[Libreoffice-commits] online.git: Branch 'libreoffice-6-1' - 6 commits - configure.ac loolwsd-systemplate-setup loolwsd.xml.in man/loolwsd.1 net/Socket.cpp wsd/Admin.cpp wsd/Auth.cpp wsd/Auth.hpp wsd/FileServer.cpp wsd/LOOLWSD.cpp
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Wed Oct 31 13:15:57 UTC 2018
configure.ac | 2 +-
loolwsd-systemplate-setup | 1 +
loolwsd.xml.in | 1 +
man/loolwsd.1 | 2 +-
net/Socket.cpp | 4 ++--
wsd/Admin.cpp | 4 +---
wsd/Auth.cpp | 2 ++
wsd/Auth.hpp | 5 ++---
wsd/FileServer.cpp | 5 ++---
wsd/LOOLWSD.cpp | 18 ++++++++++++++++--
10 files changed, 29 insertions(+), 15 deletions(-)
New commits:
commit 14a230121cadfe2d75b3fc243df4834fd4b8a2d5
Author: Andras Timar <andras.timar at collabora.com>
AuthorDate: Wed Oct 31 13:57:45 2018 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed Oct 31 13:57:45 2018 +0100
Bump version to 6.1.3.2
Change-Id: I61d97e4e8d39a81c79c0ce90057fdfad06b1db0a
diff --git a/configure.ac b/configure.ac
index 6992aaef5..d18186a24 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@
AC_PREREQ([2.63])
-AC_INIT([libreoffice-online], [6.1.1.2], [libreoffice at lists.freedesktop.org])
+AC_INIT([libreoffice-online], [6.1.3.2], [libreoffice at lists.freedesktop.org])
LT_INIT([shared, disable-static, dlopen])
AM_INIT_AUTOMAKE([1.10 subdir-objects tar-pax -Wno-portability])
commit 29fa54209815ff12a3e106aa95852e3e5d5381fd
Author: Andras Timar <andras.timar at collabora.com>
AuthorDate: Tue Oct 30 21:17:53 2018 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed Oct 31 13:56:36 2018 +0100
/etc/resolv.conf can be a symlink
Change-Id: I23396e598306b7c8ab1498962ab5c09150c6795b
Reviewed-on: https://gerrit.libreoffice.org/62674
Reviewed-by: Andras Timar <andras.timar at collabora.com>
Tested-by: Andras Timar <andras.timar at collabora.com>
(cherry picked from commit 4e5528e5f8b6abbd9ca715d5ac0ec410cbc783af)
Signed-off-by: Andras Timar <andras.timar at collabora.com>
diff --git a/loolwsd-systemplate-setup b/loolwsd-systemplate-setup
index 50cc5aa92..207a362ba 100755
--- a/loolwsd-systemplate-setup
+++ b/loolwsd-systemplate-setup
@@ -37,6 +37,7 @@ find etc/passwd etc/group etc/hosts \
-type f
find etc/fonts \
+ etc/resolv.conf \
lib/ld-* lib64/ld-* \
-type l
commit 66b761cbd283a773465b6c4ea1668fe7aeea66d5
Author: Andras Timar <andras.timar at collabora.com>
AuthorDate: Wed Oct 10 09:02:55 2018 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed Oct 31 13:55:55 2018 +0100
typo
Change-Id: I925c99699b8d383d2b8643c3846dafc1d19f33ec
(cherry picked from commit 720ff0a341ef3533f7d0160e1c33148980a69692)
Signed-off-by: Andras Timar <andras.timar at collabora.com>
diff --git a/man/loolwsd.1 b/man/loolwsd.1
index 22c1fe99e..c73adfd93 100644
--- a/man/loolwsd.1
+++ b/man/loolwsd.1
@@ -18,7 +18,7 @@ loolwsd OPTIONS
.PP
\fB\-\-disable\-ssl\fR Disable SSL security layer.
.PP
-\fB\-oxmlpath\fR, \fB\-\-override\fR=\fIxmlpath\fR Override any setting by providing fullxmlpath=value.
+\fB\-oxmlpath\fR, \fB\-\-override\fR=\fIxmlpath\fR Override any setting by providing full xmlpath=value.
.PP
\fB\-\-config\-file\fR=\fIpath\fR Override configuration file path.
.PP
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 8bc1d995c..d93fe94f2 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -1084,7 +1084,7 @@ void LOOLWSD::defineOptions(OptionSet& optionSet)
.required(false)
.repeatable(false));
- optionSet.addOption(Option("override", "o", "Override any setting by providing fullxmlpath=value.")
+ optionSet.addOption(Option("override", "o", "Override any setting by providing full xmlpath=value.")
.required(false)
.repeatable(true)
.argument("xmlpath"));
commit 51131f234192f8393d1b304481fb829c74ae2239
Author: Andras Timar <andras.timar at collabora.com>
AuthorDate: Mon Oct 1 20:17:35 2018 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed Oct 31 13:55:26 2018 +0100
tdf#115163 allow bind to loopback interface
Change-Id: I4808fb0fd685dfe990efd5fb739ee86f1276ffad
Reviewed-on: https://gerrit.libreoffice.org/61412
Reviewed-by: Aron Budea <aron.budea at collabora.com>
Tested-by: Aron Budea <aron.budea at collabora.com>
(cherry picked from commit 1d087b3545be712073ab52ed11352a6b686f7a63)
Signed-off-by: Andras Timar <andras.timar at collabora.com>
diff --git a/loolwsd.xml.in b/loolwsd.xml.in
index d4ca9b3ea..8d35510fa 100644
--- a/loolwsd.xml.in
+++ b/loolwsd.xml.in
@@ -64,6 +64,7 @@
<net desc="Network settings">
<proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
+ <listen type="string" default="any" desc="Listen address that loolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
<post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
<host desc="Regex pattern of ip address to allow.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
</post_allow>
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index d7cb6a473..8bc1d995c 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -166,6 +166,9 @@ int ClientPortNumber = DEFAULT_CLIENT_PORT_NUMBER;
/// Protocols to listen on
Socket::Type ClientPortProto = Socket::Type::All;
+/// INET address to listen on
+ServerSocket::Type ClientListenAddr = ServerSocket::Type::Public;
+
/// Port for prisoners to connect to
int MasterPortNumber = DEFAULT_MASTER_PORT_NUMBER;
@@ -676,6 +679,7 @@ void LOOLWSD::initialize(Application& self)
{ "logging.level", "trace" },
{ "loleaflet_logging", "false" },
{ "net.proto", "all" },
+ { "net.listen", "any" },
{ "ssl.enable", "true" },
{ "ssl.termination", "true" },
{ "ssl.cert_file_path", LOOLWSD_CONFIGDIR "/cert.pem" },
@@ -799,6 +803,16 @@ void LOOLWSD::initialize(Application& self)
else
LOG_WRN("Invalid protocol: " << proto);
}
+ {
+ std::string listen = getConfigValue<std::string>(conf, "net.listen", "");
+ if (!Poco::icompare(listen, "any"))
+ ClientListenAddr = ServerSocket::Type::Public;
+ else if (!Poco::icompare(listen, "loopback"))
+ ClientListenAddr = ServerSocket::Type::Local;
+ else
+ LOG_WRN("Invalid listen address: " << listen << ". Falling back to default: 'any'" );
+ }
+
#if ENABLE_SSL
LOOLWSD::SSLEnabled.set(getConfigValue<bool>(conf, "ssl.enable", true));
@@ -2644,7 +2658,7 @@ private:
std::shared_ptr<ServerSocket> socket = getServerSocket(
- ServerSocket::Type::Public, port, WebServerPoll, factory);
+ ClientListenAddr, port, WebServerPoll, factory);
#ifdef BUILDLING_TESTS
while (!socket)
{
commit 6362a49e3f3215a5743769ff9d7ab9fbb0d315cd
Author: Andras Timar <andras.timar at collabora.com>
AuthorDate: Fri Sep 28 11:54:20 2018 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed Oct 31 13:52:56 2018 +0100
don't use ssl key file for admin console auth, use a generated key instead
Change-Id: I424afe0184a64b7f069d896bde6941e42b7b5531
rational: setup is easier in case, when user does not use ssl in loolwsd config
Reviewed-on: https://gerrit.libreoffice.org/61411
Reviewed-by: Aron Budea <aron.budea at collabora.com>
Tested-by: Aron Budea <aron.budea at collabora.com>
(cherry picked from commit 86f50208829772934ce310be103ec9a36c862d7f)
Signed-off-by: Andras Timar <andras.timar at collabora.com>
diff --git a/wsd/Admin.cpp b/wsd/Admin.cpp
index 723bb22f9..34773e684 100644
--- a/wsd/Admin.cpp
+++ b/wsd/Admin.cpp
@@ -76,11 +76,9 @@ void AdminSocketHandler::handleMessage(bool /* fin */, WSOpCode /* code */,
}
std::string jwtToken;
LOOLProtocol::getTokenString(tokens[1], "jwt", jwtToken);
- const auto& config = Application::instance().config();
- const std::string sslKeyPath = config.getString("ssl.key_file_path", "");
LOG_INF("Verifying JWT token: " << jwtToken);
- JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin");
+ JWTAuth authAgent("admin", "admin", "admin");
if (authAgent.verify(jwtToken))
{
LOG_TRC("JWT token is valid");
diff --git a/wsd/Auth.cpp b/wsd/Auth.cpp
index 8b1a0ec77..6be7eceea 100644
--- a/wsd/Auth.cpp
+++ b/wsd/Auth.cpp
@@ -37,6 +37,8 @@ using Poco::Base64Decoder;
using Poco::Base64Encoder;
using Poco::OutputLineEndingConverter;
+const Poco::Crypto::RSAKey JWTAuth::_key(Poco::Crypto::RSAKey(Poco::Crypto::RSAKey::KL_2048, Poco::Crypto::RSAKey::EXP_LARGE));
+
void Authorization::authorizeURI(Poco::URI& uri) const
{
if (_type == Authorization::Type::Token)
diff --git a/wsd/Auth.hpp b/wsd/Auth.hpp
index 96bcb86b6..fa9029bba 100644
--- a/wsd/Auth.hpp
+++ b/wsd/Auth.hpp
@@ -69,11 +69,10 @@ public:
class JWTAuth : public AuthBase
{
public:
- JWTAuth(const std::string& keyPath, const std::string& name, const std::string& sub, const std::string& aud)
+ JWTAuth(const std::string& name, const std::string& sub, const std::string& aud)
: _name(name),
_sub(sub),
_aud(aud),
- _key(Poco::Crypto::RSAKey("", keyPath)),
_digestEngine(_key, "SHA256")
{
}
@@ -96,7 +95,7 @@ private:
const std::string _sub;
const std::string _aud;
- const Poco::Crypto::RSAKey _key;
+ static const Poco::Crypto::RSAKey _key;
Poco::Crypto::RSADigestEngine _digestEngine;
};
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index 3f7080ecd..25e4ca64b 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -196,7 +196,6 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request,
assert(LOOLWSD::AdminEnabled);
const auto& config = Application::instance().config();
- const std::string& sslKeyPath = config.getString("ssl.key_file_path", "");
NameValueCollection cookies;
request.getCookies(cookies);
@@ -204,7 +203,7 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request,
{
const std::string jwtToken = cookies.get("jwt");
LOG_INF("Verifying JWT token: " << jwtToken);
- JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin");
+ JWTAuth authAgent("admin", "admin", "admin");
if (authAgent.verify(jwtToken))
{
LOG_TRC("JWT token is valid");
@@ -247,7 +246,7 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request,
}
// authentication passed, generate and set the cookie
- JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin");
+ JWTAuth authAgent("admin", "admin", "admin");
const std::string jwtToken = authAgent.getAccessToken();
Poco::Net::HTTPCookie cookie("jwt", jwtToken);
commit e5dc1b0bf8aece0f199379401430a9868737c64f
Author: Andras Timar <andras.timar at collabora.com>
AuthorDate: Wed Oct 3 13:25:36 2018 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed Oct 31 13:48:57 2018 +0100
fix that internal port 9981 was opened on all interfaces
Change-Id: I04cd12b7fa2f0be9b08a3d325f08b36ca2ce240e
Reviewed-on: https://gerrit.libreoffice.org/61410
Reviewed-by: Aron Budea <aron.budea at collabora.com>
Tested-by: Aron Budea <aron.budea at collabora.com>
(cherry picked from commit f32b75eefe5ac2b4ac5b54039e3b4bb665b994d6)
Signed-off-by: Andras Timar <andras.timar at collabora.com>
diff --git a/net/Socket.cpp b/net/Socket.cpp
index dddfe4fc0..45bb14449 100644
--- a/net/Socket.cpp
+++ b/net/Socket.cpp
@@ -304,9 +304,9 @@ bool ServerSocket::bind(Type type, int port)
addrv4.sin_family = AF_INET;
addrv4.sin_port = htons(port);
if (type == Type::Public)
- addrv4.sin_addr.s_addr = type == htonl(INADDR_ANY);
+ addrv4.sin_addr.s_addr = htonl(INADDR_ANY);
else
- addrv4.sin_addr.s_addr = type == htonl(INADDR_LOOPBACK);
+ addrv4.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
rc = ::bind(getFD(), (const sockaddr *)&addrv4, sizeof(addrv4));
}
More information about the Libreoffice-commits
mailing list