Function: tramp-read-passwd

tramp-read-passwd is a byte-compiled function defined in tramp.el.gz.

Signature

(tramp-read-passwd PROC &optional PROMPT)

Documentation

Read a password from user (compat function).

Consults the auth-source package.

Source Code

;; Defined in /usr/src/emacs/lisp/net/tramp.el.gz
;; When calling "emacs -Q", `auth-source-search' won't be called.  If
;; you want to debug exactly this case, call "emacs -Q --eval '(setq
;; tramp-cache-read-persistent-data t)'" instead.
(defun tramp-read-passwd (proc &optional prompt)
  "Read a password from user (compat function).
Consults the auth-source package."
  (declare (tramp-suppress-trace t))
  (let* (;; If `auth-sources' contains "~/.authinfo.gpg", and
	 ;; `exec-path' contains a relative file name like ".", it
	 ;; could happen that the "gpg" command is not found.  So we
	 ;; adapt `default-directory'.  (Bug#39389, Bug#39489)
	 (default-directory tramp-compat-temporary-file-directory)
	 (case-fold-search t)
	 ;; In tramp-sh.el, we must use "hop-vector" and "pw-vector"
	 ;; due to multi-hop.
	 (vec (process-get proc 'tramp-vector))
	 (hop-vec (tramp-get-connection-property proc "hop-vector" vec))
	 (pw-vec (tramp-get-connection-property proc "pw-vector" hop-vec))
	 (key (tramp-make-tramp-file-name pw-vec 'noloc))
	 (method (tramp-file-name-method pw-vec))
	 (user-domain (or (tramp-file-name-user-domain pw-vec)
			  (tramp-get-connection-property pw-vec "login-as")))
	 (host-port (tramp-file-name-host-port pw-vec))
	 (pw-prompt
	  (string-trim-left
	   (or prompt
	       (with-current-buffer (process-buffer proc)
		 (tramp-check-for-regexp proc tramp-password-prompt-regexp)
		 (if (string-match-p "passphrase" (match-string 1))
		     (match-string 0)
		   (format "%s for %s " (capitalize (match-string 1)) key))))))
	 ;; If there is no user name, `:create' triggers to ask for.
	 ;; We suppress it.
	 (pw-spec (list :max 1 :user user-domain :host host-port :port method
			:require (cons :secret (and user-domain '(:user)))
			:create (and user-domain t)))
	 (auth-source-creation-prompts `((secret . ,pw-prompt)))
	 ;; Use connection-local value.
	 (auth-sources (buffer-local-value 'auth-sources (process-buffer proc)))
	 auth-info auth-passwd tramp-dont-suspend-timers)

    (unwind-protect
	(or
	 (setq tramp-password-save-function nil)
	 ;; See if `auth-sources' contains something useful.
	 (ignore-errors
	   (and (tramp-get-connection-property hop-vec "first-password-request")
		(setq auth-info (car (apply #'auth-source-search pw-spec))
		      tramp-password-save-function
		      (plist-get auth-info :save-function)
		      auth-passwd
		      (tramp-compat-auth-info-password auth-info))))

	 ;; Try the password cache.
	 (with-tramp-suspended-timers
	   (setq auth-passwd
		 (password-read
		  pw-prompt (auth-source-format-cache-entry pw-spec))
		 tramp-password-save-function
		 (when auth-source-do-cache
		   (lambda ()
		     (password-cache-add
		      (auth-source-format-cache-entry pw-spec) auth-passwd))))
	   auth-passwd))

      ;; Workaround.  Prior Emacs 28.1, auth-source has saved empty
      ;; passwords.  See discussion in Bug#50399.
      (when (tramp-string-empty-or-nil-p auth-passwd)
	(setq tramp-password-save-function nil))
      ;; Remember the values.
      (tramp-set-connection-property hop-vec "pw-spec" pw-spec)
      (tramp-set-connection-property hop-vec "first-password-request" nil))))