[Libreoffice-commits] online.git: wsd/ClientSession.cpp wsd/ClientSession.hpp wsd/ProxyProtocol.cpp

Michael Meeks (via logerrit) logerrit at kemper.freedesktop.org
Wed May 13 00:02:17 UTC 2020 

 wsd/ClientSession.cpp |   19 +++++++++++++++++--
 wsd/ClientSession.hpp |    8 +++++++-
 wsd/ProxyProtocol.cpp |   10 +++++-----
 3 files changed, 29 insertions(+), 8 deletions(-)

New commits:
commit e600721abee7eb6aba7fab58fbcbe2e7910da1b4
Author:     Michael Meeks <michael.meeks at collabora.com>
AuthorDate: Tue May 12 23:52:25 2020 +0100
Commit:     Michael Meeks <michael.meeks at collabora.com>
CommitDate: Wed May 13 02:01:59 2020 +0200

    Proxy: use much more obscure session IDs.
    
    Change-Id: I1220216b88aaa3c9a0bc58ed5bf4b20b4214d997
    Reviewed-on: https://gerrit.libreoffice.org/c/online/+/94090
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
    Reviewed-by: Michael Meeks <michael.meeks at collabora.com>

diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index 3991c3d92..369bed08d 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -35,6 +35,11 @@ using namespace LOOLProtocol;
 
 using Poco::Path;
 
+// rotates regularly
+const int ClipboardTokenLengthBytes = 16;
+// home-use, disabled by default.
+const int ProxyAccessTokenLengthBytes = 32;
+
 static std::mutex GlobalSessionMapMutex;
 static std::unordered_map<std::string, std::weak_ptr<ClientSession>> GlobalSessionMap;
 
@@ -188,7 +193,8 @@ void ClientSession::rotateClipboardKey(bool notifyClient)
         return;
 
     _clipboardKeys[1] = _clipboardKeys[0];
-    _clipboardKeys[0] = Util::rng::getHardRandomHexString(16);
+    _clipboardKeys[0] = Util::rng::getHardRandomHexString(
+        ClipboardTokenLengthBytes);
     LOG_TRC("Clipboard key on [" << getId() << "] set to " << _clipboardKeys[0] <<
             " last was " << _clipboardKeys[1]);
     if (notifyClient)
@@ -1719,7 +1725,8 @@ void ClientSession::dumpState(std::ostream& os)
        << "\n\t\tisTextDocument: " << _isTextDocument
        << "\n\t\tclipboardKeys[0]: " << _clipboardKeys[0]
        << "\n\t\tclipboardKeys[1]: " << _clipboardKeys[1]
-       << "\n\t\tclip sockets: " << _clipSockets.size();
+       << "\n\t\tclip sockets: " << _clipSockets.size()
+       << "\n\t\tproxy access:: " << _proxyAccess;
 
     if (_protocol)
     {
@@ -1733,6 +1740,14 @@ void ClientSession::dumpState(std::ostream& os)
 
 }
 
+const std::string &ClientSession::getOrCreateProxyAccess()
+{
+    if (_proxyAccess.size() <= 0)
+        _proxyAccess = Util::rng::getHardRandomHexString(
+            ProxyAccessTokenLengthBytes);
+    return _proxyAccess;
+}
+
 void ClientSession::handleTileInvalidation(const std::string& message,
     const std::shared_ptr<DocumentBroker>& docBroker)
 {
diff --git a/wsd/ClientSession.hpp b/wsd/ClientSession.hpp
index 865649c30..c7d4e66ed 100644
--- a/wsd/ClientSession.hpp
+++ b/wsd/ClientSession.hpp
@@ -171,6 +171,9 @@ public:
     /// Generate and rotate a new clipboard hash, sending it if appropriate
     void rotateClipboardKey(bool notifyClient);
 
+    /// Generate an access token for this session via proxy protocol.
+    const std::string &getOrCreateProxyAccess();
+
 private:
     std::shared_ptr<ClientSession> client_from_this()
     {
@@ -282,8 +285,11 @@ private:
     /// Sockets to send binary selection content to
     std::vector<std::weak_ptr<StreamSocket>> _clipSockets;
 
-    ///Time when loading of view started
+    /// Time when loading of view started
     std::chrono::steady_clock::time_point _viewLoadStart;
+
+    /// Secure session id token for proxyprotocol authentication
+    std::string _proxyAccess;
 };
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/wsd/ProxyProtocol.cpp b/wsd/ProxyProtocol.cpp
index 7a5ef1b4c..9f25a47b4 100644
--- a/wsd/ProxyProtocol.cpp
+++ b/wsd/ProxyProtocol.cpp
@@ -55,17 +55,17 @@ void DocumentBroker::handleProxyRequest(
         LOOLWSD::checkDiskSpaceAndWarnClients(true);
         LOOLWSD::checkSessionLimitsAndWarnClients();
 
-        LOG_TRC("proxy: Returning sessionId " << clientSession->getId());
+        const std::string &sessionId = clientSession->getOrCreateProxyAccess();
+        LOG_TRC("proxy: Returning sessionId " << sessionId);
 
         std::ostringstream oss;
         oss << "HTTP/1.1 200 OK\r\n"
             "Last-Modified: " << Util::getHttpTimeNow() << "\r\n"
             "User-Agent: " WOPI_AGENT_STRING "\r\n"
-            "Content-Length: " << clientSession->getId().size() << "\r\n"
+            "Content-Length: " << sessionId.size() << "\r\n"
             "Content-Type: application/json\r\n"
             "X-Content-Type-Options: nosniff\r\n"
-            "\r\n"
-            << clientSession->getId();
+            "\r\n" << sessionId;
 
         socket->send(oss.str());
         socket->shutdown();
@@ -77,7 +77,7 @@ void DocumentBroker::handleProxyRequest(
         LOG_TRC("proxy: find session for " << _docKey << " with id " << sessionId);
         for (const auto &it : _sessions)
         {
-            if (it.second->getId() == sessionId)
+            if (it.second->getOrCreateProxyAccess() == sessionId)
             {
                 clientSession = it.second;
                 break;

More information about the Libreoffice-commits mailing list