From 97caf2b68cdfcda623e45225d3cb489db4d32992 Mon Sep 17 00:00:00 2001 From: Jonathan Gray Date: Mon, 7 Jun 2010 14:15:28 +0000 Subject: switch iked pki files to /etc/iked, discussed with reyk. --- etc/mtree/4.4BSD.dist | 54 ++++++++++++++++++++++++++++++++++++++++++++++++- etc/mtree/special | 4 +++- sbin/iked/iked.8 | 14 ++++++------- sbin/iked/types.h | 4 ++-- usr.sbin/ikectl/ikeca.c | 4 ++-- 5 files changed, 67 insertions(+), 13 deletions(-) diff --git a/etc/mtree/4.4BSD.dist b/etc/mtree/4.4BSD.dist index 41d19f5a508..88ffb7b5f4f 100644 --- a/etc/mtree/4.4BSD.dist +++ b/etc/mtree/4.4BSD.dist @@ -1,4 +1,4 @@ -# $OpenBSD: 4.4BSD.dist,v 1.205 2010/06/05 17:29:14 martinh Exp $ +# $OpenBSD: 4.4BSD.dist,v 1.206 2010/06/07 14:15:27 jsg Exp $ /set type=dir uname=root gname=wheel mode=0755 # . @@ -53,6 +53,58 @@ hotplug # ./etc/hotplug .. +# ./etc/iked +iked + +# ./etc/iked/ca +ca +# ./etc/iked/ca +.. + +# ./etc/iked/certs +certs +# ./etc/iked/certs +.. + +# ./etc/iked/crls +crls +# ./etc/iked/crls +.. + +# ./etc/iked/private +private uname=root mode=0700 +# ./etc/iked/private +.. + +# ./etc/iked/pubkeys +pubkeys uname=root mode=0755 + +# ./etc/iked/pubkeys/fqdn +fqdn uname=root mode=0755 +# ./etc/iked/pubkeys/fqdn +.. + +# ./etc/iked/pubkeys/ipv4 +ipv4 uname=root mode=0755 +# ./etc/iked/pubkeys/ipv4 +.. + +# ./etc/iked/pubkeys/ipv6 +ipv6 uname=root mode=0755 +# ./etc/iked/pubkeys/ipv6 +.. + +# ./etc/iked/pubkeys/ufqdn +ufqdn uname=root mode=0755 +# ./etc/iked/pubkeys/ufqdn +.. + +# ./etc/iked/pubkeys +.. + +# ./etc/iked +.. + # ./etc/isakmpd isakmpd diff --git a/etc/mtree/special b/etc/mtree/special index 0fc90195a19..3a140281ef3 100644 --- a/etc/mtree/special +++ b/etc/mtree/special @@ -1,4 +1,4 @@ -# $OpenBSD: special,v 1.87 2010/06/07 10:09:05 reyk Exp $ +# $OpenBSD: special,v 1.88 2010/06/07 14:15:27 jsg Exp $ # $NetBSD: special,v 1.4 1996/05/08 21:30:18 pk Exp $ # @(#)special 8.2 (Berkeley) 1/23/94 # @@ -34,6 +34,8 @@ group type=file mode=0644 uname=root gname=wheel hostapd.conf type=file mode=0600 uname=root gname=wheel hosts type=file mode=0644 uname=root gname=wheel hosts.equiv type=file mode=0600 uname=root gname=wheel optional +iked type=dir mode=0755 uname=root gname=wheel +.. #iked iked.conf type=file mode=0600 uname=root gname=wheel inetd.conf type=file mode=0644 uname=root gname=wheel ipsec.conf type=file mode=0600 uname=root gname=wheel diff --git a/sbin/iked/iked.8 b/sbin/iked/iked.8 index daa6daa5e61..6b49148b64f 100644 --- a/sbin/iked/iked.8 +++ b/sbin/iked/iked.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: iked.8,v 1.2 2010/06/07 10:07:44 jmc Exp $ +.\" $OpenBSD: iked.8,v 1.3 2010/06/07 14:15:27 jsg Exp $ .\" $vantronix: iked.8,v 1.5 2010/06/02 14:38:08 reyk Exp $ .\" .\" Copyright (c) 2010 Reyk Floeter @@ -74,26 +74,26 @@ Disable NAT-Traversal and do not propose NAT-Traversal support to the peers. Produce more verbose output. .El .Sh FILES -.Bl -tag -width "/etc/isakmpd/private/XXX" -compact +.Bl -tag -width "/etc/iked/private/XXX" -compact .It Pa /etc/iked.conf The default .Nm configuration file. -.It Pa /etc/isakmpd/ca/ +.It Pa /etc/iked/ca/ The directory where CA certificates are kept. -.It Pa /etc/isakmpd/certs/ +.It Pa /etc/iked/certs/ The directory where IKE certificates are kept, both the local certificate(s) and those of the peers, if a choice to have them kept permanently has been made. -.It Pa /etc/isakmpd/crls/ +.It Pa /etc/iked/crls/ The directory where CRLs are kept. -.It Pa /etc/isakmpd/private/ +.It Pa /etc/iked/private/ The directory where local private keys used for public key authentication are kept. The file .Pa local.key is used to store the local private key. -.It Pa /etc/isakmpd/pubkeys/ +.It Pa /etc/iked/pubkeys/ The directory in which trusted public keys are kept. The keys must be named in the fashion described above. .It Pa /var/run/iked.sock diff --git a/sbin/iked/types.h b/sbin/iked/types.h index 9eabddce7b5..3dd75dfc20f 100644 --- a/sbin/iked/types.h +++ b/sbin/iked/types.h @@ -1,4 +1,4 @@ -/* $OpenBSD: types.h,v 1.2 2010/06/03 20:28:22 reyk Exp $ */ +/* $OpenBSD: types.h,v 1.3 2010/06/07 14:15:27 jsg Exp $ */ /* $vantronix: types.h,v 1.24 2010/05/11 12:05:56 reyk Exp $ */ /* @@ -28,7 +28,7 @@ #define IKED_SOCKET "/var/run/iked.sock" #ifndef IKED_CA -#define IKED_CA "/etc/isakmpd/" +#define IKED_CA "/etc/iked/" #endif #define IKED_CA_DIR "ca/" #define IKED_CRL_DIR "crls/" diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c index ab3303a9702..ed25f1c1931 100644 --- a/usr.sbin/ikectl/ikeca.c +++ b/usr.sbin/ikectl/ikeca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikeca.c,v 1.2 2010/06/04 13:34:38 jsg Exp $ */ +/* $OpenBSD: ikeca.c,v 1.3 2010/06/07 14:15:27 jsg Exp $ */ /* $vantronix: ikeca.c,v 1.13 2010/06/03 15:52:52 reyk Exp $ */ /* @@ -40,7 +40,7 @@ #define SSL_CNF "/etc/ssl/openssl.cnf" #define X509_CNF "/etc/ssl/x509v3.cnf" #define IKECA_CNF "/etc/ssl/ikeca.cnf" -#define KEYBASE "/etc/isakmpd" +#define KEYBASE "/etc/iked" #define PATH_OPENSSL "/usr/sbin/openssl" #define PATH_ZIP "/usr/local/bin/zip" -- cgit v1.2.3