Commit graph

74 commits

Author SHA1 Message Date
Ashod Nakashian
5c9988f2e3 wsd: faster jail setup via bind-mount
loolmount now works and supports mounting and
unmounting, plus numerous improvements,
refactoring, logging, etc..  When enabled,
binding improves the jail setup time by anywhere
from 2x to orders of magnitude (in docker, f.e.).

A new config entry mount_jail_tree controls
whether mounting is used or the old method of
linking/copying of jail contents. It is set to
true by default and falls back to linking/copying.
A test mount is done when the setting is enabled,
and if mounting fails, it's disabled to avoid noise.

Temporarily disabled for unit-tests until we can
cleanup lingering mounts after Jenkins aborts our
build job. In a future patch we will have mount/jail
cleanup as part of make.

The network/system files in /etc that need frequent
refreshing are now updated in systemplate to make
their most recent version available in the jails.
These files can change during the course of loolwsd
lifetime, and are unlikely to be updated in
systemplate after installation at all. We link to
them in the systemplate/etc directory, and if that
fails, we copy them before forking each kit
instance to have the latest.

This reworks the approach used to bind-mount the
jails and the templates such that the total is
now down to only three mounts: systemplate, lo, tmp.

As now systemplate and lotemplate are shared, they
must be mounted as readonly, this means that user/
must now be moved into tmp/user/ which is writable.

The mount-points must be recursive, because we mount
lo/ within the mount-point of systemplate (which is
the root of the jail). But because we (re)bind
recursively, and because both systemplate and
lotemplate are mounted for each jails, we need to
make them unbindable, so they wouldn't multiply the
mount-points for each jails (an explosive growth!)
Contrarywise, we don't want the mount-points to
be shared, because we don't expect to add/remove
mounts after a jail is created.

The random temp directory is now created and set
correctly, plus many logging and other improvements.

Change-Id: Iae3fda5e876cf47d2cae6669a87b5b826a8748df
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92829
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
2020-07-01 05:42:43 +02:00
Ashod Nakashian
8e784f2bdd wsd: tokenization and hexify utils
Change-Id: I3a8eb39092ad5ed1a8589c05a893fd0ce6445e8b
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96827
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
2020-06-23 06:38:34 +02:00
Jan Holesovsky
2c246eed85 Sanitize the access_header.
The access_header can contain a lot of nonsense, like whitespace around
or additional \n's or \r's.  We used to sanitize that, but then
regressed in e95413d151 where the
"tokenize by any of \n\r" was by mistake replaced with "tokenize by
string '\n\r'".

Unfortunately the unit test didn't uncover that, and the further
refactorings of the related code have hidden that even more.

Change-Id: Ie2bf950d0426292770b599e40ee2401101162ff2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96638
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
2020-06-19 11:48:44 +02:00
Ashod Nakashian
4a8937d0d1 wsd: performance improvements
Change-Id: I137dc67b4231df1cd23a9dce72e6b12dc1bf364e
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/95343
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
2020-06-02 20:01:39 +02:00
Ashod Nakashian
223a1d08f0 wsd: performance-unnecessary-value-param
Change-Id: I1eb092c676da8600e0f8ed70cbc7e1f37fdd5a02
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/95338
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Tested-by: Jenkins
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
2020-06-02 20:01:29 +02:00
Ashod Nakashian
d2d0492245 wsd: move LOOLProtocol::tokenize to Util::tokenize
The tokenizer(s) are more generic than the protocol
logic, and are used from contexts that don't involve
the protocol as such.

Change-Id: Ie8c256bf11a91e466bff794021f41603c9596a7f
2020-06-02 18:03:36 +01:00
Ashod Nakashian
224ef08c7f wsd: single-char string literals -> char
More readable and typically more efficient.

Change-Id: I9bd5bfc91f4ac255bb8ae0987708fb8b56b398f8
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/95285
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
2020-06-02 01:31:26 +02:00
Michael Meeks
92eff552a5 Lower convert-to process priorities by default.
Interactive / editing processes should take precedence over batch
thumbnailing processes to keep responsiveness good.

Change-Id: Ib100409e312cb2ca545586a734711a31a92f110c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/93323
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-05-02 22:03:36 +02:00
Pranam Lashkari
8b349716eb killpoco: removed Poco::Process completely
Change-Id: Iba67abf9342c11517c69c1d94903bf4752aa87d6
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/83770
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
2020-04-29 14:27:54 +02:00
Gabriel Masei
6b486f229a wsd: admin: move kit memory reporting from kit to admin module
Sometimes kit process goes into a heavy processing state (or even hangs)
and is not able to report its memory usage. Thus we can't implement cleanup
of problematic kit processes based on memory information reported by kit.
By moving memory reporting to admin module we avoid this problem.

Change-Id: Icf274e3a3a97b33623a93f9d2dc1e640ad9b7d99
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92752
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-04-25 09:11:35 +02:00
Tor Lillqvist
4eb598711c Use #pragma once
LibreOffice core uses that, too, and we support an even more
restricted set of compilers.

Change-Id: I0d0e2c8608e323eb5ef0f35ee8c46d02ab49a745
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92467
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
2020-04-18 15:00:18 +02:00
gokaysatir
9e0594ee2d add pretty name - Android patch
Change-Id: If0de49884954cde26bfbe8ba1dce8844af5b30bf
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91831
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-04-11 13:43:31 +02:00
gokaysatir
a486bad79b tdf#130568 - Add server os pretty name to help->about
Change-Id: Id6de533dfb8e34a05d348f8ae701bf3c524c9b95
2020-04-01 20:45:32 +01:00
Miklos Vajna
b8bd1990aa Rework LOOLProtocol::tokenize() to return a StringVector object
The bulk of this commit just changes std::vector<std::string> to
StringVector when we deal with tokens from a websocket message.

The less boring part of it is the new StringVector class, which is a
wrapper around std::vector<std::string>, and provides the same API,
except that operator[] returns a string, not a string&, and this allows
returning an empty string in case that prevents reading past the end of
the underlying array.

This means in case client code forgets to check size() before invoking
operator[], we don't crash. (See the ~3 previous commits which fixed
such crashes.)

Later the ctor could be changed to take a single underlying string to
avoid lots of tiny allocations, that's not yet done in this commit.

Change-Id: I8a6082143a8ac0b65824f574b32104d7889c184f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89687
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2020-02-28 16:07:56 +01:00
Miklos Vajna
57a35bb96c Add an initial libfuzzer based fuzzer
- target ClientSession::_handleInput(), since crashing there would bring
  down the whole loolwsd (not just a kit process), and it deals with
  input from untrusted users (browsers)

- add a --enable-fuzzers configure switch to build with
  -fsanitize=fuzzer (compared to normal sanitizers build, this is the only
  special flag needed)

- configuring other sanitizers is not done automatically, either use
  --with-sanitizer=... or the environment variables from LODE's sanitizer
  config

- run the actual fuzzer like this:

  ./clientsession_fuzzer -max_len=16384 fuzzer/data/

- note that at least openSUSE Leap 15.1 sadly ships with a clang with
  libfuzzer static libs removed from the package, so you need a
  self-built clang to run the fuzzer (either manual build or one from
  LODE)

- <https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/refs/heads/master/efficient_fuzzing.md#execution-speed>
  suggests that "You should aim for at least 1,000 exec/s from your fuzz
  target locally" (i.e. one run should not take more than 1 ms), so try
  this minimal approach first. The alternative would be to start from the
  existing loolwsd_fuzzer binary, then step by step cut it down to not
  fork(), not do any network traffic, etc -- till it's fast enough that
  the fuzzer can find interesting input

- the various configurations start to be really complex (the matrix is
  just very large), so try to use Util::isFuzzing() for fuzzer-specific
  changes (this is what core.git does as well), and only resort to ifdefs
  for the Util::isFuzzing() itself

Change-Id: I72dc1193b34c93eacb5d8e39cef42387d42bd72f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89226
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-02-22 12:18:22 +01:00
Michael Meeks
e3864a060e Dump DocumentBroker state more completely.
Change-Id: I3477fe70ba25d6e9a95c12f30138c3353994e384
2019-11-27 19:17:27 +00:00
Gabriel Masei
2164f5207c Add REST endpoint for admin metrics.
Change-Id: I701485631931334d27594c4907cb770f9888e5bf
Reviewed-on: https://gerrit.libreoffice.org/82492
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-11-25 13:06:01 +01:00
Ashod Nakashian
d038ceb118 test: Improve iso8601ToTimestamp and tests
Using double caused all sorts of rounding issues,
especially with random unit-test failures.
Luckily, we don't need doubles and can do everything
with integers.

Also added a new function to print time_point as
iso8601 string, for logging and convenience.

Change-Id: I1c2040c02d1143282dbde0dadef32613b77c330d
Reviewed-on: https://gerrit.libreoffice.org/81578
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2019-10-29 02:39:34 +01:00
Ashod Nakashian
77e7cae689 wsd: fix password-protect file loading from multiple views
With password-protected files, the first loading attempt
always fails due to missing password. At that point the
client is notified of the missing password and the user
is prompted. The second attempt includes a (hopefully)
correct password and the document loading commences.

Due to the fact that an exception is raised when
the loading fails, this left the loading latch
triggered, which blocked subsequent attempts.

Change-Id: I7cc257a36eb1cc080f460aac8cdb7030783a5914
2019-10-14 21:35:27 +01:00
Andras Timar
d1ae1b36c2 typo fixes in comments and code
Change-Id: Idd98516d30d98dea18eda9bbec8ac9777063b553
2019-10-08 11:49:45 +02:00
DarkByt31
dd014e7029 tdf#107038 Poco::Timestamp replacement with std::chrono
Util added getHttpTime
WhiteBoxTests added test for getHttpTime

Change-Id: Ifb6a3fb2dc9b059b925e7b881362b72759a8b56b
Reviewed-on: https://gerrit.libreoffice.org/79754
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-09-28 12:26:32 +02:00
Tor Lillqvist
a7362d52ac Use portable format conversion specifier for uint64_t
Avoids a warning when compiling for iOS: format specifies type
'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned
long long').

Change-Id: I8b5205dd0c3a8ae2f531f1647b3e3bac27ea6065
Reviewed-on: https://gerrit.libreoffice.org/78985
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
2019-09-16 13:52:14 +02:00
Michael Meeks
79637655f6 Avoid PRIx64 format - we are 64bit only, so lx will do.
Fixes RHEL6 compilation problems around inttypes inclusion / definition.

Change-Id: I4f4647c7954c32d90dad94a43c630af24d551d78
2019-09-05 22:53:09 +01:00
DarkByt31
22f1656e08 tdf#107038 Poco::Timestamp replacement with std::chrono
Added functions to get file timestamp and to convert
chrono timestamp in ISO8601 fraction format and some
test cases.

Change-Id: I58961a31f7262b367cff9f33cffdec7571a2f8f7
2019-09-02 15:50:37 -04:00
Ashod Nakashian
919a93cd4b wsd: improved anonymization algorithm
Better hashing algorithm based on FNV-1a.
Adds support for salting the hash, and
for providing salt via configuration.

More unit-tests added, and better formatting.

Change-Id: I2be42675d0cdbaa73c3d7faed99e07631a9c20fc
Reviewed-on: https://gerrit.libreoffice.org/70034
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Reviewed-on: https://gerrit.libreoffice.org/71091
2019-08-17 04:26:35 +02:00
Miklos Vajna
13884468c3 common: fix UB in vectorAppend()
unit-copy-paste with ubsan failed with:

common/Util.hpp:751:43: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior common/Util.hpp:751:43 in

Change-Id: I71ae9b43a63f979c300d704419afc9a14cd303cd
2019-08-15 08:38:07 +02:00
Michael Meeks
149b861975 clipboard: a more helpful calc test.
Change-Id: Ibe0e583a2019e7bc5968dd8f73cf4e4a07d363b2
2019-08-05 21:18:27 -04:00
Michael Meeks
9726ce6f77 Various copy/paste fixes, unit test passing, parsing of result.
Change-Id: I9168853dd011e86896c3bd474a4d05ee82c0e336
2019-08-05 21:18:12 -04:00
Michael Meeks
7f4a7404cc Add hard random/hex key generation utility.
Change-Id: I8bb95153a5bd63a6b41edf65a0fdf0ebd52ad070
2019-08-05 21:08:07 -04:00
Michael Meeks
c36da1cd97 Implement getClipboard and start of a unit test.
includes Change-Id: I47d38f9285c855dcc6fbeeb73d35f22a46a30c05

Change-Id: I60b84bef1cf832ec5c191d664afd90a080b7ffbc
2019-08-05 20:25:49 -04:00
Michael Meeks
52e477e57e Switch to text/html for paste where we can.
Build special URLs to detect the same host being in-use, and much more.

Change-Id: I0ca639ea416cb78bf5e5274eac4400542b6b2cda
2019-08-05 15:47:47 -04:00
Michael Meeks
9d723cb230 Initial chunked transfer encoding.
Important for convert-to on larger documents and/or with newer curls.

Change-Id: Id18be6d22741a3af7cee39a069c509e4f662977b
2019-05-22 11:07:42 +01:00
DarkByt31
8e34705fe2 tdf#107038 Poco::DateTimeFormatter with Util::getHttpTimeNow()
Added a function to Util to get current time in HTTP
format using std::chrono.

Change-Id: I9e7a732f585c1758c9348c450a01713a66f1e7b7
Reviewed-on: https://gerrit.libreoffice.org/72585
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-05-20 11:53:13 +02:00
Michael Meeks
289894c66c debug: show WebSocketURI & a unique host id in help -> about.
Rather useful for debugging clustering issues.

Change-Id: I6d5f224bf8a3e4034c419137c8ad2b17fdf265ed
2019-05-17 13:24:32 +01:00
Jan Holesovsky
f76b36193d android: #if(n)def MOBILEAPP -> #if (!)MOBILEAPP for better reliability.
Change-Id: I5f9c9420b6c83601db1c8fdba4ae5a10b17b2107
2019-02-12 12:20:11 +01:00
Tor Lillqvist
5f01fbdf81 The iOS memrchr() replacement should of course be marked inline 2018-10-17 12:34:49 +03:00
Tor Lillqvist
0d8912ffe9 Test also looking for the last char 2018-10-17 11:55:19 +03:00
Tor Lillqvist
ccc7d2133d "The memrchr() function is a GNU extension, available since glibc 2.1.91."
Thus it doesn't exist on iOS, so add a trivial implementation. Include
an (ifdeffed out) unit test for it.
2018-10-17 11:46:56 +03:00
Jan Holesovsky
9a8e4fc0e8 wsd: safer string splitting
Reviewed-on: https://gerrit.libreoffice.org/57644
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
(cherry picked from commit 17d1fdda7a0c29df12c43b956418c83b59bfe0da)

Change-Id: I88b82a3754c4f5e280f00be8e27614c3fe49eff8
2018-10-16 20:12:23 -04:00
Ashod Nakashian
b6333ada8d wsd: anonymization improvements and unittests
Also support anonymization of downloadas documents
and renaming of documents.

Reviewed-on: https://gerrit.libreoffice.org/57541
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 78248a542c9ca31bf9ad4cad9b55d78690384395)

Change-Id: I81a80e6290217659987d73f625e5f0fb81cb7ef2
2018-10-16 20:12:23 -04:00
Ashod Nakashian
053161b3f5 wsd: move string utilities into Util
Reviewed-on: https://gerrit.libreoffice.org/57539
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit fb2671c4145edd4d4e359f0dcf5cc84835487cd4)

Change-Id: Idc578dff4e8ee5e48c1b7780d3feb2d21c6a9b13
2018-10-16 20:12:23 -04:00
Ashod Nakashian
4587dde56f wsd: anonymize filename by using the WOPI file ID
Reviewed-on: https://gerrit.libreoffice.org/57254
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 5e3568ff1029da948f05d1c0e0c56c6d0706690e)

Change-Id: I869cae3846c8630b192246bc68cc90e70c50d1fd
2018-10-16 20:12:23 -04:00
Ashod Nakashian
6c18aa7e88 kit: anonymize usernames and filenames in Kit
Change-Id: Id7928136db71ded7bf6b1a5e8e387db7251f8a35
2018-10-16 20:12:23 -04:00
Ashod Nakashian
f12883bc07 wsd: add anonymization helpers
Change-Id: Ic479218ab1b6e580c288a984f35795e1d0d6e8ad
2018-10-16 20:12:23 -04:00
Tor Lillqvist
b59d160a08 Intermediate commit of work in progress on an iOS app
The app is unimaginatively called "Mobile" for now.

Runs but crashes pretty quickly after loading the document by the LO
core. Will need some heavy changes to get a ClientSession object
created in there, too, to handle the (emulated) WebSocket messages
from the JavaScript. It would then handle some of these messages
itself, and forwards some to the ChildSession, which in this case is
in the same process. Now the messsages from the JavaScript go to a
ChildSession, which is wrong. As the assertion says, "Tile traffic
should go through the DocumentBroker-LoKit WS"
2018-09-12 18:32:05 +03:00
Tor Lillqvist
75438baa70 More mobile app stuff, very much early state of work in progress
Re-think Linux vs mobile ifdefs a bit. Use #ifdef __linux only to
surround code that actually is Linux-specific. Use #ifdef MOBILEAPP
for code that is for a mobile version (with no separste wsd, forkit,
and kit processes, and with no WebSocket protocol used).

Bypass UnitFoo for mobile. Possibly we do want the UnitFoo stuff after
all on mobile, to run in some special testing mode? Hard to say, let's
skipt it for now.
2018-09-10 15:13:43 +03:00
Tor Lillqvist
39072dbae5 Make this file compile for iOS 2018-08-29 20:41:16 +03:00
Tor Lillqvist
40f4cf17c9 Add a symbolicErrno() function to Util
For a developer, it is much nicer to see "EXDEV" in a log than "18",
for instance. (Sure, we often also log strerror(), but might that
perhaps be localised? And the symbolic names are what one uses when
coding anyway.)

Change-Id: I456a8c2589147dcad87f1b4c3a20b3bd5a35d097
2018-07-11 12:54:27 +03:00
Michael Meeks
03bbe52665 Ensure the forkit does not have lingering threads after preinit.
Change-Id: I216a03a0ada628189355ebfd4016bf6033430eef
2018-04-16 20:04:23 +01:00
Jan Holesovsky
c8ef63253a Sanity-check the scheme and host for frame ancestor, POCO does not do that.
Change-Id: Ieea9532ccd2a11e74f370a340e68f46122469848
2018-04-04 12:50:53 +02:00