修改profile文件

2025-08-07 21:28:50 +08:00 · 2021-12-28 16:39:42 +08:00
parent aadfa7b70c
commit f7c8fb8d9d
5 changed files with 41 additions and 7 deletions
--- a/server/base/cmd.go
+++ b/server/base/cmd.go
@@ -101,7 +101,7 @@ func initCmd() {
 		_, err := os.Stat(conf)
 		if errors.Is(err, os.ErrNotExist) {
 			// 没有配置文件，不做处理
-			return
+			panic(err)
 		}

 		linkViper.SetConfigFile(conf)
--- a/server/conf/files/profile.xml
+++ b/server/conf/files/profile.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
+
+    <ClientInitialization>
+        <UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
+        <StrictCertificateTrust>false</StrictCertificateTrust>
+        <RestrictPreferenceCaching>false</RestrictPreferenceCaching>
+        <RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
+        <BypassDownloader>true</BypassDownloader>
+        <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
+        <LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
+        <CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
+        <CertificateMatch>
+            <KeyUsage>
+                <MatchKey>Digital_Signature</MatchKey>
+            </KeyUsage>
+            <ExtendedKeyUsage>
+                <ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
+            </ExtendedKeyUsage>
+        </CertificateMatch>
+
+        <BackupServerList>
+            <HostAddress>localhost</HostAddress>
+        </BackupServerList>
+    </ClientInitialization>
+
+    <ServerList>
+        <HostEntry>
+            <HostName>VPN Server</HostName>
+            <HostAddress>localhost</HostAddress>
+        </HostEntry>
+    </ServerList>
+</AnyConnectProfile>
--- a/server/handler/link_auth.go
+++ b/server/handler/link_auth.go
@@ -19,7 +19,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	userAgent := strings.ToLower(r.UserAgent())
 	xAggregateAuth := r.Header.Get("X-Aggregate-Auth")
 	xTranscendVersion := r.Header.Get("X-Transcend-Version")
-	if !((strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) && 
+	if !((strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) &&
 		xAggregateAuth == "1" && xTranscendVersion == "1") {
 		w.WriteHeader(http.StatusForbidden)
 		fmt.Fprintf(w, "error request")
@@ -176,7 +176,7 @@ var auth_complete = `<?xml version="1.0" encoding="UTF-8"?>
        <vpn-profile-manifest>
            <vpn rev="1.0">
                <file type="profile" service-type="user">
-                    <uri>/profile.xml</uri>
+                    <uri>/files/profile.xml</uri>
                    <hash type="sha1">A8B0B07FBA93D06E8501E40AB807AEE2464E73B7</hash>
                </file>
            </vpn>
--- a/server/handler/server.go
+++ b/server/handler/server.go
@@ -77,9 +77,9 @@ func initRoute() http.Handler {
 	r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
 	r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)
 	r.HandleFunc("/otp_qr", LinkOtpQr).Methods(http.MethodGet)
-	r.HandleFunc("/profile.xml", func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte(auth_profile))
-	}).Methods(http.MethodGet)
+	// r.HandleFunc("/profile.xml", func(w http.ResponseWriter, r *http.Request) {
+	// 	w.Write([]byte(auth_profile))
+	// }).Methods(http.MethodGet)
 	r.PathPrefix("/files/").Handler(
 		http.StripPrefix("/files/",
 			http.FileServer(http.Dir(base.Cfg.FilesPath)),