fix 218902, patch by ch.ey@gmx.net, r=bienvenu, sr=mscott add TLS support to POP3, and account settings UI for IMAP and POP3

mailnews/base/prefs/resources/content/am-server.js

@@ -65,10 +65,6 @@ function onPreInit(account, accountValues)
     hideShowControls(type);
 
     gServer = account.incomingServer;
-    if(!(account.incomingServer.isSecureServer))
-      document.getElementById("server.isSecure").setAttribute("hidden", "true");
-    else
-      document.getElementById("server.isSecure").removeAttribute("hidden");
     
     if(!account.incomingServer.canEmptyTrashOnExit)
     {
@@ -91,7 +87,8 @@ function onPreInit(account, accountValues)
       document.getElementById("server.advancedbutton").removeAttribute("hidden");  
 }
 
-function initServerType() {
+function initServerType()
+{
   var serverType = document.getElementById("server.type").getAttribute("value");
   
   var propertyName = "serverType-" + serverType;
@@ -100,7 +97,12 @@ function initServerType() {
   var verboseName = messengerBundle.getString(propertyName);
   setDivText("servertype.verbose", verboseName);
  
-  var isSecureSelected = document.getElementById("server.isSecure").checked;
+  var isSecureSelected;
+  if (document.getElementById("server.isSecure").hidden == true)
+    // if socketType set to alwaysSSL
+    isSecureSelected = document.getElementById("server.socketType").value == 3;
+  else
+    isSecureSelected = document.getElementById("server.isSecure").checked;
   var protocolInfo = Components.classes["@mozilla.org/messenger/protocol/info;1?type=" + serverType].getService(Components.interfaces.nsIMsgProtocolInfo);
   document.getElementById("defaultPort").value = protocolInfo.getDefaultServerPort(isSecureSelected);
 }
@@ -196,23 +198,32 @@ function onAdvanced()
   }
 }
 
-function secureSelect() {
+function secureSelect()
+{
     var serverType   = document.getElementById("server.type").getAttribute("value");
     var protocolInfo = Components.classes["@mozilla.org/messenger/protocol/info;1?type=" + serverType].getService(Components.interfaces.nsIMsgProtocolInfo);
-    var isSecureSelected = document.getElementById("server.isSecure").checked;
+
+    var isSecureSelected;
+    if (document.getElementById("server.isSecure").hidden == true)
+      // if socketType set to alwaysSSL
+      isSecureSelected = document.getElementById("server.socketType").value == 3;
+    else
+      isSecureSelected = document.getElementById("server.isSecure").checked;
+
     var defaultPort = protocolInfo.getDefaultServerPort(false);
     var defaultPortSecure = protocolInfo.getDefaultServerPort(true);
-    var previouslyDisplayedPort = document.getElementById("server.port").value;
+    var port = document.getElementById("server.port");
+    var portDefault = document.getElementById("defaultPort");
+    var prevDefaultPort = portDefault.value;
 
     if (isSecureSelected) {
-      document.getElementById("defaultPort").value = defaultPortSecure;
-      if (previouslyDisplayedPort == defaultPort)
-        document.getElementById("server.port").value = defaultPortSecure;
-    }
-    else {
-      document.getElementById("defaultPort").value = defaultPort;
-      if (previouslyDisplayedPort == defaultPortSecure)
-        document.getElementById("server.port").value = defaultPort;
+      portDefault.value = defaultPortSecure;
+      if (port.value == "" || (port.value == defaultPort && prevDefaultPort != portDefault.value))
+        port.value = defaultPortSecure;
+    } else {
+        portDefault.value = defaultPort;
+        if (port.value == "" || (port.value == defaultPortSecure && prevDefaultPort != portDefault.value))
+          port.value = defaultPort;
     } 
 }
 

mailnews/base/prefs/resources/content/am-server.xul

@@ -108,11 +108,28 @@
 
   <separator class="thin"/>
 
-  <groupbox>
-  <caption label="&serverSettings.label;"/>
-  <vbox align="start">
+  <groupbox hidefor="movemail">
+    <caption label="&securitySettings.label;"/>
+    <vbox align="start" hidefor="nntp,movemail">
+      <label value="&socketType.label;"/>
+      <radiogroup wsm_persist="true" id="server.socketType"
+                  prefattribute="value"
+                  prefstring="mail.server.%serverkey%.socketType"
+                  oncommand="secureSelect();"
+                  orient="horizontal" class="indent">
+        <radio value="0" id="neverSecure"
+               label="&neverSecure.label;" accesskey="&neverSecure.accesskey;"/>
+        <radio value="1" id="sometimesSecure"
+               label="&sometimesSecure.label;" accesskey="&sometimesSecure.accesskey;"/>
+        <radio value="2" id="alwaysSecure"
+               label="&alwaysSecure.label;" accesskey="&alwaysSecure.accesskey;"/>
+        <radio value="3" id="alwaysSSL"
+               label="&alwaysSSL.label;" accesskey="&alwaysSSL.accesskey;"/>
+      </radiogroup>
+    </vbox>
     <checkbox wsm_persist="true" id="server.isSecure"
-              label="&isSecure.label;" oncommand="secureSelect();"
+              label="&isSecure.label;" hidefor="pop3,imap,movemail"
+              oncommand="secureSelect();"
               accesskey="&isSecure.accesskey;"
               prefattribute="value"
               prefstring="mail.server.%serverkey%.isSecure"/>
@@ -121,6 +138,11 @@
               accesskey="&useSecAuth.accesskey;"
               prefattribute="value"
               prefstring="mail.server.%serverkey%.useSecAuth"/>
+  </groupbox>
+
+  <groupbox>
+    <caption label="&serverSettings.label;"/>
+    <vbox align="start">
     <checkbox wsm_persist="true"
               id="server.loginAtStartUp" hidefor="nntp"
               label="&loginAtStartup.label;"

mailnews/base/prefs/resources/locale/en-US/AccountManager.dtd

@@ -19,6 +19,6 @@
      panel content to fit. 1em = the width of the letter 'm' in the selected font.
      XUL/FE DEVELOPERS: DO NOT MODIFY THIS VALUE. It represents the correct size of
      this window for en-US. -->
-<!ENTITY accountManager.size "width: 55em; height: 44em;">
-<!ENTITY macAccountManager.size "width: 60em; height: 44em;">
+<!ENTITY accountManager.size "width: 55em; height: 50em;">
+<!ENTITY macAccountManager.size "width: 60em; height: 50em;">
 <!ENTITY accountTree.width   "width: 17em;">

mailnews/base/prefs/resources/locale/en-US/am-server-top.dtd

@@ -1,5 +1,6 @@
 <!-- extracted from am-server-top.xul -->
 
+<!ENTITY securitySettings.label "Security Settings">
 <!ENTITY serverSettings.label "Server Settings">
 <!-- LOCALIZATION NOTE (popServer.label) : do not translate "POP" in below line -->
 <!ENTITY popServer.label "POP Mail Server">
@@ -27,6 +28,15 @@
 <!ENTITY biffEnd.label "minutes">
 <!ENTITY isSecure.label "Use secure connection (SSL)">
 <!ENTITY isSecure.accesskey "U">
+<!ENTITY socketType.label "Use secure connection:">
+<!ENTITY neverSecure.label "Never">
+<!ENTITY neverSecure.accesskey "N">
+<!ENTITY sometimesSecure.label "TLS, if available">
+<!ENTITY sometimesSecure.accesskey "a">
+<!ENTITY alwaysSecure.label "TLS">
+<!ENTITY alwaysSecure.accesskey "T">
+<!ENTITY alwaysSSL.label "SSL">
+<!ENTITY alwaysSSL.accesskey "L">
 <!ENTITY useSecAuth.label "Use secure authentication">
 <!ENTITY useSecAuth.accesskey "i">
 <!ENTITY leaveOnServer.label "Leave messages on server">

mailnews/base/util/nsMsgIncomingServer.cpp

@@ -1819,7 +1819,11 @@ NS_IMETHODIMP nsMsgIncomingServer::GetSocketType(PRInt32 *aSocketType)
 
 NS_IMETHODIMP nsMsgIncomingServer::SetSocketType(PRInt32 aSocketType)
 {
-  return SetIntValue("socketType", aSocketType);
+  nsCAutoString fullPrefName;
+  getPrefName(m_serverKey.get(), "socketType", fullPrefName);
+  nsresult rv = m_prefBranch->SetIntPref(fullPrefName.get(), aSocketType);
+
+  return rv;
 }
 
 // Check if the password is available and return a boolean indicating whether 

mailnews/local/resources/locale/en-US/localMsgs.properties

@@ -246,3 +246,6 @@
 ## @loc None
 4038=There was an error downloading the following message:   \nFrom: %S\n   Subject: %S\n This message may contain a virus or there is not enough disk space. Skip this message?
 
+## @name NS_ERROR_COULD_NOT_CONNECT_VIA_TLS
+## @loc None
+4039=Unable to establish TLS connection to POP3 server. The server may be down or may be incorrectly configured. Please verify that your Mail/News account settings are correct and try again.

mailnews/local/src/nsLocalStringBundle.h

@@ -95,5 +95,6 @@ private:
 #define MOVEMAIL_CANT_TRUNCATE_SPOOL_FILE                   4036
 #define MOVEMAIL_SPOOL_FILE_NOT_FOUND                       4037
 #define POP3_TMP_DOWNLOAD_FAILED                            4038
+#define NS_ERROR_COULD_NOT_CONNECT_VIA_TLS                  4039
 
 #endif /* _nsLocalStringBundle_H__ */

mailnews/local/src/nsPop3Protocol.cpp

@@ -81,6 +81,7 @@
 #include "nsIPrefService.h"
 #include "nsIPrefLocalizedString.h"
 #include "nsISocketTransport.h"
+#include "nsISSLSocketControl.h"
 
 #define EXTRA_SAFETY_SPACE 3096
 
@@ -535,11 +536,11 @@ nsresult nsPop3Protocol::Initialize(nsIURI * aURL)
   m_totalDownloadSize = 0;
   m_totalBytesReceived = 0;
   m_responseTimeout = 45;
+  m_tlsEnabled = PR_FALSE;
+  m_socketType = nsIMsgIncomingServer::tryTLS;
 
   if (aURL)
   {
-    PRBool isSecure = PR_FALSE;
-
     // extract out message feedback if there is any.
     nsCOMPtr<nsIMsgMailNewsUrl> mailnewsUrl = do_QueryInterface(aURL);
     if (mailnewsUrl)
@@ -549,7 +550,7 @@ nsresult nsPop3Protocol::Initialize(nsIURI * aURL)
       mailnewsUrl->GetServer(getter_AddRefs(server));
       NS_ENSURE_TRUE(server, NS_MSG_INVALID_OR_MISSING_SERVER);
 
-      rv = server->GetIsSecure(&isSecure);
+      rv = server->GetSocketType(&m_socketType);
       NS_ENSURE_SUCCESS(rv,rv);
 
       rv = server->GetUseSecAuth(&m_useSecAuth);
@@ -566,7 +567,7 @@ nsresult nsPop3Protocol::Initialize(nsIURI * aURL)
     // pass an interface requestor down to the socket transport so that PSM can
     // retrieve a nsIPrompt instance if needed.
     nsCOMPtr<nsIInterfaceRequestor> ir;
-    if (isSecure)
+    if (m_socketType != nsIMsgIncomingServer::defaultSocket)
     {
       nsCOMPtr<nsIMsgWindow> msgwin;
       mailnewsUrl->GetMsgWindow(getter_AddRefs(msgwin));
@@ -589,8 +590,19 @@ nsresult nsPop3Protocol::Initialize(nsIURI * aURL)
     rv = NS_ExamineForProxy("pop", hostName.get(), port, getter_AddRefs(proxyInfo));
     if (NS_FAILED(rv)) proxyInfo = nsnull;
 
-    rv = OpenNetworkSocketWithInfo(hostName.get(), port, 
-                                  (isSecure) ? "ssl" : nsnull, proxyInfo, ir);
+    const char *connectionType = nsnull;
+    if (m_socketType == nsIMsgIncomingServer::useSSL)
+      connectionType = "ssl";
+    else if (m_socketType == nsIMsgIncomingServer::tryTLS ||
+          m_socketType == nsIMsgIncomingServer::alwaysUseTLS)
+        connectionType = "starttls";
+
+    rv = OpenNetworkSocketWithInfo(hostName.get(), port, connectionType, proxyInfo, ir);
+    if (NS_FAILED(rv) && m_socketType == nsIMsgIncomingServer::tryTLS)
+    {
+      m_socketType = nsIMsgIncomingServer::defaultSocket;
+      rv = OpenNetworkSocketWithInfo(hostName.get(), port, nsnull, proxyInfo, ir);
+    }
 
     if(NS_FAILED(rv))
       return rv;
@@ -1127,7 +1139,7 @@ PRInt32 nsPop3Protocol::SendData(nsIURI * aURL, const char * dataBuffer, PRBool
 }
 
 /*
- * POP3 AUTH LOGIN extention
+ * POP3 AUTH extension
  */
 
 PRInt32 nsPop3Protocol::SendAuth()
@@ -1216,7 +1228,7 @@ PRInt32 nsPop3Protocol::AuthResponse(nsIInputStream* inputStream,
 }
 
 /*
- * POP3 CAPA extention, see RFC 2449, chapter 5
+ * POP3 CAPA extension, see RFC 2449, chapter 5
  */
 
 PRInt32 nsPop3Protocol::SendCapa()
@@ -1289,6 +1301,19 @@ PRInt32 nsPop3Protocol::CapaResponse(nsIInputStream* inputStream,
         m_pop3Server->SetPop3CapabilityFlags(m_pop3ConData->capability_flags);
     }
     else
+    // see RFC 2595, chapter 4
+    if (!PL_strcasecmp(line, "STLS")) 
+    {
+        nsresult rv;
+        nsCOMPtr<nsISignatureVerifier> verifier = do_GetService(SIGNATURE_VERIFIER_CONTRACTID, &rv);
+        // this checks if psm is installed...
+        if (NS_SUCCEEDED(rv))
+        {
+            SetCapFlag(POP3_HAS_STLS);
+            m_pop3Server->SetPop3CapabilityFlags(m_pop3ConData->capability_flags);
+        }
+    }
+    else
     // see RFC 2449, chapter 6.3
     if (!PL_strncasecmp(line, "SASL", 4))
     {
@@ -1325,8 +1350,71 @@ PRInt32 nsPop3Protocol::CapaResponse(nsIInputStream* inputStream,
     return 0;
 }
 
+PRInt32 nsPop3Protocol::SendTLSResponse()
+{
+  // only tear down our existing connection and open a new one if we received
+  // a +OK response from the pop server after we issued the STLS command
+  nsresult rv = NS_OK;
+  if (m_pop3ConData->command_succeeded) 
+  {
+      nsCOMPtr<nsISupports> secInfo;
+      nsCOMPtr<nsISocketTransport> strans = do_QueryInterface(m_transport, &rv);
+      if (NS_FAILED(rv)) return rv;
+
+      rv = strans->GetSecurityInfo(getter_AddRefs(secInfo));
+
+      if (NS_SUCCEEDED(rv) && secInfo)
+      {
+          nsCOMPtr<nsISSLSocketControl> sslControl = do_QueryInterface(secInfo, &rv);
+
+          if (NS_SUCCEEDED(rv) && sslControl)
+              rv = sslControl->StartTLS();
+      }
+
+    if (NS_SUCCEEDED(rv))
+    {
+      m_pop3ConData->next_state = POP3_SEND_AUTH;
+      m_tlsEnabled = PR_TRUE;
+      m_pop3ConData->capability_flags =     // resetting the flags
+        POP3_AUTH_MECH_UNDEFINED |
+        POP3_HAS_AUTH_USER |                // should be always there
+        POP3_GURL_UNDEFINED |
+        POP3_UIDL_UNDEFINED |
+        POP3_TOP_UNDEFINED |
+        POP3_XTND_XLST_UNDEFINED;
+      m_pop3Server->SetPop3CapabilityFlags(m_pop3ConData->capability_flags);
+      return rv;
+    }
+  }
+
+  ClearFlag(POP3_HAS_STLS);
+  m_pop3ConData->next_state = POP3_PROCESS_AUTH;
+
+  return rv;
+}
+
 PRInt32 nsPop3Protocol::ProcessAuth()
 {
+    if (!m_tlsEnabled)
+    {
+      if(TestCapFlag(POP3_HAS_STLS))
+      {
+        if (m_socketType == nsIMsgIncomingServer::tryTLS ||
+            m_socketType == nsIMsgIncomingServer::alwaysUseTLS)
+        {
+            nsCAutoString command("CAPA" CRLF);
+
+            m_pop3ConData->next_state_after_response = POP3_TLS_RESPONSE;
+            return SendData(m_url, command.get());
+        }
+      }
+      else if (m_socketType == nsIMsgIncomingServer::alwaysUseTLS)
+      {
+          m_pop3ConData->next_state = POP3_ERROR_DONE;
+          return(Error(NS_ERROR_COULD_NOT_CONNECT_VIA_TLS));
+      }
+    }
+
     m_password_already_sent = PR_FALSE;
 
     if(m_useSecAuth)
@@ -3513,6 +3601,10 @@ nsresult nsPop3Protocol::ProcessProtocolState(nsIURI * url, nsIInputStream * aIn
       status = CapaResponse(aInputStream, aLength);
       break;
       
+    case POP3_TLS_RESPONSE:
+      status = SendTLSResponse();
+      break;
+
     case POP3_PROCESS_AUTH:
       status = ProcessAuth();
       break;

mailnews/local/src/nsPop3Protocol.h

@@ -109,7 +109,8 @@ enum Pop3CapabilityEnum {
     POP3_HAS_AUTH_NTLM          = 0x00008000,
     POP3_HAS_AUTH_MSN           = 0x00010000,
     POP3_HAS_RESP_CODES         = 0x00020000,
-    POP3_HAS_AUTH_RESP_CODE     = 0x00040000
+    POP3_HAS_AUTH_RESP_CODE     = 0x00040000,
+    POP3_HAS_STLS               = 0x00080000
 };
 
 #define POP3_HAS_AUTH_ANY         0x00001C00
@@ -169,7 +170,8 @@ enum Pop3StatesEnum {
 
     POP3_GURL_RESPONSE,                         // 42
     POP3_QUIT_RESPONSE,                         // 43
-    POP3_INTERRUPTED                            // 44
+    POP3_INTERRUPTED,                           // 44
+    POP3_TLS_RESPONSE                           // 45
 };
 
 
@@ -345,6 +347,8 @@ private:
 
   PRBool m_parsingMultiLineMessageId;
 
+  PRBool m_tlsEnabled;
+  PRInt32 m_socketType;
   PRBool m_useSecAuth;
   PRBool m_password_already_sent;
 
@@ -377,6 +381,7 @@ private:
   PRInt32 AuthResponse(nsIInputStream* inputStream, PRUint32 length);
   PRInt32 SendCapa();
   PRInt32 CapaResponse(nsIInputStream* inputStream, PRUint32 length);
+  PRInt32 SendTLSResponse();
   PRInt32 ProcessAuth();
   PRInt32 AuthFallback();
   PRInt32 AuthLogin();