* Authors: Jeffrey Stedfast <fejj@ximian.com>
* Bertrand Guiheneuf <bertrand@helixcode.com>
*
- * Copyright 1999-2003 Ximian, Inc. (www.ximian.com)
+ * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
*
* This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
+ * it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * GNU Lesser General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
+ * You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
-
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <signal.h>
-#ifdef HAVE_NSS
#include <nspr.h>
#include <prthread.h>
#include "nss.h" /* Don't use <> here or it will include the system nss.h instead */
#include <ssl.h>
-#endif /* HAVE_NSS */
+#include <errno.h>
+
+#include <glib/gi18n-lib.h>
#include "camel.h"
#include "camel-certdb.h"
-#include "camel-mime-utils.h"
-#include "camel-provider.h"
#include "camel-debug.h"
+#include "camel-provider.h"
+#include "camel-win32.h"
-static int initialised = FALSE;
+/* To protect NSS initialization and shutdown. This prevents
+ * concurrent calls to shutdown () and init () by different threads */
+PRLock *nss_initlock = NULL;
-static void
-camel_shutdown (void)
+/* Whether or not Camel has initialized the NSS library. We cannot
+ * unconditionally call NSS_Shutdown () if NSS was initialized by other
+ * library before. This boolean ensures that we only perform a cleanup
+ * if and only if Camel is the one that previously initialized NSS */
+volatile gboolean nss_initialized = FALSE;
+
+static gint initialised = FALSE;
+
+gint camel_application_is_exiting = FALSE;
+
+#define NSS_SYSTEM_DB "/etc/pki/nssdb"
+
+static gint
+nss_has_system_db (void)
{
- void camel_operation_shutdown (void);
- CamelCertDB *certdb;
-
- if (!initialised)
- return;
-
-#ifdef HAVE_NSS
- NSS_Shutdown ();
-
- PR_Cleanup ();
-#endif /* HAVE_NSS */
-
- certdb = camel_certdb_get_default ();
- if (certdb) {
- camel_certdb_save (certdb);
- camel_object_unref (certdb);
+ gint found = FALSE;
+#ifndef G_OS_WIN32
+ FILE *f;
+ gchar buf[80];
+
+ f = fopen (NSS_SYSTEM_DB "/pkcs11.txt", "r");
+ if (!f)
+ return FALSE;
+
+ /* Check whether the system NSS db is actually enabled */
+ while (fgets (buf, 80, f) && !found) {
+ if (!strcmp (buf, "library=libnsssysinit.so\n"))
+ found = TRUE;
}
-
- camel_operation_shutdown ();
- camel_mime_utils_shutdown ();
-
- initialised = FALSE;
+ fclose (f);
+#endif
+ return found;
}
-int
-camel_init (const char *configdir, gboolean nss_init)
+gint
+camel_init (const gchar *configdir,
+ gboolean nss_init)
{
CamelCertDB *certdb;
- char *path;
- void camel_operation_init(void);
-
+ gchar *path;
+
if (initialised)
return 0;
- camel_debug_init();
-
- /* initialise global camel_object_type */
- camel_object_get_type();
+ bindtextdomain (GETTEXT_PACKAGE, LOCALEDIR);
+ bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
- camel_mime_utils_init();
- camel_operation_init();
- camel_provider_init();
+ camel_debug_init ();
-#ifdef HAVE_NSS
if (nss_init) {
- PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
-
- if (NSS_InitReadWrite (configdir) == SECFailure) {
- /* fall back on using volatile dbs? */
- if (NSS_NoDB_Init (configdir) == SECFailure) {
+ gchar *nss_configdir = NULL;
+ gchar *nss_sql_configdir = NULL;
+ SECStatus status = SECFailure;
+ PRUint16 indx;
+
+ if (nss_initlock == NULL) {
+ PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
+ nss_initlock = PR_NewLock ();
+ }
+ PR_Lock (nss_initlock);
+
+ if (NSS_IsInitialized ())
+ goto skip_nss_init;
+
+#ifndef G_OS_WIN32
+ nss_configdir = g_strdup (configdir);
+#else
+ nss_configdir = g_win32_locale_filename_from_utf8 (configdir);
+#endif
+
+ if (nss_has_system_db ()) {
+ nss_sql_configdir = g_strdup ("sql:" NSS_SYSTEM_DB );
+ } else {
+ /* On Windows, we use the Evolution configdir. On other
+ * operating systems we use ~/.pki/nssdb/, which is where
+ * the user-specific part of the "shared system db" is
+ * stored and is what Chrome uses too.
+ *
+ * We have to create the configdir if it does not exist,
+ * to prevent camel from bailing out on first run. */
+#ifdef G_OS_WIN32
+ g_mkdir_with_parents (configdir, 0700);
+ nss_sql_configdir = g_strconcat (
+ "sql:", nss_configdir, NULL);
+#else
+ gchar *user_nss_dir = g_build_filename (
+ g_get_home_dir (), ".pki/nssdb", NULL );
+ if (g_mkdir_with_parents (user_nss_dir, 0700))
+ g_warning (
+ "Failed to create SQL "
+ "database directory %s: %s\n",
+ user_nss_dir, strerror (errno));
+
+ nss_sql_configdir = g_strconcat (
+ "sql:", user_nss_dir, NULL);
+ g_free (user_nss_dir);
+#endif
+ }
+
+#if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 12)
+ /* See: https://wiki.mozilla.org/NSS_Shared_DB,
+ * particularly "Mode 3A". Note that the target
+ * directory MUST EXIST. */
+ status = NSS_InitWithMerge (
+ nss_sql_configdir, /* dest dir */
+ "", "", /* new DB name prefixes */
+ SECMOD_DB, /* secmod name */
+ nss_configdir, /* old DB dir */
+ "", "", /* old DB name prefixes */
+ nss_configdir, /* unique ID for old DB */
+ "Evolution S/MIME", /* UI name for old DB */
+ 0); /* flags */
+
+ if (status == SECFailure) {
+ g_warning (
+ "Failed to initialize NSS SQL database in %s: NSS error %d",
+ nss_sql_configdir, PORT_GetError ());
+ /* Fall back to opening the old DBM database */
+ }
+#endif
+ /* Support old versions of libnss, pre-sqlite support. */
+ if (status == SECFailure)
+ status = NSS_InitReadWrite (nss_configdir);
+ if (status == SECFailure) {
+ /* Fall back to using volatile dbs? */
+ status = NSS_NoDB_Init (nss_configdir);
+ if (status == SECFailure) {
+ g_free (nss_configdir);
+ g_free (nss_sql_configdir);
g_warning ("Failed to initialize NSS");
+ PR_Unlock (nss_initlock);
return -1;
}
}
-
+
+ nss_initialized = TRUE;
+skip_nss_init:
+
NSS_SetDomesticPolicy ();
-
+
+ PR_Unlock (nss_initlock);
+
+ /* we must enable all ciphersuites */
+ for (indx = 0; indx < SSL_NumImplementedCiphers; indx++) {
+ if (!SSL_IS_SSL2_CIPHER (SSL_ImplementedCiphers[indx]))
+ SSL_CipherPrefSetDefault (SSL_ImplementedCiphers[indx], PR_TRUE);
+ }
+
SSL_OptionSetDefault (SSL_ENABLE_SSL2, PR_TRUE);
SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE);
SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_TRUE /* maybe? */);
+
+ g_free (nss_configdir);
+ g_free (nss_sql_configdir);
}
-#endif /* HAVE_NSS */
-
+
path = g_strdup_printf ("%s/camel-cert.db", configdir);
certdb = camel_certdb_new ();
camel_certdb_set_filename (certdb, path);
g_free (path);
-
+
/* if we fail to load, who cares? it'll just be a volatile certdb */
camel_certdb_load (certdb);
-
+
/* set this certdb as the default db */
camel_certdb_set_default (certdb);
-
- camel_object_unref (certdb);
-
- g_atexit (camel_shutdown);
-
+
+ g_object_unref (certdb);
+
initialised = TRUE;
-
+
return 0;
}
+
+/**
+ * camel_shutdown:
+ *
+ * Since: 2.24
+ **/
+void
+camel_shutdown (void)
+{
+ CamelCertDB *certdb;
+
+ if (!initialised)
+ return;
+
+ certdb = camel_certdb_get_default ();
+ if (certdb) {
+ camel_certdb_save (certdb);
+ camel_certdb_set_default (NULL);
+ }
+
+ /* These next calls must come last. */
+
+ if (nss_initlock != NULL) {
+ PR_Lock (nss_initlock);
+ if (nss_initialized)
+ NSS_Shutdown ();
+ PR_Unlock (nss_initlock);
+ }
+
+ initialised = FALSE;
+}