From 8db09d2c73e5110064c4862e041021f552609018 Mon Sep 17 00:00:00 2001
From: Victor Freire <victor@freire.dev.br>
Date: Tue, 19 Apr 2022 16:14:46 -0300
Subject: config: add unsafe-accounts-conf option

This adds the option "unsafe-accounts-conf" under the section [general]
of aerc.conf. This allows an user to specify if the accounts.conf file
must be restrict to be read by the file owner (0600).

By default it is set to "false".

Signed-off-by: Victor Freire <victor@freire.dev.br>
Acked-by: Robin Jarry <robin@jarry.cc>
---
 config/aerc.conf | 10 ++++++++++
 config/config.go | 20 ++++++++++++++------
 2 files changed, 24 insertions(+), 6 deletions(-)

(limited to 'config')

diff --git a/config/aerc.conf b/config/aerc.conf
index 458f635..00c6c49 100644
--- a/config/aerc.conf
+++ b/config/aerc.conf
@@ -1,6 +1,16 @@
 #
 # aerc main configuration
 
+[general]
+#
+# By default, the file permissions of accounts.conf must be restrictive and
+# only allow reading by the file owner (0600). Set this option to true to
+# ignore this permission check. Use this with care as it may expose your
+# credentials.
+#
+# Default: false
+unsafe-accounts-conf=false
+
 [ui]
 #
 # Describes the format for each row in a mailbox view. This field is compatible
diff --git a/config/config.go b/config/config.go
index 8eeea10..048dd23 100644
--- a/config/config.go
+++ b/config/config.go
@@ -26,7 +26,8 @@ import (
 )
 
 type GeneralConfig struct {
-	DefaultSavePath string `ini:"default-save-path"`
+	DefaultSavePath    string `ini:"default-save-path"`
+	UnsafeAccountsConf bool   `ini:"unsafe-accounts-conf"`
 }
 
 type UIConfig struct {
@@ -583,11 +584,7 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
 		_root := path.Join(xdg.ConfigHome(), "aerc")
 		root = &_root
 	}
-	filename := path.Join(*root, "accounts.conf")
-	if err := checkConfigPerms(filename); err != nil {
-		return nil, err
-	}
-	filename = path.Join(*root, "aerc.conf")
+	filename := path.Join(*root, "aerc.conf")
 
 	// if it doesn't exist copy over the template, then load
 	if _, err := os.Stat(filename); errors.Is(err, os.ErrNotExist) {
@@ -620,6 +617,10 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
 
 		Ini: file,
 
+		General: GeneralConfig{
+			UnsafeAccountsConf: false,
+		},
+
 		Ui: UIConfig{
 			IndexFormat:        "%D %-17.17n %s",
 			TimestampFormat:    "2006-01-02 03:04 PM",
@@ -705,6 +706,13 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
 		}
 	}
 
+	filename = path.Join(*root, "accounts.conf")
+	if !config.General.UnsafeAccountsConf {
+		if err := checkConfigPerms(filename); err != nil {
+			return nil, err
+		}
+	}
+
 	accountsPath := path.Join(*root, "accounts.conf")
 	if accounts, err := loadAccountConfig(accountsPath); err != nil {
 		return nil, err
-- 
cgit v1.2.3