summaryrefslogtreecommitdiff
path: root/usr.sbin/ikectl
diff options
context:
space:
mode:
authorJonathan Gray <jsg@cvs.openbsd.org>2010-06-23 19:28:19 +0000
committerJonathan Gray <jsg@cvs.openbsd.org>2010-06-23 19:28:19 +0000
commitcb691adbb31405ba1956b5dc6a20e771258dc7dd (patch)
treea9cbde1b502763bec798546ed6a788555f554268 /usr.sbin/ikectl
parent3096ea24e5321de222bf7fc42c23bf8eccf3599e (diff)
fix the permissions on directories inside the exported tarball
in the cert case.
Diffstat (limited to 'usr.sbin/ikectl')
-rw-r--r--usr.sbin/ikectl/ikeca.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c
index 4c2a40fbb4e..1e790c7df6f 100644
--- a/usr.sbin/ikectl/ikeca.c
+++ b/usr.sbin/ikectl/ikeca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikeca.c,v 1.8 2010/06/23 17:10:49 jsg Exp $ */
+/* $OpenBSD: ikeca.c,v 1.9 2010/06/23 19:28:18 jsg Exp $ */
/* $vantronix: ikeca.c,v 1.13 2010/06/03 15:52:52 reyk Exp $ */
/*
@@ -456,11 +456,20 @@ ca_export(struct ca *ca, char *keyname, char *myname)
char dst[PATH_MAX];
char *p;
char tpl[] = "/tmp/ikectl.XXXXXXXXXX";
- const char *exdirs[] = { "/ca", "/certs", "/crls", "/private",
- "/export" };
u_int i;
int fd;
+ struct {
+ char *dir;
+ mode_t mode;
+ } exdirs[] = {
+ { "/ca", 0755 },
+ { "/certs", 0755 },
+ { "/crls", 0755 },
+ { "/export", 0755 },
+ { "/private", 0700 }
+ };
+
if (keyname != NULL) {
if (strlcpy(oname, keyname, sizeof(oname)) >= sizeof(oname))
err(1, "name too long");
@@ -503,8 +512,8 @@ ca_export(struct ca *ca, char *keyname, char *myname)
for (i = 0; i < nitems(exdirs); i++) {
strlcpy(dst, p, sizeof(dst));
- strlcat(dst, exdirs[i], sizeof(dst));
- if (mkdir(dst, 0700) != 0)
+ strlcat(dst, exdirs[i].dir, sizeof(dst));
+ if (mkdir(dst, exdirs[i].mode) != 0)
err(1, "failed to create dir %s", dst);
}