camel/camel.c

   1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
   2 /*
   3  *  Authors: Jeffrey Stedfast <fejj@ximian.com>
   4  *           Bertrand Guiheneuf <bertrand@helixcode.com>
   5  *
   6  *  Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
   7  *
   8  *  This program is free software; you can redistribute it and/or modify
   9  *  it under the terms of the GNU Lesser General Public License as published by
  10  *  the Free Software Foundation; either version 2 of the License, or
  11  *  (at your option) any later version.
  12  *
  13  *  This program is distributed in the hope that it will be useful,
  14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  *  GNU Lesser General Public License for more details.
  17  *
  18  *  You should have received a copy of the GNU Lesser General Public License
  19  *  along with this program; if not, write to the Free Software
  20  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  21  *
  22  */
  23
  24 #ifdef HAVE_CONFIG_H
  25 #include <config.h>
  26 #endif
  27
  28 #include <signal.h>
  29
  30 #ifdef HAVE_NSS
  31 #include <nspr.h>
  32 #include <prthread.h>
  33 #include "nss.h"      /* Don't use <> here or it will include the system nss.h instead */
  34 #include <ssl.h>
  35 #endif /* HAVE_NSS */
  36
  37 #include <glib/gi18n-lib.h>
  38
  39 #include "camel.h"
  40 #include "camel-certdb.h"
  41 #include "camel-debug.h"
  42 #include "camel-provider.h"
  43 #include "camel-win32.h"
  44
  45 #ifdef HAVE_NSS
  46 /* To protect NSS initialization and shutdown. This prevents
  47    concurrent calls to shutdown() and init() by different threads */
  48 PRLock *nss_initlock = NULL;
  49
  50 /* Whether or not Camel has initialized the NSS library. We cannot
  51    unconditionally call NSS_Shutdown() if NSS was initialized by other
  52    library before. This boolean ensures that we only perform a cleanup
  53    if and only if Camel is the one that previously initialized NSS */
  54 volatile gboolean nss_initialized = FALSE;
  55 #endif
  56
  57 static gint initialised = FALSE;
  58
  59 gint camel_application_is_exiting = FALSE;
  60
  61 #define NSS_SYSTEM_DB "/etc/pki/nssdb"
  62
  63 static gint
  64 nss_has_system_db(void)
  65 {
  66         int found = FALSE;
  67 #ifndef G_OS_WIN32
  68         FILE *f;
  69         char buf[80];
  70
  71         f = fopen(NSS_SYSTEM_DB "/pkcs11.txt", "r");
  72         if (!f)
  73                 return FALSE;
  74
  75         /* Check whether the system NSS db is actually enabled */
  76         while (fgets(buf, 80, f) && !found) {
  77                 if (!strcmp(buf, "library=libnsssysinit.so\n"))
  78                         found = TRUE;
  79         }
  80         fclose(f);
  81 #endif
  82         return found;
  83 }
  84
  85 gint
  86 camel_init (const gchar *configdir, gboolean nss_init)
  87 {
  88         CamelCertDB *certdb;
  89         gchar *path;
  90
  91         if (initialised)
  92                 return 0;
  93
  94         bindtextdomain (GETTEXT_PACKAGE, EVOLUTION_LOCALEDIR);
  95         bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
  96
  97         camel_debug_init();
  98
  99 #ifdef HAVE_NSS
 100         if (nss_init) {
 101                 gchar *nss_configdir = NULL;
 102                 gchar *nss_sql_configdir = NULL;
 103                 SECStatus status;
 104                 PRUint16 indx;
 105
 106                 if (nss_initlock == NULL) {
 107                         PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
 108                         nss_initlock = PR_NewLock();
 109                 }
 110                 PR_Lock (nss_initlock);
 111
 112                 if (NSS_IsInitialized ())
 113                         goto skip_nss_init;
 114
 115 #ifndef G_OS_WIN32
 116                 nss_configdir = g_strdup (configdir);
 117 #else
 118                 nss_configdir = g_win32_locale_filename_from_utf8 (configdir);
 119 #endif
 120
 121                 if (nss_has_system_db ()) {
 122                         nss_sql_configdir = g_strdup ("sql:" NSS_SYSTEM_DB );
 123                 } else {
 124                         /* Create the configdir if it does not exist
 125                          * This prevents camel from bailing out on first run */
 126                         g_mkdir_with_parents (configdir, 0700);
 127
 128                         /* XXX Currently we store the new shared NSS database in the
 129                          *     same location we kept the original NSS databases in,
 130                          *     but at least we have safe shared access between Camel
 131                          *     and Evolution's S/MIME.  Once freedesktop.org comes
 132                          *     up with a user-wide shared location, we should use
 133                          *     that instead. */
 134                         nss_sql_configdir = g_strconcat ("sql:", nss_configdir, NULL);
 135                 }
 136
 137
 138 #if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 12)
 139                 /* See: https://wiki.mozilla.org/NSS_Shared_DB,
 140                  * particularly "Mode 3A".  Note that the target
 141                  * directory MUST EXIST. */
 142                 status = NSS_InitWithMerge (
 143                         nss_sql_configdir,      /* dest dir */
 144                         "", "",                 /* new DB name prefixes */
 145                         SECMOD_DB,              /* secmod name */
 146                         nss_configdir,          /* old DB dir */
 147                         "", "",                 /* old DB name prefixes */
 148                         nss_configdir,          /* unique ID for old DB */
 149                         "Evolution S/MIME",     /* UI name for old DB */
 150                         0);                     /* flags */
 151
 152                 if (status == SECFailure) {
 153                         g_free (nss_configdir);
 154                         g_free (nss_sql_configdir);
 155                         g_warning ("Failed to initialize NSS");
 156                         PR_Unlock (nss_initlock);
 157                         return -1;
 158                 }
 159 #else
 160                 /* Support old versions of libnss, pre-sqlite support. */
 161                 status = NSS_InitReadWrite (nss_configdir);
 162                 if (status == SECFailure) {
 163                         /* Fall back to using volatile dbs? */
 164                         status = NSS_NoDB_Init (nss_configdir);
 165                         if (status == SECFailure) {
 166                                 g_free (nss_configdir);
 167                                 g_free (nss_sql_configdir);
 168                                 g_warning ("Failed to initialize NSS");
 169                                 PR_Unlock (nss_initlock);
 170                                 return -1;
 171                         }
 172                 }
 173 #endif
 174
 175                 nss_initialized = TRUE;
 176 skip_nss_init:
 177
 178                 NSS_SetDomesticPolicy ();
 179
 180                 PR_Unlock(nss_initlock);
 181
 182                 /* we must enable all ciphersuites */
 183                 for (indx = 0; indx < SSL_NumImplementedCiphers; indx++) {
 184                         if (!SSL_IS_SSL2_CIPHER(SSL_ImplementedCiphers[indx]))
 185                                 SSL_CipherPrefSetDefault (SSL_ImplementedCiphers[indx], PR_TRUE);
 186                 }
 187
 188                 SSL_OptionSetDefault (SSL_ENABLE_SSL2, PR_TRUE);
 189                 SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
 190                 SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE);
 191                 SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_TRUE /* maybe? */);
 192
 193                 g_free (nss_configdir);
 194                 g_free (nss_sql_configdir);
 195         }
 196 #endif /* HAVE_NSS */
 197
 198         path = g_strdup_printf ("%s/camel-cert.db", configdir);
 199         certdb = camel_certdb_new ();
 200         camel_certdb_set_filename (certdb, path);
 201         g_free (path);
 202
 203         /* if we fail to load, who cares? it'll just be a volatile certdb */
 204         camel_certdb_load (certdb);
 205
 206         /* set this certdb as the default db */
 207         camel_certdb_set_default (certdb);
 208
 209         g_object_unref (certdb);
 210
 211         initialised = TRUE;
 212
 213         return 0;
 214 }
 215
 216 /**
 217  * camel_shutdown:
 218  *
 219  * Since: 2.24
 220  **/
 221 void
 222 camel_shutdown (void)
 223 {
 224         CamelCertDB *certdb;
 225
 226         if (!initialised)
 227                 return;
 228
 229         certdb = camel_certdb_get_default ();
 230         if (certdb) {
 231                 camel_certdb_save (certdb);
 232                 camel_certdb_set_default (NULL);
 233         }
 234
 235         /* These next calls must come last. */
 236
 237 #if defined (HAVE_NSS)
 238         if (nss_initlock != NULL) {
 239                 PR_Lock(nss_initlock);
 240                 if (nss_initialized)
 241                         NSS_Shutdown ();
 242                 PR_Unlock(nss_initlock);
 243         }
 244 #endif /* HAVE_NSS */
 245
 246         initialised = FALSE;
 247 }