1 ;;; auth-source.el --- authentication sources for Gnus and Emacs
3 ;; Copyright (C) 2008-2011 Free Software Foundation, Inc.
5 ;; Author: Ted Zlatanov <tzz@lifelogs.com>
8 ;; This file is part of GNU Emacs.
10 ;; GNU Emacs is free software: you can redistribute it and/or modify
11 ;; it under the terms of the GNU General Public License as published by
12 ;; the Free Software Foundation, either version 3 of the License, or
13 ;; (at your option) any later version.
15 ;; GNU Emacs is distributed in the hope that it will be useful,
16 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ;; GNU General Public License for more details.
20 ;; You should have received a copy of the GNU General Public License
21 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
25 ;; This is the auth-source.el package. It lets users tell Gnus how to
26 ;; authenticate in a single place. Simplicity is the goal. Instead
27 ;; of providing 5000 options, we'll stick to simple, easy to
28 ;; understand options.
30 ;; See the auth.info Info documentation for details.
34 ;; - never decode the backend file unless it's necessary
35 ;; - a more generic way to match backends and search backend contents
36 ;; - absorb netrc.el and simplify it
37 ;; - protect passwords better
38 ;; - allow creating and changing netrc lines (not files) e.g. change a password
42 (require 'password-cache)
47 (eval-when-compile (require 'cl))
49 (or (ignore-errors (require 'eieio))
50 ;; gnus-fallback-lib/ from gnus/lisp/gnus-fallback-lib
52 (let ((load-path (cons (expand-file-name
53 "gnus-fallback-lib/eieio"
54 (file-name-directory (locate-library "gnus")))
58 "eieio not found in `load-path' or gnus-fallback-lib/ directory.")))
60 (autoload 'secrets-create-item "secrets")
61 (autoload 'secrets-delete-item "secrets")
62 (autoload 'secrets-get-alias "secrets")
63 (autoload 'secrets-get-attributes "secrets")
64 (autoload 'secrets-get-secret "secrets")
65 (autoload 'secrets-list-collections "secrets")
66 (autoload 'secrets-search-items "secrets")
68 (defvar secrets-enabled)
70 (defgroup auth-source nil
71 "Authentication sources."
72 :version "23.1" ;; No Gnus
76 (defcustom auth-source-cache-expiry 7200
77 "How many seconds passwords are cached, or nil to disable
78 expiring. Overrides `password-cache-expiry' through a
81 :type '(choice (const :tag "Never" nil)
82 (const :tag "All Day" 86400)
83 (const :tag "2 Hours" 7200)
84 (const :tag "30 Minutes" 1800)
85 (integer :tag "Seconds")))
87 (defclass auth-source-backend ()
92 :documentation "The backend type.")
93 (source :initarg :source
96 :documentation "The backend source.")
101 :documentation "The backend host.")
106 :documentation "The backend user.")
111 :documentation "The backend protocol.")
112 (create-function :initarg :create-function
116 :documentation "The create function.")
117 (search-function :initarg :search-function
121 :documentation "The search function.")))
123 (defcustom auth-source-protocols '((imap "imap" "imaps" "143" "993")
124 (pop3 "pop3" "pop" "pop3s" "110" "995")
128 "List of authentication protocols and their names"
131 :version "23.2" ;; No Gnus
132 :type '(repeat :tag "Authentication Protocols"
133 (cons :tag "Protocol Entry"
134 (symbol :tag "Protocol")
136 (string :tag "Name")))))
138 ;;; generate all the protocols in a format Customize can use
139 ;;; TODO: generate on the fly from auth-source-protocols
140 (defconst auth-source-protocols-customize
142 (let ((p (car-safe a)))
144 :tag (upcase (symbol-name p))
146 auth-source-protocols))
148 (defvar auth-source-creation-defaults nil
149 "Defaults for creating token values. Usually let-bound.")
151 (make-obsolete 'auth-source-hide-passwords nil "Emacs 24.1")
153 (defvar auth-source-magic "auth-source-magic ")
155 (defcustom auth-source-do-cache t
156 "Whether auth-source should cache information with `password-cache'."
158 :version "23.2" ;; No Gnus
161 (defcustom auth-source-debug nil
162 "Whether auth-source should log debug messages.
164 If the value is nil, debug messages are not logged.
166 If the value is t, debug messages are logged with `message'. In
167 that case, your authentication data will be in the clear (except
170 If the value is a function, debug messages are logged by calling
171 that function using the same arguments as `message'."
173 :version "23.2" ;; No Gnus
175 :tag "auth-source debugging mode"
176 (const :tag "Log using `message' to the *Messages* buffer" t)
177 (function :tag "Function that takes arguments like `message'")
178 (const :tag "Don't log anything" nil)))
180 (defcustom auth-sources '("~/.authinfo.gpg" "~/.authinfo")
181 "List of authentication sources.
183 The default will get login and password information from
184 \"~/.authinfo.gpg\", which you should set up with the EPA/EPG
185 packages to be encrypted. If that file doesn't exist, it will
186 try the unencrypted version \"~/.authinfo\".
188 See the auth.info manual for details.
190 Each entry is the authentication type with optional properties.
192 It's best to customize this with `M-x customize-variable' because the choices
193 can get pretty complex."
195 :version "24.1" ;; No Gnus
196 :type `(repeat :tag "Authentication Sources"
198 (string :tag "Just a file")
199 (const :tag "Default Secrets API Collection" 'default)
200 (const :tag "Login Secrets API Collection" "secrets:Login")
201 (const :tag "Temp Secrets API Collection" "secrets:session")
202 (list :tag "Source definition"
203 (const :format "" :value :source)
204 (choice :tag "Authentication backend choice"
205 (string :tag "Authentication Source (file)")
207 :tag "Secret Service API/KWallet/GNOME Keyring"
208 (const :format "" :value :secrets)
209 (choice :tag "Collection to use"
210 (string :tag "Collection name")
211 (const :tag "Default" 'default)
212 (const :tag "Login" "Login")
214 :tag "Temporary" "session"))))
215 (repeat :tag "Extra Parameters" :inline t
216 (choice :tag "Extra parameter"
219 (const :format "" :value :host)
220 (choice :tag "Host (machine) choice"
223 :tag "Regular expression")))
226 (const :format "" :value :port)
230 ,@auth-source-protocols-customize))
231 (list :tag "User" :inline t
232 (const :format "" :value :user)
233 (choice :tag "Personality/Username"
235 (string :tag "Name")))))))))
237 (defcustom auth-source-gpg-encrypt-to t
238 "List of recipient keys that `authinfo.gpg' encrypted to.
239 If the value is not a list, symmetric encryption will be used."
241 :version "24.1" ;; No Gnus
242 :type '(choice (const :tag "Symmetric encryption" t)
243 (repeat :tag "Recipient public keys"
244 (string :tag "Recipient public key"))))
246 ;; temp for debugging
247 ;; (unintern 'auth-source-protocols)
248 ;; (unintern 'auth-sources)
249 ;; (customize-variable 'auth-sources)
250 ;; (setq auth-sources nil)
251 ;; (format "%S" auth-sources)
252 ;; (customize-variable 'auth-source-protocols)
253 ;; (setq auth-source-protocols nil)
254 ;; (format "%S" auth-source-protocols)
255 ;; (auth-source-pick nil :host "a" :port 'imap)
256 ;; (auth-source-user-or-password "login" "imap.myhost.com" 'imap)
257 ;; (auth-source-user-or-password "password" "imap.myhost.com" 'imap)
258 ;; (auth-source-user-or-password-imap "login" "imap.myhost.com")
259 ;; (auth-source-user-or-password-imap "password" "imap.myhost.com")
260 ;; (auth-source-protocol-defaults 'imap)
262 ;; (let ((auth-source-debug 'debug)) (auth-source-do-debug "hello"))
263 ;; (let ((auth-source-debug t)) (auth-source-do-debug "hello"))
264 ;; (let ((auth-source-debug nil)) (auth-source-do-debug "hello"))
265 (defun auth-source-do-debug (&rest msg)
266 (when auth-source-debug
267 (apply 'auth-source-do-warn msg)))
269 (defun auth-source-do-warn (&rest msg)
271 ;; set logger to either the function in auth-source-debug or 'message
272 ;; note that it will be 'message if auth-source-debug is nil
273 (if (functionp auth-source-debug)
279 ;; (auth-source-pick nil :host "any" :port 'imap :user "joe")
280 ;; (auth-source-pick t :host "any" :port 'imap :user "joe")
281 ;; (setq auth-sources '((:source (:secrets default) :host t :port t :user "joe")
282 ;; (:source (:secrets "session") :host t :port t :user "joe")
283 ;; (:source (:secrets "Login") :host t :port t)
284 ;; (:source "~/.authinfo.gpg" :host t :port t)))
286 ;; (setq auth-sources '((:source (:secrets default) :host t :port t :user "joe")
287 ;; (:source (:secrets "session") :host t :port t :user "joe")
288 ;; (:source (:secrets "Login") :host t :port t)
291 ;; (setq auth-sources '((:source "~/.authinfo.gpg" :host t :port t)))
293 ;; (auth-source-backend-parse "myfile.gpg")
294 ;; (auth-source-backend-parse 'default)
295 ;; (auth-source-backend-parse "secrets:Login")
297 (defun auth-source-backend-parse (entry)
298 "Creates an auth-source-backend from an ENTRY in `auth-sources'."
299 (auth-source-backend-parse-parameters
302 ;; take 'default and recurse to get it as a Secrets API default collection
303 ;; matching any user, host, and protocol
305 (auth-source-backend-parse '(:source (:secrets default))))
306 ;; take secrets:XYZ and recurse to get it as Secrets API collection "XYZ"
307 ;; matching any user, host, and protocol
308 ((and (stringp entry) (string-match "^secrets:\\(.+\\)" entry))
309 (auth-source-backend-parse `(:source (:secrets ,(match-string 1 entry)))))
310 ;; take just a file name and recurse to get it as a netrc file
311 ;; matching any user, host, and protocol
313 (auth-source-backend-parse `(:source ,entry)))
315 ;; a file name with parameters
316 ((stringp (plist-get entry :source))
318 (plist-get entry :source)
319 :source (plist-get entry :source)
321 :search-function 'auth-source-netrc-search
322 :create-function 'auth-source-netrc-create))
324 ;; the Secrets API. We require the package, in order to have a
325 ;; defined value for `secrets-enabled'.
327 (not (null (plist-get entry :source))) ; the source must not be nil
328 (listp (plist-get entry :source)) ; and it must be a list
329 (require 'secrets nil t) ; and we must load the Secrets API
330 secrets-enabled) ; and that API must be enabled
332 ;; the source is either the :secrets key in ENTRY or
333 ;; if that's missing or nil, it's "session"
334 (let ((source (or (plist-get (plist-get entry :source) :secrets)
337 ;; if the source is a symbol, we look for the alias named so,
338 ;; and if that alias is missing, we use "Login"
339 (when (symbolp source)