loolwsd.xml.in | 1 + wsd/Admin.cpp | 4 +--- wsd/Auth.cpp | 2 ++ wsd/Auth.hpp | 5 ++--- wsd/FileServer.cpp | 5 ++--- wsd/LOOLWSD.cpp | 16 +++++++++++++++- 6 files changed, 23 insertions(+), 10 deletions(-)
New commits: commit 1d087b3545be712073ab52ed11352a6b686f7a63 Author: Andras Timar <[email protected]> AuthorDate: Mon Oct 1 20:17:35 2018 +0200 Commit: Aron Budea <[email protected]> CommitDate: Fri Oct 5 16:37:16 2018 +0200 tdf#115163 allow bind to loopback interface Change-Id: I4808fb0fd685dfe990efd5fb739ee86f1276ffad Reviewed-on: https://gerrit.libreoffice.org/61412 Reviewed-by: Aron Budea <[email protected]> Tested-by: Aron Budea <[email protected]> diff --git a/loolwsd.xml.in b/loolwsd.xml.in index 587452ba4..26e5db7a8 100644 --- a/loolwsd.xml.in +++ b/loolwsd.xml.in @@ -68,6 +68,7 @@ <net desc="Network settings"> <proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto> + <listen type="string" default="any" desc="Listen address that loolwsd binds to. Can be 'any' or 'loopback'.">any</listen> <service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path."></service_root> <post_allow desc="Allow/deny client IP address for POST(REST)." allow="true"> <host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host> diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index eca0644f6..b55ec5617 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -168,6 +168,9 @@ int ClientPortNumber = DEFAULT_CLIENT_PORT_NUMBER; /// Protocols to listen on Socket::Type ClientPortProto = Socket::Type::All; +/// INET address to listen on +ServerSocket::Type ClientListenAddr = ServerSocket::Type::Public; + /// Port for prisoners to connect to int MasterPortNumber = DEFAULT_MASTER_PORT_NUMBER; @@ -698,6 +701,7 @@ void LOOLWSD::initialize(Application& self) { "loleaflet_html", "loleaflet.html" }, { "loleaflet_logging", "false" }, { "net.proto", "all" }, + { "net.listen", "any" }, { "net.service_root", "" }, { "num_prespawn_children", "1" }, { "per_document.autosave_duration_secs", "300" }, @@ -874,6 +878,16 @@ void LOOLWSD::initialize(Application& self) LOG_WRN("Invalid protocol: " << proto); } + { + std::string listen = getConfigValue<std::string>(conf, "net.listen", ""); + if (!Poco::icompare(listen, "any")) + ClientListenAddr = ServerSocket::Type::Public; + else if (!Poco::icompare(listen, "loopback")) + ClientListenAddr = ServerSocket::Type::Local; + else + LOG_WRN("Invalid listen address: " << listen << ". Falling back to default: 'any'" ); + } + // Prefix for the loolwsd pages; should not end with a '/' ServiceRoot = getPathFromConfig("net.service_root"); while (ServiceRoot.length() > 0 && ServiceRoot[ServiceRoot.length() - 1] == '/') @@ -2734,7 +2748,7 @@ private: factory = std::make_shared<PlainSocketFactory>(); std::shared_ptr<ServerSocket> socket = getServerSocket( - ServerSocket::Type::Public, port, WebServerPoll, factory); + ClientListenAddr, port, WebServerPoll, factory); while (!socket) { ++port; commit 86f50208829772934ce310be103ec9a36c862d7f Author: Andras Timar <[email protected]> AuthorDate: Fri Sep 28 11:54:20 2018 +0200 Commit: Aron Budea <[email protected]> CommitDate: Fri Oct 5 16:37:11 2018 +0200 don't use ssl key file for admin console auth, use a generated key instead Change-Id: I424afe0184a64b7f069d896bde6941e42b7b5531 rational: setup is easier in case, when user does not use ssl in loolwsd config Reviewed-on: https://gerrit.libreoffice.org/61411 Reviewed-by: Aron Budea <[email protected]> Tested-by: Aron Budea <[email protected]> diff --git a/wsd/Admin.cpp b/wsd/Admin.cpp index 9c24d2007..f93cf75b7 100644 --- a/wsd/Admin.cpp +++ b/wsd/Admin.cpp @@ -76,11 +76,9 @@ void AdminSocketHandler::handleMessage(bool /* fin */, WSOpCode /* code */, } std::string jwtToken; LOOLProtocol::getTokenString(tokens[1], "jwt", jwtToken); - const auto& config = Application::instance().config(); - const auto sslKeyPath = config.getString("ssl.key_file_path", ""); LOG_INF("Verifying JWT token: " << jwtToken); - JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin"); + JWTAuth authAgent("admin", "admin", "admin"); if (authAgent.verify(jwtToken)) { LOG_TRC("JWT token is valid"); diff --git a/wsd/Auth.cpp b/wsd/Auth.cpp index 088719d78..b1f76ae60 100644 --- a/wsd/Auth.cpp +++ b/wsd/Auth.cpp @@ -37,6 +37,8 @@ using Poco::Base64Decoder; using Poco::Base64Encoder; using Poco::OutputLineEndingConverter; +const Poco::Crypto::RSAKey JWTAuth::_key(Poco::Crypto::RSAKey(Poco::Crypto::RSAKey::KL_2048, Poco::Crypto::RSAKey::EXP_LARGE)); + void Authorization::authorizeURI(Poco::URI& uri) const { if (_type == Authorization::Type::Token) diff --git a/wsd/Auth.hpp b/wsd/Auth.hpp index 96bcb86b6..fa9029bba 100644 --- a/wsd/Auth.hpp +++ b/wsd/Auth.hpp @@ -69,11 +69,10 @@ public: class JWTAuth : public AuthBase { public: - JWTAuth(const std::string& keyPath, const std::string& name, const std::string& sub, const std::string& aud) + JWTAuth(const std::string& name, const std::string& sub, const std::string& aud) : _name(name), _sub(sub), _aud(aud), - _key(Poco::Crypto::RSAKey("", keyPath)), _digestEngine(_key, "SHA256") { } @@ -96,7 +95,7 @@ private: const std::string _sub; const std::string _aud; - const Poco::Crypto::RSAKey _key; + static const Poco::Crypto::RSAKey _key; Poco::Crypto::RSADigestEngine _digestEngine; }; diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index 35b43c27e..714dac28b 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -196,7 +196,6 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, assert(LOOLWSD::AdminEnabled); const auto& config = Application::instance().config(); - const auto sslKeyPath = config.getString("ssl.key_file_path", ""); NameValueCollection cookies; request.getCookies(cookies); @@ -204,7 +203,7 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, { const std::string jwtToken = cookies.get("jwt"); LOG_INF("Verifying JWT token: " << jwtToken); - JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin"); + JWTAuth authAgent("admin", "admin", "admin"); if (authAgent.verify(jwtToken)) { LOG_TRC("JWT token is valid"); @@ -247,7 +246,7 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, } // authentication passed, generate and set the cookie - JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin"); + JWTAuth authAgent("admin", "admin", "admin"); const std::string jwtToken = authAgent.getAccessToken(); Poco::Net::HTTPCookie cookie("jwt", jwtToken); _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
