[ocserv] Initial import (#1027770)

Nikos Mavrogiannopoulos nmav at fedoraproject.org
Fri Dec 6 13:28:08 UTC 2013 

commit 672dedfae29115ad48816ce7be1eda52546ab183
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Fri Dec 6 14:24:37 2013 +0100

    Initial import (#1027770)

 .gitignore               |    1 +
 PACKAGE-LICENSING        |  148 +++++++++++++++++++++++++++++++
 ocserv-http-parser.patch |  139 ++++++++++++++++++++++++++++++
 ocserv-pamd.conf         |    5 +
 ocserv-tests.patch       |   91 +++++++++++++++++++
 ocserv.conf              |  215 ++++++++++++++++++++++++++++++++++++++++++++++
 ocserv.service           |   14 +++
 ocserv.spec              |  144 +++++++++++++++++++++++++++++++
 sources                  |    1 +
 9 files changed, 758 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..3b179d1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/ocserv-0.2.1.tar.xz
diff --git a/PACKAGE-LICENSING b/PACKAGE-LICENSING
new file mode 100644
index 0000000..8215872
--- /dev/null
+++ b/PACKAGE-LICENSING
@@ -0,0 +1,148 @@
+Note that ocserv contains components under different (but compatible) licenses. 
+A breakdown of those is given below.
+
+GPL (v2 or later)
+-----------------
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/common.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/config.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/cookies.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/html.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ip-lease.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/log.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/main-auth.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/main-config.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/main-misc.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/main-resume.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/main-user.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/main.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ocpasswd.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/pam.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/plain.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/route-add.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/sec-mod.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/setproctitle.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/system.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/tlslib.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/tun.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/worker-auth.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/worker-bandwidth.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/worker-extras.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/worker-misc.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/worker-privs.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/worker-resume.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/worker-tun.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/worker-vpn.c
+
+# Note that these files were marked as GPLv3 or later by the gnulib-tool,
+# but this is a bug: http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
+GPL (v2 or later)
+-----------------
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/build-aux/snippet/arg-nonnull.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/build-aux/snippet/c++defs.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/build-aux/snippet/warn-on-use.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/build-aux/snippet/_Noreturn.h
+
+
+BSD (3 clause) and GPL (v2 or later)
+--------------------------------
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/icmp-ping.c
+
+
+LGPL (v2.1 or later)
+--------------------
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/memchr.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/c-ctype.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/c-ctype.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/c-strcase.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/c-strcasecmp.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/c-strncasecmp.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/cloexec.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/cloexec.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/close.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/dup2.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/errno.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/fcntl.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/fcntl.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/fd-hook.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/fd-hook.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/fseek.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/fseeko.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/fstat.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/getdelim.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/getdtablesize.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/getline.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/getpass.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/getpass.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/lseek.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/malloc.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/memmem.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/minmax.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/msvc-inval.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/msvc-inval.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/msvc-nothrow.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/msvc-nothrow.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/realloc.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/stdbool.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/stddef.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/stdint.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/stdio-impl.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/stdio.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/stdlib.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/str-two-way.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/strdup.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/string.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/sys_stat.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/sys_types.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/time.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/unistd.in.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/common.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/cookies.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/gettime.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/html.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/icmp-ping.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ip-lease.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ipc.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/main-auth.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/main.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/pam.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/plain.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/route-add.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/script-list.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/sec-mod.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/setproctitle.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/str.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/str.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/system.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/tlslib.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/tun.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/vpn.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/worker-bandwidth.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/worker.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ccan/htable/htable.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ccan/htable/htable.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ccan/htable/htable_type.h
+
+
+CC0 (public domain)
+--------------------
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ccan/build_assert/build_assert.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ccan/container_of/container_of.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ccan/check_type/check_type.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ccan/hash/hash.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ccan/hash/hash.h
+
+
+MIT
+--------------------
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ccan/list/list.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ccan/list/list.h
+
+
+Auto-generated files
+--------------------
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/gl/unistd.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ocpasswd-args.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ocpasswd-args.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ocserv-args.c
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/ocserv-args.h
+/var/lib/mock/fedora-rawhide-i386/root/builddir/build/BUILD/ocserv-0.2.1/src/version.inc
diff --git a/ocserv-http-parser.patch b/ocserv-http-parser.patch
new file mode 100644
index 0000000..ba40b75
--- /dev/null
+++ b/ocserv-http-parser.patch
@@ -0,0 +1,139 @@
+diff -ur ocserv-0.2.1.orig/configure.ac ocserv-0.2.1/configure.ac
+--- ocserv-0.2.1.orig/configure.ac	2013-11-06 20:47:34.000000000 +0100
++++ ocserv-0.2.1/configure.ac	2013-11-11 13:48:45.536372275 +0100
+@@ -94,6 +94,27 @@
+ 	AC_DEFINE([ANYCONNECT_CLIENT_COMPAT], [], [Enable Anyconnect compatibility])
+ fi
+ 
++dnl Test for http_parser library
++with_local_http_parser=yes
++LIBS="$oldlibs -lhttp_parser"
++AC_MSG_CHECKING([for http_parser library])
++AC_LINK_IFELSE([AC_LANG_PROGRAM([
++		   #include <http_parser.h>],[
++		   http_parser_init(0, 0);])],
++		  [AC_MSG_RESULT(yes)
++		   AC_SUBST([HTTP_PARSER_LIBS], [-lhttp_parser])
++		   AC_SUBST([HTTP_PARSER_CFLAGS], [])
++		   with_local_http_parser=no],
++		  [AC_MSG_RESULT(no)
++  	           AC_MSG_WARN([[
++*** 
++*** libhttp-parser not found.
++*** An included version of the library will be used.
++*** ]])])
++LIBS="$oldlibs"
++AM_CONDITIONAL(LOCAL_HTTP_PARSER, test "x$with_local_http_parser" != xno)
++
++
+ dnl needed in the included PCL
+ AC_C_VOLATILE
+ AC_C_CONST
+diff -ur ocserv-0.2.1.orig/src/Makefile.am ocserv-0.2.1/src/Makefile.am
+--- ocserv-0.2.1.orig/src/Makefile.am	2013-11-05 19:59:45.000000000 +0100
++++ ocserv-0.2.1/src/Makefile.am	2013-11-11 13:48:45.536372275 +0100
+@@ -3,10 +3,18 @@
+ AM_CPPFLAGS = -I$(srcdir)/../gl/ -I$(builddir)/../gl/ \
+ 	-I$(srcdir)/ -I$(builddir)/../ $(LIBOPTS_CFLAGS)
+ 
++if LOCAL_HTTP_PARSER
++AM_CPPFLAGS += -I$(srcdir)/http-parser/
++HTTP_PARSER_SOURCES = http-parser/http_parser.c http-parser/http_parser.h
++NEEDED_HTTP_PARSER_LIBS = 
++else
++NEEDED_HTTP_PARSER_LIBS = $(HTTP_PARSER_LIBS)
++endif
++
+ if NEED_LIBOPTS
+-LIBOPTS = ../libopts/libopts.a
++NEEDED_LIBOPTS = ../libopts/libopts.a
+ else
+-LIBOPTS = $(LIBOPTS_LDADD)
++NEEDED_LIBOPTS = $(LIBOPTS_LDADD)
+ endif
+ 
+ EXTRA_DIST = ccan/licenses/BSD-MIT version.inc.in \
+@@ -24,21 +32,21 @@
+ ocserv_SOURCES = ocserv-args.def ocserv-args.c ocserv-args.h
+ 
+ ocserv_SOURCES += main.c main-auth.c worker-vpn.c worker-auth.c tlslib.c \
+-	http-parser/http_parser.c ipc.h cookies.c worker-tun.c main-misc.c \
++	ipc.h cookies.c worker-tun.c main-misc.c \
+ 	main-config.c ip-lease.c ip-lease.h \
+-	vpn.h cookies.h tlslib.h http-parser/http_parser.h log.c tun.c tun.h \
++	vpn.h cookies.h tlslib.h log.c tun.c tun.h \
+ 	config.c pam.c pam.h worker-resume.c worker.h main-resume.c main.h \
+ 	worker-extras.c main-auth.h html.c html.h \
+ 	main-user.c worker-misc.c setproctitle.h route-add.c route-add.h \
+ 	setproctitle.c worker-privs.c plain.c plain.h common.h common.c \
+ 	sec-mod.c sec-mod.h script-list.h system.c system.h icmp-ping.c icmp-ping.h \
+ 	worker-bandwidth.c worker-bandwidth.h \
+-	str.c str.h gettime.h $(CCAN_SOURCES)
++	str.c str.h gettime.h $(CCAN_SOURCES) $(HTTP_PARSER_SOURCES)
+ 
+ 
+-ocserv_LDADD = ../gl/libgnu.a $(LIBOPTS)
++ocserv_LDADD = ../gl/libgnu.a $(NEEDED_LIBOPTS)
+ ocserv_LDADD += $(LIBGNUTLS_LIBS) $(PAM_LIBS) $(LIBUTIL) \
+-	$(LIBSECCOMP) $(LIBWRAP) $(LIBCRYPT) 
++	$(LIBSECCOMP) $(LIBWRAP) $(LIBCRYPT) $(NEEDED_HTTP_PARSER_LIBS)
+ 	
+ if PCL
+ ocserv_LDADD += $(PCL_LIBS)
+@@ -54,7 +62,7 @@
+ ocpasswd_SOURCES = ocpasswd-args.def ocpasswd-args.c ocpasswd-args.h \
+ 	ocpasswd.c
+ 
+-ocpasswd_LDADD = ../gl/libgnu.a $(LIBOPTS)
++ocpasswd_LDADD = ../gl/libgnu.a $(NEEDED_LIBOPTS)
+ ocpasswd_LDADD += $(LIBGNUTLS_LIBS) $(LIBCRYPT)
+ 
+ ocpasswd-args.c ocpasswd-args.h: $(srcdir)/ocpasswd-args.def
+diff -ur ocserv-0.2.1.orig/src/vpn.h ocserv-0.2.1/src/vpn.h
+--- ocserv-0.2.1.orig/src/vpn.h	2013-11-05 19:34:54.000000000 +0100
++++ ocserv-0.2.1/src/vpn.h	2013-11-11 13:49:03.608470106 +0100
+@@ -23,7 +23,7 @@
+ 
+ #include <config.h>
+ #include <gnutls/gnutls.h>
+-#include <http-parser/http_parser.h>
++#include <http_parser.h>
+ #include <ccan/htable/htable.h>
+ #include <syslog.h>
+ #include <sys/types.h>
+diff -ur ocserv-0.2.1.orig/src/worker-auth.c ocserv-0.2.1/src/worker-auth.c
+--- ocserv-0.2.1.orig/src/worker-auth.c	2013-11-05 19:38:09.000000000 +0100
++++ ocserv-0.2.1/src/worker-auth.c	2013-11-11 13:48:45.537372280 +0100
+@@ -41,7 +41,7 @@
+ #include <common.h>
+ #include <tlslib.h>
+ 
+-#include <http-parser/http_parser.h>
++#include <http_parser.h>
+ 
+ #define SUCCESS_MSG_HEAD "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" \
+                         "<auth id=\"success\">\n" \
+diff -ur ocserv-0.2.1.orig/src/worker-tun.c ocserv-0.2.1/src/worker-tun.c
+--- ocserv-0.2.1.orig/src/worker-tun.c	2013-11-05 19:38:22.000000000 +0100
++++ ocserv-0.2.1/src/worker-tun.c	2013-11-11 13:48:45.537372280 +0100
+@@ -45,8 +45,6 @@
+ #include <worker.h>
+ #include <tlslib.h>
+ 
+-#include <http-parser/http_parser.h>
+-
+ /* if local is non zero it returns the local, otherwise the remote */
+ static
+ int get_ip(struct worker_st* ws, int fd, int family, unsigned int local,
+diff -ur ocserv-0.2.1.orig/src/worker-vpn.c ocserv-0.2.1/src/worker-vpn.c
+--- ocserv-0.2.1.orig/src/worker-vpn.c	2013-11-05 20:06:51.000000000 +0100
++++ ocserv-0.2.1/src/worker-vpn.c	2013-11-11 13:48:45.537372280 +0100
+@@ -49,7 +49,7 @@
+ #include <worker.h>
+ #include <tlslib.h>
+ 
+-#include <http-parser/http_parser.h>
++#include <http_parser.h>
+ 
+ /* after that time (secs) of inactivity in the UDP part, connection switches to 
+  * TCP (if activity occurs there).
diff --git a/ocserv-pamd.conf b/ocserv-pamd.conf
new file mode 100644
index 0000000..968e252
--- /dev/null
+++ b/ocserv-pamd.conf
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth       include	password-auth
+account    required	pam_nologin.so
+account    include	password-auth
+session    include	password-auth
diff --git a/ocserv-tests.patch b/ocserv-tests.patch
new file mode 100644
index 0000000..e700e81
--- /dev/null
+++ b/ocserv-tests.patch
@@ -0,0 +1,91 @@
+diff -ur ocserv-0.2.1.orig/tests/Makefile.in ocserv-0.2.1/tests/Makefile.in
+--- ocserv-0.2.1.orig/tests/Makefile.in	2013-11-06 20:47:51.000000000 +0100
++++ ocserv-0.2.1/tests/Makefile.in	2013-11-11 13:56:15.231784324 +0100
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.14 from Makefile.am.
++# Makefile.in generated by automake 1.13.4 from Makefile.am.
+ # @configure_input@
+ 
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -721,6 +721,8 @@
+ HAVE_WCHAR_T = @HAVE_WCHAR_T@
+ HAVE__BOOL = @HAVE__BOOL@
+ HAVE__EXIT = @HAVE__EXIT@
++HTTP_PARSER_CFLAGS = @HTTP_PARSER_CFLAGS@
++HTTP_PARSER_LIBS = @HTTP_PARSER_LIBS@
+ INCLUDE_NEXT = @INCLUDE_NEXT@
+ INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@
+ INSTALL = @INSTALL@
+diff -ur ocserv-0.2.1.orig/tests/test1.config ocserv-0.2.1/tests/test1.config
+--- ocserv-0.2.1.orig/tests/test1.config	2013-07-06 15:10:57.000000000 +0200
++++ ocserv-0.2.1/tests/test1.config	2013-11-11 13:56:15.231784324 +0100
+@@ -132,7 +132,7 @@
+ # The user the worker processes will be run as. It should be
+ # unique (no other services run as this user).
+ run-as-user = nobody
+-run-as-group = nogroup
++run-as-group = nobody
+ 
+ # Network settings
+ 
+diff -ur ocserv-0.2.1.orig/tests/test2.config ocserv-0.2.1/tests/test2.config
+--- ocserv-0.2.1.orig/tests/test2.config	2013-07-06 16:54:44.000000000 +0200
++++ ocserv-0.2.1/tests/test2.config	2013-11-11 13:56:15.231784324 +0100
+@@ -132,7 +132,7 @@
+ # The user the worker processes will be run as. It should be
+ # unique (no other services run as this user).
+ run-as-user = nobody
+-run-as-group = nogroup
++run-as-group = nobody
+ 
+ # Network settings
+ 
+diff -ur ocserv-0.2.1.orig/tests/test3.config ocserv-0.2.1/tests/test3.config
+--- ocserv-0.2.1.orig/tests/test3.config	2013-10-29 20:11:52.000000000 +0100
++++ ocserv-0.2.1/tests/test3.config	2013-11-11 13:56:15.232784330 +0100
+@@ -132,7 +132,7 @@
+ # The user the worker processes will be run as. It should be
+ # unique (no other services run as this user).
+ run-as-user = nobody
+-run-as-group = nogroup
++run-as-group = nobody
+ 
+ # Network settings
+ 
+diff -ur ocserv-0.2.1.orig/tests/test-iroute ocserv-0.2.1/tests/test-iroute
+--- ocserv-0.2.1.orig/tests/test-iroute	2013-10-30 12:39:28.000000000 +0100
++++ ocserv-0.2.1/tests/test-iroute	2013-11-11 13:56:32.933878367 +0100
+@@ -35,7 +35,7 @@
+ 
+ echo -n "Checking if routes have been applied... "
+ 
+-if [ ! -f test-iroute.tmp ];then
++if [ ! -f ./test-iroute.tmp ];then
+ 	fail $PID "Temporary file cannot be found"
+ fi
+ 
+Only in ocserv-0.2.1/tests: test-iroute~
+diff -ur ocserv-0.2.1.orig/tests/test-iroute.config ocserv-0.2.1/tests/test-iroute.config
+--- ocserv-0.2.1.orig/tests/test-iroute.config	2013-10-30 12:31:33.000000000 +0100
++++ ocserv-0.2.1/tests/test-iroute.config	2013-11-11 13:56:15.232784330 +0100
+@@ -132,7 +132,7 @@
+ # The user the worker processes will be run as. It should be
+ # unique (no other services run as this user).
+ run-as-user = nobody
+-run-as-group = nogroup
++run-as-group = nobody
+ 
+ # Network settings
+ 
+diff -ur ocserv-0.2.1.orig/tests/test-pass-script.config ocserv-0.2.1/tests/test-pass-script.config
+--- ocserv-0.2.1.orig/tests/test-pass-script.config	2013-10-31 17:20:37.000000000 +0100
++++ ocserv-0.2.1/tests/test-pass-script.config	2013-11-11 13:56:15.232784330 +0100
+@@ -132,7 +132,7 @@
+ # The user the worker processes will be run as. It should be
+ # unique (no other services run as this user).
+ run-as-user = nobody
+-run-as-group = nogroup
++run-as-group = nobody
+ 
+ # Network settings
+ 
diff --git a/ocserv.conf b/ocserv.conf
new file mode 100644
index 0000000..baa7bca
--- /dev/null
+++ b/ocserv.conf
@@ -0,0 +1,215 @@
+# User authentication method. Could be set multiple times and in that case
+# all should succeed.
+# Options: certificate, pam. 
+#auth = "certificate"
+#auth = "plain[./sample.passwd]"
+auth = "pam"
+
+# A banner to be displayed on clients
+#banner = "Welcome"
+
+# Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
+#listen-host = [IP|HOSTNAME]
+
+# Limit the number of clients. Unset or set to zero for unlimited.
+#max-clients = 1024
+max-clients = 16
+
+# Limit the number of client connections to one every X milliseconds 
+# (X is the provided value). Set to zero for no limit.
+#rate-limit-ms = 100
+
+# Limit the number of identical clients (i.e., users connecting multiple times)
+# Unset or set to zero for unlimited.
+max-same-clients = 2
+
+# TCP and UDP port number
+tcp-port = 4443
+udp-port = 4443
+
+# Keepalive in seconds
+keepalive = 32400
+
+# Dead peer detection in seconds
+dpd = 60
+
+# MTU discovery (DPD must be enabled)
+try-mtu-discovery = false
+
+# The key and the certificates of the server
+# The key may be a file, or any URL supported by GnuTLS (e.g., 
+# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user
+# or pkcs11:object=my-vpn-key;object-type=private)
+#
+# There may be multiple certificate and key pairs and each key
+# should correspond to the preceding certificate.
+server-cert = /etc/ocserv/server.crt
+server-key = /etc/ocserv/server.key
+
+# Diffie-Hellman parameters. Only needed if you require support
+# for the DHE ciphersuites (by default this server supports ECDHE).
+# Can be generated using:
+# certtool --generate-dh-params --outfile /path/to/dh.pem
+#dh-params = /path/to/dh.pem
+
+# If you have a certificate from a CA that provides an OCSP
+# service you may provide a fresh OCSP status response within
+# the TLS handshake. That will prevent the client from connecting
+# independently on the OCSP server.
+# You can update this response periodically using:
+# ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response
+# Make sure that you replace the following file in an atomic way.
+#ocsp-response = /path/to/ocsp.der
+
+# In case PKCS #11 or TPM keys are used the PINs should be available
+# in files. The srk-pin-file is applicable to TPM keys only (It's the storage
+# root key).
+#pin-file = /path/to/pin.txt
+#srk-pin-file = /path/to/srkpin.txt
+
+# The Certificate Authority that will be used
+# to verify clients if certificate authentication
+# is set.
+#ca-cert = /etc/ocserv/ca.crt
+
+# The object identifier that will be used to read the user ID in the client certificate.
+# The object identifier should be part of the certificate's DN
+# Useful OIDs are: 
+#  CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1
+#cert-user-oid = 0.9.2342.19200300.100.1.1
+
+# The object identifier that will be used to read the user group in the client 
+# certificate. The object identifier should be part of the certificate's DN
+# Useful OIDs are: 
+#  OU (organizational unit) = 2.5.4.11 
+#cert-group-oid = 2.5.4.11
+
+# A revocation list of ca-cert is set
+#crl = /path/to/crl.pem
+
+# GnuTLS priority string
+tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT"
+
+# To enforce perfect forward secrecy (PFS) on the main channel.
+#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA"
+
+# The time (in seconds) that a client is allowed to stay connected prior
+# to authentication
+auth-timeout = 40
+
+# The time (in seconds) that a client is not allowed to reconnect after 
+# a failed authentication attempt.
+min-reauth-time = 2
+
+# Cookie validity time (in seconds)
+# Once a client is authenticated he's provided a cookie with
+# which he can reconnect. This option sets the maximum lifetime
+# of that cookie.
+cookie-validity = 172800
+
+# Script to call when a client connects and obtains an IP
+# Parameters are passed on the environment.
+# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client), 
+# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
+# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
+# may be "connect" or "disconnect".
+#connect-script = /usr/bin/myscript
+#disconnect-script = /usr/bin/myscript
+
+# UTMP
+use-utmp = true
+
+# PID file
+#pid-file = /var/run/ocserv.pid
+
+# The default server directory. Does not require any devices present.
+chroot-dir = /var/ocserv/
+
+# socket file used for IPC, will be appended with .PID
+# It must be accessible within the chroot environment (if any)
+socket-file = ocserv.sock
+
+# The user the worker processes will be run as. It should be
+# unique (no other services run as this user).
+run-as-user = ocserv
+run-as-group = ocserv
+
+# Network settings
+
+device = vpns
+
+# The default domain to be advertised
+#default-domain = example.com
+
+#ipv4-network = 192.168.1.0
+#ipv4-netmask = 255.255.255.0
+# Use the keywork local to advertize the local P-t-P address as DNS server
+# ipv4-dns = 192.168.2.1
+#ipv4-dns = local
+
+# The NBNS server (if any)
+#ipv4-nbns = 192.168.2.3
+
+#ipv6-address = 
+#ipv6-dns = 
+
+# The IPv6 subnet prefix
+#ipv6-prefix =
+
+# Prior to leasing any IP from the pool ping it to verify that
+# it is not in use by another (unrelated to this server) host.
+ping-leases = false
+
+# Leave empty to assign the default MTU of the device
+# mtu = 
+
+# Unset to enable bandwidth restrictions (in bytes/sec). The
+# setting here is global, but can also be set per user or per group.
+#rx-data-per-sec = 40960
+#tx-data-per-sec = 40960
+
+# The number of packets (of MTU size) that are available in
+# the output buffer. The default is low to improve latency.
+# Setting it higher will improve throughput.
+output-buffer = 100
+
+#route = 192.168.1.0/255.255.255.0
+#route = 192.168.5.0/255.255.255.0
+
+# Configuration files that will be applied per user connection or
+# per group. Each file name on these directories must match the username
+# or the groupname.
+# The options allowed in the configuration files are ipv?-dns, ipv?-nbns,
+#  ipv?-network, ipv?-netmask, ipv6-prefix, iroute and route.
+#
+# Note that the 'iroute' option allows to add routes on the server
+# based on a user or group. The syntax depends on the input accepted
+# by the commands route-add-cmd and route-del-cmd (see below).
+
+#config-per-user = /etc/ocserv/config-per-user/
+#config-per-group = /etc/ocserv/config-per-group/
+
+# The system command to use to setup a route. %R will be replaced with the
+# route/mask and %D with the (tun) device.
+#
+# The following example is from linux systems. %R should be something
+# like 192.168.2.0/24 (so iroute in this system has different syntax than route)
+
+route-add-cmd = "ip route add %R dev %D"
+route-del-cmd = "ip route delete %R dev %D"
+
+#
+# The following options are for (experimental) AnyConnect client 
+# compatibility. 
+
+# Client profile xml. A sample file exists in doc/profile.xml.
+# This file must be accessible from inside the worker's chroot. 
+# The profile is ignored by the openconnect client.
+#user-profile = profile.xml
+
+# Unless set to false it is required for clients to present their
+# certificate even if they are authenticating via a previously granted
+# cookie. Legacy CISCO clients do not do that, and thus this option
+# should be set for them.
+#always-require-cert = false
+
diff --git a/ocserv.service b/ocserv.service
new file mode 100644
index 0000000..3b39466
--- /dev/null
+++ b/ocserv.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=OpenConnect SSL VPN server
+Documentation=man:ocserv(8)
+After=syslog.target network.target
+
+[Service]
+PrivateTmp=true
+Type=forking
+PIDFile=/var/run/ocserv.pid
+ExecStart=/usr/sbin/ocserv --pid-file /var/run/ocserv.pid --config /etc/ocserv/ocserv.conf
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ocserv.spec b/ocserv.spec
new file mode 100644
index 0000000..1368da1
--- /dev/null
+++ b/ocserv.spec
@@ -0,0 +1,144 @@
+Name:		ocserv
+Version:	0.2.1
+Release:	6%{?dist}
+Summary:	OpenConnect SSL VPN server
+
+# For a breakdown of the licensing, see PACKAGE-LICENSING 
+# To simplify licenses LGPLv2+ files have been promoted to GPLv2+.
+License:	GPLv2+ and BSD and MIT and CC0
+URL:		http://www.infradead.org/ocserv/
+Source0:	ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz
+Source1:	ocserv.conf
+Source2:	ocserv.service
+Source3:	ocserv-pamd.conf
+Source4:	PACKAGE-LICENSING
+
+# Taken from upstream:
+# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
+Patch0:		ocserv-http-parser.patch
+Patch1:		ocserv-tests.patch
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:	gnutls-devel
+BuildRequires:	pam-devel
+BuildRequires:	iproute
+BuildRequires:	systemd
+BuildRequires:	autogen-libopts-devel >= 5.18
+BuildRequires:	autogen
+BuildRequires:	pcllib-devel, http-parser-devel, tcp_wrappers-devel
+BuildRequires:	automake, autoconf
+
+Requires:		iproute
+Requires:		pam
+Requires(pre):		shadow-utils
+Requires(post):		systemd
+Requires(preun):	systemd
+Requires(postun):	systemd
+#gnulib is bundled. See https://fedorahosted.org/fpc/ticket/174
+Provides:		bundled(gnulib)
+#CCAN is bundled. See https://fedorahosted.org/fpc/ticket/364
+Provides:		bundled(bobjenkins-hash) bundled(ccan-container_of) 
+Provides:		bundled(ccan-htable) bundled(ccan-list)
+Provides:		bundled(ccan-check_type) bundled(ccan-build_assert)
+
+%description
+OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be
+a secure, small, fast and configurable VPN server that uses standard
+protocols such as TLS 1.2, and Datagram TLS. It implements the
+OpenConnect SSL VPN protocol, which is compatible with the AnyConnect
+SSL VPN protocol.
+
+%prep
+%setup -q
+%patch0 -p1
+%patch1 -p1
+rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
+rm -f libopts/*.c libopts/*.h libopts/*/*.c libopts/*/*.h
+rm -f src/pcl/*.c src/pcl/*.h
+# GPLv3 in headers was a gnulib bug: 
+# http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
+sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/*
+# remove GPLv3 components
+rm -f tests/test-* tests/common.sh
+
+%build
+autoreconf -fi
+
+%configure
+
+# disable the smp_mflags until an issue with the dependencies in the 
+# autogen'erated files is fixed
+make #%{?_smp_mflags}
+
+%pre
+getent group ocserv &>/dev/null || groupadd -r ocserv
+getent passwd ocserv &>/dev/null || \
+	/usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \
+		-d /var/lib/ocserv ocserv
+
+%post
+%systemd_post ocserv.service
+
+%preun
+%systemd_preun ocserv.service
+
+%postun
+%systemd_postun ocserv.service
+
+%install
+rm -rf %{buildroot}
+cp -a %{SOURCE4} PACKAGE-LICENSING
+mkdir -p %{buildroot}/%{_sysconfdir}/pam.d/
+mkdir -p %{buildroot}/%{_sysconfdir}/ocserv/
+install -p -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/pam.d/ocserv
+install -p -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/ocserv/
+mkdir -p %{buildroot}/%{_unitdir}
+install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}
+mkdir -p %{buildroot}/var/lib/ocserv/
+%make_install
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+
+%dir /var/lib/ocserv
+%dir %{_sysconfdir}/ocserv
+
+%config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf
+%config(noreplace) %{_sysconfdir}/pam.d/ocserv
+
+%doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING
+%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT 
+%{_mandir}/man8/ocserv.8*
+%{_mandir}/man8/ocpasswd.8*
+%{_bindir}/ocpasswd
+%{_sbindir}/ocserv
+%{_unitdir}/ocserv.service
+
+%changelog
+* Fri Dec  6 2013 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.2.1-6
+- Added exception for the bundling of CCAN components.
+
+* Wed Nov 13 2013 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.2.1-5
+- Updated the way PACKAGE-LICENSING is handled.
+
+* Tue Nov 12 2013 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.2.1-4
+- Replaced gnulib's GPLv3+ license with GPLv2+. According to 
+  http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
+  it was a gnulib bug.
+- Reduced the number of applicable licenses by upgrading LGPLv2+ 
+  components to GPLv2+.
+- Added PACKAGE-LICENSING.
+
+* Mon Nov 11 2013 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.2.1-3
+- Updated spec to add http-parser and pcllib as dependencies.
+- Bundled library files are removed.
+- Updated license information.
+
+* Fri Nov  8 2013 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.2.1-2
+- Updated spec to account improvements suggested by Alec Leamas.
+
+* Thu Nov  7 2013 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.2.1-1
+- Initial version of the package
diff --git a/sources b/sources
index e69de29..84447ec 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+99f239f796c9d29746e307e6a51999f0  ocserv-0.2.1.tar.xz

More information about the scm-commits mailing list