HCoop / bpt / emacs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
* lisp/startup.el (command-line): Update package subdirectory regexp.
[bpt/emacs.git] / lisp / gnus / auth-source.el
CommitLineData
8f7abae3
MB		 1;;; auth-source.el --- authentication sources for Gnus and Emacs
2
73b0cd50 3;; Copyright (C) 2008-2011 Free Software Foundation, Inc.
8f7abae3
MB		 4
5;; Author: Ted Zlatanov <tzz@lifelogs.com>
6;; Keywords: news
7
8;; This file is part of GNU Emacs.
9
5e809f55 10;; GNU Emacs is free software: you can redistribute it and/or modify
8f7abae3 11;; it under the terms of the GNU General Public License as published by
5e809f55
GM		 12;; the Free Software Foundation, either version 3 of the License, or
13;; (at your option) any later version.
8f7abae3
MB		 14
15;; GNU Emacs is distributed in the hope that it will be useful,
16;; but WITHOUT ANY WARRANTY; without even the implied warranty of
5e809f55 17;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
8f7abae3
MB		 18;; GNU General Public License for more details.
19
20;; You should have received a copy of the GNU General Public License
5e809f55 21;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
8f7abae3
MB		 22
23;;; Commentary:
24
25;; This is the auth-source.el package. It lets users tell Gnus how to
26;; authenticate in a single place. Simplicity is the goal. Instead
27;; of providing 5000 options, we'll stick to simple, easy to
28;; understand options.
d55fe5bb 29
554a69b8 30;; See the auth.info Info documentation for details.
4079589f 31
cbabe91f
TZ		 32;; TODO:
33
34;; - never decode the backend file unless it's necessary
35;; - a more generic way to match backends and search backend contents
36;; - absorb netrc.el and simplify it
37;; - protect passwords better
38;; - allow creating and changing netrc lines (not files) e.g. change a password
39
8f7abae3
MB		 40;;; Code:
41
b8e0f0cd 42(require 'password-cache)
d638ac9e 43(require 'mm-util)
e952b711 44(require 'gnus-util)
b8e0f0cd 45(require 'assoc)
8f7abae3 46(eval-when-compile (require 'cl))
f3b54b0e 47(require 'eieio)
b8e0f0cd 48
0e4966fb
MA		 49(autoload 'secrets-create-item "secrets")
50(autoload 'secrets-delete-item "secrets")
ec7995fa 51(autoload 'secrets-get-alias "secrets")
b8e0f0cd 52(autoload 'secrets-get-attributes "secrets")
fb178e4c 53(autoload 'secrets-get-secret "secrets")
0e4966fb
MA		 54(autoload 'secrets-list-collections "secrets")
55(autoload 'secrets-search-items "secrets")
8f7abae3 56
4248cca2
TZ		 57(autoload 'rfc2104-hash "rfc2104")
58
b8e0f0cd
G		 59(defvar secrets-enabled)
60
8f7abae3
MB		 61(defgroup auth-source nil
62 "Authentication sources."
9b3ebcb6 63 :version "23.1" ;; No Gnus
8f7abae3
MB		 64 :group 'gnus)
65
584c9d3f
G		 66;;;###autoload
67(defcustom auth-source-cache-expiry 7200
68 "How many seconds passwords are cached, or nil to disable
69expiring. Overrides `password-cache-expiry' through a
70let-binding."
71 :group 'auth-source
72 :type '(choice (const :tag "Never" nil)
73 (const :tag "All Day" 86400)
74 (const :tag "2 Hours" 7200)
75 (const :tag "30 Minutes" 1800)
76 (integer :tag "Seconds")))
77
b8e0f0cd
G		 78(defclass auth-source-backend ()
79 ((type :initarg :type
80 :initform 'netrc
81 :type symbol
82 :custom symbol
83 :documentation "The backend type.")
84 (source :initarg :source
85 :type string
86 :custom string
87 :documentation "The backend source.")
88 (host :initarg :host
89 :initform t
90 :type t
91 :custom string
92 :documentation "The backend host.")
93 (user :initarg :user
94 :initform t
95 :type t
96 :custom string
97 :documentation "The backend user.")
35123c04
TZ		 98 (port :initarg :port
99 :initform t
100 :type t
101 :custom string
102 :documentation "The backend protocol.")
b8e0f0cd
G		 103 (create-function :initarg :create-function
104 :initform ignore
105 :type function
106 :custom function
107 :documentation "The create function.")
108 (search-function :initarg :search-function
109 :initform ignore
110 :type function
111 :custom function
112 :documentation "The search function.")))
113
9b3ebcb6 114(defcustom auth-source-protocols '((imap "imap" "imaps" "143" "993")
cbabe91f
TZ		 115 (pop3 "pop3" "pop" "pop3s" "110" "995")
116 (ssh "ssh" "22")
117 (sftp "sftp" "115")
118 (smtp "smtp" "25"))
9b3ebcb6
MB		 119 "List of authentication protocols and their names"
120
121 :group 'auth-source
ec7995fa 122 :version "23.2" ;; No Gnus
9b3ebcb6 123 :type '(repeat :tag "Authentication Protocols"
cbabe91f
TZ		 124 (cons :tag "Protocol Entry"
125 (symbol :tag "Protocol")
126 (repeat :tag "Names"
127 (string :tag "Name")))))
9b3ebcb6
MB		 128
129;;; generate all the protocols in a format Customize can use
fb178e4c 130;;; TODO: generate on the fly from auth-source-protocols
9b3ebcb6
MB		 131(defconst auth-source-protocols-customize
132 (mapcar (lambda (a)
cbabe91f
TZ		 133 (let ((p (car-safe a)))
134 (list 'const
135 :tag (upcase (symbol-name p))
136 p)))
137 auth-source-protocols))
9b3ebcb6 138
b8e0f0cd
G		 139(defvar auth-source-creation-defaults nil
140 "Defaults for creating token values. Usually let-bound.")
141
003522ce
G		 142(defvar auth-source-creation-prompts nil
143 "Default prompts for token values. Usually let-bound.")
144
b8e0f0cd
G		 145(make-obsolete 'auth-source-hide-passwords nil "Emacs 24.1")
146
003522ce
G		 147(defcustom auth-source-save-behavior 'ask
148 "If set, auth-source will respect it for save behavior."
149 :group 'auth-source
150 :version "23.2" ;; No Gnus
151 :type `(choice
152 :tag "auth-source new token save behavior"
153 (const :tag "Always save" t)
154 (const :tag "Never save" nil)
155 (const :tag "Ask" ask)))
156
b8e0f0cd 157(defvar auth-source-magic "auth-source-magic ")
ed778fad
MB		 158
159(defcustom auth-source-do-cache t
b8e0f0cd 160 "Whether auth-source should cache information with `password-cache'."
ed778fad 161 :group 'auth-source
ec7995fa 162 :version "23.2" ;; No Gnus
ed778fad
MB		 163 :type `boolean)
164
a202ff49 165(defcustom auth-source-debug nil
554a69b8 166 "Whether auth-source should log debug messages.
554a69b8
KY		 167
168If the value is nil, debug messages are not logged.
ca6ddb88
TZ		 169
170If the value is t, debug messages are logged with `message'. In
171that case, your authentication data will be in the clear (except
172for passwords).
173
554a69b8
KY		 174If the value is a function, debug messages are logged by calling
175 that function using the same arguments as `message'."
176 :group 'auth-source
ec7995fa 177 :version "23.2" ;; No Gnus
cbabe91f
TZ		 178 :type `(choice
179 :tag "auth-source debugging mode"
180 (const :tag "Log using `message' to the *Messages* buffer" t)
4a3988d5
G		 181 (const :tag "Log all trivia with `message' to the *Messages* buffer"
182 trivia)
cbabe91f
TZ		 183 (function :tag "Function that takes arguments like `message'")
184 (const :tag "Don't log anything" nil)))
554a69b8 185
4a3988d5 186(defcustom auth-sources '("~/.authinfo.gpg" "~/.authinfo" "~/.netrc")
8f7abae3
MB		 187 "List of authentication sources.
188
b8e0f0cd
G		 189The default will get login and password information from
190\"~/.authinfo.gpg\", which you should set up with the EPA/EPG
191packages to be encrypted. If that file doesn't exist, it will
4a3988d5
G		 192try the unencrypted version \"~/.authinfo\" and the famous
193\"~/.netrc\" file.
b8e0f0cd
G		 194
195See the auth.info manual for details.
fb178e4c 196
ec7995fa
KY		 197Each entry is the authentication type with optional properties.
198
199It's best to customize this with `M-x customize-variable' because the choices
200can get pretty complex."
8f7abae3 201 :group 'auth-source
b8e0f0cd 202 :version "24.1" ;; No Gnus
9b3ebcb6 203 :type `(repeat :tag "Authentication Sources"
b8e0f0cd
G		 204 (choice
205 (string :tag "Just a file")
206 (const :tag "Default Secrets API Collection" 'default)
5415d076 207 (const :tag "Login Secrets API Collection" "secrets:Login")
b8e0f0cd
G		 208 (const :tag "Temp Secrets API Collection" "secrets:session")
209 (list :tag "Source definition"
210 (const :format "" :value :source)
211 (choice :tag "Authentication backend choice"
212 (string :tag "Authentication Source (file)")
213 (list
214 :tag "Secret Service API/KWallet/GNOME Keyring"
215 (const :format "" :value :secrets)
216 (choice :tag "Collection to use"
217 (string :tag "Collection name")
218 (const :tag "Default" 'default)
5415d076 219 (const :tag "Login" "Login")
b8e0f0cd
G		 220 (const
221 :tag "Temporary" "session"))))
222 (repeat :tag "Extra Parameters" :inline t
223 (choice :tag "Extra parameter"
224 (list
225 :tag "Host"
226 (const :format "" :value :host)
227 (choice :tag "Host (machine) choice"
228 (const :tag "Any" t)
229 (regexp
230 :tag "Regular expression")))
231 (list
232 :tag "Protocol"
35123c04 233 (const :format "" :value :port)
b8e0f0cd
G		 234 (choice
235 :tag "Protocol"
236 (const :tag "Any" t)
237 ,@auth-source-protocols-customize))
238 (list :tag "User" :inline t
239 (const :format "" :value :user)
240 (choice :tag "Personality/Username"
241 (const :tag "Any" t)
242 (string :tag "Name")))))))))
8f7abae3 243
549c9aed
G		 244(defcustom auth-source-gpg-encrypt-to t
245 "List of recipient keys that `authinfo.gpg' encrypted to.
246If the value is not a list, symmetric encryption will be used."
247 :group 'auth-source
b8e0f0cd 248 :version "24.1" ;; No Gnus
549c9aed 249 :type '(choice (const :tag "Symmetric encryption" t)
b8e0f0cd
G		 250 (repeat :tag "Recipient public keys"
251 (string :tag "Recipient public key"))))
549c9aed 252
8f7abae3 253;; temp for debugging
9b3ebcb6
MB		 254;; (unintern 'auth-source-protocols)
255;; (unintern 'auth-sources)
256;; (customize-variable 'auth-sources)
257;; (setq auth-sources nil)
258;; (format "%S" auth-sources)
259;; (customize-variable 'auth-source-protocols)
260;; (setq auth-source-protocols nil)
261;; (format "%S" auth-source-protocols)
fb178e4c 262;; (auth-source-pick nil :host "a" :port 'imap)
9b3ebcb6
MB		 263;; (auth-source-user-or-password "login" "imap.myhost.com" 'imap)
264;; (auth-source-user-or-password "password" "imap.myhost.com" 'imap)
265;; (auth-source-user-or-password-imap "login" "imap.myhost.com")
266;; (auth-source-user-or-password-imap "password" "imap.myhost.com")
267;; (auth-source-protocol-defaults 'imap)
268
ca6ddb88
TZ		 269;; (let ((auth-source-debug 'debug)) (auth-source-do-debug "hello"))
270;; (let ((auth-source-debug t)) (auth-source-do-debug "hello"))
271;; (let ((auth-source-debug nil)) (auth-source-do-debug "hello"))
554a69b8 272(defun auth-source-do-debug (&rest msg)
554a69b8 273 (when auth-source-debug
ca6ddb88
TZ		 274 (apply 'auth-source-do-warn msg)))
275
4a3988d5
G		 276(defun auth-source-do-trivia (&rest msg)
277 (when (or (eq auth-source-debug 'trivia)
278 (functionp auth-source-debug))
279 (apply 'auth-source-do-warn msg)))
280
ca6ddb88
TZ		 281(defun auth-source-do-warn (&rest msg)
282 (apply
283 ;; set logger to either the function in auth-source-debug or 'message
284 ;; note that it will be 'message if auth-source-debug is nil
285 (if (functionp auth-source-debug)
286 auth-source-debug
287 'message)
288 msg))
289
554a69b8 290
733afdf4
TZ		 291;;; (auth-source-read-char-choice "enter choice? " '(?a ?b ?q))
292(defun auth-source-read-char-choice (prompt choices)
293 "Read one of CHOICES by `read-char-choice', or `read-char'.
294`dropdown-list' support is disabled because it doesn't work reliably.
295Only one of CHOICES will be returned. The PROMPT is augmented
296with \"[a/b/c] \" if CHOICES is '\(?a ?b ?c\)."
297 (when choices
298 (let* ((prompt-choices
299 (apply 'concat (loop for c in choices
300 collect (format "%c/" c))))
301 (prompt-choices (concat "[" (substring prompt-choices 0 -1) "] "))
302 (full-prompt (concat prompt prompt-choices))
303 k)
304
305 (while (not (memq k choices))
306 (setq k (cond
733afdf4
TZ		 307 ((fboundp 'read-char-choice)
308 (read-char-choice full-prompt choices))
309 (t (message "%s" full-prompt)
310 (setq k (read-char))))))
311 k)))
312
35123c04
TZ		 313;; (auth-source-pick nil :host "any" :port 'imap :user "joe")
314;; (auth-source-pick t :host "any" :port 'imap :user "joe")
315;; (setq auth-sources '((:source (:secrets default) :host t :port t :user "joe")
316;; (:source (:secrets "session") :host t :port t :user "joe")
317;; (:source (:secrets "Login") :host t :port t)
318;; (:source "~/.authinfo.gpg" :host t :port t)))
fb178e4c 319
35123c04
TZ		 320;; (setq auth-sources '((:source (:secrets default) :host t :port t :user "joe")
321;; (:source (:secrets "session") :host t :port t :user "joe")
322;; (:source (:secrets "Login") :host t :port t)
cbabe91f 323;; ))
fb178e4c 324
35123c04 325;; (setq auth-sources '((:source "~/.authinfo.gpg" :host t :port t)))
fb178e4c 326
b8e0f0cd
G		 327;; (auth-source-backend-parse "myfile.gpg")
328;; (auth-source-backend-parse 'default)
5415d076 329;; (auth-source-backend-parse "secrets:Login")
b8e0f0cd
G		 330
331(defun auth-source-backend-parse (entry)
332 "Creates an auth-source-backend from an ENTRY in `auth-sources'."
333 (auth-source-backend-parse-parameters
334 entry
335 (cond
336 ;; take 'default and recurse to get it as a Secrets API default collection
337 ;; matching any user, host, and protocol
338 ((eq entry 'default)
339 (auth-source-backend-parse '(:source (:secrets default))))
340 ;; take secrets:XYZ and recurse to get it as Secrets API collection "XYZ"
341 ;; matching any user, host, and protocol
342 ((and (stringp entry) (string-match "^secrets:\\(.+\\)" entry))
343 (auth-source-backend-parse `(:source (:secrets ,(match-string 1 entry)))))
344 ;; take just a file name and recurse to get it as a netrc file
345 ;; matching any user, host, and protocol
346 ((stringp entry)
347 (auth-source-backend-parse `(:source ,entry)))
348
349 ;; a file name with parameters
350 ((stringp (plist-get entry :source))
351 (auth-source-backend
352 (plist-get entry :source)
353 :source (plist-get entry :source)
354 :type 'netrc
355 :search-function 'auth-source-netrc-search
356 :create-function 'auth-source-netrc-create))
357
358 ;; the Secrets API. We require the package, in order to have a
359 ;; defined value for `secrets-enabled'.
360 ((and
361 (not (null (plist-get entry :source))) ; the source must not be nil
362 (listp (plist-get entry :source)) ; and it must be a list
363 (require 'secrets nil t) ; and we must load the Secrets API
364 secrets-enabled) ; and that API must be enabled
365
366 ;; the source is either the :secrets key in ENTRY or
367 ;; if that's missing or nil, it's "session"
368 (let ((source (or (plist-get (plist-get entry :source) :secrets)
369 "session")))
370
371 ;; if the source is a symbol, we look for the alias named so,
5415d076 372 ;; and if that alias is missing, we use "Login"
b8e0f0cd
G		 373 (when (symbolp source)
374 (setq source (or (secrets-get-alias (symbol-name source))
5415d076 375 "Login")))
b8e0f0cd 376
ca6ddb88
TZ		 377 (if (featurep 'secrets)
378 (auth-source-backend
379 (format "Secrets API (%s)" source)
380 :source source
381 :type 'secrets
382 :search-function 'auth-source-secrets-search
383 :create-function 'auth-source-secrets-create)
384 (auth-source-do-warn
385 "auth-source-backend-parse: no Secrets API, ignoring spec: %S" entry)
386 (auth-source-backend
387 (format "Ignored Secrets API (%s)" source)
388 :source ""
389 :type 'ignore))))
b8e0f0cd
G		 390
391 ;; none of them
392 (t
ca6ddb88 393 (auth-source-do-warn
b8e0f0cd
G		 394 "auth-source-backend-parse: invalid backend spec: %S" entry)
395 (auth-source-backend
396 "Empty"
397 :source ""
398 :type 'ignore)))))
399
400(defun auth-source-backend-parse-parameters (entry backend)
401 "Fills in the extra auth-source-backend parameters of ENTRY.
35123c04
TZ		 402Using the plist ENTRY, get the :host, :port, and :user search
403parameters."
e45de620
TZ		 404 (let ((entry (if (stringp entry)
405 nil
406 entry))
407 val)
b8e0f0cd
G		 408 (when (setq val (plist-get entry :host))
409 (oset backend host val))
410 (when (setq val (plist-get entry :user))
411 (oset backend user val))
35123c04
TZ		 412 (when (setq val (plist-get entry :port))
413 (oset backend port val)))
b8e0f0cd
G		 414 backend)
415
416;; (mapcar 'auth-source-backend-parse auth-sources)
417
418(defun* auth-source-search (&rest spec
35123c04 419 &key type max host user port secret
733afdf4 420 require create delete
b8e0f0cd
G		 421 &allow-other-keys)
422 "Search or modify authentication backends according to SPEC.
423
424This function parses `auth-sources' for matches of the SPEC
425plist. It can optionally create or update an authentication
426token if requested. A token is just a standard Emacs property
427list with a :secret property that can be a function; all the
428other properties will always hold scalar values.
429
430Typically the :secret property, if present, contains a password.
431
35123c04 432Common search keys are :max, :host, :port, and :user. In
b8e0f0cd
G		 433addition, :create specifies how tokens will be or created.
434Finally, :type can specify which backend types you want to check.
435
436A string value is always matched literally. A symbol is matched
437as its string value, literally. All the SPEC values can be
438single values (symbol or string) or lists thereof (in which case
439any of the search terms matches).
440
441:create t means to create a token if possible.
442
443A new token will be created if no matching tokens were found.
444The new token will have only the keys the backend requires. For
445the netrc backend, for instance, that's the user, host, and
35123c04 446port keys.
b8e0f0cd
G		 447
448Here's an example:
449
450\(let ((auth-source-creation-defaults '((user . \"defaultUser\")
451 (A . \"default A\"))))
452 (auth-source-search :host \"mine\" :type 'netrc :max 1
453 :P \"pppp\" :Q \"qqqq\"
454 :create t))
455
456which says:
457
458\"Search for any entry matching host 'mine' in backends of type
459 'netrc', maximum one result.
460
461 Create a new entry if you found none. The netrc backend will
35123c04 462 automatically require host, user, and port. The host will be
b8e0f0cd 463 'mine'. We prompt for the user with default 'defaultUser' and
35123c04 464 for the port without a default. We will not prompt for A, Q,
b8e0f0cd 465 or P. The resulting token will only have keys user, host, and
35123c04 466 port.\"
b8e0f0cd
G		 467
468:create '(A B C) also means to create a token if possible.
469
470The behavior is like :create t but if the list contains any
471parameter, that parameter will be required in the resulting
472token. The value for that parameter will be obtained from the
473search parameters or from user input. If any queries are needed,
474the alist `auth-source-creation-defaults' will be checked for the
003522ce
G		 475default value. If the user, host, or port are missing, the alist
476`auth-source-creation-prompts' will be used to look up the
477prompts IN THAT ORDER (so the 'user prompt will be queried first,
478then 'host, then 'port, and finally 'secret). Each prompt string
479can use %u, %h, and %p to show the user, host, and port.
b8e0f0cd
G		 480
481Here's an example:
482
483\(let ((auth-source-creation-defaults '((user . \"defaultUser\")
003522ce
G		 484 (A . \"default A\")))
485 (auth-source-creation-prompts
486 '((password . \"Enter IMAP password for %h:%p: \"))))
b8e0f0cd
G		 487 (auth-source-search :host '(\"nonesuch\" \"twosuch\") :type 'netrc :max 1
488 :P \"pppp\" :Q \"qqqq\"
489 :create '(A B Q)))
490
491which says:
492
493\"Search for any entry matching host 'nonesuch'
494 or 'twosuch' in backends of type 'netrc', maximum one result.
495
496 Create a new entry if you found none. The netrc backend will
35123c04 497 automatically require host, user, and port. The host will be
003522ce
G		 498 'nonesuch' and Q will be 'qqqq'. We prompt for the password
499 with the shown prompt. We will not prompt for Q. The resulting
500 token will have keys user, host, port, A, B, and Q. It will not
501 have P with any value, even though P is used in the search to
502 find only entries that have P set to 'pppp'.\"
b8e0f0cd
G		 503
504When multiple values are specified in the search parameter, the
7ba93e94
G		 505user is prompted for which one. So :host (X Y Z) would ask the
506user to choose between X, Y, and Z.
b8e0f0cd
G		 507
508This creation can fail if the search was not specific enough to
509create a new token (it's up to the backend to decide that). You
510should `catch' the backend-specific error as usual. Some
511backends (netrc, at least) will prompt the user rather than throw
512an error.
513
733afdf4
TZ		 514:require (A B C) means that only results that contain those
515tokens will be returned. Thus for instance requiring :secret
516will ensure that any results will actually have a :secret
517property.
518
b8e0f0cd
G		 519:delete t means to delete any found entries. nil by default.
520Use `auth-source-delete' in ELisp code instead of calling
521`auth-source-search' directly with this parameter.
522
523:type (X Y Z) will check only those backend types. 'netrc and
524'secrets are the only ones supported right now.
525
526:max N means to try to return at most N items (defaults to 1).
527When 0 the function will return just t or nil to indicate if any
528matches were found. More than N items may be returned, depending
529on the search and the backend.
530
531:host (X Y Z) means to match only hosts X, Y, or Z according to
532the match rules above. Defaults to t.
533
534:user (X Y Z) means to match only users X, Y, or Z according to
535the match rules above. Defaults to t.
536
35123c04 537:port (P Q R) means to match only protocols P, Q, or R.
b8e0f0cd
G		 538Defaults to t.
539
540:K (V1 V2 V3) for any other key K will match values V1, V2, or
541V3 (note the match rules above).
542
543The return value is a list with at most :max tokens. Each token
35123c04 544is a plist with keys :backend :host :port :user, plus any other
b8e0f0cd
G		 545keys provided by the backend (notably :secret). But note the
546exception for :max 0, which see above.
547
733afdf4
TZ		 548The token can hold a :save-function key. If you call that, the
549user will be prompted to save the data to the backend. You can't
550request that this should happen right after creation, because
551`auth-source-search' has no way of knowing if the token is
552actually useful. So the caller must arrange to call this function.
553
b8e0f0cd
G		 554The token's :secret key can hold a function. In that case you
555must call it to obtain the actual value."
556 (let* ((backends (mapcar 'auth-source-backend-parse auth-sources))
557 (max (or max 1))
733afdf4 558 (ignored-keys '(:require :create :delete :max))
b8e0f0cd
G		 559 (keys (loop for i below (length spec) by 2
560 unless (memq (nth i spec) ignored-keys)
561 collect (nth i spec)))
61e9662e
TZ		 562 (cached (auth-source-remembered-p spec))
563 ;; note that we may have cached results but found is still nil
564 ;; (there were no results from the search)
b8e0f0cd 565 (found (auth-source-recall spec))
4a3988d5 566 filtered-backends accessor-key backend)
b8e0f0cd 567
61e9662e 568 (if (and cached auth-source-do-cache)
b8e0f0cd
G		 569 (auth-source-do-debug
570 "auth-source-search: found %d CACHED results matching %S"
571 (length found) spec)
572
573 (assert
574 (or (eq t create) (listp create)) t
4a3988d5 575 "Invalid auth-source :create parameter (must be t or a list): %s %s")
b8e0f0cd 576
733afdf4
TZ		 577 (assert
578 (listp require) t
579 "Invalid auth-source :require parameter (must be a list): %s")
580
6ce6c742 581 (setq filtered-backends (copy-sequence backends))
b8e0f0cd
G		 582 (dolist (backend backends)
583 (dolist (key keys)
584 ;; ignore invalid slots
585 (condition-case signal
586 (unless (eval `(auth-source-search-collection
587 (plist-get spec key)
588 (oref backend ,key)))
589 (setq filtered-backends (delq backend filtered-backends))
590 (return))
591 (invalid-slot-name))))
592
4a3988d5 593 (auth-source-do-trivia
b8e0f0cd
G		 594 "auth-source-search: found %d backends matching %S"
595 (length filtered-backends) spec)
596
597 ;; (debug spec "filtered" filtered-backends)
1d2c4a49
LI		 598 ;; First go through all the backends without :create, so we can
599 ;; query them all.
4a3988d5
G		 600 (setq found (auth-source-search-backends filtered-backends
601 spec
602 ;; to exit early
603 max
733afdf4
TZ		 604 ;; create is always nil here
605 nil delete
606 require))
4a3988d5
G		 607
608 (auth-source-do-debug
609 "auth-source-search: found %d results (max %d) matching %S"
610 (length found) max spec)
611
1d2c4a49
LI		 612 ;; If we didn't find anything, then we allow the backend(s) to
613 ;; create the entries.
38046520 614 (when (and create
4a3988d5
G		 615 (not found))
616 (setq found (auth-source-search-backends filtered-backends
617 spec
618 ;; to exit early
619 max
733afdf4
TZ		 620 create delete
621 require))
622 (auth-source-do-debug
4a3988d5
G		 623 "auth-source-search: CREATED %d results (max %d) matching %S"
624 (length found) max spec))
625
61e9662e
TZ		 626 ;; note we remember the lack of result too, if it's applicable
627 (when auth-source-do-cache
4a3988d5
G		 628 (auth-source-remember spec found)))
629
630 found))
631
733afdf4 632(defun auth-source-search-backends (backends spec max create delete require)
4a3988d5
G		 633 (let (matches)
634 (dolist (backend backends)
635 (when (> max (length matches)) ; when we need more matches...
733afdf4
TZ		 636 (let* ((bmatches (apply
637 (slot-value backend 'search-function)
638 :backend backend
639 ;; note we're overriding whatever the spec
640 ;; has for :require, :create, and :delete
641 :require require
642 :create create
643 :delete delete
644 spec)))
4a3988d5
G		 645 (when bmatches
646 (auth-source-do-trivia
647 "auth-source-search-backend: got %d (max %d) in %s:%s matching %S"
648 (length bmatches) max
649 (slot-value backend :type)
650 (slot-value backend :source)
651 spec)
652 (setq matches (append matches bmatches))))))
653 matches))
b8e0f0cd
G		 654
655;;; (auth-source-search :max 1)
656;;; (funcall (plist-get (nth 0 (auth-source-search :max 1)) :secret))
657;;; (auth-source-search :host "nonesuch" :type 'netrc :K 1)
658;;; (auth-source-search :host "nonesuch" :type 'secrets)
659
660(defun* auth-source-delete (&rest spec
661 &key delete
662 &allow-other-keys)
663 "Delete entries from the authentication backends according to SPEC.
664Calls `auth-source-search' with the :delete property in SPEC set to t.
665The backend may not actually delete the entries.
666
667Returns the deleted entries."
668 (auth-source-search (plist-put spec :delete t)))
669
670(defun auth-source-search-collection (collection value)
671 "Returns t is VALUE is t or COLLECTION is t or contains VALUE."
672 (when (and (atom collection) (not (eq t collection)))
673 (setq collection (list collection)))
674
675 ;; (debug :collection collection :value value)
676 (or (eq collection t)
677 (eq value t)
678 (equal collection value)
679 (member value collection)))
ed778fad 680
3b36c17e 681(defun auth-source-forget-all-cached ()
b8e0f0cd 682 "Forget all cached auth-source data."
3b36c17e 683 (interactive)
b8e0f0cd
G		 684 (loop for sym being the symbols of password-data
685 ;; when the symbol name starts with auth-source-magic
686 when (string-match (concat "^" auth-source-magic)
687 (symbol-name sym))
688 ;; remove that key
689 do (password-cache-remove (symbol-name sym))))
690
691(defun auth-source-remember (spec found)
692 "Remember FOUND search results for SPEC."
584c9d3f
G		 693 (let ((password-cache-expiry auth-source-cache-expiry))
694 (password-cache-add
695 (concat auth-source-magic (format "%S" spec)) found)))
b8e0f0cd
G		 696
697(defun auth-source-recall (spec)
698 "Recall FOUND search results for SPEC."
699 (password-read-from-cache
700 (concat auth-source-magic (format "%S" spec))))
701
61e9662e
TZ		 702(defun auth-source-remembered-p (spec)
703 "Check if SPEC is remembered."
704 (password-in-cache-p
705 (concat auth-source-magic (format "%S" spec))))
706
b8e0f0cd
G		 707(defun auth-source-forget (spec)
708 "Forget any cached data matching SPEC exactly.
709
710This is the same SPEC you passed to `auth-source-search'.
711Returns t or nil for forgotten or not found."
712 (password-cache-remove (concat auth-source-magic (format "%S" spec))))
713
714;;; (loop for sym being the symbols of password-data when (string-match (concat "^" auth-source-magic) (symbol-name sym)) collect (symbol-name sym))
715
716;;; (auth-source-remember '(:host "wedd") '(4 5 6))
61e9662e 717;;; (auth-source-remembered-p '(:host "wedd"))
b8e0f0cd 718;;; (auth-source-remember '(:host "xedd") '(1 2 3))
61e9662e
TZ		 719;;; (auth-source-remembered-p '(:host "xedd"))
720;;; (auth-source-remembered-p '(:host "zedd"))
b8e0f0cd
G		 721;;; (auth-source-recall '(:host "xedd"))
722;;; (auth-source-recall '(:host t))
723;;; (auth-source-forget+ :host t)
724
725(defun* auth-source-forget+ (&rest spec &allow-other-keys)
726 "Forget any cached data matching SPEC. Returns forgotten count.
727
728This is not a full `auth-source-search' spec but works similarly.
729For instance, \(:host \"myhost\" \"yourhost\") would find all the
730cached data that was found with a search for those two hosts,
731while \(:host t) would find all host entries."
732 (let ((count 0)
733 sname)
734 (loop for sym being the symbols of password-data
735 ;; when the symbol name matches with auth-source-magic
736 when (and (setq sname (symbol-name sym))
737 (string-match (concat "^" auth-source-magic "\\(.+\\)")
738 sname)
739 ;; and the spec matches what was stored in the cache
740 (auth-source-specmatchp spec (read (match-string 1 sname))))
741 ;; remove that key
742 do (progn
743 (password-cache-remove sname)
744 (incf count)))
745 count))
746
747(defun auth-source-specmatchp (spec stored)
748 (let ((keys (loop for i below (length spec) by 2
749 collect (nth i spec))))
750 (not (eq
751 (dolist (key keys)
752 (unless (auth-source-search-collection (plist-get stored key)
753 (plist-get spec key))
754 (return 'no)))
755 'no))))
756
f3b54b0e
TZ		 757;;; (auth-source-pick-first-password :host "z.lifelogs.com")
758;;; (auth-source-pick-first-password :port "imap")
759(defun auth-source-pick-first-password (&rest spec)
760 "Pick the first secret found from applying SPEC to `auth-source-search'."
761 (let* ((result (nth 0 (apply 'auth-source-search (plist-put spec :max 1))))
762 (secret (plist-get result :secret)))
763
764 (if (functionp secret)
765 (funcall secret)
766 secret)))
767
768;; (auth-source-format-prompt "test %u %h %p" '((?u "user") (?h "host")))
769(defun auth-source-format-prompt (prompt alist)
770 "Format PROMPT using %x (for any character x) specifiers in ALIST."
771 (dolist (cell alist)
772 (let ((c (nth 0 cell))
773 (v (nth 1 cell)))
774 (when (and c v)
4248cca2
TZ		 775 (setq prompt (replace-regexp-in-string (format "%%%c" c)
776 (format "%s" v)
777 prompt)))))
f3b54b0e 778 prompt)
b8e0f0cd 779
8e22bee0
G		 780(defun auth-source-ensure-strings (values)
781 (unless (listp values)
782 (setq values (list values)))
783 (mapcar (lambda (value)
784 (if (numberp value)
785 (format "%s" value)
786 value))
787 values))
788
f3b54b0e
TZ		 789;;; Backend specific parsing: netrc/authinfo backend
790
06b840e0
LI		 791(defvar auth-source-netrc-cache nil)
792
b8e0f0cd
G		 793;;; (auth-source-netrc-parse "~/.authinfo.gpg")
794(defun* auth-source-netrc-parse (&rest
795 spec
733afdf4 796 &key file max host user port delete require
b8e0f0cd
G		 797 &allow-other-keys)
798 "Parse FILE and return a list of all entries in the file.
799Note that the MAX parameter is used so we can exit the parse early."
800 (if (listp file)
801 ;; We got already parsed contents; just return it.
802 file
803 (when (file-exists-p file)
8e22bee0 804 (setq port (auth-source-ensure-strings port))
b8e0f0cd 805 (with-temp-buffer
4a3988d5
G		 806 (let* ((tokens '("machine" "host" "default" "login" "user"
807 "password" "account" "macdef" "force"
808 "port" "protocol"))
809 (max (or max 5000)) ; sanity check: default to stop at 5K
810 (modified 0)
811 (cached (cdr-safe (assoc file auth-source-netrc-cache)))
812 (cached-mtime (plist-get cached :mtime))
813 (cached-secrets (plist-get cached :secret))
814 alist elem result pair)
815
816 (if (and (functionp cached-secrets)
817 (equal cached-mtime
818 (nth 5 (file-attributes file))))
819 (progn
820 (auth-source-do-trivia
821 "auth-source-netrc-parse: using CACHED file data for %s"
822 file)
823 (insert (funcall cached-secrets)))
824 (insert-file-contents file)
825 ;; cache all netrc files (used to be just .gpg files)
826 ;; Store the contents of the file heavily encrypted in memory.
827 ;; (note for the irony-impaired: they are just obfuscated)
828 (aput 'auth-source-netrc-cache file
829 (list :mtime (nth 5 (file-attributes file))
830 :secret (lexical-let ((v (rot13-string
831 (base64-encode-string
832 (buffer-string)))))
833 (lambda () (base64-decode-string
834 (rot13-string v)))))))
b8e0f0cd
G		 835 (goto-char (point-min))
836 ;; Go through the file, line by line.
837 (while (and (not (eobp))
838 (> max 0))
839
840 (narrow-to-region (point) (point-at-eol))
841 ;; For each line, get the tokens and values.
842 (while (not (eobp))
843 (skip-chars-forward "\t ")
844 ;; Skip lines that begin with a "#".
845 (if (eq (char-after) ?#)
846 (goto-char (point-max))
847 (unless (eobp)
848 (setq elem
849 (if (= (following-char) ?\")
850 (read (current-buffer))
851 (buffer-substring
852 (point) (progn (skip-chars-forward "^\t ")
853 (point)))))
854 (cond
855 ((equal elem "macdef")
856 ;; We skip past the macro definition.
857 (widen)
858 (while (and (zerop (forward-line 1))
859 (looking-at "$")))
860 (narrow-to-region (point) (point)))
861 ((member elem tokens)
862 ;; Tokens that don't have a following value are ignored,
863 ;; except "default".
864 (when (and pair (or (cdr pair)
865 (equal (car pair) "default")))
866 (push pair alist))
867 (setq pair (list elem)))
868 (t
869 ;; Values that haven't got a preceding token are ignored.
870 (when pair
871 (setcdr pair elem)
872 (push pair alist)
873 (setq pair nil)))))))
874
875 (when (and alist
876 (> max 0)
877 (auth-source-search-collection
878 host
879 (or
880 (aget alist "machine")
35123c04
TZ		 881 (aget alist "host")
882 t))
b8e0f0cd
G		 883 (auth-source-search-collection
884 user
885 (or
886 (aget alist "login")
887 (aget alist "account")
35123c04
TZ		 888 (aget alist "user")
889 t))
b8e0f0cd 890 (auth-source-search-collection
35123c04 891 port
b8e0f0cd
G		 892 (or
893 (aget alist "port")
35123c04 894 (aget alist "protocol")
733afdf4
TZ		 895 t))
896 (or
897 ;; the required list of keys is nil, or
898 (null require)
899 ;; every element of require is in the normalized list
900 (let ((normalized (nth 0 (auth-source-netrc-normalize
901 (list alist)))))
902 (loop for req in require
903 always (plist-get normalized req)))))
b8e0f0cd
G		 904 (decf max)
905 (push (nreverse alist) result)
906 ;; to delete a line, we just comment it out
907 (when delete
908 (goto-char (point-min))
909 (insert "#")
910 (incf modified)))
911 (setq alist nil
912 pair nil)
913 (widen)
914 (forward-line 1))
915
916 (when (< 0 modified)
917 (when auth-source-gpg-encrypt-to
918 ;; (see bug#7487) making `epa-file-encrypt-to' local to
919 ;; this buffer lets epa-file skip the key selection query
920 ;; (see the `local-variable-p' check in
921 ;; `epa-file-write-region').
922 (unless (local-variable-p 'epa-file-encrypt-to (current-buffer))
923 (make-local-variable 'epa-file-encrypt-to))
924 (if (listp auth-source-gpg-encrypt-to)
925 (setq epa-file-encrypt-to auth-source-gpg-encrypt-to)))
926
927 ;; ask AFTER we've successfully opened the file
733afdf4 928 (when (y-or-n-p (format "Save file %s? (%d deletions)"
b8e0f0cd
G		 929 file modified))
930 (write-region (point-min) (point-max) file nil 'silent)
931 (auth-source-do-debug
932 "auth-source-netrc-parse: modified %d lines in %s"
933 modified file)))
934
935 (nreverse result))))))
936
937(defun auth-source-netrc-normalize (alist)
938 (mapcar (lambda (entry)
939 (let (ret item)
940 (while (setq item (pop entry))
941 (let ((k (car item))
942 (v (cdr item)))
943
944 ;; apply key aliases
945 (setq k (cond ((member k '("machine")) "host")
946 ((member k '("login" "account")) "user")
947 ((member k '("protocol")) "port")
948 ((member k '("password")) "secret")
949 (t k)))
950
951 ;; send back the secret in a function (lexical binding)
952 (when (equal k "secret")
953 (setq v (lexical-let ((v v))
954 (lambda () v))))
955
956 (setq ret (plist-put ret
957 (intern (concat ":" k))
958 v))
959 ))
960 ret))
961 alist))
962
963;;; (setq secret (plist-get (nth 0 (auth-source-search :host t :type 'netrc :K 1 :max 1)) :secret))
964;;; (funcall secret)
965
966(defun* auth-source-netrc-search (&rest
967 spec
733afdf4 968 &key backend require create delete
35123c04 969 type max host user port
b8e0f0cd
G		 970 &allow-other-keys)
971"Given a property list SPEC, return search matches from the :backend.
972See `auth-source-search' for details on SPEC."
973 ;; just in case, check that the type is correct (null or same as the backend)
974 (assert (or (null type) (eq type (oref backend type)))
d5e9a4e9 975 t "Invalid netrc search: %s %s")
b8e0f0cd
G		 976
977 (let ((results (auth-source-netrc-normalize
978 (auth-source-netrc-parse
979 :max max
733afdf4 980 :require require
b8e0f0cd
G		 981 :delete delete
982 :file (oref backend source)
983 :host (or host t)
984 :user (or user t)
35123c04 985 :port (or port t)))))
b8e0f0cd
G		 986
987 ;; if we need to create an entry AND none were found to match
988 (when (and create
4a3988d5 989 (not results))
b8e0f0cd 990
584c9d3f
G		 991 ;; create based on the spec and record the value
992 (setq results (or
993 ;; if the user did not want to create the entry
994 ;; in the file, it will be returned
995 (apply (slot-value backend 'create-function) spec)
996 ;; if not, we do the search again without :create
997 ;; to get the updated data.
998
999 ;; the result will be returned, even if the search fails
1000 (apply 'auth-source-netrc-search
1001 (plist-put spec :create nil)))))
b8e0f0cd
G		 1002 results))
1003
fa41748c
G		 1004(defun auth-source-netrc-element-or-first (v)
1005 (if (listp v)
1006 (nth 0 v)
1007 v))
1008
b8e0f0cd
G		 1009;;; (auth-source-search :host "nonesuch" :type 'netrc :max 1 :create t)
1010;;; (auth-source-search :host "nonesuch" :type 'netrc :max 1 :create t :create-extra-keys '((A "default A") (B)))
1011
1012(defun* auth-source-netrc-create (&rest spec
1013 &key backend
35123c04 1014 secret host user port create
b8e0f0cd 1015 &allow-other-keys)
35123c04 1016 (let* ((base-required '(host user port secret))
b8e0f0cd
G		 1017 ;; we know (because of an assertion in auth-source-search) that the
1018 ;; :create parameter is either t or a list (which includes nil)
1019 (create-extra (if (eq t create) nil create))
1020 (required (append base-required create-extra))
1021 (file (oref backend source))
1022 (add "")
1023 ;; `valist' is an alist
584c9d3f
G		 1024 valist
1025 ;; `artificial' will be returned if no creation is needed
1026 artificial)
b8e0f0cd
G		 1027
1028 ;; only for base required elements (defined as function parameters):
1029 ;; fill in the valist with whatever data we may have from the search
7ba93e94 1030 ;; we complete the first value if it's a list and use the value otherwise
b8e0f0cd
G		 1031 (dolist (br base-required)
1032 (when (symbol-value br)
7ba93e94
G		 1033 (let ((br-choice (cond
1034 ;; all-accepting choice (predicate is t)
1035 ((eq t (symbol-value br)) nil)
1036 ;; just the value otherwise
1037 (t (symbol-value br)))))
1038 (when br-choice
1039 (aput 'valist br br-choice)))))
b8e0f0cd
G		 1040
1041 ;; for extra required elements, see if the spec includes a value for them
1042 (dolist (er create-extra)
1043 (let ((name (concat ":" (symbol-name er)))
1044 (keys (loop for i below (length spec) by 2
1045 collect (nth i spec))))
1046 (dolist (k keys)
1047 (when (equal (symbol-name k) name)
1048 (aput 'valist er (plist-get spec k))))))
1049
1050 ;; for each required element
1051 (dolist (r required)
1052 (let* ((data (aget valist r))
4a3988d5 1053 ;; take the first element if the data is a list
fa41748c 1054 (data (auth-source-netrc-element-or-first data))
4a3988d5 1055 ;; this is the default to be offered
b8e0f0cd 1056 (given-default (aget auth-source-creation-defaults r))
733afdf4
TZ		 1057 ;; the default supplementals are simple:
1058 ;; for the user, try `given-default' and then (user-login-name);
1059 ;; otherwise take `given-default'
b8e0f0cd 1060 (default (cond
733afdf4
TZ		 1061 ((and (not given-default) (eq r 'user))
1062 (user-login-name))
003522ce
G		 1063 (t given-default)))
1064 (printable-defaults (list
1065 (cons 'user
1066 (or
1067 (auth-source-netrc-element-or-first
1068 (aget valist 'user))
1069 (plist-get artificial :user)
1070 "[any user]"))
1071 (cons 'host
1072 (or
1073 (auth-source-netrc-element-or-first
1074 (aget valist 'host))
1075 (plist-get artificial :host)
1076 "[any host]"))
1077 (cons 'port
1078 (or
1079 (auth-source-netrc-element-or-first
1080 (aget valist 'port))
1081 (plist-get artificial :port)
1082 "[any port]"))))
1083 (prompt (or (aget auth-source-creation-prompts r)
1084 (case r
733afdf4
TZ		 1085 (secret "%p password for %u@%h: ")
1086 (user "%p user name for %h: ")
1087 (host "%p host name for user %u: ")
1088 (port "%p port for %u@%h: "))
003522ce
G		 1089 (format "Enter %s (%%u@%%h:%%p): " r)))
1090 (prompt (auth-source-format-prompt
1091 prompt
1092 `((?u ,(aget printable-defaults 'user))
1093 (?h ,(aget printable-defaults 'host))
1094 (?p ,(aget printable-defaults 'port))))))
4a3988d5 1095
aa2ebce9 1096 ;; Store the data, prompting for the password if needed.
4a3988d5
G		 1097 (setq data
1098 (cond
1099 ((and (null data) (eq r 'secret))
aa2ebce9 1100 ;; Special case prompt for passwords.
003522ce
G		 1101 (read-passwd prompt))
1102 ((null data)
67613d31 1103 (when default
aa2ebce9
SM		 1104 (setq prompt
1105 (if (string-match ": *\\'" prompt)
1106 (concat (substring prompt 0 (match-beginning 0))
1107 " (default " default "): ")
1108 (concat prompt "(default " default ") "))))
4248cca2 1109 (read-string prompt nil nil default))
fa41748c 1110 (t (or data default))))
b8e0f0cd 1111
584c9d3f
G		 1112 (when data
1113 (setq artificial (plist-put artificial
1114 (intern (concat ":" (symbol-name r)))
1115 (if (eq r 'secret)
1116 (lexical-let ((data data))
1117 (lambda () data))
1118 data))))
1119
aa2ebce9 1120 ;; When r is not an empty string...
b8e0f0cd
G		 1121 (when (and (stringp data)
1122 (< 0 (length data)))
4a3988d5
G		 1123 ;; this function is not strictly necessary but I think it
1124 ;; makes the code clearer -tzz
1125 (let ((printer (lambda ()
7ba93e94
G		 1126 ;; append the key (the symbol name of r)
1127 ;; and the value in r
1128 (format "%s%s %S"
1129 ;; prepend a space
1130 (if (zerop (length add)) "" " ")
1131 ;; remap auth-source tokens to netrc
1132 (case r
4a3988d5
G		 1133 ('user "login")
1134 ('host "machine")
b8e0f0cd 1135 ('secret "password")
4a3988d5 1136 ('port "port") ; redundant but clearer
b8e0f0cd 1137 (t (symbol-name r)))
7ba93e94 1138 ;; the value will be printed in %S format
4a3988d5
G		 1139 data))))
1140 (setq add (concat add (funcall printer)))))))
b8e0f0cd 1141
733afdf4
TZ		 1142 (plist-put
1143 artificial
1144 :save-function
1145 (lexical-let ((file file)
1146 (add add))
1147 (lambda () (auth-source-netrc-saver file add))))
1148
1149 (list artificial)))
1150
4248cca2 1151;;(funcall (plist-get (nth 0 (auth-source-search :host '("nonesuch2") :user "tzz" :port "imap" :create t :max 1)) :save-function))
733afdf4
TZ		 1152(defun auth-source-netrc-saver (file add)
1153 "Save a line ADD in FILE, prompting along the way.
4248cca2
TZ		 1154Respects `auth-source-save-behavior'. Uses
1155`auth-source-netrc-cache' to avoid prompting more than once."
1156 (let* ((key (format "%s %s" file (rfc2104-hash 'md5 64 16 file add)))
1157 (cached (assoc key auth-source-netrc-cache)))
1158
1159 (if cached
1160 (auth-source-do-trivia
1161 "auth-source-netrc-saver: found previous run for key %s, returning"
1162 key)
1163 (with-temp-buffer
1164 (when (file-exists-p file)
1165 (insert-file-contents file))
1166 (when auth-source-gpg-encrypt-to
1167 ;; (see bug#7487) making `epa-file-encrypt-to' local to
1168 ;; this buffer lets epa-file skip the key selection query
1169 ;; (see the `local-variable-p' check in
1170 ;; `epa-file-write-region').
1171 (unless (local-variable-p 'epa-file-encrypt-to (current-buffer))
1172 (make-local-variable 'epa-file-encrypt-to))
1173 (if (listp auth-source-gpg-encrypt-to)
1174 (setq epa-file-encrypt-to auth-source-gpg-encrypt-to)))
1175 ;; we want the new data to be found first, so insert at beginning
1176 (goto-char (point-min))
1177
aa2ebce9 1178 ;; Ask AFTER we've successfully opened the file.
4248cca2
TZ		 1179 (let ((prompt (format "Save auth info to file %s? " file))
1180 (done (not (eq auth-source-save-behavior 'ask)))
1181 (bufname "*auth-source Help*")
1182 k)
1183 (while (not done)
1184 (setq k (auth-source-read-char-choice prompt '(?y ?n ?N ?e ??)))
1185 (case k
1186 (?y (setq done t))
1187 (?? (save-excursion
1188 (with-output-to-temp-buffer bufname
1189 (princ
1190 (concat "(y)es, save\n"
1191 "(n)o but use the info\n"
1192 "(N)o and don't ask to save again\n"
1193 "(e)dit the line\n"
1194 "(?) for help as you can see.\n"))
aa2ebce9
SM		 1195 ;; Why? Doesn't with-output-to-temp-buffer already do
1196 ;; the exact same thing anyway? --Stef
4248cca2
TZ		 1197 (set-buffer standard-output)
1198 (help-mode))))
1199 (?n (setq add ""
1200 done t))
1201 (?N (setq add ""
1202 done t
1203 auth-source-save-behavior nil))
1204 (?e (setq add (read-string "Line to add: " add)))
1205 (t nil)))
1206
1207 (when (get-buffer-window bufname)
1208 (delete-window (get-buffer-window bufname)))
1209
aa2ebce9 1210 ;; Make sure the info is not saved.
4248cca2
TZ		 1211 (when (null auth-source-save-behavior)
1212 (setq add ""))
1213
1214 (when (< 0 (length add))
1215 (progn
1216 (unless (bolp)
1217 (insert "\n"))
1218 (insert add "\n")
1219 (write-region (point-min) (point-max) file nil 'silent)
1220 (auth-source-do-debug
1221 "auth-source-netrc-create: wrote 1 new line to %s"
1222 file)
1223 (message "Saved new authentication information to %s" file)
1224 nil))))
1225 (aput 'auth-source-netrc-cache key "ran"))))
b8e0f0cd
G		 1226
1227;;; Backend specific parsing: Secrets API backend
1228
1229;;; (let ((auth-sources '(default))) (auth-source-search :max 1 :create t))
1230;;; (let ((auth-sources '(default))) (auth-source-search :max 1 :delete t))
1231;;; (let ((auth-sources '(default))) (auth-source-search :max 1))
1232;;; (let ((auth-sources '(default))) (auth-source-search))
5415d076
G		 1233;;; (let ((auth-sources '("secrets:Login"))) (auth-source-search :max 1))
1234;;; (let ((auth-sources '("secrets:Login"))) (auth-source-search :max 1 :signon_realm "https://git.gnus.org/Git"))
b8e0f0cd
G		 1235
1236(defun* auth-source-secrets-search (&rest
1237 spec
1238 &key backend create delete label
35123c04 1239 type max host user port
b8e0f0cd
G		 1240 &allow-other-keys)
1241 "Search the Secrets API; spec is like `auth-source'.
1242
1243The :label key specifies the item's label. It is the only key
1244that can specify a substring. Any :label value besides a string
1245will allow any label.
1246
1247All other search keys must match exactly. If you need substring
1248matching, do a wider search and narrow it down yourself.
1249
1250You'll get back all the properties of the token as a plist.
1251
5415d076 1252Here's an example that looks for the first item in the 'Login'
b8e0f0cd
G		 1253Secrets collection:
1254
5415d076 1255 \(let ((auth-sources '(\"secrets:Login\")))
b8e0f0cd
G		 1256 (auth-source-search :max 1)
1257
5415d076 1258Here's another that looks for the first item in the 'Login'
b8e0f0cd
G		 1259Secrets collection whose label contains 'gnus':
1260
5415d076 1261 \(let ((auth-sources '(\"secrets:Login\")))
b8e0f0cd
G		 1262 (auth-source-search :max 1 :label \"gnus\")
1263
5415d076 1264And this one looks for the first item in the 'Login' Secrets
b8e0f0cd 1265collection that's a Google Chrome entry for the git.gnus.org site
5415d076 1266authentication tokens:
b8e0f0cd 1267
5415d076 1268 \(let ((auth-sources '(\"secrets:Login\")))
b8e0f0cd
G		 1269 (auth-source-search :max 1 :signon_realm \"https://git.gnus.org/Git\"))
1270"
1271
1272 ;; TODO
1273 (assert (not create) nil
1274 "The Secrets API auth-source backend doesn't support creation yet")
1275 ;; TODO
1276 ;; (secrets-delete-item coll elt)
1277 (assert (not delete) nil
1278 "The Secrets API auth-source backend doesn't support deletion yet")
1279
1280 (let* ((coll (oref backend source))
1281 (max (or max 5000)) ; sanity check: default to stop at 5K
1282 (ignored-keys '(:create :delete :max :backend :label))
1283 (search-keys (loop for i below (length spec) by 2
1284 unless (memq (nth i spec) ignored-keys)
1285 collect (nth i spec)))
1286 ;; build a search spec without the ignored keys
1287 ;; if a search key is nil or t (match anything), we skip it
5415d076
G		 1288 (search-spec (apply 'append (mapcar
1289 (lambda (k)
1290 (if (or (null (plist-get spec k))
1291 (eq t (plist-get spec k)))
1292 nil
1293 (list k (plist-get spec k))))
1294 search-keys)))
35123c04 1295 ;; needed keys (always including host, login, port, and secret)
d638ac9e 1296 (returned-keys (mm-delete-duplicates (append
35123c04 1297 '(:host :login :port :secret)
d638ac9e 1298 search-keys)))
b8e0f0cd
G		 1299 (items (loop for item in (apply 'secrets-search-items coll search-spec)
1300 unless (and (stringp label)
1301 (not (string-match label item)))
1302 collect item))
1303 ;; TODO: respect max in `secrets-search-items', not after the fact
5415d076 1304 (items (butlast items (- (length items) max)))
b8e0f0cd
G		 1305 ;; convert the item name to a full plist
1306 (items (mapcar (lambda (item)
1307 (append
1308 ;; make an entry for the secret (password) element
1309 (list
1310 :secret
1311 (lexical-let ((v (secrets-get-secret coll item)))
1312 (lambda () v)))
1313 ;; rewrite the entry from ((k1 v1) (k2 v2)) to plist
5415d076
G		 1314 (apply 'append
1315 (mapcar (lambda (entry)
1316 (list (car entry) (cdr entry)))
1317 (secrets-get-attributes coll item)))))
b8e0f0cd
G		 1318 items))
1319 ;; ensure each item has each key in `returned-keys'
1320 (items (mapcar (lambda (plist)
1321 (append
5415d076
G		 1322 (apply 'append
1323 (mapcar (lambda (req)
1324 (if (plist-get plist req)
1325 nil
1326 (list req nil)))
1327 returned-keys))
b8e0f0cd
G		 1328 plist))
1329 items)))
1330 items))
1331
1332(defun* auth-source-secrets-create (&rest
1333 spec
35123c04 1334 &key backend type max host user port
b8e0f0cd
G		 1335 &allow-other-keys)
1336 ;; TODO
1337 ;; (apply 'secrets-create-item (auth-get-source entry) name passwd spec)
1338 (debug spec))
1339
1340;;; older API
1341
1342;;; (auth-source-user-or-password '("login" "password") "imap.myhost.com" t "tzz")
1343
1344;; deprecate the old interface
1345(make-obsolete 'auth-source-user-or-password
1346 'auth-source-search "Emacs 24.1")
1347(make-obsolete 'auth-source-forget-user-or-password
1348 'auth-source-forget "Emacs 24.1")
fb178e4c 1349
0e4966fb 1350(defun auth-source-user-or-password
35123c04
TZ		 1351 (mode host port &optional username create-missing delete-existing)
1352 "Find MODE (string or list of strings) matching HOST and PORT.
fb178e4c 1353
b8e0f0cd
G		 1354DEPRECATED in favor of `auth-source-search'!
1355
fb178e4c
KY		 1356USERNAME is optional and will be used as \"login\" in a search
1357across the Secret Service API (see secrets.el) if the resulting
1358items don't have a username. This means that if you search for
1359username \"joe\" and it matches an item but the item doesn't have
1360a :user attribute, the username \"joe\" will be returned.
1361
0e4966fb
MA		 1362A non nil DELETE-EXISTING means deleting any matching password
1363entry in the respective sources. This is useful only when
1364CREATE-MISSING is non nil as well; the intended use case is to
1365remove wrong password entries.
1366
1367If no matching entry is found, and CREATE-MISSING is non nil,
1368the password will be retrieved interactively, and it will be
1369stored in the password database which matches best (see
1370`auth-sources').
1371
1372MODE can be \"login\" or \"password\"."
554a69b8 1373 (auth-source-do-debug
b8e0f0cd 1374 "auth-source-user-or-password: DEPRECATED get %s for %s (%s) + user=%s"
35123c04 1375 mode host port username)
b8e0f0cd 1376
3b36c17e 1377 (let* ((listy (listp mode))
cbabe91f
TZ		 1378 (mode (if listy mode (list mode)))
1379 (cname (if username
35123c04
TZ		 1380 (format "%s %s:%s %s" mode host port username)
1381 (format "%s %s:%s" mode host port)))
1382 (search (list :host host :port port))
cbabe91f 1383 (search (if username (append search (list :user username)) search))
b8e0f0cd
G		 1384 (search (if create-missing
1385 (append search (list :create t))
1386 search))
1387 (search (if delete-existing
1388 (append search (list :delete t))
1389 search))
1390 ;; (found (if (not delete-existing)
1391 ;; (gethash cname auth-source-cache)
1392 ;; (remhash cname auth-source-cache)
1393 ;; nil)))
1394 (found nil))
ed778fad 1395 (if found
cbabe91f
TZ		 1396 (progn
1397 (auth-source-do-debug
b8e0f0cd 1398 "auth-source-user-or-password: DEPRECATED cached %s=%s for %s (%s) + %s"
cbabe91f
TZ		 1399 mode
1400 ;; don't show the password
b8e0f0cd 1401 (if (and (member "password" mode) t)
cbabe91f
TZ		 1402 "SECRET"
1403 found)
35123c04 1404 host port username)
cbabe91f 1405 found) ; return the found data
b8e0f0cd
G		 1406 ;; else, if not found, search with a max of 1
1407 (let ((choice (nth 0 (apply 'auth-source-search
1408 (append '(:max 1) search)))))
1409 (when choice
1410 (dolist (m mode)
1411 (cond
1412 ((equal "password" m)
1413 (push (if (plist-get choice :secret)
1414 (funcall (plist-get choice :secret))
1415 nil) found))
1416 ((equal "login" m)
1417 (push (plist-get choice :user) found)))))
1418 (setq found (nreverse found))
1419 (setq found (if listy found (car-safe found)))))
9b3ebcb6 1420
b8e0f0cd 1421 found))
8f7abae3
MB		 1422
1423(provide 'auth-source)
1424
8f7abae3 1425;;; auth-source.el ends here
Unnamed repository; edit this file 'description' to name the repository.