Commit 29734c21 authored by Michal Nazarewicz's avatar Michal Nazarewicz Committed by Lars Ingebrigtsen
Browse files

Allow using `server-auth-key' to set a permanent shared key

* server.el (server-auth-key): New variable.
(server-generate-key): New function.
(server-get-auth-key): New function.
(server-start): Use the new variable and functions to allow
setting a permanent server key.

Fixes: debbugs:9423
parent d65c9521
......@@ -53,7 +53,10 @@ character when doing minibuffer filename prompts.
** which-function-mode now applies to all applicable major modes by default.
** erc will look up server/channel names via auth-source and use the
channel keys found, if any.
channel keys found, if any.
** The `server-auth-key' variable can be used to set a permanent
shared key for Emacs Server.
** Obsolete packages:
......
2012-04-14 Michal Nazarewicz <mina86@mina86.com>
* server.el (server-auth-key): New variable.
(server-generate-key): New function.
(server-get-auth-key): New function.
(server-start): Use the new variable and functions to allow
setting a permanent server key (bug#9423).
2012-04-14 Leo Liu <sdl.web@gmail.com>
* vc/diff-mode.el (diff-file-prev/next): Fix typo.
......
......@@ -139,6 +139,33 @@ directory residing in a NTFS partition instead."
;;;###autoload
(put 'server-auth-dir 'risky-local-variable t)
(defcustom server-auth-key nil
"Server authentication key.
Normally, authentication key is generated on random when server
starts, which guarantees some level of security. It is
recommended to leave it that way. Using a long-lived shared key
may decrease security (especially since the key is transmitted as
plain text).
In some situations however, it can be difficult to share randomly
generated password with remote hosts (eg. no shared directory),
so you can set the key with this variable and then copy server
file to remote host (with possible changes to IP address and/or
port if that applies).
The key must consist of 64 US-ASCII printable characters except
for space (this means characters from ! to ~; or from code 33
to 126).
You can use \\[server-generate-key] to get a random authentication
key."
:group 'server
:type '(choice
(const :tag "Random" nil)
(string :tag "Password"))
:version "24.2")
(defcustom server-raise-frame t
"If non-nil, raise frame when switching to a buffer."
:group 'server
......@@ -522,6 +549,32 @@ See variable `server-auth-dir' for details."
(unless safe
(error "The directory `%s' is unsafe" dir)))))
(defun server-generate-key ()
"Generates and returns a random 64-byte strings of random chars
in the range `!'..`~'. If called interactively, also inserts it
into current buffer."
(interactive)
(let ((auth-key
(loop repeat 64
collect (+ 33 (random 94)) into auth
finally return (concat auth))))
(if (called-interactively-p)
(insert auth-key))
auth-key))
(defun server-get-auth-key ()
"Returns server's authentication key.
If `server-auth-key' is nil this function will just call
`server-generate-key'. Otherwise, if `server-auth-key' is
a valid authentication it will return it. Otherwise, it will
signal an error."
(if server-auth-key
(if (string-match "^[!-~]\\{64\\}$" server-auth-key)
server-auth-key
(error "The key '%s' is invalid" server-auth-key))
(server-generate-key)))
;;;###autoload
(defun server-start (&optional leave-dead inhibit-prompt)
"Allow this Emacs process to be a server for client processes.
......@@ -615,13 +668,7 @@ server or call `M-x server-force-delete' to forcibly disconnect it.")
(unless server-process (error "Could not start server process"))
(process-put server-process :server-file server-file)
(when server-use-tcp
(let ((auth-key
(loop
;; The auth key is a 64-byte string of random chars in the
;; range `!'..`~'.
repeat 64
collect (+ 33 (random 94)) into auth
finally return (concat auth))))
(let ((auth-key (server-get-auth-key)))
(process-put server-process :auth-key auth-key)
(with-temp-file server-file
(set-buffer-multibyte nil)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment