1 files changed, 386 insertions, 0 deletions
diff --git a/src/camel/camel.c b/src/camel/camel.c
new file mode 100644
index 000000000..9a4564c2c
--- /dev/null
+++ b/src/camel/camel.c
@@ -0,0 +1,386 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
+/*
+ * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
+ *
+ * This library is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Authors: Jeffrey Stedfast <fejj@ximian.com>
+ *          Bertrand Guiheneuf <bertrand@helixcode.com>
+ */
+
+#include "evolution-data-server-config.h"
+
+#include <signal.h>
+
+#include <nspr.h>
+#include <prthread.h>
+#include "nss.h"      /* Don't use <> here or it will include the system nss.h instead */
+#include <ssl.h>
+#include <sslproto.h>
+#include <errno.h>
+
+#include <glib/gi18n-lib.h>
+
+#include "camel.h"
+#include "camel-certdb.h"
+#include "camel-debug.h"
+#include "camel-provider.h"
+#include "camel-win32.h"
+
+/* To protect NSS initialization and shutdown. This prevents
+ * concurrent calls to shutdown () and init () by different threads */
+PRLock *nss_initlock = NULL;
+
+/* Whether or not Camel has initialized the NSS library. We cannot
+ * unconditionally call NSS_Shutdown () if NSS was initialized by other
+ * library before. This boolean ensures that we only perform a cleanup
+ * if and only if Camel is the one that previously initialized NSS */
+volatile gboolean nss_initialized = FALSE;
+
+static gint initialised = FALSE;
+
+gint camel_application_is_exiting = FALSE;
+
+#define NSS_SYSTEM_DB "/etc/pki/nssdb"
+
+static gint
+nss_has_system_db (void)
+{
+	gint found = FALSE;
+#ifndef G_OS_WIN32
+	FILE *f;
+	gchar buf[80];
+
+	f = fopen (NSS_SYSTEM_DB "/pkcs11.txt", "r");
+	if (!f)
+		return FALSE;
+
+	/* Check whether the system NSS db is actually enabled */
+	while (fgets (buf, 80, f) && !found) {
+		if (!strcmp (buf, "library=libnsssysinit.so\n"))
+			found = TRUE;
+	}
+	fclose (f);
+#endif
+	return found;
+}
+
+gint
+camel_init (const gchar *configdir,
+            gboolean nss_init)
+{
+	CamelCertDB *certdb;
+	gchar *path;
+
+	if (initialised)
+		return 0;
+
+	bindtextdomain (GETTEXT_PACKAGE, LOCALEDIR);
+	bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
+
+	camel_debug_init ();
+
+	if (nss_init) {
+		static gchar v2_enabled = -1, weak_ciphers = -1;
+		gchar *nss_configdir = NULL;
+		gchar *nss_sql_configdir = NULL;
+		SECStatus status = SECFailure;
+
+#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
+		/* NSS pre-3.14 has most of the ciphers disabled, thus enable
+		 * weak ciphers, if it's compiled against such */
+		weak_ciphers = 1;
+#endif
+
+		/* check camel-tcp-stream-ssl.c for the same "CAMEL_SSL_V2_ENABLE" */
+		if (v2_enabled == -1)
+			v2_enabled = g_strcmp0 (g_getenv ("CAMEL_SSL_V2_ENABLE"), "1") == 0 ? 1 : 0;
+		if (weak_ciphers == -1)
+			weak_ciphers = g_strcmp0 (g_getenv ("CAMEL_SSL_WEAK_CIPHERS"), "1") == 0 ? 1 : 0;
+
+		if (nss_initlock == NULL) {
+			PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
+			nss_initlock = PR_NewLock ();
+		}
+		PR_Lock (nss_initlock);
+
+		if (NSS_IsInitialized ())
+			goto skip_nss_init;
+
+#ifndef G_OS_WIN32
+		nss_configdir = g_strdup (configdir);
+#else
+		nss_configdir = g_win32_locale_filename_from_utf8 (configdir);
+#endif
+
+		if (nss_has_system_db ()) {
+			nss_sql_configdir = g_strdup ("sql:" NSS_SYSTEM_DB );
+		} else {
+			/* On Windows, we use the Evolution configdir. On other
+			 * operating systems we use ~/.pki/nssdb/, which is where
+			 * the user-specific part of the "shared system db" is
+			 * stored and is what Chrome uses too.
+			 *
+			 * We have to create the configdir if it does not exist,
+			 * to prevent camel from bailing out on first run. */
+#ifdef G_OS_WIN32
+			g_mkdir_with_parents (configdir, 0700);
+			nss_sql_configdir = g_strconcat (
+				"sql:", nss_configdir, NULL);
+#else
+			gchar *user_nss_dir = g_build_filename (
+				g_get_home_dir (), ".pki/nssdb", NULL );
+			if (g_mkdir_with_parents (user_nss_dir, 0700))
+				g_warning (
+					"Failed to create SQL "
+					"database directory %s: %s\n",
+					user_nss_dir, strerror (errno));
+
+			nss_sql_configdir = g_strconcat (
+				"sql:", user_nss_dir, NULL);
+			g_free (user_nss_dir);
+#endif
+		}
+
+#if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 12)
+		/* See: https://wiki.mozilla.org/NSS_Shared_DB,
+		 * particularly "Mode 3A".  Note that the target
+		 * directory MUST EXIST. */
+		status = NSS_InitWithMerge (
+			nss_sql_configdir,	/* dest dir */
+			"", "",			/* new DB name prefixes */
+			SECMOD_DB,		/* secmod name */
+			nss_configdir,		/* old DB dir */
+			"", "",			/* old DB name prefixes */
+			nss_configdir,		/* unique ID for old DB */
+			"Evolution S/MIME",	/* UI name for old DB */
+			0);			/* flags */
+
+		if (status == SECFailure) {
+			g_warning (
+				"Failed to initialize NSS SQL database in %s: NSS error %d",
+				nss_sql_configdir, PORT_GetError ());
+			/* Fall back to opening the old DBM database */
+		}
+#endif
+		/* Support old versions of libnss, pre-sqlite support. */
+		if (status == SECFailure)
+			status = NSS_InitReadWrite (nss_configdir);
+		if (status == SECFailure) {
+			/* Fall back to using volatile dbs? */
+			status = NSS_NoDB_Init (nss_configdir);
+			if (status == SECFailure) {
+				g_free (nss_configdir);
+				g_free (nss_sql_configdir);
+				g_warning ("Failed to initialize NSS");
+				PR_Unlock (nss_initlock);
+				return -1;
+			}
+		}
+
+		nss_initialized = TRUE;
+skip_nss_init:
+
+		NSS_SetDomesticPolicy ();
+
+		if (weak_ciphers) {
+			PRUint16 indx;
+
+			/* enable SSL3/TLS cipher-suites */
+			for (indx = 0; indx < SSL_NumImplementedCiphers; indx++) {
+				if (!SSL_IS_SSL2_CIPHER (SSL_ImplementedCiphers[indx]) &&
+				    SSL_ImplementedCiphers[indx] != SSL_RSA_WITH_NULL_SHA &&
+				    SSL_ImplementedCiphers[indx] != SSL_RSA_WITH_NULL_MD5)
+					SSL_CipherPrefSetDefault (SSL_ImplementedCiphers[indx], PR_TRUE);
+			}
+		}
+
+		SSL_OptionSetDefault (SSL_ENABLE_SSL2, v2_enabled ? PR_TRUE : PR_FALSE);
+		SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
+		SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
+		SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE);
+
+		PR_Unlock (nss_initlock);
+
+		g_free (nss_configdir);
+		g_free (nss_sql_configdir);
+	}
+
+	path = g_strdup_printf ("%s/camel-cert.db", configdir);
+	certdb = camel_certdb_new ();
+	camel_certdb_set_filename (certdb, path);
+	g_free (path);
+
+	/* if we fail to load, who cares? it'll just be a volatile certdb */
+	camel_certdb_load (certdb);
+
+	/* set this certdb as the default db */
+	camel_certdb_set_default (certdb);
+
+	g_object_unref (certdb);
+
+	initialised = TRUE;
+
+	return 0;
+}
+
+/**
+ * camel_shutdown:
+ *
+ * Since: 2.24
+ **/
+void
+camel_shutdown (void)
+{
+	CamelCertDB *certdb;
+
+	if (!initialised)
+		return;
+
+	certdb = camel_certdb_get_default ();
+	if (certdb) {
+		camel_certdb_save (certdb);
+		camel_certdb_set_default (NULL);
+	}
+
+	/* These next calls must come last. */
+
+	if (nss_initlock != NULL) {
+		PR_Lock (nss_initlock);
+		if (nss_initialized)
+			NSS_Shutdown ();
+		PR_Unlock (nss_initlock);
+	}
+
+	initialised = FALSE;
+}
+
+static GRecMutex camel_binding_lock;
+
+/**
+ * camel_binding_bind_property:
+ *
+ * Thread safe variant of g_object_bind_property(). See its documentation
+ * for more information on arguments and return value.
+ *
+ * Returns: (transfer none):
+ *
+ * Since: 3.16
+ **/
+GBinding *
+camel_binding_bind_property (gpointer source,
+			     const gchar *source_property,
+			     gpointer target,
+			     const gchar *target_property,
+			     GBindingFlags flags)
+{
+	GBinding *binding;
+
+	g_rec_mutex_lock (&camel_binding_lock);
+
+	binding = g_object_bind_property (source, source_property, target, target_property, flags);
+
+	g_rec_mutex_unlock (&camel_binding_lock);
+
+	return binding;
+}
+
+/**
+ * camel_binding_bind_property_full:
+ * @source: (type GObject.Object): the source #GObject
+ * @source_property: the property on @source to bind
+ * @target: (type GObject.Object): the target #GObject
+ * @target_property: the property on @target to bind
+ * @flags: flags to pass to #GBinding
+ * @transform_to: (scope notified) (allow-none): the transformation function
+ *   from the @source to the @target, or %NULL to use the default
+ * @transform_from: (scope notified) (allow-none): the transformation function
+ *   from the @target to the @source, or %NULL to use the default
+ * @user_data: custom data to be passed to the transformation functions,
+ *   or %NULL
+ * @notify: function to be called when disposing the binding, to free the
+ *   resources used by the transformation functions
+ *
+ * Thread safe variant of g_object_bind_property_full(). See its documentation
+ * for more information on arguments and return value.
+ *
+ * Return value: (transfer none): the #GBinding instance representing the
+ *   binding between the two #GObject instances. The binding is released
+ *   whenever the #GBinding reference count reaches zero.
+ *
+ * Since: 3.16
+ **/
+GBinding *
+camel_binding_bind_property_full (gpointer source,
+				  const gchar *source_property,
+				  gpointer target,
+				  const gchar *target_property,
+				  GBindingFlags flags,
+				  GBindingTransformFunc transform_to,
+				  GBindingTransformFunc transform_from,
+				  gpointer user_data,
+				  GDestroyNotify notify)
+{
+	GBinding *binding;
+
+	g_rec_mutex_lock (&camel_binding_lock);
+
+	binding = g_object_bind_property_full (source, source_property, target, target_property, flags,
+		transform_to, transform_from, user_data, notify);
+
+	g_rec_mutex_unlock (&camel_binding_lock);
+
+	return binding;
+}
+
+/**
+ * camel_binding_bind_property_with_closures: (rename-to camel_binding_bind_property_full)
+ * @source: (type GObject.Object): the source #GObject
+ * @source_property: the property on @source to bind
+ * @target: (type GObject.Object): the target #GObject
+ * @target_property: the property on @target to bind
+ * @flags: flags to pass to #GBinding
+ * @transform_to: a #GClosure wrapping the transformation function
+ *   from the @source to the @target, or %NULL to use the default
+ * @transform_from: a #GClosure wrapping the transformation function
+ *   from the @target to the @source, or %NULL to use the default
+ *
+ * Thread safe variant of g_object_bind_property_with_closures(). See its
+ * documentation for more information on arguments and return value.
+ *
+ * Return value: (transfer none): the #GBinding instance representing the
+ *   binding between the two #GObject instances. The binding is released
+ *   whenever the #GBinding reference count reaches zero.
+ *
+ * Since: 3.16
+ **/
+GBinding *
+camel_binding_bind_property_with_closures (gpointer source,
+					   const gchar *source_property,
+					   gpointer target,
+					   const gchar *target_property,
+					   GBindingFlags flags,
+					   GClosure *transform_to,
+					   GClosure *transform_from)
+{
+	GBinding *binding;
+
+	g_rec_mutex_lock (&camel_binding_lock);
+
+	binding = g_object_bind_property_with_closures (source, source_property, target, target_property, flags,
+		transform_to, transform_from);
+
+	g_rec_mutex_unlock (&camel_binding_lock);
+
+	return binding;
+}