config: add unsafe-accounts-conf option

This adds the option "unsafe-accounts-conf" under the section [general]
of aerc.conf. This allows an user to specify if the accounts.conf file
must be restrict to be read by the file owner (0600).

By default it is set to "false".

Signed-off-by: Victor Freire <victor@freire.dev.br>
Acked-by: Robin Jarry <robin@jarry.cc>
This commit is contained in:
Victor Freire 2022-04-19 16:14:46 -03:00 committed by Robin Jarry
parent f21916ce0a
commit 8db09d2c73
3 changed files with 32 additions and 6 deletions

View file

@ -1,6 +1,16 @@
# #
# aerc main configuration # aerc main configuration
[general]
#
# By default, the file permissions of accounts.conf must be restrictive and
# only allow reading by the file owner (0600). Set this option to true to
# ignore this permission check. Use this with care as it may expose your
# credentials.
#
# Default: false
unsafe-accounts-conf=false
[ui] [ui]
# #
# Describes the format for each row in a mailbox view. This field is compatible # Describes the format for each row in a mailbox view. This field is compatible

View file

@ -26,7 +26,8 @@ import (
) )
type GeneralConfig struct { type GeneralConfig struct {
DefaultSavePath string `ini:"default-save-path"` DefaultSavePath string `ini:"default-save-path"`
UnsafeAccountsConf bool `ini:"unsafe-accounts-conf"`
} }
type UIConfig struct { type UIConfig struct {
@ -583,11 +584,7 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
_root := path.Join(xdg.ConfigHome(), "aerc") _root := path.Join(xdg.ConfigHome(), "aerc")
root = &_root root = &_root
} }
filename := path.Join(*root, "accounts.conf") filename := path.Join(*root, "aerc.conf")
if err := checkConfigPerms(filename); err != nil {
return nil, err
}
filename = path.Join(*root, "aerc.conf")
// if it doesn't exist copy over the template, then load // if it doesn't exist copy over the template, then load
if _, err := os.Stat(filename); errors.Is(err, os.ErrNotExist) { if _, err := os.Stat(filename); errors.Is(err, os.ErrNotExist) {
@ -620,6 +617,10 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
Ini: file, Ini: file,
General: GeneralConfig{
UnsafeAccountsConf: false,
},
Ui: UIConfig{ Ui: UIConfig{
IndexFormat: "%D %-17.17n %s", IndexFormat: "%D %-17.17n %s",
TimestampFormat: "2006-01-02 03:04 PM", TimestampFormat: "2006-01-02 03:04 PM",
@ -705,6 +706,13 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
} }
} }
filename = path.Join(*root, "accounts.conf")
if !config.General.UnsafeAccountsConf {
if err := checkConfigPerms(filename); err != nil {
return nil, err
}
}
accountsPath := path.Join(*root, "accounts.conf") accountsPath := path.Join(*root, "accounts.conf")
if accounts, err := loadAccountConfig(accountsPath); err != nil { if accounts, err := loadAccountConfig(accountsPath); err != nil {
return nil, err return nil, err

View file

@ -30,6 +30,14 @@ These options are configured in the *[general]* section of aerc.conf.
*default-save-path* *default-save-path*
Used as a default path for save operations if no other path is specified. Used as a default path for save operations if no other path is specified.
*unsafe-accounts-conf*
By default, the file permissions of accounts.conf must be restrictive
and only allow reading by the file owner (_0600_). Set this option to
*true* to ignore this permission check. Use this with care as it may
expose your credentials.
Default: false
## UI OPTIONS ## UI OPTIONS
These options are configured in the *[ui]* section of aerc.conf. These options are configured in the *[ui]* section of aerc.conf.