[Libreoffice-commits] online.git: wsd/ClientSession.cpp wsd/ClientSession.hpp wsd/ProxyProtocol.cpp
Michael Meeks (via logerrit)
logerrit at kemper.freedesktop.org
Wed May 13 00:02:17 UTC 2020
wsd/ClientSession.cpp | 19 +++++++++++++++++--
wsd/ClientSession.hpp | 8 +++++++-
wsd/ProxyProtocol.cpp | 10 +++++-----
3 files changed, 29 insertions(+), 8 deletions(-)
New commits:
commit e600721abee7eb6aba7fab58fbcbe2e7910da1b4
Author: Michael Meeks <michael.meeks at collabora.com>
AuthorDate: Tue May 12 23:52:25 2020 +0100
Commit: Michael Meeks <michael.meeks at collabora.com>
CommitDate: Wed May 13 02:01:59 2020 +0200
Proxy: use much more obscure session IDs.
Change-Id: I1220216b88aaa3c9a0bc58ed5bf4b20b4214d997
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/94090
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
Reviewed-by: Michael Meeks <michael.meeks at collabora.com>
diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index 3991c3d92..369bed08d 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -35,6 +35,11 @@ using namespace LOOLProtocol;
using Poco::Path;
+// rotates regularly
+const int ClipboardTokenLengthBytes = 16;
+// home-use, disabled by default.
+const int ProxyAccessTokenLengthBytes = 32;
+
static std::mutex GlobalSessionMapMutex;
static std::unordered_map<std::string, std::weak_ptr<ClientSession>> GlobalSessionMap;
@@ -188,7 +193,8 @@ void ClientSession::rotateClipboardKey(bool notifyClient)
return;
_clipboardKeys[1] = _clipboardKeys[0];
- _clipboardKeys[0] = Util::rng::getHardRandomHexString(16);
+ _clipboardKeys[0] = Util::rng::getHardRandomHexString(
+ ClipboardTokenLengthBytes);
LOG_TRC("Clipboard key on [" << getId() << "] set to " << _clipboardKeys[0] <<
" last was " << _clipboardKeys[1]);
if (notifyClient)
@@ -1719,7 +1725,8 @@ void ClientSession::dumpState(std::ostream& os)
<< "\n\t\tisTextDocument: " << _isTextDocument
<< "\n\t\tclipboardKeys[0]: " << _clipboardKeys[0]
<< "\n\t\tclipboardKeys[1]: " << _clipboardKeys[1]
- << "\n\t\tclip sockets: " << _clipSockets.size();
+ << "\n\t\tclip sockets: " << _clipSockets.size()
+ << "\n\t\tproxy access:: " << _proxyAccess;
if (_protocol)
{
@@ -1733,6 +1740,14 @@ void ClientSession::dumpState(std::ostream& os)
}
+const std::string &ClientSession::getOrCreateProxyAccess()
+{
+ if (_proxyAccess.size() <= 0)
+ _proxyAccess = Util::rng::getHardRandomHexString(
+ ProxyAccessTokenLengthBytes);
+ return _proxyAccess;
+}
+
void ClientSession::handleTileInvalidation(const std::string& message,
const std::shared_ptr<DocumentBroker>& docBroker)
{
diff --git a/wsd/ClientSession.hpp b/wsd/ClientSession.hpp
index 865649c30..c7d4e66ed 100644
--- a/wsd/ClientSession.hpp
+++ b/wsd/ClientSession.hpp
@@ -171,6 +171,9 @@ public:
/// Generate and rotate a new clipboard hash, sending it if appropriate
void rotateClipboardKey(bool notifyClient);
+ /// Generate an access token for this session via proxy protocol.
+ const std::string &getOrCreateProxyAccess();
+
private:
std::shared_ptr<ClientSession> client_from_this()
{
@@ -282,8 +285,11 @@ private:
/// Sockets to send binary selection content to
std::vector<std::weak_ptr<StreamSocket>> _clipSockets;
- ///Time when loading of view started
+ /// Time when loading of view started
std::chrono::steady_clock::time_point _viewLoadStart;
+
+ /// Secure session id token for proxyprotocol authentication
+ std::string _proxyAccess;
};
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/wsd/ProxyProtocol.cpp b/wsd/ProxyProtocol.cpp
index 7a5ef1b4c..9f25a47b4 100644
--- a/wsd/ProxyProtocol.cpp
+++ b/wsd/ProxyProtocol.cpp
@@ -55,17 +55,17 @@ void DocumentBroker::handleProxyRequest(
LOOLWSD::checkDiskSpaceAndWarnClients(true);
LOOLWSD::checkSessionLimitsAndWarnClients();
- LOG_TRC("proxy: Returning sessionId " << clientSession->getId());
+ const std::string &sessionId = clientSession->getOrCreateProxyAccess();
+ LOG_TRC("proxy: Returning sessionId " << sessionId);
std::ostringstream oss;
oss << "HTTP/1.1 200 OK\r\n"
"Last-Modified: " << Util::getHttpTimeNow() << "\r\n"
"User-Agent: " WOPI_AGENT_STRING "\r\n"
- "Content-Length: " << clientSession->getId().size() << "\r\n"
+ "Content-Length: " << sessionId.size() << "\r\n"
"Content-Type: application/json\r\n"
"X-Content-Type-Options: nosniff\r\n"
- "\r\n"
- << clientSession->getId();
+ "\r\n" << sessionId;
socket->send(oss.str());
socket->shutdown();
@@ -77,7 +77,7 @@ void DocumentBroker::handleProxyRequest(
LOG_TRC("proxy: find session for " << _docKey << " with id " << sessionId);
for (const auto &it : _sessions)
{
- if (it.second->getId() == sessionId)
+ if (it.second->getOrCreateProxyAccess() == sessionId)
{
clientSession = it.second;
break;
More information about the Libreoffice-commits
mailing list