From: Michal Nazarewicz <mina86@mina86.com>
To: "Juanma Barranquero" <lekktu@gmail.com>
Cc: emacs-devel@gnu.org
Subject: [PATCHv2] lisp/server.el: Introduction of server-auth-key variable
Date: Mon, 2 May 2011 17:28:15 +0200 [thread overview]
Message-ID: <95c04f1695da4ecdcb5ab7bea67231552b1c2e1d.1304349384.git.mina86@mina86.com> (raw)
In-Reply-To: <835b9d42b15c18e5adf7381138f347061fbc17e8.1298381336.git.mina86@mina86.com>
This commit adds a server-auth-key variable which allows
user to specify a default authentication key used by the
server process.
---
lisp/server.el | 61 +++++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 54 insertions(+), 7 deletions(-)
This is an updated version of my previous patch. It now validates whether
a key specified via server-auth-key is a valid key (meaning 64 printable
characters).
diff --git a/lisp/server.el b/lisp/server.el
index cb1903a..e96f77f 100644
--- a/lisp/server.el
+++ b/lisp/server.el
@@ -134,6 +134,33 @@ directory residing in a NTFS partition instead."
;;;###autoload
(put 'server-auth-dir 'risky-local-variable t)
+(defcustom server-auth-key nil
+ "Server authentication key.
+
+Normally, authentication key is generated on random when server
+starts, which guarantees some level of security. It is
+recommended to leave it that way. Using a long-lived shared key
+may decrease security (especially since the key is transmitted as
+plain text).
+
+In some situations however, it can be difficult to share randomly
+generated password with remote hosts (eg. no shared directory),
+so you can set the key with this variable and then copy server
+file to remote host (with possible changes to IP address and/or
+port if that applies).
+
+The key must consist of 64 US-ASCII printable characters except
+for space (this means characters from ! to ~; or from code 33
+to 126).
+
+You can use \\[server-generate-key] to get a random authentication
+key."
+ :group 'server
+ :type '(choice
+ (const :tag "Random" nil)
+ (string :tag "Password"))
+ :version "24.0")
+
(defcustom server-raise-frame t
"If non-nil, raise frame when switching to a buffer."
:group 'server
@@ -501,6 +528,32 @@ See variable `server-auth-dir' for details."
(unless safe
(error "The directory `%s' is unsafe" dir)))))
+(defun server-generate-key ()
+ "Generates and returns a random 64-byte strings of random chars
+in the range `!'..`~'. If called interactively, also inserts it
+into current buffer."
+ (interactive)
+ (let ((auth-key
+ (loop repeat 64
+ collect (+ 33 (random 94)) into auth
+ finally return (concat auth))))
+ (if (called-interactively-p)
+ (insert auth-key))
+ auth-key))
+
+(defun server-get-auth-key ()
+ "Returns server's authentication key.
+
+If `server-auth-key' is nil this function will just call
+`server-generate-key'. Otherwise, if `server-auth-key' is
+a valid authentication it will return it. Otherwise, it will
+signal an error."
+ (if server-auth-key
+ (if (string-match "^[!-~]\\{64\\}$" server-auth-key)
+ server-auth-key
+ (error "The key '%s' is invalid" server-auth-key))
+ (server-generate-key)))
+
;;;###autoload
(defun server-start (&optional leave-dead inhibit-prompt)
"Allow this Emacs process to be a server for client processes.
@@ -594,13 +647,7 @@ server or call `M-x server-force-delete' to forcibly disconnect it.")
(unless server-process (error "Could not start server process"))
(process-put server-process :server-file server-file)
(when server-use-tcp
- (let ((auth-key
- (loop
- ;; The auth key is a 64-byte string of random chars in the
- ;; range `!'..`~'.
- repeat 64
- collect (+ 33 (random 94)) into auth
- finally return (concat auth))))
+ (let ((auth-key (server-get-auth-key)))
(process-put server-process :auth-key auth-key)
(with-temp-file server-file
(set-buffer-multibyte nil)
--
1.7.3.1
prev parent reply other threads:[~2011-05-02 15:28 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-22 13:55 [PATCH] lisp/server.el: Introduction of server-auth-key variable Michal Nazarewicz
2011-04-29 11:30 ` Juanma Barranquero
2011-04-29 11:42 ` Michal Nazarewicz
2011-04-29 12:02 ` Juanma Barranquero
2011-04-29 12:43 ` Michal Nazarewicz
2011-04-29 14:34 ` Michal Nazarewicz
2011-04-30 6:39 ` Eli Zaretskii
2011-04-30 21:03 ` Richard Stallman
2011-04-30 22:24 ` Michal Nazarewicz
2011-04-29 16:22 ` Stefan Monnier
2011-04-29 16:35 ` Michal Nazarewicz
2011-04-29 17:09 ` Stefan Monnier
2011-04-30 14:31 ` Juanma Barranquero
2011-04-30 22:55 ` Michal Nazarewicz
2011-04-30 23:59 ` Juanma Barranquero
2011-05-01 0:44 ` Michal Nazarewicz
2011-05-01 0:58 ` Juanma Barranquero
2011-05-01 1:22 ` Michal Nazarewicz
2011-05-02 15:28 ` Michal Nazarewicz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=95c04f1695da4ecdcb5ab7bea67231552b1c2e1d.1304349384.git.mina86@mina86.com \
--to=mina86@mina86.com \
--cc=emacs-devel@gnu.org \
--cc=lekktu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.