[Libreoffice-commits] online.git: loolwsd/loolwsd.xml.in loolwsd/Storage.cpp loolwsd/Storage.hpp
Ashod Nakashian
ashod.nakashian at collabora.co.uk
Tue Apr 19 01:42:09 UTC 2016
loolwsd/Storage.cpp | 19 ++++++-------------
loolwsd/Storage.hpp | 4 ++--
loolwsd/loolwsd.xml.in | 4 +++-
3 files changed, 11 insertions(+), 16 deletions(-)
New commits:
commit 23003c455c5ecc0d4c882fdc66a3ea2bcd993b53
Author: Ashod Nakashian <ashod.nakashian at collabora.co.uk>
Date: Mon Apr 18 21:13:17 2016 -0400
bccu#1696 - enable WOPI connection from the same host by default
Since auto-discovery is problematic, this patch implements
support for both regex patterned hostnames/IPs to allow,
and those to block/deny.
A hostname/IP must be both allowed, and not denied, to
be accepted.
By setting ranges of allowed hostnames/IPs, and others
to block/deny, an admin can configure Online with
great flexibility.
Defaults updated with same values, but not exhaustive.
Change-Id: Iedfcafe41d07d905b549fb450c3fe625ad44599e
Reviewed-on: https://gerrit.libreoffice.org/24233
Reviewed-by: Ashod Nakashian <ashnakash at gmail.com>
Tested-by: Ashod Nakashian <ashnakash at gmail.com>
diff --git a/loolwsd/Storage.cpp b/loolwsd/Storage.cpp
index 2e227b5..309748d 100644
--- a/loolwsd/Storage.cpp
+++ b/loolwsd/Storage.cpp
@@ -34,7 +34,7 @@
///////////////////
bool StorageBase::_filesystemEnabled;
bool StorageBase::_wopiEnabled;
-std::set<std::string> StorageBase::_wopiHosts;
+Util::RegexListMatcher StorageBase::_wopiHosts;
std::string StorageBase::getLocalRootPath() const
{
@@ -76,16 +76,12 @@ void StorageBase::initialize()
if (app.config().getBool(path + "[@allow]", false))
{
Log::info("Adding trusted WOPI host: [" + host + "].");
- _wopiHosts.insert(host);
+ _wopiHosts.allow(host);
}
else
{
- if (_wopiHosts.find(host) != _wopiHosts.end())
- {
- Log::warn("Configuration of WOPI trusted hosts contains conflicting duplicates.");
- }
-
- _wopiHosts.erase(host);
+ Log::info("Adding blocked WOPI host: [" + host + "].");
+ _wopiHosts.deny(host);
}
}
else if (!app.config().has(path))
@@ -118,12 +114,9 @@ std::unique_ptr<StorageBase> StorageBase::create(const std::string& jailRoot, co
{
Log::info("Public URI [" + uri.toString() + "] considered WOPI.");
const auto targetHost = uri.getHost();
- for (const auto& acceptedHost : _wopiHosts)
+ if (_wopiHosts.match(targetHost))
{
- if (targetHost == acceptedHost)
- {
- return std::unique_ptr<StorageBase>(new WopiStorage(jailRoot, jailPath, uri.toString()));
- }
+ return std::unique_ptr<StorageBase>(new WopiStorage(jailRoot, jailPath, uri.toString()));
}
Log::error("No acceptable WOPI hosts found matching the target host [" + targetHost + "] in config.");
diff --git a/loolwsd/Storage.hpp b/loolwsd/Storage.hpp
index 7114269..564663c 100644
--- a/loolwsd/Storage.hpp
+++ b/loolwsd/Storage.hpp
@@ -87,8 +87,8 @@ protected:
static bool _filesystemEnabled;
static bool _wopiEnabled;
- /// Allowed/trusted WOPI hosts, if any and if WOPI is enabled.
- static std::set<std::string> _wopiHosts;
+ /// Allowed/denied WOPI hosts, if any and if WOPI is enabled.
+ static Util::RegexListMatcher _wopiHosts;
};
/// Trivial implementation of local storage that does not need do anything.
diff --git a/loolwsd/loolwsd.xml.in b/loolwsd/loolwsd.xml.in
index 86aa0cb..59dd0bb 100644
--- a/loolwsd/loolwsd.xml.in
+++ b/loolwsd/loolwsd.xml.in
@@ -25,7 +25,9 @@
<storage desc="Backend storage">
<filesystem allow="false" />
<wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
- <host desc="Hostname to allow" allow="true">localhost</host>
+ <host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
+ <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
+ <host desc="Regex pattern of hostname to allow or deny." allow="deny">192\.168\.1\.1</host>
<max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
</wopi>
<webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false">
More information about the Libreoffice-commits
mailing list