We need a space after the prefix here to get past the
getForwardToken detection in the core; \n doesn't cut it.
Change-Id: I3f125d47586964ff844f0a89b04b8de866d01f8b
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
When toggling tile debugging in the Help>About, toggle Trace Event
recordning, too. Add a comment with an example of how to turn on
SAL_LOG overriding at the same place.
The following new messages from client to server are introduced:
traceeventrecording <start/stop>
Starts or stops comphelper::TraceEvent recording.
sallogoverride <string>
Overrides the SAL_LOG value, or stops overriding if no parameter
or parameter is "default".
Signed-off-by: Tor Lillqvist <tml@collabora.com>
Change-Id: I8b56c28cd99d39115cd796c44e5051d934d21a1f
Signed-off-by: Tor Lillqvist <tml@collabora.com>
It is (for now) produced (by the ProfileZone things in core) whenever
logging level is "trace". The Event Trace file pathname can be given
in the loolesd.xml file or on the loolwsd command line.
Signed-off-by: Tor Lillqvist <tml@collabora.com>
Change-Id: I6d5829121e71460a4600ee94d2ebf51043c8893f
net/HttpRequest.cpp:126:19: error: declaration of 'end' shadows a member of 'this' [-Werror=shadow]
kit/Kit.cpp:163:29: error: missing initializer for member 'statfs::f_bsize' [-Werror=missing-field-initializers]
kit/Kit.cpp:171:14: error: 'OVERLAYFS_SUPER_MAGIC' was not declared in this scope
Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: Ibbd35ab5af3adad403ed22a0aeb70917b9e21970
send status after performing any comment operation,
updating status send page dimensions,
which help in canvas layer to resize actual page size
without updating page size comments may go out of view
and will also not be scrollable into view
Signed-off-by: Pranam Lashkari <lpranam@collabora.com>
Change-Id: I489648bb5ccd7223746fea42050088e078046a1a
By defining NoCapsForKit and NoSeccomp
as const values for the KIT_IN_PROCESS
case, we have a more consistent and
simpler call-site.
Change-Id: Ife553eab9eaffd96560d4cfb4b8fdcdf26a1b9db
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
"Specifies whether the macro execution is enabled in
general. This will disable Basic, Beanshell, Javascript
and Python scripts. If it is set to false, the
macro_security_level is ignored. If it is set to true,
the mentioned entry specified the level of macro security".
Change-Id: I4bc5b690268a93994d17e2b02b7b60b6398646b7
Signed-off-by: Henry Castro <hcastro@collabora.com>
The commit in question breaks two unit-tests: wopi-template
and copy-paste. Temporarily reverting until the regressions
it introduces are resolved.
This reverts commit be68f06f70.
Change-Id: I1fafd73fdea57077eea05a146b7df0b013e6e8ba
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Otherwise the LOK_CALLBACK_STATUS_INDICATOR_FINISH
message is lost, and client side does not receive
it when Macro Security dialog popup.
Change-Id: Ife52c77078160b8cc1075eff9137de2d26b87b55
Signed-off-by: Henry Castro <hcastro@collabora.com>
Otherwise this will break badly in the collaborative editing (multiple
views) case.
Change-Id: I63d391cb5a7d118c34564c4e1a4df7710b13e90e
Signed-off-by: Tor Lillqvist <tml@collabora.com>
Templates were downloaded by Core
upon loading. This works fine, as
long as there is no special network
setup in loolwsd. However, when
loolwsd has a complex network setup,
such as when using reverse proxies,
Core wouldn't know about the details
and would likely fail to download
the template.
Luckily, there is no reason to rely
on Core for downloading templates.
Instead, we download it in loolwsd,
just like any other document, and
load it in Core as normal. The
remaining post-load saving of
templates remain unchanged.
Change-Id: Ib22ada4ae469863d5e5c8baeee27f667f7cd40ff
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This resolves a dependency on userName
(a.k.a. UserFriendlyName) that was a source
of issues when missing.
It turns out that when it's missing but
spellOnline is set, an edge-case caused
an exception that failed loading.
The spellOnline value, in its turn, was
incorrectly set to "null" when in fact
it was missing. This resulted in online
spell-checking being active by default.
Perhaps this was intentional, but here
we don't change this behavior at all.
Instead, we avoid sending "null" when
it's missing, and by default we always
enable online spell-checking, unless
it is explicitly set to "false".
This way, the exception is not thrown
and spellOnline doesn't have invalid
values, while preserving the current
behavior.
Change-Id: I4a09ac44ff5d6147c715afa0fb34af9650da4afd
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This is needed to show help in macro security warning
dialog which is showed before the document is loaded.
Change-Id: Ic50bac0c860c5673ce3ec854e54d658157d2a9dd
Signed-off-by: Szymon Kłos <szymon.klos@collabora.com>
e.g. in case of CODE AppImage, that is built from packages,
/etc/loolwsd/loolkitconfig.xcu will not be good, the good
location is within the AppImage's file system.
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: Ie2bf56cd95781c193a0e7185bd96d40c4849d920
The same cache size is used in server and client. The caches use the
invalidation algorithm. Pass the hash of the pixmap in the
windowpaint: message. The client stores dialog images in its cache.
The server stores hashes of the images. When the server knows that the
client already has an image cached, it sends just its hash and the
client will use the cached image.
Pass the size of the cache to the client so that we don't have to keep
the the cache size synchronised in two places in the code.
Change-Id: Ie6cbfca79a9ede48fcc115e3acc669b925bb624e
Signed-off-by: Tor Lillqvist <tml@collabora.com>
The other code in this function carefully checks before indexing the
tokens vexctor. We have already stored the integer from tokens[1] (if
it exists) in winId. So use that in one more place instead of
tokens[1] for consistency.
Change-Id: I2bc09b3e44e0549a94469d7569f724df17a113b3
Signed-off-by: Tor Lillqvist <tml@collabora.com>
This method needs to be called with having the correct view activated.
It caused a crash in writer/simultaneous_typing multi-user cypress test.
Signed-off-by: Tamás Zolnai <tamas.zolnai@collabora.com>
Change-Id: I57dd58a635ce7ea127200a6a3f0cadc8c0861aaf
I don't recall if simply ifdeffing is the proper way to bypass UnitKit
stuff (that I don't understand) for the mobile apps, but at least it
helps.
Signed-off-by: Tor Lillqvist <tml@iki.fi>
Change-Id: I85d477e4ee7d11c597d95a9b0b42af7e5f7ad122
* and fix error reporting: we do not abort every time when loolforkit
is invoked with incorrect user name
* and better readability of the conditions
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: Idc9db40c00d41c95160db130eb324c487f14de17
When the "Macro Security Warning" send clicks events,
the is no instance of Model/View/Controller yet.
So adjust to send to global events.
Change-Id: Idc395cfb86548481bbadc22874293d7d6238db89
Signed-off-by: Henry Castro <hcastro@collabora.com>
In some cases we cannot do a fast bind-mount of the files we want
in our jail since we don't have cap_sys_admin for loolmount inside
eg. docker.
Thus we need to fallback to hard-linking, however various security
systems namespace parts of our tree, such that link() fails with
EXDEV even across the (apparently) same file-system.
As such we need to assemble a copy of what we want to hard-link
close to our jails. However, this needs to be owned by root / the
system to avoid having writable files shared between jails. Hence
we need cap_chown in addition to cap_fowner, to get ownership right
and then hard-link.
Change-Id: Iba0ef46ddbc1c03f3dc7177bc1ec1755624135db
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Before loading the document and if it has an embedded
macros, it will show the "Macro Security Warning"
message dialog.
If the input process is not enabled, the result will be
a virtual deadlock, so it should filter some messages at least.
Change-Id: I565569a0227ac0e7ce2feae2cf3ccdf21ce4b1d4
Signed-off-by: Henry Castro <hcastro@collabora.com>
Most C and Posix API clobber errno. By failing to save
it immediately after invoking an API we risk simply
reporting the result of an arbitrary subsequent API call.
This adds LOG_SYS_ERRNO to take errno explicitly.
This is necessary because sometimes logging is not done
immediately after calling the function for which we
want to report errno. Similarly, log macros that log
errno need to save errno before calling any functions.
This is necessary as the argements might contain calls
that clobber errno.
This also converts some LOG_SYS entries to LOG_ERR
because there can be no relevant errno in that context
(f.e. in a catch clause).
A couple of LOG_ macros have been folded into others,
reducing redundancy.
Finally, both of these log macros append errno to the
log message, so there is little point in ending the
messages with a period.
Change-Id: Iecc656f67115fec78b65cad4e7c17a17623ecf43
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Although we already save it for 256x256 regular
tiles, we use smaller tiles for preview requests
everytime there is a preview request the pixmap has to
recreated. Used unordered_map instead to keep different
resolutions saved for re-use
Change-Id: I3ced6b08b6e5f8096195b253abba8bb5afdffa3c
Signed-off-by: mert <mert.tumer@collabora.com>
Cleans up some of the conversions and implicity
unit in integral types.
Change-Id: I79f35b92f8f631894e55bdb39851b050870fce96
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Also, makes the logging of units much less error prone.
The overloaded streaming operators are temporary as
they are provided in C++20. The ones here (though
incomplete) are fashioned after the C++20 specs.
Change-Id: Ieb499282ccb6e63fa939ba07bed3e5a4fbef1bd0
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
chrono::system_clock can go back in time.
For time interval measurements, where we don't
care about the local time, a monotonic clock
should be used.
This avoids the server uptime jumping around
with daylight saving (or indeed by regular
synchronization with an atomic clock), among
other cases.
Change-Id: I09f9b24c82d19439348a2e66cad9e9de7d755208
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Now chosen log level is propagated to forkit and kits.
Also, admin console users can filter logs according to their channel names on client side.
Change-Id: Ife15a6148ed87533b81e9d63da252c633e74e559
Signed-off-by: Gökay Şatır <gokaysatir@collabora.com>
The different attributes of a document/user
are decoded when the kit receives them.
Decoding them a second time is usually harmless,
unless, that is, they contain '%'.
After the first decoding the '%' character might
not be escaping anything valid (depending on what
follows it). So a second attempt at decoding
might very well fail and throw, since the escape
code is invalid.
Change-Id: I73d56ce995b0237140a54b6c06bd36bde8b387bd
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
It is possible for the jail directory cleanup
to fail, if there are still references to at
least one file in the jail. In those cases we
keep the jail path around so we can retry the
next time we cleanup a jail. This reduces
the chance of leaking jails until restarting
the service.
Change-Id: If6116ef598afc91063de71c66870bd6426a971ba
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
size_t in C and in C++ are not necessarily the same
type. The C++ size_t is in the std namespace. Since
we do include many C headers, and indeed some C++
runtime headers do define size_t for backwards
compatibility, it's easy to mix and match the two
types.
Also, 'using std::size_t;' isn't a great practice,
so removed.
This is not exhaustive, just some low-hanging cases.
Change-Id: I85a36b6fd1acd204274b1869de9bcb94c8b3cf13
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Confusion arose due to separate creation of session, and watermark
property fetch from CheckFileInfo which happens in DocumentBroker::load
which doesn't do a load. This happens in a subsequent 'load url='
message cf. global.js which can then race vs. the session creation.
This causes mis-ordering of another unhelpfully shared Session,
letting the view canonicalization list to get out of sync between
the two processes.
So instead - tell the view it's canonical id. An example of the
problems of trying to share some unclear subset of the Session
class between kit and wsd perhaps.
Change-Id: I63dc30f9a047e3f889fd339b6aaf392b9fef37b9
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
New-line breaks can now be inserted in the watermark
text using
. This helps break long watermark texts
at desired points and therefore make watermarks more
readable.
Change-Id: Ifee6faa06c9fb1fac38e5a4036c2e225829d796d
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
The watermark handler member has been fully encapsulated
inside ChildSession, so there is no need to have public
members or circular dependencies (ChildSession owns Watermark
instance, and Watermark takes ChildSession instance to
construct and initialize).
Minor refactoring and const-correctness improvements.
This is a non-functional patch.
Change-Id: I32525c47e35e96fc5314e107639be93ebc49a60e
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
std::ifstream's tellg() returns -1 on error.
This is handled very poorly and shows up as ULONG_MAX.
Luckily, we have Stat class that does the same
both more safely and more efficiently.
Without opening the file, we now get the necessary
information unambiguously.
Change-Id: I2448bc71e01b0f166a9dd66aa38a88ea97a50cdd
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Unused selection variable has been removed. "clipboardchanged" event is activated.
LOK_CALLBACK_CLIPBOARD_CHANGED is handled according to existence of payload.
Change-Id: I6e37cb2ca4d4c59e55555ba3397cb00dbb7eafa2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/103165
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Use hash to identify download and pass that to the client.
This allows us to reduce parameters for download requests.
DocBroker maps download ids to URL in the file system.
Change-Id: I254d4f0ccaf3cff9f038a817c8162510ae228bc5
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/101992
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
problem:
In the mobile view taping on the selected slide preview would open the wizard
but when some object is selected on the slide
wizard would open for that object
this patch helps us to set the Page as selection and as result
mobile wizard opens for the slide even when some object on slide is selected
Change-Id: Ia4f0d5fe6a4d82d101ee26b75f557a44e0627704
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/101422
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
The use of a common threadname suffix in the WSD and Kit
processes is intentional. It is designed to help filter
for a single document's logs across both processes.
The thread name has nothing to do with the classes in
the code, nor is it intended to imply any relationship
except with the process and the document in question.
As the comment in this patch explains, the choice of
the suffix is arbitrary and while it may be changed,
it has to be sensible and common between the two threads
to allow for easy grepping.
Historically, there were in fact dedicated threads
within the respective "broker" classes, but this
fact should be safely ignored, since at the log level
we care less about which part of the code generates a
log entry (that info, if needed, is at the end of each
log entry, in the form of filename and line number),
rather we care more about which document it relates to,
which is crucial in investigating production issues.
Logs and code structure are only incidentally related.
Logs are (or at least should be) designed around
the execution structure, not code architecture.
(This reverts 2a16f34812)
Change-Id: Ic6fe2f9425998824774d2644fe4362e75dea6b88
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/101261
Tested-by: Jenkins
Tested-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
We now gracefully fallback to copying when/if systemplate
is readonly.
The bulk of the change is to support proper cleanup in
both cases.
First, we had to move as much of the jail bootstrapping
into the loolwsd-systemplate-setup script, so systemplate
will be as complete as possible before it is locked down.
Next, we needed to update the jail with graceful fallback
to linking/copying upon failure. For that, the jail setup
logic in Kit.cpp has been reworked to support not just
update failures, but also more comprehensive mounting
failures as well.
Finally, jail cleanup now is seamless. To support proper
cleanup when we had mounting enabled but had to fallback,
we mark jails that aren't mounted so we can 'rm -rf' the
contents safely and without fear or causing undue damage
(as unlikely as that is, technically we wouldn't want to
rm systemplate files, if mounting read-only had failed).
There are a few minor refactorings of JailUtil to make
it cleaner and more robust.
Change-Id: Iac34869cb84f45acf64fbbc46d46898367b496d2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/101260
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
For various reasons, systemplate may be read-only
or under a different owner and therefore impossible
to update the dynamic files in it.
To support such a scenario, we first link the
eight dynamic files in /etc when creating systemplate.
If this fails, we copy the files.
When creating jails, we always check that all the
dynamic files are up-to-date. If they are, nothing
further is necessary and we bind-mount, if enabled
and possible.
However, if the dynamic files are not up-to-date,
we disable bind-mounting and force linking
the files in the jails. Failing that, we copy them,
which is not ideal, but allows us to ensure the
dynamic files are up-to-date as we copy them too.
Ideally, the dynamic files in question would be
hard-link (or at least soft-linked) in systemplate
at creation. From then on we would bind-mount
the jails and everything would work perfectly and
no files would need updating. This patch is fallback
for when this scheme fails, which should be exceedingly
rare anyway, but which still ensures correct operation.
Change-Id: I09c6f057c49396579aaddb1b8bf4af0930dd4247
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/100834
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Tested-by: Jenkins
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Happened for me once in the iOS app, not sure if it was just a random
fluke while debugging, or whether it can happen in normal use. Anyway,
take it into consideration.
If the view count is zero, don't overwrite the '['.
Change-Id: Ia797d7cc99cc273e68ec184406f47283c9a647e2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/100672
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
The default Poco connection timeout is 60 seconds,
which is probably excessive. The current configurable
default is a more reasonable 30 seconds.
Currently we set this timeout on Storage connections
going out (i.e. WOPI connections).
Change-Id: Ie80a9141ca9bf721addc74baf94e62e0ad72fdd2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/98913
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ash@collabora.com>
Sometimes multiple messages are processed in a single iteration
at socket level. This happens in WebSocketHandler and when draining
Document queue.Just covered these cases.
Change-Id: Ifa46f5d484b67015cca64008b2c89426cc839e64
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/99387
Tested-by: Jenkins
Tested-by: Gabriel Masei <gabriel.masei@1and1.ro>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Gabriel Masei <gabriel.masei@1and1.ro>
The map._activate, among other actions, is sending indirectly some messages
to the server like clientzoom and clientvisiblearea. If these messages are send
before the document finishes processing the load message then there is
a chance that a nodocloaded error will be thrown because there is a
chance that the messages will be processed in parallel with load. This happens
constantly for xlsx files. This is generated by the Unipoll mechanism which,
in case of xlsx files, triggers a parallel processing.
To avoid the above scenario a mechanism of disabling parallel processing of
messages in kit was implemented and is used for load and save messages, for now.
Change-Id: I4c83e72e600f92d0bb4f1f18cebe694e326256d0
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/98519
Tested-by: Jenkins
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Do not send faileddocloading error if it is because of password.
When the document is password protected, we send to the client
both passwordrequired and faileddocloading.
These two are handled differently. While the first prompts the
user for password input, the second internally flags fatal error
and shows an error message that the document may be corrupted etc.
The end result is that the document is not loaded and displayed
when the user submits a correct password. To reset the fatal
error one has to reload, which is unhelpful when we need to
provide a password.
This patch makes sure that we only send one error message to
the client. If a password is required, it already implies that
the document didn't load, and that with the proper password we
should try again.
Similarly for when the password given is wrong. However, if
loading fails and it isn't a password-related failure,
faileddocloading error is returned and in this case the client
handles it as a final error (that requires reloading to retry).
Change-Id: I383418fd40b6e0749b20af0ef8dc40f391a05559
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/98676
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>