void
init(void)
{
app_init();
doi_init();
exchange_init();
group_init();
ipsec_init();
isakmp_doi_init();
libcrypto_init();
timer_init();
/* The following group are depending on timer_init having run. */
conf_init();
connection_init();
/* This depends on conf_init, thus check as soon as possible. */
log_reinit();
/* policy_init depends on conf_init having run. */
policy_init();
/* Depends on conf_init and policy_init having run */
cert_init();
crl_init();
sa_init();
transport_init();
virtual_init();
udp_init();
nat_t_init();
udp_encap_init();
vendor_init();
}
/* prepares a certificate, signs it and writes it to file */
int
cert_sign_n_write (const dckey *ca, const char *id, const dckey *pk,
unsigned int ndays, const char *cert_file)
{
int fdcert;
cert *cert = NULL;
char *cert_msg = NULL;
if (!(cert = cert_init (ca, id, pk, ndays))
|| !(cert_msg = cert_export (cert, 0))
|| !(cert->sig = dcsign (ca, cert_msg))
|| (xfree (cert_msg), !(cert_msg = cert_export (cert, 1)))) {
printf ("%s: error creating the certificate\n", getprogname ());
cert_clr (cert);
cert = NULL;
check_n_free (&cert_msg);
return -2;
}
/* write certificate and signature to fdcert */
else {
if ((fdcert = open (cert_file,O_WRONLY|O_TRUNC|O_CREAT,0644)) == -1){
printf ("%s: trouble opening %s\n",
getprogname (), cert_file);
perror (getprogname ());
cert_clr (cert);
cert = NULL;
check_n_free (&cert_msg);
return -1;
}
else if ((write_chunk (fdcert, cert_msg, strlen (cert_msg)) == -1)
|| (write_chunk (fdcert, "\n", 1) == -1)) {
printf ("%s: trouble writing certificate to %s\n",
getprogname (), cert_file);
perror (getprogname ());
cert_clr (cert);
cert = NULL;
check_n_free (&cert_msg);
return -1;
}
else {
cert_clr (cert);
cert = NULL;
check_n_free (&cert_msg);
close (fdcert);
fdcert = -1;
return 0;
}
}
}
static void __dtls_timer(void *p) {
struct dtls_cert *c;
long int left;
c = dtls_cert();
left = c->expires - poller_now;
if (left > CERT_EXPIRY_TIME/2)
goto out;
cert_init();
out:
obj_put(c);
}
/* Reinitialize, either after a SIGHUP reception or by FIFO UI cmd. */
void
reinit(void)
{
log_print("isakmpd: reinitializing daemon");
/*
* XXX Remove all(/some?) pending exchange timers? - they may not be
* possible to complete after we've re-read the config file.
* User-initiated SIGHUP's maybe "authorizes" a wait until
* next connection-check.
* XXX This means we discard exchange->last_msg, is this really ok?
*/
#if defined(INSECURE_RAND)
/* Reinitialize PRNG if we are in deterministic mode. */
if (regrand)
srandom(seed);
#endif
/* Reread config file. */
conf_reinit();
log_reinit();
/* Reread the policies. */
policy_init();
/* Reinitialize certificates */
cert_init();
crl_init();
/* Reinitialize our connection list. */
connection_reinit();
/*
* Rescan interfaces (call reinit() in all transports).
*/
transport_reinit();
/*
* XXX "These" (non-existent) reinitializations should not be done.
* cookie_reinit ();
* ui_reinit ();
*/
sa_reinit();
}
int dtls_init() {
int i;
char *p;
rwlock_init(&__dtls_cert_lock);
if (cert_init())
return -1;
p = ciphers_str;
for (i = 0; i < num_crypto_suites; i++) {
if (!crypto_suites[i].dtls_name)
continue;
p += sprintf(p, "%s:", crypto_suites[i].dtls_name);
}
assert(p != ciphers_str);
assert(p - ciphers_str < sizeof(ciphers_str));
p[-1] = '\0';
return 0;
}