Commit graph

3154 commits

Author SHA1 Message Date
Josh
9719250e73 fix(COOLWSD): Fix a typo remove_font_config->remote
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
Change-Id: Ib2c5bc13ded052aa3e76b0dcb280b32d7febedb5
Signed-off-by: Darshan-upadhyay1110 <darshan.upadhyay@collabora.com>
2024-07-17 15:07:34 +02:00
Caolán McNamara
b65ded3f6b Allow Namespace use even if BindMounting failed
For Namespaces the parent uses e.g.

jails/195178-46f603be/tmp/cool-82ChWNp1XiISVSpV/

to pass files to what is normally the child's (hidden) bind mount of that as

jails/195178-46f603be/82ChWNp1XiISVSpV/tmp

If BindMounting fails and we fallback to linking, then symlink
jails/195178-46f603be/tmp/cool-82ChWNp1XiISVSpV/ to the fallback
jails/195178-46f603be/82ChWNp1XiISVSpV/tmp so the parent can still
use the path expected for Namespaces.

So we can still get the goodness of namespaces wrt capabilities even
if we have the ills of bind-mounting fail.

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I9a6f9e8db8f6edced18fe20367afc4d599a29ed2
2024-07-17 11:19:11 +02:00
Miklos Vajna
d04d6bd392 wsd: avoid nested startActivity()
Avoids this assertion failure:

    #7 0x7f9fbef8fcf1 in __assert_fail (/lib64/libc.so.6+0x42cf1) (BuildId: cfb059a57e69ac95d5dadab831626b3bd48a4309)
    #8 0x55d44ed78891 in DocumentBroker::startActivity(DocumentBroker::DocumentState::Activity) /home/vmiklos/git/collaboraonline/online-fuzz/./wsd/DocumentBroker.hpp:1550:13
    #9 0x55d44ee0884f in DocumentBroker::startSwitchingToOnline() /home/vmiklos/git/collaboraonline/online-fuzz/wsd/DocumentBroker.cpp:4654:10
    #10 0x55d44f05760a in ClientSession::_handleInput(char const*, int) /home/vmiklos/git/collaboraonline/online-fuzz/wsd/ClientSession.cpp:1168:20

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: Iedc515b90c0e4f43dc14f0d998ba5c756fddd10d
2024-07-17 09:46:50 +02:00
Caolán McNamara
28d6f681bc unit-crash doesn't wait long enough when BindMount fails
in a failed BindMount the wait period to restart a failed coolforkit
is the default CHILD_TIMEOUT_MS * 4 which is 20s, while the test
default timeout is 10s

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I527aaadd802d7f8cd752ae1c4a6ed6597608f09e
2024-07-16 21:13:53 +01:00
Caolán McNamara
58fe85ba12 Disable MountNamespaces if Bind mount failed
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Id387fdf346f83274d054a8c9f4665f4699b5c14b
2024-07-16 07:09:42 +02:00
Caolán McNamara
9dd558ed56 fix UnitWOPISaveOnExit test with mount namespaces enabled
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I8f6ac58b064ecff8a74a694736fd85c627be0a27
2024-07-16 07:09:42 +02:00
Caolán McNamara
22d8e1f651 do coolwsd setupRoot in a fork
so we don't have multiple threads, which is problematic for
linux namespace creation.

The make check unittests use multiple threads even if the
normal coolwsd usage doesn't.

Given that, then restore the Poco log archive thread seeing as disabling
it in coolwsd isn't needed anymore.

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ife8f579076a7d76a6ec7a18ca6629c8988c700cc
2024-07-16 07:09:42 +02:00
Attila Szűcs
0d411ed1f5 Filter option for extract document structure
Example use of filter:
curl -F "data=@docStructure2.docx" -F "filter=contentcontrol" http://localhost:9980/cool/extract-document-structure > out.json

it will extract contentControls only if filter=contentcontrol is used,
or if no filter is used.
No filter means extract everything.

Signed-off-by: Attila Szűcs <attila.szucs@collabora.com>
Change-Id: I001a2cc525be7502d53b5849bb61a99d087ed807
2024-07-15 16:41:02 +02:00
Attila Szűcs
09e8e1bf79 extract/transform doc structure 2
added format parameter support
added tests

Signed-off-by: Attila Szűcs <attila.szucs@collabora.com>
Change-Id: I1fe6afc583a15eaeedf5da73dbca72569593cae9
2024-07-15 16:41:02 +02:00
Attila Szűcs
ca76c2fc4a convert-to: check if it has transform, before get / encode
Signed-off-by: Attila Szűcs <attila.szucs@collabora.com>
Change-Id: I5cd2ddb47df4d12c5b9859d98f291d3edab2435a
2024-07-15 16:41:02 +02:00
Szymon Kłos
858b5cb528 Add modification capability for convert-to broker
Signed-off-by: Szymon Kłos <szymon.klos@collabora.com>
Change-Id: I32d8dbd5f776b12f0bcb794488490a41f74ced60
2024-07-15 16:41:02 +02:00
Attila Szűcs
d8f3ff3e6b Extract/Transform Document Structure
Use extract-document-structure to get document structure
Use transform-document-structure to change its content

Example use of Transform:
curl -F "data=@CC.odt" -F "transform={\"Transforms\":{\"ContentControls.ByIndex.1\":{\"content\":\"Short text\"}}}"
 https://localhost:9980/cool/transform-document-structure > out.odt

Note: Please do not use \n (EOL) in transform.

Example output for extract
{
    "DocStructure": {
        "ContentControls.ByIndex.0": {
            "id": 0,
            "tag": "",
            "alias": "",
            "content": "FieldValue1",
            "type": "plain-text"
        },
        "ContentControls.ByIndex.1": {
            "id": 0,
            "tag": "",
            "alias": "",
            "content": "☒",
            "type": "checkbox",
            "Checked": "true"
        }
    }
}

Signed-off-by: Attila Szűcs <attila.szucs@collabora.com>
Change-Id: I4b362376651e9bb5482949529e2bd7720231debf
2024-07-15 16:41:02 +02:00
Michael Meeks
cddc7ff4a4 Warn on low thread count systems.
It pays from a latency perspective to have fewer machines or
containers each with more threads, rather than more of them with
fewer threads.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Id791438d080989ffcf6b079e551f622cf92353e2
2024-07-14 20:10:27 -04:00
Michael Meeks
5905e21fe2 Provide errors & close connection on missed unexpected requests.
Otherwise we would not respond at all, leaving the socket open;
possibly related to cool#9349

Change-Id: Iba8a29da6ab0263f2545b9495f15e20f37145de0
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
2024-07-13 19:35:14 +01:00
Caolán McNamara
3afcf306cb use buildLocalPathToJail instead of direct JAILED_DOCUMENT_ROOT concat
e.g. download as pdf/save as pdf

move buildLocalPathToJail to FileUtil instead of JailUtil given
that the JailUtil code isn't built on mobile

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I8d727e9cdffc413c027bfb9dc6b0520a7d591b47
2024-07-12 16:23:09 +01:00
Andras Timar
0c38e4c4e6 Fix branding of COOL Lite in Admin Console
I missed this case in the previous commit.

Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I48829591ce20bcfabb239e510041799c41ea50dc
2024-07-12 15:43:14 +02:00
Caolán McNamara
cd61f66935 merge duplicate capability dropping code
and add some explanation for why there is use of linux namespaces in
coolwsd itself

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I5d5687cf095de1b7d5d978dcb6ad6a97f6e9c642
2024-07-12 14:13:52 +01:00
Andras Timar
c67997c1e7 Fix branding of COOL Lite when key is not present or expired
regression from 246e87fea2
we've got [ERRFMT].js and [ERRFMT].css

Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: Ic59257fedb6d9ae6712f7f9ff16022c01f70112a
2024-07-12 11:51:29 +02:00
Caolán McNamara
04cf51c3e4 Drop all (local namespace) capabilities when done with them
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I7b38f33ce37d9a575d963e2ba95976f3a930f352
2024-07-12 09:14:33 +01:00
Caolán McNamara
9e2504b0d0 use a separate mount namespace for each jail process
create mount namespace with local uid 0 just before we need to do the
mounts and create another with the original uid when done.

The inner orig-uid probably doesn't amount to a whole lot in practice,
but its more reassuring to run as not-0.

Disconnect namespace config option from experimental, but continue to
default off.

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ia68c1c1c0bc7a91eb158f5d189453b683fea0ef0
2024-07-12 09:14:33 +01:00
Caolán McNamara
ac10c95ed6 use buildLocalPathToJail instead of direct JAILED_DOCUMENT_ROOT concat
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I911a823738a4066de9fdb771e695b717c0cbcde7
2024-07-12 09:14:33 +01:00
Caolán McNamara
1e45a4a5e7 create separate buildLocalPathToJail
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I4850121b809eedfb8dc9c720e952aac4e8924b4a
2024-07-12 09:14:33 +01:00
Caolán McNamara
fb9adff2c7 everything becomes a lot easier if we use where tmp is mounted *from*
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I810fb8ed26f6add662d886b4c45fdadf352e2ea8
(cherry picked from commit 8f2bf8ecc5b4890e67b0c65b12e3f150d0f18b97)
2024-07-12 09:14:33 +01:00
Michael Meeks
0e8d674617 Trim URIs if necessary, and test that.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I4f8cef1fb05a6f8fa8f85010adbf8b0ccd8af9e9
2024-07-11 12:52:30 +01:00
Michael Meeks
d65e227905 Attempt to fix curious assertion around ServerAuditUtil.
[ websrv_poll ] SIG   Fatal signal received: SIGABRT code: 18446744073709551610 for address: 0x730000696e
  Backtrace 26990 - wsd 24.04.4.4snapshot 07bc101:
    __GI_abort                                     glibc-2.27/stdlib/abort.c:81
    __GI___pthread_mutex_lock                      glibc-2.27/nptl/../nptl/pthread_mutex_lock.c:67
    ServerAuditUtil::set(std::string, std::string) /usr/include/c++/12/bits/std_mutex.h:103
    SocketDisposition::execute()                   /usr/include/c++/12/bits/std_function.h:591
    SocketPoll::poll(long)                         /usr/include/c++/12/bits/shared_ptr_base.h:1070

  Also cleanup member naming to match the COOL standard.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I4fd6f4d57c3cbfe1edf7121895e5dab7e13fa4fc
2024-07-10 08:32:07 +01:00
Caolán McNamara
e036357893 ls -lR alike filesystem listing utility
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I4849dae47972be7215c50e06493f4e70d73c2eb7
2024-07-08 20:01:25 +01:00
Andras Timar
2a5ced4be9 typo fix: fowardedData -> forwardedData
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I64c56f35526f5e8a17a040d22c7eea79586b3174
2024-07-08 15:09:44 +02:00
Michael Meeks
56cd14516a wsd: CheckFileInfo - avoid over-complicating things.
We don't need a mutex & a condition - we can just spin our own
TerminatingPoll to get what we need; saves launching an
un-necessary thread, and reducing threading complexity.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Ia65398aa8a59ca297cd0a0caf0fa607681960764
2024-07-08 12:19:40 +01:00
Henry Castro
48bf0bffbc wsd: fix async request
It will block main thread if fails.
..

Change-Id: I420c19f315b70b04e5e73c3dc7c6a93f3d165e34
Signed-off-by: Henry Castro <hcastro@collabora.com>
2024-07-05 18:41:28 -04:00
Ashod Nakashian
22bff144b9 wsd: clipboard: do not trust the given URL
The URL given may be invalid, empty, or for some
reason we might fail to create a session.

In all these cases, we must fail the clipboard
request gracefully.

Change-Id: I32871edf1c8926ee5d37a9b8ce7ba8a60973b733
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-07-05 08:59:37 +01:00
Ashod Nakashian
d6a2884ad5 wsd: default-initialize ssl.cipher_list
Change-Id: I1aee134aa3cb758c8bdf2fecfa2b215e6bf0bdcb
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-07-05 08:59:37 +01:00
Caolán McNamara
458882cb9d log the X-Forwarded-For header we operate on here
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ic107be34b63ec64e977ddac7957d775c9d711803
2024-07-04 11:36:03 +02:00
Andras Timar
0ddeffa153 Initialize storage.ssl.* config items
We need to initialize these, because we saw in the wild that
a customer removed the empty defaults from coolwsd.xml and
coolwsd stopped with fatal error.

Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: Ifc75e3eb2fe50c2028f84d8f61ba5a034b14b4cf
2024-07-03 16:54:48 +02:00
Tomaž Vajngerl
cde26b6479 Add support for "getpresentationinfo" command
This adds support for getting the presentation info from core.
This change uses the new GetPresentationInfo() funciton that was
added to the LOKit API.

Signed-off-by: Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk>
Change-Id: I19f5809fd841e4b2603a2446e1d9d54392dd1bd7
2024-07-03 13:23:14 +02:00
Ashod Nakashian
8f901ba5f4 wsd: simplify renaming after save
If a file exists, we should be able
to rename it. Otherwise, complain.

Change-Id: I6f5346c5b3e855615dc5d7c2270903175ace1daf
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-07-03 11:51:14 +02:00
Caolán McNamara
85eaec2311 add 'mount_namespaces' option to use linux mount namespaces
if experimental_features and mount_namespaces is enabled and it is
possible to "unshare" then instead of coolforkit exec coolforkitns which
doesn't have any capabilities set and inprocess mount inside a namespace
instead of calling coolmount

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I48bef12b9156f41c78221e750a30aacee8a737a9
2024-07-02 13:31:38 +01:00
Ashod Nakashian
20b6b94a32 wsd: reliable locking with async loading
Change-Id: Ida0f9159596fbd83793b646879d0a9c5599cb7f9
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-07-02 09:13:49 +01:00
Ashod Nakashian
8aee9caa6b wsd: always set view-file-extension flag
Change-Id: If222b6afd47823c9d79c654a52ac018908821e5b
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-07-02 09:13:49 +01:00
Ashod Nakashian
03b00caa5d wsd: minor refactor around on-demand CFI
Change-Id: Ib84bcfd4807444a739805c350e94d36c4c973f52
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-07-02 09:13:49 +01:00
Ashod Nakashian
98650684e0 wsd: all view-only extensions accept comments
Change-Id: I88aae434b159b8d07d09e04b49a8eef2141e4ced
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2024-07-02 09:13:49 +01:00
Szymon Kłos
ba82b1c4fb versionbar: add option to hide popup
Signed-off-by: Szymon Kłos <szymon.klos@collabora.com>
Change-Id: I5b6b0695789048a208db970f45e42e0f59d855de
2024-07-02 09:19:19 +02:00
Michael Meeks
f05cea2b13 Fix proxying header assertion failure.
Re-write Server of proxied requests to avoid:
    coolwsd: ./net/HttpRequest.hpp:945: bool http::Response::writeData(Buffer &) const:
    Assertion `get("Server") == http::getServerString() &&
    "Server Agent is always set in http::Response ctor"' failed.

Change-Id: I6076dbc355b0f42a6367271893c9732195c8eb2a
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
2024-06-28 22:23:28 +01:00
Andras Timar
db94bfd881 Instead of ssl.termination, the condition should depend on ssl.enable
So that we fall back from storage.ssl.*_file_path to ssl.*_file_path when
ssl.enable=true, because in this case we can expect that these fallbacks
exist. Otherwise we do not fall back.
ssl.termination does not matter.

Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I6ca86c5ce5849fffcd5c41f0ce2a54977ab50faa
2024-06-28 10:52:49 +02:00
Henry Castro
898ebca5a8 wsd: fix ‘ssl’ has not been declared
Change-Id: I028eacced01ea67baec45a233630a5d0b1c78c75
Signed-off-by: Henry Castro <hcastro@collabora.com>
2024-06-27 13:45:56 +02:00
Patrick Luby
21d908806d Fix mobile build breakage
The iOS and Android platforms run the LibreOffice backend in the client
process so there is no SSL sockets. Instead, all client and server
communication is done through a buffer shared between threads.

Signed-off-by: Patrick Luby <guibomacdev@gmail.com>
Change-Id: I50f2697a8c915967b38dddb530cb5d74c88b5cb8
2024-06-26 22:16:36 +02:00
Andras Timar
61e9e7ea7f Read storage.ssl.*_file_path without fallback in case of SSL termination
It covers the following use case:

COOL  -- NO SSL ---  REVERSE PROXY --- SSL  ---- CLIENT
 |
 +------------------------------------ SSL  ---- WOPI STORAGE

Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I4a404a93887893f27fe84873d18d8ae5528b0cef
2024-06-26 20:40:39 +02:00
Andras Timar
cc62adc9c0 In case of SSL termination, do not attempt to read cert file paths
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I46d2509736f72ee79f29846ea9ab70de32b93a07
2024-06-26 18:14:48 +02:00
Caolán McNamara
21b248adce only bother to do this if we get any results
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I6e1ef24bcf79569a60aa4d90d53b9316726ff0d5
2024-06-24 18:53:34 +02:00
Caolán McNamara
7ca908a500 honour online host verification exemption also in core
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I041b6f428069d5fb62426c80512ced7d00e622d3
2024-06-24 18:53:34 +02:00
Caolán McNamara
292e48ddf1 auto-add wopi server cert to child capath
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I708ae6217dc4acf3be3b80dc27a4add03e2324a0
2024-06-24 18:53:34 +02:00