diff --git a/etc/NEWS b/etc/NEWS index 4ec33eae625..186dca19495 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -53,8 +53,11 @@ character when doing minibuffer filename prompts. ** which-function-mode now applies to all applicable major modes by default. ** erc will look up server/channel names via auth-source and use the - channel keys found, if any. +channel keys found, if any. +** The `server-auth-key' variable can be used to set a permanent +shared key for Emacs Server. + ** Obsolete packages: *** mailpost.el diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 416a365179f..0222d51f8bc 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,11 @@ +2012-04-14 Michal Nazarewicz + + * server.el (server-auth-key): New variable. + (server-generate-key): New function. + (server-get-auth-key): New function. + (server-start): Use the new variable and functions to allow + setting a permanent server key (bug#9423). + 2012-04-14 Leo Liu * vc/diff-mode.el (diff-file-prev/next): Fix typo. diff --git a/lisp/server.el b/lisp/server.el index 404bebc4747..dd40199ad1c 100644 --- a/lisp/server.el +++ b/lisp/server.el @@ -139,6 +139,33 @@ directory residing in a NTFS partition instead." ;;;###autoload (put 'server-auth-dir 'risky-local-variable t) +(defcustom server-auth-key nil + "Server authentication key. + +Normally, authentication key is generated on random when server +starts, which guarantees some level of security. It is +recommended to leave it that way. Using a long-lived shared key +may decrease security (especially since the key is transmitted as +plain text). + +In some situations however, it can be difficult to share randomly +generated password with remote hosts (eg. no shared directory), +so you can set the key with this variable and then copy server +file to remote host (with possible changes to IP address and/or +port if that applies). + +The key must consist of 64 US-ASCII printable characters except +for space (this means characters from ! to ~; or from code 33 +to 126). + +You can use \\[server-generate-key] to get a random authentication +key." + :group 'server + :type '(choice + (const :tag "Random" nil) + (string :tag "Password")) + :version "24.2") + (defcustom server-raise-frame t "If non-nil, raise frame when switching to a buffer." :group 'server @@ -522,6 +549,32 @@ See variable `server-auth-dir' for details." (unless safe (error "The directory `%s' is unsafe" dir))))) +(defun server-generate-key () + "Generates and returns a random 64-byte strings of random chars +in the range `!'..`~'. If called interactively, also inserts it +into current buffer." + (interactive) + (let ((auth-key + (loop repeat 64 + collect (+ 33 (random 94)) into auth + finally return (concat auth)))) + (if (called-interactively-p) + (insert auth-key)) + auth-key)) + +(defun server-get-auth-key () + "Returns server's authentication key. + +If `server-auth-key' is nil this function will just call +`server-generate-key'. Otherwise, if `server-auth-key' is +a valid authentication it will return it. Otherwise, it will +signal an error." + (if server-auth-key + (if (string-match "^[!-~]\\{64\\}$" server-auth-key) + server-auth-key + (error "The key '%s' is invalid" server-auth-key)) + (server-generate-key))) + ;;;###autoload (defun server-start (&optional leave-dead inhibit-prompt) "Allow this Emacs process to be a server for client processes. @@ -615,13 +668,7 @@ server or call `M-x server-force-delete' to forcibly disconnect it.") (unless server-process (error "Could not start server process")) (process-put server-process :server-file server-file) (when server-use-tcp - (let ((auth-key - (loop - ;; The auth key is a 64-byte string of random chars in the - ;; range `!'..`~'. - repeat 64 - collect (+ 33 (random 94)) into auth - finally return (concat auth)))) + (let ((auth-key (server-get-auth-key))) (process-put server-process :auth-key auth-key) (with-temp-file server-file (set-buffer-multibyte nil)