From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Michal Nazarewicz Newsgroups: gmane.emacs.devel Subject: [PATCHv2] lisp/server.el: Introduction of server-auth-key variable Date: Mon, 2 May 2011 17:28:15 +0200 Message-ID: <95c04f1695da4ecdcb5ab7bea67231552b1c2e1d.1304349384.git.mina86@mina86.com> References: <835b9d42b15c18e5adf7381138f347061fbc17e8.1298381336.git.mina86@mina86.com> NNTP-Posting-Host: lo.gmane.org X-Trace: dough.gmane.org 1304350124 5153 80.91.229.12 (2 May 2011 15:28:44 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 2 May 2011 15:28:44 +0000 (UTC) Cc: emacs-devel@gnu.org To: "Juanma Barranquero" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon May 02 17:28:40 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QGv36-0001oO-CZ for ged-emacs-devel@m.gmane.org; Mon, 02 May 2011 17:28:36 +0200 Original-Received: from localhost ([::1]:42978 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGv35-0002YW-TA for ged-emacs-devel@m.gmane.org; Mon, 02 May 2011 11:28:35 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:55585) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGv33-0002YR-LZ for emacs-devel@gnu.org; Mon, 02 May 2011 11:28:34 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QGv32-0003cw-Hb for emacs-devel@gnu.org; Mon, 02 May 2011 11:28:33 -0400 Original-Received: from smtp-out.google.com ([216.239.44.51]:56039) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGv31-0003cp-UE for emacs-devel@gnu.org; Mon, 02 May 2011 11:28:32 -0400 Original-Received: from hpaq7.eem.corp.google.com (hpaq7.eem.corp.google.com [172.25.149.7]) by smtp-out.google.com with ESMTP id p42FSTM0027547 for ; Mon, 2 May 2011 08:28:30 -0700 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1304350110; bh=kKoT4XYeuOUQ82sg3Jl1TxvruyA=; h=Sender:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References; b=Z9lmeEwZ3IfDubC5apLrP+8+YxJcu+zr0wVyxb7zHapi0yICk/WZmxgArDX1/i+f4 P8sCVU38pqxdJHLH0Hv9A== Original-Received: from fxm18 (fxm18.prod.google.com [10.184.13.18]) by hpaq7.eem.corp.google.com with ESMTP id p42FSETH028442 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Mon, 2 May 2011 08:28:28 -0700 Original-Received: by fxm18 with SMTP id 18so4646748fxm.0 for ; Mon, 02 May 2011 08:28:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:sender:from:to:cc:subject:date:message-id :x-mailer:in-reply-to:references; bh=C+gSNFiObDBBX4cPVvCJHk6OeA6jTaZL5h88g2Ca554=; b=G9j6tYyv1KHQVJQFW1P91h9YeLC9wn1KYez9KVLu/Wg/UrDIAZ/wRigiXsNK9AHJgU hJh1nV8n0hHqtFZ3ozNg== DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references; b=PvtzKUMbiyqFTffi+1z0hlkdskp8fcal7qkuV9Ebh2VZ23Dxslj933KtWtNLQ9tw0z jHPZ3pL0aHpKmQ3UNMZA== Original-Received: by 10.223.55.200 with SMTP id v8mr13872fag.82.1304350108545; Mon, 02 May 2011 08:28:28 -0700 (PDT) Original-Received: from mnazarewicz-glaptop.zrh.corp.google.com (dhcp-172-16-75-204.zrh.corp.google.com [172.16.75.204]) by mx.google.com with ESMTPS id g5sm1780733faa.2.2011.05.02.08.28.27 (version=SSLv3 cipher=OTHER); Mon, 02 May 2011 08:28:27 -0700 (PDT) X-Mailer: git-send-email 1.7.3.1 In-Reply-To: <835b9d42b15c18e5adf7381138f347061fbc17e8.1298381336.git.mina86@mina86.com> X-System-Of-Record: true X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 216.239.44.51 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:138961 Archived-At: This commit adds a server-auth-key variable which allows user to specify a default authentication key used by the server process. --- lisp/server.el | 61 +++++++++++++++++++++++++++++++++++++++++++++++++------ 1 files changed, 54 insertions(+), 7 deletions(-) This is an updated version of my previous patch. It now validates whether a key specified via server-auth-key is a valid key (meaning 64 printable characters). diff --git a/lisp/server.el b/lisp/server.el index cb1903a..e96f77f 100644 --- a/lisp/server.el +++ b/lisp/server.el @@ -134,6 +134,33 @@ directory residing in a NTFS partition instead." ;;;###autoload (put 'server-auth-dir 'risky-local-variable t) +(defcustom server-auth-key nil + "Server authentication key. + +Normally, authentication key is generated on random when server +starts, which guarantees some level of security. It is +recommended to leave it that way. Using a long-lived shared key +may decrease security (especially since the key is transmitted as +plain text). + +In some situations however, it can be difficult to share randomly +generated password with remote hosts (eg. no shared directory), +so you can set the key with this variable and then copy server +file to remote host (with possible changes to IP address and/or +port if that applies). + +The key must consist of 64 US-ASCII printable characters except +for space (this means characters from ! to ~; or from code 33 +to 126). + +You can use \\[server-generate-key] to get a random authentication +key." + :group 'server + :type '(choice + (const :tag "Random" nil) + (string :tag "Password")) + :version "24.0") + (defcustom server-raise-frame t "If non-nil, raise frame when switching to a buffer." :group 'server @@ -501,6 +528,32 @@ See variable `server-auth-dir' for details." (unless safe (error "The directory `%s' is unsafe" dir))))) +(defun server-generate-key () + "Generates and returns a random 64-byte strings of random chars +in the range `!'..`~'. If called interactively, also inserts it +into current buffer." + (interactive) + (let ((auth-key + (loop repeat 64 + collect (+ 33 (random 94)) into auth + finally return (concat auth)))) + (if (called-interactively-p) + (insert auth-key)) + auth-key)) + +(defun server-get-auth-key () + "Returns server's authentication key. + +If `server-auth-key' is nil this function will just call +`server-generate-key'. Otherwise, if `server-auth-key' is +a valid authentication it will return it. Otherwise, it will +signal an error." + (if server-auth-key + (if (string-match "^[!-~]\\{64\\}$" server-auth-key) + server-auth-key + (error "The key '%s' is invalid" server-auth-key)) + (server-generate-key))) + ;;;###autoload (defun server-start (&optional leave-dead inhibit-prompt) "Allow this Emacs process to be a server for client processes. @@ -594,13 +647,7 @@ server or call `M-x server-force-delete' to forcibly disconnect it.") (unless server-process (error "Could not start server process")) (process-put server-process :server-file server-file) (when server-use-tcp - (let ((auth-key - (loop - ;; The auth key is a 64-byte string of random chars in the - ;; range `!'..`~'. - repeat 64 - collect (+ 33 (random 94)) into auth - finally return (concat auth)))) + (let ((auth-key (server-get-auth-key))) (process-put server-process :auth-key auth-key) (with-temp-file server-file (set-buffer-multibyte nil) -- 1.7.3.1