allow an exemption to be made for a specific host cp-22.05.23-1

Change-Id: Ie423df7839e793a9c07561efb56d5649876947ee Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169125 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Andras Timar <andras.timar@collabora.com>
author: Caolán McNamara <caolan.mcnamara@collabora.com> 2024-06-04 21:17:59 +0100
committer: Andras Timar <andras.timar@collabora.com> 2024-06-24 23:46:56 +0200
commit: ad85ea960780f1e858054fbc612c040830b2fb11 (patch)
tree: 27f3d012569b8ca15ea15775af93654a2fab8350
parent: bb3e6deeff7494a7df6867cc379a24af85c0c017 (diff)
5 files changed, 66 insertions, 0 deletions
diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx
index aa717dfe17cf..78609ecb11da 100644
--- a/desktop/source/lib/init.cxx
+++ b/desktop/source/lib/init.cxx
@@ -136,6 +136,7 @@
 #include <vcl/svapp.hxx>
 #include <unotools/resmgr.hxx>
 #include <tools/fract.hxx>
+#include <tools/hostfilter.hxx>
 #include <tools/json_writer.hxx>
 #include <svtools/ctrltool.hxx>
 #include <svtools/langtab.hxx>
@@ -2786,6 +2787,9 @@ static LibreOfficeKitDocument* lo_documentLoadWithOptions(LibreOfficeKit* pThis,
 
         OutputDevice::StartTrackingFontMappingUse();
 
+        if (const char* pExemptVerifyHost = ::getenv("LOK_EXEMPT_VERIFY_HOST"))
+            HostFilter::setExemptVerifyHost(OUString(pExemptVerifyHost, strlen(pExemptVerifyHost), RTL_TEXTENCODING_UTF8));
+
         const int nThisDocumentId = nDocumentIdCounter++;
         SfxViewShell::SetCurrentDocId(ViewShellDocId(nThisDocumentId));
         uno::Reference<lang::XComponent> xComponent = xComponentLoader->loadComponentFromURL(
diff --git a/include/tools/hostfilter.hxx b/include/tools/hostfilter.hxx
new file mode 100644
index 000000000000..43c01e72e6fd
--- /dev/null
+++ b/include/tools/hostfilter.hxx
@@ -0,0 +1,28 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#ifndef INCLUDED_TOOLS_HOSTFILTER_HXX
+#define INCLUDED_TOOLS_HOSTFILTER_HXX
+
+#include <rtl/ustring.hxx>
+#include <tools/toolsdllapi.h>
+
+// Helper for filtering allowed hosts for remote connections
+
+class TOOLS_DLLPUBLIC HostFilter
+{
+public:
+    static void setExemptVerifyHost(const OUString& rExemptVerifyHost);
+
+    static bool isExemptVerifyHost(const std::u16string_view rHost);
+};
+
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */
diff --git a/tools/Library_tl.mk b/tools/Library_tl.mk
index ecad06913ed2..11f6fb271fbd 100644
--- a/tools/Library_tl.mk
+++ b/tools/Library_tl.mk
@@ -63,6 +63,7 @@ $(eval $(call gb_Library_add_exception_objects,tl,\
     tools/source/generic/poly \
     tools/source/generic/poly2 \
     tools/source/generic/svborder \
+    tools/source/inet/hostfilter \
     tools/source/inet/inetmime \
     tools/source/inet/inetmsg \
     tools/source/inet/inetstrm \
diff --git a/tools/source/inet/hostfilter.cxx b/tools/source/inet/hostfilter.cxx
new file mode 100644
index 000000000000..85a1715d5155
--- /dev/null
+++ b/tools/source/inet/hostfilter.cxx
@@ -0,0 +1,27 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <tools/hostfilter.hxx>
+
+namespace
+{
+static OUString g_ExceptVerifyHost;
+}
+
+void HostFilter::setExemptVerifyHost(const OUString& rExemptVerifyHost)
+{
+    g_ExceptVerifyHost = rExemptVerifyHost;
+}
+
+bool HostFilter::isExemptVerifyHost(const std::u16string_view rHost)
+{
+    return rHost == g_ExceptVerifyHost;
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */
diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx b/ucb/source/ucp/webdav-curl/CurlSession.cxx
index e030cf374305..53201aae8ca9 100644
--- a/ucb/source/ucp/webdav-curl/CurlSession.cxx
+++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx
@@ -34,6 +34,7 @@
 #include <rtl/strbuf.hxx>
 #include <rtl/ustrbuf.hxx>
 #include <systools/curlinit.hxx>
+#include <tools/hostfilter.hxx>
 #include <config_version.h>
 
 #include <map>
@@ -696,6 +697,11 @@ CurlSession::CurlSession(uno::Reference<uno::XComponentContext> const& xContext,
         rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_FORBID_REUSE, 1L);
         assert(rc == CURLE_OK);
     }
+    if (HostFilter::isExemptVerifyHost(m_URI.GetHost()))
+    {
+        rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_SSL_VERIFYHOST, 0L);
+        assert(rc == CURLE_OK);
+    }
 }
 
 CurlSession::~CurlSession() {}
author	Caolán McNamara <caolan.mcnamara@collabora.com>	2024-06-04 21:17:59 +0100
committer	Andras Timar <andras.timar@collabora.com>	2024-06-24 23:46:56 +0200
commit	ad85ea960780f1e858054fbc612c040830b2fb11 (patch)
tree	27f3d012569b8ca15ea15775af93654a2fab8350
parent	bb3e6deeff7494a7df6867cc379a24af85c0c017 (diff)