This is a follow-up on the previous patch; it fixes an issue on big
endian systems, and adds some uci configuration options.
Signed-off-by: Nikos Mavrogiannopoulos <n...@gnutls.org>
---
net/ocserv/Makefile | 6 ++-
net/ocserv/files/ocserv-config | 8 +++
net/ocserv/files/ocserv.conf | 17 +++----
net/ocserv/files/ocserv.init | 40 +++++++++++++--
net/ocserv/patches/0001-native-endianess.patch | 70 ++++++++++++++++++++++++++
5 files changed, 123 insertions(+), 18 deletions(-)
create mode 100644 net/ocserv/files/ocserv-config
create mode 100644 net/ocserv/patches/0001-native-endianess.patch
diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile
index 87ad98d..80ec24e 100644
--- a/net/ocserv/Makefile
+++ b/net/ocserv/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ocserv
PKG_VERSION:=0.8.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
@@ -69,7 +69,9 @@ define Package/ocserv/install
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/ocserv.init $(1)/etc/init.d/ocserv
$(INSTALL_DIR) $(1)/etc/ocserv
- $(INSTALL_CONF) ./files/ocserv.conf $(1)/etc/ocserv/ocserv.conf
+ $(INSTALL_CONF) ./files/ocserv.conf $(1)/etc/ocserv/ocserv.conf.template
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_CONF) ./files/ocserv-config $(1)/etc/config/ocserv
endef
$(eval $(call BuildPackage,ocserv))
diff --git a/net/ocserv/files/ocserv-config b/net/ocserv/files/ocserv-config
new file mode 100644
index 0000000..3475857
--- /dev/null
+++ b/net/ocserv/files/ocserv-config
@@ -0,0 +1,8 @@
+config ocserv
+ option 'port' '4443'
+ option 'dpd' '120'
+ option 'max_clients' '8'
+ option 'max_same' '2'
+
+
+config ocservusers
diff --git a/net/ocserv/files/ocserv.conf b/net/ocserv/files/ocserv.conf
index 1b8941e..9c11500 100644
--- a/net/ocserv/files/ocserv.conf
+++ b/net/ocserv/files/ocserv.conf
@@ -13,7 +13,7 @@
# "username:groupname:encoded-password"
# One entry must be listed per line, and 'ocpasswd' can be used
# to generate password entries.
-auth = "plain[/etc/ocserv/ocpasswd]"
+auth = "plain[/var/etc/ocpasswd]"
# A banner to be displayed on clients
banner = "Welcome to OpenWRT"
@@ -24,7 +24,7 @@ banner = "Welcome to OpenWRT"
# Limit the number of clients. Unset or set to zero for unlimited.
#max-clients = 1024
-max-clients = 8
+max-clients = |MAX_CLIENTS|
# Limit the number of client connections to one every X milliseconds
# (X is the provided value). Set to zero for no limit.
@@ -32,17 +32,17 @@ max-clients = 8
# Limit the number of identical clients (i.e., users connecting
# multiple times). Unset or set to zero for unlimited.
-max-same-clients = 2
+max-same-clients = |MAX_SAME|
# TCP and UDP port number
-tcp-port = 4443
-udp-port = 4443
+tcp-port = |PORT|
+udp-port = |PORT|
# Keepalive in seconds
keepalive = 32400
# Dead peer detection in seconds.
-dpd = 120
+dpd = |DPD|
# Dead peer detection for mobile clients. The needs to
# be much higher to prevent such clients being awaken too
@@ -173,11 +173,6 @@ use-occtl = true
# if you use more than a single servers.
occtl-socket-file = /var/run/occtl.socket
-# D-BUS usage. If disabled occtl tool cannot be used. If enabled
-# then ocserv must have access to register org.infradead.ocserv
-# D-BUS service. See doc/dbus/org.infradead.ocserv.conf
-use-dbus = true
-
# PID file. It can be overriden in the command line.
pid-file = /var/run/ocserv.pid
diff --git a/net/ocserv/files/ocserv.init b/net/ocserv/files/ocserv.init
index 3f661ed..62b35df 100644
--- a/net/ocserv/files/ocserv.init
+++ b/net/ocserv/files/ocserv.init
@@ -4,6 +4,32 @@ SERVICE_USE_PID=1
START=50
+setup_config() {
+ config_get port $1 port "4443"
+ config_get max_clients $1 max_clients "8"
+ config_get max_same $1 max_same "2"
+ config_get dpd $1 dpd "120"
+
+ mkdir -p /var/etc
+ sed -e "s#|PORT|#$port#g" \
+ -e "s#|MAX_CLIENTS|#$max_clients#g" \
+ -e "s#|MAX_SAME|#$max_same#g" \
+ -e "s#|DPD|#$dpd#g" \
+ /etc/ocserv/ocserv.conf.template > /var/etc/ocserv.conf
+}
+
+setup_users() {
+ local name
+ local password
+
+ config_get name $1 name
+ config_get password $1 password
+
+ [ -z "$name" -o -z "$password" ] && return
+
+ echo "$password"|ocpasswd -c /var/etc/ocpasswd "$name"
+}
+
start() {
user_exists ocserv 72 || user_add ocserv 72 72 /var/lib/ocserv
group_exists ocserv 72 || group_add ocserv 72
@@ -42,10 +68,6 @@ start() {
/etc/ocserv/ca-key.pem --outfile
/etc/ocserv/server-cert.pem >/dev/null 2>&1
}
- [ -f /etc/ocserv/ocpasswd ] || {
- touch /etc/ocserv/ocpasswd
- }
-
[ -f /var/run/ocserv.pid ] || {
touch /var/run/ocserv.pid
chown ocserv:ocserv /var/run/ocserv.pid
@@ -55,7 +77,15 @@ start() {
chmod 0700 /var/lib/ocserv
chown ocserv:ocserv /var/lib/ocserv
}
- service_start /usr/sbin/ocserv -c /etc/ocserv/ocserv.conf
+
+ config_load ocserv
+ setup_config ocserv
+
+ rm -f /var/etc/ocpasswd
+ touch /var/etc/ocpasswd
+ config_foreach setup_users ocservusers
+
+ service_start /usr/sbin/ocserv -c /var/etc/ocserv.conf
}
stop() {
diff --git a/net/ocserv/patches/0001-native-endianess.patch
b/net/ocserv/patches/0001-native-endianess.patch
new file mode 100644
index 0000000..0afd8a3
--- /dev/null
+++ b/net/ocserv/patches/0001-native-endianess.patch
@@ -0,0 +1,70 @@
+diff --git a/src/main-ctl-unix.c b/src/main-ctl-unix.c
+index b4da5eb..90d604f 100644
+--- a/src/main-ctl-unix.c
++++ b/src/main-ctl-unix.c
+@@ -629,7 +629,7 @@ static void ctl_handle_commands(main_server_st * s)
+ }
+ goto cleanup;
+ }
+- length = (buffer[2] << 8) | buffer[1];
++ memcpy(&length, &buffer[1], 2);
+ buffer_size = ret - 3;
+
+ if (length != buffer_size) {
+diff --git a/src/occtl-unix.c b/src/occtl-unix.c
+index 183825d..0c1b3e1 100644
+--- a/src/occtl-unix.c
++++ b/src/occtl-unix.c
+@@ -83,15 +83,14 @@ int send_cmd(struct unix_ctx *ctx, unsigned cmd, const
void *data,
+ struct iovec iov[2];
+ unsigned iov_len = 1;
+ int e, ret;
+- unsigned length = 0;
++ uint16_t length = 0;
+ void *packed = NULL;
+
+ if (get_size)
+ length = get_size(data);
+
+ header[0] = cmd;
+- header[1] = length;
+- header[2] = length >> 8;
++ memcpy(&header[1], &length, 2);
+
+ iov[0].iov_base = header;
+ iov[0].iov_len = 3;
+@@ -145,7 +144,7 @@ int send_cmd(struct unix_ctx *ctx, unsigned cmd, const
void *data,
+ goto fail;
+ }
+
+- length = (header[2] << 8) | header[1];
++ memcpy(&length, &header[1], 2);
+
+ rep->data_size = length;
+ rep->data = talloc_size(ctx, length);
+diff --git a/src/sec-mod.c b/src/sec-mod.c
+index 15ee32a..c3d4bad 100644
+--- a/src/sec-mod.c
++++ b/src/sec-mod.c
+@@ -354,6 +354,7 @@ void sec_mod_server(void *main_pool, struct cfg_st
*config, const char *socket_f
+ unsigned cmd, length;
+ unsigned i, buffer_size;
+ uint8_t *buffer, *tpool;
++ uint16_t l16;
+ struct pin_st pins;
+ int sd;
+ sec_mod_st *sec;
+@@ -538,10 +539,11 @@ void sec_mod_server(void *main_pool, struct cfg_st
*config, const char *socket_f
+ }
+
+ cmd = buffer[0];
+- length = buffer[1] | buffer[2] << 8;
++ memcpy(&l16, &buffer[1], 2);
++ length = l16;
+
+ if (length > buffer_size - 4) {
+- seclog(LOG_INFO, "too big message");
++ seclog(LOG_INFO, "too big message (%d)", length);
+ goto cont;
+ }
+
--
1.9.2
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
