path: root/config/accounts.go

package config

import (
	"bytes"
	"errors"
	"fmt"
	"net/url"
	"os"
	"os/exec"
	"path"
	"reflect"
	"regexp"
	"sort"
	"strings"
	"time"

	"git.sr.ht/~rjarry/aerc/lib/log"
	"github.com/emersion/go-message/mail"
	"github.com/go-ini/ini"
)

var (
	EnablePinentry  func()
	DisablePinentry func()
	SetPinentryEnv  func(*exec.Cmd)
)

type RemoteConfig struct {
	Value       string
	PasswordCmd string
	CacheCmd    bool
	cache       string
}

func (c *RemoteConfig) parseValue() (*url.URL, error) {
	return url.Parse(c.Value)
}

func (c *RemoteConfig) ConnectionString() (string, error) {
	if c.Value == "" || c.PasswordCmd == "" {
		return c.Value, nil
	}

	u, err := c.parseValue()
	if err != nil {
		return "", err
	}

	// ignore the command if a password is specified
	if _, exists := u.User.Password(); exists {
		return c.Value, nil
	}

	// don't attempt to parse the command if the url is a path (ie /usr/bin/sendmail)
	if !u.IsAbs() {
		return c.Value, nil
	}

	pw := c.cache

	if pw == "" {
		usePinentry := EnablePinentry != nil &&
			DisablePinentry != nil &&
			SetPinentryEnv != nil

		cmd := exec.Command("sh", "-c", c.PasswordCmd)
		cmd.Stdin = os.Stdin

		buf := new(bytes.Buffer)
		cmd.Stderr = buf

		if usePinentry {
			EnablePinentry()
			defer DisablePinentry()
			SetPinentryEnv(cmd)
		}

		output, err := cmd.Output()
		if err != nil {
			return "", fmt.Errorf("failed to read password: %v: %w",
				buf.String(), err)
		}
		pw = strings.TrimSpace(string(output))
	}
	u.User = url.UserPassword(u.User.Username(), pw)
	if c.CacheCmd {
		c.cache = pw
	}

	return u.String(), nil
}

type AccountConfig struct {
	Name    string
	Backend string
	// backend specific
	Params map[string]string

	Archive           string          `ini:"archive" default:"Archive"`
	CopyTo            string          `ini:"copy-to"`
	CopyToReplied     bool            `ini:"copy-to-replied" default:"false"`
	Default           string          `ini:"default" default:"INBOX"`
	Postpone          string          `ini:"postpone" default:"Drafts"`
	From              *mail.Address   `ini:"from"`
	UseEnvelopeFrom   bool            `ini:"use-envelope-from" default:"false"`
	Aliases           []*mail.Address `ini:"aliases"`
	Source            string          `ini:"source" parse:"ParseSource"`
	Folders           []string        `ini:"folders" delim:","`
	FoldersExclude    []string        `ini:"folders-exclude" delim:","`
	Headers           []string        `ini:"headers" delim:","`
	HeadersExclude    []string        `ini:"headers-exclude" delim:","`
	Outgoing          RemoteConfig    `ini:"outgoing" parse:"ParseOutgoing"`
	SignatureFile     string          `ini:"signature-file"`
	SignatureCmd      string          `ini:"signature-cmd"`
	EnableFoldersSort bool            `ini:"enable-folders-sort" default:"true"`
	FoldersSort       []string        `ini:"folders-sort" delim:","`
	AddressBookCmd    string          `ini:"address-book-cmd"`
	SendAsUTC         bool            `ini:"send-as-utc" default:"false"`
	SendWithHostname  bool            `ini:"send-with-hostname" default:"false"`
	LocalizedRe       *regexp.Regexp  `ini:"subject-re-pattern" default:"(?i)^((AW|RE|SV|VS|ODP|R): ?)+"`

	// CheckMail
	CheckMail        time.Duration `ini:"check-mail"`
	CheckMailCmd     string        `ini:"check-mail-cmd"`
	CheckMailTimeout time.Duration `ini:"check-mail-timeout" default:"10s"`
	CheckMailInclude []string      `ini:"check-mail-include"`
	CheckMailExclude []string      `ini:"check-mail-exclude"`

	// PGP Config
	PgpKeyId                string `ini:"pgp-key-id"`
	PgpAutoSign             bool   `ini:"pgp-auto-sign"`
	PgpAttachKey            bool   `ini:"pgp-attach-key"`
	PgpOpportunisticEncrypt bool   `ini:"pgp-opportunistic-encrypt"`
	PgpErrorLevel           int    `ini:"pgp-error-level" parse:"ParsePgpErrorLevel" default:"warn"`
	PgpSelfEncrypt          bool   `ini:"pgp-self-encrypt"`

	// AuthRes
	TrustedAuthRes []string `ini:"trusted-authres" delim:","`
}

const (
	PgpErrorLevelNone = iota
	PgpErrorLevelWarn
	PgpErrorLevelError
)

var Accounts []*AccountConfig

func parseAccountsFromFile(root string, accts []string, filename string) error {
	log.Debugf("Parsing accounts configuration from %s", filename)

	file, err := ini.LoadSources(ini.LoadOptions{
		KeyValueDelimiters: "=",
	}, filename)
	if err != nil {
		return err
	}

	starttls_warned := false
	var globals *ini.Section
	for _, _sec := range file.SectionStrings() {
		if _sec == "DEFAULT" {
			globals = file.Section(_sec)
			continue
		}
		if len(accts) > 0 && !contains(accts, _sec) {
			continue
		}
		sec := file.Section(_sec)
		for key, val := range globals.KeysHash() {
			if !sec.HasKey(key) {
				_, _ = sec.NewKey(key, val)
			}
		}

		account, err := ParseAccountConfig(_sec, sec)
		if err != nil {
			log.Errorf("failed to load account [%s]: %s", _sec, err)
			Warnings = append(Warnings, Warning{
				Title: "accounts.conf: error",
				Body: fmt.Sprintf(
					"Failed to load account [%s]:\n\n%s",
					_sec, err,
				),
			})
			continue
		}
		if _, ok := account.Params["smtp-starttls"]; ok && !starttls_warned {
			Warnings = append(Warnings, Warning{
				Title: "accounts.conf: smtp-starttls is deprecated",
				Body: `
SMTP connections now use STARTTLS by default and the smtp-starttls setting is ignored.

If you want to disable STARTTLS, append +insecure to the schema.
`,
			})
			starttls_warned = true
		}

		log.Debugf("accounts.conf: [%s] from = %s", account.Name, account.From)
		Accounts = append(Accounts, account)
	}
	if len(accts) > 0 {
		// Sort accounts struct to match the specified order, if we
		// have one
		var acctnames []string
		for _, acc := range Accounts {
			acctnames = append(acctnames, acc.Name)
		}
		var sortaccts []string
		for _, acc := range accts {
			if contains(acctnames, acc) {
				sortaccts = append(sortaccts, acc)
			} else {
				log.Errorf("account [%s] not found", acc)
			}
		}

		idx := make(map[string]int)
		for i, acct := range sortaccts {
			idx[acct] = i
		}
		sort.Slice(Accounts, func(i, j int) bool {
			return idx[Accounts[i].Name] < idx[Accounts[j].Name]
		})
	}

	return nil
}

func parseAccounts(root string, accts []string, filename string) error {
	if filename == "" {
		filename = path.Join(root, "accounts.conf")
		err := checkConfigPerms(filename)
		if errors.Is(err, os.ErrNotExist) {
			// No config triggers account configuration wizard
			return nil
		} else if err != nil {
			return err
		}
	}

	if err := parseAccountsFromFile(root, accts, filename); err != nil {
		return fmt.Errorf("%s: %w", filename, err)
	}

	return nil
}

func ParseAccountConfig(name string, section *ini.Section) (*AccountConfig, error) {
	account := AccountConfig{
		Name:   name,
		Params: make(map[string]string),
	}
	if err := MapToStruct(section, &account, true); err != nil {
		return nil, err
	}
	for key, val := range section.KeysHash() {
		backendSpecific := true
		typ := reflect.TypeOf(account)
		for i := 0; i < typ.NumField(); i++ {
			field := typ.Field(i)
			if field.Tag.Get("ini") == key {
				backendSpecific = false
				break
			}
		}
		if backendSpecific {
			account.Params[key] = val
		}
	}
	if account.Source == "" {
		return nil, fmt.Errorf("missing 'source' parameter")
	}

	account.Backend = parseBackend(account.Source)
	if account.From == nil {
		return nil, fmt.Errorf("missing 'from' parameter")
	}
	if len(account.Headers) > 0 {
		defaults := []string{
			"date",
			"subject",
			"from",
			"sender",
			"reply-to",
			"to",
			"cc",
			"bcc",
			"in-reply-to",
			"message-id",
			"references",
		}
		account.Headers = append(account.Headers, defaults...)
	}
	return &account, nil
}

func parseBackend(source string) string {
	u, err := url.Parse(source)
	if err != nil {
		return ""
	}
	if strings.HasPrefix(u.Scheme, "imap") {
		return "imap"
	}
	if strings.HasPrefix(u.Scheme, "maildir") {
		return "maildir"
	}
	if strings.HasPrefix(u.Scheme, "jmap") {
		return "jmap"
	}
	return u.Scheme
}

func (a *AccountConfig) ParseSource(sec *ini.Section, key *ini.Key) (string, error) {
	var remote RemoteConfig
	remote.Value = key.String()
	if k, err := sec.GetKey("source-cred-cmd"); err == nil {
		remote.PasswordCmd = k.String()
	}
	return remote.ConnectionString()
}

func (a *AccountConfig) ParseOutgoing(sec *ini.Section, key *ini.Key) (RemoteConfig, error) {
	var remote RemoteConfig
	remote.Value = key.String()
	if k, err := sec.GetKey("outgoing-cred-cmd"); err == nil {
		remote.PasswordCmd = k.String()
	}
	if k, err := sec.GetKey("outgoing-cred-cmd-cache"); err == nil {
		cache, err := k.Bool()
		if err != nil {
			return remote, err
		}
		remote.CacheCmd = cache
	}
	_, err := remote.parseValue()
	return remote, err
}

func (a *AccountConfig) ParsePgpErrorLevel(sec *ini.Section, key *ini.Key) (int, error) {
	var level int
	var err error
	switch strings.ToLower(key.String()) {
	case "none":
		level = PgpErrorLevelNone
	case "warn":
		level = PgpErrorLevelWarn
	case "error":
		level = PgpErrorLevelError
	default:
		err = fmt.Errorf("unknown level: %s", key.String())
	}
	return level, err
}

// checkConfigPerms checks for too open permissions
// printing the fix on stdout and returning an error
func checkConfigPerms(filename string) error {
	info, err := os.Stat(filename)
	if err != nil {
		return err
	}

	perms := info.Mode().Perm()
	if perms&0o44 != 0 && !General.UnsafeAccountsConf {
		// group or others have read access
		fmt.Fprintf(os.Stderr, "The file %v has too open permissions.\n", filename)
		fmt.Fprintln(os.Stderr, "This is a security issue (it contains passwords).")
		fmt.Fprintf(os.Stderr, "To fix it, run `chmod 600 %v`\n", filename)
		return errors.New("account.conf permissions too lax")
	}
	return nil
}