bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#9423: lisp/server.el: Allow custom server-auth-key


From: Stefan Monnier
Subject: bug#9423: lisp/server.el: Allow custom server-auth-key
Date: Thu, 01 Sep 2011 23:39:23 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)

Package: emacs
Severity: wishlist
Tag: patch

> This patch adds a possibility to set create a custom server-auth-key
> which may be shared between several machines without the need of
> having common file system, etc.

> I'm resending this patch as last time the discussion somehow died.

> As for legal stuff, the patch is (c) Google Inc. but since Google has
> signed necessary agreement it should be no problem, right?

> Changelog entry is as follows:


> 2011-08-26  Michal Nazarewicz  <address@hidden>

>       * lisp/selver.el (server-auth-key, server-generate-key,
>       server-get-auth-key, server-start): Add possibility to set
>       server-auth-key instead of using random one each time.


> === modified file 'lisp/server.el'
> *** lisp/server.el    2011-07-04 22:40:03 +0000
> --- lisp/server.el    2011-08-08 14:12:01 +0000
> *************** directory residing in a NTFS partition i
> *** 134,139 ****
> --- 134,166 ----
>   ;;;###autoload
>   (put 'server-auth-dir 'risky-local-variable t)
  
> + (defcustom server-auth-key nil
> +   "Server authentication key.
> + 
> + Normally, authentication key is generated on random when server
> + starts, which guarantees some level of security.  It is
> + recommended to leave it that way.  Using a long-lived shared key
> + may decrease security (especially since the key is transmitted as
> + plain text).
> + 
> + In some situations however, it can be difficult to share randomly
> + generated password with remote hosts (eg. no shared directory),
> + so you can set the key with this variable and then copy server
> + file to remote host (with possible changes to IP address and/or
> + port if that applies).
> + 
> + The key must consist of 64 US-ASCII printable characters except
> + for space (this means characters from ! to ~; or from code 33
> + to 126).
> + 
> + You can use \\[server-generate-key] to get a random authentication
> + key."
> +   :group 'server
> +   :type '(choice
> +       (const :tag "Random" nil)
> +       (string :tag "Password"))
> +   :version "24.0")
> + 
>   (defcustom server-raise-frame t
>     "If non-nil, raise frame when switching to a buffer."
>     :group 'server
> *************** See variable `server-auth-dir' for detai
> *** 503,508 ****
> --- 530,561 ----
>         (unless safe
>       (error "The directory `%s' is unsafe" dir)))))
  
> + (defun server-generate-key ()
> +   "Generates and returns a random 64-byte strings of random chars
> + in the range `!'..`~'. If called interactively, also inserts it
> + into current buffer."
> +   (interactive)
> +   (let ((auth-key
> +      (loop repeat 64
> +            collect (+ 33 (random 94)) into auth
> +            finally return (concat auth))))
> +     (if (called-interactively-p)
> +     (insert auth-key))
> +     auth-key))
> + 
> + (defun server-get-auth-key ()
> +   "Returns server's authentication key.
> + 
> + If `server-auth-key' is nil this function will just call
> + `server-generate-key'.  Otherwise, if `server-auth-key' is
> + a valid authentication it will return it.  Otherwise, it will
> + signal an error."
> +   (if server-auth-key
> +     (if (string-match "^[!-~]\\{64\\}$" server-auth-key)
> +         server-auth-key
> +       (error "The key '%s' is invalid" server-auth-key))
> +     (server-generate-key)))
> + 
>   ;;;###autoload
>   (defun server-start (&optional leave-dead inhibit-prompt)
>     "Allow this Emacs process to be a server for client processes.
> *************** server or call `M-x server-force-delete'
> *** 596,608 ****
>         (unless server-process (error "Could not start server process"))
>         (process-put server-process :server-file server-file)
>         (when server-use-tcp
> !         (let ((auth-key
> !                (loop
> !                 ;; The auth key is a 64-byte string of random chars in the
> !                 ;; range `!'..`~'.
> !                 repeat 64
> !                 collect (+ 33 (random 94)) into auth
> !                 finally return (concat auth))))
>             (process-put server-process :auth-key auth-key)
>             (with-temp-file server-file
>               (set-buffer-multibyte nil)
> --- 649,655 ----
>         (unless server-process (error "Could not start server process"))
>         (process-put server-process :server-file server-file)
>         (when server-use-tcp
> !         (let ((auth-key (server-get-auth-key)))
>             (process-put server-process :auth-key auth-key)
>             (with-temp-file server-file
>               (set-buffer-multibyte nil)






reply via email to

[Prev in Thread] Current Thread [Next in Thread]