loolwsd/LOOLWSD.cpp | 2 ++ loolwsd/Storage.cpp | 48 ++++++++++++++++++++++++++++++++++++++++++++---- loolwsd/Storage.hpp | 9 +++++++++ 3 files changed, 55 insertions(+), 4 deletions(-)
New commits: commit 115e654d6322d11b09ca2bb7405cfdbe1d81203c Author: Ashod Nakashian <ashod.nakash...@collabora.co.uk> Date: Sat Apr 16 08:13:59 2016 -0400 bccu#1648: Limit trusted WOPI hosts Control allowed/trusted wopi hosts from config. Change-Id: I730b4be8ef0d47bdb5e490926486184777de4eb0 Reviewed-on: https://gerrit.libreoffice.org/24135 Reviewed-by: Ashod Nakashian <ashnak...@gmail.com> Tested-by: Ashod Nakashian <ashnak...@gmail.com> diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index 43c23a6..0a06948 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -1094,6 +1094,8 @@ void LOOLWSD::initialize(Application& self) // which forces admins to set this flag on the command-line. config().setBool("storage.filesystem[@allow]", AllowLocalStorage); + StorageBase::initialize(); + ServerApplication::initialize(self); } diff --git a/loolwsd/Storage.cpp b/loolwsd/Storage.cpp index 3929df6..1fb3bba 100644 --- a/loolwsd/Storage.cpp +++ b/loolwsd/Storage.cpp @@ -31,6 +31,10 @@ /////////////////// // StorageBase Impl /////////////////// +bool StorageBase::_filesystemEnabled; +bool StorageBase::_wopiEnabled; +std::vector<std::string> StorageBase::_wopiHosts; + std::string StorageBase::getLocalRootPath() const { auto localPath = _jailPath; @@ -52,15 +56,47 @@ size_t StorageBase::getFileSize(const std::string& filename) return std::ifstream(filename, std::ifstream::ate | std::ifstream::binary).tellg(); } +void StorageBase::initialize() +{ + const auto& app = Poco::Util::Application::instance(); + _filesystemEnabled = app.config().getBool("storage.filesystem[@allow]", false); + + // Parse the WOPI settings. + _wopiHosts.clear(); + _wopiEnabled = app.config().getBool("storage.wopi[@allow]", false); + if (_wopiEnabled) + { + for (size_t i = 0; ; ++i) + { + const std::string path = "storage.wopi.host[" + std::to_string(i) + "]"; + if (app.config().getBool(path + "[@allow]", false)) + { + const auto host = app.config().getString(path, ""); + if (!host.empty()) + { + Log::info("Adding trusted WOPI host: [" + host + "]."); + _wopiHosts.push_back(host); + } + } + else if (!app.config().has(path)) + { + break; + } + } + } +} + std::unique_ptr<StorageBase> StorageBase::create(const std::string& jailRoot, const std::string& jailPath, const Poco::URI& uri) { std::unique_ptr<StorageBase> storage; if (UnitWSD::get().createStorage(jailRoot, jailPath, uri, storage)) - Log::info("Storage load hooked"); + { + Log::info("Storage load hooked."); + } else if (uri.isRelative() || uri.getScheme() == "file") { - if (!Poco::Util::Application::instance().config().getBool("storage.filesystem[@allow]", false)) + if (!_filesystemEnabled) { Log::error("Local Storage is disabled by default. Specify allowlocalstorage on the command-line to enable."); return nullptr; @@ -69,13 +105,17 @@ std::unique_ptr<StorageBase> StorageBase::create(const std::string& jailRoot, co Log::info("Public URI [" + uri.toString() + "] is a file."); storage = std::unique_ptr<StorageBase>(new LocalStorage(jailRoot, jailPath, uri.getPath())); } - else + else if (_wopiEnabled) { Log::info("Public URI [" + uri.toString() + "] assuming cloud storage."); - //TODO: Configure the storage to use. For now, assume it's WOPI. storage = std::unique_ptr<StorageBase>(new WopiStorage(jailRoot, jailPath, uri.toString())); } + else + { + throw std::runtime_error("No Storage configured or invalid URI."); + } + return storage; } diff --git a/loolwsd/Storage.hpp b/loolwsd/Storage.hpp index 29f0fc3..9855bbb 100644 --- a/loolwsd/Storage.hpp +++ b/loolwsd/Storage.hpp @@ -69,6 +69,10 @@ public: static size_t getFileSize(const std::string& filename); + /// Must be called at startup to configure. + static void initialize(); + + /// Storage object creation factory. static std::unique_ptr<StorageBase> create(const std::string& jailRoot, const std::string& jailPath, const Poco::URI& uri); @@ -79,6 +83,11 @@ protected: const std::string _uri; std::string _jailedFilePath; FileInfo _fileInfo; + + static bool _filesystemEnabled; + static bool _wopiEnabled; + /// Allowed/trusted WOPI hosts, if any and if WOPI is enabled. + static std::vector<std::string> _wopiHosts; }; /// Trivial implementation of local storage that does not need do anything. _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits