[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCHv2] lisp/server.el: Introduction of server-auth-key variable

From: Michal Nazarewicz
Subject: [PATCHv2] lisp/server.el: Introduction of server-auth-key variable
Date: Mon, 2 May 2011 17:28:15 +0200

This commit adds a server-auth-key variable which allows
user to specify a default authentication key used by the
server process.
 lisp/server.el |   61 +++++++++++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 54 insertions(+), 7 deletions(-)

This is an updated version of my previous patch.  It now validates whether
a key specified via server-auth-key is a valid key (meaning 64 printable

diff --git a/lisp/server.el b/lisp/server.el
index cb1903a..e96f77f 100644
--- a/lisp/server.el
+++ b/lisp/server.el
@@ -134,6 +134,33 @@ directory residing in a NTFS partition instead."
 (put 'server-auth-dir 'risky-local-variable t)
+(defcustom server-auth-key nil
+  "Server authentication key.
+Normally, authentication key is generated on random when server
+starts, which guarantees some level of security.  It is
+recommended to leave it that way.  Using a long-lived shared key
+may decrease security (especially since the key is transmitted as
+plain text).
+In some situations however, it can be difficult to share randomly
+generated password with remote hosts (eg. no shared directory),
+so you can set the key with this variable and then copy server
+file to remote host (with possible changes to IP address and/or
+port if that applies).
+The key must consist of 64 US-ASCII printable characters except
+for space (this means characters from ! to ~; or from code 33
+to 126).
+You can use \\[server-generate-key] to get a random authentication
+  :group 'server
+  :type '(choice
+         (const :tag "Random" nil)
+         (string :tag "Password"))
+  :version "24.0")
 (defcustom server-raise-frame t
   "If non-nil, raise frame when switching to a buffer."
   :group 'server
@@ -501,6 +528,32 @@ See variable `server-auth-dir' for details."
       (unless safe
        (error "The directory `%s' is unsafe" dir)))))
+(defun server-generate-key ()
+  "Generates and returns a random 64-byte strings of random chars
+in the range `!'..`~'. If called interactively, also inserts it
+into current buffer."
+  (interactive)
+  (let ((auth-key
+        (loop repeat 64
+              collect (+ 33 (random 94)) into auth
+              finally return (concat auth))))
+    (if (called-interactively-p)
+       (insert auth-key))
+    auth-key))
+(defun server-get-auth-key ()
+  "Returns server's authentication key.
+If `server-auth-key' is nil this function will just call
+`server-generate-key'.  Otherwise, if `server-auth-key' is
+a valid authentication it will return it.  Otherwise, it will
+signal an error."
+  (if server-auth-key
+    (if (string-match "^[!-~]\\{64\\}$" server-auth-key)
+        server-auth-key
+      (error "The key '%s' is invalid" server-auth-key))
+    (server-generate-key)))
 (defun server-start (&optional leave-dead inhibit-prompt)
   "Allow this Emacs process to be a server for client processes.
@@ -594,13 +647,7 @@ server or call `M-x server-force-delete' to forcibly 
disconnect it.")
          (unless server-process (error "Could not start server process"))
          (process-put server-process :server-file server-file)
          (when server-use-tcp
-           (let ((auth-key
-                  (loop
-                     ;; The auth key is a 64-byte string of random chars in the
-                     ;; range `!'..`~'.
-                     repeat 64
-                     collect (+ 33 (random 94)) into auth
-                     finally return (concat auth))))
+           (let ((auth-key (server-get-auth-key)))
              (process-put server-process :auth-key auth-key)
              (with-temp-file server-file
                (set-buffer-multibyte nil)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]