emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable

From: Juanma Barranquero
Subject: Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
Date: Sat, 30 Apr 2011 16:31:29 +0200 
On Fri, Apr 29, 2011 at 18:22, Stefan Monnier <address@hidden> wrote:

> PS: emacsclient should really try not to send the key in cleartext, but
> instead send something like "nonce,hash(nonce,key)".

That's not hard to do, assuming that md5 is an acceptable hash
(because we already include C and elisp implementation, unlike
SHA-xx).

In the server side,

  (unless (process-get proc :authenticated)
    (if (or
         ;; New method: -auth2 nonce md5(nonce . auth-key)
         (and (string-match "-auth2 \\([!-~]+\\)
\\([0-9a-f]\\{32\\}\\)\n?" string)
              (string= (md5 (concat (match-string 1 string)
                                    (process-get proc :auth-key)))
                       (match-string 2 string)))
         ;; Old method: -auth auth-key
         (and (string-match "-auth \\([!-~]+\\)\n?" string)
              (string= (match-string 1 string) (process-get proc :auth-key))))
        (...set authenticated)
      (...fail))

but in the emacsclient side, if it sends -auth2 it won't be
back-compatible with pre-24.1, and if it tries -auth, then -auth2,
-auth2 is not really used beause -auth is always accepted. So the only
ways I see to make this useful at all is to remove compatibility, or
introduce some kind of version check, perhaps resurrecting the
currently obsolete -version command:

                ;; -version CLIENT-VERSION: obsolete at birth.
                (`"-version" (pop args-left))

    Juanma
reply via email to
[Prev in Thread] Current Thread [Next in Thread]