Commit graph

7022 commits

Author SHA1 Message Date
Ashod Nakashian
4e186aca18 wsd: fixed remaining anonymization issues
(cherry picked from commit b7f5809a792e2a0b816d3cfd96511cdd93582d15)

Change-Id: I756ccd4b810fdc4dd62a83c1704c59c6a947e615
2018-10-16 20:12:23 -04:00
Ashod Nakashian
5d6a228a8b wsd: don't anonymize 'contents' URI
Reviewed-on: https://gerrit.libreoffice.org/57707
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 7cadf9da49c2b804f30f1e8c2d2998c768b9d365)

Change-Id: Ia66729453a1f7db6105a0332de0f8bad3835f3f5
2018-10-16 20:12:23 -04:00
Ashod Nakashian
ff6f49c598 wsd: more string split tests
Change-Id: Idd6e99954b11238eaf64e11e7969d0aee1612557
Reviewed-on: https://gerrit.libreoffice.org/57648
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
(cherry picked from commit f64e0fba92ad80776572255951b2e0d76bc76e73)
2018-10-16 20:12:23 -04:00
Ashod Nakashian
b6333ada8d wsd: anonymization improvements and unittests
Also support anonymization of downloadas documents
and renaming of documents.

Reviewed-on: https://gerrit.libreoffice.org/57541
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 78248a542c9ca31bf9ad4cad9b55d78690384395)

Change-Id: I81a80e6290217659987d73f625e5f0fb81cb7ef2
2018-10-16 20:12:23 -04:00
Ashod Nakashian
00a44d6e81 wsd: flush logs before existing
This is important for when we abort with some explanation.
Often said explanation doesn't show up anywhere to be useful.

Also, issue fatal logs for abnormal exist and use SFL to log errno.

Reviewed-on: https://gerrit.libreoffice.org/57540
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit ad7964393eadb68873b820e0a620fb40f1e1b06a)

Change-Id: Ic67064ef40ef6e93d26e5847ecd32bdd49c3cc8b
2018-10-16 20:12:23 -04:00
Ashod Nakashian
053161b3f5 wsd: move string utilities into Util
Reviewed-on: https://gerrit.libreoffice.org/57539
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit fb2671c4145edd4d4e359f0dcf5cc84835487cd4)

Change-Id: Idc578dff4e8ee5e48c1b7780d3feb2d21c6a9b13
2018-10-16 20:12:23 -04:00
Ashod Nakashian
b516891815 wsd: prevent anonymization to empty strings
Change-Id: Ib4f90db5d39e7bf2e2f0b6566b1927363e6afcec
Reviewed-on: https://gerrit.libreoffice.org/57377
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 84245aa61e89cda6a9075a7059b5a7d839389719)
2018-10-16 20:12:23 -04:00
Ashod Nakashian
4587dde56f wsd: anonymize filename by using the WOPI file ID
Reviewed-on: https://gerrit.libreoffice.org/57254
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 5e3568ff1029da948f05d1c0e0c56c6d0706690e)

Change-Id: I869cae3846c8630b192246bc68cc90e70c50d1fd
2018-10-16 20:12:23 -04:00
Ashod Nakashian
1d5b6ca20b wsd: use obfascated user id when provided by WOPI
Change-Id: I69a17dff0e5e6b27e4538d9fe9019e4d1eebb16f
Reviewed-on: https://gerrit.libreoffice.org/57171
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 62dadb8aaa5cf9ba8cbbe0bc7f84dfc1076104c1)
2018-10-16 20:12:23 -04:00
Ashod Nakashian
1d814fca8c wsd: allow tracing with anonymization
Useful for troubleshooting and other non-prod setups.

To enable, add a subnode under logging/anonymize in
loolwsd.xml called allow_logging_pii with a boolean
value of true:

<logging>
  <anonymize>
    <allow_logging_pii>true</allow_logging_pii>
  </anonymize>
</logging>

Reviewed-on: https://gerrit.libreoffice.org/56568
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 829b4722817b89445701a378ffa6b597b906bb7d)

Change-Id: If74acaac0ea442ee5a7860453182180663a5108b
2018-10-16 20:12:23 -04:00
Ashod Nakashian
c93f98d8c4 configure: support disabling anonymization
And inform the user of the anonymization level.

Reviewed-on: https://gerrit.libreoffice.org/56567
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 13f3b7848f9cd77dc7a1e82f0fba656dbd503b4c)

Change-Id: I95cf832d5c4103744207214ffbf4e85d177ff190
2018-10-16 20:12:23 -04:00
Ashod Nakashian
87d442712e wsd: force anonymization when enabled with configure
This prevents disabling from loolwsd.xml when
the flags to anonymize are baked in at compile time.

Change-Id: If38ad3815bc9f18ed51b6626fc8c03528e7b8327
Reviewed-on: https://gerrit.libreoffice.org/56089
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
(cherry picked from commit 8844d238f1c7a0bd71f6ddd3b59f4ea18bf3bdbb)
2018-10-16 20:12:23 -04:00
Ashod Nakashian
9fc7bc3625 wsd: log wopi CheckFileInfo with correct casing
Change-Id: I3e5e0000168ed6cf8910f593443a6b54324079c2
Reviewed-on: https://gerrit.libreoffice.org/56073
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
(cherry picked from commit 9001978d32f9dab769b1138a92d5e0eb7cb90b00)
2018-10-16 20:12:23 -04:00
Jan Holesovsky
f44b59b2d1 wsd: dump history in trace-logging only
(cherry picked from commit 1d5074146ad4532d86e7b5cfa7d0f518feee13c5)

Change-Id: Ibbefb93aa378f6faecbdb8b8c4f59013696b73c7
2018-10-16 20:12:23 -04:00
Jan Holesovsky
97df23eff5 anonymization: Anonymize uri's in the tilecache
(cherry picked from commit 2581772ecef22016348eba9cb51d19c7c6c53412)

Change-Id: I927d05e0329e3b2375f8d04f23b4356f2fd31764
2018-10-16 20:12:23 -04:00
Jan Holesovsky
6984d9a1ac anonymization: Anonymize uri's in the documentbroker
Change-Id: I1940b3eeb1761ec399716f237514020e97a785b1
(cherry picked from commit 49df5275451eb29ad2e10c156351f3255b8f756b)
2018-10-16 20:12:23 -04:00
Jan Holesovsky
726b50cc52 anonymization: Anonymize uri's in loolwsd
(cherry picked from commit 431f02ba982dd706767ccc8daf91c4840c640ac4)

Change-Id: I1d5d41ee8c3a3af1d437ec400fc8e27eb3de99db
2018-10-16 20:12:23 -04:00
Jan Holesovsky
6ec9b5c836 anonymization: Anonymize uri's in the storage
(cherry picked from commit 34359547cc735ebae4014837bcb92b7f0136bdf0)

Change-Id: Ifba57c5c765b9f2291255cc7de567520a21370ef
2018-10-16 20:12:23 -04:00
Jan Holesovsky
564fd6c621 anonymization: Anonymize urls in Kit.cpp
(cherry picked from commit 3a530d247496e577ed994c9cbece5faebd68e850)

Change-Id: I02c24e53664dbc971e8b5b4bdc3e607a53769bd0
2018-10-16 20:12:23 -04:00
Jan Holesovsky
25ef47adb4 Add a helpful warning for the dev builds.
Change-Id: I07d9c4d84e1edf9807a0683667d8d24d4c39ff38
(cherry picked from commit 2d9ca904d1065e91fac0c6ca2b509feecd931798)
2018-10-16 20:12:23 -04:00
Ashod Nakashian
a483d7ddef wsd: anonymize saveas
Change-Id: I58e349781952a97c3251b0e52e26abb34d44e9c0
2018-10-16 20:12:23 -04:00
Ashod Nakashian
f8ec98c144 wsd: anonymize downloadas
Change-Id: I6dff7189d78d339f1f5db7afef2b62da4df23759
2018-10-16 20:12:23 -04:00
Ashod Nakashian
d748dec556 wsd: anonymize document saving
Change-Id: Ic819883e39a544ec16d6ac144a08ed9f9f568cc0
2018-10-16 20:12:23 -04:00
Ashod Nakashian
7f569a61dc wsd: anonymize jailed filename
Change-Id: I0af46ae6779caf9851e3142889940e4f774f9eb9
2018-10-16 20:12:23 -04:00
Ashod Nakashian
6c18aa7e88 kit: anonymize usernames and filenames in Kit
Change-Id: Id7928136db71ded7bf6b1a5e8e387db7251f8a35
2018-10-16 20:12:23 -04:00
Ashod Nakashian
3c73e275e4 wsd: anonymize WOPI::CheckFileInfo
Change-Id: I2c23e9f159456176ae85967cc49ec876b1e4ecf4
2018-10-16 20:12:23 -04:00
Ashod Nakashian
f25575181c kit: parse anonymized tokens in doc options
Also optimize the parsing in general.

Change-Id: Id1f5b5c12e867c98e523d1e32397853d7d4a6ee4
2018-10-16 20:12:23 -04:00
Ashod Nakashian
0264dba09e wsd: anonymize load command sent to Kit
Change-Id: Ic509ceb5c38bc50152f1d00bd5718089fe664ac1
2018-10-16 20:12:23 -04:00
Ashod Nakashian
f12883bc07 wsd: add anonymization helpers
Change-Id: Ic479218ab1b6e580c288a984f35795e1d0d6e8ad
2018-10-16 20:12:23 -04:00
Ashod Nakashian
267b047220 wsd: demote socket write logs to trace level
They are only informative when the actual data
is also logged, which is on the trace-level only.

Change-Id: I7e45f2a4f14638783a65cb3a4eb132438d9125b8
2018-10-16 20:12:23 -04:00
Ashod Nakashian
380c55d9eb wsd: disable tracing after initialization
The first child had tracing enabled even after
initial startup is completed. This would leak
user details when anonymization is enabled.

Change-Id: I5325e02d1a1078bff6640af85f5672b556c00aeb
2018-10-16 20:12:23 -04:00
Ashod Nakashian
95107ed926 wsd: support anonymization settings
Check and fail to start if anonymization is enabled
and trace-level logging is requested. Since trace
may include data packets, which is hard to anonymize and
is likely to impact performance if attempted, it is best
to prevent tracing altogether.

Also, sort the default settings for better readability.

Change-Id: Ic83f1f2fda15e2146a5d970f03617fa460d9cbc7
2018-10-16 20:12:23 -04:00
Ashod Nakashian
b7f37af8f6 wsd: anonymization config and settings for username/filename
Change-Id: I9d7ce87b5f7d204b503d467959de008326b3411c
2018-10-16 20:12:23 -04:00
Ashod Nakashian
f3d02cb9e2 wsd: support polling on client thread
Previously SocketPoll expected to be
running its own thread for polling.
This is unnecessary when we have a
spare thread (e.g. main) that can
(and should, for efficiency) be used
for polling rather than starting
dedicated thread.

Not starting the SocketPoll's thread
and calling SocketPoll::poll() directly
worked, the warning logs on each activity
notwithstanding.

The warnings aren't just noisy, they are
a performance drain as well, and signal
that something is wrong. The new code
now makes the API cleaner and avoids
unnecessary warning logs, while being
faster.

Change-Id: Ibf9a223c59dae6522a5fc2e5d84a8ef191b577b1
2018-10-16 20:12:23 -04:00
Ashod Nakashian
3158d4c31c wsd: always use signal-safe calls
The async-signal-safe functions to get thread-id
and thread-name, which cache the results, are
faster, cleaner, and signal-safe. No reason why
we shouldn't always use them.

Especially since it appears the logic was
inverted in Log::prefix, such that the signal
un-safe calls were made during signal-handling,
and the safe ones were called otherwise!

Instead of passing the signal-safe flag to
Log::prefix, we pass the buffer size, for
improved security.

Furthermore, reduce header dependencies
and reduce clutter.

Change-Id: I697689b2f0a290b6d8cce4babc3ac1e576141da6
2018-10-16 20:12:23 -04:00
Ashod Nakashian
63c3fce2c6 wsd: clang-format logging macros and pass logger explicitly
Change-Id: I37e7f4b5687b64b36e0985942627a4b84a8249eb
2018-10-16 20:12:23 -04:00
Ashod Nakashian
1e51b02db5 wsd: set SSL setting in loolwsd.xml based on configure --enable-ssl
Change-Id: I18f4c0cf4f5ec02a685d0721981a98396eb834fb
2018-10-16 20:12:23 -04:00
Ashod Nakashian
a7a03c3c5d wsd: send copied text to client upon .uno:Copy
Change-Id: I39181a0e29e00a0eae389fbab6ee253cf2f23f84
2018-10-16 20:12:23 -04:00
Henry Castro
452015d977 loleaflet: mobile: do not focus the map after the menu item click
Change-Id: I796c81a5df3471ab2cb9bb36735ad05f6e8f4492
2018-10-16 20:09:03 -04:00
Henry Castro
32c98a4c88 loleaflet: mobile: fix scrolling the dialogs
Change-Id: I5279cffca4b4d66fbc35a4a8ae4b3ffdfe70a215
2018-10-16 20:08:17 -04:00
Tor Lillqvist
e15dc044d7 Handle the GTKAPP case, too, in loleaflet
In loleaflet.html.m4, define a macro MOBILEAPP as true if either
IOSAPP or GTKAPP is true.

Set a window.ThisIsAMobileApp property in either case, and
window.ThisIsTheGtkApp in the GTKAPP case.

The checks for ThisIsTheiOSApp in the JS could in fact all be changed
to check for ThisIsAMobileApp instead, as they were all equally valid
for the gtk+ testbed app. For instance, sending WebKit messages to the
app code works the same way in JavaScript both for iOS and
webkit-gtk+. Which is not surprising, I guess, as the underlying
WebKit is the same.
2018-10-17 02:10:14 +03:00
Tor Lillqvist
cc2bfc9770 Build just loleaflet in the --enable-gtkapp case, too
When I fix the gtk+ testbed app to use autofoo, that subdirectory will
be built, too.
2018-10-17 02:10:14 +03:00
Tor Lillqvist
1d495e626f Forgot to commit this file
Change-Id: I6650583931f3c09a8c3d75c38a2e0dbceae5853d
2018-10-17 02:01:16 +03:00
Tor Lillqvist
fd758496a5 Add --enable-gtkapp configury option
Change-Id: Ib805581663aeec62d713f87ca72ab3cfe95db79f
2018-10-17 01:22:24 +03:00
Tor Lillqvist
8ceb8950e8 Add handlers for messages from JS
Change-Id: Ifa3acfd09e10dbee4ecf43bec5735263e3655790
2018-10-17 01:04:05 +03:00
Tor Lillqvist
58db979291 Start on a gtk+-based workalike to the iOS app
The idea is that it would work sufficiently identically, so that even
people without a Mac and without an iOS device could participate in
development of the non-iOS-specific bits, like the JavaScript, or the
online MOBILEAPP-specific plumbing. Which would be great.

No, this doesn't do anything sane yet. It does compile the same online
C++ files as the iOS app, though. (Some minor tweaks were needed in a
couple of them to silence gcc warnings.)

There is a plain Makefile, but I should change to using autofoo, too.
Eventually, this will need to be built in a separate tree from a
normal online, just like when using the --enable-iosapp configure
switch. (But for now, doesn't matter.)

Change-Id: I13e4d921acb99d802d2f9da4b0df4a237ca60ad6
2018-10-17 00:45:35 +03:00
Tor Lillqvist
e9d0b38103 Add some includes that are missing if compiling this on Linux
Change-Id: Iffe3481e56842f29f0e7838ca024b28e1f7187f3
2018-10-16 23:56:46 +03:00
Tor Lillqvist
3feae5ccda Don't talk about any 'ports' in the logging in the mobile app 2018-10-16 23:11:45 +03:00
Tor Lillqvist
6316aaf0f5 Initialise also _threadFinished and _stop in SocketPoll::startThread()
I am trying to get a SocketPoll object to be "restartable".

Also make the lambda expression in joinThread multiple lines, so that
one can set a breakpoint in it.
2018-10-16 23:06:05 +03:00
Tor Lillqvist
c617a8c73f Improve a comment 2018-10-16 23:05:59 +03:00