package config
import (
"errors"
"fmt"
"net/url"
"os"
"os/exec"
"path"
"regexp"
"sort"
"strconv"
"strings"
"time"
"git.sr.ht/~rjarry/aerc/logging"
"github.com/go-ini/ini"
)
type RemoteConfig struct {
Value string
PasswordCmd string
CacheCmd bool
cache string
}
func (c *RemoteConfig) parseValue() (*url.URL, error) {
return url.Parse(c.Value)
}
func (c *RemoteConfig) ConnectionString() (string, error) {
if c.Value == "" || c.PasswordCmd == "" {
return c.Value, nil
}
u, err := c.parseValue()
if err != nil {
return "", err
}
// ignore the command if a password is specified
if _, exists := u.User.Password(); exists {
return c.Value, nil
}
// don't attempt to parse the command if the url is a path (ie /usr/bin/sendmail)
if !u.IsAbs() {
return c.Value, nil
}
pw := c.cache
if pw == "" {
cmd := exec.Command("sh", "-c", c.PasswordCmd)
cmd.Stdin = os.Stdin
output, err := cmd.Output()
if err != nil {
return "", fmt.Errorf("failed to read password: %w", err)
}
pw = strings.TrimSpace(string(output))
}
u.User = url.UserPassword(u.User.Username(), pw)
if c.CacheCmd {
c.cache = pw
}
return u.String(), nil
}
type AccountConfig struct {
Archive string
CopyTo string
Default string
Postpone string
From string
Aliases string
Name string
Source string
Folders []string
FoldersExclude []string
Params map[string]string
Outgoing RemoteConfig
SignatureFile string
SignatureCmd string
EnableFoldersSort bool `ini:"enable-folders-sort"`
FoldersSort []string `ini:"folders-sort" delim:","`
AddressBookCmd string `ini:"address-book-cmd"`
SendAsUTC bool `ini:"send-as-utc"`
LocalizedRe *regexp.Regexp
// CheckMail
CheckMail time.Duration `ini:"check-mail"`
CheckMailCmd string `ini:"check-mail-cmd"`
CheckMailTimeout time.Duration `ini:"check-mail-timeout"`
CheckMailInclude []string `ini:"check-mail-include"`
CheckMailExclude []string `ini:"check-mail-exclude"`
// PGP Config
PgpKeyId string `ini:"pgp-key-id"`
PgpAutoSign bool `ini:"pgp-auto-sign"`
PgpOpportunisticEncrypt bool `ini:"pgp-opportunistic-encrypt"`
// AuthRes
TrustedAuthRes []string `ini:"trusted-authres" delim:","`
}
func (config *AercConfig) parseAccounts(root string, accts []string) error {
filename := path.Join(root, "accounts.conf")
if !config.General.UnsafeAccountsConf {
if err := checkConfigPerms(filename); err != nil {
return err
}
}
logging.Infof("Parsing accounts configuration from %s", filename)
file, err := ini.Load(filename)
if err != nil {
// No config triggers account configuration wizard
return nil
}
file.NameMapper = mapName
for _, _sec := range file.SectionStrings() {
if _sec == "DEFAULT" {
continue
}
if len(accts) > 0 && !contains(accts, _sec) {
continue
}
sec := file.Section(_sec)
sourceRemoteConfig := RemoteConfig{}
account := AccountConfig{
Archive: "Archive",
Default: "INBOX",
Postpone: "Drafts",
Name: _sec,
Params: make(map[string]string),
EnableFoldersSort: true,
CheckMailTimeout: 10 * time.Second,
// localizedRe contains a list of known translations for the common Re:
LocalizedRe: regexp.MustCompile(`(?i)^((AW|RE|SV|VS|ODP|R): ?)+`),
}
if err = sec.MapTo(&account); err != nil {
return err
}
for key, val := range sec.KeysHash() {
switch key {
case "folders":
folders := strings.Split(val, ",")
sort.Strings(folders)
account.Folders = folders
case "folders-exclude":
folders := strings.Split(val, ",")
sort.Strings(folders)
account.FoldersExclude = folders
case "source":
sourceRemoteConfig.Value = val
case "source-cred-cmd":
sourceRemoteConfig.PasswordCmd = val
case "outgoing":
account.Outgoing.Value = val
case "outgoing-cred-cmd":
account.Outgoing.PasswordCmd = val
case "outgoing-cred-cmd-cache":
cache, err := strconv.ParseBool(val)
if err != nil {
return fmt.Errorf("%s=%s %w", key, val, err)
}
account.Outgoing.CacheCmd = cache
case "from":
account.From = val
case "aliases":
account.Aliases = val
case "copy-to":
account.CopyTo = val
case "archive":
account.Archive = val
case "enable-folders-sort":
account.EnableFoldersSort, _ = strconv.ParseBool(val)
case "pgp-key-id":
account.PgpKeyId = val
case "pgp-auto-sign":
account.PgpAutoSign, _ = strconv.ParseBool(val)
case "pgp-opportunistic-encrypt":
account.PgpOpportunisticEncrypt, _ = strconv.ParseBool(val)
case "address-book-cmd":
account.AddressBookCmd = val
case "subject-re-pattern":
re, err := regexp.Compile(val)
if err != nil {
return fmt.Errorf("%s=%s %w", key, val, err)
}
account.LocalizedRe = re
default:
if key != "name" {
account.Params[key] = val
}
}
}
if account.Source == "" {
return fmt.Errorf("Expected source for account %s", _sec)
}
if account.From == "" {
return fmt.Errorf("Expected from for account %s", _sec)
}
source, err := sourceRemoteConfig.ConnectionString()
if err != nil {
return fmt.Errorf("Invalid source credentials for %s: %w", _sec, err)
}
account.Source = source
_, err = account.Outgoing.parseValue()
if err != nil {
return fmt.Errorf("Invalid outgoing credentials for %s: %w", _sec, err)
}
logging.Debugf("accounts.conf: [%s] from = %s", account.Name, account.From)
config.Accounts = append(config.Accounts, account)
}
if len(accts) > 0 {
// Sort accounts struct to match the specified order, if we
// have one
if len(config.Accounts) != len(accts) {
return errors.New("account(s) not found")
}
sort.Slice(config.Accounts, func(i, j int) bool {
return strings.ToLower(accts[i]) < strings.ToLower(accts[j])
})
}
return nil
}
// checkConfigPerms checks for too open permissions
// printing the fix on stdout and returning an error
func checkConfigPerms(filename string) error {
info, err := os.Stat(filename)
if errors.Is(err, os.ErrNotExist) {
return nil // disregard absent files
}
if err != nil {
return err
}
perms := info.Mode().Perm()
// group or others have read access
if perms&0o44 != 0 {
fmt.Fprintf(os.Stderr, "The file %v has too open permissions.\n", filename)
fmt.Fprintln(os.Stderr, "This is a security issue (it contains passwords).")
fmt.Fprintf(os.Stderr, "To fix it, run `chmod 600 %v`\n", filename)
return errors.New("account.conf permissions too lax")
}
return nil
}
