocserv ocserv -d %{_localstatedir}/lib/ocserv ocserv
mkdir -p %{_sysconfdir}/pki/ocserv/public mkdir -p %{_sysconfdir}/pki/ocserv/public
mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private
mkdir -p %{_sysconfdir}/pki/ocserv/cacerts mkdir -p %{_sysconfdir}/pki/ocserv/cacerts
@ -129,7 +130,9 @@ mkdir -p %{buildroot}/%{_sysconfdir}/dbus-1/system.d/
install -p -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/dbus-1/system.d/ install -p -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/dbus-1/system.d/
mkdir -p %{buildroot}/%{_unitdir} mkdir -p %{buildroot}/%{_unitdir}
install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir} install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}
mkdir -p %{buildroot}/var/lib/ocserv/ mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/
#install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/
install -p -m 644 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/ocserv/
%make_install %make_install
%clean %clean
@ -138,16 +141,15 @@ rm -rf %{buildroot}
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%dir /var/lib/ocserv %dir %{_localstatedir}/lib/ocserv
%dir %{_sysconfdir}/ocserv %dir %{_sysconfdir}/ocserv
%config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf %config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.infradead.ocserv.conf %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.infradead.ocserv.conf
%config(noreplace) %{_sysconfdir}/pam.d/ocserv %config(noreplace) %{_sysconfdir}/pam.d/ocserv
%doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING %doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING
%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT %doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT
%{_mandir}/man8/ocserv.8* %{_mandir}/man8/ocserv.8*
%{_mandir}/man8/occtl.8* %{_mandir}/man8/occtl.8*
%{_mandir}/man8/ocpasswd.8* %{_mandir}/man8/ocpasswd.8*
@ -155,8 +157,12 @@ rm -rf %{buildroot}
%{_bindir}/occtl %{_bindir}/occtl
%{_sbindir}/ocserv %{_sbindir}/ocserv
%{_unitdir}/ocserv.service %{_unitdir}/ocserv.service
%{_localstatedir}/lib/ocserv/profile.xml
%changelog %changelog
#* xxx xxx xx 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-3
#- Added missing profile.xml
* Mon Feb 17 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-2 * Mon Feb 17 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-2
- new upstream release - new upstream release

32
profile.xml Normal file
View File

@ -0,0 +1,32 @@
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
<StrictCertificateTrust>false</StrictCertificateTrust>
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
<CertificateMatch>
<KeyUsage>
<MatchKey>Digital_Signature</MatchKey>
</KeyUsage>
<ExtendedKeyUsage>
<ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
</ExtendedKeyUsage>
</CertificateMatch>
<BackupServerList>
<HostAddress>localhost</HostAddress>
</BackupServerList>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>VPN Server</HostName>
<HostAddress>localhost</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>