From f7c8fb8d9d96fa866afe959f775ea37130f19153 Mon Sep 17 00:00:00 2001
From: bjdgyc <bjdgyc@163.com>
Date: Tue, 28 Dec 2021 16:39:42 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9profile=E6=96=87=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/base/cmd.go            |  2 +-
 server/conf/files/profile.xml | 34 ++++++++++++++++++++++++++++++++++
 server/handler/link_auth.go   |  4 ++--
 server/handler/server.go      |  6 +++---
 systemd/anylink.service       |  2 +-
 5 files changed, 41 insertions(+), 7 deletions(-)
 create mode 100644 server/conf/files/profile.xml

diff --git a/server/base/cmd.go b/server/base/cmd.go
index 1fc4959..75d5f25 100644
--- a/server/base/cmd.go
+++ b/server/base/cmd.go
@@ -101,7 +101,7 @@ func initCmd() {
 		_, err := os.Stat(conf)
 		if errors.Is(err, os.ErrNotExist) {
 			// 没有配置文件，不做处理
-			return
+			panic(err)
 		}
 
 		linkViper.SetConfigFile(conf)
diff --git a/server/conf/files/profile.xml b/server/conf/files/profile.xml
new file mode 100644
index 0000000..0df0912
--- /dev/null
+++ b/server/conf/files/profile.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
+
+    <ClientInitialization>
+        <UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
+        <StrictCertificateTrust>false</StrictCertificateTrust>
+        <RestrictPreferenceCaching>false</RestrictPreferenceCaching>
+        <RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
+        <BypassDownloader>true</BypassDownloader>
+        <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
+        <LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
+        <CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
+        <CertificateMatch>
+            <KeyUsage>
+                <MatchKey>Digital_Signature</MatchKey>
+            </KeyUsage>
+            <ExtendedKeyUsage>
+                <ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
+            </ExtendedKeyUsage>
+        </CertificateMatch>
+
+        <BackupServerList>
+            <HostAddress>localhost</HostAddress>
+        </BackupServerList>
+    </ClientInitialization>
+
+    <ServerList>
+        <HostEntry>
+            <HostName>VPN Server</HostName>
+            <HostAddress>localhost</HostAddress>
+        </HostEntry>
+    </ServerList>
+</AnyConnectProfile>
\ No newline at end of file
diff --git a/server/handler/link_auth.go b/server/handler/link_auth.go
index 83781bc..9d2a6be 100644
--- a/server/handler/link_auth.go
+++ b/server/handler/link_auth.go
@@ -19,7 +19,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	userAgent := strings.ToLower(r.UserAgent())
 	xAggregateAuth := r.Header.Get("X-Aggregate-Auth")
 	xTranscendVersion := r.Header.Get("X-Transcend-Version")
-	if !((strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) && 
+	if !((strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) &&
 		xAggregateAuth == "1" && xTranscendVersion == "1") {
 		w.WriteHeader(http.StatusForbidden)
 		fmt.Fprintf(w, "error request")
@@ -176,7 +176,7 @@ var auth_complete = `<?xml version="1.0" encoding="UTF-8"?>
         <vpn-profile-manifest>
             <vpn rev="1.0">
                 <file type="profile" service-type="user">
-                    <uri>/profile.xml</uri>
+                    <uri>/files/profile.xml</uri>
                     <hash type="sha1">A8B0B07FBA93D06E8501E40AB807AEE2464E73B7</hash>
                 </file>
             </vpn>
diff --git a/server/handler/server.go b/server/handler/server.go
index 8584cef..aef9fb1 100644
--- a/server/handler/server.go
+++ b/server/handler/server.go
@@ -77,9 +77,9 @@ func initRoute() http.Handler {
 	r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
 	r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)
 	r.HandleFunc("/otp_qr", LinkOtpQr).Methods(http.MethodGet)
-	r.HandleFunc("/profile.xml", func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte(auth_profile))
-	}).Methods(http.MethodGet)
+	// r.HandleFunc("/profile.xml", func(w http.ResponseWriter, r *http.Request) {
+	// 	w.Write([]byte(auth_profile))
+	// }).Methods(http.MethodGet)
 	r.PathPrefix("/files/").Handler(
 		http.StripPrefix("/files/",
 			http.FileServer(http.Dir(base.Cfg.FilesPath)),
diff --git a/systemd/anylink.service b/systemd/anylink.service
index 59c62d3..9f1fe68 100644
--- a/systemd/anylink.service
+++ b/systemd/anylink.service
@@ -9,7 +9,7 @@ User=root
 WorkingDirectory=/usr/local/anylink-deploy
 Restart=on-failure
 RestartSec=5s
-ExecStart=/usr/local/anylink-deploy/anylink --conf=./conf/server.toml
+ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml
 
 [Install]
 WantedBy=multi-user.target