Commit graph

64 commits

Author SHA1 Message Date
Michael Meeks
0d97efbfcc locking: renew lock after timeout.
Change-Id: I6191ee34239b978292aeb6795be74312a954e240
2019-11-27 19:17:27 +00:00
Andras Timar
8d5d9e427f APP_NAME tweaks
Change-Id: I16016cfc575620f98c0124fdb85e39cf56e0453a
2019-11-27 12:16:07 +01:00
mert
8ca7391f05 Added an option to override watermark texts
in loolwsd.xml. If set, watermarks will be the same
as entered for all the views instead of per view
watermarks sent in CheckFileInfo

Change-Id: I0943520423abc2567f44920f8679057b3cfbf01f
Reviewed-on: https://gerrit.libreoffice.org/83666
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-11-25 13:10:05 +01:00
Michael Meeks
98617e40e2 Enable protocol debugging by default in debug mode.
Also add a config option for logging.protocol - to help catch early
protocol issues during startup.

Change-Id: I6f0cc6dcf14b2797bc6b2bd36c44750d74eb0608
2019-11-15 18:01:02 +00:00
Ashod Nakashian
8c4edb5087 Reuse cookies from the browser
Reviewed-on: https://gerrit.libreoffice.org/78195
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
(cherry picked from commit 8deecf4ea6966c059458bdc71e365be426238e09)

Change-Id: I96bbdd3e71bc9d0ecfddea7debc0ebcc303a49ae
Reviewed-on: https://gerrit.libreoffice.org/81558
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-10-28 10:45:14 +01:00
Michael Meeks
2f534842cd fallback to ssl.enable for storage.ssl.enable for back-compat.
Implements TODO from 5d57f5aef3

Change-Id: I32bc4cc2b875a4ec44bc8d254af7b03c8016e887
2019-10-25 10:57:24 +01:00
Andras Timar
5d57f5aef3 storage.ssl.enable should be in sync with ssl.enable by default
storage.ssl.enable=false by default is not good. loolwsd default config should
work, e.g. in case of snapshot docker images. When ssl.enable=true, this implies
storage.ssl.enable=true, because browsers do not allow mixed content, so it is
not possible to connect to the storage with plain HTTP, while the content from
loolwsd is served with HTTPS.

TODO: find out what to do in case of upgrade, when the user has an old config
file. Probably storage.ssl.enable should default to ssl.enable when it is not
present in config file.

Change-Id: Ifdcb070745d649dd9840dccf2e5641058a13d4e4
Reviewed-on: https://gerrit.libreoffice.org/80660
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2019-10-11 23:43:09 +02:00
Gabriel Masei
d597f22dac Add minimal TLS support for communication with storage
Change-Id: Iafd9946a4240063c07f5c519b8af30b52e23d3e8
Reviewed-on: https://gerrit.libreoffice.org/80373
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-10-08 18:57:36 +02:00
Andras Timar
db176ee45b Remove lo_template_path option
It was not very useful to let this setting configurable by the user.
On the other hand, old path in config file caused issues after
upgrade. It is better to decide the location of LOKit core
during compilation. From now on the --with-lo-path configure
option is compulsory.

Change-Id: Icdcbc21bde5dad329fdb6e30ed17efde6b0e73de
Reviewed-on: https://gerrit.libreoffice.org/79943
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2019-10-08 09:36:44 +02:00
Szymon Kłos
0a6ba8d727 Set default out of focus time to 2 minutes
Change-Id: Iff2c75ec820e55aef0b16d52da39db200806cafe
2019-10-03 14:50:17 +01:00
Michael Meeks
f384b8a414 Add watermark opacity setting.
Change-Id: I839e8aef91acfed40d4afd8c1b50176ed54c670a
2019-08-26 16:29:12 -04:00
Ashod Nakashian
919a93cd4b wsd: improved anonymization algorithm
Better hashing algorithm based on FNV-1a.
Adds support for salting the hash, and
for providing salt via configuration.

More unit-tests added, and better formatting.

Change-Id: I2be42675d0cdbaa73c3d7faed99e07631a9c20fc
Reviewed-on: https://gerrit.libreoffice.org/70034
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Reviewed-on: https://gerrit.libreoffice.org/71091
2019-08-17 04:26:35 +02:00
Ashod Nakashian
226c2fe71c wsd: unify anonymization flags under one
This simplifies the anonymization configuration
as virtually always they are all either enabled
together, or not at all.

Change-Id: I6fe60f5287fc5d71cd7a6ac3268eac67e5e6e9fb
Reviewed-on: https://gerrit.libreoffice.org/70033
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Reviewed-on: https://gerrit.libreoffice.org/71090
2019-08-17 03:42:19 +02:00
Andras Timar
c5f5e7312a Allow Docker's 172.17.0.0/16 subnet in sample (default) net.post_allow.host array
Change-Id: I49ad6093e4f390ac2ae647615f81c2ebf1dcc469
Reviewed-on: https://gerrit.libreoffice.org/74620
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-06-24 08:56:14 +02:00
Miklos Vajna
717816d44d wsd: add new always_save_on_exit config option
The default behavior is unchanged: once the last editor exits, we still
only perform a save when the document is modified.

It's possible to opt in for the new behavior, though: in that case the
save after the exit of the last editor will happen even for unmodified
documents.

Change-Id: I14c17035a932cf952217f3b71fdef57fede0ce24
2019-06-06 11:48:54 +02:00
Miklos Vajna
3c927a9f32 wsd: allow disabling idlesave and autosave from configuration
The code already assumed a signed integer, but the configuration advertised
unsigned, standardize on signed.

This way it doesn't matter if the "disable" value is zero or a negative
number.

Change-Id: I56632c8a36be01afefdc5f2a35e70bde945d69d3
2019-06-05 17:28:03 +02:00
Jan Holesovsky
3a03f50784 Revert "Adapt paths to new package name"
It is not a good idea to change the configuration directory, it will affect all the existing installations.

And the service is called loolwsd - so the configuration should be called that way too.

This reverts commit 9278574289.

Change-Id: I7e6eee644e21ad2dd842742585d16133ff8e36c9
Reviewed-on: https://gerrit.libreoffice.org/72730
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
2019-05-22 12:06:06 +02:00
Samuel Mehrbrodt
9278574289 Adapt paths to new package name
After 1dbbc5acc7

Change-Id: I64a12fb13bc8f9371821b2d5969941bfddc2514a
Reviewed-on: https://gerrit.libreoffice.org/72728
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
2019-05-22 10:27:33 +02:00
Tor Lillqvist
8f71365f0f Remove unnecessary leftovers after Michael's removal of the on-disk tile cache
Change-Id: I435679b48f90d2580bb9c5c86a26c9a1d43c5b59
Reviewed-on: https://gerrit.libreoffice.org/67885
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-02-15 21:36:16 +01:00
Andras Timar
da1ac186ec clarifying allowed_languages setting
Change-Id: Iaa26997fa3b7807362d650c9f7efce380147a7e4
Reviewed-on: https://gerrit.libreoffice.org/65636
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2018-12-27 11:15:29 +01:00
Andras Timar
279301e51d New configure switch --enable-vereign to set the default document signing url
Change-Id: I65225fc5f94a8ad49b75d31ef3535e8479484e69
2018-12-11 12:55:16 +01:00
Tomaž Vajngerl
2861299c77 make vereign server configurable, dynamically show sign. infobar
document_signing_url in loolwsd now accepts a vereign server URL
endpoint. If not provided, the signing functionallity won't be
available.

The document signing infobar is now shown dynamically so by
default it is not shown, but when the users clicks in menu the
"sign document", the infobar is shown (the document-content is
css "top" value is adjusted via JQuery).

Change-Id: I9d5f6b68ba3612eeeb9de28c9c0333b4d1bf41d8
Reviewed-on: https://gerrit.libreoffice.org/64298
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Tested-by: Tomaž Vajngerl <quikee@gmail.com>
2018-11-29 22:46:07 +01:00
Michael Meeks
ff31b2cd81 Nasty hack to disable red-lining via config setting and the environment.
Change-Id: I67303fa9593c53a4575b4b45e2b2c879ae8ee890
Reviewed-on: https://gerrit.libreoffice.org/63137
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 2ff64d81ed3188994b755c0533526cc776f5c8c4)
2018-11-28 16:44:27 +01:00
Samuel Mehrbrodt
296aba1bea Improve allowed frame-ancestors
Beforehand, any host could embed the iframe as the Referer was always allowed.

Now, only the loolwsd and the WOPI host are allowed to do that.
Additionally, a config option has been added to add more allowed hosts.

X-Frame-Options supports has been removed as it supports only one host
and CSP is meanwhile supported in ~all major browsers.

Change-Id: I222720e1220116102708c50edaf08e2a4a0aebda
Reviewed-on: https://gerrit.libreoffice.org/63864
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
2018-11-23 16:33:55 +01:00
Miklos Vajna
c74c9e39c8 Disable document signing via config setting
It's not too easy to customize CSS, so move the top position of the
document container to loleaflet.html, where it's convenient to handle
this.

JS can dynamically query if the menu item should be there, similar to
the about dialog.

Change-Id: I4b2799a41f8ad31e3a9b4983fd1947d2e0363a2b
2018-11-09 13:56:02 +01:00
Michael Meeks
fa74404019 Add a time limit for badly behaved / huge document load / conversions.
Also improve debug printing of load times in dumpstate.

Change-Id: Ib3fd70dffb57588cd90bd928c4be9890cee8bc65
2018-11-08 01:27:40 +00:00
Ashod Nakashian
b7f37af8f6 wsd: anonymization config and settings for username/filename
Change-Id: I9d7ce87b5f7d204b503d467959de008326b3411c
2018-10-16 20:12:23 -04:00
Ashod Nakashian
1e51b02db5 wsd: set SSL setting in loolwsd.xml based on configure --enable-ssl
Change-Id: I18f4c0cf4f5ec02a685d0721981a98396eb834fb
2018-10-16 20:12:23 -04:00
Andras Timar
c745732ac7 tdf#115163 allow bind to loopback interface
Change-Id: I4808fb0fd685dfe990efd5fb739ee86f1276ffad
Reviewed-on: https://gerrit.libreoffice.org/61297
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2018-10-05 16:38:28 +02:00
Jan Holesovsky
9d07230f8a ServiceRoot: Allow prefixing all the URI paths with a given prefix.
For instances that has to run in a deeper path like
https://server/something/blah/loleaflet/HASH/loleaflet.html.

Change-Id: Idacdaf9087d682fd527c3af2ea45d6b51a33908e
2018-09-08 00:12:15 +02:00
Tor Lillqvist
86a20fc927 Allow also the IPv6 loopback address ::1
Change-Id: I4e079095d0a599f36b1d48d7a1311db75e3d79bf
2018-07-18 17:54:45 +03:00
Tor Lillqvist
63a24e0082 Accept also localhost and IPv4-mapped IPv6 addresses
Change-Id: Ifc295d164276c0dd17592ff27066a522482fe04a
Reviewed-on: https://gerrit.libreoffice.org/57351
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
2018-07-12 17:43:11 +02:00
Michael Meeks
44e065d018 Remove test monitor.
Change-Id: I55f93ffec68745b194a778b541db1011962f735d
2018-05-18 18:32:57 +01:00
Michael Meeks
b483f477dd Allow a 'monitor' to be connected to remotely if configured.
So far monitors have the access an permissions of an
authenticated admin.

Change-Id: I59dfa8a646a60584a5c113ee0521e9afba4f6b76
2018-05-18 15:16:39 +02:00
Andras Timar
ad7c8ea8b3 trace should not be enabled by default in config file
This setting defaults to false in code, when the setting is not present
in the config file.

Also world-readable /tmp is not a good default path of trace file.

Change-Id: Iab6da18cf6f97f75bbcdaf444042cd7039c462f8
Reviewed-on: https://gerrit.libreoffice.org/53966
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-05-08 17:09:37 +02:00
Jan Holesovsky
88eefe75c5 Improve readability of the admin console password check.
Also disable PAM by default.

Change-Id: Id1197f0d049ce56f698952b87d2c4760412eb8ec
Reviewed-on: https://gerrit.libreoffice.org/53727
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-05-02 16:34:57 +02:00
YiiChang Yen
910ae806ef wsd: to filter clientAddress before POST action.
Change-Id: I293580f041bc46b36c57f63fe4a2c0131763b3c1
Reviewed-on: https://gerrit.libreoffice.org/50977
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2018-04-30 18:50:06 +02:00
Michael Meeks
ce06a9ae37 Allow the Admin console to be disabled in the configuration.
Change-Id: Iacde8e891f42e9ef9399ebbebbd2b2978188d4c4
2018-04-17 20:47:17 +01:00
Michael Meeks
8f134aa1a9 Allow running without seccomp and capabilities.
There are some significant security trade-offs here which are now
at least configurable.

Change-Id: I1d879d69e91392f4ccf5db250a2277f53df60db7
2018-03-19 20:46:17 +00:00
Andras Timar
0b382f879b Allow preload of nl dictionary by default
Change-Id: Id6410fa4febdd778f511e0bdcc4324ad0c2fdf43
2018-02-16 11:07:21 +01:00
Jan Holesovsky
ba7825e63b wsd: Support for configuration of the allowed languages.
Change-Id: I233619b89ac61aeaab4ba96f1f52773802cfd7ae
2018-01-26 20:57:54 +01:00
Andras Timar
a2e25cc7d3 Add PAM support
Possibilities are endless. With a simple /etc/pam.d/loolwsd config below,
the user which runs loolwsd ('lool' in production environment) can login
to admin console with normal linux password.

    auth       required     pam_unix.so
    account    required     pam_unix.so

Change-Id: I354a7e9b4705e8fe346d17d6b6041d1406198b37
Reviewed-on: https://gerrit.libreoffice.org/48307
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2018-01-23 11:03:45 +01:00
Michael Meeks
a1ee97c222 Add IPv6 support, and configuration option.
Default to listening on both IPv44 and IPv6 for public interfaces.

Change-Id: Ib04e3bf65e7dcf2a798d381297b15ee9c56e9259
2018-01-09 22:03:17 +00:00
Michael Meeks
ec80d623b8 Edit the right configuration XML file.
Change-Id: If72006918550ee5c440ad6b2ff26a5bd0d1efef1
2017-11-22 16:47:05 +00:00
Jan Holesovsky
8a0b47b3dc Set these rlimits to unlimited by default.
Change-Id: Id7e9f8db5422dc59b88cacf63a25e72b57826a57
2017-10-05 12:03:14 +02:00
Andras Timar
7224a062e9 typo: documen->document
Change-Id: I5d51dada113e3f1b3db5104d6d1f3b70a9fe99e6
2017-09-28 13:06:37 +02:00
Marco Cecchetti
ee6e64528d wsd: support for FSIZE and NOFILE system limits
The routine for handling the configuration for the max file size
limit, was wrongly using NOFILE. Now we handle both limits correctly.

Change-Id: Ie8b63617286f66af6d4eb1b35b9e4f4b28f3c2a6
Reviewed-on: https://gerrit.libreoffice.org/42803
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/42811
Reviewed-by: Marco Cecchetti <mrcekets@gmail.com>
Tested-by: Marco Cecchetti <mrcekets@gmail.com>
2017-09-26 17:40:31 +02:00
Pranav Kant
ad211ef51b wsd: Configurable autosave and idlesave durations
But these save conditions are checked every 30 seconds only, so setting
them to less than 30 seconds wouldn't mean that save will be triggered
anytime sooner.

Change-Id: Id473a79af6a3170c72e372040460f2b7c15f150e
2017-08-24 16:54:15 +05:30
Pranav Kant
fde57adbbf Introduce hard mode when we are OOM
Start killing documents when memory usage goes above threshold.

Also make it possible to close documents from admin instance.
In DocumentBroker::closeDocument, just set the _stop flag and wake
up the polling thread which will terminate the children, instead of
manually terminating the children.

Change-Id: Ie70e05b3fb6ea816a87b6dcfaed92cdddb94aa90
2017-07-07 21:14:53 +05:30
Ashod Nakashian
9cb82cebe3 wsd: add rlimit config entries and defaults
Change-Id: I8cb498d01bc1a7a55d168e49c754bb1bba80aea1
Reviewed-on: https://gerrit.libreoffice.org/38673
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-06-12 06:17:44 +02:00