Allow using `server-auth-key' to set a permanent shared key

* server.el (server-auth-key): New variable. (server-generate-key): New function. (server-get-auth-key): New function. (server-start): Use the new variable and functions to allow setting a permanent server key. Fixes: debbugs:9423
author: Michal Nazarewicz 2012-04-14 13:16:17 +0200
committer: Lars Ingebrigtsen 2012-04-14 13:16:17 +0200
commit: 29734c215668ccd0c5d9affb71a7290b0ea9dbe4 (patch)
tree: 3dc7afdec5ce3e047597df97121c1a6ab06d737e
parent: d65c95210da2e583a60b43804b49399242c34e01 (diff)
download: emacs-29734c215668ccd0c5d9affb71a7290b0ea9dbe4.tar.gz
emacs-29734c215668ccd0c5d9affb71a7290b0ea9dbe4.zip
3 files changed, 66 insertions, 8 deletions
diff --git a/etc/NEWS b/etc/NEWS
index 4ec33eae625..186dca19495 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -53,8 +53,11 @@ character when doing minibuffer filename prompts.
 ** which-function-mode now applies to all applicable major modes by default.
 ** erc will look up server/channel names via auth-source and use the
-   channel keys found, if any.
+channel keys found, if any.
+** The `server-auth-key' variable can be used to set a permanent
+shared key for Emacs Server.
+   
 ** Obsolete packages:
 *** mailpost.el
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 416a365179f..0222d51f8bc 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,11 @@
+2012-04-14  Michal Nazarewicz  <mina86@mina86.com>
+        * server.el (server-auth-key): New variable.
+        (server-generate-key): New function.
+        (server-get-auth-key): New function.
+        (server-start): Use the new variable and functions to allow
+        setting a permanent server key (bug#9423).
 2012-04-14  Leo Liu  <sdl.web@gmail.com>
        * vc/diff-mode.el (diff-file-prev/next): Fix typo.
diff --git a/lisp/server.el b/lisp/server.el
index 404bebc4747..dd40199ad1c 100644
--- a/lisp/server.el
+++ b/lisp/server.el
@@ -139,6 +139,33 @@ directory residing in a NTFS partition instead."
 ;;;###autoload
 (put 'server-auth-dir 'risky-local-variable t)
+(defcustom server-auth-key nil
+  "Server authentication key.
+Normally, authentication key is generated on random when server
+starts, which guarantees some level of security.  It is
+recommended to leave it that way.  Using a long-lived shared key
+may decrease security (especially since the key is transmitted as
+plain text).
+In some situations however, it can be difficult to share randomly
+generated password with remote hosts (eg. no shared directory),
+so you can set the key with this variable and then copy server
+file to remote host (with possible changes to IP address and/or
+port if that applies).
+The key must consist of 64 US-ASCII printable characters except
+for space (this means characters from ! to ~; or from code 33
+to 126).
+You can use \\[server-generate-key] to get a random authentication
+key."
+  :group 'server
+  :type '(choice
+          (const :tag "Random" nil)
+          (string :tag "Password"))
+  :version "24.2")
 (defcustom server-raise-frame t
  "If non-nil, raise frame when switching to a buffer."
  :group 'server
@@ -522,6 +549,32 @@ See variable `server-auth-dir' for details."
      (unless safe
        (error "The directory `%s' is unsafe" dir)))))
+(defun server-generate-key ()
+  "Generates and returns a random 64-byte strings of random chars
+in the range `!'..`~'. If called interactively, also inserts it
+into current buffer."
+  (interactive)
+  (let ((auth-key
+         (loop repeat 64
+               collect (+ 33 (random 94)) into auth
+               finally return (concat auth))))
+    (if (called-interactively-p)
+        (insert auth-key))
+    auth-key))
+(defun server-get-auth-key ()
+  "Returns server's authentication key.
+If `server-auth-key' is nil this function will just call
+`server-generate-key'.  Otherwise, if `server-auth-key' is
+a valid authentication it will return it.  Otherwise, it will
+signal an error."
+  (if server-auth-key
+    (if (string-match "^[!-~]\\{64\\}$" server-auth-key)
+        server-auth-key
+      (error "The key '%s' is invalid" server-auth-key))
+    (server-generate-key)))
 ;;;###autoload
 (defun server-start (&optional leave-dead inhibit-prompt)
  "Allow this Emacs process to be a server for client processes.
@@ -615,13 +668,7 @@ server or call `M-x server-force-delete' to forcibly disconnect it.")
          (unless server-process (error "Could not start server process"))
          (process-put server-process :server-file server-file)
          (when server-use-tcp
-            (let ((auth-key
+            (let ((auth-key (server-get-auth-key)))
-                   (loop
-                    ;; The auth key is a 64-byte string of random chars in the
-                    ;; range `!'..`~'.
-                    repeat 64
-                    collect (+ 33 (random 94)) into auth
-                    finally return (concat auth))))
              (process-put server-process :auth-key auth-key)
              (with-temp-file server-file
                (set-buffer-multibyte nil)
author	Michal Nazarewicz	2012-04-14 13:16:17 +0200
committer	Lars Ingebrigtsen	2012-04-14 13:16:17 +0200
commit	29734c215668ccd0c5d9affb71a7290b0ea9dbe4 (patch)
tree	3dc7afdec5ce3e047597df97121c1a6ab06d737e
parent	d65c95210da2e583a60b43804b49399242c34e01 (diff)
download	emacs-29734c215668ccd0c5d9affb71a7290b0ea9dbe4.tar.gz emacs-29734c215668ccd0c5d9affb71a7290b0ea9dbe4.zip

diff --git a/etc/NEWS b/etc/NEWS index 4ec33eae625..186dca19495 100644 --- a/etc/NEWS +++ b/etc/NEWS
@@ -53,8 +53,11 @@ character when doing minibuffer filename prompts.
53	** which-function-mode now applies to all applicable major modes by default.	53	** which-function-mode now applies to all applicable major modes by default.
54		54
55	** erc will look up server/channel names via auth-source and use the	55	** erc will look up server/channel names via auth-source and use the
56	channel keys found, if any.	56	channel keys found, if any.
57		57
		58	** The `server-auth-key' variable can be used to set a permanent
		59	shared key for Emacs Server.
		60
58	** Obsolete packages:	61	** Obsolete packages:
59		62
60	*** mailpost.el	63	*** mailpost.el


diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 416a365179f..0222d51f8bc 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog
@@ -1,3 +1,11 @@
		1	2012-04-14 Michal Nazarewicz <mina86@mina86.com>
		2
		3	* server.el (server-auth-key): New variable.
		4	(server-generate-key): New function.
		5	(server-get-auth-key): New function.
		6	(server-start): Use the new variable and functions to allow
		7	setting a permanent server key (bug#9423).
		8
1	2012-04-14 Leo Liu <sdl.web@gmail.com>	9	2012-04-14 Leo Liu <sdl.web@gmail.com>
2		10
3	* vc/diff-mode.el (diff-file-prev/next): Fix typo.	11	* vc/diff-mode.el (diff-file-prev/next): Fix typo.


diff --git a/lisp/server.el b/lisp/server.el index 404bebc4747..dd40199ad1c 100644 --- a/lisp/server.el +++ b/lisp/server.el
@@ -139,6 +139,33 @@ directory residing in a NTFS partition instead."
139	;;;###autoload	139	;;;###autoload
140	(put 'server-auth-dir 'risky-local-variable t)	140	(put 'server-auth-dir 'risky-local-variable t)
141		141
		142	(defcustom server-auth-key nil
		143	"Server authentication key.
		144
		145	Normally, authentication key is generated on random when server
		146	starts, which guarantees some level of security. It is
		147	recommended to leave it that way. Using a long-lived shared key
		148	may decrease security (especially since the key is transmitted as
		149	plain text).
		150
		151	In some situations however, it can be difficult to share randomly
		152	generated password with remote hosts (eg. no shared directory),
		153	so you can set the key with this variable and then copy server
		154	file to remote host (with possible changes to IP address and/or
		155	port if that applies).
		156
		157	The key must consist of 64 US-ASCII printable characters except
		158	for space (this means characters from ! to ~; or from code 33
		159	to 126).
		160
		161	You can use \\[server-generate-key] to get a random authentication
		162	key."
		163	:group 'server
		164	:type '(choice
		165	(const :tag "Random" nil)
		166	(string :tag "Password"))
		167	:version "24.2")
		168
142	(defcustom server-raise-frame t	169	(defcustom server-raise-frame t
143	"If non-nil, raise frame when switching to a buffer."	170	"If non-nil, raise frame when switching to a buffer."
144	:group 'server	171	:group 'server
@@ -522,6 +549,32 @@ See variable `server-auth-dir' for details."
522	(unless safe	549	(unless safe
523	(error "The directory `%s' is unsafe" dir)))))	550	(error "The directory `%s' is unsafe" dir)))))
524		551
		552	(defun server-generate-key ()
		553	"Generates and returns a random 64-byte strings of random chars
		554	in the range `!'..`~'. If called interactively, also inserts it
		555	into current buffer."
		556	(interactive)
		557	(let ((auth-key
		558	(loop repeat 64
		559	collect (+ 33 (random 94)) into auth
		560	finally return (concat auth))))
		561	(if (called-interactively-p)
		562	(insert auth-key))
		563	auth-key))
		564
		565	(defun server-get-auth-key ()
		566	"Returns server's authentication key.
		567
		568	If `server-auth-key' is nil this function will just call
		569	`server-generate-key'. Otherwise, if `server-auth-key' is
		570	a valid authentication it will return it. Otherwise, it will
		571	signal an error."
		572	(if server-auth-key
		573	(if (string-match "^[!-~]\\{64\\}$" server-auth-key)
		574	server-auth-key
		575	(error "The key '%s' is invalid" server-auth-key))
		576	(server-generate-key)))
		577
525	;;;###autoload	578	;;;###autoload
526	(defun server-start (&optional leave-dead inhibit-prompt)	579	(defun server-start (&optional leave-dead inhibit-prompt)
527	"Allow this Emacs process to be a server for client processes.	580	"Allow this Emacs process to be a server for client processes.
@@ -615,13 +668,7 @@ server or call `M-x server-force-delete' to forcibly disconnect it.")
615	(unless server-process (error "Could not start server process"))	668	(unless server-process (error "Could not start server process"))
616	(process-put server-process :server-file server-file)	669	(process-put server-process :server-file server-file)
617	(when server-use-tcp	670	(when server-use-tcp
618	(let ((auth-key	671	(let ((auth-key (server-get-auth-key)))
619	(loop
620	;; The auth key is a 64-byte string of random chars in the
621	;; range `!'..`~'.
622	repeat 64
623	collect (+ 33 (random 94)) into auth
624	finally return (concat auth))))
625	(process-put server-process :auth-key auth-key)	672	(process-put server-process :auth-key auth-key)
626	(with-temp-file server-file	673	(with-temp-file server-file
627	(set-buffer-multibyte nil)	674	(set-buffer-multibyte nil)