allow optional paths for the install commands so we can

install into the isakmpd directory hierarchy for example.

5 files changed, 116 insertions, 62 deletions

diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c
index 9ac58005d04..2824490415c 100644
--- a/usr.sbin/ikectl/ikeca.c
+++ b/usr.sbin/ikectl/ikeca.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikeca.c,v 1.15 2010/10/08 07:45:06 reyk Exp $	*/
+/*	$OpenBSD: ikeca.c,v 1.16 2010/10/08 10:13:47 jsg Exp $	*/
 /*	$vantronix: ikeca.c,v 1.13 2010/06/03 15:52:52 reyk Exp $	*/
 
 /*
@@ -56,12 +56,24 @@ struct ca {
 	char		*caname;
 };
 
+struct {
+	char	*dir;
+	mode_t	 mode;
+} exdirs[] = {
+	{ "/ca",	0755 },
+	{ "/certs",	0755 },
+	{ "/crls",	0755 },
+	{ "/export",	0755 },
+	{ "/private",	0700 }
+};
+
 int		 ca_sign(struct ca *, char *, int, char *);
 int		 ca_request(struct ca *, char *);
 int		 ca_newpass(char *, char *);
 char *		 ca_readpass(char *, size_t *);
 int		 fcopy(char *, char *, mode_t);
 int		 rm_dir(char *);
+int		 ca_hier(char *);
 
 int
 ca_delete(struct ca *ca)
@@ -223,12 +235,13 @@ ca_certificate(struct ca *ca, char *keyname, int type, int action)
 }
 
 int
-ca_key_install(struct ca *ca, char *keyname)
+ca_key_install(struct ca *ca, char *keyname, char *dir)
 {
-	struct stat	st;
-	char		cmd[PATH_MAX * 2];
-	char		src[PATH_MAX];
-	char		dst[PATH_MAX];
+	struct stat	 st;
+	char		 cmd[PATH_MAX * 2];
+	char		 src[PATH_MAX];
+	char		 dst[PATH_MAX];
+	char		*p = NULL;
 
 	snprintf(src, sizeof(src), "%s/private/%s.key", ca->sslpath, keyname);
 	if (stat(src, &st) == -1) {
@@ -239,32 +252,47 @@ ca_key_install(struct ca *ca, char *keyname)
 		return (1);
 	}
 
-	snprintf(dst, sizeof(dst), "%s/private/local.key", KEYBASE);
+	if (dir == NULL)
+		p = dir = strdup(KEYBASE);
+
+	ca_hier(dir);
+
+	snprintf(dst, sizeof(dst), "%s/private/local.key", dir);
 	fcopy(src, dst, 0600);
 
 	snprintf(cmd, sizeof(cmd), "%s rsa -out %s/local.pub"
-	    " -in %s/private/local.key -pubout", PATH_OPENSSL, KEYBASE,
-	    KEYBASE);
+	    " -in %s/private/local.key -pubout", PATH_OPENSSL, dir, dir);
 	system(cmd);
 
+	free(p);
 
 	return (0);
 }
 
 int
-ca_cert_install(struct ca *ca, char *keyname)
+ca_cert_install(struct ca *ca, char *keyname, char *dir)
 {
-	char		src[PATH_MAX];
-	char		dst[PATH_MAX];
-	int		r;
+	char		 src[PATH_MAX];
+	char		 dst[PATH_MAX];
+	int		 r;
+	char		*p = NULL;
+
+	if (dir == NULL)
+		p = dir = strdup(KEYBASE);
+
+	ca_hier(dir);
 
-	if ((r = ca_key_install(ca, keyname)) != 0)
+	if ((r = ca_key_install(ca, keyname, dir)) != 0) {
+		free(dir);
 		return (r);
+	}
 
 	snprintf(src, sizeof(src), "%s/%s.crt", ca->sslpath, keyname);
-	snprintf(dst, sizeof(dst), "%s/certs/%s.crt", KEYBASE, keyname);
+	snprintf(dst, sizeof(dst), "%s/certs/%s.crt", dir, keyname);
 	fcopy(src, dst, 0644);
 
+	free(p);
+
 	return (0);
 }
 
@@ -336,11 +364,12 @@ ca_create(struct ca *ca)
 }
 
 int
-ca_install(struct ca *ca)
+ca_install(struct ca *ca, char *dir)
 {
-	struct stat	st;
-	char		src[PATH_MAX];
-	char		dst[PATH_MAX];
+	struct stat	 st;
+	char		 src[PATH_MAX];
+	char		 dst[PATH_MAX];
+	char		*p = NULL;
 	
 	snprintf(src, sizeof(src), "%s/ca.crt", ca->sslpath);
 	if (stat(src, &st) == -1) {
@@ -348,19 +377,26 @@ ca_install(struct ca *ca)
 		return (1);
 	}
 
-	snprintf(dst, sizeof(dst), "%s/ca/ca.crt", KEYBASE);
+	if (dir == NULL)
+		p = dir = strdup(KEYBASE);
+
+	ca_hier(dir);
+
+	snprintf(dst, sizeof(dst), "%s/ca/ca.crt", dir);
 	if (fcopy(src, dst, 0644) == 0)
 		printf("certificate for CA '%s' installed into %s\n",
 		    ca->caname, dst);
 
 	snprintf(src, sizeof(src), "%s/ca.crl", ca->sslpath);
 	if (stat(src, &st) == 0) {
-		snprintf(dst, sizeof(dst), "%s/crls/ca.crl", KEYBASE);
+		snprintf(dst, sizeof(dst), "%s/crls/ca.crl", dir);
 		if (fcopy(src, dst, 0644) == 0)
 			printf("CRL for CA '%s' installed to %s\n",
 			    ca->caname, dst);
 	}
 
+	free(p);
+
 	return (0);
 }
 
@@ -469,6 +505,25 @@ rm_dir(char *path)
 	return (0);
 }
 
+
+int
+ca_hier(char *path)
+{
+	struct stat	 st;
+	char		 dst[PATH_MAX];
+	u_int		 i;
+
+	for (i = 0; i < nitems(exdirs); i++) {
+		strlcpy(dst, path, sizeof(dst));
+		strlcat(dst, exdirs[i].dir, sizeof(dst));
+		if (stat(dst, &st) != 0 && errno == ENOENT &&
+		    mkdir(dst, exdirs[i].mode) != 0)
+			err(1, "failed to create dir %s", dst);
+	}
+
+	return (0);
+}
+
 int
 ca_export(struct ca *ca, char *keyname, char *myname, char *password)
 {
@@ -486,17 +541,6 @@ ca_export(struct ca *ca, char *keyname, char *myname, char *password)
 	u_int		 i;
 	int		 fd;
 
-	struct {
-		char	*dir;
-		mode_t	 mode;
-	} exdirs[] = {
-		{ "/ca",	0755 },
-		{ "/certs",	0755 },
-		{ "/crls",	0755 },
-		{ "/export",	0755 },
-		{ "/private",	0700 }
-	};
-
 	if (keyname != NULL) {
 		if (strlcpy(oname, keyname, sizeof(oname)) >= sizeof(oname))
 			err(1, "name too long");
diff --git a/usr.sbin/ikectl/ikectl.8 b/usr.sbin/ikectl/ikectl.8
index 305fd930c01..33305a4ae99 100644
--- a/usr.sbin/ikectl/ikectl.8
+++ b/usr.sbin/ikectl/ikectl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ikectl.8,v 1.13 2010/10/08 07:45:06 reyk Exp $
+.\" $OpenBSD: ikectl.8,v 1.14 2010/10/08 10:13:47 jsg Exp $
 .\" $vantronix: ikectl.8,v 1.11 2010/06/03 15:55:51 reyk Exp $
 .\"
 .\" Copyright (c) 2007, 2008, 2009, 2010 Reyk Floeter <reyk@vantronix.net>
@@ -139,10 +139,11 @@ argument can be used to specify the address or FQDN of the local gateway
 which will be written into a text file
 .Pa peer.txt
 and included in the archives.
-.It Cm ca Ar name Cm install
+.It Cm ca Ar name Cm install Op Ar path
 Install the certificate and Certificate Revocation List (CRL) for CA
 .Ar name
-as the currently active CA.
+as the currently active CA or into the specified
+.Ar path .
 .It Xo
 .Cm ca Ar name Cm certificate Ar host
 .Cm create
@@ -192,11 +193,12 @@ which will be written into a text file
 and included in the archives.
 .It Xo
 .Cm ca Ar name Cm certificate Ar host
-.Cm install
+.Cm install Op Ar path
 .Xc
 Install the private and public key for
 .Ar host
-into the active configuration.
+into the active configuration or specified
+.Ar path .
 .It Xo
 .Cm ca Ar name Cm certificate Ar host
 .Cm revoke
@@ -222,11 +224,12 @@ Create a private key for
 if one does not already exist.
 .It Xo
 .Cm ca Ar name Cm key Ar host
-.Cm install
+.Cm install Op Ar path
 .Xc
 Install the private and public keys for
 .Ar host
-into the active configuration.
+into the active configuration or specified
+.Ar path .
 .It Xo
 .Cm ca Ar name Cm key Ar host
 .Cm delete
diff --git a/usr.sbin/ikectl/ikectl.c b/usr.sbin/ikectl/ikectl.c
index 7a7e7d105ec..21626187dad 100644
--- a/usr.sbin/ikectl/ikectl.c
+++ b/usr.sbin/ikectl/ikectl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikectl.c,v 1.9 2010/10/08 07:45:06 reyk Exp $	*/
+/*	$OpenBSD: ikectl.c,v 1.10 2010/10/08 10:13:47 jsg Exp $	*/
 
 /*
  * Copyright (c) 2007, 2008 Reyk Floeter <reyk@vantronix.net>
@@ -94,7 +94,7 @@ ca_opt(struct parse_result *res)
 		ca_delete(ca);
 		break;
 	case CA_INSTALL:
-		ca_install(ca);
+		ca_install(ca, res->path);
 		break;
 	case CA_EXPORT:
 		ca_export(ca, NULL, res->peer, res->pass);
@@ -108,7 +108,7 @@ ca_opt(struct parse_result *res)
 		ca_delkey(ca, res->host);
 		break;
 	case CA_CERT_INSTALL:
-		ca_cert_install(ca, res->host);
+		ca_cert_install(ca, res->host, res->path);
 		break;
 	case CA_CERT_EXPORT:
 		ca_export(ca, res->host, res->peer, res->pass);
@@ -126,10 +126,10 @@ ca_opt(struct parse_result *res)
 		ca_key_delete(ca, res->host);
 		break;
 	case CA_KEY_INSTALL:
-		ca_key_install(ca, res->host);
+		ca_key_install(ca, res->host, res->path);
 		break;
 	case CA_KEY_IMPORT:
-		ca_key_import(ca, res->host, res->filename);
+		ca_key_import(ca, res->host, res->path);
 		break;
 	default:
 		break;
@@ -274,7 +274,7 @@ main(int argc, char *argv[])
 		break;
 	case LOAD:
 		imsg_compose(ibuf, IMSG_CTL_RELOAD, 0, 0, -1,
-		    res->filename, strlen(res->filename));
+		    res->path, strlen(res->path));
 		break;
 	case RELOAD:
 		imsg_compose(ibuf, IMSG_CTL_RELOAD, 0, 0, -1, NULL, 0);
diff --git a/usr.sbin/ikectl/parser.c b/usr.sbin/ikectl/parser.c
index 133fba12261..19e721dec99 100644
--- a/usr.sbin/ikectl/parser.c
+++ b/usr.sbin/ikectl/parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.c,v 1.8 2010/10/08 07:45:06 reyk Exp $	*/
+/*	$OpenBSD: parser.c,v 1.9 2010/10/08 10:13:47 jsg Exp $	*/
 
 /*
  * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net>
@@ -40,7 +40,7 @@ enum token_type {
 	NOTOKEN,
 	ENDTOKEN,
 	KEYWORD,
-	FILENAME,
+	PATH,
 	CANAME,
 	PEER,
 	ADDRESS,
@@ -77,6 +77,7 @@ static const struct token t_show[];
 static const struct token t_show_ca[];
 static const struct token t_show_ca_modifiers[];
 static const struct token t_show_ca_cert[];
+static const struct token t_opt_path[];
 
 static const struct token t_main[] = {
 	{ KEYWORD,	"active",	ACTIVE,		NULL },
@@ -109,7 +110,7 @@ static const struct token t_reset[] = {
 };
 
 static const struct token t_load[] = {
-	{ FILENAME,	"",		NONE,		NULL },
+	{ PATH,		"",		NONE,		NULL },
 	{ ENDTOKEN, 	"",		NONE,		NULL }
 };
 
@@ -121,7 +122,7 @@ static const struct token t_ca[] = {
 static const struct token t_ca_modifiers[] = {
 	{ KEYWORD,	"create",	CA_CREATE,	t_ca_pass },
 	{ KEYWORD,	"delete",	CA_DELETE,	NULL },
-	{ KEYWORD,	"install",	CA_INSTALL,	NULL },
+	{ KEYWORD,	"install",	CA_INSTALL,	t_opt_path },
 	{ KEYWORD,	"certificate",	CA_CERTIFICATE,	t_ca_cert },
 	{ KEYWORD,	"key",		NONE,		t_ca_key },
 	{ KEYWORD,	"export",	CA_EXPORT,	t_ca_export },
@@ -156,6 +157,12 @@ static const struct token t_ca_ex_pass[] = {
 	{ ENDTOKEN,	"",		NONE,		NULL }
 };
 
+static const struct token t_opt_path[] = {
+	{ NOTOKEN,	"",		NONE,		NULL },
+	{ PATH,		"",		NONE,		NULL },
+	{ ENDTOKEN,	"",		NONE,		NULL }
+};
+
 static const struct token t_ca_cert[] = {
 	{ ADDRESS,	"",		NONE,		t_ca_cert_modifiers },
 	{ FQDN,		"",		NONE,		t_ca_cert_modifiers },
@@ -165,7 +172,7 @@ static const struct token t_ca_cert[] = {
 static const struct token t_ca_cert_modifiers[] = {
 	{ KEYWORD,	"create",	CA_CERT_CREATE,		t_ca_cert_extusage },
 	{ KEYWORD,	"delete",	CA_CERT_DELETE,		NULL },
-	{ KEYWORD,	"install",	CA_CERT_INSTALL,	NULL },
+	{ KEYWORD,	"install",	CA_CERT_INSTALL,	t_opt_path },
 	{ KEYWORD,	"export",	CA_CERT_EXPORT,		t_ca_export },
 	{ KEYWORD,	"revoke",	CA_CERT_REVOKE,		NULL },
 	{ ENDTOKEN,	"",		NONE,			NULL }
@@ -187,14 +194,14 @@ static const struct token t_ca_key[] = {
 static const struct token t_ca_key_modifiers[] = {
 	{ KEYWORD,	"create",	CA_KEY_CREATE,		NULL },
 	{ KEYWORD,	"delete",	CA_KEY_DELETE,		NULL },
-	{ KEYWORD,	"install",	CA_KEY_INSTALL,		NULL },
+	{ KEYWORD,	"install",	CA_KEY_INSTALL,		t_opt_path },
 	{ KEYWORD,	"import",	CA_KEY_IMPORT,		t_ca_key_path },
 	{ ENDTOKEN,	"",		NONE,			NULL }
 };
 
 static const struct token t_ca_key_path[] = {
-	{ FILENAME,	"",		NONE,		NULL },
-	{ ENDTOKEN, 	"",		NONE,		NULL }
+	{ PATH,		"",		NONE,		NULL },
+	{ PATH, 	"",		NONE,		NULL }
 };
 
 static const struct token t_show[] = {
@@ -297,9 +304,9 @@ match_token(char *word, const struct token table[])
 					res.action = t->value;
 			}
 			break;
-		case FILENAME:
+		case PATH:
 			if (!match && word != NULL && strlen(word) > 0) {
-				res.filename = strdup(word);
+				res.path = strdup(word);
 				match++;
 				t = &table[i];
 			}
@@ -369,8 +376,8 @@ show_valid_args(const struct token table[])
 		case KEYWORD:
 			fprintf(stderr, "  %s\n", table[i].keyword);
 			break;
-		case FILENAME:
-			fprintf(stderr, "  <filename>\n");
+		case PATH:
+			fprintf(stderr, "  <path>\n");
 			break;
 		case CANAME:
 			fprintf(stderr, "  <caname>\n");
diff --git a/usr.sbin/ikectl/parser.h b/usr.sbin/ikectl/parser.h
index 13787679505..1c40381a2b3 100644
--- a/usr.sbin/ikectl/parser.h
+++ b/usr.sbin/ikectl/parser.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.h,v 1.8 2010/10/08 07:45:06 reyk Exp $	*/
+/*	$OpenBSD: parser.h,v 1.9 2010/10/08 10:13:47 jsg Exp $	*/
 
 /*
  * Copyright (c) 2007, 2008 Reyk Floeter <reyk@vantronix.net>
@@ -59,7 +59,7 @@ enum actions {
 struct parse_result {
 	enum actions	 action;
 	struct imsgbuf	*ibuf;
-	char		*filename;
+	char		*path;
 	char 		*caname;
 	char		*pass;
 	char		*host;
@@ -80,12 +80,12 @@ int		 ca_export(struct ca *, char *, char *, char *);
 int		 ca_revoke(struct ca *, char *);
 int		 ca_delete(struct ca *);
 int		 ca_delkey(struct ca *, char *);
-int		 ca_install(struct ca *);
-int		 ca_cert_install(struct ca *, char *);
+int		 ca_install(struct ca *, char *);
+int		 ca_cert_install(struct ca *, char *, char *);
 int		 ca_show_certs(struct ca *, char *);
 int		 ca_key_create(struct ca *, char *);
 int		 ca_key_delete(struct ca *, char *);
-int		 ca_key_install(struct ca *, char *);
+int		 ca_key_install(struct ca *, char *, char *);
 int		 ca_key_import(struct ca *, char *, char *);
 
 #endif /* _IKECTL_PARSER_H */