[Libreoffice-commits] online.git: Branch 'distro/collabora/collabora-online-2-1' - configure.ac tools/Config.cpp wsd/FileServer.cpp
Andras Timar
andras.timar at collabora.com
Tue Jul 11 09:18:24 UTC 2017
configure.ac | 12 ++++++++++++
tools/Config.cpp | 5 +++++
wsd/FileServer.cpp | 7 +++++++
3 files changed, 24 insertions(+)
New commits:
commit c2b056cdde9c8645a8b2201d2d329414c80ce454
Author: Andras Timar <andras.timar at collabora.com>
Date: Mon Jul 10 18:22:05 2017 +0200
wsd: fix compilation with old OpenSSL that does not have PKCS5_PBKDF2_HMAC()
Change-Id: If48641f6cbcc4d4ded78ea5cc9c9f66063a2ac0a
Reviewed-on: https://gerrit.libreoffice.org/39779
Reviewed-by: Michael Meeks <michael.meeks at collabora.com>
Tested-by: Michael Meeks <michael.meeks at collabora.com>
diff --git a/configure.ac b/configure.ac
index 54b48669..f187e78a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -280,6 +280,18 @@ else
AC_DEFINE([DISABLE_SECCOMP],1,[Whether to disable SECCOMP])
fi
+AC_MSG_CHECKING([Whether OpenSSL has PKCS5_PBKDF2_HMAC()])
+AC_COMPILE_IFELSE([AC_LANG_SOURCE([
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x10001000L
+#error PKCS5_PBKDF2_HMAC() is in OpenSSL 1.0.1 or newer
+#endif
+])],
+ [AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_PKCS5_PBKDF2_HMAC],1,[whether OpenSSL has PKCS5_PBKDF2_HMAC()])],
+ [AC_MSG_RESULT([no])
+ AC_MSG_WARN([OpenSSL is too old. Secure password storage for Admin Console is not supported.])
+ AC_DEFINE([HAVE_PKCS5_PBKDF2_HMAC],0,[Whether OpenSSL has PKCS5_PBKDF2_HMAC()])])
AC_MSG_CHECKING([POCO version])
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
diff --git a/tools/Config.cpp b/tools/Config.cpp
index 1692453d..e51681a8 100644
--- a/tools/Config.cpp
+++ b/tools/Config.cpp
@@ -154,6 +154,7 @@ int Config::main(const std::vector<std::string>& args)
return Application::EXIT_NOINPUT;
}
+#if HAVE_PKCS5_PBKDF2_HMAC
_loolConfig.load(ConfigFile);
for (unsigned i = 0; i < args.size(); i++) {
@@ -222,6 +223,10 @@ int Config::main(const std::vector<std::string>& args)
// This tool only handles options, nothing to do here
return Application::EXIT_OK;
+#else
+ std::cerr << "This application was compiled with old OpenSSL. Operation not supported. You can use plain text password in /etc/loolwsd/loolwsd.xml." << std::endl;
+ return Application::EXIT_UNAVAILABLE;
+#endif
}
POCO_APP_MAIN(Config);
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index b8609823..0f5fb0aa 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -80,8 +80,10 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request,
// If no cookie found, or is invalid, let admin re-login
const std::string user = config.getString("admin_console.username", "");
std::string pass = config.getString("admin_console.password", "");
+
if (config.has("admin_console.secure_password"))
{
+#if HAVE_PKCS5_PBKDF2_HMAC
pass = config.getString("admin_console.secure_password");
// Extract the salt from the config
std::vector<unsigned char> saltData;
@@ -110,6 +112,11 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request,
userProvidedPwd = stream.str();
pass = tokens[4];
+#else
+ LOG_ERR("The config file has admin_console.secure_password setting, "
+ << "but this application was compiled with old OpenSSL version, "
+ << "and this setting cannot be used. Falling back to plain text password, if it is set.");
+#endif
}
if (user.empty() || pass.empty())
More information about the Libreoffice-commits
mailing list