loolwsd/Storage.cpp | 19 ++++++------------- loolwsd/Storage.hpp | 4 ++-- loolwsd/loolwsd.xml.in | 4 +++- 3 files changed, 11 insertions(+), 16 deletions(-)
New commits: commit 23003c455c5ecc0d4c882fdc66a3ea2bcd993b53 Author: Ashod Nakashian <ashod.nakash...@collabora.co.uk> Date: Mon Apr 18 21:13:17 2016 -0400 bccu#1696 - enable WOPI connection from the same host by default Since auto-discovery is problematic, this patch implements support for both regex patterned hostnames/IPs to allow, and those to block/deny. A hostname/IP must be both allowed, and not denied, to be accepted. By setting ranges of allowed hostnames/IPs, and others to block/deny, an admin can configure Online with great flexibility. Defaults updated with same values, but not exhaustive. Change-Id: Iedfcafe41d07d905b549fb450c3fe625ad44599e Reviewed-on: https://gerrit.libreoffice.org/24233 Reviewed-by: Ashod Nakashian <ashnak...@gmail.com> Tested-by: Ashod Nakashian <ashnak...@gmail.com> diff --git a/loolwsd/Storage.cpp b/loolwsd/Storage.cpp index 2e227b5..309748d 100644 --- a/loolwsd/Storage.cpp +++ b/loolwsd/Storage.cpp @@ -34,7 +34,7 @@ /////////////////// bool StorageBase::_filesystemEnabled; bool StorageBase::_wopiEnabled; -std::set<std::string> StorageBase::_wopiHosts; +Util::RegexListMatcher StorageBase::_wopiHosts; std::string StorageBase::getLocalRootPath() const { @@ -76,16 +76,12 @@ void StorageBase::initialize() if (app.config().getBool(path + "[@allow]", false)) { Log::info("Adding trusted WOPI host: [" + host + "]."); - _wopiHosts.insert(host); + _wopiHosts.allow(host); } else { - if (_wopiHosts.find(host) != _wopiHosts.end()) - { - Log::warn("Configuration of WOPI trusted hosts contains conflicting duplicates."); - } - - _wopiHosts.erase(host); + Log::info("Adding blocked WOPI host: [" + host + "]."); + _wopiHosts.deny(host); } } else if (!app.config().has(path)) @@ -118,12 +114,9 @@ std::unique_ptr<StorageBase> StorageBase::create(const std::string& jailRoot, co { Log::info("Public URI [" + uri.toString() + "] considered WOPI."); const auto targetHost = uri.getHost(); - for (const auto& acceptedHost : _wopiHosts) + if (_wopiHosts.match(targetHost)) { - if (targetHost == acceptedHost) - { - return std::unique_ptr<StorageBase>(new WopiStorage(jailRoot, jailPath, uri.toString())); - } + return std::unique_ptr<StorageBase>(new WopiStorage(jailRoot, jailPath, uri.toString())); } Log::error("No acceptable WOPI hosts found matching the target host [" + targetHost + "] in config."); diff --git a/loolwsd/Storage.hpp b/loolwsd/Storage.hpp index 7114269..564663c 100644 --- a/loolwsd/Storage.hpp +++ b/loolwsd/Storage.hpp @@ -87,8 +87,8 @@ protected: static bool _filesystemEnabled; static bool _wopiEnabled; - /// Allowed/trusted WOPI hosts, if any and if WOPI is enabled. - static std::set<std::string> _wopiHosts; + /// Allowed/denied WOPI hosts, if any and if WOPI is enabled. + static Util::RegexListMatcher _wopiHosts; }; /// Trivial implementation of local storage that does not need do anything. diff --git a/loolwsd/loolwsd.xml.in b/loolwsd/loolwsd.xml.in index 86aa0cb..59dd0bb 100644 --- a/loolwsd/loolwsd.xml.in +++ b/loolwsd/loolwsd.xml.in @@ -25,7 +25,9 @@ <storage desc="Backend storage"> <filesystem allow="false" /> <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true"> - <host desc="Hostname to allow" allow="true">localhost</host> + <host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host> + <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host> + <host desc="Regex pattern of hostname to allow or deny." allow="deny">192\.168\.1\.1</host> <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size> </wopi> <webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false"> _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits