include/sfx2/docmacromode.hxx | 1 + sfx2/source/doc/docmacromode.cxx | 24 ++++++++++++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-)
New commits: commit da570d9adb324b143ab5a05683fc17a1c90feaec Author: Sarper Akdemir <[email protected]> AuthorDate: Tue Jun 11 12:39:36 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Thu Jun 27 05:12:58 2024 +0200 remove ability to trust not validated macro signatures in high security Giving the user the option to determine if they should trust an invalid signature in HIGH macro security doesn't make sense. CommonName of the signature is the most prominent feature presented and the CommonName of a certificate can be easily forged for an invalid signature, tricking the user into accepting an invalid signature. in the HIGH macro security setting only show the pop-up to enable/disable signed macro if the certificate signature can be validated. cherry-picked without UI/String altering bits for 24-2 Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667 Tested-by: Jenkins Reviewed-by: Sarper Akdemir <[email protected]> (cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525 Reviewed-by: Thorsten Behrens <[email protected]> diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx index 688297f26598..0954126e36f3 100644 --- a/include/sfx2/docmacromode.hxx +++ b/include/sfx2/docmacromode.hxx @@ -264,6 +264,7 @@ namespace sfx2 bool hasMacroLibrary() const; bool hasUnsignedContentError() const; + bool hasInvalidSignaturesError() const; /** determines whether the given document storage has sub storages containing scripts or macros. diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index 4e9311593aed..c87224301590 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -72,10 +72,13 @@ namespace sfx2 { IMacroDocumentAccess& m_rDocumentAccess; bool m_bHasUnsignedContentError; + /// Is true when macros was disabled due to invalid signatures (when macro security is high) + bool m_bHasInvalidSignaturesError; explicit DocumentMacroMode_Data( IMacroDocumentAccess& rDocumentAccess ) :m_rDocumentAccess( rDocumentAccess ) ,m_bHasUnsignedContentError( false ) + ,m_bHasInvalidSignaturesError( false ) { } }; @@ -212,13 +215,26 @@ namespace sfx2 // confirmation when macros are unsigned or untrusted. FROM_LIST_AND_SIGNED_NO_WARN // should not ask any confirmations. FROM_LIST_AND_SIGNED_WARN should only allow // trusted signed macros at this point; so it may only ask for confirmation to add - // certificates to trusted, and shouldn't show UI when trusted list is read-only. + // certificates to trusted, and shouldn't show UI when trusted list is read-only + // or the macro signature can't be validated. const bool bAllowUI = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN && eAutoConfirm == eNoAutoConfirm && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE || !SvtSecurityOptions::IsReadOnly( - SvtSecurityOptions::EOption::MacroTrustedAuthors)); + SvtSecurityOptions::EOption::MacroTrustedAuthors)) + && (nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_WARN + || nSignatureState == SignatureState::OK); + + if (nMacroExecutionMode == MacroExecMode::FROM_LIST_AND_SIGNED_WARN + && nSignatureState != SignatureState::NOSIGNATURES + && nSignatureState != SignatureState::OK) + { + // set the flag so that we can show the appropriate error & buttons + // for invalid signatures in the infobar for high macro security. + m_xData->m_bHasInvalidSignaturesError = true; + } + const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUI ? rxInteraction : nullptr); if (bHasTrustedMacroSignature) @@ -407,6 +423,10 @@ namespace sfx2 return m_xData->m_bHasUnsignedContentError; } + bool DocumentMacroMode::hasInvalidSignaturesError() const + { + return m_xData->m_bHasInvalidSignaturesError; + } bool DocumentMacroMode::storageHasMacros( const Reference< XStorage >& rxStorage ) {
