include/sfx2/docmacromode.hxx | 7 +++++--
include/svtools/sfxecode.hxx | 1 +
sfx2/source/doc/docmacromode.cxx | 23 +++++++++++++++++++----
sfx2/source/doc/objmisc.cxx | 3 ++-
svtools/inc/errtxt.hrc | 1 +
5 files changed, 28 insertions(+), 7 deletions(-)
New commits:
commit 93b174047b3cc55ca54f962e08193c4c0c80d2a2
Author: Samuel Mehrbrodt <samuel.mehrbr...@allotropia.de>
AuthorDate: Mon Jan 18 15:24:48 2021 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Tue Mar 2 10:44:55 2021 +0100
Improve macro checks
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109552
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit 1dc71daf7fa7204a98c75dac680af664ab9c8edb)
Change-Id: Ie40801df8866b52c1458e020ffa9cba120720af7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110281
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx
index a15bbbe9ba56..bd4f13fb016c 100644
--- a/include/sfx2/docmacromode.hxx
+++ b/include/sfx2/docmacromode.hxx
@@ -220,7 +220,8 @@ namespace sfx2
<TRUE/> if and only if macro execution in this document is
allowed.
*/
bool adjustMacroMode(
- const css::uno::Reference< css::task::XInteractionHandler
>& _rxInteraction
+ const css::uno::Reference< css::task::XInteractionHandler
>& _rxInteraction,
+ bool bHasValidContentSignature = false
);
/** determines whether macro execution is disallowed
@@ -286,11 +287,13 @@ namespace sfx2
*/
bool
checkMacrosOnLoading(
- const css::uno::Reference< css::task::XInteractionHandler
>& _rxInteraction
+ const css::uno::Reference< css::task::XInteractionHandler
>& _rxInteraction,
+ bool bHasValidContentSignature = false
);
private:
std::shared_ptr< DocumentMacroMode_Data > m_xData;
+ bool m_bNeedsContentSigned;
};
diff --git a/include/svtools/sfxecode.hxx b/include/svtools/sfxecode.hxx
index 3cdad87f4cd9..ccdccae9014b 100644
--- a/include/svtools/sfxecode.hxx
+++ b/include/svtools/sfxecode.hxx
@@ -37,6 +37,7 @@ class ErrCode;
#define ERRCODE_SFX_CANTCREATEBACKUP ErrCode(ErrCodeArea::Sfx,
ErrCodeClass::Create, 50)
#define ERRCODE_SFX_MACROS_SUPPORT_DISABLED ErrCode(WarningFlag::Yes,
ErrCodeArea::Sfx, ErrCodeClass::NONE, 51)
#define ERRCODE_SFX_DOCUMENT_MACRO_DISABLED ErrCode(WarningFlag::Yes,
ErrCodeArea::Sfx, ErrCodeClass::NONE, 52)
+#define ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_CONTENT_UNSIGNED
ErrCode(WarningFlag::Yes, ErrCodeArea::Sfx, ErrCodeClass::NONE, 53)
#define ERRCODE_SFX_SHARED_NOPASSWORDCHANGE ErrCode(WarningFlag::Yes,
ErrCodeArea::Sfx, ErrCodeClass::NONE, 54)
#define ERRCODE_SFX_INCOMPLETE_ENCRYPTION ErrCode(WarningFlag::Yes,
ErrCodeArea::Sfx, ErrCodeClass::NONE, 55)
#define ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_MAC \
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 492bd0a63009..2fa7b968fc41 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -113,6 +113,10 @@ namespace sfx2
#endif
}
+ void lcl_showMacrosDisabledUnsignedContentError( const Reference<
XInteractionHandler >& rxHandler, bool& rbAlreadyShown )
+ {
+ lcl_showGeneralSfxErrorOnce( rxHandler,
ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_CONTENT_UNSIGNED, rbAlreadyShown );
+ }
bool lcl_showMacroWarning( const Reference< XInteractionHandler >&
rxHandler,
const OUString& rDocumentLocation )
@@ -125,7 +129,8 @@ namespace sfx2
//= DocumentMacroMode
DocumentMacroMode::DocumentMacroMode( IMacroDocumentAccess&
rDocumentAccess )
- :m_xData( new DocumentMacroMode_Data( rDocumentAccess ) )
+ :m_xData( new DocumentMacroMode_Data( rDocumentAccess ) ),
+ m_bNeedsContentSigned(false)
{
}
@@ -141,7 +146,7 @@ namespace sfx2
return false;
}
- bool DocumentMacroMode::adjustMacroMode( const Reference<
XInteractionHandler >& rxInteraction )
+ bool DocumentMacroMode::adjustMacroMode( const Reference<
XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
{
sal_uInt16 nMacroExecutionMode =
m_xData->m_rDocumentAccess.getCurrentMacroExecMode();
@@ -238,6 +243,14 @@ namespace sfx2
lcl_showDocumentMacrosDisabledError(rxInteraction,
m_xData->m_bDocMacroDisabledMessageShown);
return disallowMacroExecution();
}
+ else if (
m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading() &&
+ bHasTrustedMacroSignature &&
+ !bHasValidContentSignature)
+ {
+ // When macros are signed, and the document has events
which call macros, the document content needs to be signed too.
+ lcl_showMacrosDisabledUnsignedContentError(rxInteraction,
m_xData->m_bDocMacroDisabledMessageShown);
+ return disallowMacroExecution();
+ }
else if ( bHasTrustedMacroSignature )
{
// there is trusted macro signature, allow macro execution
@@ -392,7 +405,7 @@ namespace sfx2
}
- bool DocumentMacroMode::checkMacrosOnLoading( const Reference<
XInteractionHandler >& rxInteraction )
+ bool DocumentMacroMode::checkMacrosOnLoading( const Reference<
XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
{
bool bAllow = false;
if ( SvtSecurityOptions().IsMacroDisabled() )
@@ -404,7 +417,9 @@ namespace sfx2
{
if (m_xData->m_rDocumentAccess.documentStorageHasMacros() ||
hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
{
- bAllow = adjustMacroMode( rxInteraction );
+ if (m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
+ m_bNeedsContentSigned = true;
+ bAllow = adjustMacroMode( rxInteraction,
bHasValidContentSignature );
}
else if ( !isMacroExecutionDisallowed() )
{
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 681940462720..f71358b568fa 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -953,7 +953,8 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl()
CheckEncryption_Impl( xInteraction );
// check macro security
- pImpl->aMacroMode.checkMacrosOnLoading( xInteraction );
+ const bool bHasValidContentSignature = HasValidSignatures();
+ pImpl->aMacroMode.checkMacrosOnLoading( xInteraction,
bHasValidContentSignature );
}
diff --git a/svtools/inc/errtxt.hrc b/svtools/inc/errtxt.hrc
index e5694df18ffd..2f9b4919ad81 100644
--- a/svtools/inc/errtxt.hrc
+++ b/svtools/inc/errtxt.hrc
@@ -120,6 +120,7 @@ const ErrMsgCode RID_ERRHDL[] =
{ NC_("RID_ERRHDL", "The maximum number of documents that can be opened at
the same time has been reached. You need to close one or more documents before
you can open a new document."), ERRCODE_SFX_NOMOREDOCUMENTSALLOWED },
{ NC_("RID_ERRHDL", "Could not create backup copy.") ,
ERRCODE_SFX_CANTCREATEBACKUP },
{ NC_("RID_ERRHDL", "An attempt was made to execute a macro.\nFor security
reasons, macro support is disabled."), ERRCODE_SFX_MACROS_SUPPORT_DISABLED },
+ { NC_("RID_ERRHDL", "Execution of macros is disabled. Macros are signed,
but the document (containing document events) is not signed."),
ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_CONTENT_UNSIGNED },
{ NC_("RID_ERRHDL", "This document contains macros.\n\nMacros may contain
viruses. Execution of macros is disabled due to the current macro security
setting in %PRODUCTNAME - Preferences - %PRODUCTNAME - Security.\n\nTherefore,
some functionality may not be available.") ,
ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_MAC },
{ NC_("RID_ERRHDL", "This document contains macros.\n\nMacros may contain
viruses. Execution of macros is disabled due to the current macro security
setting in Tools - Options - %PRODUCTNAME - Security.\n\nTherefore, some
functionality may not be available.") , ERRCODE_SFX_DOCUMENT_MACRO_DISABLED },
{ NC_("RID_ERRHDL", "The encrypted document contains unexpected
non-encrypted streams.\n\nThis could be the result of document
manipulation.\n\nWe recommend that you do not trust the content of the current
document.\nExecution of macros is disabled for this document.\n ") ,
ERRCODE_SFX_INCOMPLETE_ENCRYPTION },
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
