Commit b8e0f0cd authored by Gnus developers's avatar Gnus developers Committed by Katsumi Yamaoka
Browse files

Merge changes made in Gnus trunk.

auth.texi (Overview, Help for users, Help for developers): Update docs.
 (Help for users): Talk about spaces.
sieve-manage.el: Autoload `auth-source-search'.
 (sieve-sasl-auth): Use it.
nnimap.el: Autoload `auth-source-forget+'.
 (nnimap-open-connection-1): Use it if the connection fails.
auth-source.el: Require `password-cache'.
 (auth-source-hide-passwords, auth-source-cache): Remove and mark obsolete.
 (auth-source-magic): Marker for `password-cache' keys.
 (auth-source-do-cache): Update docstring.
 (auth-source-search): Use and check cache.
 (auth-source-forget-all-cached, auth-source-remember)
 (auth-source-recall, auth-source-forget, auth-source-forget+)
 (auth-source-specmatchp): Caching support functions.
 (auth-source-forget-user-or-password, auth-source-forget-all-cached): Remove and obsolete.
 (auth-source-user-or-password): Remove caching to further discourage using it.  Always hide passwords.
password-cache.el (password-cache-remove): Accept secrets that are not strings.
mail-source.el: Autoload `auth-source-search'.
 (mail-source-keyword-map): Note order matters.
 (mail-source-set-1): Get all the mail-source source values and defaults and search auth-source on those if needed.  This can all probably be simplified.
nnimap.el: Autoload `auth-source-search'.
 (nnimap-credentials): Use it.
 (nnimap-open-connection-1): Ask for the virtual server and physical address in one shot.
nntp.el: Autoload `auth-source-search'.
 (nntp-send-authinfo): Use it.  Note TODO.
auth-source.el (auth-source-secrets-search, auth-source-user-or-password): Use `append' instead of `nconc'.
 (auth-source-user-or-password): Build return list better and protect against nil :secret.
auth-source.el (top): Require 'eieio unconditionally.  Autoload `secrets-get-attributes' instead of `secrets-get-attribute'.
 (auth-source-secrets-search): Limit search when `max' is greater than number of results.
auth-source.el (auth-source-secrets-search): Add examples.
auth-source.el (auth-sources): Allow for simpler defaults for Secrets API with a string "secrets:collection-name" and with 'default.
 (auth-source-backend-parse): Parse "secrets:collection-name" and 'default.  Recurse on parses instead of repeating code.  Use the Secrets API is the source is not nil and 'ignore otherwise.  Emit a message when ignoring a source.
 (auth-source-search): List ignored search keys at the top level.
 (auth-source-netrc-create): Use `case' instead of `cond'.
 (auth-source-secrets-search): Created with TODOs.
 (auth-source-secrets-create): Created with TODOs.
 (auth-source-retrieve, auth-source-create, auth-source-delete)
 (auth-source-protocol-defaults, auth-source-user-or-password-imap)
 (auth-source-user-or-password-pop3, auth-source-user-or-password-ssh)
 (auth-source-user-or-password-sftp)
 (auth-source-user-or-password-smtp): Removed.
 (auth-source-user-or-password): Deprecated and modified to be a wrapper around `auth-source-search'.  Not tested thoroughly.
auth-source.el: Bring in assoc and eioeio libraries.
 (secrets-enabled): New variable to track the status of the Secrets API.
 (auth-source-backend): New EIOEIO class to represent a backend.
 (auth-source-creation-defaults): New variable to set prompt defaults during token creation (see the `auth-source-search' docstring for details).
 (auth-sources): Simplify to allow a simple string as a netrc backend spec.
 (auth-source-backend-parse): Parse a backend from an `auth-sources' spec.
 (auth-source-backend-parse-parameters): Fill in the backend parameters.
 (auth-source-search): Main auth-source API entry point.
 (auth-source-delete): Wrapper around `auth-source-search' for deletion.
 (auth-source-search-collection): Helper function for searching.
 (auth-source-netrc-parse, auth-source-netrc-normalize)
 (auth-source-netrc-search, auth-source-netrc-create): Netrc backend.  Supports search, create, and delete.
 (auth-source-secrets-search, auth-source-secrets-create): Secrets API backend stubs.
(auth-source-user-or-password): Call `auth-source-search' but it's not ready yet.
parent e730aabe
...@@ -6,6 +6,11 @@ ...@@ -6,6 +6,11 @@
* url.texi: Remove duplicate @dircategory (Bug#7942). * url.texi: Remove duplicate @dircategory (Bug#7942).
2011-02-11 Teodor Zlatanov <tzz@lifelogs.com>
* auth.texi (Overview, Help for users, Help for developers): Update docs.
(Help for users): Talk about spaces.
2011-02-09 Paul Eggert <eggert@cs.ucla.edu> 2011-02-09 Paul Eggert <eggert@cs.ucla.edu>
* texinfo.tex: Update to version 2011-02-07.16. * texinfo.tex: Update to version 2011-02-07.16.
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
@setfilename ../../info/auth @setfilename ../../info/auth
@settitle Emacs auth-source Library @value{VERSION} @settitle Emacs auth-source Library @value{VERSION}
@set VERSION 0.2 @set VERSION 0.3
@copying @copying
This file describes the Emacs auth-source library. This file describes the Emacs auth-source library.
...@@ -78,15 +78,19 @@ It is a way for multiple applications to share a single configuration ...@@ -78,15 +78,19 @@ It is a way for multiple applications to share a single configuration
@chapter Overview @chapter Overview
The auth-source library is simply a way for Emacs and Gnus, among The auth-source library is simply a way for Emacs and Gnus, among
others, to answer the old burning question ``I have a server name and others, to answer the old burning question ``What are my user name and
a port, what are my user name and password?'' password?''
The auth-source library actually supports more than just the user name (This is different from the old question about burning ``Where is the
(known as the login) or the password, but only those two are in use fire extinguisher, please?''.)
today in Emacs or Gnus. Similarly, the auth-source library supports
multiple storage formats, currently either the classic ``netrc'' The auth-source library supports more than just the user name or the
format, examples of which you can see later in this document, or the password (known as the secret).
Secret Service API.
Similarly, the auth-source library supports multiple storage backend,
currently either the classic ``netrc'' backend, examples of which you
can see later in this document, or the Secret Service API. This is
done with EIEIO-based backends and you can write your own if you want.
@node Help for users @node Help for users
@chapter Help for users @chapter Help for users
...@@ -96,25 +100,41 @@ Secret Service API. ...@@ -96,25 +100,41 @@ Secret Service API.
machine @var{mymachine} login @var{myloginname} password @var{mypassword} port @var{myport} machine @var{mymachine} login @var{myloginname} password @var{mypassword} port @var{myport}
@end example @end example
The machine is the server (either a DNS name or an IP address). The @code{machine} is the server (either a DNS name or an IP address).
It's known as @var{:host} in @code{auth-source-search} queries. You
can also use @code{host}.
The @code{port} is the connection port or protocol. It's known as
@var{:port} in @code{auth-source-search} queries. You can also use
@code{protocol}.
The @code{user} is the user name. It's known as @var{:user} in
@code{auth-source-search} queries. You can also use @code{login} and
@code{account}.
Spaces are always OK as far as auth-source is concerned (but other
programs may not like them). Just put the data in quotes, escaping
quotes as you'd expect with @code{\}.
All these are optional. You could just say (but we don't recommend
it, we're just showing that it's possible)
The port is optional. If it's missing, auth-source will assume any @example
port is OK. Actually the port is a protocol name or a port number so password @var{mypassword}
you can have separate entries for port @var{143} and for protocol @end example
@var{imap} if you fancy that. Anyway, you can just omit the port if
you don't need it.
The login and password are simply your login credentials to the server. to use the same password everywhere. Again, @emph{DO NOT DO THIS} or
you will be pwned as the kids say.
``Netrc'' files are usually called @code{.authinfo} or @code{.netrc}; ``Netrc'' files are usually called @code{.authinfo} or @code{.netrc};
nowadays @code{.authinfo} seems to be more popular and the auth-source nowadays @code{.authinfo} seems to be more popular and the auth-source
library encourages this confusion by making it the default, as you'll library encourages this confusion by making it the default, as you'll
see later. see later.
If you have problems with the port, set @code{auth-source-debug} to If you have problems with the search, set @code{auth-source-debug} to
@code{t} and see what port the library is checking in the @code{t} and see what host, port, and user the library is checking in
@code{*Messages*} buffer. Ditto for any other problems, your first the @code{*Messages*} buffer. Ditto for any other problems, your
step is always to see what's being checked. The second step, of first step is always to see what's being checked. The second step, of
course, is to write a blog entry about it and wait for the answer in course, is to write a blog entry about it and wait for the answer in
the comments. the comments.
...@@ -139,56 +159,36 @@ and simplest configuration is: ...@@ -139,56 +159,36 @@ and simplest configuration is:
(setq auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t))) (setq auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t)))
;;; mostly equivalent (see below about fallbacks) but shorter: ;;; mostly equivalent (see below about fallbacks) but shorter:
(setq auth-sources '((:source "~/.authinfo.gpg"))) (setq auth-sources '((:source "~/.authinfo.gpg")))
;;; even shorter and the @emph{default}:
(setq auth-sources '("~/.authinfo.gpg" "~/.authinfo"))
;;; use the Secrets API @var{login} collection (@pxref{Secret Service API})
(setq auth-sources '("secrets:login"))
@end lisp @end lisp
This says ``for any host and any protocol, use just that one file.''
Sweet simplicity. In fact, the latter is already the default, so
unless you want to move your netrc file, it will just work if you have
that file. Make sure it exists.
By adding multiple entries to @code{auth-sources} with a particular By adding multiple entries to @code{auth-sources} with a particular
host or protocol, you can have specific netrc files for that host or host or protocol, you can have specific netrc files for that host or
protocol. Usually this is unnecessary but may make sense if you have protocol. Usually this is unnecessary but may make sense if you have
shared netrc files or some other unusual setup (90% of Emacs users shared netrc files or some other unusual setup (90% of Emacs users
have unusual setups and the remaining 10% are @emph{really} unusual). have unusual setups and the remaining 10% are @emph{really} unusual).
Here's an example that uses the Secret Service API for all lookups, Here's a mixed example using two sources:
using the default collection:
@lisp
(setq auth-sources '((:source (:secrets default))))
@end lisp
And here's a mixed example, using two sources:
@lisp @lisp
(setq auth-sources '((:source (:secrets default) :host "myserver" :user "joe") (setq auth-sources '((:source (:secrets default) :host "myserver" :user "joe")
(:source "~/.authinfo.gpg"))) "~/.authinfo.gpg"))
@end lisp @end lisp
The best match is determined by order (starts from the bottom) only
for the first pass, where things are checked exactly. In the example
above, the first pass would find a single match for host
@code{myserver}. The netrc choice would fail because it matches any
host and protocol implicitly (as a @emph{fallback}). A specified
value of @code{:host t} in @code{auth-sources} is considered a match
on the first pass, unlike a missing @code{:host}.
Now if you look for host @code{missing}, it won't match either source
explicitly. The second pass (the @emph{fallback} pass) will look at
all the implicit matches and collect them. They will be scored and
returned sorted by score. The score is based on the number of
explicit parameters that matched. See the @code{auth-pick} function
for details.
@end defvar @end defvar
If you don't customize @code{auth-sources}, you'll have to live with If you don't customize @code{auth-sources}, you'll have to live with
the defaults: any host and any port are looked up in the netrc the defaults: any host and any port are looked up in the netrc
file @code{~/.authinfo.gpg}, which is a GnuPG encrypted file file @code{~/.authinfo.gpg}, which is a GnuPG encrypted file
(@pxref{GnuPG and EasyPG Assistant Configuration}). (@pxref{GnuPG and EasyPG Assistant Configuration}).
If that fails, the unencrypted netrc file @code{~/.authinfo} will
be used.
The simplest working netrc line example is one without a port. The typical netrc line example is without a port.
@example @example
machine YOURMACHINE login YOU password YOURPASSWORD machine YOURMACHINE login YOU password YOURPASSWORD
...@@ -233,42 +233,29 @@ TODO: how does it work generally, how does secrets.el work, some examples. ...@@ -233,42 +233,29 @@ TODO: how does it work generally, how does secrets.el work, some examples.
@node Help for developers @node Help for developers
@chapter Help for developers @chapter Help for developers
The auth-source library only has one function for external use. The auth-source library only has a few functions for external use.
@defun auth-source-user-or-password mode host port &optional username @defun auth-source-search SPEC
Retrieve appropriate authentication tokens, determined by @var{mode}, TODO: how to include docstring?
for host @var{host} and @var{port}. If @var{username} is provided it
will also be checked. If @code{auth-source-debug} is t, debugging
messages will be printed. Set @code{auth-source-debug} to a function
to use that function for logging. The parameters passed will be the
same that the @code{message} function takes, that is, a string
formatting spec and optional parameters.
If @var{mode} is a list of strings, the function will return a list of @end defun
strings or @code{nil} objects (thus you can avoid parsing the netrc
file or checking the Secret Service API more than once). If it's a
string, the function will return a string or a @code{nil} object.
Currently only the modes ``login'' and ``password'' are recognized but
more may be added in the future.
@var{host} is a string containing the host name. @defun auth-source-delete SPEC
@var{port} contains the protocol name (e.g. ``imap'') or TODO: how to include docstring?
a port number. It must be a string, corresponding to the port in the
users' netrc files.
@var{username} contains the user name (e.g. ``joe'') as a string. @end defun
@example @defun auth-source-forget SPEC
;; IMAP example
(setq auth (auth-source-user-or-password TODO: how to include docstring?
'("login" "password")
"anyhostnamehere" @end defun
"imap"))
(nth 0 auth) ; the login name @defun auth-source-forget+ SPEC
(nth 1 auth) ; the password
@end example TODO: how to include docstring?
@end defun @end defun
......
...@@ -191,6 +191,11 @@ ...@@ -191,6 +191,11 @@
(allout-after-copy-or-kill-hook): No arguments - hook implementers (allout-after-copy-or-kill-hook): No arguments - hook implementers
should concentrate on the kill ring. should concentrate on the kill ring.
2011-02-09 Teodor Zlatanov <tzz@lifelogs.com>
* password-cache.el (password-cache-remove): Accept secrets that are
not strings.
2011-02-09 Stefan Monnier <monnier@iro.umontreal.ca> 2011-02-09 Stefan Monnier <monnier@iro.umontreal.ca>
* progmodes/sh-script.el (sh-font-lock-open-heredoc): Fix case * progmodes/sh-script.el (sh-font-lock-open-heredoc): Fix case
......
...@@ -7,6 +7,30 @@ ...@@ -7,6 +7,30 @@
* gnus-sum.el (gnus-summary-save-parts): Use read-directory-name. * gnus-sum.el (gnus-summary-save-parts): Use read-directory-name.
2011-02-10 Teodor Zlatanov <tzz@lifelogs.com>
* sieve-manage.el: Autoload `auth-source-search'.
(sieve-sasl-auth): Use it.
2011-02-09 Teodor Zlatanov <tzz@lifelogs.com>
* nnimap.el: Autoload `auth-source-forget+'.
(nnimap-open-connection-1): Use it if the connection fails.
* auth-source.el: Require `password-cache'.
(auth-source-hide-passwords, auth-source-cache): Remove and mark
obsolete.
(auth-source-magic): Marker for `password-cache' keys.
(auth-source-do-cache): Update docstring.
(auth-source-search): Use and check cache.
(auth-source-forget-all-cached, auth-source-remember)
(auth-source-recall, auth-source-forget, auth-source-forget+)
(auth-source-specmatchp): Caching support functions.
(auth-source-forget-user-or-password, auth-source-forget-all-cached):
Remove and obsolete.
(auth-source-user-or-password): Remove caching to further discourage
using it. Always hide passwords.
2011-02-09 Lars Ingebrigtsen <larsi@gnus.org> 2011-02-09 Lars Ingebrigtsen <larsi@gnus.org>
* nntp.el (nntp-retrieve-group-data-early-disabled): Disable the async * nntp.el (nntp-retrieve-group-data-early-disabled): Disable the async
...@@ -17,6 +41,22 @@ ...@@ -17,6 +41,22 @@
* message.el (message-options): Make message-options really buffer * message.el (message-options): Make message-options really buffer
local. local.
2011-02-08 Teodor Zlatanov <tzz@lifelogs.com>
* mail-source.el: Autoload `auth-source-search'.
(mail-source-keyword-map): Note order matters.
(mail-source-set-1): Get all the mail-source source values and
defaults and search auth-source on those if needed. This can all
probably be simplified.
* nnimap.el: Autoload `auth-source-search'.
(nnimap-credentials): Use it.
(nnimap-open-connection-1): Ask for the virtual server and physical
address in one shot.
* nntp.el: Autoload `auth-source-search'.
(nntp-send-authinfo): Use it. Note TODO.
2011-02-08 Julien Danjou <julien@danjou.info> 2011-02-08 Julien Danjou <julien@danjou.info>
* shr.el (shr-tag-body): Add support for text attribute in body * shr.el (shr-tag-body): Add support for text attribute in body
...@@ -24,6 +64,13 @@ ...@@ -24,6 +64,13 @@
* message.el (message-options): Make message-options a local variable. * message.el (message-options): Make message-options a local variable.
2011-02-07 Teodor Zlatanov <tzz@lifelogs.com>
* auth-source.el (auth-source-secrets-search)
(auth-source-user-or-password): Use `append' instead of `nconc'.
(auth-source-user-or-password): Build return list better and protect
against nil :secret.
2011-02-07 Lars Ingebrigtsen <larsi@gnus.org> 2011-02-07 Lars Ingebrigtsen <larsi@gnus.org>
* nnimap.el (nnimap-update-info): Refactor slightly. * nnimap.el (nnimap-update-info): Refactor slightly.
...@@ -35,6 +82,13 @@ ...@@ -35,6 +82,13 @@
(nnimap-update-info): Fix macrology bug-out. (nnimap-update-info): Fix macrology bug-out.
(nnimap-update-info): Simplify split history test. (nnimap-update-info): Simplify split history test.
2011-02-06 Michael Albinus <michael.albinus@gmx.de>
* auth-source.el (top): Require 'eieio unconditionally. Autoload
`secrets-get-attributes' instead of `secrets-get-attribute'.
(auth-source-secrets-search): Limit search when `max' is greater than
number of results.
2011-02-06 Lars Ingebrigtsen <larsi@gnus.org> 2011-02-06 Lars Ingebrigtsen <larsi@gnus.org>
* nntp.el (nntp-finish-retrieve-group-infos): Protect against the first * nntp.el (nntp-finish-retrieve-group-infos): Protect against the first
...@@ -42,11 +96,58 @@ ...@@ -42,11 +96,58 @@
* proto-stream.el (open-protocol-stream): Document the return value. * proto-stream.el (open-protocol-stream): Document the return value.
2011-02-06 Teodor Zlatanov <tzz@lifelogs.com>
* auth-source.el (auth-source-secrets-search): Add examples.
2011-02-06 Julien Danjou <julien@danjou.info> 2011-02-06 Julien Danjou <julien@danjou.info>
* message.el (message-setup-1): Handle message-generate-headers-first * message.el (message-setup-1): Handle message-generate-headers-first
set to t. set to t.
2011-02-06 Teodor Zlatanov <tzz@lifelogs.com>
* auth-source.el (auth-sources): Allow for simpler defaults for Secrets
API with a string "secrets:collection-name" and with 'default.
(auth-source-backend-parse): Parse "secrets:collection-name" and
'default. Recurse on parses instead of repeating code. Use the
Secrets API is the source is not nil and 'ignore otherwise. Emit a
message when ignoring a source.
(auth-source-search): List ignored search keys at the top level.
(auth-source-netrc-create): Use `case' instead of `cond'.
(auth-source-secrets-search): Created with TODOs.
(auth-source-secrets-create): Created with TODOs.
(auth-source-retrieve, auth-source-create, auth-source-delete)
(auth-source-protocol-defaults, auth-source-user-or-password-imap)
(auth-source-user-or-password-pop3, auth-source-user-or-password-ssh)
(auth-source-user-or-password-sftp)
(auth-source-user-or-password-smtp): Removed.
(auth-source-user-or-password): Deprecated and modified to be a wrapper
around `auth-source-search'. Not tested thoroughly.
2011-02-04 Teodor Zlatanov <tzz@lifelogs.com>
* auth-source.el: Bring in assoc and eioeio libraries.
(secrets-enabled): New variable to track the status of the Secrets API.
(auth-source-backend): New EIOEIO class to represent a backend.
(auth-source-creation-defaults): New variable to set prompt defaults
during token creation (see the `auth-source-search' docstring for
details).
(auth-sources): Simplify to allow a simple string as a netrc backend
spec.
(auth-source-backend-parse): Parse a backend from an `auth-sources' spec.
(auth-source-backend-parse-parameters): Fill in the backend parameters.
(auth-source-search): Main auth-source API entry point.
(auth-source-delete): Wrapper around `auth-source-search' for deletion.
(auth-source-search-collection): Helper function for searching.
(auth-source-netrc-parse, auth-source-netrc-normalize)
(auth-source-netrc-search, auth-source-netrc-create): Netrc backend.
Supports search, create, and delete.
(auth-source-secrets-search, auth-source-secrets-create): Secrets API
backend stubs.
(auth-source-user-or-password): Call `auth-source-search' but it's not
ready yet.
2011-02-04 Lars Ingebrigtsen <larsi@gnus.org> 2011-02-04 Lars Ingebrigtsen <larsi@gnus.org>
* message.el (message-setup-1): Remove the read-only stuff, since it * message.el (message-setup-1): Remove the read-only stuff, since it
......
This diff is collapsed.
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
(eval-when-compile (eval-when-compile
(require 'cl) (require 'cl)
(require 'imap)) (require 'imap))
(autoload 'auth-source-user-or-password "auth-source") (autoload 'auth-source-search "auth-source")
(autoload 'pop3-movemail "pop3") (autoload 'pop3-movemail "pop3")
(autoload 'pop3-get-message-count "pop3") (autoload 'pop3-get-message-count "pop3")
(autoload 'nnheader-cancel-timer "nnheader") (autoload 'nnheader-cancel-timer "nnheader")
...@@ -332,6 +332,7 @@ Common keywords should be listed here.") ...@@ -332,6 +332,7 @@ Common keywords should be listed here.")
(:prescript) (:prescript)
(:prescript-delay) (:prescript-delay)
(:postscript) (:postscript)
;; note server and port need to come before user and password
(:server (getenv "MAILHOST")) (:server (getenv "MAILHOST"))
(:port 110) (:port 110)
(:user (or (user-login-name) (getenv "LOGNAME") (getenv "USER"))) (:user (or (user-login-name) (getenv "LOGNAME") (getenv "USER")))
...@@ -345,6 +346,7 @@ Common keywords should be listed here.") ...@@ -345,6 +346,7 @@ Common keywords should be listed here.")
(:subdirs ("cur" "new")) (:subdirs ("cur" "new"))
(:function)) (:function))
(imap (imap
;; note server and port need to come before user and password
(:server (getenv "MAILHOST")) (:server (getenv "MAILHOST"))
(:port) (:port)
(:stream) (:stream)
...@@ -417,42 +419,66 @@ the `mail-source-keyword-map' variable." ...@@ -417,42 +419,66 @@ the `mail-source-keyword-map' variable."
(put 'mail-source-bind 'lisp-indent-function 1) (put 'mail-source-bind 'lisp-indent-function 1)
(put 'mail-source-bind 'edebug-form-spec '(sexp body)) (put 'mail-source-bind 'edebug-form-spec '(sexp body))
;; TODO: use the list format for auth-source-user-or-password modes
(defun mail-source-set-1 (source) (defun mail-source-set-1 (source)
(let* ((type (pop source)) (let* ((type (pop source))
(defaults (cdr (assq type mail-source-keyword-map))) (defaults (cdr (assq type mail-source-keyword-map)))
default value keyword auth-info user-auth pass-auth) (search '(:max 1))
found default value keyword auth-info user-auth pass-auth)
;; append to the search the useful info from the source and the defaults:
;; user, host, and port
;; the msname is the mail-source parameter
(dolist (msname '(:server :user :port))
;; the asname is the auth-source parameter
(let* ((asname (case msname
(:server :host) ; auth-source uses :host
(t msname)))
;; this is the mail-source default
(msdef1 (or (plist-get source msname)
(nth 1 (assoc msname defaults))))
;; ...evaluated
(msdef (mail-source-value msdef1)))
(setq search (append (list asname
(if msdef msdef t))
search))))
;; if the port is unknown yet, get it from the mail-source type
(unless (plist-get search :port)
(setq search (append (list :port (symbol-name type)))))
(while (setq default (pop defaults)) (while (setq default (pop defaults))
;; for each default :SYMBOL, set SYMBOL to the plist value for :SYMBOL ;; for each default :SYMBOL, set SYMBOL to the plist value for :SYMBOL
;; using `mail-source-value' to evaluate the plist value ;; using `mail-source-value' to evaluate the plist value
(set (mail-source-strip-keyword (setq keyword (car default))) (set (mail-source-strip-keyword (setq keyword (car default)))
;; note the following reasons for this structure: ;; note the following reasons for this structure:
;; 1) the auth-sources user and password override everything ;; 1) the auth-sources user and password override everything
;; 2) it avoids macros, so it's cleaner ;; 2) it avoids macros, so it's cleaner
;; 3) it falls through to the mail-sources and then default values ;; 3) it falls through to the mail-sources and then default values
(cond (cond
((and ((and
(eq keyword :user) (eq keyword :user)
(setq user-auth (setq user-auth (plist-get
(nth 0 (auth-source-user-or-password ;; cache the search result in `found'
'("login" "password") (or found
;; this is "host" in auth-sources (setq found (nth 0 (apply 'auth-source-search
(if (boundp 'server) (symbol-value 'server) "") search))))
type)))) :user)))
user-auth) user-auth)
((and ((and
(eq keyword :password) (eq keyword :password)
(setq pass-auth (setq pass-auth (plist-get
(nth 1 ;; cache the search result in `found'
(auth-source-user-or-password (or found
'("login" "password") (setq found (nth 0 (apply 'auth-source-search
;; this is "host" in auth-sources search))))
(if (boundp 'server) (symbol-value 'server) "") :secret)))
type)))) ;; maybe set the password to the return of the :secret function
pass-auth) (if (functionp pass-auth)
(t (if (setq value (plist-get source keyword)) (setq pass-auth (funcall pass-auth))
(mail-source-value value) pass-auth))
(mail-source-value (cadr default))))))))) (t (if (setq value (plist-get source keyword))
(mail-source-value value)
(mail-source-value (cadr default)))))))))
(eval-and-compile (eval-and-compile
(defun mail-source-bind-common-1 () (defun mail-source-bind-common-1 ()
......
...@@ -47,8 +47,8 @@ ...@@ -47,8 +47,8 @@
(require 'nnmail) (require 'nnmail)
(require 'proto-stream) (require 'proto-stream)
(autoload 'auth-source-forget-user-or-password "auth-source") (autoload 'auth-source-forget+ "auth-source")
(autoload 'auth-source-user-or-password "auth-source") (autoload 'auth-source-search "auth-source")
(nnoo-declare nnimap) (nnoo-declare nnimap)
...@@ -275,18 +275,18 @@ textual parts.") ...@@ -275,18 +275,18 @@ textual parts.")
(current-buffer))) (current-buffer)))
(defun nnimap-credentials (address ports &optional inhibit-create) (defun nnimap-credentials (address ports &optional inhibit-create)
(let (port credentials) (let* ((found (nth 0 (auth-source-search :max 1
;; Request the credentials from all ports, but only query on the :host address
;; last port if all the previous ones have failed. :port ports
(while (and (null credentials) :create (if inhibit-create
(setq port (pop ports))) nil
(setq credentials (null ports)))))
(auth-source-user-or-password (user (plist-get found :user))
'("login" "password") address port nil (secret (plist-get found :secret))
(if inhibit-create (secret (if (functionp secret) (funcall secret) secret)))
nil (if found
(null ports))))) (list user secret)