[Libreoffice-commits] online.git: loolwsd/FileServer.hpp
loolwsd/FileServer.hpp | 18 +++--- 1 file changed, 15 insertions(+), 3 deletions(-) New commits: commit 9b29565448806657d3b44597bba6137e72664ad5 Author: Pranav KantDate: Tue Jul 19 20:50:43 2016 +0530 loolwsd: security: Sanitize user input before generating HTML Change-Id: I835bc84ba197a31745cd593c22571ae9f9ad7b1a diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index 874db99..574d0b0 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -32,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -213,7 +214,7 @@ private: return path; } -void preprocessFile(HTTPServerRequest& request, HTTPServerResponse& response) +void preprocessFile(HTTPServerRequest& request, HTTPServerResponse& response) throw(Poco::FileAccessDeniedException) { HTMLForm form(request, request.stream()); @@ -227,8 +228,19 @@ private: StreamCopier::copyToString(file, preprocess); file.close(); -Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN%"), form.get("access_token", "")); -Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN_TTL%"), form.get("access_token_ttl", "")); +const std::string& accessToken = form.get("access_token", ""); +const std::string& accessTokenTtl = form.get("access_token_ttl", ""); + +// As of now only alphanumeric characters are allowed in access token +// Sanitize user input before replacing +Poco::RegularExpression re("[a-zA-Z0-9_]*", Poco::RegularExpression::RE_ANCHORED); +if (!re.match(accessToken, 0, 0) || !re.match(accessTokenTtl, 0, 0)) +{ +throw Poco::FileAccessDeniedException("Invalid access token provided. Only alphanumeric and _ are allowed "); +} + +Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN%"), accessToken); +Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN_TTL%"), accessTokenTtl); Poco::replaceInPlace(preprocess, std::string("%HOST%"), host); Poco::replaceInPlace(preprocess, std::string("%VERSION%"), std::string(LOOLWSD_VERSION_HASH)); ___ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp loolwsd/LOOLWSD.cpp loolwsd/LOOLWSD.hpp loolwsd/loolwsd.xml.in loolwsd/Makefile.am loolwsd/Storage.cpp loolwsd/Util.hpp
loolwsd/FileServer.hpp |2 loolwsd/LOOLWSD.cpp| 107 ++--- loolwsd/LOOLWSD.hpp| 42 --- loolwsd/Makefile.am|4 - loolwsd/Storage.cpp| 45 ++-- loolwsd/Util.hpp | 39 + loolwsd/loolwsd.xml.in |1 7 files changed, 184 insertions(+), 56 deletions(-) New commits: commit 6e616b745f663898810de39141bdc65535c92601 Author: Marco CecchettiDate: Mon Jul 18 13:45:36 2016 +0200 loolwsd: SSL support can be enabled/disabled on server start SSL support is enabled by default, it can be disabled by passing the `--disable-ssl` switch on the command line or by setting `ssl.enable` property in loolwsd.xml config file. It is still possible to build loolwsd with no SSL support at all. Change-Id: I00f952edc64f87f61505af44fdc2a715780dc44c Reviewed-on: https://gerrit.libreoffice.org/27288 Reviewed-by: Jan Holesovsky Tested-by: Jan Holesovsky diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index 7c19e10..874db99 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -217,7 +217,7 @@ private: { HTMLForm form(request, request.stream()); -const auto host = (LOOLWSD::SSLEnabled ? "wss://" : "ws://") + (LOOLWSD::ServerName.empty() ? request.getHost() : LOOLWSD::ServerName); +const auto host = (LOOLWSD::isSSLEnabled() ? "wss://" : "ws://") + (LOOLWSD::ServerName.empty() ? request.getHost() : LOOLWSD::ServerName); const auto path = Poco::Path(LOOLWSD::FileServerRoot, getRequestPathname(request)); Log::debug("Preprocessing file: " + path.toString()); diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index 97851ab..ff36b76 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -10,6 +10,16 @@ #include "LOOLWSD.hpp" #include "config.h" +/* Default host used in the start test URI */ +#define LOOLWSD_TEST_HOST "localhost" + +/* Default loleaflet UI used in the start test URI */ +#define LOOLWSD_TEST_LOLEAFLET_UI "/loleaflet/" LOOLWSD_VERSION_HASH "/loleaflet.html" + +/* Default document used in the start test URI */ +#define LOOLWSD_TEST_DOCUMENT_RELATIVE_PATH "test/data/hello-world.odt" + + // This is the main source for the loolwsd program. LOOL uses several loolwsd processes: one main // parent process that listens on the TCP port and accepts connections from LOOL clients, and a // number of child processes, each which handles a viewing (editing) session for one document. @@ -787,7 +797,7 @@ private: const std::string urlsrc = "urlsrc"; const auto& config = Application::instance().config(); const std::string loleafletHtml = config.getString("loleaflet_html", "loleaflet.html"); -const std::string uriValue = (LOOLWSD::SSLEnabled ? "https://; : "http://;) + +const std::string uriValue = (LOOLWSD::isSSLEnabled() ? "https://; : "http://;) + (LOOLWSD::ServerName.empty() ? request.getHost() : LOOLWSD::ServerName) + "/loleaflet/" LOOLWSD_VERSION_HASH "/" + loleafletHtml + "?"; @@ -1207,6 +1217,35 @@ public: } }; +namespace { + +static inline +ServerSocket* lcl_getServerSocket(int nClientPortNumber) +{ +return (LOOLWSD::isSSLEnabled()) ? new SecureServerSocket(nClientPortNumber) + : new ServerSocket(nClientPortNumber); +} + +static inline +std::string lcl_getLaunchURI() +{ +std::string aAbsTopSrcDir = Poco::Path(Application::instance().commandPath()).parent().toString(); +aAbsTopSrcDir = Poco::Path(aAbsTopSrcDir).absolute().toString(); + +std::string aLaunchURI(""); +aLaunchURI += ((LOOLWSD::isSSLEnabled()) ? "https://; : "http://;); +aLaunchURI += LOOLWSD_TEST_HOST ":"; +aLaunchURI += std::to_string(ClientPortNumber); +aLaunchURI += LOOLWSD_TEST_LOLEAFLET_UI; +aLaunchURI += "?file_path=file://"; +aLaunchURI += aAbsTopSrcDir; +aLaunchURI += LOOLWSD_TEST_DOCUMENT_RELATIVE_PATH; + +return aLaunchURI; +} + +} // anonymous namespace + std::atomic LOOLWSD::NextSessionId; int LOOLWSD::ForKitWritePipe = -1; std::string LOOLWSD::Cache = LOOLWSD_CACHEDIR; @@ -1216,12 +1255,8 @@ std::string LOOLWSD::ChildRoot; std::string LOOLWSD::ServerName; std::string LOOLWSD::FileServerRoot; std::string LOOLWSD::LOKitVersion; -bool LOOLWSD::SSLEnabled = -#if ENABLE_SSL -true; -#else -false; -#endif +Util::RuntimeCostant LOOLWSD::SSLEnabled; + static std::string UnitTestLibrary; unsigned int LOOLWSD::NumPreSpawnedChildren = 0; @@ -1279,6 +1314,7 @@ void LOOLWSD::initialize(Application& self) { "loleaflet_html", "loleaflet.html" }, { "logging.color", "true" }, { "logging.level", "trace" }, +{ "ssl.enable", "true" }, { "ssl.cert_file_path", LOOLWSD_CONFIGDIR "/cert.pem" }, {
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp loolwsd/LOOLWSD.cpp loolwsd/LOOLWSD.hpp loolwsd/loolwsd.xml.in loolwsd/Makefile.am
loolwsd/FileServer.hpp |4 ++-- loolwsd/LOOLWSD.cpp| 41 + loolwsd/LOOLWSD.hpp|2 -- loolwsd/Makefile.am|5 +++-- loolwsd/loolwsd.xml.in |6 ++ 5 files changed, 16 insertions(+), 42 deletions(-) New commits: commit d281813c06eef8ac00a57ff7de70013619a4f1a1 Author: Ashod NakashianDate: Sat Jun 25 20:10:48 2016 -0400 bccu#1909 - loolwsd command line options vs. config file and package upgrades Removed admin-console creds and allow-local-storage. Change-Id: If281b6320caee5d28007063591325eb98ba8e01b Reviewed-on: https://gerrit.libreoffice.org/26670 Reviewed-by: Ashod Nakashian Tested-by: Ashod Nakashian diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index 2d23a74..7c19e10 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -82,8 +82,8 @@ public: Log::info("Invalid JWT token, let the administrator re-login"); } -const auto user = config.getString("admin_console_username", ""); -const auto pass = config.getString("admin_console_password", ""); +const auto user = config.getString("admin_console.username", ""); +const auto pass = config.getString("admin_console.password", ""); if (user.empty() || pass.empty()) { Log::error("Admin Console credentials missing. Denying access until set."); diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index c48e514..8e87bde 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -854,6 +854,10 @@ public: } } } +else +{ +Log::error("Unknown resource: " + request.getURI()); +} } catch (const Exception& exc) { @@ -1173,9 +1177,7 @@ std::string LOOLWSD::ChildRoot; std::string LOOLWSD::LoSubPath = "lo"; std::string LOOLWSD::ServerName; std::string LOOLWSD::FileServerRoot; -std::string LOOLWSD::AdminCreds; std::string LOOLWSD::LOKitVersion; -bool LOOLWSD::AllowLocalStorage = false; bool LOOLWSD::SSLEnabled = #if ENABLE_SSL true; @@ -1264,21 +1266,6 @@ void LOOLWSD::initialize(Application& self) AutoPtr pOverrideConfig(new AppConfigMap(_overrideSettings)); conf.addWriteable(pOverrideConfig, PRIO_APPLICATION); // Highest priority -// This overrides whatever is in the config file, -// which forces admins to set this flag on the command-line. -config().setBool("storage.filesystem[@allow]", AllowLocalStorage); - -if (!AdminCreds.empty()) -{ -// Set the Admin Console credentials, if provided. -StringTokenizer tokens(AdminCreds, "/", StringTokenizer::TOK_IGNORE_EMPTY | StringTokenizer::TOK_TRIM); -if (tokens.count() == 2) -{ -config().setString("admin_console_username", tokens[0]); -config().setString("admin_console_password", tokens[1]); -} -} - // Allow UT to manipulate before using configuration values. UnitWSD::get().configure(config()); @@ -1366,15 +1353,6 @@ void LOOLWSD::defineOptions(OptionSet& optionSet) .repeatable(false) .argument("port number")); -optionSet.addOption(Option("admincreds", "", "Admin 'username/password' used to access the admin console.") -.required(false) -.repeatable(false) -.argument("credentials")); - -optionSet.addOption(Option("allowlocalstorage", "", "When true will allow highly insecure loading of files from local storage.") -.required(false) -.repeatable(false)); - optionSet.addOption(Option("override", "o", "Override any setting by providing fullxmlpath=value.") .required(false) .repeatable(true) @@ -1411,10 +1389,6 @@ void LOOLWSD::handleOption(const std::string& optionName, DisplayVersion = true; else if (optionName == "port") ClientPortNumber = std::stoi(value); -else if (optionName == "admincreds") -AdminCreds = value; -else if (optionName == "allowlocalstorage") -AllowLocalStorage = true; #if ENABLE_DEBUG else if (optionName == "unitlib") UnitTestLibrary = value; @@ -1522,18 +1496,13 @@ int LOOLWSD::main(const std::vector& /*args*/) ChildRoot += '/'; if (FileServerRoot.empty()) -FileServerRoot = Path(Application::instance().commandPath()).parent().parent().toString(); +FileServerRoot = Poco::Path(Application::instance().commandPath()).parent().parent().toString(); FileServerRoot = Poco::Path(FileServerRoot).absolute().toString(); Log::debug("FileServerRoot: " + FileServerRoot); if (ClientPortNumber == MasterPortNumber) throw
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp
loolwsd/FileServer.hpp |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) New commits: commit 7e625d5f423f9e6dff825f4fe12d7ac464de6cd6 Author: Andras TimarDate: Sun Jun 5 16:37:49 2016 +0200 loolwsd: respect server_name setting diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index da09978..f7462b2 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -217,7 +217,7 @@ private: { HTMLForm form(request, request.stream()); -const auto host = (LOOLWSD::SSLEnabled? "wss://": "ws://") + request.getHost(); +const auto host = (LOOLWSD::SSLEnabled ? "wss://" : "ws://") + (LOOLWSD::ServerName.empty() ? request.getHost() : LOOLWSD::ServerName); const auto path = Poco::Path(LOOLWSD::FileServerRoot, getRequestPathname(request)); Log::debug("Preprocessing file: " + path.toString()); ___ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp loolwsd/LOOLWSD.cpp loolwsd/loolwsd.xml.in
loolwsd/FileServer.hpp |4 +++- loolwsd/LOOLWSD.cpp|4 +++- loolwsd/loolwsd.xml.in |2 ++ 3 files changed, 8 insertions(+), 2 deletions(-) New commits: commit 2fbcbdfa87bbefc18b0bac87988a1edc73df0cbf Author: Andras TimarDate: Wed May 11 16:30:05 2016 +0200 loolwsd: enable UI customization by replacing loleaflet.html from config diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index 6c64cd2..da09978 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -125,8 +125,10 @@ public: throw Poco::FileNotFoundException("Invalid URI request: [" + requestUri.toString() + "]."); } +const auto& config = Application::instance().config(); +const std::string loleafletHtml = config.getString("loleaflet_html", "loleaflet.html"); const std::string endPoint = requestSegments[requestSegments.size() - 1]; -if (endPoint == "loleaflet.html") +if (endPoint == loleafletHtml) { preprocessFile(request, response); return; diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index 3151430..6a726de 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -740,9 +740,11 @@ private: const std::string mediaType = "text/xml"; const std::string action = "action"; const std::string urlsrc = "urlsrc"; +const auto& config = Application::instance().config(); +const std::string loleafletHtml = config.getString("loleaflet_html", "loleaflet.html"); const std::string uriValue = (LOOLWSD::SSLEnabled ? "https://; : "http://;) + (LOOLWSD::ServerName.empty() ? request.getHost() : LOOLWSD::ServerName) + -"/loleaflet/" LOOLWSD_VERSION_HASH "/loleaflet.html?"; +"/loleaflet/" LOOLWSD_VERSION_HASH "/" + loleafletHtml + "?"; InputSource inputSrc(discoveryPath); DOMParser parser; diff --git a/loolwsd/loolwsd.xml.in b/loolwsd/loolwsd.xml.in index 6bf4ce1..cb524a8 100644 --- a/loolwsd/loolwsd.xml.in +++ b/loolwsd/loolwsd.xml.in @@ -11,6 +11,8 @@ 1 +loleaflet.html + ___ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp
loolwsd/FileServer.hpp |2 ++ 1 file changed, 2 insertions(+) New commits: commit ae80052e805d304cbef6e076cfad9740c9c1f599 Author: Henry CastroDate: Wed May 4 16:15:25 2016 -0400 loolwsd: add mime type svg diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index b7faf4a..c5f57f9 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -162,6 +162,8 @@ public: mimeType = "text/css"; else if (fileType == "html") mimeType = "text/html"; +else if (fileType == "svg") +mimeType = "image/svg+xml"; else mimeType = "text/plain"; ___ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp
loolwsd/FileServer.hpp | 61 + 1 file changed, 32 insertions(+), 29 deletions(-) New commits: commit fe952794f0a7f04d6ae7a788e1352da00fe1159a Author: Ashod NakashianDate: Sat Apr 16 12:26:26 2016 -0400 loolwsd: don't expose private members Change-Id: I049c92d0ddb296058fad283fffc291348b4608b1 Reviewed-on: https://gerrit.libreoffice.org/24131 Reviewed-by: Ashod Nakashian Tested-by: Ashod Nakashian diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index 6338989..293e34e 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -54,6 +54,7 @@ using Poco::Util::Application; class FileServerRequestHandler: public HTTPRequestHandler { public: + /// Evaluate if the cookie exists, and if not, ask for the credentials. static bool isAdminLoggedIn(HTTPServerRequest& request, HTTPServerResponse& response) { @@ -108,35 +109,6 @@ public: return false; } -void preprocessFile(HTTPServerRequest& request, HTTPServerResponse& response) -{ -HTMLForm form(request, request.stream()); - -std::string preprocess; -const auto host = (LOOLWSD::SSLEnabled? "wss://": "ws://") + request.getHost(); - -Poco::URI requestUri(request.getURI()); -requestUri.normalize(); // avoid .'s and ..'s -const auto path = Poco::Path(LOOLWSD::FileServerRoot, requestUri.getPath()); - -Log::debug("Preprocessing file: " + path.toString()); - -FileInputStream file(path.toString()); -StreamCopier::copyToString(file, preprocess); -file.close(); - -Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN%"), form.get("access_token", "")); -Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN_TTL%"), form.get("access_token_ttl", "")); -Poco::replaceInPlace(preprocess, std::string("%HOST%"), host); - -response.setContentType("text/html"); -response.setContentLength(preprocess.length()); -response.setChunkedTransferEncoding(false); - -std::ostream& ostr = response.send(); -ostr << preprocess; -} - void handleRequest(HTTPServerRequest& request, HTTPServerResponse& response) override { try @@ -211,6 +183,37 @@ public: response.send(); } } + +private: + +void preprocessFile(HTTPServerRequest& request, HTTPServerResponse& response) +{ +HTMLForm form(request, request.stream()); + +std::string preprocess; +const auto host = (LOOLWSD::SSLEnabled? "wss://": "ws://") + request.getHost(); + +Poco::URI requestUri(request.getURI()); +requestUri.normalize(); // avoid .'s and ..'s +const auto path = Poco::Path(LOOLWSD::FileServerRoot, requestUri.getPath()); + +Log::debug("Preprocessing file: " + path.toString()); + +FileInputStream file(path.toString()); +StreamCopier::copyToString(file, preprocess); +file.close(); + +Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN%"), form.get("access_token", "")); +Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN_TTL%"), form.get("access_token_ttl", "")); +Poco::replaceInPlace(preprocess, std::string("%HOST%"), host); + +response.setContentType("text/html"); +response.setContentLength(preprocess.length()); +response.setChunkedTransferEncoding(false); + +std::ostream& ostr = response.send(); +ostr << preprocess; +} }; class FileServer ___ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp
loolwsd/FileServer.hpp | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) New commits: commit 7e67b388328a9a502e56c4395561564e6972ba8b Author: Jan HolesovskyDate: Wed Apr 13 13:39:33 2016 +0200 Add some paranoia... diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index 06be9ec..250301b 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -111,15 +111,20 @@ public: void preprocessFile(HTTPServerRequest& request, HTTPServerResponse& response) { -Poco::URI requestUri((LOOLWSD::SSLEnabled? "https": "http"), request.getHost(), request.getURI()); HTMLForm form(request, request.stream()); std::string preprocess; -const auto host = (LOOLWSD::SSLEnabled? "wss://": "ws://") + requestUri.getHost() + ":" + std::to_string(requestUri.getPort()); +const auto host = (LOOLWSD::SSLEnabled? "wss://": "ws://") + request.getHost(); + +Poco::URI requestUri(request.getURI()); +requestUri.normalize(); // avoid .'s and ..'s const auto path = Poco::Path(LOOLWSD::FileServerRoot, requestUri.getPath()); + const auto wopi = form.has("WOPISrc") ? form.get("WOPISrc") + "?access_token=" + form.get("access_token","") : ""; +Log::debug("Preprocessing file: " + path.toString()); + FileInputStream file(path.toString()); StreamCopier::copyToString(file, preprocess); file.close(); @@ -145,6 +150,8 @@ public: try { Poco::URI requestUri(request.getURI()); +requestUri.normalize(); // avoid .'s and ..'s + std::vector requestSegments; requestUri.getPathSegments(requestSegments); if (requestSegments.size() < 1) ___ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp loolwsd/LOOLWSD.cpp loolwsd/LOOLWSD.hpp
loolwsd/FileServer.hpp |4 ++-- loolwsd/LOOLWSD.cpp| 13 +++-- loolwsd/LOOLWSD.hpp|1 + 3 files changed, 10 insertions(+), 8 deletions(-) New commits: commit 484335321ff3145b45ac4f2fc162be31eeffcf62 Author: Jan HolesovskyDate: Wed Apr 13 13:08:47 2016 +0200 Introduce LOOLWSD::SSLEnabled for runtime, and allow non-SSL access via WOPI. diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index 721768d..06be9ec 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -111,11 +111,11 @@ public: void preprocessFile(HTTPServerRequest& request, HTTPServerResponse& response) { -Poco::URI requestUri("https", request.getHost(), request.getURI()); +Poco::URI requestUri((LOOLWSD::SSLEnabled? "https": "http"), request.getHost(), request.getURI()); HTMLForm form(request, request.stream()); std::string preprocess; -const auto host = "wss://" + requestUri.getHost() + ":" + std::to_string(requestUri.getPort()); +const auto host = (LOOLWSD::SSLEnabled? "wss://": "ws://") + requestUri.getHost() + ":" + std::to_string(requestUri.getPort()); const auto path = Poco::Path(LOOLWSD::FileServerRoot, requestUri.getPath()); const auto wopi = form.has("WOPISrc") ? form.get("WOPISrc") + "?access_token=" + form.get("access_token","") : ""; diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index a0fc215..6d68747 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -643,17 +643,12 @@ private: { DOMParser parser; DOMWriter writer; -URI uri("http", request.getHost(), request.getURI()); const std::string discoveryPath = Path(Application::instance().commandPath()).parent().toString() + "discovery.xml"; const std::string mediaType = "text/xml"; const std::string action = "action"; const std::string urlsrc = "urlsrc"; -#ifdef ENABLE_SSL -const std::string uriValue = "https://; + uri.getHost() + ":" + std::to_string(uri.getPort()) + "/loleaflet/dist/loleaflet.html?"; -#else -const std::string uriValue = "http://; + uri.getHost() + ":" + std::to_string(uri.getPort()) + "/loleaflet/dist/loleaflet.html?"; -#endif +const std::string uriValue = (LOOLWSD::SSLEnabled? "https://": "http://;) + request.getHost() + "/loleaflet/dist/loleaflet.html?"; InputSource inputSrc(discoveryPath); AutoPtr docXML = parser.parse(); @@ -993,6 +988,12 @@ std::string LOOLWSD::LoSubPath = "lo"; std::string LOOLWSD::FileServerRoot; std::string LOOLWSD::AdminCreds; bool LOOLWSD::AllowLocalStorage = false; +bool LOOLWSD::SSLEnabled = +#ifdef ENABLE_SSL +true; +#else +false; +#endif static std::string UnitTestLibrary; unsigned int LOOLWSD::NumPreSpawnedChildren = 0; diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp index 105f115..4e1c127 100644 --- a/loolwsd/LOOLWSD.hpp +++ b/loolwsd/LOOLWSD.hpp @@ -46,6 +46,7 @@ public: static std::string FileServerRoot; static std::string AdminCreds; static bool AllowLocalStorage; +static bool SSLEnabled; static std::string GenSessionId() ___ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp loolwsd/LOOLWSD.cpp
loolwsd/FileServer.hpp | 24 loolwsd/LOOLWSD.cpp|2 ++ 2 files changed, 18 insertions(+), 8 deletions(-) New commits: commit 29c9ecba2a589417b0d5757e6169ba9c7d4332ea Author: Ashod NakashianDate: Wed Apr 6 23:38:08 2016 -0400 loolwsd: deny access to directories outside of FileServerRoot Change-Id: Iea92982ebd5f111c946eb1b12f5dfd7602fffd70 Reviewed-on: https://gerrit.libreoffice.org/23879 Reviewed-by: Ashod Nakashian Tested-by: Ashod Nakashian diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index 2dbbc4c..5a79793 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -110,13 +110,14 @@ public: Poco::URI requestUri(request.getURI()); std::vector requestSegments; requestUri.getPathSegments(requestSegments); - -// TODO: We might want to package all files from leaflet to some other dir and restrict -// file serving to it (?) -const std::string endPoint = requestSegments[requestSegments.size() - 1]; +if (requestSegments.size() < 1) +{ +throw Poco::FileNotFoundException("Invalid file."); +} if (request.getMethod() == HTTPRequest::HTTP_GET) { +const std::string endPoint = requestSegments[requestSegments.size() - 1]; if (endPoint == "admin.html" || endPoint == "adminSettings.html" || endPoint == "adminAnalytics.html") @@ -125,7 +126,14 @@ public: throw Poco::Net::NotAuthenticatedException("Invalid admin login"); } -const std::string filePath = requestUri.getPath(); +const auto path = Poco::Path(LOOLWSD::FileServerRoot, requestUri.getPath()); +const auto filepath = path.absolute().toString(); +if (filepath.find(LOOLWSD::FileServerRoot) != 0) +{ +// Accessing unauthorized path. +throw Poco::FileNotFoundException("Invalid file path."); +} + const std::size_t extPoint = endPoint.find_last_of("."); if (extPoint == std::string::npos) throw Poco::FileNotFoundException("Invalid file."); @@ -142,12 +150,12 @@ public: mimeType = "text/plain"; response.setContentType(mimeType); -response.sendFile(LOOLWSD::FileServerRoot + requestUri.getPath(), mimeType); +response.sendFile(filepath, mimeType); } } catch (Poco::Net::NotAuthenticatedException& exc) { -Log::info ("FileServerRequestHandler::NotAuthenticated"); +Log::error("FileServerRequestHandler::NotAuthenticated"); response.set("WWW-Authenticate", "Basic realm=\"online\""); response.setStatus(HTTPResponse::HTTP_UNAUTHORIZED); response.setContentLength(0); @@ -155,7 +163,7 @@ public: } catch (Poco::FileNotFoundException& exc) { -Log::info("FileServerRequestHandler:: File " + request.getURI() + " not found."); +Log::error("FileServerRequestHandler:: File [" + request.getURI() + "] not found."); response.setStatus(HTTPResponse::HTTP_NOT_FOUND); response.setContentLength(0); response.send(); diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index 78b3915..91bbf4d 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -1219,6 +1219,8 @@ int LOOLWSD::main(const std::vector& /*args*/) if (FileServerRoot.empty()) FileServerRoot = Path(Application::instance().commandPath()).parent().parent().toString(); +FileServerRoot = Poco::Path(FileServerRoot).absolute().toString(); +Log::debug("FileServerRoot: " + FileServerRoot); if (ClientPortNumber == MASTER_PORT_NUMBER) throw IncompatibleOptionsException("port"); ___ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp loolwsd/LOOLWSD.cpp loolwsd/LOOLWSD.hpp
loolwsd/FileServer.hpp | 14 ++ loolwsd/LOOLWSD.cpp| 29 +++-- loolwsd/LOOLWSD.hpp|2 +- 3 files changed, 38 insertions(+), 7 deletions(-) New commits: commit 1f88aede00b2b5a48e91d3cc652cb0a9ea0770ab Author: Ashod NakashianDate: Wed Apr 6 23:36:54 2016 -0400 loolwsd: Admin Console credentials passed on the command line A new command-line argument, admincreds, must be provided to set the Admin Console credentials. The new command-line argument specifies the username and password in the following format: username/password If not provided, Admin Console is disabled for security reasons. A warning is emitted at startup and an error on every invocation of Admin Console is logged when no credentials are defined. Change-Id: I348623949fd0b292f5066e4955759c708204540f Reviewed-on: https://gerrit.libreoffice.org/23878 Reviewed-by: Ashod Nakashian Tested-by: Ashod Nakashian diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index 52d4429..2dbbc4c 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -72,11 +72,17 @@ public: Log::info("Invalid JWT token, let the administrator re-login"); } -HTTPBasicCredentials credentials(request); +const auto user = Application::instance().config().getString("admin_console_username", ""); +const auto pass = Application::instance().config().getString("admin_console_password", ""); +if (user.empty() || pass.empty()) +{ +Log::error("Admin Console credentials missing. Denying access until set."); +return false; +} -// TODO: Read username and password from config file -if (credentials.getUsername() == "admin" -&& credentials.getPassword() == "admin") +HTTPBasicCredentials credentials(request); +if (credentials.getUsername() == user && +credentials.getPassword() == pass) { const std::string htmlMimeType = "text/html"; // generate and set the cookie diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index ef4775c..78b3915 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -963,6 +963,7 @@ std::string LOOLWSD::LoTemplate; std::string LOOLWSD::ChildRoot; std::string LOOLWSD::LoSubPath = "lo"; std::string LOOLWSD::FileServerRoot; +std::string LOOLWSD::AdminCreds; int LOOLWSD::NumPreSpawnedChildren = 10; bool LOOLWSD::DoTest = false; @@ -977,13 +978,25 @@ LOOLWSD::~LOOLWSD() void LOOLWSD::initialize(Application& self) { -// load default configuration files, if present +// Load default configuration files, if present. if (loadConfiguration() == 0) { -std::string configPath = LOOLWSD_CONFIGDIR "/loolwsd.xml"; +// Fallback to the default path. +const std::string configPath = LOOLWSD_CONFIGDIR "/loolwsd.xml"; loadConfiguration(configPath); } +if (!AdminCreds.empty()) +{ +// Set the Admin Console credentials, if provided. +StringTokenizer tokens(AdminCreds, "/", StringTokenizer::TOK_IGNORE_EMPTY | StringTokenizer::TOK_TRIM); +if (tokens.count() == 2) +{ +config().setString("admin_console_username", tokens[0]); +config().setString("admin_console_password", tokens[1]); +} +} + ServerApplication::initialize(self); } @@ -1084,6 +1097,11 @@ void LOOLWSD::defineOptions(OptionSet& optionSet) .repeatable(false) .argument("number")); +optionSet.addOption(Option("admincreds", "", "Admin 'username/password' used to access the admin console.") +.required(false) +.repeatable(false) +.argument("directory")); + optionSet.addOption(Option("test", "", "Interactive testing.") .required(false) .repeatable(false)); @@ -1119,6 +1137,8 @@ void LOOLWSD::handleOption(const std::string& optionName, const std::string& val FileServerRoot = value; else if (optionName == "numprespawns") NumPreSpawnedChildren = std::stoi(value); +else if (optionName == "admincreds") +AdminCreds = value; else if (optionName == "test") LOOLWSD::DoTest = true; } @@ -1206,6 +1226,11 @@ int LOOLWSD::main(const std::vector& /*args*/) if (LOOLWSD::DoTest) NumPreSpawnedChildren = 1; +if (AdminCreds.empty()) +{ +Log::warn("No admin credentials set via 'admincreds' command-line argument. Admin Console will be disabled."); +} + const Path pipePath = Path::forDirectory(ChildRoot + Path::separator() + FIFO_PATH); if (!File(pipePath).exists() && !File(pipePath).createDirectory()) { diff
[Libreoffice-commits] online.git: loolwsd/FileServer.hpp loolwsd/LOOLWSD.cpp loolwsd/LOOLWSD.hpp
loolwsd/FileServer.hpp | 19 +-- loolwsd/LOOLWSD.cpp| 11 +++ loolwsd/LOOLWSD.hpp|1 + 3 files changed, 21 insertions(+), 10 deletions(-) New commits: commit a5f8ba44a2b9bb26ec9196a306f9f1b4d60afc79 Author: Pranav KantDate: Sun Mar 20 19:37:24 2016 +0530 loolwsd: Allow specifying custom file server root By default, use git directory root. Change-Id: I4ee1173c43f313de3abb1732e6a7401169896189 diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp index 9c62e41..102ace1 100644 --- a/loolwsd/FileServer.hpp +++ b/loolwsd/FileServer.hpp @@ -32,6 +32,7 @@ #include #include "Common.hpp" +#include "LOOLWSD.hpp" using Poco::Net::HTTPRequest; using Poco::Net::HTTPRequestHandler; @@ -55,8 +56,8 @@ public: std::vector requestSegments; requestUri.getPathSegments(requestSegments); -// FIXME: We might want to package all dist files from leaflet to some other dir (?) -const std::string loleafletPath = Poco::Path(Application::instance().commandPath()).parent().parent().toString() + "loleaflet"; +// TODO: We might want to package all files from leaflet to some other dir and restrict +// file serving to it (?) const std::string endPoint = requestSegments[requestSegments.size() - 1]; if (request.getMethod() == HTTPRequest::HTTP_GET) @@ -79,7 +80,7 @@ public: Poco::Net::HTTPCookie cookie("jwt", jwtToken); response.addCookie(cookie); response.setContentType(htmlMimeType); -response.sendFile(loleafletPath + "/debug/document/" + endPoint, htmlMimeType); +response.sendFile(LOOLWSD::FileServerRoot + requestUri.getPath(), htmlMimeType); } else { @@ -87,12 +88,12 @@ public: throw Poco::Net::NotAuthenticatedException("Wrong credentials."); } } -else if (requestSegments.size() > 1 && requestSegments[0] == "dist") +else { const std::string filePath = requestUri.getPath(); const std::size_t extPoint = endPoint.find_last_of("."); if (extPoint == std::string::npos) -return; +throw Poco::FileNotFoundException("Invalid file."); const std::string fileType = endPoint.substr(extPoint + 1); std::string mimeType; @@ -100,15 +101,13 @@ public: mimeType = "application/javascript"; else if (fileType == "css") mimeType = "text/css"; +else if (fileType == "html") +mimeType = "text/html"; else mimeType = "text/plain"; response.setContentType(mimeType); -response.sendFile(loleafletPath + request.getURI(), mimeType); -} -else -{ -throw Poco::FileNotFoundException(""); +response.sendFile(LOOLWSD::FileServerRoot + requestUri.getPath(), mimeType); } } } diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index ba30f41..eb499cc 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -935,6 +935,7 @@ std::string LOOLWSD::SysTemplate; std::string LOOLWSD::LoTemplate; std::string LOOLWSD::ChildRoot; std::string LOOLWSD::LoSubPath = "lo"; +std::string LOOLWSD::FileServerRoot; int LOOLWSD::NumPreSpawnedChildren = 10; bool LOOLWSD::DoTest = false; @@ -1009,6 +1010,11 @@ void LOOLWSD::defineOptions(OptionSet& optionSet) .repeatable(false) .argument("relative path")); +optionSet.addOption(Option("fileserverroot", "", "Path to the directory that should be considered root for the file server (default: '../loleaflet/').") +.required(false) +.repeatable(false) +.argument("directory")); + optionSet.addOption(Option("numprespawns", "", "Number of child processes to keep started in advance and waiting for new clients.") .required(false) .repeatable(false) @@ -1045,6 +1051,8 @@ void LOOLWSD::handleOption(const std::string& optionName, const std::string& val ChildRoot = value; else if (optionName == "losubpath") LoSubPath = value; +else if (optionName == "fileserverroot") +FileServerRoot = value; else if (optionName == "numprespawns") NumPreSpawnedChildren = std::stoi(value); else if (optionName == "test") @@ -1140,6 +1148,9 @@ int