[RESEND] lisp/server.el: Allow custom server-auth-key

[RESEND] lisp/server.el: Allow custom server-auth-key

[Michal Nazarewicz]

This patch adds a possibility to set create a custom server-auth-key
which may be shared between several machines without the need of
having common file system, etc.

I'm resending this patch as last time the discussion somehow died.

As for legal stuff, the patch is (c) Google Inc. but since Google has
signed necessary agreement it should be no problem, right?

Changelog entry is as follows:


2011-08-26  Michal Nazarewicz  <mina86@mina86.com>

	* lisp/selver.el (server-auth-key, server-generate-key,
	server-get-auth-key, server-start): Add possibility to set
	server-auth-key instead of using random one each time.


=== modified file 'lisp/server.el'
*** lisp/server.el	2011-07-04 22:40:03 +0000
--- lisp/server.el	2011-08-08 14:12:01 +0000
*************** directory residing in a NTFS partition i
*** 134,139 ****
--- 134,166 ----
  ;;;###autoload
  (put 'server-auth-dir 'risky-local-variable t)
  
+ (defcustom server-auth-key nil
+   "Server authentication key.
+ 
+ Normally, authentication key is generated on random when server
+ starts, which guarantees some level of security.  It is
+ recommended to leave it that way.  Using a long-lived shared key
+ may decrease security (especially since the key is transmitted as
+ plain text).
+ 
+ In some situations however, it can be difficult to share randomly
+ generated password with remote hosts (eg. no shared directory),
+ so you can set the key with this variable and then copy server
+ file to remote host (with possible changes to IP address and/or
+ port if that applies).
+ 
+ The key must consist of 64 US-ASCII printable characters except
+ for space (this means characters from ! to ~; or from code 33
+ to 126).
+ 
+ You can use \\[server-generate-key] to get a random authentication
+ key."
+   :group 'server
+   :type '(choice
+ 	  (const :tag "Random" nil)
+ 	  (string :tag "Password"))
+   :version "24.0")
+ 
  (defcustom server-raise-frame t
    "If non-nil, raise frame when switching to a buffer."
    :group 'server
*************** See variable `server-auth-dir' for detai
*** 503,508 ****
--- 530,561 ----
        (unless safe
  	(error "The directory `%s' is unsafe" dir)))))
  
+ (defun server-generate-key ()
+   "Generates and returns a random 64-byte strings of random chars
+ in the range `!'..`~'. If called interactively, also inserts it
+ into current buffer."
+   (interactive)
+   (let ((auth-key
+ 	 (loop repeat 64
+ 	       collect (+ 33 (random 94)) into auth
+ 	       finally return (concat auth))))
+     (if (called-interactively-p)
+ 	(insert auth-key))
+     auth-key))
+ 
+ (defun server-get-auth-key ()
+   "Returns server's authentication key.
+ 
+ If `server-auth-key' is nil this function will just call
+ `server-generate-key'.  Otherwise, if `server-auth-key' is
+ a valid authentication it will return it.  Otherwise, it will
+ signal an error."
+   (if server-auth-key
+     (if (string-match "^[!-~]\\{64\\}$" server-auth-key)
+         server-auth-key
+       (error "The key '%s' is invalid" server-auth-key))
+     (server-generate-key)))
+ 
  ;;;###autoload
  (defun server-start (&optional leave-dead inhibit-prompt)
    "Allow this Emacs process to be a server for client processes.
*************** server or call `M-x server-force-delete'
*** 596,608 ****
  	  (unless server-process (error "Could not start server process"))
  	  (process-put server-process :server-file server-file)
  	  (when server-use-tcp
! 	    (let ((auth-key
! 		   (loop
! 		    ;; The auth key is a 64-byte string of random chars in the
! 		    ;; range `!'..`~'.
! 		    repeat 64
! 		    collect (+ 33 (random 94)) into auth
! 		    finally return (concat auth))))
  	      (process-put server-process :auth-key auth-key)
  	      (with-temp-file server-file
  		(set-buffer-multibyte nil)
--- 649,655 ----
  	  (unless server-process (error "Could not start server process"))
  	  (process-put server-process :server-file server-file)
  	  (when server-use-tcp
! 	    (let ((auth-key (server-get-auth-key)))
  	      (process-put server-process :auth-key auth-key)
  	      (with-temp-file server-file
  		(set-buffer-multibyte nil)

bug#9423: lisp/server.el: Allow custom server-auth-key

[Stefan Monnier]

Package: emacs
Severity: wishlist
Tag: patch

> This patch adds a possibility to set create a custom server-auth-key
> which may be shared between several machines without the need of
> having common file system, etc.

> I'm resending this patch as last time the discussion somehow died.

> As for legal stuff, the patch is (c) Google Inc. but since Google has
> signed necessary agreement it should be no problem, right?

> Changelog entry is as follows:


> 2011-08-26  Michal Nazarewicz  <mina86@mina86.com>

> 	* lisp/selver.el (server-auth-key, server-generate-key,
> 	server-get-auth-key, server-start): Add possibility to set
> 	server-auth-key instead of using random one each time.


> === modified file 'lisp/server.el'
> *** lisp/server.el	2011-07-04 22:40:03 +0000
> --- lisp/server.el	2011-08-08 14:12:01 +0000
> *************** directory residing in a NTFS partition i
> *** 134,139 ****
> --- 134,166 ----
>   ;;;###autoload
>   (put 'server-auth-dir 'risky-local-variable t)
  
> + (defcustom server-auth-key nil
> +   "Server authentication key.
> + 
> + Normally, authentication key is generated on random when server
> + starts, which guarantees some level of security.  It is
> + recommended to leave it that way.  Using a long-lived shared key
> + may decrease security (especially since the key is transmitted as
> + plain text).
> + 
> + In some situations however, it can be difficult to share randomly
> + generated password with remote hosts (eg. no shared directory),
> + so you can set the key with this variable and then copy server
> + file to remote host (with possible changes to IP address and/or
> + port if that applies).
> + 
> + The key must consist of 64 US-ASCII printable characters except
> + for space (this means characters from ! to ~; or from code 33
> + to 126).
> + 
> + You can use \\[server-generate-key] to get a random authentication
> + key."
> +   :group 'server
> +   :type '(choice
> + 	  (const :tag "Random" nil)
> + 	  (string :tag "Password"))
> +   :version "24.0")
> + 
>   (defcustom server-raise-frame t
>     "If non-nil, raise frame when switching to a buffer."
>     :group 'server
> *************** See variable `server-auth-dir' for detai
> *** 503,508 ****
> --- 530,561 ----
>         (unless safe
>   	(error "The directory `%s' is unsafe" dir)))))
  
> + (defun server-generate-key ()
> +   "Generates and returns a random 64-byte strings of random chars
> + in the range `!'..`~'. If called interactively, also inserts it
> + into current buffer."
> +   (interactive)
> +   (let ((auth-key
> + 	 (loop repeat 64
> + 	       collect (+ 33 (random 94)) into auth
> + 	       finally return (concat auth))))
> +     (if (called-interactively-p)
> + 	(insert auth-key))
> +     auth-key))
> + 
> + (defun server-get-auth-key ()
> +   "Returns server's authentication key.
> + 
> + If `server-auth-key' is nil this function will just call
> + `server-generate-key'.  Otherwise, if `server-auth-key' is
> + a valid authentication it will return it.  Otherwise, it will
> + signal an error."
> +   (if server-auth-key
> +     (if (string-match "^[!-~]\\{64\\}$" server-auth-key)
> +         server-auth-key
> +       (error "The key '%s' is invalid" server-auth-key))
> +     (server-generate-key)))
> + 
>   ;;;###autoload
>   (defun server-start (&optional leave-dead inhibit-prompt)
>     "Allow this Emacs process to be a server for client processes.
> *************** server or call `M-x server-force-delete'
> *** 596,608 ****
>   	  (unless server-process (error "Could not start server process"))
>   	  (process-put server-process :server-file server-file)
>   	  (when server-use-tcp
> ! 	    (let ((auth-key
> ! 		   (loop
> ! 		    ;; The auth key is a 64-byte string of random chars in the
> ! 		    ;; range `!'..`~'.
> ! 		    repeat 64
> ! 		    collect (+ 33 (random 94)) into auth
> ! 		    finally return (concat auth))))
>   	      (process-put server-process :auth-key auth-key)
>   	      (with-temp-file server-file
>   		(set-buffer-multibyte nil)
> --- 649,655 ----
>   	  (unless server-process (error "Could not start server process"))
>   	  (process-put server-process :server-file server-file)
>   	  (when server-use-tcp
> ! 	    (let ((auth-key (server-get-auth-key)))
>   	      (process-put server-process :auth-key auth-key)
>   	      (with-temp-file server-file
>   		(set-buffer-multibyte nil)

bug#9423: lisp/server.el: Allow custom server-auth-key

[Lars Magne Ingebrigtsen]

Stefan Monnier <monnier@iro.umontreal.ca> writes:

>> This patch adds a possibility to set create a custom server-auth-key
>> which may be shared between several machines without the need of
>> having common file system, etc.
>
>> I'm resending this patch as last time the discussion somehow died.

I'm assuming this patch has been approved, but not applied because of
the pretest window?

>> As for legal stuff, the patch is (c) Google Inc. but since Google has
>> signed necessary agreement it should be no problem, right?

Anybody know?  I've always assumed that the FSF needs assignment from
the person who wrote the code, even if their employer claims to own the
code.  (That doesn't sound likely, now that I'm typing it...)

>> Changelog entry is as follows:
>
>> 2011-08-26  Michal Nazarewicz  <mina86@mina86.com>
>
>> 	* lisp/selver.el (server-auth-key, server-generate-key,
>> 	server-get-auth-key, server-start): Add possibility to set
>> 	server-auth-key instead of using random one each time.

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/

bug#9423: lisp/server.el: Allow custom server-auth-key

[Glenn Morris]

Lars Magne Ingebrigtsen wrote:

> Anybody know?  I've always assumed that the FSF needs assignment from
> the person who wrote the code, even if their employer claims to own the
> code.

That's my assumption too. Ask assign@gnu for a definitive answer, I guess.
Or just get an assignment anyway to be safe. (People in the US can do it
entirely by email now, so it's not much work.)

bug#9423: lisp/server.el: Allow custom server-auth-key

[Richard Stallman]

If the employer claims copyright, only the employer can assign the
copyright.  In that case, the employee's signature is not needed.

--
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org  www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
  Use free telephony http://directory.fsf.org/category/tel/

bug#9423: lisp/server.el: Allow custom server-auth-key

[Glenn Morris]

Richard Stallman wrote:

> If the employer claims copyright, only the employer can assign the
> copyright.  In that case, the employee's signature is not needed.

Thanks. Maybe you could add a sentence along those lines to the "Copyright
Papers" section of "Information for GNU Maintainers".

http://www.gnu.org/prep/maintain/maintain.html#Copyright-Papers

It would seem to fit naturally after the current sentence:

   We may also need an employer's disclaimer from the person's employer.

bug#9423: lisp/server.el: Allow custom server-auth-key

[Richard Stallman]

    Thanks. Maybe you could add a sentence along those lines to the "Copyright
    Papers" section of "Information for GNU Maintainers".

I added it.  Thanks.

--
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org  www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
  Use free telephony http://directory.fsf.org/category/tel/

bug#9423: lisp/server.el: Allow custom server-auth-key

[Michal Nazarewicz]

On Thu, 12 Apr 2012 21:46:54 +0200, Lars Magne Ingebrigtsen <larsi@gnus.org> wrote:

>>> As for legal stuff, the patch is (c) Google Inc. but since Google has
>>> signed necessary agreement it should be no problem, right?

> Anybody know?  I've always assumed that the FSF needs assignment from
> the person who wrote the code, even if their employer claims to own the
> code.  (That doesn't sound likely, now that I'm typing it...)

I don't have any copyright over the code, so I'm not sure why I would have
to assign the copyright to FSF if copyright holder already did that.  Then
again, if required, I can do it.  Could anyone point me to necessary
paperwork? CONTRIBUTE only says that “The process is straightforward --
contact us at emacs-devel@gnu.org to obtain the relevant forms.” but gives
no details.

-- 
Best regards,                                         _     _
.o. | Liege of Serenely Enlightened Majesty of      o' \,=./ `o
..o | Computer Science,  Michał “mina86” Nazarewicz    (o o)
ooo +----<email/xmpp: mpn@google.com>--------------ooO--(_)--Ooo--

bug#9423: lisp/server.el: Allow custom server-auth-key

[Stefan Monnier]

>>>> As for legal stuff, the patch is (c) Google Inc. but since Google has
>>>> signed necessary agreement it should be no problem, right?
>> Anybody know?  I've always assumed that the FSF needs assignment from
>> the person who wrote the code, even if their employer claims to own the
>> code.  (That doesn't sound likely, now that I'm typing it...)
> I don't have any copyright over the code, so I'm not sure why I would have
> to assign the copyright to FSF if copyright holder already did that.

The FSF's copyright clerk confirmed that, as long as the copyright
belongs to Google, we're good to go.  So we can install your patch
right away.  Lars, can you take care of that?

> Then again, if required, I can do it.  Could anyone point me to
> necessary paperwork? CONTRIBUTE only says that “The process is
> straightforward -- contact us at emacs-devel@gnu.org to obtain the
> relevant forms.” but gives no details.

That would be even better, since it's sometimes non-trivial to figure
out if your employer owns the copyright or if you do.
The process is as follows: fill the form below and email it as
instructed so the FSF can send you the necessary paperwork to sign.
Thank you for your contribution,


        Stefan


Please email the following information to assign@gnu.org, and we
will send you the assignment form for your past and future changes.

Please use your full legal name (in ASCII characters) as the subject
line of the message.
----------------------------------------------------------------------
REQUEST: SEND FORM FOR PAST AND FUTURE CHANGES

[What is the name of the program or package you're contributing to?]
Emacs

[Did you copy any files or text written by someone else in these changes?
Even if that material is free software, we need to know about it.]


[Do you have an employer who might have a basis to claim to own
your changes?  Do you attend a school which might make such a claim?]


[For the copyright registration, what country are you a citizen of?]


[What year were you born?]


[Please write your email address here.]


[Please write your postal address here.]





[Which files have you changed so far, and which new files have you written
so far?]

bug#9423: lisp/server.el: Allow custom server-auth-key

[Michal Nazarewicz]

On Fri, 13 Apr 2012 14:50:12 +0200, Stefan Monnier <monnier@iro.umontreal.ca> wrote:
> The process is as follows: fill the form below and email it as
> instructed so the FSF can send you the necessary paperwork to sign.
> Thank you for your contribution,
>
>         Stefan
>
> Please email the following information to assign@gnu.org, and we
> will send you the assignment form for your past and future changes.

Done.

-- 
Best regards,                                         _     _
.o. | Liege of Serenely Enlightened Majesty of      o' \,=./ `o
..o | Computer Science,  Michał “mina86” Nazarewicz    (o o)
ooo +----<email/xmpp: mpn@google.com>--------------ooO--(_)--Ooo--

bug#9423: lisp/server.el: Allow custom server-auth-key

[Lars Ingebrigtsen]

Stefan Monnier <monnier@iro.umontreal.ca> writes:

> The FSF's copyright clerk confirmed that, as long as the copyright
> belongs to Google, we're good to go.  So we can install your patch
> right away.  Lars, can you take care of that?

I've now applied the patch to the Emacs trunk.

-- 
(domestic pets only, the antidote for overdose, milk.)
  http://lars.ingebrigtsen.no  *  Sent from my Rome