search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2007-08-19 Michael Kifer <kifer@cs.stonybrook.edu>
[emacs.git] / lisp / url / url-auth.el
blob3c33fd914e5079280c10c5e346625f30d56192d0
1 ;;; url-auth.el --- Uniform Resource Locator authorization modules
2
3 ;; Copyright (C) 1996, 1997, 1998, 1999, 2004,
4 ;; 2005, 2006, 2007 Free Software Foundation, Inc.
5
6 ;; Keywords: comm, data, processes, hypermedia
7
8 ;; This file is part of GNU Emacs.
9
10 ;; GNU Emacs is free software; you can redistribute it and/or modify
11 ;; it under the terms of the GNU General Public License as published by
12 ;; the Free Software Foundation; either version 3, or (at your option)
13 ;; any later version.
14
15 ;; GNU Emacs is distributed in the hope that it will be useful,
16 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ;; GNU General Public License for more details.
19
20 ;; You should have received a copy of the GNU General Public License
21 ;; along with GNU Emacs; see the file COPYING. If not, write to the
22 ;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
23 ;; Boston, MA 02110-1301, USA.
24
25 ;;; Code:
26
27 (require 'url-vars)
28 (require 'url-parse)
29 (autoload 'url-warn "url")
30
31 (defsubst url-auth-user-prompt (url realm)
32 "String to usefully prompt for a username."
33 (concat "Username [for "
34 (or realm (url-truncate-url-for-viewing
35 (url-recreate-url url)
36 (- (window-width) 10 20)))
37 "]: "))
38
39 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
40 ;;; Basic authorization code
41 ;;; ------------------------
42 ;;; This implements the BASIC authorization type. See the online
43 ;;; documentation at
44 ;;; http://www.w3.org/hypertext/WWW/AccessAuthorization/Basic.html
45 ;;; for the complete documentation on this type.
46 ;;;
47 ;;; This is very insecure, but it works as a proof-of-concept
48 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
49 (defvar url-basic-auth-storage 'url-http-real-basic-auth-storage
50 "Where usernames and passwords are stored.
51
52 Must be a symbol pointing to another variable that will actually store
53 the information. The value of this variable is an assoc list of assoc
54 lists. The first assoc list is keyed by the server name. The cdr of
55 this is an assoc list based on the 'directory' specified by the url we
56 are looking up.")
57
58 (defun url-basic-auth (url &optional prompt overwrite realm args)
59 "Get the username/password for the specified URL.
60 If optional argument PROMPT is non-nil, ask for the username/password
61 to use for the url and its descendants. If optional third argument
62 OVERWRITE is non-nil, overwrite the old username/password pair if it
63 is found in the assoc list. If REALM is specified, use that as the realm
64 instead of the pathname inheritance method."
65 (let* ((href (if (stringp url)
66 (url-generic-parse-url url)
67 url))
68 (server (url-host href))
69 (port (url-port href))
70 (path (url-filename href))
71 (user (url-user href))
72 (pass (url-password href))
73 byserv retval data)
74 (setq server (format "%s:%d" server port)
75 path (cond
76 (realm realm)
77 ((string-match "/$" path) path)
78 (t (url-basepath path)))
79 byserv (cdr-safe (assoc server
80 (symbol-value url-basic-auth-storage))))
81 (cond
82 ((and prompt (not byserv))
83 (setq user (read-string (url-auth-user-prompt url realm)
84 (or user (user-real-login-name)))
85 pass (read-passwd "Password: " nil (or pass "")))
86 (set url-basic-auth-storage
87 (cons (list server
88 (cons path
89 (setq retval
90 (base64-encode-string
91 (format "%s:%s" user pass)))))
92 (symbol-value url-basic-auth-storage))))
93 (byserv
94 (setq retval (cdr-safe (assoc path byserv)))
95 (if (and (not retval)
96 (string-match "/" path))
97 (while (and byserv (not retval))
98 (setq data (car (car byserv)))
99 (if (or (not (string-match "/" data)) ; It's a realm - take it!
100 (and
101 (>= (length path) (length data))
102 (string= data (substring path 0 (length data)))))
103 (setq retval (cdr (car byserv))))
104 (setq byserv (cdr byserv))))
105 (if (or (and (not retval) prompt) overwrite)
106 (progn
107 (setq user (read-string (url-auth-user-prompt url realm)
108 (user-real-login-name))
109 pass (read-passwd "Password: ")
110 retval (base64-encode-string (format "%s:%s" user pass))
111 byserv (assoc server (symbol-value url-basic-auth-storage)))
112 (setcdr byserv
113 (cons (cons path retval) (cdr byserv))))))
114 (t (setq retval nil)))
115 (if retval (setq retval (concat "Basic " retval)))
116 retval))
117
118 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
119 ;;; Digest authorization code
120 ;;; ------------------------
121 ;;; This implements the DIGEST authorization type. See the internet draft
122 ;;; ftp://ds.internic.net/internet-drafts/draft-ietf-http-digest-aa-01.txt
123 ;;; for the complete documentation on this type.
124 ;;;
125 ;;; This is very secure
126 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
127 (defvar url-digest-auth-storage nil
128 "Where usernames and passwords are stored. Its value is an assoc list of
129 assoc lists. The first assoc list is keyed by the server name. The cdr of
130 this is an assoc list based on the 'directory' specified by the url we are
131 looking up.")
132
133 (defun url-digest-auth-create-key (username password realm method uri)
134 "Create a key for digest authentication method"
135 (let* ((info (if (stringp uri)
136 (url-generic-parse-url uri)
137 uri))
138 (a1 (md5 (concat username ":" realm ":" password)))
139 (a2 (md5 (concat method ":" (url-filename info)))))
140 (list a1 a2)))
141
142 (defun url-digest-auth (url &optional prompt overwrite realm args)
143 "Get the username/password for the specified URL.
144 If optional argument PROMPT is non-nil, ask for the username/password
145 to use for the url and its descendants. If optional third argument
146 OVERWRITE is non-nil, overwrite the old username/password pair if it
147 is found in the assoc list. If REALM is specified, use that as the realm
148 instead of hostname:portnum."
149 (if args
150 (let* ((href (if (stringp url)
151 (url-generic-parse-url url)
152 url))
153 (server (url-host href))
154 (port (url-port href))
155 (path (url-filename href))
156 user pass byserv retval data)
157 (setq path (cond
158 (realm realm)
159 ((string-match "/$" path) path)
160 (t (url-basepath path)))
161 server (format "%s:%d" server port)
162 byserv (cdr-safe (assoc server url-digest-auth-storage)))
163 (cond
164 ((and prompt (not byserv))
165 (setq user (read-string (url-auth-user-prompt url realm)
166 (user-real-login-name))
167 pass (read-passwd "Password: ")
168 url-digest-auth-storage
169 (cons (list server
170 (cons path
171 (setq retval
172 (cons user
173 (url-digest-auth-create-key
174 user pass realm
175 (or url-request-method "GET")
176 url)))))
177 url-digest-auth-storage)))
178 (byserv
179 (setq retval (cdr-safe (assoc path byserv)))
180 (if (and (not retval) ; no exact match, check directories
181 (string-match "/" path)) ; not looking for a realm
182 (while (and byserv (not retval))
183 (setq data (car (car byserv)))
184 (if (or (not (string-match "/" data))
185 (and
186 (>= (length path) (length data))
187 (string= data (substring path 0 (length data)))))
188 (setq retval (cdr (car byserv))))
189 (setq byserv (cdr byserv))))
190 (if (or (and (not retval) prompt) overwrite)
191 (progn
192 (setq user (read-string (url-auth-user-prompt url realm)
193 (user-real-login-name))
194 pass (read-passwd "Password: ")
195 retval (setq retval
196 (cons user
197 (url-digest-auth-create-key
198 user pass realm
199 (or url-request-method "GET")
200 url)))
201 byserv (assoc server url-digest-auth-storage))
202 (setcdr byserv
203 (cons (cons path retval) (cdr byserv))))))
204 (t (setq retval nil)))
205 (if retval
206 (let ((nonce (or (cdr-safe (assoc "nonce" args)) "nonegiven"))
207 (opaque (or (cdr-safe (assoc "opaque" args)) "nonegiven")))
208 (format
209 (concat "Digest username=\"%s\", realm=\"%s\","
210 "nonce=\"%s\", uri=\"%s\","
211 "response=\"%s\", opaque=\"%s\"")
212 (nth 0 retval) realm nonce (url-filename href)
213 (md5 (concat (nth 1 retval) ":" nonce ":"
214 (nth 2 retval))) opaque))))))
215
216 (defvar url-registered-auth-schemes nil
217 "A list of the registered authorization schemes and various and sundry
218 information associated with them.")
219
220 ;;;###autoload
221 (defun url-get-authentication (url realm type prompt &optional args)
222 "Return an authorization string suitable for use in the WWW-Authenticate
223 header in an HTTP/1.0 request.
224
225 URL is the url you are requesting authorization to. This can be either a
226 string representing the URL, or the parsed representation returned by
227 `url-generic-parse-url'
228 REALM is the realm at a specific site we are looking for. This should be a
229 string specifying the exact realm, or nil or the symbol 'any' to
230 specify that the filename portion of the URL should be used as the
231 realm
232 TYPE is the type of authentication to be returned. This is either a string
233 representing the type (basic, digest, etc), or nil or the symbol 'any'
234 to specify that any authentication is acceptable. If requesting 'any'
235 the strongest matching authentication will be returned. If this is
236 wrong, it's no big deal, the error from the server will specify exactly
237 what type of auth to use
238 PROMPT is boolean - specifies whether to ask the user for a username/password
239 if one cannot be found in the cache"
240 (if (not realm)
241 (setq realm (cdr-safe (assoc "realm" args))))
242 (if (stringp url)
243 (setq url (url-generic-parse-url url)))
244 (if (or (null type) (eq type 'any))
245 ;; Whooo doogies!
246 ;; Go through and get _all_ the authorization strings that could apply
247 ;; to this URL, store them along with the 'rating' we have in the list
248 ;; of schemes, then sort them so that the 'best' is at the front of the
249 ;; list, then get the car, then get the cdr.
250 ;; Zooom zooom zoooooom
251 (cdr-safe
252 (car-safe
253 (sort
254 (mapcar
255 (function
256 (lambda (scheme)
257 (if (fboundp (car (cdr scheme)))
258 (cons (cdr (cdr scheme))
259 (funcall (car (cdr scheme)) url nil nil realm))
260 (cons 0 nil))))
261 url-registered-auth-schemes)
262 (function
263 (lambda (x y)
264 (cond
265 ((null (cdr x)) nil)
266 ((and (cdr x) (null (cdr y))) t)
267 ((and (cdr x) (cdr y))
268 (>= (car x) (car y)))
269 (t nil)))))))
270 (if (symbolp type) (setq type (symbol-name type)))
271 (let* ((scheme (car-safe
272 (cdr-safe (assoc (downcase type)
273 url-registered-auth-schemes)))))
274 (if (and scheme (fboundp scheme))
275 (funcall scheme url prompt
276 (and prompt
277 (funcall scheme url nil nil realm args))
278 realm args)))))
279
280 ;;;###autoload
281 (defun url-register-auth-scheme (type &optional function rating)
282 "Register an HTTP authentication method.
283
284 TYPE is a string or symbol specifying the name of the method. This
285 should be the same thing you expect to get returned in an Authenticate
286 header in HTTP/1.0 - it will be downcased.
287 FUNCTION is the function to call to get the authorization information. This
288 defaults to `url-?-auth', where ? is TYPE
289 RATING a rating between 1 and 10 of the strength of the authentication.
290 This is used when asking for the best authentication for a specific
291 URL. The item with the highest rating is returned."
292 (let* ((type (cond
293 ((stringp type) (downcase type))
294 ((symbolp type) (downcase (symbol-name type)))
295 (t (error "Bad call to `url-register-auth-scheme'"))))
296 (function (or function (intern (concat "url-" type "-auth"))))
297 (rating (cond
298 ((null rating) 2)
299 ((stringp rating) (string-to-number rating))
300 (t rating)))
301 (node (assoc type url-registered-auth-schemes)))
302 (if (not (fboundp function))
303 (url-warn 'security
304 (format (concat
305 "Tried to register `%s' as an auth scheme"
306 ", but it is not a function!") function)))
307
308 (if node
309 (setcdr node (cons function rating))
310 (setq url-registered-auth-schemes
311 (cons (cons type (cons function rating))
312 url-registered-auth-schemes)))))
313
314 (defun url-auth-registered (scheme)
315 "Return non-nil if SCHEME is registered as an auth type."
316 (assoc scheme url-registered-auth-schemes))
317
318 (provide 'url-auth)
319
320 ;;; arch-tag: 04058625-616d-44e4-9dbf-4b46b00b2a91
321 ;;; url-auth.el ends here
Emacs repository mirror