sfx2/source/doc/docmacromode.cxx | 32 ++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)
New commits:
commit fd53dd42151d0de566963829d1aace237a635bb8
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Wed Nov 8 11:45:17 2023 +0300
Commit: Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Thu Nov 9 07:20:41 2023 +0100
Simplify a bit
Change-Id: Ibf5a0800d7b9410a6191e3be7deef1edd4725640
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159152
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 2ab24c83cb78..d1b4ffd2cc67 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -111,8 +111,6 @@ namespace sfx2
bool DocumentMacroMode::adjustMacroMode( const Reference<
XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
{
- sal_Int16 nMacroExecutionMode =
m_xData->m_rDocumentAccess.getCurrentMacroExecMode();
-
if ( SvtSecurityOptions::IsMacroDisabled() )
{
// no macro should be executed at all
@@ -128,6 +126,7 @@ namespace sfx2
};
AutoConfirmation eAutoConfirm( eNoAutoConfirm );
+ sal_Int16 nMacroExecutionMode =
m_xData->m_rDocumentAccess.getCurrentMacroExecMode();
if ( ( nMacroExecutionMode == MacroExecMode::USE_CONFIG )
|| ( nMacroExecutionMode ==
MacroExecMode::USE_CONFIG_REJECT_CONFIRMATION )
|| ( nMacroExecutionMode ==
MacroExecMode::USE_CONFIG_APPROVE_CONFIRMATION )
commit 47c564280e69e52c2a69cd553c654f9e04f3ae89
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Wed Nov 8 10:31:05 2023 +0300
Commit: Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Thu Nov 9 07:20:30 2023 +0100
Early shortcut for cases requiring both macro and document signatures
This avoids a possible problem in High security mode, introduced in
commit 1dc71daf7fa7204a98c75dac680af664ab9c8edb (Improve macro checks,
2021-01-28), where a valid but untrusted macro certificate initiates
a UI asking to always allow this certificate; but no matter what user
chose, macros will be disallowed when the document itself is unsigned.
Now it will check the document signature state early.
Change-Id: If2255be5da19f3de0090154f0b891ed9496e7bc6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159105
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 377c14517586..2ab24c83cb78 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -189,6 +189,23 @@ namespace sfx2
// check whether the document is signed with trusted certificate
if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
{
+ SignatureState nSignatureState =
m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
+ if (!bHasValidContentSignature
+ && (nMacroExecutionMode ==
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
+ || nMacroExecutionMode ==
MacroExecMode::FROM_LIST_AND_SIGNED_WARN)
+ && m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
+ {
+ // When macros are required to be signed, and the document
has events which call
+ // macros, the document content needs to be signed, too.
Do it here, and avoid
+ // possible UI asking to always trust certificates, after
which the user's choice
+ // to allow macros would be ignored anyway.
+ m_xData->m_bHasUnsignedContentError
+ = nSignatureState == SignatureState::OK
+ || nSignatureState == SignatureState::NOTVALIDATED;
+ return disallowMacroExecution();
+ }
+
// At this point, the possible values of nMacroExecutionMode
are: ALWAYS_EXECUTE,
// FROM_LIST_AND_SIGNED_WARN (the default),
FROM_LIST_AND_SIGNED_NO_WARN.
// ALWAYS_EXECUTE corresponds to the Medium security level; it
should ask for
@@ -196,25 +213,15 @@ namespace sfx2
// should not ask any confirmations. FROM_LIST_AND_SIGNED_WARN
should only allow
// trusted signed macros at this point; so it may only ask for
confirmation to add
// certificates to trusted, and shouldn't show UI when trusted
list is read-only.
- // the trusted macro check will also retrieve the signature
state ( small optimization )
const bool bAllowUI = nMacroExecutionMode !=
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
&& (nMacroExecutionMode ==
MacroExecMode::ALWAYS_EXECUTE
||
!SvtSecurityOptions::IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
const bool bHasTrustedMacroSignature =
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUI ?
rxInteraction : nullptr);
- SignatureState nSignatureState =
m_xData->m_rDocumentAccess.getScriptingSignatureState();
if ( nSignatureState == SignatureState::BROKEN )
{
return disallowMacroExecution();
}
- else if (nMacroExecutionMode != MacroExecMode::ALWAYS_EXECUTE
- &&
m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading()
- && bHasTrustedMacroSignature &&
!bHasValidContentSignature)
- {
- // When macros are signed, and the document has events
which call macros, the document content needs to be signed too.
- m_xData->m_bHasUnsignedContentError = true;
- return disallowMacroExecution();
- }
else if ( bHasTrustedMacroSignature )
{
// there is trusted macro signature, allow macro execution
@@ -224,6 +231,8 @@ namespace sfx2
|| nSignatureState == SignatureState::NOTVALIDATED )
{
// there is valid signature, but it is not from the
trusted author
+ // this case includes explicit reject from user in the UI
in cases of
+ // FROM_LIST_AND_SIGNED_WARN and ALWAYS_EXECUTE
return disallowMacroExecution();
}
}
