LCOV - code coverage report
Current view: top level - libemail/src/infrastructure - config_store.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 95.4 % 411 392
Test Date: 2026-05-07 15:53:07 Functions: 100.0 % 22 22

            Line data    Source code
       1              : #include "config_store.h"
       2              : #include "config.h"
       3              : #include "fs_util.h"
       4              : #include "platform/path.h"
       5              : #include "platform/credential_key.h"
       6              : #include "raii.h"
       7              : #include "logger.h"
       8              : #include <openssl/evp.h>
       9              : #include <openssl/rand.h>
      10              : #include <stdio.h>
      11              : #include <stdlib.h>
      12              : #include <string.h>
      13              : #include <ctype.h>
      14              : #include <sys/stat.h>
      15              : #include <dirent.h>
      16              : #include <unistd.h>
      17              : #include <errno.h>
      18              : 
      19              : #define CONFIG_APP_DIR "email-cli"
      20              : 
      21              : /** @brief Trims leading and trailing whitespace from a string in-place. */
      22        13034 : static char* trim(char *str) {
      23              :     char *end;
      24        13328 :     while (isspace((unsigned char)*str)) str++;
      25        13034 :     if (*str == 0) return str;
      26        12740 :     end = str + strlen(str) - 1;
      27        18542 :     while (end > str && isspace((unsigned char)*end)) end--;
      28        12740 :     end[1] = '\0';
      29        12740 :     return str;
      30              : }
      31              : 
      32              : /** Returns heap-allocated path to the accounts/ directory. Caller must free. */
      33          796 : static char *get_accounts_dir(void) {
      34          796 :     const char *config_base = platform_config_dir();
      35          796 :     if (!config_base) return NULL;
      36          796 :     char *dir = NULL;
      37          796 :     if (asprintf(&dir, "%s/%s/accounts", config_base, CONFIG_APP_DIR) == -1)
      38            0 :         return NULL;
      39          796 :     return dir;
      40              : }
      41              : 
      42              : /* ── Global application settings ────────────────────────────────────────── */
      43              : 
      44              : static int g_obfuscation_loaded = 0;
      45              : static int g_credential_obfuscation = 1; /* default: ON */
      46              : 
      47          482 : static char *get_settings_path(void) {
      48          482 :     const char *config_base = platform_config_dir();
      49          482 :     if (!config_base) return NULL;
      50          482 :     char *path = NULL;
      51          482 :     if (asprintf(&path, "%s/%s/settings.ini", config_base, CONFIG_APP_DIR) == -1)
      52            0 :         return NULL;
      53          482 :     return path;
      54              : }
      55              : 
      56           61 : static void write_settings(const char *path) {
      57           61 :     const char *config_base = platform_config_dir();
      58           61 :     if (!config_base) return;
      59              :     char dir[4096];
      60           61 :     snprintf(dir, sizeof(dir), "%s/%s", config_base, CONFIG_APP_DIR);
      61           61 :     if (fs_mkdir_p(dir, 0700) != 0) return;
      62           61 :     FILE *fp = fopen(path, "w");
      63           61 :     if (!fp) return;
      64           61 :     fprintf(fp, "credential_obfuscation=%s\n", g_credential_obfuscation ? "true" : "false");
      65           61 :     fclose(fp);
      66           61 :     fs_ensure_permissions(path, 0600);
      67              : }
      68              : 
      69         1012 : static void load_settings_once(void) {
      70         1071 :     if (g_obfuscation_loaded) return;
      71          480 :     g_obfuscation_loaded = 1;
      72              : 
      73          960 :     RAII_STRING char *path = get_settings_path();
      74          480 :     if (!path) return;
      75              : 
      76          480 :     FILE *fp = fopen(path, "r");
      77          480 :     if (!fp) {
      78              :         /* First run — create settings.ini with defaults */
      79           59 :         write_settings(path);
      80           59 :         return;
      81              :     }
      82              : 
      83              :     char line[256];
      84          842 :     while (fgets(line, sizeof(line), fp)) {
      85          421 :         char *key = strtok(line, "=");
      86          421 :         char *val = strtok(NULL, "\n");
      87          421 :         if (!key || !val) continue;
      88          421 :         key = trim(key); val = trim(val);
      89          421 :         if (strcmp(key, "credential_obfuscation") == 0)
      90          421 :             g_credential_obfuscation = (strcmp(val, "true") == 0 || strcmp(val, "1") == 0) ? 1 : 0;
      91              :     }
      92          421 :     fclose(fp);
      93              : }
      94              : 
      95          163 : int app_settings_get_obfuscation(void) {
      96          163 :     load_settings_once();
      97          163 :     return g_credential_obfuscation;
      98              : }
      99              : 
     100            2 : int app_settings_set_obfuscation(int enabled) {
     101            2 :     load_settings_once();
     102            2 :     g_credential_obfuscation = enabled ? 1 : 0;
     103            4 :     RAII_STRING char *path = get_settings_path();
     104            2 :     if (!path) return -1;
     105            2 :     write_settings(path);
     106            2 :     return 0;
     107              : }
     108              : 
     109              : /* ── Base64 encode / decode ──────────────────────────────────────────────── */
     110              : 
     111              : static const char B64CHARS[] =
     112              :     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
     113              : 
     114              : /** Returns heap-allocated base64 string. Caller must free(). */
     115          187 : static char *b64_encode(const unsigned char *src, size_t src_len) {
     116          187 :     size_t out_len = ((src_len + 2) / 3) * 4 + 1;
     117          187 :     char *out = malloc(out_len);
     118          187 :     if (!out) return NULL;
     119          187 :     size_t i, j = 0;
     120         2430 :     for (i = 0; i + 2 < src_len; i += 3) {
     121         2243 :         out[j++] = B64CHARS[src[i] >> 2];
     122         2243 :         out[j++] = B64CHARS[((src[i] & 3) << 4)   | (src[i+1] >> 4)];
     123         2243 :         out[j++] = B64CHARS[((src[i+1] & 0xf) << 2) | (src[i+2] >> 6)];
     124         2243 :         out[j++] = B64CHARS[src[i+2] & 0x3f];
     125              :     }
     126          187 :     size_t rem = src_len - i;
     127          187 :     if (rem == 1) {
     128           14 :         out[j++] = B64CHARS[src[i] >> 2];
     129           14 :         out[j++] = B64CHARS[(src[i] & 3) << 4];
     130           14 :         out[j++] = '='; out[j++] = '=';
     131          173 :     } else if (rem == 2) {
     132           22 :         out[j++] = B64CHARS[src[i] >> 2];
     133           22 :         out[j++] = B64CHARS[((src[i] & 3) << 4) | (src[i+1] >> 4)];
     134           22 :         out[j++] = B64CHARS[(src[i+1] & 0xf) << 2];
     135           22 :         out[j++] = '=';
     136              :     }
     137          187 :     out[j] = '\0';
     138          187 :     return out;
     139              : }
     140              : 
     141        43300 : static int b64_char_val(char c) {
     142        43300 :     if (c >= 'A' && c <= 'Z') return c - 'A';
     143        25724 :     if (c >= 'a' && c <= 'z') return c - 'a' + 26;
     144         7040 :     if (c >= '0' && c <= '9') return c - '0' + 52;
     145         1491 :     if (c == '+') return 62;
     146          656 :     if (c == '/') return 63;
     147           84 :     if (c == '=') return 0;
     148            0 :     return -1;
     149              : }
     150              : 
     151              : /**
     152              :  * Decode base64 string into *out (heap-allocated). Caller must free().
     153              :  * Returns 0 on success, -1 on error.
     154              :  */
     155          880 : static int b64_decode(const char *src, unsigned char **out, size_t *out_len) {
     156          880 :     size_t src_len = strlen(src);
     157          880 :     if (src_len == 0 || src_len % 4 != 0) return -1;
     158              : 
     159          880 :     size_t dec_len = (src_len / 4) * 3;
     160          880 :     if (src[src_len - 1] == '=') dec_len--;
     161          880 :     if (src[src_len - 2] == '=') dec_len--;
     162              : 
     163          880 :     unsigned char *buf = malloc(dec_len + 1);
     164          880 :     if (!buf) return -1;
     165              : 
     166          880 :     size_t j = 0;
     167        11705 :     for (size_t i = 0; i < src_len; i += 4) {
     168        10825 :         int a = b64_char_val(src[i]);
     169        10825 :         int b = b64_char_val(src[i+1]);
     170        10825 :         int c = b64_char_val(src[i+2]);
     171        10825 :         int d = b64_char_val(src[i+3]);
     172        10825 :         if (a < 0 || b < 0 || c < 0 || d < 0) { free(buf); return -1; }
     173        10825 :         buf[j++] = (unsigned char)((a << 2) | (b >> 4));
     174        10825 :         if (src[i+2] != '=') buf[j++] = (unsigned char)((b << 4) | (c >> 2));
     175        10825 :         if (src[i+3] != '=') buf[j++] = (unsigned char)((c << 6) | d);
     176              :     }
     177          880 :     buf[j] = '\0';
     178          880 :     *out = buf;
     179          880 :     *out_len = j;
     180          880 :     return 0;
     181              : }
     182              : 
     183              : /* ── Credential encryption / decryption (AES-256-GCM) ───────────────────── */
     184              : 
     185              : /**
     186              :  * Encrypt plaintext with AES-256-GCM using a key derived from the email.
     187              :  * Returns heap-allocated "enc:<base64(iv|ciphertext|tag)>" string,
     188              :  * or NULL if key derivation failed (caller falls back to plaintext).
     189              :  */
     190          187 : static char *encrypt_credential(const char *plaintext, const char *email) {
     191          187 :     if (!plaintext || !*plaintext)
     192            0 :         return strdup(plaintext ? plaintext : "");
     193              : 
     194              :     unsigned char key[32];
     195          187 :     if (platform_derive_credential_key(email, key) != 0)
     196            0 :         return NULL; /* no key source available — store plaintext */
     197              : 
     198              :     unsigned char iv[12];
     199          187 :     if (RAND_bytes(iv, sizeof(iv)) != 1) return NULL;
     200              : 
     201          187 :     size_t pt_len = strlen(plaintext);
     202          187 :     unsigned char *ct = malloc(pt_len + 1);
     203          187 :     if (!ct) return NULL;
     204              : 
     205              :     unsigned char tag[16];
     206          187 :     int outl = 0, finl = 0;
     207          187 :     EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
     208          187 :     if (!ctx) { free(ct); return NULL; }
     209          187 :     EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, key, iv);
     210          187 :     EVP_EncryptUpdate(ctx, ct, &outl, (const unsigned char *)plaintext, (int)pt_len);
     211          187 :     EVP_EncryptFinal_ex(ctx, ct + outl, &finl);
     212          187 :     EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
     213          187 :     EVP_CIPHER_CTX_free(ctx);
     214              : 
     215              :     /* Pack: iv[12] | ciphertext[pt_len] | tag[16] */
     216          187 :     size_t packed_len = 12 + pt_len + 16;
     217          187 :     unsigned char *packed = malloc(packed_len);
     218          187 :     if (!packed) { free(ct); return NULL; }
     219          187 :     memcpy(packed,              iv,  12);
     220          187 :     memcpy(packed + 12,         ct,  pt_len);
     221          187 :     memcpy(packed + 12 + pt_len, tag, 16);
     222          187 :     free(ct);
     223              : 
     224          187 :     char *b64 = b64_encode(packed, packed_len);
     225          187 :     free(packed);
     226          187 :     if (!b64) return NULL;
     227              : 
     228          187 :     char *result = NULL;
     229          187 :     if (asprintf(&result, "enc:%s", b64) == -1) result = NULL;
     230          187 :     free(b64);
     231          187 :     return result;
     232              : }
     233              : 
     234              : /**
     235              :  * Decrypt a credential value.
     236              :  * - If value starts with "enc:", decrypt using a key derived from email.
     237              :  * - Otherwise return a copy of the plaintext value.
     238              :  * Returns heap-allocated plaintext, or NULL on decryption failure.
     239              :  */
     240          880 : static char *decrypt_credential(const char *value, const char *email) {
     241          880 :     if (!value) return NULL;
     242          880 :     if (strncmp(value, "enc:", 4) != 0) return strdup(value);
     243              : 
     244          880 :     unsigned char *packed = NULL;
     245          880 :     size_t packed_len = 0;
     246          880 :     if (b64_decode(value + 4, &packed, &packed_len) != 0) return NULL;
     247          880 :     if (packed_len < 12 + 16) { free(packed); return NULL; }
     248              : 
     249              :     unsigned char key[32];
     250          880 :     if (platform_derive_credential_key(email, key) != 0) {
     251            0 :         free(packed);
     252            0 :         return NULL;
     253              :     }
     254              : 
     255          880 :     unsigned char *iv  = packed;
     256          880 :     size_t ct_len      = packed_len - 12 - 16;
     257          880 :     unsigned char *ct  = packed + 12;
     258          880 :     unsigned char *tag = packed + 12 + ct_len;
     259              : 
     260          880 :     unsigned char *pt = malloc(ct_len + 1);
     261          880 :     if (!pt) { free(packed); return NULL; }
     262              : 
     263          880 :     EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
     264          880 :     if (!ctx) { free(packed); free(pt); return NULL; }
     265              : 
     266          880 :     EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, key, iv);
     267          880 :     EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
     268          880 :     int outl = 0, finl = 0;
     269          880 :     EVP_DecryptUpdate(ctx, pt, &outl, ct, (int)ct_len);
     270          880 :     int ok = EVP_DecryptFinal_ex(ctx, pt + outl, &finl);
     271          880 :     EVP_CIPHER_CTX_free(ctx);
     272          880 :     free(packed);
     273              : 
     274          880 :     if (ok != 1) {
     275              :         /* Authentication failed — wrong key (system data changed) */
     276            0 :         free(pt);
     277            0 :         return NULL;
     278              :     }
     279          880 :     pt[ct_len] = '\0';
     280          880 :     return (char *)pt;
     281              : }
     282              : 
     283              : /* ── Config read / write ────────────────────────────────────────────────── */
     284              : 
     285              : /** Write one config struct to an open FILE, encrypting credentials if enabled. */
     286          154 : static void write_config_to_fp(FILE *fp, const Config *cfg) {
     287          154 :     int obfus = app_settings_get_obfuscation();
     288          154 :     const char *email = cfg->user ? cfg->user : "";
     289              : 
     290          154 :     fprintf(fp, "EMAIL_HOST=%s\n",   cfg->host   ? cfg->host   : "");
     291          154 :     fprintf(fp, "EMAIL_USER=%s\n",   cfg->user   ? cfg->user   : "");
     292              : 
     293              :     /* Credentials: encrypt when obfuscation is on */
     294              :     {
     295          151 :         char *enc = (obfus && cfg->pass && *cfg->pass)
     296          305 :                     ? encrypt_credential(cfg->pass, email) : NULL;
     297          154 :         fprintf(fp, "EMAIL_PASS=%s\n", enc ? enc : (cfg->pass ? cfg->pass : ""));
     298          154 :         free(enc);
     299              :     }
     300              : 
     301          154 :     fprintf(fp, "EMAIL_FOLDER=%s\n", cfg->folder ? cfg->folder : "INBOX");
     302          154 :     if (cfg->sent_folder) fprintf(fp, "EMAIL_SENT_FOLDER=%s\n", cfg->sent_folder);
     303          154 :     if (cfg->ssl_no_verify) fprintf(fp, "SSL_NO_VERIFY=1\n");
     304          154 :     fprintf(fp, "SYNC_INTERVAL=%d\n", cfg->sync_interval);
     305          154 :     if (cfg->smtp_host) fprintf(fp, "SMTP_HOST=%s\n", cfg->smtp_host);
     306          154 :     if (cfg->smtp_port) fprintf(fp, "SMTP_PORT=%d\n", cfg->smtp_port);
     307          154 :     if (cfg->smtp_user) fprintf(fp, "SMTP_USER=%s\n", cfg->smtp_user);
     308          154 :     if (cfg->smtp_pass) {
     309           37 :         char *enc = (obfus && *cfg->smtp_pass)
     310           74 :                     ? encrypt_credential(cfg->smtp_pass, email) : NULL;
     311           37 :         fprintf(fp, "SMTP_PASS=%s\n", enc ? enc : cfg->smtp_pass);
     312           37 :         free(enc);
     313              :     }
     314          154 :     if (cfg->gmail_mode) fprintf(fp, "GMAIL_MODE=1\n");
     315          154 :     if (cfg->gmail_refresh_token) {
     316           18 :         char *enc = (obfus && *cfg->gmail_refresh_token)
     317           36 :                     ? encrypt_credential(cfg->gmail_refresh_token, email) : NULL;
     318           18 :         fprintf(fp, "GMAIL_REFRESH_TOKEN=%s\n", enc ? enc : cfg->gmail_refresh_token);
     319           18 :         free(enc);
     320              :     }
     321          154 :     if (cfg->gmail_client_id) fprintf(fp, "GMAIL_CLIENT_ID=%s\n", cfg->gmail_client_id);
     322          154 :     if (cfg->gmail_client_secret) fprintf(fp, "GMAIL_CLIENT_SECRET=%s\n", cfg->gmail_client_secret);
     323          154 : }
     324              : 
     325              : /** Load a config from a specific file path. Decrypts enc: credentials transparently.
     326              :  *  Sets *out_needs_resave to 1 if any credential was plaintext and obfuscation is ON. */
     327          845 : static Config *load_config_from_path(const char *path, int *out_needs_resave) {
     328         1690 :     RAII_FILE FILE *fp = fopen(path, "r");
     329          845 :     if (!fp) return NULL;
     330              : 
     331          822 :     Config *cfg = calloc(1, sizeof(Config));
     332          822 :     if (!cfg) return NULL;
     333              : 
     334          822 :     int plaintext_cred_found  = 0; /* set if any credential lacks enc: prefix */
     335          822 :     int encrypted_cred_found  = 0; /* set if any credential has  enc: prefix */
     336              :     char line[1024]; /* wider than before — enc: values can be long */
     337         6918 :     while (fgets(line, sizeof(line), fp)) {
     338         6096 :         char *eq = strchr(line, '=');
     339         6096 :         if (!eq) continue;
     340         6096 :         *eq = '\0';
     341         6096 :         char *key = trim(line);
     342         6096 :         char *val = trim(eq + 1);
     343              :         /* Strip trailing newline from val */
     344         6096 :         size_t vlen = strlen(val);
     345         6096 :         while (vlen > 0 && (val[vlen-1] == '\n' || val[vlen-1] == '\r'))
     346            0 :             val[--vlen] = '\0';
     347              : 
     348         6096 :         if      (strcmp(key, "EMAIL_HOST")          == 0) cfg->host               = strdup(val);
     349         5279 :         else if (strcmp(key, "EMAIL_USER")          == 0) cfg->user               = strdup(val);
     350         4457 :         else if (strcmp(key, "EMAIL_PASS")          == 0) {
     351          809 :             cfg->pass = strdup(val);
     352          809 :             if (val[0]) { if (strncmp(val, "enc:", 4) == 0) encrypted_cred_found = 1;
     353          106 :                           else                               plaintext_cred_found  = 1; }
     354              :         }
     355         3648 :         else if (strcmp(key, "EMAIL_FOLDER")        == 0) cfg->folder             = strdup(val);
     356         2856 :         else if (strcmp(key, "EMAIL_SENT_FOLDER")   == 0) cfg->sent_folder        = strdup(val);
     357         2606 :         else if (strcmp(key, "SSL_NO_VERIFY")       == 0) cfg->ssl_no_verify      = atoi(val);
     358         1964 :         else if (strcmp(key, "SYNC_INTERVAL")       == 0) cfg->sync_interval      = atoi(val);
     359         1242 :         else if (strcmp(key, "SMTP_HOST")           == 0) cfg->smtp_host          = strdup(val);
     360          751 :         else if (strcmp(key, "SMTP_PORT")           == 0) cfg->smtp_port          = atoi(val);
     361          736 :         else if (strcmp(key, "SMTP_USER")           == 0) cfg->smtp_user          = strdup(val);
     362          522 :         else if (strcmp(key, "SMTP_PASS")           == 0) {
     363          211 :             cfg->smtp_pass = strdup(val);
     364          211 :             if (val[0]) { if (strncmp(val, "enc:", 4) == 0) encrypted_cred_found = 1;
     365           34 :                           else                               plaintext_cred_found  = 1; }
     366              :         }
     367          311 :         else if (strcmp(key, "GMAIL_MODE")          == 0) cfg->gmail_mode         = atoi(val);
     368          156 :         else if (strcmp(key, "GMAIL_REFRESH_TOKEN") == 0) {
     369          154 :             cfg->gmail_refresh_token = strdup(val);
     370          154 :             if (val[0]) { if (strncmp(val, "enc:", 4) == 0) encrypted_cred_found = 1;
     371           12 :                           else                               plaintext_cred_found  = 1; }
     372              :         }
     373            2 :         else if (strcmp(key, "GMAIL_CLIENT_ID")     == 0) cfg->gmail_client_id    = strdup(val);
     374            1 :         else if (strcmp(key, "GMAIL_CLIENT_SECRET") == 0) cfg->gmail_client_secret = strdup(val);
     375              :     }
     376          822 :     if (!cfg->folder) cfg->folder = strdup("INBOX");
     377              : 
     378              :     /* Decrypt any enc: credential fields using the account email as key context */
     379          822 :     const char *email = cfg->user ? cfg->user : "";
     380              : 
     381          822 :     if (cfg->pass && strncmp(cfg->pass, "enc:", 4) == 0) {
     382          561 :         char *dec = decrypt_credential(cfg->pass, email);
     383          561 :         free(cfg->pass);
     384          561 :         if (dec) {
     385          561 :             cfg->pass = dec;
     386              :         } else {
     387            0 :             fprintf(stderr,
     388              :                 "Warning: Could not decrypt stored password for '%s'.\n"
     389              :                 "  The system key may have changed. Re-enter the password with:\n"
     390              :                 "    email-cli config password\n", email);
     391            0 :             logger_log(LOG_WARN, "credential decrypt failed for %s", email);
     392            0 :             cfg->pass = NULL;
     393              :         }
     394              :     }
     395              : 
     396          822 :     if (cfg->smtp_pass && strncmp(cfg->smtp_pass, "enc:", 4) == 0) {
     397          177 :         char *dec = decrypt_credential(cfg->smtp_pass, email);
     398          177 :         free(cfg->smtp_pass);
     399          177 :         cfg->smtp_pass = dec; /* NULL on failure is acceptable for SMTP */
     400              :     }
     401              : 
     402          822 :     if (cfg->gmail_refresh_token && strncmp(cfg->gmail_refresh_token, "enc:", 4) == 0) {
     403          142 :         char *dec = decrypt_credential(cfg->gmail_refresh_token, email);
     404          142 :         free(cfg->gmail_refresh_token);
     405          142 :         if (dec) {
     406          142 :             cfg->gmail_refresh_token = dec;
     407              :         } else {
     408            0 :             fprintf(stderr,
     409              :                 "Warning: Could not decrypt stored refresh token for '%s'.\n"
     410              :                 "  Re-run the Gmail OAuth2 setup: email-cli add-account\n", email);
     411            0 :             logger_log(LOG_WARN, "refresh token decrypt failed for %s", email);
     412            0 :             cfg->gmail_refresh_token = NULL;
     413              :         }
     414              :     }
     415              : 
     416              :     /* Gmail mode requires user + refresh token; IMAP mode requires host + user + pass */
     417          822 :     if (cfg->gmail_mode) {
     418          155 :         if (!cfg->user || !cfg->gmail_refresh_token) { config_free(cfg); return NULL; }
     419              :     } else {
     420          667 :         if (!cfg->host || !cfg->user || !cfg->pass) { config_free(cfg); return NULL; }
     421              :     }
     422              : 
     423              :     /* TLS enforcement (IMAP mode only — Gmail uses OAuth2 over HTTPS) */
     424          819 :     if (!cfg->gmail_mode && !cfg->ssl_no_verify) {
     425           28 :         if (strncmp(cfg->host, "imaps://", 8) != 0) {
     426            1 :             fprintf(stderr,
     427              :                 "Error: EMAIL_HOST must start with imaps:// (TLS required).\n"
     428              :                 "  Got: %s\n", cfg->host);
     429            1 :             logger_log(LOG_ERROR,
     430              :                        "Rejected insecure EMAIL_HOST in account config: %s",
     431              :                        cfg->host);
     432            1 :             config_free(cfg);
     433            1 :             return NULL;
     434              :         }
     435           27 :         if (cfg->smtp_host && cfg->smtp_host[0] &&
     436            2 :             strncmp(cfg->smtp_host, "smtps://", 8) != 0) {
     437            1 :             fprintf(stderr,
     438              :                 "Error: SMTP_HOST must start with smtps:// (TLS required).\n"
     439              :                 "  Got: %s\n", cfg->smtp_host);
     440            1 :             logger_log(LOG_ERROR,
     441              :                        "Rejected insecure SMTP_HOST in account config: %s",
     442              :                        cfg->smtp_host);
     443            1 :             config_free(cfg);
     444            1 :             return NULL;
     445              :         }
     446          791 :     } else if (cfg->host) {
     447          789 :         if (strncmp(cfg->host, "imaps://", 8) != 0)
     448          153 :             logger_log(LOG_WARN,
     449              :                        "SSL_NO_VERIFY=1: connecting without TLS to %s "
     450              :                        "(test/dev mode only)", cfg->host);
     451          789 :         if (cfg->smtp_host && cfg->smtp_host[0] &&
     452          489 :             strncmp(cfg->smtp_host, "smtps://", 8) != 0)
     453            1 :             logger_log(LOG_WARN,
     454              :                        "SSL_NO_VERIFY=1: SMTP without TLS to %s "
     455              :                        "(test/dev mode only)", cfg->smtp_host);
     456              :     }
     457          817 :     if (out_needs_resave)
     458          931 :         *out_needs_resave = (plaintext_cred_found &&  g_credential_obfuscation)  /* plaintext → encrypt */
     459          931 :                          || (encrypted_cred_found && !g_credential_obfuscation); /* enc: → plaintext  */
     460          817 :     return cfg;
     461              : }
     462              : 
     463              : /* ── Public API ──────────────────────────────────────────────────────────── */
     464              : 
     465          102 : Config *config_load_account(const char *name) {
     466          102 :     if (!name || !name[0]) return NULL;
     467          100 :     int count = 0;
     468          100 :     AccountEntry *list = config_list_accounts(&count);
     469          100 :     if (!list || count == 0) { config_free_account_list(list, count); return NULL; }
     470          100 :     Config *result = NULL;
     471          119 :     for (int i = 0; i < count; i++) {
     472          135 :         int match = (list[i].name && strcmp(list[i].name, name) == 0) ||
     473           19 :                     (list[i].cfg  && list[i].cfg->user &&
     474           19 :                      strcmp(list[i].cfg->user, name) == 0);
     475          116 :         if (match) { result = list[i].cfg; list[i].cfg = NULL; break; }
     476              :     }
     477          100 :     config_free_account_list(list, count);
     478          100 :     return result;
     479              : }
     480              : 
     481          121 : Config* config_load_from_store(void) {
     482          121 :     load_settings_once(); /* ensure settings.ini exists */
     483          121 :     int count = 0;
     484          121 :     AccountEntry *list = config_list_accounts(&count);
     485          121 :     if (!list || count == 0) {
     486            9 :         config_free_account_list(list, count);
     487            9 :         return NULL;
     488              :     }
     489          112 :     Config *result = list[0].cfg;
     490          112 :     list[0].cfg = NULL;
     491          112 :     config_free_account_list(list, count);
     492          112 :     return result;
     493              : }
     494              : 
     495           42 : int config_save_account(const Config *cfg) {
     496           42 :     if (!cfg || !cfg->user || !cfg->user[0]) return -1;
     497              : 
     498           84 :     RAII_STRING char *accounts_dir = get_accounts_dir();
     499           42 :     if (!accounts_dir) return -1;
     500              : 
     501              :     char account_dir[1024];
     502           42 :     snprintf(account_dir, sizeof(account_dir), "%s/%s", accounts_dir, cfg->user);
     503              : 
     504           42 :     if (fs_mkdir_p(account_dir, 0700) != 0) return -1;
     505              : 
     506              :     char path[1088];
     507           41 :     snprintf(path, sizeof(path), "%s/config.ini", account_dir);
     508              : 
     509           82 :     RAII_FILE FILE *fp = fopen(path, "w");
     510           41 :     if (!fp) return -1;
     511           40 :     write_config_to_fp(fp, cfg);
     512           40 :     fs_ensure_permissions(path, 0600);
     513              : 
     514           40 :     logger_log(LOG_INFO, "Account saved: %s", cfg->user);
     515           40 :     return 0;
     516              : }
     517              : 
     518           12 : int config_save_to_store(const Config *cfg) {
     519           12 :     return config_save_account(cfg);
     520              : }
     521              : 
     522           28 : int config_delete_account(const char *name) {
     523           28 :     if (!name || !name[0]) return -1;
     524              : 
     525           56 :     RAII_STRING char *accounts_dir = get_accounts_dir();
     526           28 :     if (!accounts_dir) return -1;
     527              : 
     528              :     char path[1024];
     529           28 :     snprintf(path, sizeof(path), "%s/%s/config.ini", accounts_dir, name);
     530           28 :     unlink(path);
     531              : 
     532              :     char dir[1024];
     533           28 :     snprintf(dir, sizeof(dir), "%s/%s", accounts_dir, name);
     534           28 :     if (rmdir(dir) != 0 && errno != ENOENT) {
     535            4 :         logger_log(LOG_WARN, "Could not remove account dir %s", dir);
     536            4 :         return -1;
     537              :     }
     538           24 :     logger_log(LOG_INFO, "Account deleted: %s", name);
     539           24 :     return 0;
     540              : }
     541              : 
     542          726 : AccountEntry *config_list_accounts(int *count_out) {
     543          726 :     load_settings_once(); /* ensure settings.ini exists */
     544          726 :     *count_out = 0;
     545              : 
     546         1452 :     RAII_STRING char *accounts_dir = get_accounts_dir();
     547          726 :     if (!accounts_dir) return NULL;
     548              : 
     549         1452 :     RAII_DIR DIR *d = opendir(accounts_dir);
     550          726 :     if (!d) return NULL;
     551              : 
     552          720 :     int cap = 8;
     553          720 :     AccountEntry *list = malloc((size_t)cap * sizeof(AccountEntry));
     554          720 :     if (!list) return NULL;
     555          720 :     int count = 0;
     556              : 
     557              :     struct dirent *ent;
     558         3005 :     while ((ent = readdir(d)) != NULL) {
     559         2313 :         if (ent->d_name[0] == '.') continue;
     560              : 
     561              :         char path[1024];
     562          845 :         snprintf(path, sizeof(path), "%s/%s/config.ini",
     563          845 :                  accounts_dir, ent->d_name);
     564              : 
     565          845 :         int needs_resave = 0;
     566          845 :         Config *cfg = load_config_from_path(path, &needs_resave);
     567          845 :         if (!cfg) continue;
     568          817 :         if (needs_resave) {
     569          114 :             logger_log(LOG_INFO, "Re-encrypting plaintext credentials for %s", ent->d_name);
     570          228 :             RAII_FILE FILE *wfp = fopen(path, "w");
     571          114 :             if (wfp) {
     572          114 :                 write_config_to_fp(wfp, cfg);
     573          114 :                 fs_ensure_permissions(path, 0600);
     574              :             }
     575              :         }
     576              : 
     577          817 :         if (count >= cap) {
     578            1 :             cap *= 2;
     579            1 :             AccountEntry *tmp = realloc(list, (size_t)cap * sizeof(AccountEntry));
     580            1 :             if (!tmp) { config_free(cfg); break; }
     581            1 :             list = tmp;
     582              :         }
     583          817 :         list[count].name = strdup(ent->d_name);
     584          817 :         list[count].cfg  = cfg;
     585          817 :         count++;
     586              :     }
     587              : 
     588          720 :     if (count == 0) { free(list); return NULL; }
     589              : 
     590              :     /* Sort by domain first, then by username within domain */
     591          817 :     for (int i = 0; i < count - 1; i++) {
     592          256 :         for (int j = i + 1; j < count; j++) {
     593          144 :             const char *na = list[i].name ? list[i].name : "";
     594          144 :             const char *nb = list[j].name ? list[j].name : "";
     595          144 :             const char *at_a = strchr(na, '@');
     596          144 :             const char *at_b = strchr(nb, '@');
     597          144 :             const char *dom_a = at_a ? at_a + 1 : na;
     598          144 :             const char *dom_b = at_b ? at_b + 1 : nb;
     599          144 :             int dc = strcmp(dom_a, dom_b);
     600              :             int swap;
     601          144 :             if (dc != 0) {
     602           19 :                 swap = dc > 0;
     603              :             } else {
     604          125 :                 size_t ul_a = at_a ? (size_t)(at_a - na) : strlen(na);
     605          125 :                 size_t ul_b = at_b ? (size_t)(at_b - nb) : strlen(nb);
     606          125 :                 int uc = strncmp(na, nb, ul_a < ul_b ? ul_a : ul_b);
     607          125 :                 swap = (uc != 0) ? (uc > 0) : (ul_a > ul_b);
     608              :             }
     609          144 :             if (swap) {
     610           74 :                 AccountEntry tmp = list[i];
     611           74 :                 list[i] = list[j];
     612           74 :                 list[j] = tmp;
     613              :             }
     614              :         }
     615              :     }
     616              : 
     617          705 :     *count_out = count;
     618          705 :     return list;
     619              : }
     620              : 
     621          710 : void config_free_account_list(AccountEntry *list, int count) {
     622          710 :     if (!list) return;
     623         1491 :     for (int i = 0; i < count; i++) {
     624          800 :         free(list[i].name);
     625          800 :         config_free(list[i].cfg);
     626              :     }
     627          691 :     free(list);
     628              : }
     629              : 
     630           10 : int config_migrate_credentials(void) {
     631           10 :     int count = 0;
     632           10 :     AccountEntry *list = config_list_accounts(&count);
     633           10 :     if (!list) return 0; /* no accounts — nothing to migrate */
     634              : 
     635            9 :     int errors = 0;
     636           19 :     for (int i = 0; i < count; i++) {
     637           10 :         if (list[i].cfg && config_save_account(list[i].cfg) != 0) {
     638            0 :             fprintf(stderr, "Warning: could not migrate account '%s'\n",
     639            0 :                     list[i].name ? list[i].name : "?");
     640            0 :             errors++;
     641              :         }
     642              :     }
     643            9 :     config_free_account_list(list, count);
     644            9 :     return errors ? -1 : 0;
     645              : }
        

Generated by: LCOV version 2.0-1