configure.ac | 35 +++++++++---------------------
kit/Kit.cpp | 18 ++++++---------
loolwsd.xml.in | 3 --
wsd/ClientSession.cpp | 2 -
wsd/DocumentBroker.cpp | 2 -
wsd/LOOLWSD.cpp | 57 +++++++++++++++++++++++++++++--------------------
wsd/LOOLWSD.hpp | 7 ++----
wsd/Storage.cpp | 17 ++++++--------
8 files changed, 65 insertions(+), 76 deletions(-)
New commits:
commit 5d2fd35bc38420c1da83cf53221a7709267b8eb4
Author: Ashod Nakashian <ashod.nakash...@collabora.co.uk>
AuthorDate: Sun Apr 14 12:24:45 2019 -0400
Commit: Ashod Nakashian <ashnak...@gmail.com>
CommitDate: Sun Apr 14 20:32:41 2019 +0200
wsd: unify anonymization flags under one
This simplifies the anonymization configuration
as virtually always they are all either enabled
together, or not at all.
Change-Id: I6fe60f5287fc5d71cd7a6ac3268eac67e5e6e9fb
Reviewed-on: https://gerrit.libreoffice.org/70033
Reviewed-by: Ashod Nakashian <ashnak...@gmail.com>
Tested-by: Ashod Nakashian <ashnak...@gmail.com>
diff --git a/configure.ac b/configure.ac
index 5f60b3d23..cc8b85a57 100644
--- a/configure.ac
+++ b/configure.ac
@@ -55,13 +55,9 @@ AC_ARG_ENABLE([debug],
AS_HELP_STRING([--enable-debug],
[Enable debugging, link with debugging version of
Poco libraries]))
-AC_ARG_ENABLE([anonymize-usernames],
- AS_HELP_STRING([--enable-anonymize-usernames],
- [Enable anonymization/obfuscation of usernames in
logs]))
-
-AC_ARG_ENABLE([anonymize-filenames],
- AS_HELP_STRING([--enable-anonymize-filenames],
- [Enable anonymization/obfuscation of filenames in
logs]))
+AC_ARG_ENABLE([anonymization],
+ AS_HELP_STRING([--enable-anonymization],
+ [Enable anonymization/obfuscation of user-data in
logs]))
AC_ARG_ENABLE([iosapp],
AS_HELP_STRING([--enable-iosapp],
@@ -178,8 +174,7 @@ ENABLE_DEBUG=
LOOLWSD_LOGLEVEL="warning"
LOOLWSD_LOG_TO_FILE="false"
LOOLWSD_LOGFILE="/var/log/loolwsd.log"
-LOOLWSD_ANONYMIZE_FILENAMES=false
-LOOLWSD_ANONYMIZE_USERNAMES=false
+LOOLWSD_ANONYMIZE_USER_DATA=false
LOLEAFLET_LOGGING="false"
debug_msg="secure mode: product build"
anonym_msg=""
@@ -189,8 +184,7 @@ if test "$enable_debug" = "yes"; then
LOOLWSD_LOGLEVEL="trace"
LOOLWSD_LOG_TO_FILE="true"
LOOLWSD_LOGFILE="/tmp/loolwsd.log"
- LOOLWSD_ANONYMIZE_FILENAMES=false
- LOOLWSD_ANONYMIZE_USERNAMES=false
+ LOOLWSD_ANONYMIZE_USER_DATA=false
LOLEAFLET_LOGGING="true"
debug_msg="low security debugging mode"
else
@@ -206,22 +200,15 @@ if test -n "$with_logfile" ; then
fi
AC_SUBST(LOOLWSD_LOGFILE)
-if test "$enable_anonymize_filenames" = "yes" ; then
- LOOLWSD_ANONYMIZE_FILENAMES=true
- anonym_msg="filenames anonymized; "
-fi
-AC_DEFINE_UNQUOTED([LOOLWSD_ANONYMIZE_FILENAMES],[$LOOLWSD_ANONYMIZE_FILENAMES],[Enable
permanent filenames anonymization in logs])
-AC_SUBST(LOOLWSD_ANONYMIZE_FILENAMES)
-
-if test "$enable_anonymize_usernames" = "yes" ; then
- LOOLWSD_ANONYMIZE_USERNAMES=true
- anonym_msg="${anonym_msg}usernames anonymized; "
+if test "$enable_anonymization" = "yes" ; then
+ LOOLWSD_ANONYMIZE_USER_DATA=true
+ anonym_msg="anonymization of user-data is enabled"
fi
-AC_DEFINE_UNQUOTED([LOOLWSD_ANONYMIZE_USERNAMES],[$LOOLWSD_ANONYMIZE_USERNAMES],[Enable
permanent usernames anonymization in logs])
-AC_SUBST(LOOLWSD_ANONYMIZE_USERNAMES)
+AC_DEFINE_UNQUOTED([LOOLWSD_ANONYMIZE_USER_DATA],[$LOOLWSD_ANONYMIZE_USER_DATA],[Enable
permanent anonymization in logs])
+AC_SUBST(LOOLWSD_ANONYMIZE_USER_DATA)
if test -z "$anonym_msg"; then
- anonym_msg="no anonymization of usernames or filenames"
+ anonym_msg="anonymization of user-data is disabled"
fi
APP_NAME="LOOL"
diff --git a/kit/Kit.cpp b/kit/Kit.cpp
index 228af098e..0a91009e3 100644
--- a/kit/Kit.cpp
+++ b/kit/Kit.cpp
@@ -113,8 +113,7 @@ using std::size_t;
class Document;
static std::shared_ptr<Document> document;
#ifndef BUILDING_TESTS
-static bool AnonymizeFilenames = false;
-static bool AnonymizeUsernames = false;
+static bool AnonymizeUserData = false;
static std::string ObfuscatedFileId;
#endif
@@ -2139,7 +2138,7 @@ protected:
logger << _socketName << ": recv [";
for (const std::string& token : tokens)
{
- // Don't log PII, there are anonymized versions that get
logged instead.
+ // Don't log user-data, there are anonymized versions that get
logged instead.
if (Util::startsWith(token, "jail") ||
Util::startsWith(token, "author") ||
Util::startsWith(token, "name") ||
@@ -2279,10 +2278,8 @@ void lokit_main(
LOG_INF("Setting log-level to [trace] and delaying setting to
configured [" << LogLevel << "] until after Kit initialization.");
}
- AnonymizeFilenames = std::getenv("LOOL_ANONYMIZE_FILENAMES") != nullptr;
- LOG_INF("Filename anonymization is " << (AnonymizeFilenames ? "enabled." :
"disabled."));
- AnonymizeUsernames = std::getenv("LOOL_ANONYMIZE_USERNAMES") != nullptr;
- LOG_INF("Username anonymization is " << (AnonymizeUsernames ? "enabled." :
"disabled."));
+ AnonymizeUserData = std::getenv("LOOL_ANONYMIZE_USER_DATA") != nullptr;
+ LOG_INF("User-data anonymization is " << (AnonymizeUserData ? "enabled." :
"disabled."));
assert(!childRoot.empty());
assert(!sysTemplate.empty());
@@ -2301,8 +2298,7 @@ void lokit_main(
Path jailPath;
bool bRunInsideJail = !noCapabilities;
#else
- AnonymizeFilenames = false;
- AnonymizeUsernames = false;
+ AnonymizeUserData = false;
#endif // MOBILEAPP
try
@@ -2591,7 +2587,7 @@ void lokit_main(
std::string anonymizeUrl(const std::string& url)
{
#ifndef BUILDING_TESTS
- return AnonymizeFilenames ? Util::anonymizeUrl(url) : url;
+ return AnonymizeUserData ? Util::anonymizeUrl(url) : url;
#else
return url;
#endif
@@ -2673,7 +2669,7 @@ bool globalPreinit(const std::string &loTemplate)
std::string anonymizeUsername(const std::string& username)
{
#ifndef BUILDING_TESTS
- return AnonymizeUsernames ? Util::anonymize(username) : username;
+ return AnonymizeUserData ? Util::anonymize(username) : username;
#else
return username;
#endif
diff --git a/loolwsd.xml.in b/loolwsd.xml.in
index 296418a7c..db99c5c41 100644
--- a/loolwsd.xml.in
+++ b/loolwsd.xml.in
@@ -52,8 +52,7 @@
<property name="flush" desc="Enable/disable flushing after logging
each line. May harm performance. Note that without flushing after each line,
the log lines from the different processes will not appear in chronological
order.">false</property>
</file>
<anonymize>
- <filenames type="bool" desc="Enable to anonymize/obfuscate
filenames in logs. If default is true, it was forced at compile-time and cannot
be disabled."
default="@LOOLWSD_ANONYMIZE_FILENAMES@">@LOOLWSD_ANONYMIZE_FILENAMES@</filenames>
- <usernames type="bool" desc="Enable to anonymize/obfuscate
usernames in logs. If default is true, it was forced at compile-time and cannot
be disabled."
default="@LOOLWSD_ANONYMIZE_USERNAMES@">@LOOLWSD_ANONYMIZE_USERNAMES@</usernames>
+ <anonymize_user_data type="bool" desc="Enable to
anonymize/obfuscate of user data in logs. If default is true, it was forced at
compile-time and cannot be disabled."
default="@LOOLWSD_ANONYMIZE_USER_DATA@">@LOOLWSD_ANONYMIZE_USER_DATA@</anonymize_user_data>
</anonymize>
</logging>
diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index 35f446c53..7cd98ae69 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -434,7 +434,7 @@ bool ClientSession::loadDocument(const char* /*buffer*/,
int /*length*/,
{
std::string encodedUserExtraInfo;
Poco::URI::encode(getUserExtraInfo(), "", encodedUserExtraInfo);
- oss << " authorextrainfo=" << encodedUserExtraInfo; //TODO: could
this include PII?
+ oss << " authorextrainfo=" << encodedUserExtraInfo; //TODO: could
this include user-data?
}
oss << " readonly=" << isReadOnly();
diff --git a/wsd/DocumentBroker.cpp b/wsd/DocumentBroker.cpp
index 31d952101..3d87e7bb9 100644
--- a/wsd/DocumentBroker.cpp
+++ b/wsd/DocumentBroker.cpp
@@ -831,7 +831,7 @@ bool DocumentBroker::saveToStorageInternal(const
std::string& sessionId,
// Map the FileId from the docKey to the new filename to anonymize the new
filename as the FileId.
const std::string newFilename = Util::getFilenameFromURL(uri);
const std::string fileId = Util::getFilenameFromURL(_docKey);
- if (LOOLWSD::AnonymizeFilenames)
+ if (LOOLWSD::AnonymizeUserData)
LOG_DBG("New filename [" << LOOLWSD::anonymizeUrl(newFilename) << "]
will be known by its fileId [" << fileId << "]");
Util::mapAnonymized(newFilename, fileId);
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index b16ed79d8..e3d95e235 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -686,8 +686,7 @@ std::string LOOLWSD::LOKitVersion;
std::string LOOLWSD::ConfigFile = LOOLWSD_CONFIGDIR "/loolwsd.xml";
std::string LOOLWSD::ConfigDir = LOOLWSD_CONFIGDIR "/conf.d";
std::string LOOLWSD::LogLevel = "trace";
-bool LOOLWSD::AnonymizeFilenames = false;
-bool LOOLWSD::AnonymizeUsernames = false;
+bool LOOLWSD::AnonymizeUserData = false;
Util::RuntimeConstant<bool> LOOLWSD::SSLEnabled;
Util::RuntimeConstant<bool> LOOLWSD::SSLTermination;
unsigned LOOLWSD::MaxConnections;
@@ -762,8 +761,9 @@ void LOOLWSD::initialize(Application& self)
{ "file_server_root_path", "loleaflet/.." },
{ "lo_jail_subpath", "lo" },
{ "lo_template_path", LO_PATH },
- { "logging.anonymize.filenames", "false" },
- { "logging.anonymize.usernames", "false" },
+ { "logging.anonymize.filenames", "false" }, // Deprecated.
+ { "logging.anonymize.usernames", "false" }, // Deprecated.
+ // { "logging.anonymize.anonymize_user_data", "false" }, // Do not
set to fallback on filename/username.
{ "logging.color", "true" },
{ "logging.file.property[0]", "loolwsd.log" },
{ "logging.file.property[0][@name]", "path" },
@@ -912,28 +912,41 @@ void LOOLWSD::initialize(Application& self)
}
// Get anonymization settings.
-#if LOOLWSD_ANONYMIZE_USERNAMES
- AnonymizeUsernames = true;
+#if LOOLWSD_ANONYMIZE_USER_DATA
+ AnonymizeUserData = true;
+ LOG_INF("Anonymization of user-data is permanently enabled.");
#else
- AnonymizeUsernames = getConfigValue<bool>(conf,
"logging.anonymize.usernames", false);
-#endif
+ LOG_INF("Anonymization of user-data is configurable.");
+ bool haveAnonymizeUserDataConfig = false;
+ if (getSafeConfig(conf, "logging.anonymize.anonymize_user_data",
AnonymizeUserData))
+ haveAnonymizeUserDataConfig = true;
-#if LOOLWSD_ANONYMIZE_FILENAMES
- AnonymizeFilenames = true;
-#else
- AnonymizeFilenames = getConfigValue<bool>(conf,
"logging.anonymize.filenames", false);
+ bool anonymizeFilenames = false;
+ bool anonymizeUsernames = false;
+ if (getSafeConfig(conf, "logging.anonymize.usernames", anonymizeFilenames)
||
+ getSafeConfig(conf, "logging.anonymize.filenames", anonymizeUsernames))
+ {
+ LOG_WRN("NOTE: both logging.anonymize.usernames and
logging.anonymize.filenames are deprecated and superseded by "
+ "logging.anonymize.anonymize_user_data. Please remove username
and filename entries from the config and use only anonymize_user_data.");
+
+ if (haveAnonymizeUserDataConfig)
+ LOG_WRN("Since logging.anonymize.anonymize_user_data is provided
(" << AnonymizeUserData << ") in the config, it will be used.");
+ else
+ {
+ AnonymizeUserData = (anonymizeFilenames || anonymizeUsernames);
+ }
+ }
#endif
- if ((AnonymizeFilenames || AnonymizeUsernames) && LogLevel == "trace")
+ if (AnonymizeUserData && LogLevel == "trace")
{
- if (getConfigValue<bool>(conf, "logging.anonymize.allow_logging_pii",
false))
+ if (getConfigValue<bool>(conf,
"logging.anonymize.allow_logging_user_data", false))
{
- LOG_WRN("Enabling trace logging while anonymization is enabled due
to logging.anonymize.allow_logging_pii setting. "
- "This will leak personally identifiable information!");
+ LOG_WRN("Enabling trace logging while anonymization is enabled due
to logging.anonymize.allow_logging_user_data setting. "
+ "This will leak user-data!");
// Disable anonymization as it's useless now.
- AnonymizeFilenames = false;
- AnonymizeUsernames = false;
+ AnonymizeUserData = false;
}
else
{
@@ -950,11 +963,9 @@ void LOOLWSD::initialize(Application& self)
}
}
- if (AnonymizeFilenames)
- setenv("LOOL_ANONYMIZE_FILENAMES", "1", true);
-
- if (AnonymizeUsernames)
- setenv("LOOL_ANONYMIZE_USERNAMES", "1", true);
+ LOG_INF("Anonymization of user-data is " << (AnonymizeUserData ?
"enabled." : "disabled."));
+ if (AnonymizeUserData)
+ setenv("LOOL_ANONYMIZE_USER_DATA", "1", true);
{
std::string proto = getConfigValue<std::string>(conf, "net.proto", "");
diff --git a/wsd/LOOLWSD.hpp b/wsd/LOOLWSD.hpp
index 9e8f7b254..19f783e60 100644
--- a/wsd/LOOLWSD.hpp
+++ b/wsd/LOOLWSD.hpp
@@ -64,8 +64,7 @@ public:
static std::string ServiceRoot; ///< There are installations that need
prefixing every page with some path.
static std::string LOKitVersion;
static std::string LogLevel;
- static bool AnonymizeFilenames;
- static bool AnonymizeUsernames;
+ static bool AnonymizeUserData;
static std::atomic<unsigned> NumConnections;
static bool TileCachePersistent;
static std::unique_ptr<TraceFileWriter> TraceDumper;
@@ -142,14 +141,14 @@ public:
/// Anonymize the basename of filenames, preserving the path and extension.
static std::string anonymizeUrl(const std::string& url)
{
- return AnonymizeFilenames ? Util::anonymizeUrl(url) : url;
+ return AnonymizeUserData ? Util::anonymizeUrl(url) : url;
}
/// Anonymize user names and IDs.
/// Will use the Obfuscated User ID if one is provied via WOPI.
static std::string anonymizeUsername(const std::string& username)
{
- return AnonymizeUsernames ? Util::anonymize(username) : username;
+ return AnonymizeUserData ? Util::anonymize(username) : username;
}
int innerMain();
diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp
index a5ebcdc39..859552734 100644
--- a/wsd/Storage.cpp
+++ b/wsd/Storage.cpp
@@ -507,7 +507,7 @@ std::unique_ptr<WopiStorage::WOPIFileInfo>
WopiStorage::getWOPIFileInfo(const Au
Poco::JSON::Object::Ptr object;
if (JsonUtil::parseJSON(wopiResponse, object))
{
- if (LOOLWSD::AnonymizeFilenames || LOOLWSD::AnonymizeUsernames)
+ if (LOOLWSD::AnonymizeUserData)
LOG_DBG("WOPI::CheckFileInfo (" << callDuration.count() * 1000. <<
" ms): anonymizing...");
else
LOG_DBG("WOPI::CheckFileInfo (" << callDuration.count() * 1000. <<
" ms): " << wopiResponse);
@@ -519,7 +519,7 @@ std::unique_ptr<WopiStorage::WOPIFileInfo>
WopiStorage::getWOPIFileInfo(const Au
JsonUtil::findJSONValue(object, "TemplateSaveAs", templateSaveAs);
// Anonymize key values.
- if (LOOLWSD::AnonymizeFilenames || LOOLWSD::AnonymizeUsernames)
+ if (LOOLWSD::AnonymizeUserData)
{
Util::mapAnonymized(Util::getFilenameFromURL(filename),
Util::getFilenameFromURL(getUri().toString()));
@@ -533,11 +533,11 @@ std::unique_ptr<WopiStorage::WOPIFileInfo>
WopiStorage::getWOPIFileInfo(const Au
// Set anonymized version of the above fields before logging.
// Note: anonymization caches the result, so we don't need to
store here.
- if (LOOLWSD::AnonymizeFilenames)
+ if (LOOLWSD::AnonymizeUserData)
object->set("BaseFileName", LOOLWSD::anonymizeUrl(filename));
// If obfuscatedUserId is provided, then don't log the originals
and use it.
- if (LOOLWSD::AnonymizeUsernames && obfuscatedUserId.empty())
+ if (LOOLWSD::AnonymizeUserData && obfuscatedUserId.empty())
{
object->set("OwnerId", LOOLWSD::anonymizeUsername(ownerId));
object->set("UserId", LOOLWSD::anonymizeUsername(userId));
@@ -551,14 +551,11 @@ std::unique_ptr<WopiStorage::WOPIFileInfo>
WopiStorage::getWOPIFileInfo(const Au
// Remove them for performance reasons; they aren't needed anymore.
object->remove("ObfuscatedUserId");
- if (LOOLWSD::AnonymizeFilenames)
+ if (LOOLWSD::AnonymizeUserData)
{
object->remove("BaseFileName");
object->remove("TemplateSaveAs");
- }
- if (LOOLWSD::AnonymizeUsernames)
- {
object->remove("OwnerId");
object->remove("UserId");
object->remove("UserFriendlyName");
@@ -595,7 +592,7 @@ std::unique_ptr<WopiStorage::WOPIFileInfo>
WopiStorage::getWOPIFileInfo(const Au
}
else
{
- if (LOOLWSD::AnonymizeFilenames || LOOLWSD::AnonymizeUsernames)
+ if (LOOLWSD::AnonymizeUserData)
wopiResponse = "obfuscated";
LOG_ERR("WOPI::CheckFileInfo (" << callDuration.count() * 1000. <<
@@ -790,7 +787,7 @@ StorageBase::SaveResult
WopiStorage::saveLocalFileToStorage(const Authorization&
if (Log::infoEnabled())
{
- if (LOOLWSD::AnonymizeFilenames)
+ if (LOOLWSD::AnonymizeUserData)
{
Poco::JSON::Object::Ptr object;
if (JsonUtil::parseJSON(responseString, object))
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
