storage.ssl.enable=false by default is not good. loolwsd default config should
work, e.g. in case of snapshot docker images. When ssl.enable=true, this implies
storage.ssl.enable=true, because browsers do not allow mixed content, so it is
not possible to connect to the storage with plain HTTP, while the content from
loolwsd is served with HTTPS.
TODO: find out what to do in case of upgrade, when the user has an old config
file. Probably storage.ssl.enable should default to ssl.enable when it is not
present in config file.
Change-Id: Ifdcb070745d649dd9840dccf2e5641058a13d4e4
Reviewed-on: https://gerrit.libreoffice.org/80660
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
It was not very useful to let this setting configurable by the user.
On the other hand, old path in config file caused issues after
upgrade. It is better to decide the location of LOKit core
during compilation. From now on the --with-lo-path configure
option is compulsory.
Change-Id: Icdcbc21bde5dad329fdb6e30ed17efde6b0e73de
Reviewed-on: https://gerrit.libreoffice.org/79943
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
Better hashing algorithm based on FNV-1a.
Adds support for salting the hash, and
for providing salt via configuration.
More unit-tests added, and better formatting.
Change-Id: I2be42675d0cdbaa73c3d7faed99e07631a9c20fc
Reviewed-on: https://gerrit.libreoffice.org/70034
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Reviewed-on: https://gerrit.libreoffice.org/71091
This simplifies the anonymization configuration
as virtually always they are all either enabled
together, or not at all.
Change-Id: I6fe60f5287fc5d71cd7a6ac3268eac67e5e6e9fb
Reviewed-on: https://gerrit.libreoffice.org/70033
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Reviewed-on: https://gerrit.libreoffice.org/71090
The default behavior is unchanged: once the last editor exits, we still
only perform a save when the document is modified.
It's possible to opt in for the new behavior, though: in that case the
save after the exit of the last editor will happen even for unmodified
documents.
Change-Id: I14c17035a932cf952217f3b71fdef57fede0ce24
The code already assumed a signed integer, but the configuration advertised
unsigned, standardize on signed.
This way it doesn't matter if the "disable" value is zero or a negative
number.
Change-Id: I56632c8a36be01afefdc5f2a35e70bde945d69d3
It is not a good idea to change the configuration directory, it will affect all the existing installations.
And the service is called loolwsd - so the configuration should be called that way too.
This reverts commit 9278574289.
Change-Id: I7e6eee644e21ad2dd842742585d16133ff8e36c9
Reviewed-on: https://gerrit.libreoffice.org/72730
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
After 1dbbc5acc7
Change-Id: I64a12fb13bc8f9371821b2d5969941bfddc2514a
Reviewed-on: https://gerrit.libreoffice.org/72728
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
document_signing_url in loolwsd now accepts a vereign server URL
endpoint. If not provided, the signing functionallity won't be
available.
The document signing infobar is now shown dynamically so by
default it is not shown, but when the users clicks in menu the
"sign document", the infobar is shown (the document-content is
css "top" value is adjusted via JQuery).
Change-Id: I9d5f6b68ba3612eeeb9de28c9c0333b4d1bf41d8
Reviewed-on: https://gerrit.libreoffice.org/64298
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Tested-by: Tomaž Vajngerl <quikee@gmail.com>
Beforehand, any host could embed the iframe as the Referer was always allowed.
Now, only the loolwsd and the WOPI host are allowed to do that.
Additionally, a config option has been added to add more allowed hosts.
X-Frame-Options supports has been removed as it supports only one host
and CSP is meanwhile supported in ~all major browsers.
Change-Id: I222720e1220116102708c50edaf08e2a4a0aebda
Reviewed-on: https://gerrit.libreoffice.org/63864
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
It's not too easy to customize CSS, so move the top position of the
document container to loleaflet.html, where it's convenient to handle
this.
JS can dynamically query if the menu item should be there, similar to
the about dialog.
Change-Id: I4b2799a41f8ad31e3a9b4983fd1947d2e0363a2b
This setting defaults to false in code, when the setting is not present
in the config file.
Also world-readable /tmp is not a good default path of trace file.
Change-Id: Iab6da18cf6f97f75bbcdaf444042cd7039c462f8
Reviewed-on: https://gerrit.libreoffice.org/53966
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Also disable PAM by default.
Change-Id: Id1197f0d049ce56f698952b87d2c4760412eb8ec
Reviewed-on: https://gerrit.libreoffice.org/53727
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Possibilities are endless. With a simple /etc/pam.d/loolwsd config below,
the user which runs loolwsd ('lool' in production environment) can login
to admin console with normal linux password.
auth required pam_unix.so
account required pam_unix.so
Change-Id: I354a7e9b4705e8fe346d17d6b6041d1406198b37
Reviewed-on: https://gerrit.libreoffice.org/48307
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
The routine for handling the configuration for the max file size
limit, was wrongly using NOFILE. Now we handle both limits correctly.
Change-Id: Ie8b63617286f66af6d4eb1b35b9e4f4b28f3c2a6
Reviewed-on: https://gerrit.libreoffice.org/42803
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/42811
Reviewed-by: Marco Cecchetti <mrcekets@gmail.com>
Tested-by: Marco Cecchetti <mrcekets@gmail.com>
But these save conditions are checked every 30 seconds only, so setting
them to less than 30 seconds wouldn't mean that save will be triggered
anytime sooner.
Change-Id: Id473a79af6a3170c72e372040460f2b7c15f150e
Start killing documents when memory usage goes above threshold.
Also make it possible to close documents from admin instance.
In DocumentBroker::closeDocument, just set the _stop flag and wake
up the polling thread which will terminate the children, instead of
manually terminating the children.
Change-Id: Ie70e05b3fb6ea816a87b6dcfaed92cdddb94aa90
Timeouts to dimming the doc in the browser
are now configurable from WSD and is relayed
to loleflet as expected.
Out of focus timeout is now 60 seconds.
Change-Id: I8452e30976f6a81b0c3bb3ba5774daa244c1640c
Reviewed-on: https://gerrit.libreoffice.org/37489
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
When a document is idle (no activity from
any views) for this timeout duration, the
document is saved and unloaded to minimize
resource consumption.
Change-Id: If6f09136ae40c7e84180fc8c8adbf6db8396d292
Reviewed-on: https://gerrit.libreoffice.org/37374
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>