[Libreoffice-commits] online.git: Branch 'distro/collabora/collabora-online-1-0' - 2 commits - loolwsd/FileServer.hpp loolwsd/LOOLWSD.cpp loolwsd/LOOLWSD.hpp loolwsd/loolwsd.xml.in loolwsd/Makefile.am loolwsd/Storage.cpp loolwsd/Util.hpp
Jan Holesovsky
kendy at collabora.com
Thu Jul 21 10:44:35 UTC 2016
loolwsd/FileServer.hpp | 2
loolwsd/LOOLWSD.cpp | 107 ++++++++++++++++++++++++++++++++++++++-----------
loolwsd/LOOLWSD.hpp | 42 ++++++++++++++++---
loolwsd/Makefile.am | 4 -
loolwsd/Storage.cpp | 45 ++++++++++----------
loolwsd/Util.hpp | 34 +++++++++++++++
loolwsd/loolwsd.xml.in | 1
7 files changed, 179 insertions(+), 56 deletions(-)
New commits:
commit 16726faf07c7d7484435dabce39449f27c53608c
Author: Jan Holesovsky <kendy at collabora.com>
Date: Tue Jul 19 11:07:07 2016 +0200
Setting the RuntimeConstant in production should not throw.
It is very bad, but let's not get the production env. down by that.
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index 61c3aba..e5853dc 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -1237,7 +1237,7 @@ std::string LOOLWSD::ChildRoot;
std::string LOOLWSD::ServerName;
std::string LOOLWSD::FileServerRoot;
std::string LOOLWSD::LOKitVersion;
-Util::RuntimeCostant<bool> LOOLWSD::SSLEnabled;
+Util::RuntimeConstant<bool> LOOLWSD::SSLEnabled;
static std::string UnitTestLibrary;
diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp
index 3a0fda6..ff282d6 100644
--- a/loolwsd/LOOLWSD.hpp
+++ b/loolwsd/LOOLWSD.hpp
@@ -66,7 +66,7 @@ protected:
int main(const std::vector<std::string>& args) override;
private:
- static Util::RuntimeCostant<bool> SSLEnabled;
+ static Util::RuntimeConstant<bool> SSLEnabled;
void initializeSSL();
void displayHelp();
diff --git a/loolwsd/Util.hpp b/loolwsd/Util.hpp
index 3f1955c..364f913 100644
--- a/loolwsd/Util.hpp
+++ b/loolwsd/Util.hpp
@@ -194,13 +194,13 @@ namespace Util
};
template<typename T>
- class RuntimeCostant
+ class RuntimeConstant
{
T mValue;
bool mInitialized;
public:
- RuntimeCostant()
+ RuntimeConstant()
: mValue()
, mInitialized(false)
{}
@@ -213,21 +213,16 @@ namespace Util
}
else
{
- throw std::runtime_error("RuntimeCostant instance read before being initialized.");
+ throw std::runtime_error("RuntimeConstant instance read before being initialized.");
}
}
void set(const T& value)
{
- if(mInitialized)
- {
- throw std::runtime_error("RuntimeCostant instance already initialized.");
- }
- else
- {
- mInitialized = true;
- mValue = value;
- }
+ assert(!mInitialized);
+
+ mInitialized = true;
+ mValue = value;
}
};
} // end namespace Util
commit 9f0a4b610843c1894846117dc2e46ea97dd3ce3c
Author: Marco Cecchetti <marco.cecchetti at collabora.com>
Date: Mon Jul 18 13:45:36 2016 +0200
loolwsd: SSL support can be enabled/disabled on server start
SSL support is enabled by default, it can be disabled by passing the
`--disable-ssl` switch on the command line or by setting `ssl.enable`
property in loolwsd.xml config file.
It is still possible to build loolwsd with no SSL support at all.
Change-Id: I00f952edc64f87f61505af44fdc2a715780dc44c
diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp
index 7c19e10..874db99 100644
--- a/loolwsd/FileServer.hpp
+++ b/loolwsd/FileServer.hpp
@@ -217,7 +217,7 @@ private:
{
HTMLForm form(request, request.stream());
- const auto host = (LOOLWSD::SSLEnabled ? "wss://" : "ws://") + (LOOLWSD::ServerName.empty() ? request.getHost() : LOOLWSD::ServerName);
+ const auto host = (LOOLWSD::isSSLEnabled() ? "wss://" : "ws://") + (LOOLWSD::ServerName.empty() ? request.getHost() : LOOLWSD::ServerName);
const auto path = Poco::Path(LOOLWSD::FileServerRoot, getRequestPathname(request));
Log::debug("Preprocessing file: " + path.toString());
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index bb6340a..61c3aba 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -9,6 +9,16 @@
#include "config.h"
+/* Default host used in the start test URI */
+#define LOOLWSD_TEST_HOST "localhost"
+
+/* Default loleaflet UI used in the start test URI */
+#define LOOLWSD_TEST_LOLEAFLET_UI "/loleaflet/" LOOLWSD_VERSION_HASH "/loleaflet.html"
+
+/* Default document used in the start test URI */
+#define LOOLWSD_TEST_DOCUMENT_RELATIVE_PATH "test/data/hello-world.odt"
+
+
// This is the main source for the loolwsd program. LOOL uses several loolwsd processes: one main
// parent process that listens on the TCP port and accepts connections from LOOL clients, and a
// number of child processes, each which handles a viewing (editing) session for one document.
@@ -772,7 +782,7 @@ private:
const std::string urlsrc = "urlsrc";
const auto& config = Application::instance().config();
const std::string loleafletHtml = config.getString("loleaflet_html", "loleaflet.html");
- const std::string uriValue = (LOOLWSD::SSLEnabled ? "https://" : "http://") +
+ const std::string uriValue = (LOOLWSD::isSSLEnabled() ? "https://" : "http://") +
(LOOLWSD::ServerName.empty() ? request.getHost() : LOOLWSD::ServerName) +
"/loleaflet/" LOOLWSD_VERSION_HASH "/" + loleafletHtml + "?";
@@ -1189,6 +1199,35 @@ public:
}
};
+namespace {
+
+static inline
+ServerSocket* lcl_getServerSocket(int nClientPortNumber)
+{
+ return (LOOLWSD::isSSLEnabled()) ? new SecureServerSocket(nClientPortNumber)
+ : new ServerSocket(nClientPortNumber);
+}
+
+static inline
+std::string lcl_getLaunchURI()
+{
+ std::string aAbsTopSrcDir = Poco::Path(Application::instance().commandPath()).parent().toString();
+ aAbsTopSrcDir = Poco::Path(aAbsTopSrcDir).absolute().toString();
+
+ std::string aLaunchURI(" ");
+ aLaunchURI += ((LOOLWSD::isSSLEnabled()) ? "https://" : "http://");
+ aLaunchURI += LOOLWSD_TEST_HOST ":";
+ aLaunchURI += std::to_string(ClientPortNumber);
+ aLaunchURI += LOOLWSD_TEST_LOLEAFLET_UI;
+ aLaunchURI += "?file_path=file://";
+ aLaunchURI += aAbsTopSrcDir;
+ aLaunchURI += LOOLWSD_TEST_DOCUMENT_RELATIVE_PATH;
+
+ return aLaunchURI;
+}
+
+} // anonymous namespace
+
std::atomic<unsigned> LOOLWSD::NextSessionId;
int LOOLWSD::ForKitWritePipe = -1;
std::string LOOLWSD::Cache = LOOLWSD_CACHEDIR;
@@ -1198,12 +1237,8 @@ std::string LOOLWSD::ChildRoot;
std::string LOOLWSD::ServerName;
std::string LOOLWSD::FileServerRoot;
std::string LOOLWSD::LOKitVersion;
-bool LOOLWSD::SSLEnabled =
-#if ENABLE_SSL
- true;
-#else
- false;
-#endif
+Util::RuntimeCostant<bool> LOOLWSD::SSLEnabled;
+
static std::string UnitTestLibrary;
unsigned int LOOLWSD::NumPreSpawnedChildren = 0;
@@ -1261,6 +1296,7 @@ void LOOLWSD::initialize(Application& self)
{ "loleaflet_html", "loleaflet.html" },
{ "logging.color", "true" },
{ "logging.level", "trace" },
+ { "ssl.enable", "true" },
{ "ssl.cert_file_path", LOOLWSD_CONFIGDIR "/cert.pem" },
{ "ssl.key_file_path", LOOLWSD_CONFIGDIR "/key.pem" },
{ "ssl.ca_file_path", LOOLWSD_CONFIGDIR "/ca-chain.cert.pem" },
@@ -1291,20 +1327,38 @@ void LOOLWSD::initialize(Application& self)
// Allow UT to manipulate before using configuration values.
UnitWSD::get().configure(config());
+#if ENABLE_SSL
+ LOOLWSD::SSLEnabled.set(getConfigValue<bool>(conf, "ssl.enable", true));
+#else
+ LOOLWSD::SSLEnabled.set(false);
+#endif
+
+ if (LOOLWSD::isSSLEnabled())
+ {
+ Log::info("SSL support: SSL is enabled.");
+ }
+ else
+ {
+ Log::warn("SSL support: SSL is disabled.");
+ }
+
Cache = getPathFromConfig("tile_cache_path");
SysTemplate = getPathFromConfig("sys_template_path");
LoTemplate = getPathFromConfig("lo_template_path");
ChildRoot = getPathFromConfig("child_root_path");
ServerName = config().getString("server_name");
FileServerRoot = getPathFromConfig("file_server_root_path");
- NumPreSpawnedChildren = getUIntConfigValue(conf, "num_prespawn_children", 1);
+ NumPreSpawnedChildren = getConfigValue<unsigned int>(conf, "num_prespawn_children", 1);
- const auto maxConcurrency = getUIntConfigValue(conf, "per_document.max_concurrency", 4);
+ const auto maxConcurrency = getConfigValue<unsigned int>(conf, "per_document.max_concurrency", 4);
if (maxConcurrency > 0)
{
setenv("MAX_CONCURRENCY", std::to_string(maxConcurrency).c_str(), 1);
}
+ Log::warn("Launch this in your browser:");
+ Log::warn(lcl_getLaunchURI());
+
// In Trial Versions we might want to set some limits.
LOOLWSD::NumDocBrokers = 0;
LOOLWSD::NumConnections = 0;
@@ -1321,9 +1375,13 @@ void LOOLWSD::initialize(Application& self)
ServerApplication::initialize(self);
}
-#if ENABLE_SSL
void LOOLWSD::initializeSSL()
{
+ if (!LOOLWSD::isSSLEnabled())
+ {
+ return;
+ }
+
const auto ssl_cert_file_path = getPathFromConfig("ssl.cert_file_path");
Log::info("SSL Cert file: " + ssl_cert_file_path);
@@ -1360,7 +1418,6 @@ void LOOLWSD::initializeSSL()
Poco::Net::Context::Ptr sslClientContext = new Poco::Net::Context(Poco::Net::Context::CLIENT_USE, sslClientParams);
Poco::Net::SSLManager::instance().initializeClient(consoleClientHandler, invalidClientCertHandler, sslClientContext);
}
-#endif
void LOOLWSD::uninitialize()
{
@@ -1385,6 +1442,10 @@ void LOOLWSD::defineOptions(OptionSet& optionSet)
.repeatable(false)
.argument("port number"));
+ optionSet.addOption(Option("disable-ssl", "", "Disable SSL security layer.")
+ .required(false)
+ .repeatable(false));
+
optionSet.addOption(Option("override", "o", "Override any setting by providing fullxmlpath=value.")
.required(false)
.repeatable(true)
@@ -1421,6 +1482,8 @@ void LOOLWSD::handleOption(const std::string& optionName,
DisplayVersion = true;
else if (optionName == "port")
ClientPortNumber = std::stoi(value);
+ else if (optionName == "disable-ssl")
+ _overrideSettings["ssl.enable"] = "false";
else if (optionName == "override")
{
std::string optName;
@@ -1495,9 +1558,7 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
std::cout << "loolwsd " << version << " - " << hash << std::endl;
}
-#if ENABLE_SSL
initializeSSL();
-#endif
char *locale = setlocale(LC_ALL, nullptr);
if (locale == nullptr || std::strcmp(locale, "C") == 0)
@@ -1567,13 +1628,11 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
params2->setMaxThreads(MAX_SESSIONS);
// Start a server listening on the port for clients
-#if ENABLE_SSL
- SecureServerSocket svs(ClientPortNumber);
-#else
- ServerSocket svs(ClientPortNumber);
-#endif
+
+ std::unique_ptr<ServerSocket> psvs(lcl_getServerSocket(ClientPortNumber));
+
ThreadPool threadPool(NumPreSpawnedChildren*6, MAX_SESSIONS * 2);
- HTTPServer srv(new ClientRequestHandlerFactory(fileServer), threadPool, svs, params1);
+ HTTPServer srv(new ClientRequestHandlerFactory(fileServer), threadPool, *psvs, params1);
Log::info("Starting master server listening on " + std::to_string(ClientPortNumber));
srv.start();
@@ -1739,10 +1798,12 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
Util::removeFile(path, true);
}
-#if ENABLE_SSL
- Poco::Net::uninitializeSSL();
- Poco::Crypto::uninitializeCrypto();
-#endif
+ if (LOOLWSD::isSSLEnabled())
+ {
+ Poco::Net::uninitializeSSL();
+ Poco::Crypto::uninitializeCrypto();
+ }
+
Log::info("Process [loolwsd] finished.");
diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp
index b750bda..3a0fda6 100644
--- a/loolwsd/LOOLWSD.hpp
+++ b/loolwsd/LOOLWSD.hpp
@@ -43,7 +43,6 @@ public:
static std::string ServerName;
static std::string FileServerRoot;
static std::string LOKitVersion;
- static bool SSLEnabled;
static std::atomic<unsigned> NumDocBrokers;
static std::atomic<unsigned> NumConnections;
@@ -53,6 +52,12 @@ public:
return Util::encodeId(++NextSessionId, 4);
}
+ static
+ bool isSSLEnabled()
+ {
+ return LOOLWSD::SSLEnabled.get();
+ }
+
protected:
void initialize(Poco::Util::Application& self) override;
void uninitialize() override;
@@ -61,16 +66,37 @@ protected:
int main(const std::vector<std::string>& args) override;
private:
+ static Util::RuntimeCostant<bool> SSLEnabled;
+
void initializeSSL();
void displayHelp();
Poco::Process::PID createForKit();
+
+ class ConfigValueGetter
+ {
+ Poco::Util::LayeredConfiguration& mconfig;
+ const std::string& mname;
+
+ public:
+ ConfigValueGetter(Poco::Util::LayeredConfiguration& config,
+ const std::string& name)
+ : mconfig(config)
+ , mname(name)
+ {}
+
+ void operator()(unsigned int& value) { value = mconfig.getUInt(mname); }
+ void operator()(bool& value) { value = mconfig.getBool(mname); }
+ };
+
+ template<typename T>
static
- bool getSafeUIntConfig(Poco::Util::LayeredConfiguration& config, const std::string& name, unsigned int& value)
+ bool getSafeConfig(Poco::Util::LayeredConfiguration& config,
+ const std::string& name, T& value)
{
try
{
- value = config.getUInt(name);
+ ConfigValueGetter(config, name)(value);
return true;
}
catch (Poco::SyntaxException)
@@ -80,12 +106,14 @@ private:
return false;
}
+ template<typename T>
static
- unsigned int getUIntConfigValue(Poco::Util::LayeredConfiguration& config, const std::string& name, const unsigned int def)
+ T getConfigValue(Poco::Util::LayeredConfiguration& config,
+ const std::string& name, const T def)
{
- unsigned int value = def;
- if (getSafeUIntConfig(config, name, value) ||
- getSafeUIntConfig(config, name + "[@default]", value))
+ T value = def;
+ if (getSafeConfig(config, name, value) ||
+ getSafeConfig(config, name + "[@default]", value))
{
return value;
}
diff --git a/loolwsd/Makefile.am b/loolwsd/Makefile.am
index 896c6cb..85081d1 100644
--- a/loolwsd/Makefile.am
+++ b/loolwsd/Makefile.am
@@ -135,10 +135,8 @@ clean-local:
if test "z at SYSTEMPLATE_PATH@" != "z"; then rm -rf "@SYSTEMPLATE_PATH@"; fi
run: all @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
- @echo "Launching loolwsd - launch this in your browser:"
+ @echo "Launching loolwsd"
@cp $(abs_top_srcdir)/test/data/hello.odt $(abs_top_srcdir)/test/data/hello-world.odt
- @PROTOCOL="http" ; if test "z at ENABLE_SSL@" != "z"; then PROTOCOL="https" ; fi ; \
- echo " $$PROTOCOL://localhost:9980/loleaflet/@LOOLWSD_VERSION_HASH@/loleaflet.html?file_path=file://$(abs_top_srcdir)/test/data/hello-world.odt"
@echo
./loolwsd --o:sys_template_path="@SYSTEMPLATE_PATH@" --o:lo_template_path="@LO_PATH@" \
--o:child_root_path="@JAILS_PATH@" --o:storage.filesystem[@allow]=true \
diff --git a/loolwsd/Storage.cpp b/loolwsd/Storage.cpp
index d86c71f..3fc75b7 100644
--- a/loolwsd/Storage.cpp
+++ b/loolwsd/Storage.cpp
@@ -27,6 +27,7 @@
#include "Auth.hpp"
#include "Common.hpp"
#include "Exceptions.hpp"
+#include "LOOLWSD.hpp"
#include "Storage.hpp"
#include "Util.hpp"
#include "Unit.hpp"
@@ -235,6 +236,17 @@ bool LocalStorage::saveLocalFileToStorage()
return true;
}
+namespace {
+
+static inline
+Poco::Net::HTTPClientSession* lcl_getHTTPClientSession(const Poco::URI& uri)
+{
+ return (LOOLWSD::isSSLEnabled()) ? new Poco::Net::HTTPSClientSession(uri.getHost(), uri.getPort(), Poco::Net::SSLManager::instance().defaultClientContext())
+ : new Poco::Net::HTTPClientSession(uri.getHost(), uri.getPort());
+}
+
+} // anonymous namespace
+
///////////////////
// WopiStorage Impl
///////////////////
@@ -242,17 +254,14 @@ StorageBase::FileInfo WopiStorage::getFileInfo(const Poco::URI& uri)
{
Log::debug("Getting info for wopi uri [" + uri.toString() + "].");
-#if ENABLE_SSL
- Poco::Net::HTTPSClientSession session(uri.getHost(), uri.getPort(), Poco::Net::SSLManager::instance().defaultClientContext());
-#else
- Poco::Net::HTTPClientSession session(uri.getHost(), uri.getPort());
-#endif
+ std::unique_ptr<Poco::Net::HTTPClientSession> psession(lcl_getHTTPClientSession(uri));
+
Poco::Net::HTTPRequest request(Poco::Net::HTTPRequest::HTTP_GET, uri.getPathAndQuery(), Poco::Net::HTTPMessage::HTTP_1_1);
request.set("User-Agent", "LOOLWSD WOPI Agent");
- session.sendRequest(request);
+ psession->sendRequest(request);
Poco::Net::HTTPResponse response;
- std::istream& rs = session.receiveResponse(response);
+ std::istream& rs = psession->receiveResponse(response);
auto logger = Log::trace();
logger << "WOPI::CheckFileInfo header for URI [" << uri.toString() << "]:\n";
@@ -302,17 +311,14 @@ std::string WopiStorage::loadStorageFileToLocal()
const auto url = uriObject.getPath() + "/contents?" + uriObject.getQuery();
Log::debug("Wopi requesting: " + url);
-#if ENABLE_SSL
- Poco::Net::HTTPSClientSession session(uriObject.getHost(), uriObject.getPort(), Poco::Net::SSLManager::instance().defaultClientContext());
-#else
- Poco::Net::HTTPClientSession session(uriObject.getHost(), uriObject.getPort());
-#endif
+ std::unique_ptr<Poco::Net::HTTPClientSession> psession(lcl_getHTTPClientSession(uriObject));
+
Poco::Net::HTTPRequest request(Poco::Net::HTTPRequest::HTTP_GET, url, Poco::Net::HTTPMessage::HTTP_1_1);
request.set("User-Agent", "LOOLWSD WOPI Agent");
- session.sendRequest(request);
+ psession->sendRequest(request);
Poco::Net::HTTPResponse response;
- std::istream& rs = session.receiveResponse(response);
+ std::istream& rs = psession->receiveResponse(response);
auto logger = Log::trace();
logger << "WOPI::GetFile header for URI [" << _uri << "]:\n";
@@ -347,22 +353,19 @@ bool WopiStorage::saveLocalFileToStorage()
const auto url = uriObject.getPath() + "/contents?" + uriObject.getQuery();
Log::debug("Wopi posting: " + url);
-#if ENABLE_SSL
- Poco::Net::HTTPSClientSession session(uriObject.getHost(), uriObject.getPort(), Poco::Net::SSLManager::instance().defaultClientContext());
-#else
- Poco::Net::HTTPClientSession session(uriObject.getHost(), uriObject.getPort());
-#endif
+ std::unique_ptr<Poco::Net::HTTPClientSession> psession(lcl_getHTTPClientSession(uriObject));
+
Poco::Net::HTTPRequest request(Poco::Net::HTTPRequest::HTTP_POST, url, Poco::Net::HTTPMessage::HTTP_1_1);
request.set("X-WOPIOverride", "PUT");
request.setContentType("application/octet-stream");
request.setContentLength(size);
- std::ostream& os = session.sendRequest(request);
+ std::ostream& os = psession->sendRequest(request);
std::ifstream ifs(_jailedFilePath);
Poco::StreamCopier::copyStream(ifs, os);
Poco::Net::HTTPResponse response;
- std::istream& rs = session.receiveResponse(response);
+ std::istream& rs = psession->receiveResponse(response);
std::ostringstream oss;
Poco::StreamCopier::copyStream(rs, oss);
diff --git a/loolwsd/Util.hpp b/loolwsd/Util.hpp
index b323eb7..3f1955c 100644
--- a/loolwsd/Util.hpp
+++ b/loolwsd/Util.hpp
@@ -193,7 +193,44 @@ namespace Util
std::set<std::string> _denied;
};
-};
+ template<typename T>
+ class RuntimeCostant
+ {
+ T mValue;
+ bool mInitialized;
+
+ public:
+ RuntimeCostant()
+ : mValue()
+ , mInitialized(false)
+ {}
+
+ const T& get()
+ {
+ if(mInitialized)
+ {
+ return mValue;
+ }
+ else
+ {
+ throw std::runtime_error("RuntimeCostant instance read before being initialized.");
+ }
+ }
+
+ void set(const T& value)
+ {
+ if(mInitialized)
+ {
+ throw std::runtime_error("RuntimeCostant instance already initialized.");
+ }
+ else
+ {
+ mInitialized = true;
+ mValue = value;
+ }
+ }
+ };
+} // end namespace Util
#endif
diff --git a/loolwsd/loolwsd.xml.in b/loolwsd/loolwsd.xml.in
index b3251e4..6366dd6 100644
--- a/loolwsd/loolwsd.xml.in
+++ b/loolwsd/loolwsd.xml.in
@@ -26,6 +26,7 @@
</logging>
<ssl desc="SSL settings">
+ <enable type="bool" default="true">true</enable>
<cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
More information about the Libreoffice-commits
mailing list