Commit graph

85 commits

Author SHA1 Message Date
Jan Holesovsky
9d07230f8a ServiceRoot: Allow prefixing all the URI paths with a given prefix.
For instances that has to run in a deeper path like
https://server/something/blah/loleaflet/HASH/loleaflet.html.

Change-Id: Idacdaf9087d682fd527c3af2ea45d6b51a33908e
2018-09-08 00:12:15 +02:00
Tor Lillqvist
86a20fc927 Allow also the IPv6 loopback address ::1
Change-Id: I4e079095d0a599f36b1d48d7a1311db75e3d79bf
2018-07-18 17:54:45 +03:00
Tor Lillqvist
63a24e0082 Accept also localhost and IPv4-mapped IPv6 addresses
Change-Id: Ifc295d164276c0dd17592ff27066a522482fe04a
Reviewed-on: https://gerrit.libreoffice.org/57351
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
2018-07-12 17:43:11 +02:00
Michael Meeks
44e065d018 Remove test monitor.
Change-Id: I55f93ffec68745b194a778b541db1011962f735d
2018-05-18 18:32:57 +01:00
Michael Meeks
b483f477dd Allow a 'monitor' to be connected to remotely if configured.
So far monitors have the access an permissions of an
authenticated admin.

Change-Id: I59dfa8a646a60584a5c113ee0521e9afba4f6b76
2018-05-18 15:16:39 +02:00
Andras Timar
ad7c8ea8b3 trace should not be enabled by default in config file
This setting defaults to false in code, when the setting is not present
in the config file.

Also world-readable /tmp is not a good default path of trace file.

Change-Id: Iab6da18cf6f97f75bbcdaf444042cd7039c462f8
Reviewed-on: https://gerrit.libreoffice.org/53966
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-05-08 17:09:37 +02:00
Jan Holesovsky
88eefe75c5 Improve readability of the admin console password check.
Also disable PAM by default.

Change-Id: Id1197f0d049ce56f698952b87d2c4760412eb8ec
Reviewed-on: https://gerrit.libreoffice.org/53727
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-05-02 16:34:57 +02:00
YiiChang Yen
910ae806ef wsd: to filter clientAddress before POST action.
Change-Id: I293580f041bc46b36c57f63fe4a2c0131763b3c1
Reviewed-on: https://gerrit.libreoffice.org/50977
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2018-04-30 18:50:06 +02:00
Michael Meeks
ce06a9ae37 Allow the Admin console to be disabled in the configuration.
Change-Id: Iacde8e891f42e9ef9399ebbebbd2b2978188d4c4
2018-04-17 20:47:17 +01:00
Michael Meeks
8f134aa1a9 Allow running without seccomp and capabilities.
There are some significant security trade-offs here which are now
at least configurable.

Change-Id: I1d879d69e91392f4ccf5db250a2277f53df60db7
2018-03-19 20:46:17 +00:00
Andras Timar
0b382f879b Allow preload of nl dictionary by default
Change-Id: Id6410fa4febdd778f511e0bdcc4324ad0c2fdf43
2018-02-16 11:07:21 +01:00
Jan Holesovsky
ba7825e63b wsd: Support for configuration of the allowed languages.
Change-Id: I233619b89ac61aeaab4ba96f1f52773802cfd7ae
2018-01-26 20:57:54 +01:00
Andras Timar
a2e25cc7d3 Add PAM support
Possibilities are endless. With a simple /etc/pam.d/loolwsd config below,
the user which runs loolwsd ('lool' in production environment) can login
to admin console with normal linux password.

    auth       required     pam_unix.so
    account    required     pam_unix.so

Change-Id: I354a7e9b4705e8fe346d17d6b6041d1406198b37
Reviewed-on: https://gerrit.libreoffice.org/48307
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2018-01-23 11:03:45 +01:00
Michael Meeks
a1ee97c222 Add IPv6 support, and configuration option.
Default to listening on both IPv44 and IPv6 for public interfaces.

Change-Id: Ib04e3bf65e7dcf2a798d381297b15ee9c56e9259
2018-01-09 22:03:17 +00:00
Michael Meeks
ec80d623b8 Edit the right configuration XML file.
Change-Id: If72006918550ee5c440ad6b2ff26a5bd0d1efef1
2017-11-22 16:47:05 +00:00
Jan Holesovsky
8a0b47b3dc Set these rlimits to unlimited by default.
Change-Id: Id7e9f8db5422dc59b88cacf63a25e72b57826a57
2017-10-05 12:03:14 +02:00
Andras Timar
7224a062e9 typo: documen->document
Change-Id: I5d51dada113e3f1b3db5104d6d1f3b70a9fe99e6
2017-09-28 13:06:37 +02:00
Marco Cecchetti
ee6e64528d wsd: support for FSIZE and NOFILE system limits
The routine for handling the configuration for the max file size
limit, was wrongly using NOFILE. Now we handle both limits correctly.

Change-Id: Ie8b63617286f66af6d4eb1b35b9e4f4b28f3c2a6
Reviewed-on: https://gerrit.libreoffice.org/42803
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/42811
Reviewed-by: Marco Cecchetti <mrcekets@gmail.com>
Tested-by: Marco Cecchetti <mrcekets@gmail.com>
2017-09-26 17:40:31 +02:00
Pranav Kant
ad211ef51b wsd: Configurable autosave and idlesave durations
But these save conditions are checked every 30 seconds only, so setting
them to less than 30 seconds wouldn't mean that save will be triggered
anytime sooner.

Change-Id: Id473a79af6a3170c72e372040460f2b7c15f150e
2017-08-24 16:54:15 +05:30
Pranav Kant
fde57adbbf Introduce hard mode when we are OOM
Start killing documents when memory usage goes above threshold.

Also make it possible to close documents from admin instance.
In DocumentBroker::closeDocument, just set the _stop flag and wake
up the polling thread which will terminate the children, instead of
manually terminating the children.

Change-Id: Ie70e05b3fb6ea816a87b6dcfaed92cdddb94aa90
2017-07-07 21:14:53 +05:30
Ashod Nakashian
9cb82cebe3 wsd: add rlimit config entries and defaults
Change-Id: I8cb498d01bc1a7a55d168e49c754bb1bba80aea1
Reviewed-on: https://gerrit.libreoffice.org/38673
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-06-12 06:17:44 +02:00
Ashod Nakashian
954a37a06c Configurable timeouts
Timeouts to dimming the doc in the browser
are now configurable from WSD and is relayed
to loleflet as expected.

Out of focus timeout is now 60 seconds.

Change-Id: I8452e30976f6a81b0c3bb3ba5774daa244c1640c
Reviewed-on: https://gerrit.libreoffice.org/37489
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-05-11 08:01:30 +02:00
Ashod Nakashian
7d823787bb wsd: configurable idle document timeout
When a document is idle (no activity from
any views) for this timeout duration, the
document is saved and unloaded to minimize
resource consumption.

Change-Id: If6f09136ae40c7e84180fc8c8adbf6db8396d292
Reviewed-on: https://gerrit.libreoffice.org/37374
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-08 05:00:56 +02:00
Jan Holesovsky
ba3b32aad1 Clean the cache even when the document was not modified.
And rename the option, to match better the existing tile cache setting.

Change-Id: Iea5c2c5628a403dd2dc3e2943cd858f40e2a2ebc
2017-04-12 20:04:30 +02:00
Marco Cecchetti
c651a69485 wsd - implemented an option to clean cache on doc close
Change-Id: I0bdb373efb93546527a168df2ed1c75539e95fe4
2017-04-12 19:00:25 +02:00
Pranav Kant
1437a060ec security: Implement HTTP Public key pinning
Though this guard the user against MITM attacks, but enabling this also
has the potential to brick your websites. So, do not use it/enable it
without understanding what it actually is.

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning

Though this should work, but I have not been able to test it because of
Firefox and Chrome's limitation/feature that key validation is not done
when certificate chain terminates at a user-defined trust anchor and I
couldn't find any way to temporarily enable the HPKP key validation for
such CA chains.

Change-Id: I64d4ff82b04c59642fa7b8bac2f8788a03950b28
Reviewed-on: https://gerrit.libreoffice.org/36357
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-04-10 14:46:24 +02:00
Jan Holesovsky
14a8797a82 Change the ssl termination default to 'false'.
Change-Id: Iafd3f3e7ccc423fa3b04c20a141e44554df6db90
2017-04-06 15:52:57 +02:00
Andras Timar
2cf1f22439 Use LO_PATH instead of hardcoded path as config default
Change-Id: I0d6ce9e7938e2521e764978526fe2d9ce632c992
2017-03-20 23:29:14 +01:00
Andras Timar
b17d64a854 switch to 5.3
Change-Id: I21cf56f8d061453c4ff3f609ea81a5604e12b78c
2017-03-18 21:56:19 +01:00
Ashod Nakashian
7d58df49fa wsd: new config to enable/disable snapshots when recording trace
By default snapshots are disabled, since trace recording
is enabled, to avoid unexpectedly flooding the disk.

Change-Id: I6c8728e14801f0a72accde1378455ec0e6046e3e
2017-02-05 22:03:18 -05:00
Ashod Nakashian
a7afc59e51 wsd: trace files support timestamp to prevent overwritting on restart
Change-Id: Ided928e7428d35f9ed322720ea306e090bdd0c38
2017-02-05 21:59:23 -05:00
Pranav Kant
39dd5018e2 browser console logging depending on loleaflet_logging prop.
loleaflet_logging defaults to true with compiled with
--enable-debug otherwise false.

Browser will print additional debug info when this property is
set to true.

Change-Id: Id9fabf134bd8d19fa1a09ca8c0987df46d4f1a4c
2016-12-15 16:52:07 +05:30
Tor Lillqvist
cbb0bec0ab Mention that without flushing, log lines are not necessarily in chronological order
Change-Id: I9fef5f58ec1ac645f49543fbbe469e6f79ae175f
2016-12-14 18:24:38 +02:00
Michael Meeks
bbe0723e78 Tweak code to use new paths. 2016-11-25 09:59:03 +00:00
Michael Meeks
cca657c8f2 Apply the pre-branch rename script to re-organize the source. 2016-11-25 09:58:48 +00:00
Renamed from loolwsd/loolwsd.xml.in (Browse further)