Commit graph

941 commits

Author SHA1 Message Date
Michael Meeks
c65671d02a Tag sockets to be closed on exceptions.
Possibly related to cool#9349

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Iae249bdf50825d0669c801951bfba827ac6e5581
2024-07-13 19:35:14 +01:00
Ashod Nakashian
02332b54fa wsd: do not re-use incoming response for outgoing
Change-Id: I59490c11bbb9460459c3e76c472148571981fa12
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-07-03 11:51:14 +02:00
Henry Castro
faa23267b6 wsd: fix unused parameter ‘subjectHash’
Change-Id: I63c908361711acb496bd0a6eee5e1facec58e398
Signed-off-by: Henry Castro <hcastro@collabora.com>
2024-06-27 13:45:56 +02:00
Caolán McNamara
7ca908a500 honour online host verification exemption also in core
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I041b6f428069d5fb62426c80512ced7d00e622d3
2024-06-24 18:53:34 +02:00
Caolán McNamara
292e48ddf1 auto-add wopi server cert to child capath
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I708ae6217dc4acf3be3b80dc27a4add03e2324a0
2024-06-24 18:53:34 +02:00
Caolán McNamara
2918abdd17 log X509_verify_cert_error_string on handshakeFail
it's generally reasonably informative to explain failure

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I5628da475ac7073d2ec4b300ce5045c86d688cab
2024-06-24 18:53:34 +02:00
Caolán McNamara
4346c2fdd3 hook default verification level from debug/experimental
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I138aeca51247cb173b1639cc4f5033ad9ce3265b
2024-06-24 18:53:34 +02:00
Caolán McNamara
bcc4a77408 ssl::CertificateVerification::IfProvided is unused
so just drop it for clarity

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I8482b34049f098c7d7f9ff5195cfb9080fd4e1a3
2024-06-24 18:53:34 +02:00
Caolán McNamara
7d9d9caf2f output a warning about misconfigured servers
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ia469f8c2453ff4e00025c5daad029e8d711f3cf9
2024-06-24 18:53:34 +02:00
Caolán McNamara
67c28ef9e9 show reason for connection failure if available
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ic8d8e84e3dd6eb652c4a4d66cbb6ad59f94da8c5
2024-06-24 18:53:34 +02:00
Caolán McNamara
f8cf4efd6e set SSL_CERT_FILE for static linked OpenSSL
so we can use the platform ca-bundle

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I7324a5c8414b234a0fb2e085e3915e71eff89182
2024-06-24 18:53:34 +02:00
Michael Meeks
216b14ee39 Send Content-Length and Connection: close to help browsers.
Possibly the combination of "gzip" and us being unhelpful about
lengths could lead to browser hangs; who can say.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I632dfc46afde3883544292d687bdff023bccc8ac
2024-05-21 10:28:25 +02:00
Michael Meeks
a4e84db5b7 WaE: make older C++ compilers happy.
Change-Id: Ibf28f91ae735ab05e8f641d0d06602c1abe4be56
2024-05-18 11:23:01 +01:00
Caolán McNamara
41dc5a6cb4 add dumping start of current and queued async dns lookups
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ib40a6d1e3d6e983da674c5a7051ac5e7a565d0d1
2024-05-17 19:47:09 +01:00
Caolán McNamara
3699a0109e unlock mutex to allow entries to queue up while resolving
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: If8ee89ef0e7436675c596461243d82a2e0412358
2024-05-17 19:47:09 +01:00
Caolán McNamara
ff02af21d3 add Async DNS implementation
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I577af4280ac5a0a4389bb11ac6c531d846a196d1
2024-05-17 19:47:09 +01:00
Caolán McNamara
4318b0d619 wrap Poco DNS lookup and cache as a DNSResolver class
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ie211fe596629af50eec01dd8512d2a12929545ea
2024-05-17 19:47:09 +01:00
Miklos Vajna
39e4644822 net: fix clang-15 build in resolveDNS()
net/NetUtil.cpp:65:23: error: no matching constructor for initialization of 'net::DNSCacheEntry'
    queries.push_back(DNSCacheEntry(addressToCheck, hostEntry, now));
                      ^             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Went wrong in commit 5be3ccc871 (cache DNS
results for 20 seconds, 2024-05-14), the rest of the code builds with
this toolchain.

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: Idc8ed4d88a7f955cf2cdc1e10ac9931823950126
2024-05-15 10:36:53 +02:00
Caolán McNamara
ef64f815af reuse dns caching for resolveHostAddress too
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I8df71340f2c80a1dd19fd422b20f350b2755e22c
2024-05-14 22:09:49 +02:00
Caolán McNamara
5be3ccc871 cache DNS results for 20 seconds
querying capibilities happens frequently:

ClientRequestDispatcher: :allowConvertTo
ClientRequestDispatcher: :getCapabilitiesJson
ClientRequestDispatcher: :handleCapabilitiesRequest
ClientRequestDispatcher: :handleIncomingMessage
StreamSocket: :handlePoll
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I6feb535a91f4ccc647b172da27284f26f55c3e27
2024-05-14 22:09:49 +02:00
Michael Meeks
b95e4d8424 Logging: annotate WebSocket, Admin and cleanup Forkit.
Significantly calmer and less frenzied logging output.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I0f1782c0b8f10ac3427bac479ded2862f2b40b7a
2024-05-14 18:37:52 +02:00
Michael Meeks
3746a51479 Logging: calm down the most prolific Socket logging sites.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Ia2ba1f114397cf8f61a4e42bdf55bdf4c0ac969a
2024-05-14 18:37:52 +02:00
Michael Meeks
6f49f9398e Split outbound callback processing from incoming message queueing.
Now we always send callbacks as soon as possible back to wsd from the
kit. This has several implications:

1. even when InputProcessing is disabled we will send outbound
   progress updates.
2. we should send callbacks much more quickly without waiting for
   other queue events to be processed eg. tilecombine:

We also drastically simplify storage of callbacks, avoiding lots of
re-parsing of the same strings, and allow much more efficient
comparison and merging at a small space cost in queue size.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Ia1ede5406767f895616a52775316ee6ab1c5db09
2024-05-09 17:47:15 +01:00
Michael Meeks
90f387cdc5 bgsave: change statusindicator protocol message to 'progress' + JSON.
We need to get more helpful structure into this message, and add a
type=bg flag to handle background progress messages.

Add unit test for merging progress: setvalue commands.

Simplify ProtocolHandler sendTextMessage with a std::string wrapper.

Android code needs manual testing.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I54ce807e2fc5de80118905e68557a95e637fbd18
2024-05-06 20:28:08 +01:00
Caolán McNamara
c2f4f8031d disable watchdog while loading and saving
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ic1757f1cafcaed7feb3ce0cbc21fe8e03c5d4bd4
2024-04-30 17:55:13 +02:00
Michael Meeks
f845ac08af bgsave: have a single source for InputProcessing enable & disable.
Somehow this state can get confused in a bgsave process:

   Kit Document:
         ...
         inputProcessingEnabled: false
         ...
   SocketPoll:
     Poll [kit] with 1 socket - wakeup rfd: 39 wfd: 45
             fd        events        rbuffered        wbuffered        rtotal        wtotal
             52        0x1        process             0             0         r:    825

'process' should read 'ignore' for disabled input.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I787eebe6fda3ae1b527d7605b8813fa764e81890
2024-04-18 17:19:19 +01:00
Michael Meeks
eceb1db8ec bgsave: remove closed sockets from Kit's SocketPoll.
Hard closing without shutdown is necessary, but we continued to poll
and read on an fd that would be re-used to open eg. a ZIP file:

[ kitbgsv_007_001 ] TRC  #19: Incoming WebSocket data of 13522 bytes: 50 4B 03 04 14 00 00 08  00 00 29 9C 90 58 33 26  AC A8 2F 00 00 00 2F 00  00 00 08 00 00 00 6D 69  | PK........)..X3&../.../.......m"
...
[ kitbgsv_007_001 ] ERR  #19: An unfragmented message or the first fragment of a fragmented message must have the opcode different than 0| net/WebSocketHandler.hpp:452

which would then close the file unhelpfully.

Not removing the socketHandler when cleaning up means that
we trigger the ForKit's ServerWSHandler::onDisconnect which
SigUtil::setTerminationFlag() causing all 2nd kit processes
to expire on start.

We also want to ensure that we update the thread-id of the last
forkit process before we start removing sockets and checking
thread-ids.

We want to get rid of the parent process' sockets we inherited
but don't need very cleanly post fork.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I82966f4421fc96df552fd50cf81c8b0bc92b9bbb
2024-04-17 08:35:30 +01:00
Noel Grandin
8739373a88 use erase/remove idiom to clean pollSockets
which is more efficient than repeatedly erasing in a vector.

Signed-off-by: Noel Grandin <noel.grandin@collabora.co.uk>
Change-Id: Iebd41130b37a67ffd74fa2d692b83220b1cab3f4
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
2024-04-16 14:00:42 +01:00
Caolán McNamara
e1bf395798 aarch64 doesn't have SYS_futimesat
we picked something obscure, and clearly aarch64 took advantage of
not adding something obscure unnecessary for backwards compatibility
on that arch

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I097ef24c98e23931a3997c743d17d52c0afd52b7
2024-04-07 22:20:10 +02:00
Michael Meeks
29ef73868f killpoco: avoid using Poco::Random which likes /dev/random.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I34659b3fda8a22a1b34416a37e18f483d7961f5e
2024-04-07 12:11:48 +02:00
Michael Meeks
fd635e4d69 SocketPoll: better re-entrancy protection.
Remove toErase list; instead null socket pointers earlier
to make things more deterministic.

Simplify toErase path, by just removing null sockets.

Check _socketPoll array bounds to cope with a re-entrant
mutation - imperfect; but the fd comparison will help.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I27d81358a7d80b939b50ce4ccb1b2178a091a360
2024-04-04 07:16:53 -04:00
Michael Meeks
9e0cef08c2 Websocket: allow a hard shutdown after flushing data.
Don't wait for the other end to acknowledge closing the socket.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: If5e4bb6d9c5148c0e0c61d59c233f6cf5594c577
2024-03-29 13:04:09 +00:00
Michael Meeks
425c01f284 Socket: allow re-creation of wakeup pipes.
Before spawning a child thread we want to close wakeups and
remove them from our global list to avoid the child waking the
parent.

However - if we are re-using a SocketPoll in a forked child,
we need to be able to create new wakeup sockets, so factor
out for re-use.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I06b088e02127482a65cd9666114ca9a93fd5ca7b
2024-03-29 13:04:09 +00:00
Michael Meeks
0a9a454c96 Socket: allow disabling of 'shutdown' on a socket.
shutdown closes a socket in both the parent and the child process,
which is not what we want when forking a bgsave process - and
certainly not for the socketpair we communicate down.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I10418e9c7f5edca60f257a60f11ba396984d39b2
2024-03-29 13:04:09 +00:00
Michael Meeks
80eeabb1a6 Watchdog: expose global watchdog thread.
This will enable thread joining before fork for bgsave.

Change-Id: I68c7c53f892f5edef861137c48759c7ccb8532ab
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
2024-03-29 13:04:09 +00:00
Michael Meeks
588aabb7c3 Watchdog: re-direct USR2 when enabled to snapshot a late thread.
By tracking the thread-id, we can deliver a SIGUSR2 to the right
thread at the right time; this avoids perf polling our uninteresting
watchdog thread.

In that thread use Caolan's suitably obscure futimestat system-call,
so that we can record based on that to see only slow things:

perf record -e syscalls:sys_enter_futimesat -ag --call-graph dwarf,65528

Change-Id: Iad05d8589fdc9541a7d0599f63625d2cde5fdf89
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
2024-03-29 10:35:32 +00:00
Michael Meeks
fd77301ebb polls: switch compiled in delays to 60 seconds.
Forkit forking children is done in response to socket messages,
and parent process death should kill us too.

In general if we are relying on a poll to spin to achieve
something, we have a performance bug; this should exacerbate them
to flush them out.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I60d1c3b3c2532bbd686a3d3cfdea10f2a541a19a
2024-03-25 08:18:35 +00:00
Michael Meeks
005ba1567e PrisonerPoll - leave unused Kit sockets in the poll.
This lets us detect when Kit processes die without waiting for
the poll() timeout and feebly spinning the PrisonerPoll loop.

Instead we get notified immediately; but to do this we then need
to be able to safely transfer the socket between SocketPolls.

SocketPoll's should own Sockets - so by switching ChildProcess to
use a weak_ptr and also the NewChildren list - we can have standard
ownership and a sensible transfer between SocketPolls. A Socket is
owned either by PrisonerPoll or a DocumentBroker in the normal way.

Clean the NewChildren list as/when children are unexpectedly killed
apparently there are still some ownership issues probably around
the strong ChildProcess _ws pointer.

Change-Id: Ie541a9d03e36aee53fd57c45953e0de21ebe1828
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
2024-03-25 08:18:35 +00:00
Ashod Nakashian
fe3c3bc135 wsd: test: move WebSocketSession under test
WebSocketSession is used exclusively for tests,
so it's best that it is located in the test
directory.

Change-Id: I88333d619902df7991c3f26b94ed309246446ae0
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-03-21 09:08:51 +00:00
Jaume Pujantell
8921e19d84 reduce uses of MOBILEAPP on some files
Reduce the uses of MOBILEAPP conditionals by using the isMobileApp
function.

Signed-off-by: Jaume Pujantell <jaume.pujantell@collabora.com>
Change-Id: If541307fbc457b342674cc560b6c53454f3904cf
2024-03-20 09:13:00 +01:00
Ashod Nakashian
a48917d052 killpoco: use http::Response in admin file serving
Change-Id: I9ad49002bc85071770aba08c23e0210bb10ff55b
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-03-19 20:51:02 -04:00
Ashod Nakashian
882350ed70 wsd: remove sendWithDateAndAgent
The explicit header entries were needed
with Poco, but since we always set them
in our http::Response constructor, these
are redundant.

Change-Id: Ifde48fd3048018747dae3e84560b31960e511a25
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-03-19 20:51:02 -04:00
Ashod Nakashian
7fb6ccf4ee wsd: remove duplicate Server and Date headers
We always create http::Response instances
with these headers. These explicit entries
are vestiges from Poco sockets.

Change-Id: I65c263e95b253e22e4e6deae57fffc5616311c84
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-03-19 20:51:02 -04:00
Michael Meeks
c1b6b5d30f Watchdog to call probe-point when SocketPolls are slow.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Id58efab0c0fee88a3da094765eb6b7641aec6e02
2024-03-19 11:29:07 +00:00
Michael Meeks
2e784c0a03 Socket: add API to close all sockets.
This may not look hyper-elegant, but using ~Socket to do this
calls 'shutdown' first on the sockets, which closes the parent's
duplicate of the socket very unhelpfully. So close instead.

Don't touch and thus COW memory. We will leave the Socket Poll
around un-used, and un-polling from eg. the ForKit in the Kit
process.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I1328dee0278ce39350194c617acffa114887d523
2024-03-15 11:41:23 +00:00
Miklos Vajna
7d95971b19 clientnb: missing include
<timar> net/clientnb.cpp:117:10: error: ‘shared_ptr’ in namespace ‘std’ does not name a template type
<timar>   117 |     std::shared_ptr<WebSocket> getWebSocket()
<timar>       |          ^~~~~~~~~~
<timar> net/clientnb.cpp:38:1: note: ‘std::shared_ptr’ is defined in header ‘<memory>’; did you forget to ‘#include <memory>’?

IWYU agrees it's a missing include even if this builds for me by
accident.

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I367ef3efcf2bdaf1b69c4bf21ef168e03807365c
2024-03-15 11:49:09 +10:30
Michael Meeks
c9cac383b6 net: add socketpair wrapper.
Useful to have a Unix socket-pair to communicate with
a forked process.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Ic4ad1eee62b6d3b40a03bc8e59bce6e0e16efc28
2024-03-12 08:49:39 +00:00
Michael Meeks
a8d97dc16d Calm down warnings.
Seems browsers start to ping servers on their websockets, so don't
warn about that.

We trim memory left and right in clients, that doesn't deserve a
warning either.

Change-Id: I7bdcc99d167a8df3c847a1893dee8cd9123250f2
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
2024-03-12 08:33:17 +00:00
Ashod Nakashian
d57baeb906 wsd: reduce directives for unused variable supression
We use [[maybe_unused]] to reduce explicit supression
especially under compile-time directives.

Change-Id: Ic5f3f3227a80efe52097cb35520d05b9cdaacb42
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-03-09 12:37:19 -05:00
Michael Meeks
0b91bacdc8 killpoco: reduce scope and number of various includes.
Change-Id: Ic3eb409fbb11cc665f0f3a55bb7a4e59cbd28f8b
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
2024-03-06 20:56:55 -05:00