diff options
author | jsg <jsg@openbsd.org> | 2010-06-23 19:28:18 +0000 |
---|---|---|
committer | jsg <jsg@openbsd.org> | 2010-06-23 19:28:18 +0000 |
commit | 5fb0600abcce12e37a1bd7a76e1eb1f95980aee3 (patch) | |
tree | 6798cab2bfa6652399d9eeb52e94240f2da6a9fd /usr.sbin/ikectl/ikeca.c | |
parent | More appropriate contents for the exported ca tarball. (diff) | |
download | wireguard-openbsd-5fb0600abcce12e37a1bd7a76e1eb1f95980aee3.tar.xz wireguard-openbsd-5fb0600abcce12e37a1bd7a76e1eb1f95980aee3.zip |
fix the permissions on directories inside the exported tarball
in the cert case.
Diffstat (limited to 'usr.sbin/ikectl/ikeca.c')
-rw-r--r-- | usr.sbin/ikectl/ikeca.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c index 4c2a40fbb4e..1e790c7df6f 100644 --- a/usr.sbin/ikectl/ikeca.c +++ b/usr.sbin/ikectl/ikeca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikeca.c,v 1.8 2010/06/23 17:10:49 jsg Exp $ */ +/* $OpenBSD: ikeca.c,v 1.9 2010/06/23 19:28:18 jsg Exp $ */ /* $vantronix: ikeca.c,v 1.13 2010/06/03 15:52:52 reyk Exp $ */ /* @@ -456,11 +456,20 @@ ca_export(struct ca *ca, char *keyname, char *myname) char dst[PATH_MAX]; char *p; char tpl[] = "/tmp/ikectl.XXXXXXXXXX"; - const char *exdirs[] = { "/ca", "/certs", "/crls", "/private", - "/export" }; u_int i; int fd; + struct { + char *dir; + mode_t mode; + } exdirs[] = { + { "/ca", 0755 }, + { "/certs", 0755 }, + { "/crls", 0755 }, + { "/export", 0755 }, + { "/private", 0700 } + }; + if (keyname != NULL) { if (strlcpy(oname, keyname, sizeof(oname)) >= sizeof(oname)) err(1, "name too long"); @@ -503,8 +512,8 @@ ca_export(struct ca *ca, char *keyname, char *myname) for (i = 0; i < nitems(exdirs); i++) { strlcpy(dst, p, sizeof(dst)); - strlcat(dst, exdirs[i], sizeof(dst)); - if (mkdir(dst, 0700) != 0) + strlcat(dst, exdirs[i].dir, sizeof(dst)); + if (mkdir(dst, exdirs[i].mode) != 0) err(1, "failed to create dir %s", dst); } |