[bpt/emacs.git] / lisp / gnus / auth-source.el

;;; auth-source.el --- authentication sources for Gnus and Emacs

;; Copyright (C) 2008, 2009 Free Software Foundation, Inc.

;; Author: Ted Zlatanov <tzz@lifelogs.com>
;; Keywords: news

;; This file is part of GNU Emacs.

;; GNU Emacs is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation, either version 3 of the License, or
;; (at your option) any later version.

;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;; GNU General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.

;;; Commentary:

;; This is the auth-source.el package.  It lets users tell Gnus how to
;; authenticate in a single place.  Simplicity is the goal.  Instead
;; of providing 5000 options, we'll stick to simple, easy to
;; understand options.

;; Easy setup:
;; (require 'auth-source)
;; (customize-variable 'auth-sources) ;; optional

;; now, whatever sources you've defined for password have to be available

;; if you want encrypted sources, which is strongly recommended, do
;; (require 'epa-file)
;; (epa-file-enable)
;; (setq epa-file-cache-passphrase-for-symmetric-encryption t) ; VERY important

;; before you put some data in ~/.authinfo.gpg (the default place)

;;; For url-auth authentication (HTTP/HTTPS), you need to use:

;;; machine yourmachine.com:80 port http login testuser password testpass

;;; This will match any realm and authentication method (basic or
;;; digest).  If you want finer controls, explore the url-auth source
;;; code and variables.

;;; For tramp authentication, use:

;;; machine yourmachine.com port scp login testuser password testpass

;;; Note that the port denotes the Tramp connection method.  When you
;;; don't use a port entry, you match any Tramp method.

;;; Code:

(require 'gnus-util)

(eval-when-compile (require 'cl))
(eval-when-compile (require 'netrc))

(defgroup auth-source nil
  "Authentication sources."
  :version "23.1" ;; No Gnus
  :group 'gnus)

(defcustom auth-source-protocols '((imap "imap" "imaps" "143" "993")
				   (pop3 "pop3" "pop" "pop3s" "110" "995")
				   (ssh  "ssh" "22")
				   (sftp "sftp" "115")
				   (smtp "smtp" "25"))
  "List of authentication protocols and their names"

  :group 'auth-source
  :version "23.1" ;; No Gnus
  :type '(repeat :tag "Authentication Protocols"
		 (cons :tag "Protocol Entry"
		       (symbol :tag "Protocol")
		       (repeat :tag "Names"
			       (string :tag "Name")))))

;;; generate all the protocols in a format Customize can use
(defconst auth-source-protocols-customize
  (mapcar (lambda (a)
	    (let ((p (car-safe a)))
	      (list 'const
		    :tag (upcase (symbol-name p))
		    p)))
	  auth-source-protocols))

(defvar auth-source-cache (make-hash-table :test 'equal)
  "Cache for auth-source data")

(defcustom auth-source-do-cache t
  "Whether auth-source should cache information."
  :group 'auth-source
  :version "23.1" ;; No Gnus
  :type `boolean)

(defcustom auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t))
  "List of authentication sources.

Each entry is the authentication type with optional properties."
  :group 'auth-source
  :version "23.1" ;; No Gnus
  :type `(repeat :tag "Authentication Sources"
		 (list :tag "Source definition"
		       (const :format "" :value :source)
		       (string :tag "Authentication Source")
		       (const :format "" :value :host)
		       (choice :tag "Host (machine) choice"
			       (const :tag "Any" t)
			       (regexp :tag "Host (machine) regular expression (TODO)")
			       (const :tag "Fallback" nil))
		       (const :format "" :value :protocol)
		       (choice :tag "Protocol"
			       (const :tag "Any" t)
			       (const :tag "Fallback" nil)
			       ,@auth-source-protocols-customize))))

;; temp for debugging
;; (unintern 'auth-source-protocols)
;; (unintern 'auth-sources)
;; (customize-variable 'auth-sources)
;; (setq auth-sources nil)
;; (format "%S" auth-sources)
;; (customize-variable 'auth-source-protocols)
;; (setq auth-source-protocols nil)
;; (format "%S" auth-source-protocols)
;; (auth-source-pick "a" 'imap)
;; (auth-source-user-or-password "login" "imap.myhost.com" 'imap)
;; (auth-source-user-or-password "password" "imap.myhost.com" 'imap)
;; (auth-source-user-or-password-imap "login" "imap.myhost.com")
;; (auth-source-user-or-password-imap "password" "imap.myhost.com")
;; (auth-source-protocol-defaults 'imap)

(defun auth-source-pick (host protocol &optional fallback)
  "Parse `auth-sources' for HOST, and PROTOCOL matches.

Returns fallback choices (where PROTOCOL or HOST are nil) with FALLBACK t."
  (interactive "sHost: \nsProtocol: \n") ;for testing
  (let (choices)
    (dolist (choice auth-sources)
      (let ((h (plist-get choice :host))
	    (p (plist-get choice :protocol)))
	(when (and
	       (or (equal t h)
		   (and (stringp h) (string-match h host))
		   (and fallback (equal h nil)))
	       (or (equal t p)
		   (and (symbolp p) (equal p protocol))
		   (and fallback (equal p nil))))
	  (push choice choices))))
    (if choices
	choices
      (unless fallback
	(auth-source-pick host protocol t)))))

(defun auth-source-forget-user-or-password (mode host protocol)
  (interactive "slogin/password: \nsHost: \nsProtocol: \n") ;for testing
  (remhash (format "%s %s:%s" mode host protocol) auth-source-cache))

(defun auth-source-forget-all-cached ()
  "Forget all cached auth-source authentication tokens."
  (interactive)
  (setq auth-source-cache (make-hash-table :test 'equal)))

(defun auth-source-user-or-password (mode host protocol)
  "Find MODE (string or list of strings) matching HOST and PROTOCOL.
MODE can be \"login\" or \"password\" for example."
  (gnus-message 9
		"auth-source-user-or-password: get %s for %s (%s)"
		mode host protocol)
  (let* ((listy (listp mode))
	 (mode (if listy mode (list mode)))
	 (cname (format "%s %s:%s" mode host protocol))
	 (found (gethash cname auth-source-cache)))
    (if found
	(progn
	  (gnus-message 9
			"auth-source-user-or-password: cached %s=%s for %s (%s)"
			mode
			;; don't show the password
			(if (member "password" mode) "SECRET" found)
			host protocol)
	  found)
      (dolist (choice (auth-source-pick host protocol))
	(setq found (netrc-machine-user-or-password
		     mode
		     (plist-get choice :source)
		     (list host)
		     (list (format "%s" protocol))
		     (auth-source-protocol-defaults protocol)))
	(when found
	  (gnus-message 9
			"auth-source-user-or-password: found %s=%s for %s (%s)"
			mode
			;; don't show the password
			(if (member "password" mode) "SECRET" found)
			host protocol)
	  (setq found (if listy found (car-safe found)))
	  (when auth-source-do-cache
	    (puthash cname found auth-source-cache)))
	(return found)))))

(defun auth-source-protocol-defaults (protocol)
  "Return a list of default ports and names for PROTOCOL."
  (cdr-safe (assoc protocol auth-source-protocols)))

(defun auth-source-user-or-password-imap (mode host)
  (auth-source-user-or-password mode host 'imap))

(defun auth-source-user-or-password-pop3 (mode host)
  (auth-source-user-or-password mode host 'pop3))

(defun auth-source-user-or-password-ssh (mode host)
  (auth-source-user-or-password mode host 'ssh))

(defun auth-source-user-or-password-sftp (mode host)
  (auth-source-user-or-password mode host 'sftp))

(defun auth-source-user-or-password-smtp (mode host)
  (auth-source-user-or-password mode host 'smtp))

(provide 'auth-source)

;; arch-tag: ff1afe78-06e9-42c2-b693-e9f922cbe4ab
;;; auth-source.el ends here
Commit	Line	Data
8f7abae3 MB	1	;;; auth-source.el --- authentication sources for Gnus and Emacs
8f7abae3 MB	2
ae940284	3	;; Copyright (C) 2008, 2009 Free Software Foundation, Inc.
8f7abae3 MB	4
	5	;; Author: Ted Zlatanov <tzz@lifelogs.com>
	6	;; Keywords: news
	7
	8	;; This file is part of GNU Emacs.
	9
5e809f55	10	;; GNU Emacs is free software: you can redistribute it and/or modify
8f7abae3	11	;; it under the terms of the GNU General Public License as published by
5e809f55 GM	12	;; the Free Software Foundation, either version 3 of the License, or
5e809f55 GM	13	;; (at your option) any later version.
8f7abae3 MB	14
	15	;; GNU Emacs is distributed in the hope that it will be useful,
	16	;; but WITHOUT ANY WARRANTY; without even the implied warranty of
5e809f55	17	;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
8f7abae3 MB	18	;; GNU General Public License for more details.
	19
	20	;; You should have received a copy of the GNU General Public License
5e809f55	21	;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
8f7abae3 MB	22
	23	;;; Commentary:
	24
	25	;; This is the auth-source.el package. It lets users tell Gnus how to
	26	;; authenticate in a single place. Simplicity is the goal. Instead
	27	;; of providing 5000 options, we'll stick to simple, easy to
	28	;; understand options.
d55fe5bb MB	29
	30	;; Easy setup:
	31	;; (require 'auth-source)
	32	;; (customize-variable 'auth-sources) ;; optional
	33
	34	;; now, whatever sources you've defined for password have to be available
	35
	36	;; if you want encrypted sources, which is strongly recommended, do
	37	;; (require 'epa-file)
26b9f88d	38	;; (epa-file-enable)
a368801c	39	;; (setq epa-file-cache-passphrase-for-symmetric-encryption t) ; VERY important
d55fe5bb MB	40
	41	;; before you put some data in ~/.authinfo.gpg (the default place)
	42
e952b711 MB	43	;;; For url-auth authentication (HTTP/HTTPS), you need to use:
	44
	45	;;; machine yourmachine.com:80 port http login testuser password testpass
	46
	47	;;; This will match any realm and authentication method (basic or
	48	;;; digest). If you want finer controls, explore the url-auth source
	49	;;; code and variables.
	50
4079589f MB	51	;;; For tramp authentication, use:
4079589f MB	52
43d28dcd	53	;;; machine yourmachine.com port scp login testuser password testpass
4079589f	54
43d28dcd MA	55	;;; Note that the port denotes the Tramp connection method. When you
43d28dcd MA	56	;;; don't use a port entry, you match any Tramp method.
4079589f	57
8f7abae3 MB	58	;;; Code:
8f7abae3 MB	59
e952b711 MB	60	(require 'gnus-util)
e952b711 MB	61
8f7abae3	62	(eval-when-compile (require 'cl))
9b3ebcb6	63	(eval-when-compile (require 'netrc))
8f7abae3 MB	64
	65	(defgroup auth-source nil
	66	"Authentication sources."
9b3ebcb6	67	:version "23.1" ;; No Gnus
8f7abae3 MB	68	:group 'gnus)
8f7abae3 MB	69
9b3ebcb6 MB	70	(defcustom auth-source-protocols '((imap "imap" "imaps" "143" "993")
	71	(pop3 "pop3" "pop" "pop3s" "110" "995")
	72	(ssh "ssh" "22")
	73	(sftp "sftp" "115")
	74	(smtp "smtp" "25"))
	75	"List of authentication protocols and their names"
	76
	77	:group 'auth-source
	78	:version "23.1" ;; No Gnus
	79	:type '(repeat :tag "Authentication Protocols"
	80	(cons :tag "Protocol Entry"
	81	(symbol :tag "Protocol")
	82	(repeat :tag "Names"
	83	(string :tag "Name")))))
	84
	85	;;; generate all the protocols in a format Customize can use
	86	(defconst auth-source-protocols-customize
	87	(mapcar (lambda (a)
	88	(let ((p (car-safe a)))
43d28dcd	89	(list 'const
9b3ebcb6 MB	90	:tag (upcase (symbol-name p))
	91	p)))
	92	auth-source-protocols))
	93
ed778fad MB	94	(defvar auth-source-cache (make-hash-table :test 'equal)
	95	"Cache for auth-source data")
	96
	97	(defcustom auth-source-do-cache t
	98	"Whether auth-source should cache information."
	99	:group 'auth-source
	100	:version "23.1" ;; No Gnus
	101	:type `boolean)
	102
4079589f	103	(defcustom auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t))
8f7abae3 MB	104	"List of authentication sources.
	105
	106	Each entry is the authentication type with optional properties."
	107	:group 'auth-source
9b3ebcb6 MB	108	:version "23.1" ;; No Gnus
	109	:type `(repeat :tag "Authentication Sources"
	110	(list :tag "Source definition"
	111	(const :format "" :value :source)
	112	(string :tag "Authentication Source")
	113	(const :format "" :value :host)
d55fe5bb	114	(choice :tag "Host (machine) choice"
9b3ebcb6	115	(const :tag "Any" t)
d55fe5bb	116	(regexp :tag "Host (machine) regular expression (TODO)")
9b3ebcb6 MB	117	(const :tag "Fallback" nil))
	118	(const :format "" :value :protocol)
	119	(choice :tag "Protocol"
	120	(const :tag "Any" t)
	121	(const :tag "Fallback" nil)
	122	,@auth-source-protocols-customize))))
8f7abae3 MB	123
8f7abae3 MB	124	;; temp for debugging
9b3ebcb6 MB	125	;; (unintern 'auth-source-protocols)
	126	;; (unintern 'auth-sources)
	127	;; (customize-variable 'auth-sources)
	128	;; (setq auth-sources nil)
	129	;; (format "%S" auth-sources)
	130	;; (customize-variable 'auth-source-protocols)
	131	;; (setq auth-source-protocols nil)
	132	;; (format "%S" auth-source-protocols)
	133	;; (auth-source-pick "a" 'imap)
	134	;; (auth-source-user-or-password "login" "imap.myhost.com" 'imap)
	135	;; (auth-source-user-or-password "password" "imap.myhost.com" 'imap)
	136	;; (auth-source-user-or-password-imap "login" "imap.myhost.com")
	137	;; (auth-source-user-or-password-imap "password" "imap.myhost.com")
	138	;; (auth-source-protocol-defaults 'imap)
	139
58a67d68 MB	140	(defun auth-source-pick (host protocol &optional fallback)
58a67d68 MB	141	"Parse `auth-sources' for HOST, and PROTOCOL matches.
9b3ebcb6	142
58a67d68	143	Returns fallback choices (where PROTOCOL or HOST are nil) with FALLBACK t."
9b3ebcb6 MB	144	(interactive "sHost: \nsProtocol: \n") ;for testing
	145	(let (choices)
	146	(dolist (choice auth-sources)
58a67d68	147	(let ((h (plist-get choice :host))
9b3ebcb6 MB	148	(p (plist-get choice :protocol)))
	149	(when (and
	150	(or (equal t h)
	151	(and (stringp h) (string-match h host))
	152	(and fallback (equal h nil)))
	153	(or (equal t p)
	154	(and (symbolp p) (equal p protocol))
	155	(and fallback (equal p nil))))
	156	(push choice choices))))
	157	(if choices
	158	choices
	159	(unless fallback
58a67d68	160	(auth-source-pick host protocol t)))))
9b3ebcb6	161
ed778fad MB	162	(defun auth-source-forget-user-or-password (mode host protocol)
	163	(interactive "slogin/password: \nsHost: \nsProtocol: \n") ;for testing
	164	(remhash (format "%s %s:%s" mode host protocol) auth-source-cache))
	165
3b36c17e MB	166	(defun auth-source-forget-all-cached ()
	167	"Forget all cached auth-source authentication tokens."
	168	(interactive)
	169	(setq auth-source-cache (make-hash-table :test 'equal)))
	170
58a67d68	171	(defun auth-source-user-or-password (mode host protocol)
3b36c17e MB	172	"Find MODE (string or list of strings) matching HOST and PROTOCOL.
3b36c17e MB	173	MODE can be \"login\" or \"password\" for example."
43d28dcd	174	(gnus-message 9
e952b711 MB	175	"auth-source-user-or-password: get %s for %s (%s)"
e952b711 MB	176	mode host protocol)
3b36c17e MB	177	(let* ((listy (listp mode))
	178	(mode (if listy mode (list mode)))
	179	(cname (format "%s %s:%s" mode host protocol))
ed778fad MB	180	(found (gethash cname auth-source-cache)))
	181	(if found
	182	(progn
	183	(gnus-message 9
	184	"auth-source-user-or-password: cached %s=%s for %s (%s)"
	185	mode
	186	;; don't show the password
3b36c17e	187	(if (member "password" mode) "SECRET" found)
ed778fad MB	188	host protocol)
	189	found)
	190	(dolist (choice (auth-source-pick host protocol))
	191	(setq found (netrc-machine-user-or-password
	192	mode
	193	(plist-get choice :source)
	194	(list host)
	195	(list (format "%s" protocol))
	196	(auth-source-protocol-defaults protocol)))
	197	(when found
	198	(gnus-message 9
	199	"auth-source-user-or-password: found %s=%s for %s (%s)"
	200	mode
	201	;; don't show the password
3b36c17e	202	(if (member "password" mode) "SECRET" found)
ed778fad	203	host protocol)
3b36c17e	204	(setq found (if listy found (car-safe found)))
ed778fad MB	205	(when auth-source-do-cache
ed778fad MB	206	(puthash cname found auth-source-cache)))
9b3ebcb6 MB	207	(return found)))))
	208
	209	(defun auth-source-protocol-defaults (protocol)
	210	"Return a list of default ports and names for PROTOCOL."
	211	(cdr-safe (assoc protocol auth-source-protocols)))
	212
58a67d68 MB	213	(defun auth-source-user-or-password-imap (mode host)
58a67d68 MB	214	(auth-source-user-or-password mode host 'imap))
9b3ebcb6	215
58a67d68 MB	216	(defun auth-source-user-or-password-pop3 (mode host)
58a67d68 MB	217	(auth-source-user-or-password mode host 'pop3))
9b3ebcb6	218
58a67d68 MB	219	(defun auth-source-user-or-password-ssh (mode host)
58a67d68 MB	220	(auth-source-user-or-password mode host 'ssh))
9b3ebcb6	221
58a67d68 MB	222	(defun auth-source-user-or-password-sftp (mode host)
58a67d68 MB	223	(auth-source-user-or-password mode host 'sftp))
9b3ebcb6	224
58a67d68 MB	225	(defun auth-source-user-or-password-smtp (mode host)
58a67d68 MB	226	(auth-source-user-or-password mode host 'smtp))
8f7abae3 MB	227
	228	(provide 'auth-source)
	229
	230	;; arch-tag: ff1afe78-06e9-42c2-b693-e9f922cbe4ab
	231	;;; auth-source.el ends here