diff options
author | Michael Meeks <michael.meeks@collabora.com> | 2018-04-17 20:47:17 +0100 |
---|---|---|
committer | Jan Holesovsky <kendy@collabora.com> | 2018-05-02 15:32:34 +0200 |
commit | de789c813bc377636005a541d31853d892f0e978 (patch) | |
tree | c0067b6afa5a7e5f7234f88b55d96b493cdbeed9 | |
parent | 1753b758566c3330b7ab669e8c0f60ec087add52 (diff) |
Allow the Admin console to be disabled in the configuration.
Change-Id: Iacde8e891f42e9ef9399ebbebbd2b2978188d4c4
Reviewed-on: https://gerrit.libreoffice.org/53533
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/53729
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
-rw-r--r-- | loolwsd.xml.in | 1 | ||||
-rw-r--r-- | wsd/Admin.cpp | 14 | ||||
-rw-r--r-- | wsd/Admin.hpp | 6 | ||||
-rw-r--r-- | wsd/FileServer.cpp | 7 | ||||
-rw-r--r-- | wsd/LOOLWSD.cpp | 2 | ||||
-rw-r--r-- | wsd/LOOLWSD.hpp | 1 |
6 files changed, 25 insertions, 6 deletions
diff --git a/loolwsd.xml.in b/loolwsd.xml.in index 38e81a2b0..456790005 100644 --- a/loolwsd.xml.in +++ b/loolwsd.xml.in @@ -107,6 +107,7 @@ <tile_cache_persistent desc="Should the tiles persist between two editing sessions of the given document?" type="bool" default="true">true</tile_cache_persistent> <admin_console desc="Web admin console settings."> + <enable desc="Enable the admin console functionality" type="bool" default="true">true</enable> <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="true">true</enable_pam> <username desc="The username of the admin console. Must be set, if PAM is not enabled, otherwise it's optional."></username> <password desc="The password of the admin console. Deprecated on most platforms. Instead, use loolconfig to set up a secure password."></password> diff --git a/wsd/Admin.cpp b/wsd/Admin.cpp index 0b904f82a..7645f74cd 100644 --- a/wsd/Admin.cpp +++ b/wsd/Admin.cpp @@ -291,7 +291,13 @@ bool AdminSocketHandler::handleInitialRequest( const std::weak_ptr<StreamSocket> &socketWeak, const Poco::Net::HTTPRequest& request) { - auto socket = socketWeak.lock(); + if (!LOOLWSD::AdminEnabled) + { + LOG_ERR("Request for disabled admin console"); + return false; + } + + std::shared_ptr<StreamSocket> socket = socketWeak.lock(); // Different session id pool for admin sessions (?) const auto sessionId = Util::decodeId(LOOLWSD::GenSessionId()); @@ -606,4 +612,10 @@ void Admin::dumpState(std::ostream& os) SocketPoll::dumpState(os); } +void Admin::start() +{ + if (LOOLWSD::AdminEnabled) + startThread(); +} + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/wsd/Admin.hpp b/wsd/Admin.hpp index 0356018cc..39b73df17 100644 --- a/wsd/Admin.hpp +++ b/wsd/Admin.hpp @@ -60,11 +60,7 @@ public: return admin; } - void start() - { - // FIXME: not if admin console is not enabled ? - startThread(); - } + void start(); /// Custom poll thread function void pollingThread() override; diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index c0899ce88..c7dd9a884 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -113,6 +113,8 @@ bool isPamAuthOk(const std::string user, const std::string pass) bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, HTTPResponse &response) { + assert(LOOLWSD::AdminEnabled); + const auto& config = Application::instance().config(); const auto sslKeyPath = config.getString("ssl.key_file_path", ""); @@ -250,11 +252,16 @@ void FileServerRequestHandler::handleRequest(const HTTPRequest& request, Poco::M if (request.getMethod() == HTTPRequest::HTTP_GET) { if (endPoint == "admin.html" || + endPoint == "admin-bundle.js" || + endPoint == "admin-localizations.js" || endPoint == "adminSettings.html" || endPoint == "adminAnalytics.html") { noCache = true; + if (!LOOLWSD::AdminEnabled) + throw Poco::FileAccessDeniedException("Admin console disabled"); + if (!FileServerRequestHandler::isAdminLoggedIn(request, response)) throw Poco::Net::NotAuthenticatedException("Invalid admin login"); diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index 8d0668c18..28fcc0dd0 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -572,6 +572,7 @@ std::atomic<int> LOOLWSD::ForKitProcId(-1); #endif bool LOOLWSD::NoSeccomp = false; bool LOOLWSD::NoCapsForKit = false; +bool LOOLWSD::AdminEnabled = true; #ifdef FUZZER bool LOOLWSD::DummyLOK = false; std::string LOOLWSD::FuzzFileName; @@ -850,6 +851,7 @@ void LOOLWSD::initialize(Application& self) NoSeccomp = !getConfigValue<bool>(conf, "security.seccomp", true); NoCapsForKit = !getConfigValue<bool>(conf, "security.capabilities", true); + AdminEnabled = getConfigValue<bool>(conf, "admin_console.enable", true); #if ENABLE_SUPPORT_KEY const std::string supportKeyString = getConfigValue<std::string>(conf, "support_key", ""); diff --git a/wsd/LOOLWSD.hpp b/wsd/LOOLWSD.hpp index 603e01ab4..0af68701f 100644 --- a/wsd/LOOLWSD.hpp +++ b/wsd/LOOLWSD.hpp @@ -44,6 +44,7 @@ public: static unsigned int NumPreSpawnedChildren; static bool NoCapsForKit; static bool NoSeccomp; + static bool AdminEnabled; static std::atomic<int> ForKitWritePipe; static std::atomic<int> ForKitProcId; static bool DummyLOK; |