loolwsd.xml.in | 1 +
wsd/Admin.cpp | 14 +++++++++++++-
wsd/Admin.hpp | 6 +-----
wsd/FileServer.cpp | 7 +++++++
wsd/LOOLWSD.cpp | 3 +++
wsd/LOOLWSD.hpp | 1 +
6 files changed, 26 insertions(+), 6 deletions(-)
New commits:
commit 63b562d5bdbed847c43d21226a53e2c6c07ac079
Author: Michael Meeks <michael.me...@collabora.com>
Date: Tue Apr 17 20:47:17 2018 +0100
Allow the Admin console to be disabled in the configuration.
Change-Id: Iacde8e891f42e9ef9399ebbebbd2b2978188d4c4
Reviewed-on: https://gerrit.libreoffice.org/53533
Reviewed-by: Michael Meeks <michael.me...@collabora.com>
Tested-by: Michael Meeks <michael.me...@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/53729
Reviewed-by: Jan Holesovsky <ke...@collabora.com>
Tested-by: Jan Holesovsky <ke...@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/53734
diff --git a/loolwsd.xml.in b/loolwsd.xml.in
index 9103395d8..2a93acc52 100644
--- a/loolwsd.xml.in
+++ b/loolwsd.xml.in
@@ -102,6 +102,7 @@
<tile_cache_persistent desc="Should the tiles persist between two editing
sessions of the given document?" type="bool"
default="true">true</tile_cache_persistent>
<admin_console desc="Web admin console settings.">
+ <enable desc="Enable the admin console functionality" type="bool"
default="true">true</enable>
<enable_pam desc="Enable admin user authentication with PAM"
type="bool" default="true">true</enable_pam>
<username desc="The username of the admin console. Must be set, if PAM
is not enabled, otherwise it's optional."></username>
<password desc="The password of the admin console. Deprecated on most
platforms. Instead, use loolconfig to set up a secure password."></password>
diff --git a/wsd/Admin.cpp b/wsd/Admin.cpp
index 0b904f82a..7645f74cd 100644
--- a/wsd/Admin.cpp
+++ b/wsd/Admin.cpp
@@ -291,7 +291,13 @@ bool AdminSocketHandler::handleInitialRequest(
const std::weak_ptr<StreamSocket> &socketWeak,
const Poco::Net::HTTPRequest& request)
{
- auto socket = socketWeak.lock();
+ if (!LOOLWSD::AdminEnabled)
+ {
+ LOG_ERR("Request for disabled admin console");
+ return false;
+ }
+
+ std::shared_ptr<StreamSocket> socket = socketWeak.lock();
// Different session id pool for admin sessions (?)
const auto sessionId = Util::decodeId(LOOLWSD::GenSessionId());
@@ -606,4 +612,10 @@ void Admin::dumpState(std::ostream& os)
SocketPoll::dumpState(os);
}
+void Admin::start()
+{
+ if (LOOLWSD::AdminEnabled)
+ startThread();
+}
+
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/wsd/Admin.hpp b/wsd/Admin.hpp
index 0356018cc..39b73df17 100644
--- a/wsd/Admin.hpp
+++ b/wsd/Admin.hpp
@@ -60,11 +60,7 @@ public:
return admin;
}
- void start()
- {
- // FIXME: not if admin console is not enabled ?
- startThread();
- }
+ void start();
/// Custom poll thread function
void pollingThread() override;
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index c0899ce88..c7dd9a884 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -113,6 +113,8 @@ bool isPamAuthOk(const std::string user, const std::string
pass)
bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request,
HTTPResponse &response)
{
+ assert(LOOLWSD::AdminEnabled);
+
const auto& config = Application::instance().config();
const auto sslKeyPath = config.getString("ssl.key_file_path", "");
@@ -250,11 +252,16 @@ void FileServerRequestHandler::handleRequest(const
HTTPRequest& request, Poco::M
if (request.getMethod() == HTTPRequest::HTTP_GET)
{
if (endPoint == "admin.html" ||
+ endPoint == "admin-bundle.js" ||
+ endPoint == "admin-localizations.js" ||
endPoint == "adminSettings.html" ||
endPoint == "adminAnalytics.html")
{
noCache = true;
+ if (!LOOLWSD::AdminEnabled)
+ throw Poco::FileAccessDeniedException("Admin console
disabled");
+
if (!FileServerRequestHandler::isAdminLoggedIn(request,
response))
throw Poco::Net::NotAuthenticatedException("Invalid admin
login");
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 3425774a1..d34ae7f26 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -552,6 +552,7 @@ std::atomic<int> LOOLWSD::ForKitWritePipe(-1);
std::atomic<int> LOOLWSD::ForKitProcId(-1);
bool LOOLWSD::NoCapsForKit = false;
#endif
+bool LOOLWSD::AdminEnabled = true;
#ifdef FUZZER
bool LOOLWSD::DummyLOK = false;
std::string LOOLWSD::FuzzFileName;
@@ -826,6 +827,8 @@ void LOOLWSD::initialize(Application& self)
LOOLWSD::MaxConnections = MAX_CONNECTIONS;
LOOLWSD::MaxDocuments = MAX_DOCUMENTS;
+ AdminEnabled = getConfigValue<bool>(conf, "admin_console.enable", true);
+
#if ENABLE_SUPPORT_KEY
const std::string supportKeyString = getConfigValue<std::string>(conf,
"support_key", "");
diff --git a/wsd/LOOLWSD.hpp b/wsd/LOOLWSD.hpp
index c16ecc37b..097c9ee52 100644
--- a/wsd/LOOLWSD.hpp
+++ b/wsd/LOOLWSD.hpp
@@ -43,6 +43,7 @@ public:
static std::atomic<unsigned> NextSessionId;
static unsigned int NumPreSpawnedChildren;
static bool NoCapsForKit;
+ static bool AdminEnabled;
static std::atomic<int> ForKitWritePipe;
static std::atomic<int> ForKitProcId;
static bool DummyLOK;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
