* [PATCH] lisp/server.el: Introduction of server-auth-key variable
@ 2011-02-22 13:55 Michal Nazarewicz
2011-04-29 11:30 ` Juanma Barranquero
` (2 more replies)
0 siblings, 3 replies; 19+ messages in thread
From: Michal Nazarewicz @ 2011-02-22 13:55 UTC (permalink / raw)
To: emacs-devel; +Cc: Michal Nazarewicz
From: Michal Nazarewicz <mina86@mina86.com>
This commit adds a server-auth-key variable which allows
user to specify a default authentication key used by the
server process.
---
lisp/server.el | 42 +++++++++++++++++++++++++++++++++++-------
1 files changed, 35 insertions(+), 7 deletions(-)
Hello, attached is a patch that adds a `server-auth-key' variable,
which I use to easily allow a host to connect to Emacs daemon
listening on TCP port without the need of synchronising the server
file each time server starts.
The etc/CONTRIBUTE mentions ChangeLog entry. I'm unsure whether
you need anything more then the commit message above but in case
you do, here's ChangeLog entry:
2011-02-21 Michal Nazarewicz <mina86@mina86.com> (tiny change)
* lisp/server.el: Introduce server-auth-key variable which
allows user to specify a default authentication key used by
the server process.
Hope you guys don't mind git style patch mail.
diff --git a/lisp/server.el b/lisp/server.el
index df8cae0..3963e86 100644
--- a/lisp/server.el
+++ b/lisp/server.el
@@ -134,6 +134,27 @@ directory residing in a NTFS partition instead."
;;;###autoload
(put 'server-auth-dir 'risky-local-variable t)
+(defcustom server-auth-key nil
+ "Server authentication key.
+
+Normally, authentication key is generated on random when server
+starts, which guarantees a certain level of security. It is
+recommended to leave it that way.
+
+In some situations however, it can be difficult to share randomly
+generated password with remote hosts (eg. no shared directory),
+so you can set the key with this variable and then copy server
+file to remote host (with possible changes to IP address and/or
+port if that applies).
+
+You can use \\[server-generate-key] to get a random authentication
+key."
+ :group 'server
+ :type '(choice
+ (const :tag "Random" nil)
+ (string :tag "Password"))
+ :version "24.0")
+
(defcustom server-raise-frame t
"If non-nil, raise frame when switching to a buffer."
:group 'server
@@ -495,6 +516,19 @@ See variable `server-auth-dir' for details."
(unless safe
(error "The directory `%s' is unsafe" dir)))))
+(defun server-generate-key ()
+ "Generates and returns a random 64-byte strings of random chars
+in the range `!'..`~'. If called interactively, also inserts it
+into current buffer."
+ (interactive)
+ (let ((auth-key
+ (loop repeat 64
+ collect (+ 33 (random 94)) into auth
+ finally return (concat auth))))
+ (if (called-interactively-p)
+ (insert auth-key))
+ auth-key))
+
;;;###autoload
(defun server-start (&optional leave-dead inhibit-prompt)
"Allow this Emacs process to be a server for client processes.
@@ -588,13 +622,7 @@ server or call `M-x server-force-delete' to forcibly disconnect it.")
(unless server-process (error "Could not start server process"))
(process-put server-process :server-file server-file)
(when server-use-tcp
- (let ((auth-key
- (loop
- ;; The auth key is a 64-byte string of random chars in the
- ;; range `!'..`~'.
- repeat 64
- collect (+ 33 (random 94)) into auth
- finally return (concat auth))))
+ (let ((auth-key (or server-auth-key (server-generate-key))))
(process-put server-process :auth-key auth-key)
(with-temp-file server-file
(set-buffer-multibyte nil)
--
1.7.3.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-02-22 13:55 [PATCH] lisp/server.el: Introduction of server-auth-key variable Michal Nazarewicz
@ 2011-04-29 11:30 ` Juanma Barranquero
2011-04-29 11:42 ` Michal Nazarewicz
2011-04-29 16:22 ` Stefan Monnier
2011-05-02 15:28 ` [PATCHv2] " Michal Nazarewicz
2 siblings, 1 reply; 19+ messages in thread
From: Juanma Barranquero @ 2011-04-29 11:30 UTC (permalink / raw)
To: Michal Nazarewicz; +Cc: Michal Nazarewicz, emacs-devel
On Tue, Feb 22, 2011 at 14:55, Michal Nazarewicz <mnazarewicz@google.com> wrote:
> From: Michal Nazarewicz <mina86@mina86.com>
>
> This commit adds a server-auth-key variable which allows
> user to specify a default authentication key used by the
> server process.
Do we want to add this to server.el, or dismiss it?
If we want to commit it, it is certainly not "tiny" and papers would
have to be signed before.
Juanma
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-29 11:30 ` Juanma Barranquero
@ 2011-04-29 11:42 ` Michal Nazarewicz
2011-04-29 12:02 ` Juanma Barranquero
0 siblings, 1 reply; 19+ messages in thread
From: Michal Nazarewicz @ 2011-04-29 11:42 UTC (permalink / raw)
To: Juanma Barranquero; +Cc: emacs-devel
> On Tue, Feb 22, 2011 at 14:55, Michal Nazarewicz wrote:
>> This commit adds a server-auth-key variable which allows
>> user to specify a default authentication key used by the
>> server process.
On Fri, 29 Apr 2011 13:30:45 +0200, Juanma Barranquero wrote:
> Do we want to add this to server.el, or dismiss it?
>
> If we want to commit it, it is certainly not "tiny" and papers
> would have to be signed before.
The patch seemed rather straightforward but if you guys decide to
include it and papers need to be signed just let me know as it
should not be a problem.
--
Best regards, _ _
.o. | Liege of Serenely Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +-----<email/xmpp: mnazarewicz@google.com>-----ooO--(_)--Ooo--
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-29 11:42 ` Michal Nazarewicz
@ 2011-04-29 12:02 ` Juanma Barranquero
2011-04-29 12:43 ` Michal Nazarewicz
2011-04-29 14:34 ` Michal Nazarewicz
0 siblings, 2 replies; 19+ messages in thread
From: Juanma Barranquero @ 2011-04-29 12:02 UTC (permalink / raw)
To: Michal Nazarewicz; +Cc: emacs-devel
2011/4/29 Michal Nazarewicz <mina86@mina86.com>:
> The patch seemed rather straightforward but if you guys decide to
> include it and papers need to be signed just let me know as it
> should not be a problem.
As soon as the contributions amount to more than 10-15 lines of
non-trivial code, papers must be signed.
Juanma
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-29 12:02 ` Juanma Barranquero
@ 2011-04-29 12:43 ` Michal Nazarewicz
2011-04-29 14:34 ` Michal Nazarewicz
1 sibling, 0 replies; 19+ messages in thread
From: Michal Nazarewicz @ 2011-04-29 12:43 UTC (permalink / raw)
To: Juanma Barranquero; +Cc: emacs-devel
> 2011/4/29 Michal Nazarewicz wrote:
>> The patch seemed rather straightforward but if you guys decide to
>> include it and papers need to be signed just let me know as it
>> should not be a problem.
On Fri, 29 Apr 2011 14:02:10 +0200, Juanma Barranquero wrote:
> As soon as the contributions amount to more than 10-15 lines of
> non-trivial code, papers must be signed.
The patch was just a bit of documentation, a piece of code moved
to a separate function and a single (or ...) added hence I considered
it trivial.
At any rate, copyright assignment should not be a problem, but since
Google holds the copyright for the patch I need to contact legal.
Could you just point me to the forms?
--
Best regards, _ _
.o. | Liege of Serenely Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +-----<email/xmpp: mnazarewicz@google.com>-----ooO--(_)--Ooo--
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-29 12:02 ` Juanma Barranquero
2011-04-29 12:43 ` Michal Nazarewicz
@ 2011-04-29 14:34 ` Michal Nazarewicz
2011-04-30 6:39 ` Eli Zaretskii
1 sibling, 1 reply; 19+ messages in thread
From: Michal Nazarewicz @ 2011-04-29 14:34 UTC (permalink / raw)
To: Juanma Barranquero; +Cc: emacs-devel
On Fri, 29 Apr 2011 14:02:10 +0200, Juanma Barranquero wrote:
> As soon as the contributions amount to more than 10-15 lines of
> non-trivial code, papers must be signed.
I just got a piece of information that Google already has
a copyright assignment on file with the FSF.
--
Best regards, _ _
.o. | Liege of Serenely Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +-----<email/xmpp: mnazarewicz@google.com>-----ooO--(_)--Ooo--
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-02-22 13:55 [PATCH] lisp/server.el: Introduction of server-auth-key variable Michal Nazarewicz
2011-04-29 11:30 ` Juanma Barranquero
@ 2011-04-29 16:22 ` Stefan Monnier
2011-04-29 16:35 ` Michal Nazarewicz
2011-04-30 14:31 ` Juanma Barranquero
2011-05-02 15:28 ` [PATCHv2] " Michal Nazarewicz
2 siblings, 2 replies; 19+ messages in thread
From: Stefan Monnier @ 2011-04-29 16:22 UTC (permalink / raw)
To: Michal Nazarewicz; +Cc: Michal Nazarewicz, emacs-devel
> +In some situations however, it can be difficult to share randomly
> +generated password with remote hosts (eg. no shared directory),
ssh/scp work fine for me.
> +so you can set the key with this variable and then copy server
> +file to remote host (with possible changes to IP address and/or
> +port if that applies).
IIUC this only makes sense if you want to use a shared key that you keep
for a "long" time (since the intention is to reduce the frequency of
key-distribution).
Now the server keys are sent in the clear over the network, so the
security we provide is rather minimal. OT1H that means your patch
should be OK since we don't really have security anyway. OTOH it means
that it makes the security threat more serious.
Stefan
PS: emacsclient should really try not to send the key in cleartext, but
instead send something like "nonce,hash(nonce,key)".
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-29 16:22 ` Stefan Monnier
@ 2011-04-29 16:35 ` Michal Nazarewicz
2011-04-29 17:09 ` Stefan Monnier
2011-04-30 14:31 ` Juanma Barranquero
1 sibling, 1 reply; 19+ messages in thread
From: Michal Nazarewicz @ 2011-04-29 16:35 UTC (permalink / raw)
To: Stefan Monnier; +Cc: emacs-devel
On Fri, 29 Apr 2011 18:22:27 +0200, Stefan Monnier
<monnier@iro.umontreal.ca> wrote:
>> +In some situations however, it can be difficult to share randomly
>> +generated password with remote hosts (eg. no shared directory),
>
> ssh/scp work fine for me.
Yes, but you'd have to send the key every time you connect to the remote
host and every time you restart emacs. I thought about something like
that but decided that it'd be easier to just use a single shared key.
>> +so you can set the key with this variable and then copy server
>> +file to remote host (with possible changes to IP address and/or
>> +port if that applies).
>
> IIUC this only makes sense if you want to use a shared key that you keep
> for a "long" time (since the intention is to reduce the frequency of
> key-distribution).
Yep, that's my use-case.
> Now the server keys are sent in the clear over the network, so the
> security we provide is rather minimal.
In my case it's not actually an issue since I use OpenVPN to connect
to my remote host, not to say that in general this may decrease
security for some users should they choose to use it.
> OT1H that means your patch should be OK since we don't really have
> security anyway. OTOH it means that it makes the security threat
> more serious.
--
Best regards, _ _
.o. | Liege of Serenely Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +-----<email/xmpp: mnazarewicz@google.com>-----ooO--(_)--Ooo--
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-29 16:35 ` Michal Nazarewicz
@ 2011-04-29 17:09 ` Stefan Monnier
0 siblings, 0 replies; 19+ messages in thread
From: Stefan Monnier @ 2011-04-29 17:09 UTC (permalink / raw)
To: Michal Nazarewicz; +Cc: emacs-devel
> Yes, but you'd have to send the key every time you connect to the remote
> host and every time you restart emacs.
I used something like "scp <server>:<authfile> .; emacsclient" last time
I needed such a thing, which is a bit slowish, indeed.
>> IIUC this only makes sense if you want to use a shared key that you keep
>> for a "long" time (since the intention is to reduce the frequency of
>> key-distribution).
> Yep, that's my use-case.
I guess it could make sense. I'd rather like to see such a feature
provided some other way (e.g. share the key via ssh-agent, or rely on
GNUtls for authentication), but I guess in the mean time it might be OK,
provided the docstring strongly encourages users not to use it and to
expect it to disappear in the future.
Stefan
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-29 14:34 ` Michal Nazarewicz
@ 2011-04-30 6:39 ` Eli Zaretskii
2011-04-30 21:03 ` Richard Stallman
2011-04-30 22:24 ` Michal Nazarewicz
0 siblings, 2 replies; 19+ messages in thread
From: Eli Zaretskii @ 2011-04-30 6:39 UTC (permalink / raw)
To: Michal Nazarewicz, Richard Stallman; +Cc: lekktu, emacs-devel
> Date: Fri, 29 Apr 2011 16:34:18 +0200
> From: "Michal Nazarewicz" <mina86@mina86.com>
> Cc: emacs-devel@gnu.org
>
> I just got a piece of information that Google already has
> a copyright assignment on file with the FSF.
That's true, but I don't know what that means for each employee of
Google who wants to contribute to Emacs. Richard, could you please
clarify? I see this in copyright.list:
ANY Google Inc. 2007-03-15
Assigns Changes
Bill Coughran
Vice President
Engineering
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-29 16:22 ` Stefan Monnier
2011-04-29 16:35 ` Michal Nazarewicz
@ 2011-04-30 14:31 ` Juanma Barranquero
2011-04-30 22:55 ` Michal Nazarewicz
1 sibling, 1 reply; 19+ messages in thread
From: Juanma Barranquero @ 2011-04-30 14:31 UTC (permalink / raw)
To: Stefan Monnier; +Cc: Michal Nazarewicz, Michal Nazarewicz, emacs-devel
On Fri, Apr 29, 2011 at 18:22, Stefan Monnier <monnier@iro.umontreal.ca> wrote:
> PS: emacsclient should really try not to send the key in cleartext, but
> instead send something like "nonce,hash(nonce,key)".
That's not hard to do, assuming that md5 is an acceptable hash
(because we already include C and elisp implementation, unlike
SHA-xx).
In the server side,
(unless (process-get proc :authenticated)
(if (or
;; New method: -auth2 nonce md5(nonce . auth-key)
(and (string-match "-auth2 \\([!-~]+\\)
\\([0-9a-f]\\{32\\}\\)\n?" string)
(string= (md5 (concat (match-string 1 string)
(process-get proc :auth-key)))
(match-string 2 string)))
;; Old method: -auth auth-key
(and (string-match "-auth \\([!-~]+\\)\n?" string)
(string= (match-string 1 string) (process-get proc :auth-key))))
(...set authenticated)
(...fail))
but in the emacsclient side, if it sends -auth2 it won't be
back-compatible with pre-24.1, and if it tries -auth, then -auth2,
-auth2 is not really used beause -auth is always accepted. So the only
ways I see to make this useful at all is to remove compatibility, or
introduce some kind of version check, perhaps resurrecting the
currently obsolete -version command:
;; -version CLIENT-VERSION: obsolete at birth.
(`"-version" (pop args-left))
Juanma
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-30 6:39 ` Eli Zaretskii
@ 2011-04-30 21:03 ` Richard Stallman
2011-04-30 22:24 ` Michal Nazarewicz
1 sibling, 0 replies; 19+ messages in thread
From: Richard Stallman @ 2011-04-30 21:03 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: lekktu, mina86, emacs-devel
That's true, but I don't know what that means for each employee of
Google who wants to contribute to Emacs. Richard, could you please
clarify?
Please ask assign@gnu.org questions like this. It is his job.
I do not have a copy of that contract with me here.
--
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org, www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
Use free telephony http://directory.fsf.org/category/tel/
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-30 6:39 ` Eli Zaretskii
2011-04-30 21:03 ` Richard Stallman
@ 2011-04-30 22:24 ` Michal Nazarewicz
1 sibling, 0 replies; 19+ messages in thread
From: Michal Nazarewicz @ 2011-04-30 22:24 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: lekktu, Richard Stallman, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 987 bytes --]
>> Date: Fri, 29 Apr 2011 16:34:18 +0200
>> From: "Michal Nazarewicz" <mina86@mina86.com>
>> Cc: emacs-devel@gnu.org
>>
>> I just got a piece of information that Google already has
>> a copyright assignment on file with the FSF.
Eli Zaretskii <eliz@gnu.org> writes:
> That's true, but I don't know what that means for each employee of
> Google who wants to contribute to Emacs. Richard, could you please
> clarify? I see this in copyright.list:
>
> ANY Google Inc. 2007-03-15
> Assigns Changes
> Bill Coughran
> Vice President
> Engineering
Google has the copyright on this one, I'm "just" an author, so I'd
assume mine contributions work the same way as any other Google
employee.
--
Best regards, _ _
.o. | Liege of Serenly Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +-<mina86-mina86.com>-<jid:mina86-jabber.org>--ooO--(_)--Ooo--
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-30 14:31 ` Juanma Barranquero
@ 2011-04-30 22:55 ` Michal Nazarewicz
2011-04-30 23:59 ` Juanma Barranquero
0 siblings, 1 reply; 19+ messages in thread
From: Michal Nazarewicz @ 2011-04-30 22:55 UTC (permalink / raw)
To: Juanma Barranquero; +Cc: Michal Nazarewicz, Stefan Monnier, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 2507 bytes --]
Juanma Barranquero <lekktu@gmail.com> writes:
> On Fri, Apr 29, 2011 at 18:22, Stefan Monnier <monnier@iro.umontreal.ca> wrote:
>
>> PS: emacsclient should really try not to send the key in cleartext, but
>> instead send something like "nonce,hash(nonce,key)".
>
> That's not hard to do, assuming that md5 is an acceptable hash
> (because we already include C and elisp implementation, unlike
> SHA-xx).
Depending on how paranoid are we, MD5 could feel too weak though.
(Also, one could wish for HMAC.)
> In the server side,
>
> (unless (process-get proc :authenticated)
> (if (or
> ;; New method: -auth2 nonce md5(nonce . auth-key)
> (and (string-match "-auth2 \\([!-~]+\\)
> \\([0-9a-f]\\{32\\}\\)\n?" string)
> (string= (md5 (concat (match-string 1 string)
> (process-get proc :auth-key)))
> (match-string 2 string)))
> ;; Old method: -auth auth-key
> (and (string-match "-auth \\([!-~]+\\)\n?" string)
> (string= (match-string 1 string) (process-get proc :auth-key))))
> (...set authenticated)
> (...fail))
Actually, server would have to generate the nonce. Otherwise, the
authentication scheme would be prone to replay attacks and would really
defy the purpose of nonce.
> but in the emacsclient side, if it sends -auth2 it won't be
> back-compatible with pre-24.1, and if it tries -auth, then -auth2,
> -auth2 is not really used beause -auth is always accepted. So the only
> ways I see to make this useful at all is to remove compatibility, or
> introduce some kind of version check, perhaps resurrecting the
> currently obsolete -version command:
>
> ;; -version CLIENT-VERSION: obsolete at birth.
> (`"-version" (pop args-left))
That would still break backward compatibility, wouldn't it? The old
servers would not accept this command anyway. Unless server would issue
it to client just after making connection. From what I see, the old
clients would "only" print error message.
In the worst case, the client could first try the new authenticating
scheme and on error reconnect with the old scheme.
--
Best regards, _ _
.o. | Liege of Serenly Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +-<mina86-mina86.com>-<jid:mina86-jabber.org>--ooO--(_)--Ooo--
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-30 22:55 ` Michal Nazarewicz
@ 2011-04-30 23:59 ` Juanma Barranquero
2011-05-01 0:44 ` Michal Nazarewicz
0 siblings, 1 reply; 19+ messages in thread
From: Juanma Barranquero @ 2011-04-30 23:59 UTC (permalink / raw)
To: Michal Nazarewicz; +Cc: Michal Nazarewicz, Stefan Monnier, emacs-devel
2011/5/1 Michal Nazarewicz <mina86@mina86.com>:
> Depending on how paranoid are we, MD5 could feel too weak though.
> (Also, one could wish for HMAC.)
I am not feeling particularly paranoid just now, seeing as we've been
using a cleartext authentication key for the past few years...
> Actually, server would have to generate the nonce. Otherwise, the
> authentication scheme would be prone to replay attacks and would really
> defy the purpose of nonce.
OK, I in fact prefer to generate the nonce in elisp.
> That would still break backward compatibility, wouldn't it? The old
> servers would not accept this command anyway. Unless server would issue
> it to client just after making connection. From what I see, the old
> clients would "only" print error message.
Yeah, but a failed -auth closes the connection and deletes the
process, while an unknown command just issues an error message. One
way or another, I don't think we can avoid the error message on the
emacsclient side.
> In the worst case, the client could first try the new authenticating
> scheme and on error reconnect with the old scheme.
Yes, but as the connection is closed, that adds a bit of complexity to
emacsclient that I'd like to avoid if possible.
Juanma
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-04-30 23:59 ` Juanma Barranquero
@ 2011-05-01 0:44 ` Michal Nazarewicz
2011-05-01 0:58 ` Juanma Barranquero
0 siblings, 1 reply; 19+ messages in thread
From: Michal Nazarewicz @ 2011-05-01 0:44 UTC (permalink / raw)
To: Juanma Barranquero; +Cc: Michal Nazarewicz, Stefan Monnier, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 1873 bytes --]
Juanma Barranquero <lekktu@gmail.com> writes:
> 2011/5/1 Michal Nazarewicz <mina86@mina86.com>:
>
>> Depending on how paranoid are we, MD5 could feel too weak though.
>> (Also, one could wish for HMAC.)
>
> I am not feeling particularly paranoid just now, seeing as we've been
> using a cleartext authentication key for the past few years...
Yep, that was my impression. ;)
>> Actually, server would have to generate the nonce. Otherwise, the
>> authentication scheme would be prone to replay attacks and would really
>> defy the purpose of nonce.
>
> OK, I in fact prefer to generate the nonce in elisp.
>
>> That would still break backward compatibility, wouldn't it? The old
>> servers would not accept this command anyway. Unless server would issue
>> it to client just after making connection. From what I see, the old
>> clients would "only" print error message.
> Yeah, but a failed -auth closes the connection and deletes the
> process, while an unknown command just issues an error message.
My reading of searver.el is that anything other then -auth is consider
a failed authentication.
How about adding additional information to the server file which would
just be ignored by old clients but new client would read it and use the
new authentication. My reading of emacsclient.c is that it ignores
anything after reading the key.
Actually, now that I look at it, it seems that the patch needs some more
works since both server and client have some assumption about the key
(eg. client reads exactly 64 bytes). I'll take care of it on Monday.
--
Best regards, _ _
.o. | Liege of Serenly Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +-<mina86-mina86.com>-<jid:mina86-jabber.org>--ooO--(_)--Ooo--
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-05-01 0:44 ` Michal Nazarewicz
@ 2011-05-01 0:58 ` Juanma Barranquero
2011-05-01 1:22 ` Michal Nazarewicz
0 siblings, 1 reply; 19+ messages in thread
From: Juanma Barranquero @ 2011-05-01 0:58 UTC (permalink / raw)
To: Michal Nazarewicz; +Cc: Michal Nazarewicz, Stefan Monnier, emacs-devel
2011/5/1 Michal Nazarewicz <mina86@mina86.com>:
> My reading of searver.el is that anything other then -auth is consider
> a failed authentication.
Yes, sorry, my mistake.
> How about adding additional information to the server file which would
> just be ignored by old clients but new client would read it and use the
> new authentication. My reading of emacsclient.c is that it ignores
> anything after reading the key.
That's a good idea.
> Actually, now that I look at it, it seems that the patch needs some more
> works since both server and client have some assumption about the key
> (eg. client reads exactly 64 bytes). I'll take care of it on Monday.
Which patch, yours adding server-auth-key you mean?
Juanma
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
2011-05-01 0:58 ` Juanma Barranquero
@ 2011-05-01 1:22 ` Michal Nazarewicz
0 siblings, 0 replies; 19+ messages in thread
From: Michal Nazarewicz @ 2011-05-01 1:22 UTC (permalink / raw)
To: Juanma Barranquero; +Cc: Michal Nazarewicz, Stefan Monnier, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 763 bytes --]
> 2011/5/1 Michal Nazarewicz <mina86@mina86.com>:
>> Actually, now that I look at it, it seems that the patch needs some more
>> works since both server and client have some assumption about the key
>> (eg. client reads exactly 64 bytes). I'll take care of it on Monday.
Juanma Barranquero <lekktu@gmail.com> writes:
> Which patch, yours adding server-auth-key you mean?
Yep. It at least needs clarification that key must be 64-char long with
only printable US-ASCII characters.
--
Best regards, _ _
.o. | Liege of Serenly Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +-<mina86-mina86.com>-<jid:mina86-jabber.org>--ooO--(_)--Ooo--
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* [PATCHv2] lisp/server.el: Introduction of server-auth-key variable
2011-02-22 13:55 [PATCH] lisp/server.el: Introduction of server-auth-key variable Michal Nazarewicz
2011-04-29 11:30 ` Juanma Barranquero
2011-04-29 16:22 ` Stefan Monnier
@ 2011-05-02 15:28 ` Michal Nazarewicz
2 siblings, 0 replies; 19+ messages in thread
From: Michal Nazarewicz @ 2011-05-02 15:28 UTC (permalink / raw)
To: Juanma Barranquero; +Cc: emacs-devel
This commit adds a server-auth-key variable which allows
user to specify a default authentication key used by the
server process.
---
lisp/server.el | 61 +++++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 54 insertions(+), 7 deletions(-)
This is an updated version of my previous patch. It now validates whether
a key specified via server-auth-key is a valid key (meaning 64 printable
characters).
diff --git a/lisp/server.el b/lisp/server.el
index cb1903a..e96f77f 100644
--- a/lisp/server.el
+++ b/lisp/server.el
@@ -134,6 +134,33 @@ directory residing in a NTFS partition instead."
;;;###autoload
(put 'server-auth-dir 'risky-local-variable t)
+(defcustom server-auth-key nil
+ "Server authentication key.
+
+Normally, authentication key is generated on random when server
+starts, which guarantees some level of security. It is
+recommended to leave it that way. Using a long-lived shared key
+may decrease security (especially since the key is transmitted as
+plain text).
+
+In some situations however, it can be difficult to share randomly
+generated password with remote hosts (eg. no shared directory),
+so you can set the key with this variable and then copy server
+file to remote host (with possible changes to IP address and/or
+port if that applies).
+
+The key must consist of 64 US-ASCII printable characters except
+for space (this means characters from ! to ~; or from code 33
+to 126).
+
+You can use \\[server-generate-key] to get a random authentication
+key."
+ :group 'server
+ :type '(choice
+ (const :tag "Random" nil)
+ (string :tag "Password"))
+ :version "24.0")
+
(defcustom server-raise-frame t
"If non-nil, raise frame when switching to a buffer."
:group 'server
@@ -501,6 +528,32 @@ See variable `server-auth-dir' for details."
(unless safe
(error "The directory `%s' is unsafe" dir)))))
+(defun server-generate-key ()
+ "Generates and returns a random 64-byte strings of random chars
+in the range `!'..`~'. If called interactively, also inserts it
+into current buffer."
+ (interactive)
+ (let ((auth-key
+ (loop repeat 64
+ collect (+ 33 (random 94)) into auth
+ finally return (concat auth))))
+ (if (called-interactively-p)
+ (insert auth-key))
+ auth-key))
+
+(defun server-get-auth-key ()
+ "Returns server's authentication key.
+
+If `server-auth-key' is nil this function will just call
+`server-generate-key'. Otherwise, if `server-auth-key' is
+a valid authentication it will return it. Otherwise, it will
+signal an error."
+ (if server-auth-key
+ (if (string-match "^[!-~]\\{64\\}$" server-auth-key)
+ server-auth-key
+ (error "The key '%s' is invalid" server-auth-key))
+ (server-generate-key)))
+
;;;###autoload
(defun server-start (&optional leave-dead inhibit-prompt)
"Allow this Emacs process to be a server for client processes.
@@ -594,13 +647,7 @@ server or call `M-x server-force-delete' to forcibly disconnect it.")
(unless server-process (error "Could not start server process"))
(process-put server-process :server-file server-file)
(when server-use-tcp
- (let ((auth-key
- (loop
- ;; The auth key is a 64-byte string of random chars in the
- ;; range `!'..`~'.
- repeat 64
- collect (+ 33 (random 94)) into auth
- finally return (concat auth))))
+ (let ((auth-key (server-get-auth-key)))
(process-put server-process :auth-key auth-key)
(with-temp-file server-file
(set-buffer-multibyte nil)
--
1.7.3.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
end of thread, other threads:[~2011-05-02 15:28 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-22 13:55 [PATCH] lisp/server.el: Introduction of server-auth-key variable Michal Nazarewicz
2011-04-29 11:30 ` Juanma Barranquero
2011-04-29 11:42 ` Michal Nazarewicz
2011-04-29 12:02 ` Juanma Barranquero
2011-04-29 12:43 ` Michal Nazarewicz
2011-04-29 14:34 ` Michal Nazarewicz
2011-04-30 6:39 ` Eli Zaretskii
2011-04-30 21:03 ` Richard Stallman
2011-04-30 22:24 ` Michal Nazarewicz
2011-04-29 16:22 ` Stefan Monnier
2011-04-29 16:35 ` Michal Nazarewicz
2011-04-29 17:09 ` Stefan Monnier
2011-04-30 14:31 ` Juanma Barranquero
2011-04-30 22:55 ` Michal Nazarewicz
2011-04-30 23:59 ` Juanma Barranquero
2011-05-01 0:44 ` Michal Nazarewicz
2011-05-01 0:58 ` Juanma Barranquero
2011-05-01 1:22 ` Michal Nazarewicz
2011-05-02 15:28 ` [PATCHv2] " Michal Nazarewicz
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).