From 246e87fea21d6121fd4bd2daeff8a4f92082477e Mon Sep 17 00:00:00 2001 From: Aron Budea Date: Sun, 24 Mar 2024 00:30:48 +1030 Subject: [PATCH] wsd: Unconditionally compile support-key-enabled code paths Signed-off-by: Aron Budea Change-Id: Iec477c223f2dc75e0be8b472c8439ca9311d6aae --- Makefile.am | 1 + android/lib/src/main/cpp/CMakeLists.txt.in | 3 +- common/ConfigUtil.cpp | 10 ++++ common/ConfigUtil.hpp | 3 ++ common/Crypto-stub.cpp | 28 +++++++++++ common/Crypto.cpp | 17 +++++-- common/Crypto.hpp | 4 -- ios/Mobile.xcodeproj/project.pbxproj | 4 ++ tools/Config.cpp | 29 +++++------ wasm/Makefile.am | 1 + wsd/COOLWSD.cpp | 56 +++++++++++----------- wsd/ClientRequestDispatcher.cpp | 23 ++++----- wsd/DocumentBroker.cpp | 10 ++-- wsd/FileServer.cpp | 40 ++++++++-------- 14 files changed, 141 insertions(+), 88 deletions(-) create mode 100644 common/Crypto-stub.cpp diff --git a/Makefile.am b/Makefile.am index 0b2c43a642..6220d9fe0c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -294,6 +294,7 @@ coolstress_SOURCES = tools/Stress.cpp \ coolconfig_SOURCES = tools/Config.cpp \ tools/ConfigMigrationAssistant.cpp \ common/DummyTraceEventEmitter.cpp \ + common/ConfigUtil.cpp \ common/Crypto.cpp \ common/Log.cpp \ common/StringVector.cpp \ diff --git a/android/lib/src/main/cpp/CMakeLists.txt.in b/android/lib/src/main/cpp/CMakeLists.txt.in index 45f04353b4..93cc658f20 100644 --- a/android/lib/src/main/cpp/CMakeLists.txt.in +++ b/android/lib/src/main/cpp/CMakeLists.txt.in @@ -7,8 +7,9 @@ add_library(androidapp SHARED androidapp.cpp ../../../../../common/Authorization.cpp ../../../../../common/ConfigUtil.cpp - ../../../../../common/FileUtil.cpp ../../../../../common/CommandControl.cpp + ../../../../../common/Crypto-stub.cpp + ../../../../../common/FileUtil.cpp ../../../../../common/Log.cpp ../../../../../common/MessageQueue.cpp ../../../../../common/TraceEvent.cpp diff --git a/common/ConfigUtil.cpp b/common/ConfigUtil.cpp index 3e42a3f47e..80d0e69ea7 100644 --- a/common/ConfigUtil.cpp +++ b/common/ConfigUtil.cpp @@ -70,4 +70,14 @@ bool isSslEnabled() return false; #endif } + +bool isSupportKeyEnabled() +{ +#if ENABLE_SUPPORT_KEY + return true; +#else + return false; +#endif +} + } // namespace config diff --git a/common/ConfigUtil.hpp b/common/ConfigUtil.hpp index eed6f4ffcb..0127fb9f26 100644 --- a/common/ConfigUtil.hpp +++ b/common/ConfigUtil.hpp @@ -49,4 +49,7 @@ bool getBool(const std::string& key, const bool def); /// Return true if SSL is enabled in the config and no fuzzing is enabled. bool isSslEnabled(); +/// Return true if build is support key enabled (ENABLE_SUPPORT_KEY is defined) +bool isSupportKeyEnabled(); + } // namespace config diff --git a/common/Crypto-stub.cpp b/common/Crypto-stub.cpp new file mode 100644 index 0000000000..d94805b08b --- /dev/null +++ b/common/Crypto-stub.cpp @@ -0,0 +1,28 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */ +/* + * Copyright the Collabora Online contributors. + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include "Crypto.hpp" + +#include + +struct SupportKeyImpl {}; + +SupportKey::SupportKey([[maybe_unused]] const std::string& key) {} + +SupportKey::~SupportKey() {} + +bool SupportKey::verify() { return true; } + +int SupportKey::validDaysRemaining() { return 0; } + +Poco::DateTime SupportKey::expiry() const { return Poco::DateTime(); } + +std::string SupportKey::data() const { return std::string(); } \ No newline at end of file diff --git a/common/Crypto.cpp b/common/Crypto.cpp index 906c0488e8..0b4390c7ce 100644 --- a/common/Crypto.cpp +++ b/common/Crypto.cpp @@ -11,8 +11,6 @@ #include -#if ENABLE_SUPPORT_KEY - #include #include #include @@ -24,11 +22,22 @@ #include "Log.hpp" #include "Crypto.hpp" +#if ENABLE_SUPPORT_KEY #include "support-public-key.hpp" +#endif using namespace Poco; using namespace Poco::Crypto; +std::string getSupportPublicKey() +{ +#if ENABLE_SUPPORT_KEY + return SUPPORT_PUBLIC_KEY; +#else + return std::string(); +#endif +} + struct SupportKeyImpl { bool _invalid; @@ -86,7 +95,7 @@ bool SupportKey::verify() return false; } - std::istringstream pubStream(SUPPORT_PUBLIC_KEY); + std::istringstream pubStream(getSupportPublicKey()); try { RSAKey keyPub(&pubStream); @@ -140,6 +149,4 @@ std::string SupportKey::data() const return _impl->_data; } -#endif // ENABLE_SUPPORT_KEY - /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/common/Crypto.hpp b/common/Crypto.hpp index fb98894852..bc8448c836 100644 --- a/common/Crypto.hpp +++ b/common/Crypto.hpp @@ -11,8 +11,6 @@ #pragma once -#if ENABLE_SUPPORT_KEY - #include struct SupportKeyImpl; @@ -38,6 +36,4 @@ public: std::string data() const; }; -#endif - /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/ios/Mobile.xcodeproj/project.pbxproj b/ios/Mobile.xcodeproj/project.pbxproj index bf516d8cf8..24805d213c 100644 --- a/ios/Mobile.xcodeproj/project.pbxproj +++ b/ios/Mobile.xcodeproj/project.pbxproj @@ -23,6 +23,7 @@ BE18C7DE226DE09A001AD27E /* Branding in Resources */ = {isa = PBXBuildFile; fileRef = BE18C7DD226DE09A001AD27E /* Branding */; }; BE512CBA2518DE6E00921C15 /* libsqlite3.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = BE512CB92518DE6400921C15 /* libsqlite3.tbd */; }; BE55E0EB2653FCCB007DDF29 /* ConfigUtil.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE55E0E92653FCCB007DDF29 /* ConfigUtil.cpp */; }; + BE55E0EB3653FCCB007DDF29 /* Crypto-stub.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE55E0EC2653FCCB007DDF29 /* Crypto-stub.cpp */; }; BE5EB5C1213FE29900E0826C /* Log.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE5EB5B9213FE29900E0826C /* Log.cpp */; }; BE5EB5C2213FE29900E0826C /* SpookyV2.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE5EB5BA213FE29900E0826C /* SpookyV2.cpp */; }; BE5EB5C3213FE29900E0826C /* Session.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE5EB5BB213FE29900E0826C /* Session.cpp */; }; @@ -552,6 +553,7 @@ BE512CB92518DE6400921C15 /* libsqlite3.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libsqlite3.tbd; path = usr/lib/libsqlite3.tbd; sourceTree = SDKROOT; }; BE55E0E92653FCCB007DDF29 /* ConfigUtil.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ConfigUtil.cpp; sourceTree = ""; }; BE55E0EA2653FCCB007DDF29 /* ConfigUtil.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ConfigUtil.hpp; sourceTree = ""; }; + BE55E0EC2653FCCB007DDF29 /* Crypto-stub.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Crypto-stub.cpp; sourceTree = ""; }; BE58E129217F295B00249358 /* Log.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = Log.hpp; sourceTree = ""; }; BE58E12A217F295B00249358 /* Png.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = Png.hpp; sourceTree = ""; }; BE58E12B217F295B00249358 /* SigUtil.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SigUtil.hpp; sourceTree = ""; }; @@ -2183,6 +2185,7 @@ BEABFC6724AC94C3004DE339 /* Authorization.hpp */, BE55E0E92653FCCB007DDF29 /* ConfigUtil.cpp */, BE55E0EA2653FCCB007DDF29 /* ConfigUtil.hpp */, + BE55E0EC2653FCCB007DDF29 /* Crypto-stub.cpp */, BE5EB5C0213FE29900E0826C /* FileUtil.cpp */, BE5EB5B9213FE29900E0826C /* Log.cpp */, BE58E129217F295B00249358 /* Log.hpp */, @@ -3678,6 +3681,7 @@ BE5EB5C5213FE29900E0826C /* MessageQueue.cpp in Sources */, BE7228E22417BC9F000ADABD /* StringVector.cpp in Sources */, BE55E0EB2653FCCB007DDF29 /* ConfigUtil.cpp in Sources */, + BE55E0EB3653FCCB007DDF29 /* Crypto-stub.cpp in Sources */, BE5EB5E721401E0F00E0826C /* RequestVettingStation.cpp in Sources */, BE5EB5F821401E0F00E0826C /* Storage.cpp in Sources */, BE5EB5D621401E0F00E0826C /* Storage.cpp in Sources */, diff --git a/tools/Config.cpp b/tools/Config.cpp index 79c5051ade..3fc94200ce 100644 --- a/tools/Config.cpp +++ b/tools/Config.cpp @@ -33,6 +33,7 @@ #include #include +#include #include #include @@ -131,11 +132,12 @@ void Config::displayHelp() << "Commands: " << std::endl << " migrateconfig [--old-config-file=] [--config-file=] [--write]" << std::endl << " anonymize [string-1]...[string-n]" << std::endl - << " set-admin-password" << std::endl -#if ENABLE_SUPPORT_KEY - << " set-support-key" << std::endl -#endif - << " set " << std::endl + << " set-admin-password" << std::endl; + if (config::isSupportKeyEnabled()) + { + std::cout << " set-support-key" << std::endl; + } + std::cout << " set " << std::endl << " generate-proof-key" << std::endl << " update-system-template" << std::endl << std::endl; } @@ -169,12 +171,13 @@ void Config::defineOptions(OptionSet& optionSet) .repeatable(false) .argument("number")); -#if ENABLE_SUPPORT_KEY - optionSet.addOption(Option("support-key", "", "Specify the support key [set-support-key].") - .required(false) - .repeatable(false) - .argument("key")); -#endif + if (config::isSupportKeyEnabled()) + { + optionSet.addOption(Option("support-key", "", "Specify the support key [set-support-key].") + .required(false) + .repeatable(false) + .argument("key")); + } optionSet.addOption(Option("anonymization-salt", "", "Anonymize strings with the given 64-bit salt instead of the one in the config file.") .required(false) @@ -337,8 +340,7 @@ int Config::main(const std::vector& args) return EX_UNAVAILABLE; #endif } -#if ENABLE_SUPPORT_KEY - else if (args[0] == "set-support-key") + else if (config::isSupportKeyEnabled() && args[0] == "set-support-key") { std::string supportKeyString; if (SupportKeyStringProvided) @@ -373,7 +375,6 @@ int Config::main(const std::vector& args) changed = true; } } -#endif else if (args[0] == "set") { if (args.size() == 3) diff --git a/wasm/Makefile.am b/wasm/Makefile.am index 30b35deecc..006801d4fa 100644 --- a/wasm/Makefile.am +++ b/wasm/Makefile.am @@ -23,6 +23,7 @@ online_SOURCES = \ wasmapp.cpp \ ../common/Authorization.cpp \ ../common/ConfigUtil.cpp \ + ../common/Crypto-stub.cpp \ ../common/FileUtil.cpp \ ../common/CommandControl.cpp \ ../common/Log.cpp \ diff --git a/wsd/COOLWSD.cpp b/wsd/COOLWSD.cpp index 6bb7d70991..6fc103562a 100644 --- a/wsd/COOLWSD.cpp +++ b/wsd/COOLWSD.cpp @@ -400,8 +400,10 @@ void COOLWSD::writeTraceEventRecording(const std::string &recording) void COOLWSD::checkSessionLimitsAndWarnClients() { -#if !ENABLE_SUPPORT_KEY #if !MOBILEAPP + if (config::isSupportKeyEnabled()) + return; + ssize_t docBrokerCount = DocBrokers.size() - ConvertToBroker::getInstanceCount(); if (COOLWSD::MaxDocuments < 10000 && (docBrokerCount > static_cast(COOLWSD::MaxDocuments) || COOLWSD::NumConnections >= COOLWSD::MaxConnections)) @@ -419,7 +421,6 @@ void COOLWSD::checkSessionLimitsAndWarnClients() } } #endif -#endif } void COOLWSD::checkDiskSpaceAndWarnClients(const bool cacheLastCheck) @@ -2688,44 +2689,45 @@ void COOLWSD::innerInitialize(Application& self) setenv("LOK_HELP_URL", "", 1); #endif -#if ENABLE_SUPPORT_KEY - const std::string supportKeyString = getConfigValue(conf, "support_key", ""); - - if (supportKeyString.empty()) + if (config::isSupportKeyEnabled()) { - LOG_WRN("Support key not set, please use 'coolconfig set-support-key'."); - std::cerr << "Support key not set, please use 'coolconfig set-support-key'." << std::endl; - COOLWSD::OverrideWatermark = "Unsupported, the support key is missing."; - } - else - { - SupportKey key(supportKeyString); + const std::string supportKeyString = getConfigValue(conf, "support_key", ""); - if (!key.verify()) + if (supportKeyString.empty()) { - LOG_WRN("Invalid support key, please use 'coolconfig set-support-key'."); - std::cerr << "Invalid support key, please use 'coolconfig set-support-key'." << std::endl; - COOLWSD::OverrideWatermark = "Unsupported, the support key is invalid."; + LOG_WRN("Support key not set, please use 'coolconfig set-support-key'."); + std::cerr << "Support key not set, please use 'coolconfig set-support-key'." << std::endl; + COOLWSD::OverrideWatermark = "Unsupported, the support key is missing."; } else { - int validDays = key.validDaysRemaining(); - if (validDays <= 0) + SupportKey key(supportKeyString); + + if (!key.verify()) { - LOG_WRN("Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'."); - std::cerr << "Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'." << std::endl; - COOLWSD::OverrideWatermark = "Unsupported, the support key has expired."; + LOG_WRN("Invalid support key, please use 'coolconfig set-support-key'."); + std::cerr << "Invalid support key, please use 'coolconfig set-support-key'." << std::endl; + COOLWSD::OverrideWatermark = "Unsupported, the support key is invalid."; } else { - LOG_INF("Your support key is valid for " << validDays << " days"); - COOLWSD::MaxConnections = 1000; - COOLWSD::MaxDocuments = 200; - COOLWSD::OverrideWatermark.clear(); + int validDays = key.validDaysRemaining(); + if (validDays <= 0) + { + LOG_WRN("Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'."); + std::cerr << "Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'." << std::endl; + COOLWSD::OverrideWatermark = "Unsupported, the support key has expired."; + } + else + { + LOG_INF("Your support key is valid for " << validDays << " days"); + COOLWSD::MaxConnections = 1000; + COOLWSD::MaxDocuments = 200; + COOLWSD::OverrideWatermark.clear(); + } } } } -#endif if (COOLWSD::MaxConnections < 3) { diff --git a/wsd/ClientRequestDispatcher.cpp b/wsd/ClientRequestDispatcher.cpp index a390573969..8b54ea119f 100644 --- a/wsd/ClientRequestDispatcher.cpp +++ b/wsd/ClientRequestDispatcher.cpp @@ -69,7 +69,7 @@ extern void cleanupDocBrokers(); namespace { -#if ENABLE_SUPPORT_KEY +/// Used in support key enabled builds inline void shutdownLimitReached(const std::shared_ptr& proto) { if (!proto) @@ -92,7 +92,6 @@ inline void shutdownLimitReached(const std::shared_ptr LOG_ERR("Error while shutting down socket on reaching limit: " << ex.what()); } } -#endif } // end anonymous namespace @@ -166,11 +165,12 @@ findOrCreateDocBroker(DocumentBroker::ChildType type, const std::string& uri, LOG_WRN("Maximum number of open documents of " << COOLWSD::MaxDocuments << " reached while loading new session [" << id << "] for docKey [" << docKey << ']'); -#if ENABLE_SUPPORT_KEY - const std::string error = Poco::format(PAYLOAD_UNAVAILABLE_LIMIT_REACHED, - COOLWSD::MaxDocuments, COOLWSD::MaxConnections); - return std::make_pair(nullptr, error); -#endif + if (config::isSupportKeyEnabled()) + { + const std::string error = Poco::format(PAYLOAD_UNAVAILABLE_LIMIT_REACHED, + COOLWSD::MaxDocuments, COOLWSD::MaxConnections); + return std::make_pair(nullptr, error); + } } // Set the one we just created. @@ -1673,10 +1673,11 @@ void ClientRequestDispatcher::handleClientWsUpgrade(const Poco::Net::HTTPRequest { LOG_INF("Limit on maximum number of connections of " << COOLWSD::MaxConnections << " reached."); -#if ENABLE_SUPPORT_KEY - shutdownLimitReached(ws); - return; -#endif + if (config::isSupportKeyEnabled()) + { + shutdownLimitReached(ws); + return; + } } const std::string requestKey = requestDetails.getRequestKey(); diff --git a/wsd/DocumentBroker.cpp b/wsd/DocumentBroker.cpp index 86ee15e78a..5767a62ae8 100644 --- a/wsd/DocumentBroker.cpp +++ b/wsd/DocumentBroker.cpp @@ -935,11 +935,6 @@ bool DocumentBroker::download( } } -#if ENABLE_SUPPORT_KEY - if (!COOLWSD::OverrideWatermark.empty()) - watermarkText = COOLWSD::OverrideWatermark; -#endif - if (session) { LOG_DBG("Setting username [" @@ -1126,7 +1121,10 @@ DocumentBroker::updateSessionWithWopiInfo(const std::shared_ptr& const std::string username = wopiFileInfo->getUsername(); const std::string userExtraInfo = wopiFileInfo->getUserExtraInfo(); const std::string userPrivateInfo = wopiFileInfo->getUserPrivateInfo(); - const std::string watermarkText = wopiFileInfo->getWatermarkText(); + const std::string watermarkText = + (config::isSupportKeyEnabled() && !COOLWSD::OverrideWatermark.empty()) + ? COOLWSD::OverrideWatermark + : wopiFileInfo->getWatermarkText(); const std::string templateSource = wopiFileInfo->getTemplateSource(); _isViewFileExtension = COOLWSD::IsViewFileExtension(wopiStorage->getFileExtension()); diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index ba23fdad1f..74a288c9e2 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -1000,10 +1000,8 @@ std::string FileServerRequestHandler::getRequestPathname(const HTTPRequest& requ return path; } -constexpr char BRANDING[] = "branding"; -#if ENABLE_SUPPORT_KEY -constexpr char BRANDING_UNSUPPORTED[] = "branding-unsupported"; -#endif +constexpr std::string_view BRANDING = "branding"; +constexpr std::string_view SUPPORT_KEY_BRANDING_UNSUPPORTED = "branding-unsupported"; static const std::string ACCESS_TOKEN = "%ACCESS_TOKEN%"; static const std::string ACCESS_TOKEN_TTL = "%ACCESS_TOKEN_TTL%"; @@ -1212,15 +1210,16 @@ FileServerRequestHandler::ResourceAccessDetails FileServerRequestHandler::prepro std::string brandCSS(Poco::format(linkCSS, responseRoot, std::string(BRANDING))); std::string brandJS(Poco::format(scriptJS, responseRoot, std::string(BRANDING))); -#if ENABLE_SUPPORT_KEY - const std::string keyString = config.getString("support_key", ""); - SupportKey key(keyString); - if (!key.verify() || key.validDaysRemaining() <= 0) + if (config::isSupportKeyEnabled()) { - brandCSS = Poco::format(linkCSS, responseRoot, std::string(BRANDING_UNSUPPORTED)); - brandJS = Poco::format(scriptJS, responseRoot, std::string(BRANDING_UNSUPPORTED)); + const std::string keyString = config.getString("support_key", ""); + SupportKey key(keyString); + if (!key.verify() || key.validDaysRemaining() <= 0) + { + brandCSS = Poco::format(linkCSS, responseRoot, SUPPORT_KEY_BRANDING_UNSUPPORTED); + brandJS = Poco::format(scriptJS, responseRoot, SUPPORT_KEY_BRANDING_UNSUPPORTED); + } } -#endif Poco::replaceInPlace(preprocess, std::string(""), brandCSS); Poco::replaceInPlace(preprocess, std::string(""), brandJS); @@ -1592,17 +1591,18 @@ void FileServerRequestHandler::preprocessAdminFile(const HTTPRequest& request, std::string brandJS(Poco::format(scriptJS, responseRoot, std::string(BRANDING))); std::string brandFooter; -#if ENABLE_SUPPORT_KEY - const auto& config = Application::instance().config(); - const std::string keyString = config.getString("support_key", ""); - SupportKey key(keyString); - - if (!key.verify() || key.validDaysRemaining() <= 0) + if (config::isSupportKeyEnabled()) { - brandJS = Poco::format(scriptJS, std::string(BRANDING_UNSUPPORTED)); - brandFooter = Poco::format(footerPage, key.data(), Poco::DateTimeFormatter::format(key.expiry(), Poco::DateTimeFormat::RFC822_FORMAT)); + const auto& config = Application::instance().config(); + const std::string keyString = config.getString("support_key", ""); + SupportKey key(keyString); + + if (!key.verify() || key.validDaysRemaining() <= 0) + { + brandJS = Poco::format(scriptJS, SUPPORT_KEY_BRANDING_UNSUPPORTED); + brandFooter = Poco::format(footerPage, key.data(), Poco::DateTimeFormatter::format(key.expiry(), Poco::DateTimeFormat::RFC822_FORMAT)); + } } -#endif Poco::replaceInPlace(templateFile, std::string(""), brandJS); Poco::replaceInPlace(templateFile, std::string(""), brandFooter);