Commit graph

67 commits

Author SHA1 Message Date
Henry Castro
1df271b363 config: add "macro_security_level" item
"Level of Macro security".

Change-Id: I491648f2a89289c7f4455dfad76d73ac8449b965
Signed-off-by: Henry Castro <hcastro@collabora.com>
2021-03-12 08:23:56 -04:00
Henry Castro
50c0fc4492 config: add "enable_macros_execution" item
"Specifies whether the macro execution is enabled in
general. This will disable Basic, Beanshell, Javascript
and Python scripts. If it is set to false, the
macro_security_level is ignored. If it is set to true,
the mentioned entry specified the level of macro security".

Change-Id: I4bc5b690268a93994d17e2b02b7b60b6398646b7
Signed-off-by: Henry Castro <hcastro@collabora.com>
2021-03-12 08:23:56 -04:00
Henry Castro
c24c7d9335 wsd: add an option "batch mode" to load the document
disable any dialog interactivity

Change-Id: I6d6fde721c7b3c18c519f87139525fcac1f6fb31
Signed-off-by: Henry Castro <hcastro@collabora.com>
2021-02-22 14:59:59 -04:00
Ashod Nakashian
f60753a951 wsd: misc cleanup
Change-Id: Ief6cbc40ef2f7d98b0b76477109332676dab45b2
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2020-11-22 22:26:36 -05:00
mert
5418b4b19b Make AutoSpellChecking option state remembered on first start
Change-Id: I25823025e35ba6f580b03834979fb0bea616bcc1
Signed-off-by: mert <mert.tumer@collabora.com>
2020-11-17 14:55:31 +03:00
Ashod Nakashian
cb4beaca34 wsd: avoid the using keyword and use C++ size_t
size_t in C and in C++ are not necessarily the same
type. The C++ size_t is in the std namespace. Since
we do include many C headers, and indeed some C++
runtime headers do define size_t for backwards
compatibility, it's easy to mix and match the two
types.

Also, 'using std::size_t;' isn't a great practice,
so removed.

This is not exhaustive, just some low-hanging cases.

Change-Id: I85a36b6fd1acd204274b1869de9bcb94c8b3cf13
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2020-11-15 15:41:41 -05:00
Andras Timar
0002fdfd6c fix license headers
Change-Id: I8623770b32d278a45357dc7f757fabfadd2b4af7
2020-10-01 11:56:43 +02:00
Tomaž Vajngerl
ca00470722 allow saving a PDF, add "view_comment" state
This adds a "view_comment" in addition to "view" and "edit" state
into discovery.xml. In case it is enabled, the filters let the
comment commands through to core.

In addition add "Save Comment" menu action to allow saving the
comments, which is enabled when in "read-only" with "view_comment"
mode.

Change-Id: I3ab3dbee93ee2167ae96adea7025fc0b385f8201
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/99473
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
2020-07-27 16:40:12 +02:00
Ashod Nakashian
5c9988f2e3 wsd: faster jail setup via bind-mount
loolmount now works and supports mounting and
unmounting, plus numerous improvements,
refactoring, logging, etc..  When enabled,
binding improves the jail setup time by anywhere
from 2x to orders of magnitude (in docker, f.e.).

A new config entry mount_jail_tree controls
whether mounting is used or the old method of
linking/copying of jail contents. It is set to
true by default and falls back to linking/copying.
A test mount is done when the setting is enabled,
and if mounting fails, it's disabled to avoid noise.

Temporarily disabled for unit-tests until we can
cleanup lingering mounts after Jenkins aborts our
build job. In a future patch we will have mount/jail
cleanup as part of make.

The network/system files in /etc that need frequent
refreshing are now updated in systemplate to make
their most recent version available in the jails.
These files can change during the course of loolwsd
lifetime, and are unlikely to be updated in
systemplate after installation at all. We link to
them in the systemplate/etc directory, and if that
fails, we copy them before forking each kit
instance to have the latest.

This reworks the approach used to bind-mount the
jails and the templates such that the total is
now down to only three mounts: systemplate, lo, tmp.

As now systemplate and lotemplate are shared, they
must be mounted as readonly, this means that user/
must now be moved into tmp/user/ which is writable.

The mount-points must be recursive, because we mount
lo/ within the mount-point of systemplate (which is
the root of the jail). But because we (re)bind
recursively, and because both systemplate and
lotemplate are mounted for each jails, we need to
make them unbindable, so they wouldn't multiply the
mount-points for each jails (an explosive growth!)
Contrarywise, we don't want the mount-points to
be shared, because we don't expect to add/remove
mounts after a jail is created.

The random temp directory is now created and set
correctly, plus many logging and other improvements.

Change-Id: Iae3fda5e876cf47d2cae6669a87b5b826a8748df
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92829
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
2020-07-01 05:42:43 +02:00
Ashod Nakashian
784b7dc39d wsd: optimize StringVector
StringVector is heavily used for tokenization
and benefits from inlining of small functions.

Also, cat doesn't need to be slower than necessary.

Change-Id: I4ab2ff1b1f1a81092049d2cde64b6df10b34b5f7
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/95287
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jenkins
2020-06-02 01:39:37 +02:00
Ashod Nakashian
224ef08c7f wsd: single-char string literals -> char
More readable and typically more efficient.

Change-Id: I9bd5bfc91f4ac255bb8ae0987708fb8b56b398f8
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/95285
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
2020-06-02 01:31:26 +02:00
Michael Meeks
87d039e00a IO stats - handle convert-to case, and initiailize all temporaries.
Change-Id: I16c60c89745a7cc2f369a010c77cffbb08759f7b
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/94775
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-05-25 12:37:40 +02:00
Marco Cecchetti
255d24ba8f forward the device form factor of the client on a new view request
This patch allows the lok core to know about the device form facor of
the client requesting the creation of a new view, immediately instead
of a later time.
When a request for a new view is sent a 'deviceFormFactor' parameter
is appended to the message.
This parameter can have one of the following values: 'desktop',
'tablet','mobile' and is forwarded to the lok core.

Change-Id: I21739ddb8c43c960164b3c625e4cf0a80f4616a4
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92691
Tested-by: Marco Cecchetti <marco.cecchetti@collabora.com>
Reviewed-by: Marco Cecchetti <marco.cecchetti@collabora.com>
2020-04-29 13:18:49 +02:00
Michael Meeks
a7dc2d1467 kill IoUtil - obsolete & unused.
The switch away from LOOLWebSocket and the use of a websocket
for talking to forkit removes the need for the pipe code.

Change-Id: Ifb0c6c88681289e7a1709d9bc3281532935c7be4
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92033
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-04-10 16:38:25 +02:00
Miklos Vajna
d6fe0979b7 common: handle missing protocol in Session::getIOStats()
This sometimes causes unit-integration to fail and now is consistent
with other member functions of Session that handle missing protocol.

Change-Id: I43c7fcae964cfcb5911ff57d63bd4cb569e6b97c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90732
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-03-19 11:50:54 +01:00
Miklos Vajna
cd42700054 Rework the somewhat odd sendTextMessage() interface
It took both an std::string and a length. Take a char* and a length
instead.

Change-Id: Id37dfa67fe1baae09b69819680848a0a8a1d80ed
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90552
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2020-03-16 11:55:19 +01:00
Michael Meeks
e924625cc1 re-factor: Socket / WebSocketHandler.
Essentially we want to be able to separate low-level socket code
for eg. TCP vs. UDS, from Protocol handling: eg. WebSocketHandler
and client sessions themselves which handle and send messages
which now implement the simple MessageHandlerInterface.

Some helpful renaming too:

s/SocketHandlerInterface/ProtocolHandlerInterface/

Change-Id: I58092b5e0b5792fda47498fb2c875851eada461d
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90138
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-03-11 16:48:03 +01:00
Michael Meeks
019f268ffd handleDisconnect - unused.
Change-Id: Ib305f762ae33424c8a598d5c31eeda31b9c87555
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90137
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-03-07 11:28:08 +01:00
Michael Meeks
f70e627795 WebSocket - simplify handleMessage for now.
WebSocketHandler handles this complexity for us now, and for the
forseeable future. Simplify to prepare for larger re-factor.

Change-Id: I73b919885adc358cb6502a13492cdac85c34459c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90059
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-03-05 20:28:48 +01:00
Miklos Vajna
547f9ea731 Rework StringVector to have a single underlying string
This is meant to reduce lots of small allocations and instead have
pointers into the single string for the various tokens instead.

This has a few requirements, though:

1) It's no longer OK to modify the tokens, changing their length would
invalidate the start/length of other tokens. Rework
DocumentBroker::load() to avoid such mutation.

2) The iterators no longer expose zero-terminated strings, so
Poco::cat() doesn't work anymore: add an own cat() instead and use that
in e.g. ChildSession. The own cat() has the benefit that it won't read
past the end of the array if the begin index is out of bounds to add
more safety.

(This nicely works towards killing Poco usage in general.)

3) If zero-terminated strings for all individual tokens is needed, a
copy has to be made, as done in spawnProcess().

(For all of these requirements, the build fails if there are problems.)

Change-Id: Iea40e4400e630b2d669f5c72aea85cb40edf9a2c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89711
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
2020-02-28 18:31:37 +01:00
Miklos Vajna
b8bd1990aa Rework LOOLProtocol::tokenize() to return a StringVector object
The bulk of this commit just changes std::vector<std::string> to
StringVector when we deal with tokens from a websocket message.

The less boring part of it is the new StringVector class, which is a
wrapper around std::vector<std::string>, and provides the same API,
except that operator[] returns a string, not a string&, and this allows
returning an empty string in case that prevents reading past the end of
the underlying array.

This means in case client code forgets to check size() before invoking
operator[], we don't crash. (See the ~3 previous commits which fixed
such crashes.)

Later the ctor could be changed to take a single underlying string to
avoid lots of tiny allocations, that's not yet done in this commit.

Change-Id: I8a6082143a8ac0b65824f574b32104d7889c184f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89687
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2020-02-28 16:07:56 +01:00
Miklos Vajna
57a35bb96c Add an initial libfuzzer based fuzzer
- target ClientSession::_handleInput(), since crashing there would bring
  down the whole loolwsd (not just a kit process), and it deals with
  input from untrusted users (browsers)

- add a --enable-fuzzers configure switch to build with
  -fsanitize=fuzzer (compared to normal sanitizers build, this is the only
  special flag needed)

- configuring other sanitizers is not done automatically, either use
  --with-sanitizer=... or the environment variables from LODE's sanitizer
  config

- run the actual fuzzer like this:

  ./clientsession_fuzzer -max_len=16384 fuzzer/data/

- note that at least openSUSE Leap 15.1 sadly ships with a clang with
  libfuzzer static libs removed from the package, so you need a
  self-built clang to run the fuzzer (either manual build or one from
  LODE)

- <https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/refs/heads/master/efficient_fuzzing.md#execution-speed>
  suggests that "You should aim for at least 1,000 exec/s from your fuzz
  target locally" (i.e. one run should not take more than 1 ms), so try
  this minimal approach first. The alternative would be to start from the
  existing loolwsd_fuzzer binary, then step by step cut it down to not
  fork(), not do any network traffic, etc -- till it's fast enough that
  the fuzzer can find interesting input

- the various configurations start to be really complex (the matrix is
  just very large), so try to use Util::isFuzzing() for fuzzer-specific
  changes (this is what core.git does as well), and only resort to ifdefs
  for the Util::isFuzzing() itself

Change-Id: I72dc1193b34c93eacb5d8e39cef42387d42bd72f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89226
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-02-22 12:18:22 +01:00
Michael Meeks
9cef0f385d watermarking: create SessionMap template to canonicalize views.
Use a fully reliable uniqueness check, rather than a hash, and get
simpler ids as a bonus. Fetch view data from the session itself
rather than passing it in too.

Change-Id: Ibcd625156b5a98eb280e35d6537b5c8c026d0197
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/86150
Reviewed-by: Mert Tümer <mert.tumer@collabora.com>
Tested-by: Mert Tümer <mert.tumer@collabora.com>
2020-01-06 13:52:29 +01:00
Miklos Vajna
204cff5c19 Avoid UB in Session::setHash()
Ubsan says that signed integer overflow is happening here:

    #0 0xec344a in Session::setHash(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) common/Session.cpp:267:17
    #1 0x918b54 in DocumentBroker::load(std::shared_ptr<ClientSession> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) wsd/DocumentBroker.cpp:682:18
...
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior common/Session.cpp:267:17 in

(While running unit_wopi_watermark.)

Change-Id: Idcb1692f6d5d0df8be35dc557d2d72a345acbcf4
2019-11-22 14:11:00 +01:00
Jan Holesovsky
efa293290c killpoco: Remove trivial StringTokenizer uses from some files.
Particularly those used on Android...

Change-Id: I47bf9692f5e99ba30140d698558472201168a198
Reviewed-on: https://gerrit.libreoffice.org/82302
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2019-11-08 22:21:31 +01:00
mert
86489d3dcd Include normalizedViewId to TileCache
Change-Id: Ib23afa023d79189f7fd7aca8b5b0e198c3011fbc
2019-10-15 18:13:03 +03:00
Ashod Nakashian
36b5109d21 wsd: cosmetic formatting
Change-Id: I552b2468432ce6ed52c50e22b6f19d8055c5dbb1
2019-09-03 01:53:12 -04:00
Michael Meeks
f384b8a414 Add watermark opacity setting.
Change-Id: I839e8aef91acfed40d4afd8c1b50176ed54c670a
2019-08-26 16:29:12 -04:00
Henry Castro
760864870f wsd: introduce "TemplateSource" WOPI property
Change-Id: I9df1d5d0d4be7fe10ee15c40c36195c86ccf857e
Reviewed-on: https://gerrit.libreoffice.org/76190
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
2019-07-24 12:10:15 +02:00
Miklos Vajna
22fac18fcd WebSocket: make members private
All of them were protected, but only _socket was used actually. Add a
protected setter/getter for that field.
2018-10-24 09:36:13 +02:00
Ashod Nakashian
4587dde56f wsd: anonymize filename by using the WOPI file ID
Reviewed-on: https://gerrit.libreoffice.org/57254
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 5e3568ff1029da948f05d1c0e0c56c6d0706690e)

Change-Id: I869cae3846c8630b192246bc68cc90e70c50d1fd
2018-10-16 20:12:23 -04:00
Ashod Nakashian
f25575181c kit: parse anonymized tokens in doc options
Also optimize the parsing in general.

Change-Id: Id1f5b5c12e867c98e523d1e32397853d7d4a6ee4
2018-10-16 20:12:23 -04:00
Tor Lillqvist
95eb849217 Still more iOS app and related Online C++ code hacking
Re-think the plumbing between the different parts of the C++ Online
code. Do try to have it work more like in real Online on all but the
lowest socket level. Except that we don't have multiple processes, but
threads inside the same process. And instead of using actual system
sockets for WebSocket traffic between the threads, we use our own
FakeSocket things, with no WebSocket framing of messages.

Reduce the amount of #ifdef MOBILEAPP a bit also by compiling in the
UnitFoo things. Hardcode that so that no unit testing is ever
attempted, though. We don't try to dlopen any library.

Corresponding changes in the app Objective-C code. Plus fixes and
functionality improvements.

Now it gets so far that the JavaScript code thinks it has the document
tiles presented, and doesn't crash. But it hangs occasionally. And all
tiles show up blank.

Anyway, progress.

Change-Id: I769497c9a46ddb74984bc7af36d132b7b43895d4
2018-09-19 11:31:18 +03:00
Tor Lillqvist
75438baa70 More mobile app stuff, very much early state of work in progress
Re-think Linux vs mobile ifdefs a bit. Use #ifdef __linux only to
surround code that actually is Linux-specific. Use #ifdef MOBILEAPP
for code that is for a mobile version (with no separste wsd, forkit,
and kit processes, and with no WebSocket protocol used).

Bypass UnitFoo for mobile. Possibly we do want the UnitFoo stuff after
all on mobile, to run in some special testing mode? Hard to say, let's
skipt it for now.
2018-09-10 15:13:43 +03:00
Miklos Vajna
9eacfe4fcb common: spell out non-trivial autos to improve readability
Change-Id: Id13bc0e48cec845f5b05171128be5b4efc05c6bc
2018-02-07 10:18:12 +01:00
Tor Lillqvist
e834526983 Add FIXME 2018-01-15 14:22:56 +02:00
Pranav Kant
f63858433b loplugin:includeform
Change-Id: Ib62a7aa61062f00698aa3e8a144438de5c57e53d
2017-12-20 21:21:05 +05:30
Michael Meeks
be228a160d Allow unit tests to avoid handleInput.
Change-Id: Ib4accd6bbfdc1fc55c45365df275edfa8a68bc59
2017-09-19 21:13:58 +01:00
Marco Cecchetti
dee39a562c support for rendering a watermark on each tile
Change-Id: I3edccac49a3bcd3d2493d8d7ef3a1ae29307e727
Reviewed-on: https://gerrit.libreoffice.org/41898
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2017-09-07 17:28:44 +02:00
Michael Meeks
3101fa510d Accumulate I/O stats per document.
Change-Id: Ie2f5647e65070ddd828f048820efd38b600f9133
2017-06-02 20:41:25 +01:00
Ashod Nakashian
da2d3cbc92 wsd: support per-user links and commands
userextrainfo is a json array that contains
extra user-specific links.

Currently 'avatar' is assumed to hold the
image url for the user's avatar.

'mail' and other links can also be added.

Change-Id: I37c4c68bfa0b7ee659e017b4867dcb8cf5c2ca2f
Reviewed-on: https://gerrit.libreoffice.org/38120
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-29 06:45:18 +02:00
Ashod Nakashian
407c538f04 Correctly send termination reason to clients
Fixes the case when the client reconnects on idle
disconnection (because it never got the 'close: idle'
message).

Also, show informative message to users in this case
instead of grey screen.

Change-Id: Ia2e1f2ffefe6d35dd1552e7cc44e490aab86c600
Reviewed-on: https://gerrit.libreoffice.org/37891
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-22 07:05:28 +02:00
Ashod Nakashian
47c01440ba wsd: logs
Change-Id: I286c4c7415b114f51f3258bd6d50f8e103ea6c75
Reviewed-on: https://gerrit.libreoffice.org/37611
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-15 05:14:55 +02:00
Michael Meeks
2d1764d30e Dump ClientSession and MessageQueue state too. 2017-04-05 17:59:29 +01:00
Pranav Kant
ce1084b74f wsd: Send readonly info to clients
With this every other client would be able to know about other client's
permission i.e whether they have opened the document as readonly. This
could be important eg: to hide the cursor overlay of readonly users in
the UI or to mark these users as readonly in the userlist.

Change-Id: I5dcb1b4e5a22c9b546d16b69b9216cc7653cff04
2017-03-31 12:20:09 +05:30
Michael Meeks
913c469aa8 Cleanup whitespace, return is not a function. 2017-03-30 17:34:52 +01:00
Ashod Nakashian
30d58f96a4 wsd: avoid unnecessary temp string construction
...when sending text messages over socket and
make return value indicative of success/failure.

Change-Id: Ie4d99103b0d49d238152f7da3155ebcb6ccd4e22
2017-03-29 23:55:19 -04:00
Jan Holesovsky
9f17050a7d Pass the locale settings from loleaflet to wsd/kit.
Change-Id: Ie530db73cfbdb62787f16eae0f4b07fbf8b8acb4
2017-03-24 12:34:32 +01:00
Michael Meeks
0eaef6c896 config.h - get includes right: must always be the first include. 2017-03-10 10:47:43 +01:00
Ashod Nakashian
4abf706af6 nb: websocket shutdown support
Change-Id: I2fcab98e9725eca86d097f34236889fdf9289c47
2017-03-10 10:47:41 +01:00