kit/Kit.cpp | 9 ++++++--- wsd/DocumentBroker.cpp | 17 ++++++++++------- wsd/LOOLWSD.cpp | 7 +++++-- wsd/LOOLWSD.hpp | 9 +++++++-- wsd/Storage.cpp | 10 ++++++++-- wsd/Storage.hpp | 16 ++++++++++------ 6 files changed, 46 insertions(+), 22 deletions(-)
New commits: commit a5e3878767c84cf179d9af3a53f988d828747677 Author: Ashod Nakashian <ashod.nakash...@collabora.co.uk> Date: Sun Jul 8 22:50:09 2018 -0400 wsd: use obfascated user id when provided by WOPI Change-Id: I69a17dff0e5e6b27e4538d9fe9019e4d1eebb16f Reviewed-on: https://gerrit.libreoffice.org/57171 Reviewed-by: Jan Holesovsky <ke...@collabora.com> Tested-by: Jan Holesovsky <ke...@collabora.com> diff --git a/kit/Kit.cpp b/kit/Kit.cpp index 24be99808..9b5ef8f48 100644 --- a/kit/Kit.cpp +++ b/kit/Kit.cpp @@ -109,6 +109,7 @@ static LokHookFunction2* initFunction = nullptr; #ifndef BUILDING_TESTS static bool AnonymizeFilenames = false; static bool AnonymizeUsernames = false; +static std::string ObfuscatedUserId; #endif #if ENABLE_DEBUG @@ -2239,6 +2240,8 @@ void lokit_main(const std::string& childRoot, const std::string& sessionId = tokens[1]; const std::string& docKey = tokens[2]; const std::string& docId = tokens[3]; + if (tokens.size() > 4) + ObfuscatedUserId = tokens[4]; std::string url; URI::decode(docKey, url); @@ -2425,10 +2428,10 @@ std::string anonymizeUrl(const std::string& url) std::string anonymizeUsername(const std::string& username) { #ifndef BUILDING_TESTS - return AnonymizeUsernames ? Util::anonymize(username) : username; -#else - return username; + if (AnonymizeUsernames) + return !ObfuscatedUserId.empty() ? ObfuscatedUserId : Util::anonymize(username); #endif + return username; } #if !defined(BUILDING_TESTS) && !defined(KIT_IN_PROCESS) diff --git a/wsd/DocumentBroker.cpp b/wsd/DocumentBroker.cpp index 60e480294..6ad82d6b3 100644 --- a/wsd/DocumentBroker.cpp +++ b/wsd/DocumentBroker.cpp @@ -457,7 +457,7 @@ bool DocumentBroker::load(const std::shared_ptr<ClientSession>& session, const s assert(_storage != nullptr); // Call the storage specific fileinfo functions - std::string userid, username; + std::string userId, username; std::string userExtraInfo; std::string watermarkText; std::chrono::duration<double> getInfoCallDuration(0); @@ -465,7 +465,8 @@ bool DocumentBroker::load(const std::shared_ptr<ClientSession>& session, const s if (wopiStorage != nullptr) { std::unique_ptr<WopiStorage::WOPIFileInfo> wopifileinfo = wopiStorage->getWOPIFileInfo(session->getAuthorization()); - userid = wopifileinfo->_userid; + userId = wopifileinfo->_userId; + LOOLWSD::ObfuscatedUserId = wopifileinfo->_obfuscatedUserId; username = wopifileinfo->_username; userExtraInfo = wopifileinfo->_userExtraInfo; watermarkText = wopifileinfo->_watermarkText; @@ -516,7 +517,7 @@ bool DocumentBroker::load(const std::shared_ptr<ClientSession>& session, const s session->sendMessage("wopi: " + ossWopiInfo.str()); // Mark the session as 'Document owner' if WOPI hosts supports it - if (userid == _storage->getFileInfo()._ownerId) + if (userId == _storage->getFileInfo()._ownerId) { LOG_DBG("Session [" << sessionId << "] is the document owner"); session->setDocumentOwner(true); @@ -533,7 +534,7 @@ bool DocumentBroker::load(const std::shared_ptr<ClientSession>& session, const s if (localStorage != nullptr) { std::unique_ptr<LocalStorage::LocalFileInfo> localfileinfo = localStorage->getLocalFileInfo(); - userid = localfileinfo->_userid; + userId = localfileinfo->_userId; username = localfileinfo->_username; if (LOOLWSD::IsViewFileExtension(localStorage->getFileExtension())) @@ -544,14 +545,16 @@ bool DocumentBroker::load(const std::shared_ptr<ClientSession>& session, const s } } + #if ENABLE_SUPPORT_KEY if (!LOOLWSD::OverrideWatermark.empty()) watermarkText = LOOLWSD::OverrideWatermark; #endif LOG_DBG("Setting username [" << LOOLWSD::anonymizeUsername(username) << "] and userId [" << - LOOLWSD::anonymizeUsername(userid) << "] for session [" << sessionId << "]"); - session->setUserId(userid); + LOOLWSD::anonymizeUsername(userId) << "] for session [" << sessionId << "]"); + + session->setUserId(userId); session->setUserName(username); session->setUserExtraInfo(userExtraInfo); session->setWatermarkText(watermarkText); @@ -1047,7 +1050,7 @@ size_t DocumentBroker::addSessionInternal(const std::shared_ptr<ClientSession>& const auto id = session->getId(); // Request a new session from the child kit. - const std::string aMessage = "session " + id + ' ' + _docKey + ' ' + _docId; + const std::string aMessage = "session " + id + ' ' + _docKey + ' ' + _docId + ' ' + LOOLWSD::ObfuscatedUserId; _childProcess->sendTextFrame(aMessage); // Tell the admin console about this new doc diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index 6bfaa9305..e05134068 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -589,6 +589,7 @@ std::string LOOLWSD::ConfigDir = LOOLWSD_CONFIGDIR "/conf.d"; std::string LOOLWSD::LogLevel = "trace"; bool LOOLWSD::AnonymizeFilenames = false; bool LOOLWSD::AnonymizeUsernames = false; +std::string LOOLWSD::ObfuscatedUserId; Util::RuntimeConstant<bool> LOOLWSD::SSLEnabled; Util::RuntimeConstant<bool> LOOLWSD::SSLTermination; std::set<std::string> LOOLWSD::EditFileExtensions; @@ -767,14 +768,16 @@ void LOOLWSD::initialize(Application& self) #else AnonymizeUsernames = getConfigValue<bool>(conf, "logging.anonymize.usernames", false); #endif - setenv("LOOL_ANONYMIZE_USERNAMES", AnonymizeUsernames ? "1" : "0", true); + if (AnonymizeUsernames) + setenv("LOOL_ANONYMIZE_USERNAMES", AnonymizeUsernames ? "1" : "0", true); #if LOOLWSD_ANONYMIZE_FILENAMES AnonymizeFilenames = true; #else AnonymizeFilenames = getConfigValue<bool>(conf, "logging.anonymize.filenames", false); #endif - setenv("LOOL_ANONYMIZE_FILENAMES", AnonymizeFilenames ? "1" : "0", true); + if (AnonymizeFilenames) + setenv("LOOL_ANONYMIZE_FILENAMES", AnonymizeFilenames ? "1" : "0", true); if (AnonymizeFilenames || AnonymizeUsernames) { diff --git a/wsd/LOOLWSD.hpp b/wsd/LOOLWSD.hpp index 85dd87a10..d3c026375 100644 --- a/wsd/LOOLWSD.hpp +++ b/wsd/LOOLWSD.hpp @@ -61,6 +61,7 @@ public: static std::string LogLevel; static bool AnonymizeFilenames; static bool AnonymizeUsernames; + static std::string ObfuscatedUserId; static std::atomic<unsigned> NumConnections; static bool TileCachePersistent; static std::unique_ptr<TraceFileWriter> TraceDumper; @@ -150,10 +151,14 @@ public: return AnonymizeFilenames ? Util::anonymizeUrl(url) : url; } - /// Anonymize usernames. + /// Anonymize user names and IDs. + /// Will use the Obfuscated User ID if one is provied via WOPI. static std::string anonymizeUsername(const std::string& username) { - return AnonymizeUsernames ? Util::anonymize(username) : username; + if (AnonymizeUsernames) + return !ObfuscatedUserId.empty() ? ObfuscatedUserId : Util::anonymize(username); + + return username; } protected: diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp index b07c0d910..1b8c2fa7b 100644 --- a/wsd/Storage.cpp +++ b/wsd/Storage.cpp @@ -443,6 +443,7 @@ std::unique_ptr<WopiStorage::WOPIFileInfo> WopiStorage::getWOPIFileInfo(const Au std::string ownerId; std::string userId; std::string userName; + std::string obfuscatedUserId; std::string userExtraInfo; std::string watermarkText; bool canWrite = false; @@ -469,12 +470,15 @@ std::unique_ptr<WopiStorage::WOPIFileInfo> WopiStorage::getWOPIFileInfo(const Au // Anonymize key values. if (LOOLWSD::AnonymizeFilenames || LOOLWSD::AnonymizeUsernames) { + JsonUtil::findJSONValue(object, "ObfuscatedUserId", obfuscatedUserId, false); + // Set anonymized version of the above fields before logging. // Note: anonymization caches the result, so we don't need to store here. if (LOOLWSD::AnonymizeFilenames) object->set("BaseFileName", LOOLWSD::anonymizeUrl(filename)); - if (LOOLWSD::AnonymizeUsernames) + // If obfuscatedUserId is provided, then don't log the originals and use it. + if (LOOLWSD::AnonymizeUsernames && obfuscatedUserId.empty()) { object->set("OwnerId", LOOLWSD::anonymizeUsername(ownerId)); object->set("UserId", LOOLWSD::anonymizeUsername(userId)); @@ -486,6 +490,8 @@ std::unique_ptr<WopiStorage::WOPIFileInfo> WopiStorage::getWOPIFileInfo(const Au wopiResponse = oss.str(); // Remove them for performance reasons; they aren't needed anymore. + object->remove("ObfuscatedUserId"); + if (LOOLWSD::AnonymizeFilenames) object->remove("BaseFileName"); @@ -529,7 +535,7 @@ std::unique_ptr<WopiStorage::WOPIFileInfo> WopiStorage::getWOPIFileInfo(const Au const Poco::Timestamp modifiedTime = iso8601ToTimestamp(lastModifiedTime, "LastModifiedTime"); _fileInfo = FileInfo({filename, ownerId, modifiedTime, size}); - return std::unique_ptr<WopiStorage::WOPIFileInfo>(new WOPIFileInfo({userId, userName, userExtraInfo, watermarkText, canWrite, postMessageOrigin, hidePrintOption, hideSaveOption, hideExportOption, enableOwnerTermination, disablePrint, disableExport, disableCopy, disableInactiveMessages, userCanNotWriteRelative, callDuration})); + return std::unique_ptr<WopiStorage::WOPIFileInfo>(new WOPIFileInfo({userId, obfuscatedUserId, userName, userExtraInfo, watermarkText, canWrite, postMessageOrigin, hidePrintOption, hideSaveOption, hideExportOption, enableOwnerTermination, disablePrint, disableExport, disableCopy, disableInactiveMessages, userCanNotWriteRelative, callDuration})); } /// uri format: http://server/<...>/wopi*/files/<id>/content diff --git a/wsd/Storage.hpp b/wsd/Storage.hpp index e939478cf..e2d830015 100644 --- a/wsd/Storage.hpp +++ b/wsd/Storage.hpp @@ -218,14 +218,14 @@ public: class LocalFileInfo { public: - LocalFileInfo(const std::string& userid, + LocalFileInfo(const std::string& userId, const std::string& username) - : _userid(userid), + : _userId(userId), _username(username) { } - std::string _userid; + std::string _userId; std::string _username; }; @@ -261,7 +261,8 @@ public: class WOPIFileInfo { public: - WOPIFileInfo(const std::string& userid, + WOPIFileInfo(const std::string& userId, + const std::string& obfuscatedUserId, const std::string& username, const std::string& userExtraInfo, const std::string& watermarkText, @@ -277,7 +278,8 @@ public: const bool disableInactiveMessages, const bool userCanNotWriteRelative, const std::chrono::duration<double> callDuration) - : _userid(userid), + : _userId(userId), + _obfuscatedUserId(obfuscatedUserId), _username(username), _watermarkText(watermarkText), _userCanWrite(userCanWrite), @@ -297,7 +299,9 @@ public: } /// User id of the user accessing the file - std::string _userid; + std::string _userId; + /// Obfuscated User id used for logging the UserId. + std::string _obfuscatedUserId; /// Display Name of user accessing the file std::string _username; /// Extra info per user, typically mail and other links, as json. _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits