haraldwolff
/
collabora-online
mirror of https://github.com/CollaboraOnline/online.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

wsd: Unconditionally compile support-key-enabled code paths 

Signed-off-by: Aron Budea <aron.budea@collabora.com>
Change-Id: Iec477c223f2dc75e0be8b472c8439ca9311d6aae
pull/8761/head
Aron Budea 2024-03-24 00:30:48 +10:30 committed by thebearon
parent bae0a91082
commit 246e87fea2
14 changed files with 141 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.am
View File

@ -294,6 +294,7 @@ coolstress_SOURCES = tools/Stress.cpp \
coolconfig_SOURCES = tools/Config.cpp \
tools/ConfigMigrationAssistant.cpp \
common/DummyTraceEventEmitter.cpp \
common/ConfigUtil.cpp \
common/Crypto.cpp \
common/Log.cpp \
common/StringVector.cpp \

3
android/lib/src/main/cpp/CMakeLists.txt.in
View File

@ -7,8 +7,9 @@ add_library(androidapp SHARED
androidapp.cpp
../../../../../common/Authorization.cpp
../../../../../common/ConfigUtil.cpp
../../../../../common/FileUtil.cpp
../../../../../common/CommandControl.cpp
../../../../../common/Crypto-stub.cpp
../../../../../common/FileUtil.cpp
../../../../../common/Log.cpp
../../../../../common/MessageQueue.cpp
../../../../../common/TraceEvent.cpp

10
common/ConfigUtil.cpp
View File

@ -70,4 +70,14 @@ bool isSslEnabled()
return false;
#endif
}
bool isSupportKeyEnabled()
{
#if ENABLE_SUPPORT_KEY
return true;
#else
return false;
#endif
}
} // namespace config

3
common/ConfigUtil.hpp
View File

@ -49,4 +49,7 @@ bool getBool(const std::string& key, const bool def);
/// Return true if SSL is enabled in the config and no fuzzing is enabled.
bool isSslEnabled();
/// Return true if build is support key enabled (ENABLE_SUPPORT_KEY is defined)
bool isSupportKeyEnabled();
} // namespace config

28
common/Crypto-stub.cpp 100644
View File

@ -0,0 +1,28 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
/*
* Copyright the Collabora Online contributors.
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include "Crypto.hpp"
#include <Poco/DateTime.h>
struct SupportKeyImpl {};
SupportKey::SupportKey([[maybe_unused]] const std::string& key) {}
SupportKey::~SupportKey() {}
bool SupportKey::verify() { return true; }
int SupportKey::validDaysRemaining() { return 0; }
Poco::DateTime SupportKey::expiry() const { return Poco::DateTime(); }
std::string SupportKey::data() const { return std::string(); }

17
common/Crypto.cpp
View File

@ -11,8 +11,6 @@
#include <config.h>
#if ENABLE_SUPPORT_KEY
#include <Poco/DigestStream.h>
#include <Poco/Base64Decoder.h>
#include <Poco/DateTimeParser.h>
@ -24,11 +22,22 @@
#include "Log.hpp"
#include "Crypto.hpp"
#if ENABLE_SUPPORT_KEY
#include "support-public-key.hpp"
#endif
using namespace Poco;
using namespace Poco::Crypto;
std::string getSupportPublicKey()
{
#if ENABLE_SUPPORT_KEY
return SUPPORT_PUBLIC_KEY;
#else
return std::string();
#endif
}
struct SupportKeyImpl
{
bool _invalid;
@ -86,7 +95,7 @@ bool SupportKey::verify()
return false;
}
std::istringstream pubStream(SUPPORT_PUBLIC_KEY);
std::istringstream pubStream(getSupportPublicKey());
try {
RSAKey keyPub(&pubStream);
@ -140,6 +149,4 @@ std::string SupportKey::data() const
return _impl->_data;
}
#endif // ENABLE_SUPPORT_KEY
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */

4
common/Crypto.hpp
View File

@ -11,8 +11,6 @@
#pragma once
#if ENABLE_SUPPORT_KEY
#include <memory>
struct SupportKeyImpl;
@ -38,6 +36,4 @@ public:
std::string data() const;
};
#endif
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */

4
ios/Mobile.xcodeproj/project.pbxproj
View File

@ -23,6 +23,7 @@
BE18C7DE226DE09A001AD27E /* Branding in Resources */ = {isa = PBXBuildFile; fileRef = BE18C7DD226DE09A001AD27E /* Branding */; };
BE512CBA2518DE6E00921C15 /* libsqlite3.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = BE512CB92518DE6400921C15 /* libsqlite3.tbd */; };
BE55E0EB2653FCCB007DDF29 /* ConfigUtil.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE55E0E92653FCCB007DDF29 /* ConfigUtil.cpp */; };
BE55E0EB3653FCCB007DDF29 /* Crypto-stub.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE55E0EC2653FCCB007DDF29 /* Crypto-stub.cpp */; };
BE5EB5C1213FE29900E0826C /* Log.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE5EB5B9213FE29900E0826C /* Log.cpp */; };
BE5EB5C2213FE29900E0826C /* SpookyV2.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE5EB5BA213FE29900E0826C /* SpookyV2.cpp */; };
BE5EB5C3213FE29900E0826C /* Session.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE5EB5BB213FE29900E0826C /* Session.cpp */; };
@ -552,6 +553,7 @@
BE512CB92518DE6400921C15 /* libsqlite3.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libsqlite3.tbd; path = usr/lib/libsqlite3.tbd; sourceTree = SDKROOT; };
BE55E0E92653FCCB007DDF29 /* ConfigUtil.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ConfigUtil.cpp; sourceTree = "<group>"; };
BE55E0EA2653FCCB007DDF29 /* ConfigUtil.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ConfigUtil.hpp; sourceTree = "<group>"; };
BE55E0EC2653FCCB007DDF29 /* Crypto-stub.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Crypto-stub.cpp; sourceTree = "<group>"; };
BE58E129217F295B00249358 /* Log.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = Log.hpp; sourceTree = "<group>"; };
BE58E12A217F295B00249358 /* Png.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = Png.hpp; sourceTree = "<group>"; };
BE58E12B217F295B00249358 /* SigUtil.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SigUtil.hpp; sourceTree = "<group>"; };
@ -2183,6 +2185,7 @@
BEABFC6724AC94C3004DE339 /* Authorization.hpp */,
BE55E0E92653FCCB007DDF29 /* ConfigUtil.cpp */,
BE55E0EA2653FCCB007DDF29 /* ConfigUtil.hpp */,
BE55E0EC2653FCCB007DDF29 /* Crypto-stub.cpp */,
BE5EB5C0213FE29900E0826C /* FileUtil.cpp */,
BE5EB5B9213FE29900E0826C /* Log.cpp */,
BE58E129217F295B00249358 /* Log.hpp */,
@ -3678,6 +3681,7 @@
BE5EB5C5213FE29900E0826C /* MessageQueue.cpp in Sources */,
BE7228E22417BC9F000ADABD /* StringVector.cpp in Sources */,
BE55E0EB2653FCCB007DDF29 /* ConfigUtil.cpp in Sources */,
BE55E0EB3653FCCB007DDF29 /* Crypto-stub.cpp in Sources */,
BE5EB5E721401E0F00E0826C /* RequestVettingStation.cpp in Sources */,
BE5EB5F821401E0F00E0826C /* Storage.cpp in Sources */,
BE5EB5D621401E0F00E0826C /* Storage.cpp in Sources */,

29
tools/Config.cpp
View File

@ -33,6 +33,7 @@
#include <Poco/Util/OptionSet.h>
#include <Poco/Util/XMLConfiguration.h>
#include <common/ConfigUtil.hpp>
#include <Util.hpp>
#include <Crypto.hpp>
@ -131,11 +132,12 @@ void Config::displayHelp()
<< "Commands: " << std::endl
<< " migrateconfig [--old-config-file=<path>] [--config-file=<path>] [--write]" << std::endl
<< " anonymize [string-1]...[string-n]" << std::endl
<< " set-admin-password" << std::endl
#if ENABLE_SUPPORT_KEY
<< " set-support-key" << std::endl
#endif
<< " set <key> <value>" << std::endl
<< " set-admin-password" << std::endl;
if (config::isSupportKeyEnabled())
{
std::cout << " set-support-key" << std::endl;
}
std::cout << " set <key> <value>" << std::endl
<< " generate-proof-key" << std::endl
<< " update-system-template" << std::endl << std::endl;
}
@ -169,12 +171,13 @@ void Config::defineOptions(OptionSet& optionSet)
.repeatable(false)
.argument("number"));
#if ENABLE_SUPPORT_KEY
optionSet.addOption(Option("support-key", "", "Specify the support key [set-support-key].")
.required(false)
.repeatable(false)
.argument("key"));
#endif
if (config::isSupportKeyEnabled())
{
optionSet.addOption(Option("support-key", "", "Specify the support key [set-support-key].")
.required(false)
.repeatable(false)
.argument("key"));
}
optionSet.addOption(Option("anonymization-salt", "", "Anonymize strings with the given 64-bit salt instead of the one in the config file.")
.required(false)
@ -337,8 +340,7 @@ int Config::main(const std::vector<std::string>& args)
return EX_UNAVAILABLE;
#endif
}
#if ENABLE_SUPPORT_KEY
else if (args[0] == "set-support-key")
else if (config::isSupportKeyEnabled() && args[0] == "set-support-key")
{
std::string supportKeyString;
if (SupportKeyStringProvided)
@ -373,7 +375,6 @@ int Config::main(const std::vector<std::string>& args)
changed = true;
}
}
#endif
else if (args[0] == "set")
{
if (args.size() == 3)

1
wasm/Makefile.am
View File

@ -23,6 +23,7 @@ online_SOURCES = \
wasmapp.cpp \
../common/Authorization.cpp \
../common/ConfigUtil.cpp \
../common/Crypto-stub.cpp \
../common/FileUtil.cpp \
../common/CommandControl.cpp \
../common/Log.cpp \

56
wsd/COOLWSD.cpp
View File

@ -400,8 +400,10 @@ void COOLWSD::writeTraceEventRecording(const std::string &recording)
void COOLWSD::checkSessionLimitsAndWarnClients()
{
#if !ENABLE_SUPPORT_KEY
#if !MOBILEAPP
if (config::isSupportKeyEnabled())
return;
ssize_t docBrokerCount = DocBrokers.size() - ConvertToBroker::getInstanceCount();
if (COOLWSD::MaxDocuments < 10000 &&
(docBrokerCount > static_cast<ssize_t>(COOLWSD::MaxDocuments) || COOLWSD::NumConnections >= COOLWSD::MaxConnections))
@ -419,7 +421,6 @@ void COOLWSD::checkSessionLimitsAndWarnClients()
}
}
#endif
#endif
}
void COOLWSD::checkDiskSpaceAndWarnClients(const bool cacheLastCheck)
@ -2688,44 +2689,45 @@ void COOLWSD::innerInitialize(Application& self)
setenv("LOK_HELP_URL", "", 1);
#endif
#if ENABLE_SUPPORT_KEY
const std::string supportKeyString = getConfigValue<std::string>(conf, "support_key", "");
if (supportKeyString.empty())
if (config::isSupportKeyEnabled())
{
LOG_WRN("Support key not set, please use 'coolconfig set-support-key'.");
std::cerr << "Support key not set, please use 'coolconfig set-support-key'." << std::endl;
COOLWSD::OverrideWatermark = "Unsupported, the support key is missing.";
}
else
{
SupportKey key(supportKeyString);
const std::string supportKeyString = getConfigValue<std::string>(conf, "support_key", "");
if (!key.verify())
if (supportKeyString.empty())
{
LOG_WRN("Invalid support key, please use 'coolconfig set-support-key'.");
std::cerr << "Invalid support key, please use 'coolconfig set-support-key'." << std::endl;
COOLWSD::OverrideWatermark = "Unsupported, the support key is invalid.";
LOG_WRN("Support key not set, please use 'coolconfig set-support-key'.");
std::cerr << "Support key not set, please use 'coolconfig set-support-key'." << std::endl;
COOLWSD::OverrideWatermark = "Unsupported, the support key is missing.";
}
else
{
int validDays = key.validDaysRemaining();
if (validDays <= 0)
SupportKey key(supportKeyString);
if (!key.verify())
{
LOG_WRN("Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'.");
std::cerr << "Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'." << std::endl;
COOLWSD::OverrideWatermark = "Unsupported, the support key has expired.";
LOG_WRN("Invalid support key, please use 'coolconfig set-support-key'.");
std::cerr << "Invalid support key, please use 'coolconfig set-support-key'." << std::endl;
COOLWSD::OverrideWatermark = "Unsupported, the support key is invalid.";
}
else
{
LOG_INF("Your support key is valid for " << validDays << " days");
COOLWSD::MaxConnections = 1000;
COOLWSD::MaxDocuments = 200;
COOLWSD::OverrideWatermark.clear();
int validDays = key.validDaysRemaining();
if (validDays <= 0)
{
LOG_WRN("Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'.");
std::cerr << "Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'." << std::endl;
COOLWSD::OverrideWatermark = "Unsupported, the support key has expired.";
}
else
{
LOG_INF("Your support key is valid for " << validDays << " days");
COOLWSD::MaxConnections = 1000;
COOLWSD::MaxDocuments = 200;
COOLWSD::OverrideWatermark.clear();
}
}
}
}
#endif
if (COOLWSD::MaxConnections < 3)
{

23
wsd/ClientRequestDispatcher.cpp
View File

@ -69,7 +69,7 @@ extern void cleanupDocBrokers();
namespace
{
#if ENABLE_SUPPORT_KEY
/// Used in support key enabled builds
inline void shutdownLimitReached(const std::shared_ptr<ProtocolHandlerInterface>& proto)
{
if (!proto)
@ -92,7 +92,6 @@ inline void shutdownLimitReached(const std::shared_ptr<ProtocolHandlerInterface>
LOG_ERR("Error while shutting down socket on reaching limit: " << ex.what());
}
}
#endif
} // end anonymous namespace
@ -166,11 +165,12 @@ findOrCreateDocBroker(DocumentBroker::ChildType type, const std::string& uri,
LOG_WRN("Maximum number of open documents of "
<< COOLWSD::MaxDocuments << " reached while loading new session [" << id
<< "] for docKey [" << docKey << ']');
#if ENABLE_SUPPORT_KEY
const std::string error = Poco::format(PAYLOAD_UNAVAILABLE_LIMIT_REACHED,
COOLWSD::MaxDocuments, COOLWSD::MaxConnections);
return std::make_pair(nullptr, error);
#endif
if (config::isSupportKeyEnabled())
{
const std::string error = Poco::format(PAYLOAD_UNAVAILABLE_LIMIT_REACHED,
COOLWSD::MaxDocuments, COOLWSD::MaxConnections);
return std::make_pair(nullptr, error);
}
}
// Set the one we just created.
@ -1673,10 +1673,11 @@ void ClientRequestDispatcher::handleClientWsUpgrade(const Poco::Net::HTTPRequest
{
LOG_INF("Limit on maximum number of connections of " << COOLWSD::MaxConnections
<< " reached.");
#if ENABLE_SUPPORT_KEY
shutdownLimitReached(ws);
return;
#endif
if (config::isSupportKeyEnabled())
{
shutdownLimitReached(ws);
return;
}
}
const std::string requestKey = requestDetails.getRequestKey();

10
wsd/DocumentBroker.cpp
View File

@ -935,11 +935,6 @@ bool DocumentBroker::download(
}
}
#if ENABLE_SUPPORT_KEY
if (!COOLWSD::OverrideWatermark.empty())
watermarkText = COOLWSD::OverrideWatermark;
#endif
if (session)
{
LOG_DBG("Setting username ["
@ -1126,7 +1121,10 @@ DocumentBroker::updateSessionWithWopiInfo(const std::shared_ptr<ClientSession>&
const std::string username = wopiFileInfo->getUsername();
const std::string userExtraInfo = wopiFileInfo->getUserExtraInfo();
const std::string userPrivateInfo = wopiFileInfo->getUserPrivateInfo();
const std::string watermarkText = wopiFileInfo->getWatermarkText();
const std::string watermarkText =
(config::isSupportKeyEnabled() && !COOLWSD::OverrideWatermark.empty())
? COOLWSD::OverrideWatermark
: wopiFileInfo->getWatermarkText();
const std::string templateSource = wopiFileInfo->getTemplateSource();
_isViewFileExtension = COOLWSD::IsViewFileExtension(wopiStorage->getFileExtension());

40
wsd/FileServer.cpp
View File

@ -1000,10 +1000,8 @@ std::string FileServerRequestHandler::getRequestPathname(const HTTPRequest& requ
return path;
}
constexpr char BRANDING[] = "branding";
#if ENABLE_SUPPORT_KEY
constexpr char BRANDING_UNSUPPORTED[] = "branding-unsupported";
#endif
constexpr std::string_view BRANDING = "branding";
constexpr std::string_view SUPPORT_KEY_BRANDING_UNSUPPORTED = "branding-unsupported";
static const std::string ACCESS_TOKEN = "%ACCESS_TOKEN%";
static const std::string ACCESS_TOKEN_TTL = "%ACCESS_TOKEN_TTL%";
@ -1212,15 +1210,16 @@ FileServerRequestHandler::ResourceAccessDetails FileServerRequestHandler::prepro
std::string brandCSS(Poco::format(linkCSS, responseRoot, std::string(BRANDING)));
std::string brandJS(Poco::format(scriptJS, responseRoot, std::string(BRANDING)));
#if ENABLE_SUPPORT_KEY
const std::string keyString = config.getString("support_key", "");
SupportKey key(keyString);
if (!key.verify() || key.validDaysRemaining() <= 0)
if (config::isSupportKeyEnabled())
{
brandCSS = Poco::format(linkCSS, responseRoot, std::string(BRANDING_UNSUPPORTED));
brandJS = Poco::format(scriptJS, responseRoot, std::string(BRANDING_UNSUPPORTED));
const std::string keyString = config.getString("support_key", "");
SupportKey key(keyString);
if (!key.verify() || key.validDaysRemaining() <= 0)
{
brandCSS = Poco::format(linkCSS, responseRoot, SUPPORT_KEY_BRANDING_UNSUPPORTED);
brandJS = Poco::format(scriptJS, responseRoot, SUPPORT_KEY_BRANDING_UNSUPPORTED);
}
}
#endif
Poco::replaceInPlace(preprocess, std::string("<!--%BRANDING_CSS%-->"), brandCSS);
Poco::replaceInPlace(preprocess, std::string("<!--%BRANDING_JS%-->"), brandJS);
@ -1592,17 +1591,18 @@ void FileServerRequestHandler::preprocessAdminFile(const HTTPRequest& request,
std::string brandJS(Poco::format(scriptJS, responseRoot, std::string(BRANDING)));
std::string brandFooter;
#if ENABLE_SUPPORT_KEY
const auto& config = Application::instance().config();
const std::string keyString = config.getString("support_key", "");
SupportKey key(keyString);
if (!key.verify() || key.validDaysRemaining() <= 0)
if (config::isSupportKeyEnabled())
{
brandJS = Poco::format(scriptJS, std::string(BRANDING_UNSUPPORTED));
brandFooter = Poco::format(footerPage, key.data(), Poco::DateTimeFormatter::format(key.expiry(), Poco::DateTimeFormat::RFC822_FORMAT));
const auto& config = Application::instance().config();
const std::string keyString = config.getString("support_key", "");
SupportKey key(keyString);
if (!key.verify() || key.validDaysRemaining() <= 0)
{
brandJS = Poco::format(scriptJS, SUPPORT_KEY_BRANDING_UNSUPPORTED);
brandFooter = Poco::format(footerPage, key.data(), Poco::DateTimeFormatter::format(key.expiry(), Poco::DateTimeFormat::RFC822_FORMAT));
}
}
#endif
Poco::replaceInPlace(templateFile, std::string("<!--%BRANDING_JS%-->"), brandJS);
Poco::replaceInPlace(templateFile, std::string("<!--%FOOTER%-->"), brandFooter);