core.git: Branch 'distro/collabora/libreoffice-7-6+backports' - include/sfx2 sfx2/source

Thu, 01 Aug 2024 12:00:11 -0700 

 include/sfx2/docmacromode.hxx    |    1 +
 sfx2/source/doc/docmacromode.cxx |   24 ++++++++++++++++++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)

New commits:
commit 1b5516d8316ed214bdeb707c4eca88d3440c4acc
Author:     Sarper Akdemir <sarper.akde...@allotropia.de>
AuthorDate: Tue Jun 11 12:39:36 2024 +0200
Commit:     Aron Budea <aron.bu...@collabora.com>
CommitDate: Thu Aug 1 20:59:34 2024 +0200

    remove ability to trust not validated macro signatures in high security
    
    Giving the user the option to determine if they should trust an
    invalid signature in HIGH macro security doesn't make sense.
    CommonName of the signature is the most prominent feature presented
    and the CommonName of a certificate can be easily forged for an
    invalid signature, tricking the user into accepting an invalid
    signature.
    
    in the HIGH macro security setting only show the pop-up to
    enable/disable signed macro if the certificate signature can be
    validated.
    
    cherry-picked without UI/String altering bits for 24-2
    
    Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
    Tested-by: Jenkins
    Reviewed-by: Sarper Akdemir <sarper.akde...@allotropia.de>
    (cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
    Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
    (cherry picked from commit 4ade8177aed6399c3b49ed440c9ef8c2461a95de)

diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx
index 688297f26598..0954126e36f3 100644
--- a/include/sfx2/docmacromode.hxx
+++ b/include/sfx2/docmacromode.hxx
@@ -264,6 +264,7 @@ namespace sfx2
         bool    hasMacroLibrary() const;
 
         bool hasUnsignedContentError() const;
+        bool hasInvalidSignaturesError() const;
 
         /** determines whether the given document storage has sub storages 
containing scripts
             or macros.
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 37871e0e170a..bbea501200b5 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -72,10 +72,13 @@ namespace sfx2
     {
         IMacroDocumentAccess&       m_rDocumentAccess;
         bool m_bHasUnsignedContentError;
+        /// Is true when macros was disabled due to invalid signatures (when 
macro security is high)
+        bool m_bHasInvalidSignaturesError;
 
         explicit DocumentMacroMode_Data( IMacroDocumentAccess& rDocumentAccess 
)
             :m_rDocumentAccess( rDocumentAccess )
             ,m_bHasUnsignedContentError( false )
+            ,m_bHasInvalidSignaturesError( false )
         {
         }
     };
@@ -212,13 +215,26 @@ namespace sfx2
                 // confirmation when macros are unsigned or untrusted. 
FROM_LIST_AND_SIGNED_NO_WARN
                 // should not ask any confirmations. FROM_LIST_AND_SIGNED_WARN 
should only allow
                 // trusted signed macros at this point; so it may only ask for 
confirmation to add
-                // certificates to trusted, and shouldn't show UI when trusted 
list is read-only.
+                // certificates to trusted, and shouldn't show UI when trusted 
list is read-only
+                // or the macro signature can't be validated.
                 const bool bAllowUI
                     = nMacroExecutionMode != 
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
                       && eAutoConfirm == eNoAutoConfirm
                       && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE
                           || !SvtSecurityOptions::IsReadOnly(
-                              
SvtSecurityOptions::EOption::MacroTrustedAuthors));
+                              
SvtSecurityOptions::EOption::MacroTrustedAuthors))
+                      && (nMacroExecutionMode != 
MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+                          || nSignatureState == SignatureState::OK);
+
+                if (nMacroExecutionMode == 
MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+                    && nSignatureState != SignatureState::NOSIGNATURES
+                    && nSignatureState != SignatureState::OK)
+                {
+                    // set the flag so that we can show the appropriate error 
& buttons
+                    // for invalid signatures in the infobar for high macro 
security.
+                    m_xData->m_bHasInvalidSignaturesError = true;
+                }
+
                 const bool bHasTrustedMacroSignature = 
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUI ? 
rxInteraction : nullptr);
 
                 if (bHasTrustedMacroSignature)
@@ -407,6 +423,10 @@ namespace sfx2
         return m_xData->m_bHasUnsignedContentError;
     }
 
+    bool DocumentMacroMode::hasInvalidSignaturesError() const
+    {
+        return m_xData->m_bHasInvalidSignaturesError;
+    }
 
     bool DocumentMacroMode::storageHasMacros( const Reference< XStorage >& 
rxStorage )
     {

Reply via email to