camel/camel.c

   1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
   2 /*
   3  *  Authors: Jeffrey Stedfast <fejj@ximian.com>
   4  *           Bertrand Guiheneuf <bertrand@helixcode.com>
   5  *
   6  *  Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
   7  *
   8  *  This program is free software; you can redistribute it and/or modify
   9  *  it under the terms of the GNU Lesser General Public License as published by
  10  *  the Free Software Foundation; either version 2 of the License, or
  11  *  (at your option) any later version.
  12  *
  13  *  This program is distributed in the hope that it will be useful,
  14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  *  GNU Lesser General Public License for more details.
  17  *
  18  *  You should have received a copy of the GNU Lesser General Public License
  19  *  along with this program; if not, write to the Free Software
  20  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  21  *
  22  */
  23
  24 #ifdef HAVE_CONFIG_H
  25 #include <config.h>
  26 #endif
  27
  28 #include <signal.h>
  29
  30 #include <nspr.h>
  31 #include <prthread.h>
  32 #include "nss.h"      /* Don't use <> here or it will include the system nss.h instead */
  33 #include <ssl.h>
  34 #include <errno.h>
  35
  36 #include <glib/gi18n-lib.h>
  37
  38 #include "camel.h"
  39 #include "camel-certdb.h"
  40 #include "camel-debug.h"
  41 #include "camel-provider.h"
  42 #include "camel-win32.h"
  43
  44 /* To protect NSS initialization and shutdown. This prevents
  45  * concurrent calls to shutdown () and init () by different threads */
  46 PRLock *nss_initlock = NULL;
  47
  48 /* Whether or not Camel has initialized the NSS library. We cannot
  49  * unconditionally call NSS_Shutdown () if NSS was initialized by other
  50  * library before. This boolean ensures that we only perform a cleanup
  51  * if and only if Camel is the one that previously initialized NSS */
  52 volatile gboolean nss_initialized = FALSE;
  53
  54 static gint initialised = FALSE;
  55
  56 gint camel_application_is_exiting = FALSE;
  57
  58 #define NSS_SYSTEM_DB "/etc/pki/nssdb"
  59
  60 static gint
  61 nss_has_system_db (void)
  62 {
  63         gint found = FALSE;
  64 #ifndef G_OS_WIN32
  65         FILE *f;
  66         gchar buf[80];
  67
  68         f = fopen(NSS_SYSTEM_DB "/pkcs11.txt", "r");
  69         if (!f)
  70                 return FALSE;
  71
  72         /* Check whether the system NSS db is actually enabled */
  73         while (fgets (buf, 80, f) && !found) {
  74                 if (!strcmp(buf, "library=libnsssysinit.so\n"))
  75                         found = TRUE;
  76         }
  77         fclose (f);
  78 #endif
  79         return found;
  80 }
  81
  82 gint
  83 camel_init (const gchar *configdir,
  84             gboolean nss_init)
  85 {
  86         CamelCertDB *certdb;
  87         gchar *path;
  88
  89         if (initialised)
  90                 return 0;
  91
  92         bindtextdomain (GETTEXT_PACKAGE, LOCALEDIR);
  93         bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
  94
  95         camel_debug_init ();
  96
  97         if (nss_init) {
  98                 gchar *nss_configdir = NULL;
  99                 gchar *nss_sql_configdir = NULL;
 100                 SECStatus status = SECFailure;
 101                 PRUint16 indx;
 102
 103                 if (nss_initlock == NULL) {
 104                         PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
 105                         nss_initlock = PR_NewLock ();
 106                 }
 107                 PR_Lock (nss_initlock);
 108
 109                 if (NSS_IsInitialized ())
 110                         goto skip_nss_init;
 111
 112 #ifndef G_OS_WIN32
 113                 nss_configdir = g_strdup (configdir);
 114 #else
 115                 nss_configdir = g_win32_locale_filename_from_utf8 (configdir);
 116 #endif
 117
 118                 if (nss_has_system_db ()) {
 119                         nss_sql_configdir = g_strdup ("sql:" NSS_SYSTEM_DB );
 120                 } else {
 121                         /* On Windows, we use the Evolution configdir. On other
 122                          * operating systems we use ~/.pki/nssdb/, which is where
 123                          * the user-specific part of the "shared system db" is
 124                          * stored and is what Chrome uses too.
 125                          *
 126                          * We have to create the configdir if it does not exist,
 127                          * to prevent camel from bailing out on first run. */
 128 #ifdef G_OS_WIN32
 129                         g_mkdir_with_parents (configdir, 0700);
 130                         nss_sql_configdir = g_strconcat ("sql:", nss_configdir, NULL);
 131 #else
 132                         gchar *user_nss_dir = g_build_filename ( g_get_home_dir (),
 133                                                                  ".pki/nssdb", NULL );
 134                         if (g_mkdir_with_parents (user_nss_dir, 0700))
 135                                 g_warning("Failed to create SQL database directory %s: %s\n",
 136                                           user_nss_dir, strerror (errno));
 137
 138                         nss_sql_configdir = g_strconcat ("sql:", user_nss_dir, NULL);
 139                         g_free (user_nss_dir);
 140 #endif
 141                 }
 142
 143 #if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 12)
 144                 /* See: https://wiki.mozilla.org/NSS_Shared_DB,
 145                  * particularly "Mode 3A".  Note that the target
 146                  * directory MUST EXIST. */
 147                 status = NSS_InitWithMerge (
 148                         nss_sql_configdir,      /* dest dir */
 149                         "", "",                 /* new DB name prefixes */
 150                         SECMOD_DB,              /* secmod name */
 151                         nss_configdir,          /* old DB dir */
 152                         "", "",                 /* old DB name prefixes */
 153                         nss_configdir,          /* unique ID for old DB */
 154                         "Evolution S/MIME",     /* UI name for old DB */
 155                         0);                     /* flags */
 156
 157                 if (status == SECFailure) {
 158                         g_warning ("Failed to initialize NSS SQL database in %s: NSS error %d",
 159                                    nss_sql_configdir, PORT_GetError ());
 160                         /* Fall back to opening the old DBM database */
 161                 }
 162 #endif
 163                 /* Support old versions of libnss, pre-sqlite support. */
 164                 if (status == SECFailure)
 165                         status = NSS_InitReadWrite (nss_configdir);
 166                 if (status == SECFailure) {
 167                         /* Fall back to using volatile dbs? */
 168                         status = NSS_NoDB_Init (nss_configdir);
 169                         if (status == SECFailure) {
 170                                 g_free (nss_configdir);
 171                                 g_free (nss_sql_configdir);
 172                                 g_warning ("Failed to initialize NSS");
 173                                 PR_Unlock (nss_initlock);
 174                                 return -1;
 175                         }
 176                 }
 177
 178                 nss_initialized = TRUE;
 179 skip_nss_init:
 180
 181                 NSS_SetDomesticPolicy ();
 182
 183                 PR_Unlock (nss_initlock);
 184
 185                 /* we must enable all ciphersuites */
 186                 for (indx = 0; indx < SSL_NumImplementedCiphers; indx++) {
 187                         if (!SSL_IS_SSL2_CIPHER (SSL_ImplementedCiphers[indx]))
 188                                 SSL_CipherPrefSetDefault (SSL_ImplementedCiphers[indx], PR_TRUE);
 189                 }
 190
 191                 SSL_OptionSetDefault (SSL_ENABLE_SSL2, PR_TRUE);
 192                 SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
 193                 SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE);
 194                 SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_TRUE /* maybe? */);
 195
 196                 g_free (nss_configdir);
 197                 g_free (nss_sql_configdir);
 198         }
 199
 200         path = g_strdup_printf ("%s/camel-cert.db", configdir);
 201         certdb = camel_certdb_new ();
 202         camel_certdb_set_filename (certdb, path);
 203         g_free (path);
 204
 205         /* if we fail to load, who cares? it'll just be a volatile certdb */
 206         camel_certdb_load (certdb);
 207
 208         /* set this certdb as the default db */
 209         camel_certdb_set_default (certdb);
 210
 211         g_object_unref (certdb);
 212
 213         initialised = TRUE;
 214
 215         return 0;
 216 }
 217
 218 /**
 219  * camel_shutdown:
 220  *
 221  * Since: 2.24
 222  **/
 223 void
 224 camel_shutdown (void)
 225 {
 226         CamelCertDB *certdb;
 227
 228         if (!initialised)
 229                 return;
 230
 231         certdb = camel_certdb_get_default ();
 232         if (certdb) {
 233                 camel_certdb_save (certdb);
 234                 camel_certdb_set_default (NULL);
 235         }
 236
 237         /* These next calls must come last. */
 238
 239         if (nss_initlock != NULL) {
 240                 PR_Lock (nss_initlock);
 241                 if (nss_initialized)
 242                         NSS_Shutdown ();
 243                 PR_Unlock (nss_initlock);
 244         }
 245
 246         initialised = FALSE;
 247 }