libreoffice-online/loolwsd
Ashod Nakashian ca22a79034 loolwsd: simplify detection of file modification
To avoid persisting the same document many times over
we check the jailed file timestamp. This logic
doesn't need to be more complex than simply invalidating
the last timestamp upon issuing .uno:Save and setting
it to the file's actual timestamp upon persisting.

Change-Id: I4afdf8da93fed438d4cbcd6de8dc14d52172ac9c
Reviewed-on: https://gerrit.libreoffice.org/24811
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2016-05-10 03:44:33 +00:00
..
bundled/include/LibreOfficeKit loolwsd: use paintPartTile and remove workarounds 2016-05-06 15:06:37 +00:00
debian merge loleaflet and loolwsd rpm packages 2016-04-14 17:08:52 +02:00
etc loolwsd: fix SSL certs/key install 2016-04-14 14:50:48 +02:00
test loolwsd: fix typo causing infinite recursion 2016-05-09 05:31:55 +00:00
.gitignore loolwsd: gitignore looltest 2016-04-29 11:31:55 +00:00
Admin.cpp loolwsd: Use SocketProcessor from IoUtil in Admin 2016-05-03 12:59:02 +05:30
Admin.hpp loolwsd: Use SocketProcessor from IoUtil in Admin 2016-05-03 12:59:02 +05:30
AdminModel.cpp admin console: Handle spaces in filenames 2016-04-19 16:38:08 +05:30
AdminModel.hpp loolwsd: new Admin API to remove documents 2016-04-18 03:35:29 +00:00
Auth.cpp
Auth.hpp
AUTHORS
autogen.sh Add a trivial autogen.sh. 2016-04-12 10:17:20 +02:00
ChangeLog
ChildProcessSession.cpp loolwsd: no need to send clients current part on invalidation 2016-05-08 04:39:07 +00:00
ChildProcessSession.hpp loolwsd: move tilecombine handling into lokit 2016-05-04 10:36:38 +00:00
Common.hpp Run the tests on ports that do not conflict with a 'normal' loolwsd. 2016-05-04 13:39:32 +02:00
configure.ac Bump version to 1.6.4 2016-05-03 23:32:05 +02:00
Connect.cpp Add purpose comments. 2016-05-02 18:03:09 +02:00
COPYING
discovery.xml
DocumentBroker.cpp loolwsd: simplify detection of file modification 2016-05-10 03:44:33 +00:00
DocumentBroker.hpp bccu#1774: poor API never fails to frustrate 2016-05-05 02:41:59 +00:00
Exceptions.hpp loolwsd: cleanup and improve WSD request handlers 2016-04-16 17:56:55 +00:00
FileServer.hpp loolwsd: add mime type svg 2016-05-04 16:17:29 -04:00
INSTALL
IoUtil.cpp loolwsd: state the child PID which has no DocumentBroker 2016-05-08 04:21:41 +00:00
IoUtil.hpp Don't assert on PING frames that we send 2016-05-03 09:50:38 +03:00
Log.cpp The logging goes to stderr, not stdout 2016-04-22 13:24:35 +03:00
Log.hpp Make logging signal safe again. snprintf: simpler, safer, faster. 2016-04-15 21:53:10 +01:00
LOKitClient.cpp
LOKitHelper.hpp loolwsd: remove extra space between 'status: ' and the message 2016-05-08 13:08:35 +00:00
LOOLForKit.cpp loolwsd: spawn ForKit process after initializing server 2016-05-08 04:31:44 +00:00
LOOLKit.cpp loolwsd: logging improvements 2016-05-08 04:36:00 +00:00
LOOLKit.hpp Attempt at a --nocaps argument to run with no caps, ie. under valgrind. 2016-04-16 20:47:55 +01:00
loolmap.c
loolmount.c Security bits and test cleanup. 2016-04-12 17:13:56 +01:00
LOOLProtocol.cpp Spelling correction 2016-05-09 07:30:26 +03:00
LOOLProtocol.hpp loolwsd: templatize parsing helpers 2016-05-09 05:21:37 +00:00
LOOLSession.cpp loolwsd: shortened some long identifiers 2016-04-29 01:05:45 +00:00
LOOLSession.hpp loolwsd: move tilecombine handling into lokit 2016-05-04 10:36:38 +00:00
loolstat
LOOLTool.cpp Add purpose comments. 2016-05-02 18:03:09 +02:00
loolwsd-systemplate-setup Cleanup symlinking and add realpath symlink if necessary. 2016-04-15 16:17:04 +01:00
LOOLWSD.cpp Scope the lock to avoid warnings. 2016-05-09 11:41:37 +02:00
LOOLWSD.hpp loolwsd: logging and cosmetics 2016-04-16 17:28:45 +00:00
loolwsd.service document --admincreds and --allowlocalstorage in loolwsd.service 2016-04-21 11:22:22 +02:00
loolwsd.spec.in redirect stderr to /dev/null (some search directories do not exist on all systems) 2016-05-02 13:17:13 +02:00
loolwsd.xml.in add all private IPv4 address ranges as allowed (for docker, for example) 2016-04-27 22:25:06 +02:00
Makefile.am add test/countloolkits.hpp to tarball 2016-05-09 12:25:42 +02:00
MasterProcessSession.cpp bccu#1776: Restore input mode if we are in one before saving 2016-05-09 21:59:13 +05:30
MasterProcessSession.hpp bccu#1776: Restore input mode if we are in one before saving 2016-05-09 21:59:13 +05:30
MessageQueue.cpp loolwsd: using range-based loops is more readable here 2016-04-28 08:44:01 +02:00
MessageQueue.hpp loolwsd: remaining 'unnecessary copy' fixes 2016-04-27 14:58:33 +02:00
NEWS
Png.hpp
PROBLEMS Rant about the duplicate specification of document URI, GET and 'load' 2016-04-20 10:35:38 +03:00
protocol.txt Document id argument of tile and tilecombine 2016-05-05 11:37:24 +00:00
QueueHandler.hpp
README README: loolwsd's --test option was binned 2016-04-20 12:00:46 +02:00
README.vars
Rectangle.hpp
reference.txt
security.h Security bits and test cleanup. 2016-04-12 17:13:56 +01:00
Storage.cpp loolwsd: using range-based loops is more readable here 2016-04-28 08:44:01 +02:00
Storage.hpp Storage: fix missing underscore for non-static members 2016-04-19 09:10:28 +02:00
sysconfig.loolwsd
TileCache.cpp loolwsd: support the tile id param when broadcasting tiles to subscribers 2016-05-05 14:23:22 +00:00
TileCache.hpp loolwsd: support the tile id param when broadcasting tiles to subscribers 2016-05-05 14:23:22 +00:00
TODO
Unit.cpp Better wording. 2016-05-04 11:30:41 +02:00
Unit.hpp Add unit test hook for libreofficekit. 2016-05-02 05:40:24 +01:00
UnitHTTP.hpp Run the tests on ports that do not conflict with a 'normal' loolwsd. 2016-05-04 13:39:32 +02:00
UserMessages.hpp loolwsd: cleanup and improve WSD request handlers 2016-04-16 17:56:55 +00:00
Util.cpp loolwsd: log the pid in the backtrace 2016-04-30 14:36:48 +00:00
Util.hpp loolwsd: helper to assert a lock is already taken 2016-05-03 00:00:13 +00:00

LibreOffice On-Line WebSocket server
====================================

Dependencies
------------

LibreOffice On-Line WebSocket server has the following dependencies:

* libpng
* Poco library: http://pocoproject.org/index.html.
* libcap-progs

Poco can be built with ./configure --prefix=/opt/poco && make install, but
distro packages exist too.

On openSUSE, you can use:

    zypper ar http://download.opensuse.org/repositories/devel:/libraries:/c_c++/openSUSE_13.2/devel:libraries:c_c++.repo
    zypper in poco-devel libcap-progs

On Debian 8 (Linux x86_64) you can use in /etc/apt/sources.list:

    deb https://www.collaboraoffice.com/apt-poco/ /

Building
--------

loolwsd uses autoconf/automake, so especially when building from .git
(as opposed to from a distribution tarball) you need the usual fun:

    libtoolize
    aclocal
    automake --add-missing
    autoreconf
    autoheader

and then

    ./configure --enable-silent-rules --with-lokit-path=${MASTER}/include \
    		--with-lo-path=${MASTER}/instdir --enable-debug
    make


where ${MASTER} is the location of the LibreOffice source tree.

When building from a tarball less magic is needed.

Run 'make check' after each commit.

Note that the loolforkit program needs the CAP_SYS_CHROOT capability,
thus you will be asked the root password when running make as it
invokes sudo to run /sbin/setcap.

If you have self-built Poco, add the following to ./configure:

    --with-poco-includes=<POCOINST>/include --with-poco-libs=<POCOINST>/lib

where <POCOINST> means the Poco installation location.

If you have the Poco debugging libraries (eg. you have a self-built
Poco), you can add --enable-debug to the configure options for
additional debugging.

For Windows, a proper VS2013 project is needed.

There is still unconditional debugging output etc. This is a work in
progress.

Running
-------

First create the directory used for caching tiles. It is set as
"${localstatedir}/cache/${PACKAGE}" in the configure.ac, so if you did
not pass any switch to the configure script that affects
"localstatedir, it will be /usr/local/var/cache/loolwsd . If you did
pass such a switch, like --prefix, check config.h for the exact value.

If you're using the defaults you'll need to:

sudo mkdir -p /usr/local/var/cache/loolwsd
sudo chown `whoami` /usr/local/var/cache/loolwsd

Now you can just do:

    make run

and follow the link that recommends (see loleaflet/README for more info).

Again, ${MASTER} is location of the LibreOffice source tree with a built
LibreOffice.  This is work in progress, and consequently needs the latest
LibreOffice master.


Running manually
----------------

If you want to do the 'make run' yourself, you need to set up a minimal
chroot system, and directory for the jails:

    SYSTEMPLATE=`pwd`/systemplate  # or tweak for your system
    ROOTFORJAILS=`pwd`/jails       # or tweak for your system

    rm -Rf ${SYSTEMPLATE} # clean
    ./loolwsd-systemplate-setup ${SYSTEMPLATE} ${MASTER}/instdir # build template
    mkdir -p ${ROOTFORJAILS} # create location for transient jails.

To run loolwsd the way it is supposed to eventually be run "for real", you can
now do:

    ./loolwsd --systemplate=${SYSTEMPLATE} --lotemplate=${MASTER}/instdir --childroot=${ROOTFORJAILS}

The ${SYSTEMPLATE} is a directory tree set up using the
loolwsd-systemplate-setup script here. (It should not exist before
running the script.) It will contain the runtime environment needed by
the LibreOffice dynamic libraries used through LibreOfficeKit.
Improvements to that script are very likely needed on various distros.

The ${ROOTFORJAILS} directory above is a presumably initially empty
directory under which loolwsd will create chroot jails for editing
each specific document.

As loolwsd uses hardlinks to "copy" the contents of both
${SYSTEMPLATE} and the ${MASTER}/instdir directories into each chroot
jail, ${SYSTEMPLATE} and ${MASTER}/instdir need to be on the same file
system as ${ROOTFORJAILS}.

Leaflet files are served itself by loolwsd internal file server. You
can specify the root of this fileserver using the --fileserverroot
flag in loolwsd commandline.  By default, if you do not specify this
flag, the parent directory of loolwsd/ is assumed to be the
fileserverroot. So, for development purposes, you can access the
leaflet files (using /loleaflet/), but it is advised to explicitly set
the fileserverroot to prevent any unwanted files from reading,
especially when lool is deployed for normal public usage on servers.

Please note that it is necessary that all the leaflet files that are
meant to be served is under a directory named 'loleaflet'. Since, the
loleaflet files, in lool git repo, are itself in a directory named
'loleaflet', this would work out of the box for development purposes.

If you run loolwsd on HTTPS, you have to set up your own private key
and certificates (in PEM format only). The name and location of key,
certificate and CA certificate chain is defined in
${sysconfdir}/loolwsd/loolwsd.xml. Dummy self-signed cert.pem,
ca-chain.cert.pem and key.pem are already included, but it is better
to replace those with your own files. HTTPS is the default. HTTP-only
mode can be enabled with --disable-ssl configure option. key.pem is
required even in HTTP-only mode, because it is used to generate the
secure token for the admin console.

If you plan to hack on loolwsd, you probably want to familiarize
yourself with loolwsd's --numprespawns switch, and the 'connect'
test program.

For interactive testing, you can use the 'connect' program. It accepts
"commands" from the protocol on standard input.

Admin Panel
-----------

You can access the admin panel by directly accessing the admin.html file from loleaflet directory.
See loleaflet/README for more details.

Debugging
---------

When debugging, you want to add --numprespawns=1 to the loolwsd parameters to
limit the amount of concurrently running processes.

When the crash happens too early, you also want to

    export SLEEPFORDEBUGGER=<number of seconds>

so that you have time to attach to the process.

Then run loolwsd, and attach your debugger to the process you are
interested in. Note that as the loolforkit executable file has
capabilities set, so when debugging that you need to run the debugger
with super-user privilege.

Also, note that as the child processes run in a chroot environment,
they see the LibreOffice shared libraries as being in a directory tree
/lo , but your debugger does not. So in order to be able to
effectively debug the LibreOffice code as used through LibreOfficeKit
by a child loolwsd process, you need to symlink the "lo" subdirectory
of a running child loolwsd process's chroot jail as /lo. Something like:

sudo ln -s ~/libreoffice/master/lool-child-roots/1046829984599121011/lo /lo

Use the ps command to find out exactly the path to use.

Set LOOL_DEBUG=1 to trap SIGSEGV and SEGBUS and prompt for debugger.

Protocol description
--------------------

See protocol.txt for a description of the protocol to be used over the
websocket.

Architecture
------------

There are three processes: LoolWSD, LoolForKit, and LoolKit.

WSD is the top-level server and is intended to run as a service.
It is responsible for spawning ForKit and listening on public
port for client connections.

The ForKit is only responsible for forking Kit instances. There is
only one ForKit per WSD instance and there is one Kit instance per
document.

WSD listens on a public port and using internal pipes requests
the ForKit to fire a child (Kit) instance to host documents.
The ForKit then has to find an existing Kit that hosts that
document, based on the public URI as unique key, and forward
the request to this existing Kit, which then loads a new
view to the document.

There is a singleton Admin class that gets notified of all the
important changes and update the AdminModel object accordingly.
AdminModel object has subscribers which corresponds to admin
panel sessions. Subscriber can subscribe to specific commands
to get live notifications about, and to update the UI accordingly.

Whether a document is loaded for the first time, or this is
a new view on an existing one, the Kit connects via a socket
to WSD on an internal port. WSD acts as a bridge between
the client and Kit by tunnelling the traffic between the two
sockets (that which is between the client and WSD and the one
between WSD and Kit).

File System
-----------

WSD is given childroot argument on the command line. This is
the root directory of jailed FS. This path can be anywhere, but
here we'll designate it as:

/childroot

Before spawning a ForKit instance, WSD needs to generate a random
Jail-ID to use as the jail directory name. This JailID is then
passed to ForKit as argument jailid.

Note: for security reasons, this directory name is randomly generated
and should not be given out to the client. Since there is only one
ForKit per WSD instance, there is also one JailID between them.

The ForKit creates a chroot in this directory (the jail directory):

/childroot/jailid/

ForKit copies the LO instdir (essentially installs LO in the chroot),
then copies the Kit binary into the jail directory upon startup.
Once done, it chroot-s and drops caps.

ForKit then waits on a read pipe to which WSD writes when a new
request from a client is received. ForKit is responsible for spawning
(or forking) Kit instances. For our purposes, it doesn't matter
whether Kit is spawned or forked.

Every document is hosted by a Kit instance. Each document is stored
in a dedicated directory within the jail directory. The document
root within the jail is /user/docs. The absolute path on the system
(which isn't accessible to the Kit process as it's jailed) is:

/childroot/jailid/user/docs

Within this path, each document gets its own sub-directory based on
another random Child-ID (which could be the Process ID of the Kit).
This ChildId will be given out to clients to facilitate the insertion
and downloading of documents. (Although strictly speaking the client
can use the main document URI as key, this is the current design.)

/childroot/jailid/user/docs/childid


A request from a client to load a document will trigger the following
chain of events.

- WSD public socket will receive the connection request followed
  by a "load" command.
- WSD creates MasterProcessSession (ToClient) to handle the client traffic.
- MasterProcessSession requests ForKit to find or spawn Kit for
  the given URI.
- ForKit sends Kit request to host URI via pipe.
- Kit connects to WSD on an internal port.
- WSD creates another MasterProcessSession (ToPrisoner) to service Kit.
- MasterProcessSession (ToClient) is linked to the ToPrisoner instance,
  copies the document into jail (first load only) and sends
  (via ToPrisoner) the load request to Kit.
- Kit loads the document and sets up callbacks with LOKit.
- MasterProcessSession (ToClient) and MasterProcessSession (ToPrisoner)
  tunnel the traffic between client and Kit both ways.


Coding style
------------

There is not really any serious rationale why the code ended up being
written in the style it is... but unless you plan to change some style
detail completely and consistently all over, please keep to the style
of the existing code when editing.

The style is roughly as follows, in rough order of importance:

- As in LO, no hard TABs in source files. Only spaces. Indentation
  step is four columns.

- As in LO, the braces { and } of the block of if, switch, and while
  statements go on separate lines.

- Following Poco conventions, non-static member variables are prefixed
  with an underscore. Static members have a CamelCase name.

- Do use C++11. I admit in some places (out of laziness or ignorance)
  I use Poco API even if there probably is an equivalent std::
  API. (Like for threads.) Feel free to change those, if the std:: API
  is not much more verbose or ugly, and you are sure it is equivalent.

- Always prefer the C++ wrapped version of a C library
  API. I.e. include <cstring> instead of <string.h>, use std::memcpy()
  instead of memcpy(), etc.

- Use std:: prefix for all std API, i.e. don't ever do "using
  std;". But it's OK to use "using Poco::Foo;" all over. Maybe that is
  not a good idea? But please no "using" in headers.

- Member functions use camelCaseWithInitialLowerCase. I don't like
  CamelCaseWithInitialUpperCase.

- [ No kind of Hungarian prefixes. ] This rule seems to have been
  totally ignored lately. So now the codebase is inconsistent in
  naming conventions. Oh well.