[Libreoffice-commits] core.git: Branch 'libreoffice-7-6' - sfx2/source

Mon, 13 Nov 2023 00:30:19 -0800 

 sfx2/source/doc/docmacromode.cxx |   29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

New commits:
commit 85a7579c176c0058ab027ed197d595d2a115d889
Author:     Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Wed Nov 8 10:31:05 2023 +0300
Commit:     Miklos Vajna <vmik...@collabora.com>
CommitDate: Mon Nov 13 09:29:54 2023 +0100

    Early shortcut for cases requiring both macro and document signatures
    
    This avoids a possible problem in High security mode, introduced in
    commit 1dc71daf7fa7204a98c75dac680af664ab9c8edb (Improve macro checks,
    2021-01-28), where a valid but untrusted macro certificate initiates
    a UI asking to always allow this certificate; but no matter what user
    chose, macros will be disallowed when the document itself is unsigned.
    Now it will check the document signature state early.
    
    Change-Id: If2255be5da19f3de0090154f0b891ed9496e7bc6
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159105
    Tested-by: Jenkins
    Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159273
    Reviewed-by: Miklos Vajna <vmik...@collabora.com>

diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 893b68e42e20..e9425669db90 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -189,6 +189,23 @@ namespace sfx2
             // check whether the document is signed with trusted certificate
             if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
             {
+                SignatureState nSignatureState = 
m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
+                if (!bHasValidContentSignature
+                    && (nMacroExecutionMode == 
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
+                        || nMacroExecutionMode == 
MacroExecMode::FROM_LIST_AND_SIGNED_WARN)
+                    && m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
+                {
+                    // When macros are required to be signed, and the document 
has events which call
+                    // macros, the document content needs to be signed, too. 
Do it here, and avoid
+                    // possible UI asking to always trust certificates, after 
which the user's choice
+                    // to allow macros would be ignored anyway.
+                    m_xData->m_bHasUnsignedContentError
+                        = nSignatureState == SignatureState::OK
+                          || nSignatureState == SignatureState::NOTVALIDATED;
+                    return disallowMacroExecution();
+                }
+
                 // At this point, the possible values of nMacroExecutionMode 
are: ALWAYS_EXECUTE,
                 // FROM_LIST_AND_SIGNED_WARN (the default), 
FROM_LIST_AND_SIGNED_NO_WARN.
                 // ALWAYS_EXECUTE corresponds to the Medium security level; it 
should ask for
@@ -196,25 +213,15 @@ namespace sfx2
                 // should not ask any confirmations. FROM_LIST_AND_SIGNED_WARN 
should only allow
                 // trusted signed macros at this point; so it may only ask for 
confirmation to add
                 // certificates to trusted, and shouldn't show UI when trusted 
list is read-only.
-                // the trusted macro check will also retrieve the signature 
state ( small optimization )
                 const bool bAllowUI = nMacroExecutionMode != 
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
                                                  && (nMacroExecutionMode == 
MacroExecMode::ALWAYS_EXECUTE
                                                      || 
!SvtSecurityOptions::IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
                 const bool bHasTrustedMacroSignature = 
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUI ? 
rxInteraction : nullptr);
 
-                SignatureState nSignatureState = 
m_xData->m_rDocumentAccess.getScriptingSignatureState();
                 if ( nSignatureState == SignatureState::BROKEN )
                 {
                     return disallowMacroExecution();
                 }
-                else if (nMacroExecutionMode != MacroExecMode::ALWAYS_EXECUTE
-                         && 
m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading()
-                         && bHasTrustedMacroSignature && 
!bHasValidContentSignature)
-                {
-                    // When macros are signed, and the document has events 
which call macros, the document content needs to be signed too.
-                    m_xData->m_bHasUnsignedContentError = true;
-                    return disallowMacroExecution();
-                }
                 else if ( bHasTrustedMacroSignature )
                 {
                     // there is trusted macro signature, allow macro execution
@@ -224,6 +231,8 @@ namespace sfx2
                        || nSignatureState == SignatureState::NOTVALIDATED )
                 {
                     // there is valid signature, but it is not from the 
trusted author
+                    // this case includes explicit reject from user in the UI 
in cases of
+                    // FROM_LIST_AND_SIGNED_WARN and ALWAYS_EXECUTE
                     return disallowMacroExecution();
                 }
             }

Reply via email to