[bpt/emacs.git] / lisp / gnus / auth-source.el

;;; auth-source.el --- authentication sources for Gnus and Emacs

;; Copyright (C) 2008, 2009 Free Software Foundation, Inc.

;; Author: Ted Zlatanov <tzz@lifelogs.com>
;; Keywords: news

;; This file is part of GNU Emacs.

;; GNU Emacs is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation, either version 3 of the License, or
;; (at your option) any later version.

;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;; GNU General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.

;;; Commentary:

;; This is the auth-source.el package.  It lets users tell Gnus how to
;; authenticate in a single place.  Simplicity is the goal.  Instead
;; of providing 5000 options, we'll stick to simple, easy to
;; understand options.

;; Easy setup:
;; (require 'auth-source)
;; (customize-variable 'auth-sources) ;; optional

;; now, whatever sources you've defined for password have to be available

;; if you want encrypted sources, which is strongly recommended, do
;; (require 'epa-file)
;; (epa-file-enable)
;; (setq epa-file-cache-passphrase-for-symmetric-encryption t) ; VERY important

;; before you put some data in ~/.authinfo.gpg (the default place)

;;; For url-auth authentication (HTTP/HTTPS), you need to use:

;;; machine yourmachine.com:80 port http login testuser password testpass

;;; This will match any realm and authentication method (basic or
;;; digest).  If you want finer controls, explore the url-auth source
;;; code and variables.

;;; For tramp authentication, use:

;;; machine yourmachine.com port scp login testuser password testpass

;;; Note that the port denotes the Tramp connection method.  When you
;;; don't use a port entry, you match any Tramp method.

;;; Code:

(require 'gnus-util)

(eval-when-compile (require 'cl))
(eval-when-compile (require 'netrc))

(defgroup auth-source nil
  "Authentication sources."
  :version "23.1" ;; No Gnus
  :group 'gnus)

(defcustom auth-source-protocols '((imap "imap" "imaps" "143" "993")
				   (pop3 "pop3" "pop" "pop3s" "110" "995")
				   (ssh  "ssh" "22")
				   (sftp "sftp" "115")
				   (smtp "smtp" "25"))
  "List of authentication protocols and their names"

  :group 'auth-source
  :version "23.1" ;; No Gnus
  :type '(repeat :tag "Authentication Protocols"
		 (cons :tag "Protocol Entry"
		       (symbol :tag "Protocol")
		       (repeat :tag "Names"
			       (string :tag "Name")))))

;;; generate all the protocols in a format Customize can use
(defconst auth-source-protocols-customize
  (mapcar (lambda (a)
	    (let ((p (car-safe a)))
	      (list 'const
		    :tag (upcase (symbol-name p))
		    p)))
	  auth-source-protocols))

(defvar auth-source-cache (make-hash-table :test 'equal)
  "Cache for auth-source data")

(defcustom auth-source-do-cache t
  "Whether auth-source should cache information."
  :group 'auth-source
  :version "23.1" ;; No Gnus
  :type `boolean)

(defcustom auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t))
  "List of authentication sources.

Each entry is the authentication type with optional properties."
  :group 'auth-source
  :version "23.1" ;; No Gnus
  :type `(repeat :tag "Authentication Sources"
		 (list :tag "Source definition"
		       (const :format "" :value :source)
		       (string :tag "Authentication Source")
		       (const :format "" :value :host)
		       (choice :tag "Host (machine) choice"
			       (const :tag "Any" t)
			       (regexp :tag "Host (machine) regular expression (TODO)")
			       (const :tag "Fallback" nil))
		       (const :format "" :value :protocol)
		       (choice :tag "Protocol"
			       (const :tag "Any" t)
			       (const :tag "Fallback" nil)
			       ,@auth-source-protocols-customize))))

;; temp for debugging
;; (unintern 'auth-source-protocols)
;; (unintern 'auth-sources)
;; (customize-variable 'auth-sources)
;; (setq auth-sources nil)
;; (format "%S" auth-sources)
;; (customize-variable 'auth-source-protocols)
;; (setq auth-source-protocols nil)
;; (format "%S" auth-source-protocols)
;; (auth-source-pick "a" 'imap)
;; (auth-source-user-or-password "login" "imap.myhost.com" 'imap)
;; (auth-source-user-or-password "password" "imap.myhost.com" 'imap)
;; (auth-source-user-or-password-imap "login" "imap.myhost.com")
;; (auth-source-user-or-password-imap "password" "imap.myhost.com")
;; (auth-source-protocol-defaults 'imap)

(defun auth-source-pick (host protocol &optional fallback)
  "Parse `auth-sources' for HOST, and PROTOCOL matches.

Returns fallback choices (where PROTOCOL or HOST are nil) with FALLBACK t."
  (interactive "sHost: \nsProtocol: \n") ;for testing
  (let (choices)
    (dolist (choice auth-sources)
      (let ((h (plist-get choice :host))
	    (p (plist-get choice :protocol)))
	(when (and
	       (or (equal t h)
		   (and (stringp h) (string-match h host))
		   (and fallback (equal h nil)))
	       (or (equal t p)
		   (and (symbolp p) (equal p protocol))
		   (and fallback (equal p nil))))
	  (push choice choices))))
    (if choices
	choices
      (unless fallback
	(auth-source-pick host protocol t)))))

(defun auth-source-forget-user-or-password (mode host protocol)
  (interactive "slogin/password: \nsHost: \nsProtocol: \n") ;for testing
  (remhash (format "%s %s:%s" mode host protocol) auth-source-cache))

(defun auth-source-user-or-password (mode host protocol)
  "Find user or password (from the string MODE) matching HOST and PROTOCOL."
  (gnus-message 9
		"auth-source-user-or-password: get %s for %s (%s)"
		mode host protocol)
  (let* ((cname (format "%s %s:%s" mode host protocol))
	 (found (gethash cname auth-source-cache)))
    (if found
	(progn
	  (gnus-message 9
			"auth-source-user-or-password: cached %s=%s for %s (%s)"
			mode
			;; don't show the password
			(if (equal mode "password") "SECRET" found)
			host protocol)
	  found)
      (dolist (choice (auth-source-pick host protocol))
	(setq found (netrc-machine-user-or-password
		     mode
		     (plist-get choice :source)
		     (list host)
		     (list (format "%s" protocol))
		     (auth-source-protocol-defaults protocol)))
	(when found
	  (gnus-message 9
			"auth-source-user-or-password: found %s=%s for %s (%s)"
			mode
			;; don't show the password
			(if (equal mode "password") "SECRET" found)
			host protocol)
	  (when auth-source-do-cache
	    (puthash cname found auth-source-cache)))
	(return found)))))

(defun auth-source-protocol-defaults (protocol)
  "Return a list of default ports and names for PROTOCOL."
  (cdr-safe (assoc protocol auth-source-protocols)))

(defun auth-source-user-or-password-imap (mode host)
  (auth-source-user-or-password mode host 'imap))

(defun auth-source-user-or-password-pop3 (mode host)
  (auth-source-user-or-password mode host 'pop3))

(defun auth-source-user-or-password-ssh (mode host)
  (auth-source-user-or-password mode host 'ssh))

(defun auth-source-user-or-password-sftp (mode host)
  (auth-source-user-or-password mode host 'sftp))

(defun auth-source-user-or-password-smtp (mode host)
  (auth-source-user-or-password mode host 'smtp))

(provide 'auth-source)

;; arch-tag: ff1afe78-06e9-42c2-b693-e9f922cbe4ab
;;; auth-source.el ends here
Commit	Line	Data
8f7abae3 MB	1	;;; auth-source.el --- authentication sources for Gnus and Emacs
8f7abae3 MB	2
ae940284	3	;; Copyright (C) 2008, 2009 Free Software Foundation, Inc.
8f7abae3 MB	4
	5	;; Author: Ted Zlatanov <tzz@lifelogs.com>
	6	;; Keywords: news
	7
	8	;; This file is part of GNU Emacs.
	9
5e809f55	10	;; GNU Emacs is free software: you can redistribute it and/or modify
8f7abae3	11	;; it under the terms of the GNU General Public License as published by
5e809f55 GM	12	;; the Free Software Foundation, either version 3 of the License, or
5e809f55 GM	13	;; (at your option) any later version.
8f7abae3 MB	14
	15	;; GNU Emacs is distributed in the hope that it will be useful,
	16	;; but WITHOUT ANY WARRANTY; without even the implied warranty of
5e809f55	17	;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
8f7abae3 MB	18	;; GNU General Public License for more details.
	19
	20	;; You should have received a copy of the GNU General Public License
5e809f55	21	;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
8f7abae3 MB	22
	23	;;; Commentary:
	24
	25	;; This is the auth-source.el package. It lets users tell Gnus how to
	26	;; authenticate in a single place. Simplicity is the goal. Instead
	27	;; of providing 5000 options, we'll stick to simple, easy to
	28	;; understand options.
d55fe5bb MB	29
	30	;; Easy setup:
	31	;; (require 'auth-source)
	32	;; (customize-variable 'auth-sources) ;; optional
	33
	34	;; now, whatever sources you've defined for password have to be available
	35
	36	;; if you want encrypted sources, which is strongly recommended, do
	37	;; (require 'epa-file)
26b9f88d	38	;; (epa-file-enable)
a368801c	39	;; (setq epa-file-cache-passphrase-for-symmetric-encryption t) ; VERY important
d55fe5bb MB	40
	41	;; before you put some data in ~/.authinfo.gpg (the default place)
	42
e952b711 MB	43	;;; For url-auth authentication (HTTP/HTTPS), you need to use:
	44
	45	;;; machine yourmachine.com:80 port http login testuser password testpass
	46
	47	;;; This will match any realm and authentication method (basic or
	48	;;; digest). If you want finer controls, explore the url-auth source
	49	;;; code and variables.
	50
4079589f MB	51	;;; For tramp authentication, use:
4079589f MB	52
43d28dcd	53	;;; machine yourmachine.com port scp login testuser password testpass
4079589f	54
43d28dcd MA	55	;;; Note that the port denotes the Tramp connection method. When you
43d28dcd MA	56	;;; don't use a port entry, you match any Tramp method.
4079589f	57
8f7abae3 MB	58	;;; Code:
8f7abae3 MB	59
e952b711 MB	60	(require 'gnus-util)
e952b711 MB	61
8f7abae3	62	(eval-when-compile (require 'cl))
9b3ebcb6	63	(eval-when-compile (require 'netrc))
8f7abae3 MB	64
	65	(defgroup auth-source nil
	66	"Authentication sources."
9b3ebcb6	67	:version "23.1" ;; No Gnus
8f7abae3 MB	68	:group 'gnus)
8f7abae3 MB	69
9b3ebcb6 MB	70	(defcustom auth-source-protocols '((imap "imap" "imaps" "143" "993")
	71	(pop3 "pop3" "pop" "pop3s" "110" "995")
	72	(ssh "ssh" "22")
	73	(sftp "sftp" "115")
	74	(smtp "smtp" "25"))
	75	"List of authentication protocols and their names"
	76
	77	:group 'auth-source
	78	:version "23.1" ;; No Gnus
	79	:type '(repeat :tag "Authentication Protocols"
	80	(cons :tag "Protocol Entry"
	81	(symbol :tag "Protocol")
	82	(repeat :tag "Names"
	83	(string :tag "Name")))))
	84
	85	;;; generate all the protocols in a format Customize can use
	86	(defconst auth-source-protocols-customize
	87	(mapcar (lambda (a)
	88	(let ((p (car-safe a)))
43d28dcd	89	(list 'const
9b3ebcb6 MB	90	:tag (upcase (symbol-name p))
	91	p)))
	92	auth-source-protocols))
	93
ed778fad MB	94	(defvar auth-source-cache (make-hash-table :test 'equal)
	95	"Cache for auth-source data")
	96
	97	(defcustom auth-source-do-cache t
	98	"Whether auth-source should cache information."
	99	:group 'auth-source
	100	:version "23.1" ;; No Gnus
	101	:type `boolean)
	102
4079589f	103	(defcustom auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t))
8f7abae3 MB	104	"List of authentication sources.
	105
	106	Each entry is the authentication type with optional properties."
	107	:group 'auth-source
9b3ebcb6 MB	108	:version "23.1" ;; No Gnus
	109	:type `(repeat :tag "Authentication Sources"
	110	(list :tag "Source definition"
	111	(const :format "" :value :source)
	112	(string :tag "Authentication Source")
	113	(const :format "" :value :host)
d55fe5bb	114	(choice :tag "Host (machine) choice"
9b3ebcb6	115	(const :tag "Any" t)
d55fe5bb	116	(regexp :tag "Host (machine) regular expression (TODO)")
9b3ebcb6 MB	117	(const :tag "Fallback" nil))
	118	(const :format "" :value :protocol)
	119	(choice :tag "Protocol"
	120	(const :tag "Any" t)
	121	(const :tag "Fallback" nil)
	122	,@auth-source-protocols-customize))))
8f7abae3 MB	123
8f7abae3 MB	124	;; temp for debugging
9b3ebcb6 MB	125	;; (unintern 'auth-source-protocols)
	126	;; (unintern 'auth-sources)
	127	;; (customize-variable 'auth-sources)
	128	;; (setq auth-sources nil)
	129	;; (format "%S" auth-sources)
	130	;; (customize-variable 'auth-source-protocols)
	131	;; (setq auth-source-protocols nil)
	132	;; (format "%S" auth-source-protocols)
	133	;; (auth-source-pick "a" 'imap)
	134	;; (auth-source-user-or-password "login" "imap.myhost.com" 'imap)
	135	;; (auth-source-user-or-password "password" "imap.myhost.com" 'imap)
	136	;; (auth-source-user-or-password-imap "login" "imap.myhost.com")
	137	;; (auth-source-user-or-password-imap "password" "imap.myhost.com")
	138	;; (auth-source-protocol-defaults 'imap)
	139
58a67d68 MB	140	(defun auth-source-pick (host protocol &optional fallback)
58a67d68 MB	141	"Parse `auth-sources' for HOST, and PROTOCOL matches.
9b3ebcb6	142
58a67d68	143	Returns fallback choices (where PROTOCOL or HOST are nil) with FALLBACK t."
9b3ebcb6 MB	144	(interactive "sHost: \nsProtocol: \n") ;for testing
	145	(let (choices)
	146	(dolist (choice auth-sources)
58a67d68	147	(let ((h (plist-get choice :host))
9b3ebcb6 MB	148	(p (plist-get choice :protocol)))
	149	(when (and
	150	(or (equal t h)
	151	(and (stringp h) (string-match h host))
	152	(and fallback (equal h nil)))
	153	(or (equal t p)
	154	(and (symbolp p) (equal p protocol))
	155	(and fallback (equal p nil))))
	156	(push choice choices))))
	157	(if choices
	158	choices
	159	(unless fallback
58a67d68	160	(auth-source-pick host protocol t)))))
9b3ebcb6	161
ed778fad MB	162	(defun auth-source-forget-user-or-password (mode host protocol)
	163	(interactive "slogin/password: \nsHost: \nsProtocol: \n") ;for testing
	164	(remhash (format "%s %s:%s" mode host protocol) auth-source-cache))
	165
58a67d68 MB	166	(defun auth-source-user-or-password (mode host protocol)
58a67d68 MB	167	"Find user or password (from the string MODE) matching HOST and PROTOCOL."
43d28dcd	168	(gnus-message 9
e952b711 MB	169	"auth-source-user-or-password: get %s for %s (%s)"
e952b711 MB	170	mode host protocol)
ed778fad MB	171	(let* ((cname (format "%s %s:%s" mode host protocol))
	172	(found (gethash cname auth-source-cache)))
	173	(if found
	174	(progn
	175	(gnus-message 9
	176	"auth-source-user-or-password: cached %s=%s for %s (%s)"
	177	mode
	178	;; don't show the password
	179	(if (equal mode "password") "SECRET" found)
	180	host protocol)
	181	found)
	182	(dolist (choice (auth-source-pick host protocol))
	183	(setq found (netrc-machine-user-or-password
	184	mode
	185	(plist-get choice :source)
	186	(list host)
	187	(list (format "%s" protocol))
	188	(auth-source-protocol-defaults protocol)))
	189	(when found
	190	(gnus-message 9
	191	"auth-source-user-or-password: found %s=%s for %s (%s)"
	192	mode
	193	;; don't show the password
	194	(if (equal mode "password") "SECRET" found)
	195	host protocol)
	196	(when auth-source-do-cache
	197	(puthash cname found auth-source-cache)))
9b3ebcb6 MB	198	(return found)))))
	199
	200	(defun auth-source-protocol-defaults (protocol)
	201	"Return a list of default ports and names for PROTOCOL."
	202	(cdr-safe (assoc protocol auth-source-protocols)))
	203
58a67d68 MB	204	(defun auth-source-user-or-password-imap (mode host)
58a67d68 MB	205	(auth-source-user-or-password mode host 'imap))
9b3ebcb6	206
58a67d68 MB	207	(defun auth-source-user-or-password-pop3 (mode host)
58a67d68 MB	208	(auth-source-user-or-password mode host 'pop3))
9b3ebcb6	209
58a67d68 MB	210	(defun auth-source-user-or-password-ssh (mode host)
58a67d68 MB	211	(auth-source-user-or-password mode host 'ssh))
9b3ebcb6	212
58a67d68 MB	213	(defun auth-source-user-or-password-sftp (mode host)
58a67d68 MB	214	(auth-source-user-or-password mode host 'sftp))
9b3ebcb6	215
58a67d68 MB	216	(defun auth-source-user-or-password-smtp (mode host)
58a67d68 MB	217	(auth-source-user-or-password mode host 'smtp))
8f7abae3 MB	218
	219	(provide 'auth-source)
	220
	221	;; arch-tag: ff1afe78-06e9-42c2-b693-e9f922cbe4ab
	222	;;; auth-source.el ends here