From d1abba03229128c3f2a6f718e9f14f4d7285e74d Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Fri, 12 May 2023 21:03:03 +0200
Subject: ocserv: T3896: improve XML definition and add warning about 3rd party
 configs

When enabling identity-based-config, users can add arbitrary config keys
that are processed by ocserv. The user "must know" what he is been doing, as
invalid config option will make the ocserv daemon go ... whoop!

Thus add a warning and inform the user about this setting.
---
 .../openconnect-identity-based-config.xml.i        | 54 ----------------------
 1 file changed, 54 deletions(-)
 delete mode 100644 interface-definitions/include/openconnect-identity-based-config.xml.i

(limited to 'interface-definitions/include/openconnect-identity-based-config.xml.i')

diff --git a/interface-definitions/include/openconnect-identity-based-config.xml.i b/interface-definitions/include/openconnect-identity-based-config.xml.i
deleted file mode 100644
index dfc51936d..000000000
--- a/interface-definitions/include/openconnect-identity-based-config.xml.i
+++ /dev/null
@@ -1,54 +0,0 @@
-<!-- include start from openconnect-identity-based-config.xml.i -->
-<node name="identity-based-config">
-    <properties>
-        <help>Configures OpenConnect to search the configured directory for a config file matching the Group name or Username</help>
-    </properties>
-    <children>
-        <leafNode name="mode">
-            <properties>
-                <help>Configures OpenConnect to use config-per-group or config-per-user. Ignored if OpenConnect authentication group is configured.</help>
-                <valueHelp>
-                    <format>user</format>
-                    <description>OpenConnect config file loaded by matching file in configured directory to the users username</description>
-                </valueHelp>
-                <valueHelp>
-                    <format>group</format>
-                    <description>OpenConnect config file loaded by matching RADIUS class attribute in the RADIUS server response to a file in the configured directory</description>
-                </valueHelp>
-                <constraint>
-                    <regex>(user|group)</regex>
-                </constraint>
-                <constraintErrorMessage>Invalid mode. Must be one of: user, group</constraintErrorMessage>
-                <completionHelp>
-                    <list>user group</list>
-                </completionHelp>
-            </properties>
-        </leafNode>
-        <leafNode name="directory">
-            <properties>
-                <help>Directory to configure OpenConnect to use for matching username/group to config file</help>
-                <valueHelp>
-                    <format>filename</format>
-                    <description>Must be a child directory of /config/auth e.g. /config/auth/ocserv/config-per-user</description>
-                </valueHelp>
-                <constraint>
-                    <validator name="file-path" argument="--directory --parent-dir /config/auth --strict"/>
-                </constraint>
-            </properties>
-        </leafNode>
-        <leafNode name="default-config">
-            <properties>
-                <help>Default/fallback config to use when a file cannot be found in the configured directory that matches the username/group</help>
-                <valueHelp>
-                    <format>filename</format>
-                    <description>Child directory of /config/auth e.g. /config/auth/ocserv/defaults/user.conf</description>
-                </valueHelp>
-                <constraint>
-                    <validator name="file-path" argument="--file --parent-dir /config/auth --strict"/>
-                </constraint>
-            </properties>
-        </leafNode>
-        #include <include/generic-disable-node.xml.i>
-    </children>
-</node>
-<!-- include end -->
\ No newline at end of file
-- 
cgit v1.2.3