libreoffice-online/wsd/LOOLWSD.hpp

506 lines
15 KiB
C++
Raw Normal View History

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#pragma once
#include <algorithm>
#include <atomic>
#include <chrono>
#include <map>
#include <set>
#include <string>
#include <signal.h>
2015-07-13 09:13:06 -05:00
#include <Poco/Path.h>
2016-01-25 19:07:10 -06:00
#include <Poco/Process.h>
#include <Poco/Util/AbstractConfiguration.h>
#include <Poco/Util/OptionSet.h>
#include <Poco/Util/ServerApplication.h>
#include "Util.hpp"
#include "FileUtil.hpp"
#include "WebSocketHandler.hpp"
class ChildProcess;
class TraceFileWriter;
class DocumentBroker;
class ClipboardCache;
std::shared_ptr<ChildProcess> getNewChild_Blocks(
#if MOBILEAPP
const std::string& uri
#endif
);
// A WSProcess object in the WSD process represents a descendant process, either the direct child
// process FORKIT or a grandchild KIT process, with which the WSD process communicates through a
// WebSocket.
class WSProcess
{
public:
/// @param pid is the process ID.
/// @param socket is the underlying Sockeet to the process.
WSProcess(const std::string& name,
const Poco::Process::PID pid,
const std::shared_ptr<StreamSocket>& socket,
std::shared_ptr<WebSocketHandler> handler) :
_name(name),
_pid(pid),
_ws(handler),
_socket(socket)
{
LOG_INF(_name << " ctor [" << _pid << "].");
}
WSProcess(WSProcess&& other) = delete;
const WSProcess& operator=(WSProcess&& other) = delete;
virtual ~WSProcess()
{
LOG_DBG("~" << _name << " dtor [" << _pid << "].");
if (_pid <= 0)
return;
terminate();
// No need for the socket anymore.
_ws.reset();
_socket.reset();
}
/// Let the child close a nice way.
void close()
{
if (_pid < 0)
return;
try
{
LOG_DBG("Closing ChildProcess [" << _pid << "].");
// Request the child to exit
if (isAlive())
{
LOG_DBG("Stopping ChildProcess [" << _pid << "] by sending 'exit' command.");
sendTextFrame("exit");
}
// Shutdown the socket.
if (_ws)
_ws->shutdown();
}
catch (const std::exception& ex)
{
LOG_ERR("Error while closing child process: " << ex.what());
}
_pid = -1; // Detach from child.
}
/// Kill or abandon the child.
void terminate()
{
if (_pid < 0)
return;
#if !MOBILEAPP
if (::kill(_pid, 0) == 0)
{
LOG_INF("Killing child [" << _pid << "].");
if (!SigUtil::killChild(_pid))
{
LOG_ERR("Cannot terminate lokit [" << _pid << "]. Abandoning.");
}
}
#else
// What to do? Throw some unique exception that the outermost call in the thread catches and
// exits from the thread?
#endif
_pid = -1;
}
Poco::Process::PID getPid() const { return _pid; }
/// Send a text payload to the child-process WS.
virtual bool sendTextFrame(const std::string& data)
{
try
{
if (_ws)
{
LOG_TRC("Send to " << _name << " message: [" << LOOLProtocol::getAbbreviatedMessage(data) << "].");
_ws->sendMessage(data);
return true;
}
}
catch (const std::exception& exc)
{
LOG_ERR("Failed to send " << _name << " [" << _pid << "] data [" <<
LOOLProtocol::getAbbreviatedMessage(data) << "] due to: " << exc.what());
throw;
}
LOG_WRN("No socket to " << _name << " to send [" << LOOLProtocol::getAbbreviatedMessage(data) << "]");
return false;
}
/// Check whether this child is alive and socket not in error.
/// Note: zombies will show as alive, and sockets have waiting
/// time after the other end-point closes. So this isn't accurate.
virtual bool isAlive() const
{
#if !MOBILEAPP
try
{
return _pid > 1 && _ws && ::kill(_pid, 0) == 0;
}
catch (const std::exception&)
{
}
return false;
#else
return _pid > 1;
#endif
}
std::string _name;
Poco::Process::PID _pid;
std::shared_ptr<WebSocketHandler> _ws;
std::shared_ptr<Socket> _socket;
};
#if !MOBILEAPP
ForKitProcWSHandler: remove std::enable_shared_from_this inheritance This was added in commit 70af76e28cbca4a45869fcecfe221d21eb7a3790 (Replaced pipe with websocket based on Unix socket in communication with ForKit, 2020-04-02), but it seems to me that the shared_from_this() member function (which is now available, due to ineritance) is not actually called anywhere, so this is not necessary. Additionally, Debian 8 / gcc-4.9 has problems compiling this: In file included from /usr/include/c++/4.9/bits/shared_ptr.h:52:0, from /usr/include/c++/4.9/memory:82, from wsd/AdminModel.hpp:13, from wsd/AdminModel.cpp:12: /usr/include/c++/4.9/bits/shared_ptr_base.h: In instantiation of ‘std::__shared_ptr<_Tp, _Lp>::__shared_ptr(std::_Sp_make_shared_tag, const _Alloc&, _Args&& ...) [with _Alloc = std::allocator<ForKitProcWSHandler>; _Args = {std::shared_ptr<StreamSocket>&, const Poco::Net::HTTPRequest&}; _Tp = ForKitProcWSHandler; __gnu_cxx::_Lock_policy _Lp = (__gnu_cxx::_Lock_policy)2u]’: /usr/include/c++/4.9/bits/shared_ptr.h:316:64: required from ‘std::shared_ptr<_Tp>::shared_ptr(std::_Sp_make_shared_tag, const _Alloc&, _Args&& ...) [with _Alloc = std::allocator<ForKitProcWSHandler>; _Args = {std::shared_ptr<StreamSocket>&, const Poco::Net::HTTPRequest&}; _Tp = ForKitProcWSHandler]’ /usr/include/c++/4.9/bits/shared_ptr.h:588:39: required from ‘std::shared_ptr<_Tp1> std::allocate_shared(const _Alloc&, _Args&& ...) [with _Tp = ForKitProcWSHandler; _Alloc = std::allocator<ForKitProcWSHandler>; _Args = {std::shared_ptr<StreamSocket>&, const Poco::Net::HTTPRequest&}]’ /usr/include/c++/4.9/bits/shared_ptr.h:604:42: required from ‘std::shared_ptr<_Tp1> std::make_shared(_Args&& ...) [with _Tp = ForKitProcWSHandler; _Args = {std::shared_ptr<StreamSocket>&, const Poco::Net::HTTPRequest&}]’ ./wsd/LOOLWSD.hpp:201:97: required from here /usr/include/c++/4.9/bits/shared_ptr_base.h:1096:64: error: call of overloaded ‘__enable_shared_from_this_helper(std::__shared_count<>&, ForKitProcWSHandler*&, ForKitProcWSHandler*&)’ is ambiguous So just remove it till that inheritance is needed. Change-Id: I74d38b90bcf06d4490feed31783c098ed831f1ee Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91879 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Michael Meeks <michael.meeks@collabora.com> Reviewed-by: Gabriel Masei <gabriel.masei@1and1.ro>
2020-04-08 04:49:39 -05:00
class ForKitProcWSHandler: public WebSocketHandler
{
public:
ForKitProcWSHandler(const std::weak_ptr<StreamSocket>& socket, const Poco::Net::HTTPRequest& request)
: WebSocketHandler(socket, request)
{
}
virtual void handleMessage(const std::vector<char> &data) override;
};
class ForKitProcess : public WSProcess
{
public:
ForKitProcess(int pid, std::shared_ptr<StreamSocket>& socket, const Poco::Net::HTTPRequest &request)
: WSProcess("ForKit", pid, socket, std::make_shared<ForKitProcWSHandler>(socket, request))
{
socket->setHandler(_ws);
}
};
#endif
/// The Server class which is responsible for all
/// external interactions.
class LOOLWSD : public Poco::Util::ServerApplication
{
public:
LOOLWSD();
~LOOLWSD();
// An Application is a singleton anyway,
// so just keep these as statics.
static std::atomic<uint64_t> NextConnectionId;
static unsigned int NumPreSpawnedChildren;
#if !MOBILEAPP
static bool NoCapsForKit;
static bool NoSeccomp;
static bool AdminEnabled;
#if ENABLE_DEBUG
static bool SingleKit;
#endif
static std::shared_ptr<ForKitProcess> ForKitProc;
static std::atomic<int> ForKitProcId;
#endif
#ifdef FUZZER
static bool DummyLOK;
static std::string FuzzFileName;
#endif
static std::string ConfigFile;
static std::string ConfigDir;
static std::string SysTemplate;
static std::string LoTemplate;
static std::string ChildRoot;
static std::string ServerName;
static std::string FileServerRoot;
static std::string WelcomeFilesRoot; ///< From where we should serve the release notes (or otherwise useful content) that is shown on first install or version update.
static std::string ServiceRoot; ///< There are installations that need prefixing every page with some path.
static std::string LOKitVersion;
static std::string HostIdentifier; ///< A unique random hash that identifies this server
static std::string LogLevel;
static bool AnonymizeUserData;
static bool CheckLoolUser;
static std::atomic<unsigned> NumConnections;
static std::unique_ptr<TraceFileWriter> TraceDumper;
#if !MOBILEAPP
static std::unique_ptr<ClipboardCache> SavedClipboards;
#endif
static std::set<std::string> EditFileExtensions;
static unsigned MaxConnections;
static unsigned MaxDocuments;
static std::string OverrideWatermark;
static std::set<const Poco::Util::AbstractConfiguration*> PluginConfigurations;
static std::chrono::time_point<std::chrono::system_clock> StartTime;
#if MOBILEAPP
/// This is used to be able to wait until the lokit main thread has finished (and it is safe to load a new document).
static std::mutex lokit_main_mutex;
#endif
/// For testing only [!]
static int getClientPortNumber();
/// For testing only [!]
static std::vector<int> getKitPids();
/// For testing only [!] DocumentBrokers are mostly single-threaded with their own thread
static std::vector<std::shared_ptr<DocumentBroker>> getBrokersTestOnly();
static std::string GetConnectionId()
{
return Util::encodeId(NextConnectionId++, 3);
}
static bool isSSLEnabled()
{
#if ENABLE_SSL
return LOOLWSD::SSLEnabled.get();
#else
return false;
#endif
}
static bool isSSLTermination()
{
#if ENABLE_SSL
return LOOLWSD::SSLTermination.get();
#else
return false;
#endif
}
/// Return true iff extension is marked as view action in discovery.xml.
static bool IsViewFileExtension(const std::string& extension)
{
#if MOBILEAPP
(void) extension;
return false; // mark everything editable on mobile
#else
std::string lowerCaseExtension = extension;
std::transform(lowerCaseExtension.begin(), lowerCaseExtension.end(), lowerCaseExtension.begin(), ::tolower);
return EditFileExtensions.find(lowerCaseExtension) == EditFileExtensions.end();
#endif
}
/// Returns the value of the specified application configuration,
/// or the default, if one doesn't exist.
template<typename T>
static
T getConfigValue(const std::string& name, const T def)
{
Add an initial libfuzzer based fuzzer - target ClientSession::_handleInput(), since crashing there would bring down the whole loolwsd (not just a kit process), and it deals with input from untrusted users (browsers) - add a --enable-fuzzers configure switch to build with -fsanitize=fuzzer (compared to normal sanitizers build, this is the only special flag needed) - configuring other sanitizers is not done automatically, either use --with-sanitizer=... or the environment variables from LODE's sanitizer config - run the actual fuzzer like this: ./clientsession_fuzzer -max_len=16384 fuzzer/data/ - note that at least openSUSE Leap 15.1 sadly ships with a clang with libfuzzer static libs removed from the package, so you need a self-built clang to run the fuzzer (either manual build or one from LODE) - <https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/refs/heads/master/efficient_fuzzing.md#execution-speed> suggests that "You should aim for at least 1,000 exec/s from your fuzz target locally" (i.e. one run should not take more than 1 ms), so try this minimal approach first. The alternative would be to start from the existing loolwsd_fuzzer binary, then step by step cut it down to not fork(), not do any network traffic, etc -- till it's fast enough that the fuzzer can find interesting input - the various configurations start to be really complex (the matrix is just very large), so try to use Util::isFuzzing() for fuzzer-specific changes (this is what core.git does as well), and only resort to ifdefs for the Util::isFuzzing() itself Change-Id: I72dc1193b34c93eacb5d8e39cef42387d42bd72f Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89226 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-02-21 08:52:20 -06:00
if (Util::isFuzzing())
{
return def;
}
return getConfigValue(Application::instance().config(), name, def);
}
/// Reads and processes path entries with the given property
/// from the configuration.
/// Converts relative paths to absolute.
static
std::string getPathFromConfig(const std::string& name)
{
return getPathFromConfig(Application::instance().config(), name);
}
/// Reads and processes path entries with the given property
/// from the configuration. If value is empty then it reads from fallback
/// Converts relative paths to absolute.
static
std::string getPathFromConfigWithFallback(const std::string& name, const std::string& fallbackName)
{
std::string value = LOOLWSD::getPathFromConfig(name);
if (value.empty())
return LOOLWSD::getPathFromConfig(fallbackName);
return value;
}
/// Trace a new session and take a snapshot of the file.
static void dumpNewSessionTrace(const std::string& id, const std::string& sessionId, const std::string& uri, const std::string& path);
/// Trace the end of a session.
static void dumpEndSessionTrace(const std::string& id, const std::string& sessionId, const std::string& uri);
static void dumpEventTrace(const std::string& id, const std::string& sessionId, const std::string& data);
static void dumpIncomingTrace(const std::string& id, const std::string& sessionId, const std::string& data);
static void dumpOutgoingTrace(const std::string& id, const std::string& sessionId, const std::string& data);
/// Waits on Forkit and reaps if it dies, then restores.
/// Return true if wait succeeds.
static bool checkAndRestoreForKit();
/// Creates a new instance of Forkit.
/// Return true when successful.
static bool createForKit();
/// Sends a message to ForKit through PrisonerPoll.
static void sendMessageToForKit(const std::string& message);
/// Checks forkit (and respawns), rebalances
/// child kit processes and cleans up DocBrokers.
static void doHousekeeping();
static void checkDiskSpaceAndWarnClients(const bool cacheLastCheck);
static void checkSessionLimitsAndWarnClients();
/// Close document with @docKey and a @message
static void closeDocument(const std::string& docKey, const std::string& message);
/// Autosave a given document (currently only called from Admin).
static void autoSave(const std::string& docKey);
/// Anonymize the basename of filenames, preserving the path and extension.
static std::string anonymizeUrl(const std::string& url)
{
return FileUtil::anonymizeUrl(url);
}
/// Anonymize user names and IDs.
/// Will use the Obfuscated User ID if one is provided via WOPI.
static std::string anonymizeUsername(const std::string& username)
{
return FileUtil::anonymizeUsername(username);
}
/// get correct server URL with protocol + port number for this running server
static std::string getServerURL();
static std::string getVersionJSON();
int innerMain();
protected:
void initialize(Poco::Util::Application& self) override;
void defineOptions(Poco::Util::OptionSet& options) override;
void handleOption(const std::string& name, const std::string& value) override;
int main(const std::vector<std::string>& args) override;
/// Handle various global static destructors.
void cleanup();
private:
#if ENABLE_SSL
static Util::RuntimeConstant<bool> SSLEnabled;
static Util::RuntimeConstant<bool> SSLTermination;
#endif
void initializeSSL();
void displayHelp();
class ConfigValueGetter
{
Poco::Util::LayeredConfiguration& _config;
const std::string& _name;
public:
ConfigValueGetter(Poco::Util::LayeredConfiguration& config,
const std::string& name)
: _config(config)
, _name(name)
{
}
void operator()(int& value) { value = _config.getInt(_name); }
void operator()(unsigned int& value) { value = _config.getUInt(_name); }
void operator()(uint64_t& value) { value = _config.getUInt64(_name); }
void operator()(bool& value) { value = _config.getBool(_name); }
void operator()(std::string& value) { value = _config.getString(_name); }
void operator()(double& value) { value = _config.getDouble(_name); }
};
template <typename T>
static bool getSafeConfig(Poco::Util::LayeredConfiguration& config,
const std::string& name, T& value)
{
try
{
ConfigValueGetter(config, name)(value);
return true;
}
Just try to catch everything in the getSafeConfig(). Poco::Exception is derived from std::exception, yet there were cases where it was not caught - no idea why: I/DEBUG (24700): #00 pc 000371e4 /system/lib/libc.so (tgkill+12) I/DEBUG (24700): #01 pc 00013fb9 /system/lib/libc.so (pthread_kill+52) I/DEBUG (24700): #02 pc 00014bd7 /system/lib/libc.so (raise+10) I/DEBUG (24700): #03 pc 00011519 /system/lib/libc.so (__libc_android_abort+36) I/DEBUG (24700): #04 pc 0000fca4 /system/lib/libc.so (abort+4) I/DEBUG (24700): #05 pc 000126e9 /system/lib/libc.so (__libc_fatal+16) I/DEBUG (24700): #06 pc 0001159d /system/lib/libc.so (__assert2+20) I/DEBUG (24700): #07 pc 00064fed /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so I/DEBUG (24700): #08 pc 00065183 /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so I/DEBUG (24700): #09 pc 0006cb79 /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so I/DEBUG (24700): #10 pc 0006c527 /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so I/DEBUG (24700): #11 pc 0006c4ef /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so (__cxa_throw+74) I/DEBUG (24700): #12 pc 001be25c /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZNK4Poco4Util21AbstractConfiguration7getBoolERKNSt6__ndk112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEE+208) I/DEBUG (24700): #13 pc 001847fd /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD17ConfigValueGetterclERb+12) I/DEBUG (24700): #14 pc 001847c3 /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD13getSafeConfigIbEEbRN4Poco4Util20LayeredConfigurationERKNSt6__ndk112basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEERT_+22) I/DEBUG (24700): #15 pc 00184747 /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD14getConfigValueIbEET_RN4Poco4Util20LayeredConfigurationERKNSt6__ndk112basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEES1_+38) I/DEBUG (24700): #16 pc 0018748b /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD10initializeERN4Poco4Util11ApplicationE+1334) I/DEBUG (24700): #17 pc 001c7274 /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN4Poco4Util11Application3runEv+28) I/DEBUG (24700): #18 pc 00134fbf /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so I/DEBUG (24700): #19 pc 00134df7 /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so I/DEBUG (24700): #20 pc 00134dc5 /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so I/DEBUG (24700): #21 pc 000137a3 /system/lib/libc.so (_ZL15__pthread_startPv+30) I/DEBUG (24700): #22 pc 00011883 /system/lib/libc.so (__start_thread+6) Change-Id: Ica643f88d572b239b9a124e31cb4552f86439bf6 Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89715 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-02-28 07:58:32 -06:00
catch (...)
{
}
return false;
}
template<typename T>
static
T getConfigValue(Poco::Util::LayeredConfiguration& config,
const std::string& name, const T def)
{
T value = def;
if (getSafeConfig(config, name, value) ||
getSafeConfig(config, name + "[@default]", value))
{
return value;
}
return def;
}
/// Reads and processes path entries with the given property
/// from the configuration.
/// Converts relative paths to absolute.
static
std::string getPathFromConfig(Poco::Util::LayeredConfiguration& config, const std::string& property)
{
std::string path = config.getString(property);
if (path.empty() && config.hasProperty(property + "[@default]"))
{
// Use the default value if empty and a default provided.
path = config.getString(property + "[@default]");
}
// Reconstruct absolute path if relative.
if (!Poco::Path(path).isAbsolute() &&
config.hasProperty(property + "[@relative]") &&
config.getBool(property + "[@relative]"))
{
path = Poco::Path(Application::instance().commandPath()).parent().append(path).toString();
}
return path;
}
private:
/// Settings passed from the command-line to override those in the config file.
std::map<std::string, std::string> _overrideSettings;
#if MOBILEAPP
public:
static int prisonerServerSocketFD;
#endif
};
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */