Commit graph

73 commits

Author SHA1 Message Date
Miklos Vajna
b8bd1990aa Rework LOOLProtocol::tokenize() to return a StringVector object
The bulk of this commit just changes std::vector<std::string> to
StringVector when we deal with tokens from a websocket message.

The less boring part of it is the new StringVector class, which is a
wrapper around std::vector<std::string>, and provides the same API,
except that operator[] returns a string, not a string&, and this allows
returning an empty string in case that prevents reading past the end of
the underlying array.

This means in case client code forgets to check size() before invoking
operator[], we don't crash. (See the ~3 previous commits which fixed
such crashes.)

Later the ctor could be changed to take a single underlying string to
avoid lots of tiny allocations, that's not yet done in this commit.

Change-Id: I8a6082143a8ac0b65824f574b32104d7889c184f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89687
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2020-02-28 16:07:56 +01:00
Miklos Vajna
57a35bb96c Add an initial libfuzzer based fuzzer
- target ClientSession::_handleInput(), since crashing there would bring
  down the whole loolwsd (not just a kit process), and it deals with
  input from untrusted users (browsers)

- add a --enable-fuzzers configure switch to build with
  -fsanitize=fuzzer (compared to normal sanitizers build, this is the only
  special flag needed)

- configuring other sanitizers is not done automatically, either use
  --with-sanitizer=... or the environment variables from LODE's sanitizer
  config

- run the actual fuzzer like this:

  ./clientsession_fuzzer -max_len=16384 fuzzer/data/

- note that at least openSUSE Leap 15.1 sadly ships with a clang with
  libfuzzer static libs removed from the package, so you need a
  self-built clang to run the fuzzer (either manual build or one from
  LODE)

- <https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/refs/heads/master/efficient_fuzzing.md#execution-speed>
  suggests that "You should aim for at least 1,000 exec/s from your fuzz
  target locally" (i.e. one run should not take more than 1 ms), so try
  this minimal approach first. The alternative would be to start from the
  existing loolwsd_fuzzer binary, then step by step cut it down to not
  fork(), not do any network traffic, etc -- till it's fast enough that
  the fuzzer can find interesting input

- the various configurations start to be really complex (the matrix is
  just very large), so try to use Util::isFuzzing() for fuzzer-specific
  changes (this is what core.git does as well), and only resort to ifdefs
  for the Util::isFuzzing() itself

Change-Id: I72dc1193b34c93eacb5d8e39cef42387d42bd72f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89226
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-02-22 12:18:22 +01:00
Michael Meeks
09bb16ad78 util: for process thread count - ignore '.' and '..' in /proc/self/tasks
Change-Id: Ieec6eaac475b4e318578cfc0d93c36e2395e6f19
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/87097
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-01-20 22:04:40 +01:00
Michael Meeks
e3864a060e Dump DocumentBroker state more completely.
Change-Id: I3477fe70ba25d6e9a95c12f30138c3353994e384
2019-11-27 19:17:27 +00:00
Gabriel Masei
2164f5207c Add REST endpoint for admin metrics.
Change-Id: I701485631931334d27594c4907cb770f9888e5bf
Reviewed-on: https://gerrit.libreoffice.org/82492
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-11-25 13:06:01 +01:00
Jan Holesovsky
189cd0e389 killpoco: Get rid of Poco::Process:id() usage.
Change-Id: If060767389f9fa57deba1ceefc872bac03763498
Reviewed-on: https://gerrit.libreoffice.org/82208
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2019-11-07 12:24:53 +01:00
Jan Holesovsky
5d0d3a4869 killpoco: Get rid of Poco/Thread.h from the rest of the Android-related files.
Change-Id: I724230a4428cab3cc26245ac4aa43a91af2e09ce
Reviewed-on: https://gerrit.libreoffice.org/82204
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2019-11-07 12:24:26 +01:00
Ashod Nakashian
d038ceb118 test: Improve iso8601ToTimestamp and tests
Using double caused all sorts of rounding issues,
especially with random unit-test failures.
Luckily, we don't need doubles and can do everything
with integers.

Also added a new function to print time_point as
iso8601 string, for logging and convenience.

Change-Id: I1c2040c02d1143282dbde0dadef32613b77c330d
Reviewed-on: https://gerrit.libreoffice.org/81578
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2019-10-29 02:39:34 +01:00
Andras Timar
d1ae1b36c2 typo fixes in comments and code
Change-Id: Idd98516d30d98dea18eda9bbec8ac9777063b553
2019-10-08 11:49:45 +02:00
DarkByt31
dd014e7029 tdf#107038 Poco::Timestamp replacement with std::chrono
Util added getHttpTime
WhiteBoxTests added test for getHttpTime

Change-Id: Ifb6a3fb2dc9b059b925e7b881362b72759a8b56b
Reviewed-on: https://gerrit.libreoffice.org/79754
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-09-28 12:26:32 +02:00
Ashod Nakashian
82a34a6cb4 wsd: improved logging of thread renaming
The thread name helps one track threads in logs.
When renaming threads it's important to log the process
and previous thread name (if any), so grepping is more
fruitful and tracking is easier.

Change-Id: I47a948d77629b387cc1e9fd58fdd88e1ae1168df
Reviewed-on: https://gerrit.libreoffice.org/79327
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2019-09-22 20:21:18 +02:00
Michael Meeks
6d1cc6c01d Avoid using std::get_time to compile on older Linux.
Change-Id: I862e5f342ea485a9b65b413ab0c1bdea4f5fbb8d
2019-09-05 14:10:20 +01:00
Tor Lillqvist
80ddb46392 Fix portability problems after 22f1656e08
It is std::chrono::system_clock that has to_time_t.
std::chrono::steady_clock does not have to_time_t.

std::chrono::high_resolution_clock is either the same as system_clock
(in libstdc++, on Linux) or steady_clock (libc++, on iOS).

(This change does not fix the actual bugs in the code, just makes it
compile for iOS. The new ISO8601 fractional time code is not unit
tested at the moment. The testTime() function is not part of the test
suite in WhiteBoxTests.cpp. If it is made part of it, it reveals
problems in the code (and/or in the unit test code).)

Change-Id: Id33342bc8b26465632f3d21d6ec2f3c975ae3681
Reviewed-on: https://gerrit.libreoffice.org/78550
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-09-03 13:50:27 +02:00
DarkByt31
22f1656e08 tdf#107038 Poco::Timestamp replacement with std::chrono
Added functions to get file timestamp and to convert
chrono timestamp in ISO8601 fraction format and some
test cases.

Change-Id: I58961a31f7262b367cff9f33cffdec7571a2f8f7
2019-09-02 15:50:37 -04:00
Ashod Nakashian
f1aa98af75 wsd: Use unordered map for anonymization
And simplify the trace-logging enablement check.

Change-Id: I4f5c9e08912b8dbc708b191b80032660ce4e1ba0
Reviewed-on: https://gerrit.libreoffice.org/70742
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Reviewed-on: https://gerrit.libreoffice.org/71093
2019-08-17 04:28:07 +02:00
Ashod Nakashian
919a93cd4b wsd: improved anonymization algorithm
Better hashing algorithm based on FNV-1a.
Adds support for salting the hash, and
for providing salt via configuration.

More unit-tests added, and better formatting.

Change-Id: I2be42675d0cdbaa73c3d7faed99e07631a9c20fc
Reviewed-on: https://gerrit.libreoffice.org/70034
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Reviewed-on: https://gerrit.libreoffice.org/71091
2019-08-17 04:26:35 +02:00
Ashod Nakashian
e7cec81846 Fix build - potential use before initialization
Change-Id: I5d9db13b0241af64fa8e9eb9528a6e460166f280
2019-08-05 21:18:57 -04:00
Michael Meeks
7f4a7404cc Add hard random/hex key generation utility.
Change-Id: I8bb95153a5bd63a6b41edf65a0fdf0ebd52ad070
2019-08-05 21:08:07 -04:00
Michael Meeks
52e477e57e Switch to text/html for paste where we can.
Build special URLs to detect the same host being in-use, and much more.

Change-Id: I0ca639ea416cb78bf5e5274eac4400542b6b2cda
2019-08-05 15:47:47 -04:00
DarkByt31
8e34705fe2 tdf#107038 Poco::DateTimeFormatter with Util::getHttpTimeNow()
Added a function to Util to get current time in HTTP
format using std::chrono.

Change-Id: I9e7a732f585c1758c9348c450a01713a66f1e7b7
Reviewed-on: https://gerrit.libreoffice.org/72585
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-05-20 11:53:13 +02:00
Michael Meeks
289894c66c debug: show WebSocketURI & a unique host id in help -> about.
Rather useful for debugging clustering issues.

Change-Id: I6d5f224bf8a3e4034c419137c8ad2b17fdf265ed
2019-05-17 13:24:32 +01:00
Ashod Nakashian
8136bbc1b5 wsd: parse empty json string as empty map
Change-Id: I11335e82e42e9f896ae33c2e57cb9d79b642171e
Reviewed-on: https://gerrit.libreoffice.org/69633
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Reviewed-on: https://gerrit.libreoffice.org/71097
Reviewed-by: Szymon Kłos <szymon.klos@collabora.com>
Tested-by: Szymon Kłos <szymon.klos@collabora.com>
2019-05-08 20:38:27 +02:00
Ashod Nakashian
ed0efde542 wsd: use thread_local instead of __thread
The former is the standard C++ approach
and is reportedly faster than __thread
(at least with gcc).

Change-Id: Ibdefd32172774a280637f73dd062282b7bf62025
Reviewed-on: https://gerrit.libreoffice.org/71019
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2019-04-23 03:00:44 +02:00
Michael Meeks
5627c767ab Anonymization: don't log when it is disabled.
Also fix unexpected concatenation error in Poco::URI::encode generating
eg. authorid=localhost0 xauthorid=localhost0localhost0 in the output.

Change-Id: I560e47e31884eeb1c662f468436ed7541cfb082d
2019-03-15 11:27:38 +01:00
Jan Holesovsky
f76b36193d android: #if(n)def MOBILEAPP -> #if (!)MOBILEAPP for better reliability.
Change-Id: I5f9c9420b6c83601db1c8fdba4ae5a10b17b2107
2019-02-12 12:20:11 +01:00
Jan Holesovsky
e60421e5d5 android: No execinfo.h on Android (yet). 2019-02-12 10:50:40 +01:00
Ashod Nakashian
b6333ada8d wsd: anonymization improvements and unittests
Also support anonymization of downloadas documents
and renaming of documents.

Reviewed-on: https://gerrit.libreoffice.org/57541
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 78248a542c9ca31bf9ad4cad9b55d78690384395)

Change-Id: I81a80e6290217659987d73f625e5f0fb81cb7ef2
2018-10-16 20:12:23 -04:00
Ashod Nakashian
00a44d6e81 wsd: flush logs before existing
This is important for when we abort with some explanation.
Often said explanation doesn't show up anywhere to be useful.

Also, issue fatal logs for abnormal exist and use SFL to log errno.

Reviewed-on: https://gerrit.libreoffice.org/57540
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit ad7964393eadb68873b820e0a620fb40f1e1b06a)

Change-Id: Ic67064ef40ef6e93d26e5847ecd32bdd49c3cc8b
2018-10-16 20:12:23 -04:00
Ashod Nakashian
b516891815 wsd: prevent anonymization to empty strings
Change-Id: Ib4f90db5d39e7bf2e2f0b6566b1927363e6afcec
Reviewed-on: https://gerrit.libreoffice.org/57377
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 84245aa61e89cda6a9075a7059b5a7d839389719)
2018-10-16 20:12:23 -04:00
Ashod Nakashian
4587dde56f wsd: anonymize filename by using the WOPI file ID
Reviewed-on: https://gerrit.libreoffice.org/57254
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 5e3568ff1029da948f05d1c0e0c56c6d0706690e)

Change-Id: I869cae3846c8630b192246bc68cc90e70c50d1fd
2018-10-16 20:12:23 -04:00
Ashod Nakashian
f12883bc07 wsd: add anonymization helpers
Change-Id: Ic479218ab1b6e580c288a984f35795e1d0d6e8ad
2018-10-16 20:12:23 -04:00
Ashod Nakashian
3158d4c31c wsd: always use signal-safe calls
The async-signal-safe functions to get thread-id
and thread-name, which cache the results, are
faster, cleaner, and signal-safe. No reason why
we shouldn't always use them.

Especially since it appears the logic was
inverted in Log::prefix, such that the signal
un-safe calls were made during signal-handling,
and the safe ones were called otherwise!

Instead of passing the signal-safe flag to
Log::prefix, we pass the buffer size, for
improved security.

Furthermore, reduce header dependencies
and reduce clutter.

Change-Id: I697689b2f0a290b6d8cce4babc3ac1e576141da6
2018-10-16 20:12:23 -04:00
Tor Lillqvist
58db979291 Start on a gtk+-based workalike to the iOS app
The idea is that it would work sufficiently identically, so that even
people without a Mac and without an iOS device could participate in
development of the non-iOS-specific bits, like the JavaScript, or the
online MOBILEAPP-specific plumbing. Which would be great.

No, this doesn't do anything sane yet. It does compile the same online
C++ files as the iOS app, though. (Some minor tweaks were needed in a
couple of them to silence gcc warnings.)

There is a plain Makefile, but I should change to using autofoo, too.
Eventually, this will need to be built in a separate tree from a
normal online, just like when using the --enable-iosapp configure
switch. (But for now, doesn't matter.)

Change-Id: I13e4d921acb99d802d2f9da4b0df4a237ca60ad6
2018-10-17 00:45:35 +03:00
Tor Lillqvist
42948f6d75 On iOS, Util::getThreadId() just wraps std::this_thread::get_id() 2018-10-16 23:04:33 +03:00
Tor Lillqvist
b59d160a08 Intermediate commit of work in progress on an iOS app
The app is unimaginatively called "Mobile" for now.

Runs but crashes pretty quickly after loading the document by the LO
core. Will need some heavy changes to get a ClientSession object
created in there, too, to handle the (emulated) WebSocket messages
from the JavaScript. It would then handle some of these messages
itself, and forwards some to the ChildSession, which in this case is
in the same process. Now the messsages from the JavaScript go to a
ChildSession, which is wrong. As the assertion says, "Tile traffic
should go through the DocumentBroker-LoKit WS"
2018-09-12 18:32:05 +03:00
Tor Lillqvist
75438baa70 More mobile app stuff, very much early state of work in progress
Re-think Linux vs mobile ifdefs a bit. Use #ifdef __linux only to
surround code that actually is Linux-specific. Use #ifdef MOBILEAPP
for code that is for a mobile version (with no separste wsd, forkit,
and kit processes, and with no WebSocket protocol used).

Bypass UnitFoo for mobile. Possibly we do want the UnitFoo stuff after
all on mobile, to run in some special testing mode? Hard to say, let's
skipt it for now.
2018-09-10 15:13:43 +03:00
Tor Lillqvist
7d850bfa6e Make this file compile for iOS
Change-Id: I1d82fed408818a6945cbf2b7743ffcdbe67f6079
2018-08-29 20:41:07 +03:00
Tor Lillqvist
57326ae27c Third parameter to prefix() is a bool
Passing syscall(SYS_gettid) as a bool is equivalent to passing true,
as far as I understand.

Change-Id: I31bb15000a9e6c95b657d58bc78df4f3da0fe687
2018-08-29 18:36:16 +03:00
Michael Meeks
03bbe52665 Ensure the forkit does not have lingering threads after preinit.
Change-Id: I216a03a0ada628189355ebfd4016bf6033430eef
2018-04-16 20:04:23 +01:00
Jan Holesovsky
c8ef63253a Sanity-check the scheme and host for frame ancestor, POCO does not do that.
Change-Id: Ieea9532ccd2a11e74f370a340e68f46122469848
2018-04-04 12:50:53 +02:00
Michael Meeks
6803ee4087 Use a hard random /tmp directory for document intermediates.
Requires a lok tweak to reset the tmpdir globals on init.

Change-Id: I602705f20fa016ef415088be8d1ada6d465d2a8d
2018-03-15 11:01:51 +00:00
Ashod Nakashian
7be98efd93 ut: log timestamp to track timeouts better
And improve the logging support in unit-tests to
help troubleshoot issues faster and more accurately.
Also makes the code more readable (hopefully).

Change-Id: I4f8aafb5245e2f774b03231591a74544f9ec84aa
Reviewed-on: https://gerrit.libreoffice.org/48645
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2018-02-11 19:21:15 +01:00
Miklos Vajna
9eacfe4fcb common: spell out non-trivial autos to improve readability
Change-Id: Id13bc0e48cec845f5b05171128be5b4efc05c6bc
2018-02-07 10:18:12 +01:00
Henry Castro
f269a9321c follow up, avoid logging when closing file descriptors
Change-Id: I38432ae1d042094551d22c2512a416c3b345556b
2018-01-31 17:53:58 -04:00
Henry Castro
b1f1500b56 util: avoid logging when closing file descriptors
eventually the log file descriptor will be closed and unhandled exception it will throw it

"terminate called after throwing an instance of 'Poco::WriteFileException'
  what():  Cannot write file"

Change-Id: I1d6ae3a4d4d4910f2ed2cdc80b162c27f93d55d9
Reviewed-on: https://gerrit.libreoffice.org/49055
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-01-31 22:06:57 +01:00
Miklos Vajna
222399e99a common: avoid pointless copy in Util
Change-Id: I40097203eba6fede78a17caf057452f4704b2bd4
2018-01-30 16:09:33 +01:00
Michael Meeks
d3c17510ed Implement an improved fork/exec wrapper.
* logs helpful messages for various error corner-cases.
* optimized file descriptor closing for large fd counts.

Change-Id: I8cba9ecb3d71ddc6e22e20d89368d8c6b9b5097f
2018-01-29 15:20:10 +00:00
Pranav Kant
c16d198560 Print humanized bytes in the logs
Change-Id: I2ebdea0c3a360be1573ae13fa9cbe6f432436f29
2018-01-26 20:03:22 +05:30
Ashod Nakashian
59398af621 wsd: simpler and more efficient OOM killing
Change-Id: I118abdffba4e7ab57fe6a29a3a9fc420d871bdc0
Reviewed-on: https://gerrit.libreoffice.org/47738
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2018-01-11 08:12:09 +01:00
Pranav Kant
f63858433b loplugin:includeform
Change-Id: Ib62a7aa61062f00698aa3e8a144438de5c57e53d
2017-12-20 21:21:05 +05:30