From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Michal Nazarewicz <mina86@mina86.com>
Newsgroups: gmane.emacs.devel
Subject: [PATCHv2] lisp/server.el: Introduction of server-auth-key variable
Date: Mon,  2 May 2011 17:28:15 +0200
Message-ID: <95c04f1695da4ecdcb5ab7bea67231552b1c2e1d.1304349384.git.mina86@mina86.com>
References: <835b9d42b15c18e5adf7381138f347061fbc17e8.1298381336.git.mina86@mina86.com>
NNTP-Posting-Host: lo.gmane.org
X-Trace: dough.gmane.org 1304350124 5153 80.91.229.12 (2 May 2011 15:28:44 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 2 May 2011 15:28:44 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: "Juanma Barranquero" <lekktu@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon May 02 17:28:40 2011
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QGv36-0001oO-CZ
	for ged-emacs-devel@m.gmane.org; Mon, 02 May 2011 17:28:36 +0200
Original-Received: from localhost ([::1]:42978 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QGv35-0002YW-TA
	for ged-emacs-devel@m.gmane.org; Mon, 02 May 2011 11:28:35 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:55585)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mnazarewicz@google.com>) id 1QGv33-0002YR-LZ
	for emacs-devel@gnu.org; Mon, 02 May 2011 11:28:34 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mnazarewicz@google.com>) id 1QGv32-0003cw-Hb
	for emacs-devel@gnu.org; Mon, 02 May 2011 11:28:33 -0400
Original-Received: from smtp-out.google.com ([216.239.44.51]:56039)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mnazarewicz@google.com>) id 1QGv31-0003cp-UE
	for emacs-devel@gnu.org; Mon, 02 May 2011 11:28:32 -0400
Original-Received: from hpaq7.eem.corp.google.com (hpaq7.eem.corp.google.com
	[172.25.149.7]) by smtp-out.google.com with ESMTP id p42FSTM0027547
	for <emacs-devel@gnu.org>; Mon, 2 May 2011 08:28:30 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta;
	t=1304350110; bh=kKoT4XYeuOUQ82sg3Jl1TxvruyA=;
	h=Sender:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References;
	b=Z9lmeEwZ3IfDubC5apLrP+8+YxJcu+zr0wVyxb7zHapi0yICk/WZmxgArDX1/i+f4
	P8sCVU38pqxdJHLH0Hv9A==
Original-Received: from fxm18 (fxm18.prod.google.com [10.184.13.18])
	by hpaq7.eem.corp.google.com with ESMTP id p42FSETH028442
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT)
	for <emacs-devel@gnu.org>; Mon, 2 May 2011 08:28:28 -0700
Original-Received: by fxm18 with SMTP id 18so4646748fxm.0
	for <emacs-devel@gnu.org>; Mon, 02 May 2011 08:28:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta;
	h=domainkey-signature:sender:from:to:cc:subject:date:message-id
	:x-mailer:in-reply-to:references;
	bh=C+gSNFiObDBBX4cPVvCJHk6OeA6jTaZL5h88g2Ca554=;
	b=G9j6tYyv1KHQVJQFW1P91h9YeLC9wn1KYez9KVLu/Wg/UrDIAZ/wRigiXsNK9AHJgU
	hJh1nV8n0hHqtFZ3ozNg==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta;
	h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to
	:references;
	b=PvtzKUMbiyqFTffi+1z0hlkdskp8fcal7qkuV9Ebh2VZ23Dxslj933KtWtNLQ9tw0z
	jHPZ3pL0aHpKmQ3UNMZA==
Original-Received: by 10.223.55.200 with SMTP id v8mr13872fag.82.1304350108545;
	Mon, 02 May 2011 08:28:28 -0700 (PDT)
Original-Received: from mnazarewicz-glaptop.zrh.corp.google.com
	(dhcp-172-16-75-204.zrh.corp.google.com [172.16.75.204])
	by mx.google.com with ESMTPS id g5sm1780733faa.2.2011.05.02.08.28.27
	(version=SSLv3 cipher=OTHER); Mon, 02 May 2011 08:28:27 -0700 (PDT)
X-Mailer: git-send-email 1.7.3.1
In-Reply-To: <835b9d42b15c18e5adf7381138f347061fbc17e8.1298381336.git.mina86@mina86.com>
X-System-Of-Record: true
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 216.239.44.51
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:138961
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/138961>

This commit adds a server-auth-key variable which allows
user to specify a default authentication key used by the
server process.
---
 lisp/server.el |   61 +++++++++++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 54 insertions(+), 7 deletions(-)

This is an updated version of my previous patch.  It now validates whether
a key specified via server-auth-key is a valid key (meaning 64 printable
characters).

diff --git a/lisp/server.el b/lisp/server.el
index cb1903a..e96f77f 100644
--- a/lisp/server.el
+++ b/lisp/server.el
@@ -134,6 +134,33 @@ directory residing in a NTFS partition instead."
 ;;;###autoload
 (put 'server-auth-dir 'risky-local-variable t)
 
+(defcustom server-auth-key nil
+  "Server authentication key.
+
+Normally, authentication key is generated on random when server
+starts, which guarantees some level of security.  It is
+recommended to leave it that way.  Using a long-lived shared key
+may decrease security (especially since the key is transmitted as
+plain text).
+
+In some situations however, it can be difficult to share randomly
+generated password with remote hosts (eg. no shared directory),
+so you can set the key with this variable and then copy server
+file to remote host (with possible changes to IP address and/or
+port if that applies).
+
+The key must consist of 64 US-ASCII printable characters except
+for space (this means characters from ! to ~; or from code 33
+to 126).
+
+You can use \\[server-generate-key] to get a random authentication
+key."
+  :group 'server
+  :type '(choice
+	  (const :tag "Random" nil)
+	  (string :tag "Password"))
+  :version "24.0")
+
 (defcustom server-raise-frame t
   "If non-nil, raise frame when switching to a buffer."
   :group 'server
@@ -501,6 +528,32 @@ See variable `server-auth-dir' for details."
       (unless safe
 	(error "The directory `%s' is unsafe" dir)))))
 
+(defun server-generate-key ()
+  "Generates and returns a random 64-byte strings of random chars
+in the range `!'..`~'. If called interactively, also inserts it
+into current buffer."
+  (interactive)
+  (let ((auth-key
+	 (loop repeat 64
+	       collect (+ 33 (random 94)) into auth
+	       finally return (concat auth))))
+    (if (called-interactively-p)
+	(insert auth-key))
+    auth-key))
+
+(defun server-get-auth-key ()
+  "Returns server's authentication key.
+
+If `server-auth-key' is nil this function will just call
+`server-generate-key'.  Otherwise, if `server-auth-key' is
+a valid authentication it will return it.  Otherwise, it will
+signal an error."
+  (if server-auth-key
+    (if (string-match "^[!-~]\\{64\\}$" server-auth-key)
+        server-auth-key
+      (error "The key '%s' is invalid" server-auth-key))
+    (server-generate-key)))
+
 ;;;###autoload
 (defun server-start (&optional leave-dead inhibit-prompt)
   "Allow this Emacs process to be a server for client processes.
@@ -594,13 +647,7 @@ server or call `M-x server-force-delete' to forcibly disconnect it.")
 	  (unless server-process (error "Could not start server process"))
 	  (process-put server-process :server-file server-file)
 	  (when server-use-tcp
-	    (let ((auth-key
-		   (loop
-		      ;; The auth key is a 64-byte string of random chars in the
-		      ;; range `!'..`~'.
-		      repeat 64
-		      collect (+ 33 (random 94)) into auth
-		      finally return (concat auth))))
+	    (let ((auth-key (server-get-auth-key)))
 	      (process-put server-process :auth-key auth-key)
 	      (with-temp-file server-file
 		(set-buffer-multibyte nil)
-- 
1.7.3.1