sfx2/source/doc/docmacromode.cxx | 16 ++++++++++++++--
uui/source/secmacrowarnings.cxx | 11 ++++++++---
2 files changed, 22 insertions(+), 5 deletions(-)
New commits:
commit 7eac192e7b5c29c71871757c47b3fd5afe0fbddb
Author: Sarper Akdemir <sarper.akde...@allotropia.de>
AuthorDate: Tue Jun 11 12:39:36 2024 +0200
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Wed Jul 31 15:48:42 2024 +0200
remove ability to trust not validated macro signatures in high security
Giving the user the option to determine if they should trust an
invalid signature in HIGH macro security doesn't make sense.
CommonName of the signature is the most prominent feature presented
and the CommonName of a certificate can be easily forged for an
invalid signature, tricking the user into accepting an invalid
signature.
in the HIGH macro security setting only show the pop-up to
enable/disable signed macro if the certificate signature can be
validated.
cherry-picked without UI/String altering bits for 24-2
Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
Tested-by: Jenkins
Reviewed-by: Sarper Akdemir <sarper.akde...@allotropia.de>
(cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171306
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171314
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171315
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171317
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171323
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171325
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index f1fd2373ee5a..17fcd5f260d8 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -229,14 +229,18 @@ namespace sfx2
// check whether the document is signed with trusted certificate
if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
{
+ SignatureState nSignatureState =
m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
// the trusted macro check will also retrieve the signature
state ( small optimization )
const SvtSecurityOptions aSecOption;
const bool bAllowUIToAddAuthor = nMacroExecutionMode !=
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
&& (nMacroExecutionMode ==
MacroExecMode::ALWAYS_EXECUTE
- ||
!aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+ ||
!aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+ && (nMacroExecutionMode !=
MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+ || nSignatureState ==
SignatureState::OK);
+
const bool bHasTrustedMacroSignature =
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
- SignatureState nSignatureState =
m_xData->m_rDocumentAccess.getScriptingSignatureState();
if ( nSignatureState == SignatureState::BROKEN )
{
if (!bAllowUIToAddAuthor)
commit 0412b3b7587f70b35e17f705b803ade3efe31269
Author: Jan-Marek Glogowski <jan-marek.glogow...@extern.cib.de>
AuthorDate: Tue Dec 10 18:42:40 2019 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Wed Jul 31 15:48:28 2024 +0200
tdf#129311 don't allow temporary trusted certs
This simply skips the DocumentMacroConfirmationRequest, if the
macro security level (MSL) is *High* and the list of trusted
authors is read-only. For the MSL *Medium*, the check box of
the dialog is hidden with read-only trusted authors.
Change-Id: If6c08e4fdbf200e778d181370cc73fd947cecff5
Reviewed-on: https://gerrit.libreoffice.org/84887
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glo...@fbihome.de>
(cherry picked from commit 71c6f438cecc3ce5e8060efe1df840652885701c)
Reviewed-on: https://gerrit.libreoffice.org/85299
(cherry picked from commit 9cdb97cd93e60a0faf0a531949d94cff79e1aab9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171324
Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index d04443fdc7f1..f1fd2373ee5a 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -230,11 +230,17 @@ namespace sfx2
if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
{
// the trusted macro check will also retrieve the signature
state ( small optimization )
- bool bHasTrustedMacroSignature =
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature( nMacroExecutionMode !=
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN );
+ const SvtSecurityOptions aSecOption;
+ const bool bAllowUIToAddAuthor = nMacroExecutionMode !=
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
+ && (nMacroExecutionMode ==
MacroExecMode::ALWAYS_EXECUTE
+ ||
!aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+ const bool bHasTrustedMacroSignature =
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
SignatureState nSignatureState =
m_xData->m_rDocumentAccess.getScriptingSignatureState();
if ( nSignatureState == SignatureState::BROKEN )
{
+ if (!bAllowUIToAddAuthor)
+ lcl_showDocumentMacrosDisabledError(rxInteraction,
m_xData->m_bDocMacroDisabledMessageShown);
return disallowMacroExecution();
}
else if (
m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading() &&
@@ -254,6 +260,8 @@ namespace sfx2
|| nSignatureState == SignatureState::NOTVALIDATED )
{
// there is valid signature, but it is not from the
trusted author
+ if (!bAllowUIToAddAuthor)
+ lcl_showDocumentMacrosDisabledError(rxInteraction,
m_xData->m_bDocMacroDisabledMessageShown);
return disallowMacroExecution();
}
}
diff --git a/uui/source/secmacrowarnings.cxx b/uui/source/secmacrowarnings.cxx
index af913b303172..43ea3788d62d 100644
--- a/uui/source/secmacrowarnings.cxx
+++ b/uui/source/secmacrowarnings.cxx
@@ -136,10 +136,15 @@ void MacroWarning::InitControls()
if (mbShowSignatures)
{
mxViewSignsBtn->connect_clicked(LINK(this, MacroWarning,
ViewSignsBtnHdl));
- mxViewSignsBtn->set_sensitive(false); // default
- mxAlwaysTrustCB->connect_clicked(LINK(this, MacroWarning,
AlwaysTrustCheckHdl));
+ mxViewSignsBtn->set_sensitive(false);
- mnActSecLevel = SvtSecurityOptions().GetMacroSecurityLevel();
+ const SvtSecurityOptions aSecOption;
+ if
(!aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+ mxAlwaysTrustCB->connect_clicked(LINK(this, MacroWarning,
AlwaysTrustCheckHdl));
+ else
+ mxAlwaysTrustCB->set_visible(false);
+
+ mnActSecLevel = aSecOption.GetMacroSecurityLevel();
if ( mnActSecLevel >= 2 )
mxEnableBtn->set_sensitive(false);
}
