desktop/source/lib/init.cxx | 4 ++++ include/tools/hostfilter.hxx | 28 ++++++++++++++++++++++++++++ tools/Library_tl.mk | 1 + tools/source/inet/hostfilter.cxx | 27 +++++++++++++++++++++++++++ ucb/source/ucp/webdav-curl/CurlSession.cxx | 6 ++++++ 5 files changed, 66 insertions(+)
New commits: commit ad85ea960780f1e858054fbc612c040830b2fb11 Author: Caolán McNamara <[email protected]> AuthorDate: Tue Jun 4 21:17:59 2024 +0100 Commit: Andras Timar <[email protected]> CommitDate: Mon Jun 24 23:46:56 2024 +0200 allow an exemption to be made for a specific host Change-Id: Ie423df7839e793a9c07561efb56d5649876947ee Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169125 Tested-by: Jenkins CollaboraOffice <[email protected]> Reviewed-by: Andras Timar <[email protected]> diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx index aa717dfe17cf..78609ecb11da 100644 --- a/desktop/source/lib/init.cxx +++ b/desktop/source/lib/init.cxx @@ -136,6 +136,7 @@ #include <vcl/svapp.hxx> #include <unotools/resmgr.hxx> #include <tools/fract.hxx> +#include <tools/hostfilter.hxx> #include <tools/json_writer.hxx> #include <svtools/ctrltool.hxx> #include <svtools/langtab.hxx> @@ -2786,6 +2787,9 @@ static LibreOfficeKitDocument* lo_documentLoadWithOptions(LibreOfficeKit* pThis, OutputDevice::StartTrackingFontMappingUse(); + if (const char* pExemptVerifyHost = ::getenv("LOK_EXEMPT_VERIFY_HOST")) + HostFilter::setExemptVerifyHost(OUString(pExemptVerifyHost, strlen(pExemptVerifyHost), RTL_TEXTENCODING_UTF8)); + const int nThisDocumentId = nDocumentIdCounter++; SfxViewShell::SetCurrentDocId(ViewShellDocId(nThisDocumentId)); uno::Reference<lang::XComponent> xComponent = xComponentLoader->loadComponentFromURL( diff --git a/include/tools/hostfilter.hxx b/include/tools/hostfilter.hxx new file mode 100644 index 000000000000..43c01e72e6fd --- /dev/null +++ b/include/tools/hostfilter.hxx @@ -0,0 +1,28 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#ifndef INCLUDED_TOOLS_HOSTFILTER_HXX +#define INCLUDED_TOOLS_HOSTFILTER_HXX + +#include <rtl/ustring.hxx> +#include <tools/toolsdllapi.h> + +// Helper for filtering allowed hosts for remote connections + +class TOOLS_DLLPUBLIC HostFilter +{ +public: + static void setExemptVerifyHost(const OUString& rExemptVerifyHost); + + static bool isExemptVerifyHost(const std::u16string_view rHost); +}; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */ diff --git a/tools/Library_tl.mk b/tools/Library_tl.mk index ecad06913ed2..11f6fb271fbd 100644 --- a/tools/Library_tl.mk +++ b/tools/Library_tl.mk @@ -63,6 +63,7 @@ $(eval $(call gb_Library_add_exception_objects,tl,\ tools/source/generic/poly \ tools/source/generic/poly2 \ tools/source/generic/svborder \ + tools/source/inet/hostfilter \ tools/source/inet/inetmime \ tools/source/inet/inetmsg \ tools/source/inet/inetstrm \ diff --git a/tools/source/inet/hostfilter.cxx b/tools/source/inet/hostfilter.cxx new file mode 100644 index 000000000000..85a1715d5155 --- /dev/null +++ b/tools/source/inet/hostfilter.cxx @@ -0,0 +1,27 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include <tools/hostfilter.hxx> + +namespace +{ +static OUString g_ExceptVerifyHost; +} + +void HostFilter::setExemptVerifyHost(const OUString& rExemptVerifyHost) +{ + g_ExceptVerifyHost = rExemptVerifyHost; +} + +bool HostFilter::isExemptVerifyHost(const std::u16string_view rHost) +{ + return rHost == g_ExceptVerifyHost; +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */ diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx b/ucb/source/ucp/webdav-curl/CurlSession.cxx index e030cf374305..53201aae8ca9 100644 --- a/ucb/source/ucp/webdav-curl/CurlSession.cxx +++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx @@ -34,6 +34,7 @@ #include <rtl/strbuf.hxx> #include <rtl/ustrbuf.hxx> #include <systools/curlinit.hxx> +#include <tools/hostfilter.hxx> #include <config_version.h> #include <map> @@ -696,6 +697,11 @@ CurlSession::CurlSession(uno::Reference<uno::XComponentContext> const& xContext, rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_FORBID_REUSE, 1L); assert(rc == CURLE_OK); } + if (HostFilter::isExemptVerifyHost(m_URI.GetHost())) + { + rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_SSL_VERIFYHOST, 0L); + assert(rc == CURLE_OK); + } } CurlSession::~CurlSession() {}
