src - OpenBSD base system

diff options


context:
space:
mode:

author	Jonathan Gray <jsg@cvs.openbsd.org>	2010-06-07 14:15:28 +0000
committer	Jonathan Gray <jsg@cvs.openbsd.org>	2010-06-07 14:15:28 +0000
commit	97caf2b68cdfcda623e45225d3cb489db4d32992 (patch)
tree	8936fea07234c4cff29d4245423c8f7b4e2bfb43
parent	1730cfbaac76a7d57ca69939b71374c56eaa035c (diff)

switch iked pki files to /etc/iked, discussed with reyk.

Diffstat

-rw-r--r--

etc/mtree/4.4BSD.dist

-rw-r--r--

etc/mtree/special

-rw-r--r--

sbin/iked/iked.8

-rw-r--r--

sbin/iked/types.h

-rw-r--r--

usr.sbin/ikectl/ikeca.c

5 files changed, 67 insertions, 13 deletions

diff --git a/etc/mtree/4.4BSD.dist b/etc/mtree/4.4BSD.dist
index 41d19f5a508..88ffb7b5f4f 100644
--- a/etc/mtree/4.4BSD.dist
+++ b/etc/mtree/4.4BSD.dist

@@ -1,4 +1,4 @@

-# $OpenBSD: 4.4BSD.dist,v 1.205 2010/06/05 17:29:14 martinh Exp $

+# $OpenBSD: 4.4BSD.dist,v 1.206 2010/06/07 14:15:27 jsg Exp $

/set type=dir uname=root gname=wheel mode=0755

# .

@@ -53,6 +53,58 @@ hotplug

# ./etc/hotplug

+# ./etc/iked

+iked

+# ./etc/iked/ca

+ca

+# ./etc/iked/ca

+..

+# ./etc/iked/certs

+certs

+# ./etc/iked/certs

+..

+# ./etc/iked/crls

+crls

+# ./etc/iked/crls

+..

+# ./etc/iked/private

+private uname=root mode=0700

+# ./etc/iked/private

+..

+# ./etc/iked/pubkeys

+pubkeys uname=root mode=0755

+# ./etc/iked/pubkeys/fqdn

+fqdn uname=root mode=0755

+# ./etc/iked/pubkeys/fqdn

+..

+# ./etc/iked/pubkeys/ipv4

+ipv4 uname=root mode=0755

+# ./etc/iked/pubkeys/ipv4

+..

+# ./etc/iked/pubkeys/ipv6

+ipv6 uname=root mode=0755

+# ./etc/iked/pubkeys/ipv6

+..

+# ./etc/iked/pubkeys/ufqdn

+ufqdn uname=root mode=0755

+# ./etc/iked/pubkeys/ufqdn

+..

+# ./etc/iked/pubkeys

+..

+# ./etc/iked

+..

# ./etc/isakmpd

isakmpd

diff --git a/etc/mtree/special b/etc/mtree/special
index 0fc90195a19..3a140281ef3 100644
--- a/etc/mtree/special
+++ b/etc/mtree/special

@@ -1,4 +1,4 @@

-# $OpenBSD: special,v 1.87 2010/06/07 10:09:05 reyk Exp $

+# $OpenBSD: special,v 1.88 2010/06/07 14:15:27 jsg Exp $

# $NetBSD: special,v 1.4 1996/05/08 21:30:18 pk Exp $

# @(#)special 8.2 (Berkeley) 1/23/94

@@ -34,6 +34,8 @@ group type=file mode=0644 uname=root gname=wheel

hostapd.conf type=file mode=0600 uname=root gname=wheel

hosts type=file mode=0644 uname=root gname=wheel

hosts.equiv type=file mode=0600 uname=root gname=wheel optional

+iked type=dir mode=0755 uname=root gname=wheel

+.. #iked

iked.conf type=file mode=0600 uname=root gname=wheel

inetd.conf type=file mode=0644 uname=root gname=wheel

ipsec.conf type=file mode=0600 uname=root gname=wheel

diff --git a/sbin/iked/iked.8 b/sbin/iked/iked.8
index daa6daa5e61..6b49148b64f 100644
--- a/sbin/iked/iked.8
+++ b/sbin/iked/iked.8

@@ -1,4 +1,4 @@

-.\" $OpenBSD: iked.8,v 1.2 2010/06/07 10:07:44 jmc Exp $

+.\" $OpenBSD: iked.8,v 1.3 2010/06/07 14:15:27 jsg Exp $

.\" $vantronix: iked.8,v 1.5 2010/06/02 14:38:08 reyk Exp $

.\"

@@ -74,26 +74,26 @@ Disable NAT-Traversal and do not propose NAT-Traversal support to the peers.

Produce more verbose output.

.El

.Sh FILES

-.Bl -tag -width "/etc/isakmpd/private/XXX" -compact

+.Bl -tag -width "/etc/iked/private/XXX" -compact

.It Pa /etc/iked.conf

The default

.Nm

configuration file.

-.It Pa /etc/isakmpd/ca/

+.It Pa /etc/iked/ca/

The directory where CA certificates are kept.

-.It Pa /etc/isakmpd/certs/

+.It Pa /etc/iked/certs/

The directory where IKE certificates are kept, both the local

certificate(s) and those of the peers, if a choice to have them kept

permanently has been made.

-.It Pa /etc/isakmpd/crls/

+.It Pa /etc/iked/crls/

The directory where CRLs are kept.

-.It Pa /etc/isakmpd/private/

+.It Pa /etc/iked/private/

The directory where local private keys used for public key authentication

are kept.

The file

.Pa local.key

is used to store the local private key.

-.It Pa /etc/isakmpd/pubkeys/

+.It Pa /etc/iked/pubkeys/

The directory in which trusted public keys are kept.

The keys must be named in the fashion described above.

.It Pa /var/run/iked.sock

diff --git a/sbin/iked/types.h b/sbin/iked/types.h
index 9eabddce7b5..3dd75dfc20f 100644
--- a/sbin/iked/types.h
+++ b/sbin/iked/types.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: types.h,v 1.2 2010/06/03 20:28:22 reyk Exp $ */

+/* $OpenBSD: types.h,v 1.3 2010/06/07 14:15:27 jsg Exp $ */

/* $vantronix: types.h,v 1.24 2010/05/11 12:05:56 reyk Exp $ */

@@ -28,7 +28,7 @@

#define IKED_SOCKET "/var/run/iked.sock"

#ifndef IKED_CA

-#define IKED_CA "/etc/isakmpd/"

+#define IKED_CA "/etc/iked/"

#endif

#define IKED_CA_DIR "ca/"

#define IKED_CRL_DIR "crls/"

diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c
index ab3303a9702..ed25f1c1931 100644
--- a/usr.sbin/ikectl/ikeca.c
+++ b/usr.sbin/ikectl/ikeca.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ikeca.c,v 1.2 2010/06/04 13:34:38 jsg Exp $ */

+/* $OpenBSD: ikeca.c,v 1.3 2010/06/07 14:15:27 jsg Exp $ */

/* $vantronix: ikeca.c,v 1.13 2010/06/03 15:52:52 reyk Exp $ */

@@ -40,7 +40,7 @@

#define SSL_CNF "/etc/ssl/openssl.cnf"

#define X509_CNF "/etc/ssl/x509v3.cnf"

#define IKECA_CNF "/etc/ssl/ikeca.cnf"

-#define KEYBASE "/etc/isakmpd"

+#define KEYBASE "/etc/iked"

#define PATH_OPENSSL "/usr/sbin/openssl"

#define PATH_ZIP "/usr/local/bin/zip"