A problem comes up when only a part of the tile is visible
on the client side and invalidation affects the invisible
part of this tile. To get back the old / right behavior we
need to request this kind of tiles too.
gcc 8 warns: cast between incompatible function types from ‘void
(*)(int, siginfo_t*, void*)’ to ‘__sighandler_t’ {aka ‘void (*)(int’}
[-Werror=cast-function-type].
The struct sigaction already has an appropriately typed field
sa_sigaction in a union with the sa_handler field, so use that. (If
that is not present in some older Linux and/or glibc that we still
need to support, this commit will have to be reverted then.)
Change-Id: I67667073c89b7b22e7de1933ccaaa60868685866
Also gets rid of a potentially problematic strncpy() use that causes a
gcc warning: specified bound 256 equals destination size
[-Werror=stringop-truncation].
(Whether that would have caused a problem or not depends on how
LogPrefix would have been used, and whether it ever would have been
filled completely, without any terminating nul character, by that
strncpy().)
Change-Id: I92dba3726e3f46777d9b4c8cf88f557c02788fe0
I think the general policy should be to always log errno using both
Util::symbolicErrno() and std::strerror(), never log a naked errno.
But only in cases where we know that it is highly likely that it is
the most recent system call that has failed, so errno makes sense.
Change-Id: I4a1fb31e375ea949e7da17687464361efe7c1761
For a developer, it is much nicer to see "EXDEV" in a log than "18",
for instance. (Sure, we often also log strerror(), but might that
perhaps be localised? And the symbolic names are what one uses when
coding anyway.)
Change-Id: I456a8c2589147dcad87f1b4c3a20b3bd5a35d097
Better logging during wopi info parsing,
especially upon failures.
Refactored the code from Storage.cpp into
JsonUtil.hpp.
Minor optimizations.
Add unit-tests for the parsing logic.
Change-Id: Ifebc3f6b7030a6c7b3b399786633f6b5e8737478
Reviewed-on: https://gerrit.libreoffice.org/49927
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
And improve the logging support in unit-tests to
help troubleshoot issues faster and more accurately.
Also makes the code more readable (hopefully).
Change-Id: I4f8aafb5245e2f774b03231591a74544f9ec84aa
Reviewed-on: https://gerrit.libreoffice.org/48645
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
eventually the log file descriptor will be closed and unhandled exception it will throw it
"terminate called after throwing an instance of 'Poco::WriteFileException'
what(): Cannot write file"
Change-Id: I1d6ae3a4d4d4910f2ed2cdc80b162c27f93d55d9
Reviewed-on: https://gerrit.libreoffice.org/49055
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
* logs helpful messages for various error corner-cases.
* optimized file descriptor closing for large fd counts.
Change-Id: I8cba9ecb3d71ddc6e22e20d89368d8c6b9b5097f
Now all logging is done after checking if the
level in question is enabled or not (thanks to
the macros LOG_XXX), which saves unnecessary
conversions and stringification when said level
is disabled.
Change-Id: Icde31e067f60269563896f04f8b0d65643720766
Reviewed-on: https://gerrit.libreoffice.org/47885
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Unlimited settings were logged as huge numbers.
In two cases settings were logged via LOG_SYS (and as errors)
instead of LOG_INF.
Change-Id: I1da493c0126ecf9d2382956ac1e60e57988696ee
Reviewed-on: https://gerrit.libreoffice.org/44731
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
To be able to set the support key directly from the command line, and to show
the option, etc.
Change-Id: Iac93bc47a6f4b9d5a5ad0ac8b06bda978e01b760
Reviewed-on: https://gerrit.libreoffice.org/43098
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
The routine for handling the configuration for the max file size
limit, was wrongly using NOFILE. Now we handle both limits correctly.
Change-Id: Ie8b63617286f66af6d4eb1b35b9e4f4b28f3c2a6
Reviewed-on: https://gerrit.libreoffice.org/42803
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/42811
Reviewed-by: Marco Cecchetti <mrcekets@gmail.com>
Tested-by: Marco Cecchetti <mrcekets@gmail.com>
Trying to combine the Poco's http server together with our polling loop leads
only to problem; so instead let's introduce a hook where we can do the WOPI
serving directly in the unit test.
Change-Id: Id3fec6ff93c3ad652aa4e0fc6309c5b7639728cb
Start killing documents when memory usage goes above threshold.
Also make it possible to close documents from admin instance.
In DocumentBroker::closeDocument, just set the _stop flag and wake
up the polling thread which will terminate the children, instead of
manually terminating the children.
Change-Id: Ie70e05b3fb6ea816a87b6dcfaed92cdddb94aa90
Changes protocol to use 'wid' instead of 'hash' everywhere. Wire-ids
are monotonically increasing integers that can be mapped to hash
values for all of the hash values and tiles we cache internally.
Change-Id: Ibcb25817bab0f453e93d52a6f99d3ff65059e47d
Seems to have no effect, so gone in
favor of RLIMIT_AS (virtual memeory).
Change-Id: I210879ec9285f420c9f9839cdabf45c42d865fb3
Reviewed-on: https://gerrit.libreoffice.org/38720
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
userextrainfo is a json array that contains
extra user-specific links.
Currently 'avatar' is assumed to hold the
image url for the user's avatar.
'mail' and other links can also be added.
Change-Id: I37c4c68bfa0b7ee659e017b4867dcb8cf5c2ca2f
Reviewed-on: https://gerrit.libreoffice.org/38120
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
The new password hash property is called secure_password in the config
file. `loolconfig` tool should be used to set the password hash in
appropriate format with desired salt length, password length, number of
iterations in PBKDF2.
To be backward compatible, plain-text password for admin-console in
config file is still accepted in case secure_password property is
missing from the config file.
Change-Id: If229999dac62856e368555c0242c4aa6f8061fba
Fixes the case when the client reconnects on idle
disconnection (because it never got the 'close: idle'
message).
Also, show informative message to users in this case
instead of grey screen.
Change-Id: Ia2e1f2ffefe6d35dd1552e7cc44e490aab86c600
Reviewed-on: https://gerrit.libreoffice.org/37891
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Jail paths are now generate from a PRNG
instead of using the PID of the kit process.
The PRN is converted to base-64 and used
as the directory name where a given
kit is jailed.
Change-Id: I8e4bc35d9ccdfdae0e542ab707c417cd29ad52f3
Reviewed-on: https://gerrit.libreoffice.org/37372
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Dung out overlapping return enumerations. Move more work into 'move'
callbacks at a safer time, etc.
Change-Id: I62ba5a35f12073b7b9c8de4674be9dae519a8aca
POST requests require the full request to be
left in the socket buffer to be parsed in full.
But GET requests, especially WS upgrade, must
have the request cleared from the socket, as
there is more data expected to be read after
the upgrade, which happens by the DocBroker
thread, so clearing the buffer must be done
before the upgrade.
This patch accomodates these two conflicting
cases and refactors the code slightly to
make it more structured and readable.
Change-Id: Ia7357a745a3900f986099ba14af2a0946023018b
Reviewed-on: https://gerrit.libreoffice.org/36873
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
This slows things down terribly, particularly the setting on the websocket
made tiles appearing one by one. Let's keep the possibility to zero the buffer
sizes for debugging, but hide that behind an env. variable (and in debug
builds only anyway).
Change-Id: Ie4d2cdb3c0ec3c50f1a2b4f9941a462ac4f2d196
This was a workaround to Poco's limitation
of requiring socket receiveFrame be given
preallocated buffer, which couldn't be
exceeded by a larger payload. This meant
the receiver had to know the maximum
payload in advance.
Since only the Kit uses Poco sockets,
and the Kit never receives large payloads,
this preamble is now obsolete.
100% (94/94) of old-style tests PASS.
Change-Id: I76776f89497409e5755e335a3e25553e91cf0876
Reviewed-on: https://gerrit.libreoffice.org/36037
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
With this every other client would be able to know about other client's
permission i.e whether they have opened the document as readonly. This
could be important eg: to hide the cursor overlay of readonly users in
the UI or to mark these users as readonly in the userlist.
Change-Id: I5dcb1b4e5a22c9b546d16b69b9216cc7653cff04
Pull the notification pieces out of SigUtil.cpp - not signal safe,
and invoked only from LOOLWSD anyway.
In a non-blocking world, the socket close notification sends are
instant - so more work required to count-down / timeout remaining
clients.
These are really GET requests that aren't
WebSocket upgrade. Should rename to something
less misleading.
Re-enabled testSlideShow which depended on this.
Change-Id: I52b7f67b650fcdcbae7c2bff020b756099263141
When the socket is closed the last WS frame
will not have any payload, just a frame.
In this case the socket should still fire
handleMessage so this frame could trigger
application logic, however in this case
ClientSession has nothing to do, so we skip it.
Change-Id: Ia2b13026e31460ffceb8f9d9cfa39d36fbc57146
There is no need to use `ps` here as reading
directly is trivial and has far less overhead.
Change-Id: I27d0432c1f3a9d35763d67fc445d8bd828f1b27e
Reviewed-on: https://gerrit.libreoffice.org/34052
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
We no longer tell the clinet "This is embarrassing..."
when we disconnect and unload an idle document. Instead,
the client UI remains greyed out so the user can resume
as if it was inactive (and reload the document in this case).
Also, we now always send the "close: " message prior
to shutting down a client websocket. This is more
reasonable and consistent when we intentionally disconnect,
so clients can rely on it to signal intent and give reason.
Otherwise, a disconnection without this application-level
message should be unexpected and is therefore reasonable
to show the "This is embarrassing..." message.
Change-Id: Ic7439bcc9267be155586ccd5d122e9fe60225516
A race condition between the client socket thread
and the idle-document cleanup caused segfault
on the websocket.
Now the ChildProcess object doesn't reset
the websocket on closing, rather on destruction.
Change-Id: I10d0dfb1ba677a65479df85b7a53de8c5f1b44c3
Each Kit process now reports its own PSS,
which is much more accurate as they share
a significant ratio of their pages with
one another.
Admin tracks the PSS values of the Kits
and reports to the console.
Change-Id: Ifa66d17749c224f0dc211db80c44f7c913f2d6c4
Reviewed-on: https://gerrit.libreoffice.org/33864
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Around 1.5x faster than Poco,
which first enumerates files into
a container, then iterates over
them and stats before unlinking.
Here we enumerate and unlink in
a single pass.
Change-Id: I79d1c0f1b5ec557ccc4f0e2ec7a0609051d8d212
Reviewed-on: https://gerrit.libreoffice.org/33680
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Now we don't get a situation where there would be a tremendous amount of
invalidates & tile render requests piled in the queue, so we can do it
deterministic again.
The only thing that could potentially pile in the queue are the keypresses
events sent from the clients, but that is a different problem anyway.
This reverts commit c326228774.
Change-Id: I98e199eab0187bf5f47ce322ac1b1b2e3b976b85
User input is batched together to reduce
overheads. This initial implementation
will batch all input of the same type
together.
Change-Id: Ia0069de9cf5acecf637941543267f86518c04640
Reviewed-on: https://gerrit.libreoffice.org/33422
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Throw when empty payload is enqueued
and return empty payload on get timeout
(instead of throwing).
Change-Id: Iab5df775caa46d5c212d0850645cda6cca16f20b
Reviewed-on: https://gerrit.libreoffice.org/33421
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Otherwise we are getting completely confused times - various processes start
at various times, so for one process the epoch start can be eg. 20 minutes
later than for the other.
Change-Id: I6d87e98682a5fcd0348a584cf66f7ffa5813ca66
The server tells the client the hash of each tile it sends (calculated
from the contents of the tile, not its PNG encoding). When the client
asks for a tile to be refreshed, it tells the server what the hash of
the existing tile is. If the server notices that the tile contents
hasn't actually changed, it doesn't PNG encode it and doesn't send it
to the client.
The intent is that this will reduce load on the server and also avoid
unnecessary tile traffic.
Change-Id: Ia06ca68655ea984ed4319f24f4470afda322eccf
If we are logging a message, we want to see the first line of it in
its entirety if possible. Especially now with more parameters being
added to tile messages, 120 was not enough to see the added
interesting ones.
Bin the silly test that used knowledge of what the limit is. We should
not test a coindidental arbitrary number that is not a documented part
of an API. If we want to test the default abbreviation functionality,
we need to at least make that default limit (now 500) public in
Protocol.hpp.
Change-Id: Iea59ba46e8331e2a839c792146f123fed9df2b82
This makes debugging much easier as one can
readily match WSD logs with a given test.
Change-Id: I8f2c83d67189038699af3f24dee205bc7efb5c28
Reviewed-on: https://gerrit.libreoffice.org/32860
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
As far as I see, we tend to use the same namespace name as the
basename of the corresponding include file, and this stuff is defined
in a file called Png.hpp.
Change-Id: Id859e13e94568abd9f1d5b4ef3bfbbb0c156db11
There is no way to let the user of document currently being
opened, in case of failure, know that disk is low on space.
We check the disk space when forking children after which we try
to alert all users but this would end up doing nothing for
current document because document broker is not registered at
this time (we iterate through doc brokers when alerting). Another
conditional disk check is performed just before opening the
document but this is performed only if last disk check was
performed greater than 60 seconds which would never be the case
because document open is always preceded by a child fork (when
rebalancing children).
Lets not cache the disk check when forking the children to
prevent above mentioned situation while still minimizing the
number of disk checks performed.
Change-Id: Id3add998f94e23f9f8c144f09e5efe9f0b63821c
Since we always need to set the thread-pool size
anyway, we cannot have 'unlimited' connections.
Actually, we never did, so that was misleading
in configure.ac anyway.
The current defaults are 20 connections and
10 documents, instead of the previous 1024
connections.
The reason for this "low" limit is to
enable unittesting these limits automatically
for the default configure.
There is also a lower-limit (needed by unittests
and internal technical requirements) of 3 connections
and 2 documents.
Change-Id: I6ccf3a607c50bb2a86bf1c0a16ebb6326ee34c7d
Reviewed-on: https://gerrit.libreoffice.org/32712
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
There should be no need to take a lock to
access it. However there were cases where it
wasn't thread-safe. Now we can remove unncessary
locking before invoking it.
Change-Id: I90d2c6940610a59aa6c749491ea85fb80b0acbcd
Reviewed-on: https://gerrit.libreoffice.org/32615
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>