config: add unsafe-accounts-conf option

This adds the option "unsafe-accounts-conf" under the section [general] of aerc.conf. This allows an user to specify if the accounts.conf file must be restrict to be read by the file owner (0600). By default it is set to "false". Signed-off-by: Victor Freire <victor@freire.dev.br> Acked-by: Robin Jarry <robin@jarry.cc>
2022-04-19 16:14:46 -03:00 · 2022-04-19 16:14:46 -03:00 · 8db09d2c73
parent f21916ce0a
commit 8db09d2c73
3 changed files with 32 additions and 6 deletions
--- a/config/aerc.conf
+++ b/config/aerc.conf
@ -1,6 +1,16 @@
 #
 # aerc main configuration

+[general]
+#
+# By default, the file permissions of accounts.conf must be restrictive and
+# only allow reading by the file owner (0600). Set this option to true to
+# ignore this permission check. Use this with care as it may expose your
+# credentials.
+#
+# Default: false
+unsafe-accounts-conf=false
+
 [ui]
 #
 # Describes the format for each row in a mailbox view. This field is compatible
--- a/config/config.go
+++ b/config/config.go
@ -26,7 +26,8 @@ import (
 )

 type GeneralConfig struct {
-	DefaultSavePath string `ini:"default-save-path"`
+	DefaultSavePath    string `ini:"default-save-path"`
+	UnsafeAccountsConf bool   `ini:"unsafe-accounts-conf"`
 }

 type UIConfig struct {
@ -583,11 +584,7 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
 		_root := path.Join(xdg.ConfigHome(), "aerc")
 		root = &_root
 	}
-	filename := path.Join(*root, "accounts.conf")
-	if err := checkConfigPerms(filename); err != nil {
-		return nil, err
-	}
-	filename = path.Join(*root, "aerc.conf")
+	filename := path.Join(*root, "aerc.conf")

 	// if it doesn't exist copy over the template, then load
 	if _, err := os.Stat(filename); errors.Is(err, os.ErrNotExist) {
@ -620,6 +617,10 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {

 		Ini: file,

+		General: GeneralConfig{
+			UnsafeAccountsConf: false,
+		},
+
 		Ui: UIConfig{
 			IndexFormat:        "%D %-17.17n %s",
 			TimestampFormat:    "2006-01-02 03:04 PM",
@ -705,6 +706,13 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
 		}
 	}

+	filename = path.Join(*root, "accounts.conf")
+	if !config.General.UnsafeAccountsConf {
+		if err := checkConfigPerms(filename); err != nil {
+			return nil, err
+		}
+	}
+
 	accountsPath := path.Join(*root, "accounts.conf")
 	if accounts, err := loadAccountConfig(accountsPath); err != nil {
 		return nil, err
--- a/doc/aerc-config.5.scd
+++ b/doc/aerc-config.5.scd
@ -30,6 +30,14 @@ These options are configured in the *[general]* section of aerc.conf.
 *default-save-path*
 	Used as a default path for save operations if no other path is specified.

+*unsafe-accounts-conf*
+	By default, the file permissions of accounts.conf must be restrictive
+	and only allow reading by the file owner (_0600_). Set this option to
+	*true* to ignore this permission check. Use this with care as it may
+	expose your credentials.
+
+	Default: false
+
 ## UI OPTIONS

 These options are configured in the *[ui]* section of aerc.conf.