configure.ac | 2 +- loolwsd-systemplate-setup | 1 + loolwsd.xml.in | 1 + man/loolwsd.1 | 2 +- net/Socket.cpp | 4 ++-- wsd/Admin.cpp | 4 +--- wsd/Auth.cpp | 2 ++ wsd/Auth.hpp | 5 ++--- wsd/FileServer.cpp | 5 ++--- wsd/LOOLWSD.cpp | 18 ++++++++++++++++-- 10 files changed, 29 insertions(+), 15 deletions(-)
New commits: commit 14a230121cadfe2d75b3fc243df4834fd4b8a2d5 Author: Andras Timar <[email protected]> AuthorDate: Wed Oct 31 13:57:45 2018 +0100 Commit: Andras Timar <[email protected]> CommitDate: Wed Oct 31 13:57:45 2018 +0100 Bump version to 6.1.3.2 Change-Id: I61d97e4e8d39a81c79c0ce90057fdfad06b1db0a diff --git a/configure.ac b/configure.ac index 6992aaef5..d18186a24 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) -AC_INIT([libreoffice-online], [6.1.1.2], [[email protected]]) +AC_INIT([libreoffice-online], [6.1.3.2], [[email protected]]) LT_INIT([shared, disable-static, dlopen]) AM_INIT_AUTOMAKE([1.10 subdir-objects tar-pax -Wno-portability]) commit 29fa54209815ff12a3e106aa95852e3e5d5381fd Author: Andras Timar <[email protected]> AuthorDate: Tue Oct 30 21:17:53 2018 +0100 Commit: Andras Timar <[email protected]> CommitDate: Wed Oct 31 13:56:36 2018 +0100 /etc/resolv.conf can be a symlink Change-Id: I23396e598306b7c8ab1498962ab5c09150c6795b Reviewed-on: https://gerrit.libreoffice.org/62674 Reviewed-by: Andras Timar <[email protected]> Tested-by: Andras Timar <[email protected]> (cherry picked from commit 4e5528e5f8b6abbd9ca715d5ac0ec410cbc783af) Signed-off-by: Andras Timar <[email protected]> diff --git a/loolwsd-systemplate-setup b/loolwsd-systemplate-setup index 50cc5aa92..207a362ba 100755 --- a/loolwsd-systemplate-setup +++ b/loolwsd-systemplate-setup @@ -37,6 +37,7 @@ find etc/passwd etc/group etc/hosts \ -type f find etc/fonts \ + etc/resolv.conf \ lib/ld-* lib64/ld-* \ -type l commit 66b761cbd283a773465b6c4ea1668fe7aeea66d5 Author: Andras Timar <[email protected]> AuthorDate: Wed Oct 10 09:02:55 2018 +0200 Commit: Andras Timar <[email protected]> CommitDate: Wed Oct 31 13:55:55 2018 +0100 typo Change-Id: I925c99699b8d383d2b8643c3846dafc1d19f33ec (cherry picked from commit 720ff0a341ef3533f7d0160e1c33148980a69692) Signed-off-by: Andras Timar <[email protected]> diff --git a/man/loolwsd.1 b/man/loolwsd.1 index 22c1fe99e..c73adfd93 100644 --- a/man/loolwsd.1 +++ b/man/loolwsd.1 @@ -18,7 +18,7 @@ loolwsd OPTIONS .PP \fB\-\-disable\-ssl\fR Disable SSL security layer. .PP -\fB\-oxmlpath\fR, \fB\-\-override\fR=\fIxmlpath\fR Override any setting by providing fullxmlpath=value. +\fB\-oxmlpath\fR, \fB\-\-override\fR=\fIxmlpath\fR Override any setting by providing full xmlpath=value. .PP \fB\-\-config\-file\fR=\fIpath\fR Override configuration file path. .PP diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index 8bc1d995c..d93fe94f2 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -1084,7 +1084,7 @@ void LOOLWSD::defineOptions(OptionSet& optionSet) .required(false) .repeatable(false)); - optionSet.addOption(Option("override", "o", "Override any setting by providing fullxmlpath=value.") + optionSet.addOption(Option("override", "o", "Override any setting by providing full xmlpath=value.") .required(false) .repeatable(true) .argument("xmlpath")); commit 51131f234192f8393d1b304481fb829c74ae2239 Author: Andras Timar <[email protected]> AuthorDate: Mon Oct 1 20:17:35 2018 +0200 Commit: Andras Timar <[email protected]> CommitDate: Wed Oct 31 13:55:26 2018 +0100 tdf#115163 allow bind to loopback interface Change-Id: I4808fb0fd685dfe990efd5fb739ee86f1276ffad Reviewed-on: https://gerrit.libreoffice.org/61412 Reviewed-by: Aron Budea <[email protected]> Tested-by: Aron Budea <[email protected]> (cherry picked from commit 1d087b3545be712073ab52ed11352a6b686f7a63) Signed-off-by: Andras Timar <[email protected]> diff --git a/loolwsd.xml.in b/loolwsd.xml.in index d4ca9b3ea..8d35510fa 100644 --- a/loolwsd.xml.in +++ b/loolwsd.xml.in @@ -64,6 +64,7 @@ <net desc="Network settings"> <proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto> + <listen type="string" default="any" desc="Listen address that loolwsd binds to. Can be 'any' or 'loopback'.">any</listen> <post_allow desc="Allow/deny client IP address for POST(REST)." allow="true"> <host desc="Regex pattern of ip address to allow.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host> </post_allow> diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index d7cb6a473..8bc1d995c 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -166,6 +166,9 @@ int ClientPortNumber = DEFAULT_CLIENT_PORT_NUMBER; /// Protocols to listen on Socket::Type ClientPortProto = Socket::Type::All; +/// INET address to listen on +ServerSocket::Type ClientListenAddr = ServerSocket::Type::Public; + /// Port for prisoners to connect to int MasterPortNumber = DEFAULT_MASTER_PORT_NUMBER; @@ -676,6 +679,7 @@ void LOOLWSD::initialize(Application& self) { "logging.level", "trace" }, { "loleaflet_logging", "false" }, { "net.proto", "all" }, + { "net.listen", "any" }, { "ssl.enable", "true" }, { "ssl.termination", "true" }, { "ssl.cert_file_path", LOOLWSD_CONFIGDIR "/cert.pem" }, @@ -799,6 +803,16 @@ void LOOLWSD::initialize(Application& self) else LOG_WRN("Invalid protocol: " << proto); } + { + std::string listen = getConfigValue<std::string>(conf, "net.listen", ""); + if (!Poco::icompare(listen, "any")) + ClientListenAddr = ServerSocket::Type::Public; + else if (!Poco::icompare(listen, "loopback")) + ClientListenAddr = ServerSocket::Type::Local; + else + LOG_WRN("Invalid listen address: " << listen << ". Falling back to default: 'any'" ); + } + #if ENABLE_SSL LOOLWSD::SSLEnabled.set(getConfigValue<bool>(conf, "ssl.enable", true)); @@ -2644,7 +2658,7 @@ private: std::shared_ptr<ServerSocket> socket = getServerSocket( - ServerSocket::Type::Public, port, WebServerPoll, factory); + ClientListenAddr, port, WebServerPoll, factory); #ifdef BUILDLING_TESTS while (!socket) { commit 6362a49e3f3215a5743769ff9d7ab9fbb0d315cd Author: Andras Timar <[email protected]> AuthorDate: Fri Sep 28 11:54:20 2018 +0200 Commit: Andras Timar <[email protected]> CommitDate: Wed Oct 31 13:52:56 2018 +0100 don't use ssl key file for admin console auth, use a generated key instead Change-Id: I424afe0184a64b7f069d896bde6941e42b7b5531 rational: setup is easier in case, when user does not use ssl in loolwsd config Reviewed-on: https://gerrit.libreoffice.org/61411 Reviewed-by: Aron Budea <[email protected]> Tested-by: Aron Budea <[email protected]> (cherry picked from commit 86f50208829772934ce310be103ec9a36c862d7f) Signed-off-by: Andras Timar <[email protected]> diff --git a/wsd/Admin.cpp b/wsd/Admin.cpp index 723bb22f9..34773e684 100644 --- a/wsd/Admin.cpp +++ b/wsd/Admin.cpp @@ -76,11 +76,9 @@ void AdminSocketHandler::handleMessage(bool /* fin */, WSOpCode /* code */, } std::string jwtToken; LOOLProtocol::getTokenString(tokens[1], "jwt", jwtToken); - const auto& config = Application::instance().config(); - const std::string sslKeyPath = config.getString("ssl.key_file_path", ""); LOG_INF("Verifying JWT token: " << jwtToken); - JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin"); + JWTAuth authAgent("admin", "admin", "admin"); if (authAgent.verify(jwtToken)) { LOG_TRC("JWT token is valid"); diff --git a/wsd/Auth.cpp b/wsd/Auth.cpp index 8b1a0ec77..6be7eceea 100644 --- a/wsd/Auth.cpp +++ b/wsd/Auth.cpp @@ -37,6 +37,8 @@ using Poco::Base64Decoder; using Poco::Base64Encoder; using Poco::OutputLineEndingConverter; +const Poco::Crypto::RSAKey JWTAuth::_key(Poco::Crypto::RSAKey(Poco::Crypto::RSAKey::KL_2048, Poco::Crypto::RSAKey::EXP_LARGE)); + void Authorization::authorizeURI(Poco::URI& uri) const { if (_type == Authorization::Type::Token) diff --git a/wsd/Auth.hpp b/wsd/Auth.hpp index 96bcb86b6..fa9029bba 100644 --- a/wsd/Auth.hpp +++ b/wsd/Auth.hpp @@ -69,11 +69,10 @@ public: class JWTAuth : public AuthBase { public: - JWTAuth(const std::string& keyPath, const std::string& name, const std::string& sub, const std::string& aud) + JWTAuth(const std::string& name, const std::string& sub, const std::string& aud) : _name(name), _sub(sub), _aud(aud), - _key(Poco::Crypto::RSAKey("", keyPath)), _digestEngine(_key, "SHA256") { } @@ -96,7 +95,7 @@ private: const std::string _sub; const std::string _aud; - const Poco::Crypto::RSAKey _key; + static const Poco::Crypto::RSAKey _key; Poco::Crypto::RSADigestEngine _digestEngine; }; diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index 3f7080ecd..25e4ca64b 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -196,7 +196,6 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, assert(LOOLWSD::AdminEnabled); const auto& config = Application::instance().config(); - const std::string& sslKeyPath = config.getString("ssl.key_file_path", ""); NameValueCollection cookies; request.getCookies(cookies); @@ -204,7 +203,7 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, { const std::string jwtToken = cookies.get("jwt"); LOG_INF("Verifying JWT token: " << jwtToken); - JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin"); + JWTAuth authAgent("admin", "admin", "admin"); if (authAgent.verify(jwtToken)) { LOG_TRC("JWT token is valid"); @@ -247,7 +246,7 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, } // authentication passed, generate and set the cookie - JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin"); + JWTAuth authAgent("admin", "admin", "admin"); const std::string jwtToken = authAgent.getAccessToken(); Poco::Net::HTTPCookie cookie("jwt", jwtToken); commit e5dc1b0bf8aece0f199379401430a9868737c64f Author: Andras Timar <[email protected]> AuthorDate: Wed Oct 3 13:25:36 2018 +0200 Commit: Andras Timar <[email protected]> CommitDate: Wed Oct 31 13:48:57 2018 +0100 fix that internal port 9981 was opened on all interfaces Change-Id: I04cd12b7fa2f0be9b08a3d325f08b36ca2ce240e Reviewed-on: https://gerrit.libreoffice.org/61410 Reviewed-by: Aron Budea <[email protected]> Tested-by: Aron Budea <[email protected]> (cherry picked from commit f32b75eefe5ac2b4ac5b54039e3b4bb665b994d6) Signed-off-by: Andras Timar <[email protected]> diff --git a/net/Socket.cpp b/net/Socket.cpp index dddfe4fc0..45bb14449 100644 --- a/net/Socket.cpp +++ b/net/Socket.cpp @@ -304,9 +304,9 @@ bool ServerSocket::bind(Type type, int port) addrv4.sin_family = AF_INET; addrv4.sin_port = htons(port); if (type == Type::Public) - addrv4.sin_addr.s_addr = type == htonl(INADDR_ANY); + addrv4.sin_addr.s_addr = htonl(INADDR_ANY); else - addrv4.sin_addr.s_addr = type == htonl(INADDR_LOOPBACK); + addrv4.sin_addr.s_addr = htonl(INADDR_LOOPBACK); rc = ::bind(getFD(), (const sockaddr *)&addrv4, sizeof(addrv4)); } _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
