Improve macro checks

Change-Id: Ie40801df8866b52c1458e020ffa9cba120720af7 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109552 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
2021-01-18 15:24:48 +01:00
parent 905371194e
commit 1dc71daf7f
5 changed files with 29 additions and 8 deletions
--- a/include/sfx2/docmacromode.hxx
+++ b/include/sfx2/docmacromode.hxx
@@ -220,7 +220,8 @@ namespace sfx2
                <TRUE/> if and only if macro execution in this document is allowed.
        */
        bool    adjustMacroMode(
-                    const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction
+                    const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction,
+                    bool bHasValidContentSignature = false
                );

        /** determines whether macro execution is disallowed
@@ -286,11 +287,13 @@ namespace sfx2
        */
        bool
                checkMacrosOnLoading(
-                    const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction
+                    const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction,
+                    bool bHasValidContentSignature = false
                );

    private:
        std::shared_ptr< DocumentMacroMode_Data >   m_xData;
+        bool m_bNeedsContentSigned;
    };


--- a/include/svtools/sfxecode.hxx
+++ b/include/svtools/sfxecode.hxx
@@ -36,6 +36,7 @@ class ErrCode;
 #define ERRCODE_SFX_CANTCREATEBACKUP        ErrCode(ErrCodeArea::Sfx, ErrCodeClass::Create, 50)
 #define ERRCODE_SFX_MACROS_SUPPORT_DISABLED ErrCode(WarningFlag::Yes, ErrCodeArea::Sfx, ErrCodeClass::NONE, 51)
 #define ERRCODE_SFX_DOCUMENT_MACRO_DISABLED ErrCode(WarningFlag::Yes, ErrCodeArea::Sfx, ErrCodeClass::NONE, 52)
+#define ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_CONTENT_UNSIGNED ErrCode(WarningFlag::Yes, ErrCodeArea::Sfx, ErrCodeClass::NONE, 53)
 #define ERRCODE_SFX_SHARED_NOPASSWORDCHANGE ErrCode(WarningFlag::Yes, ErrCodeArea::Sfx, ErrCodeClass::NONE, 54)
 #define ERRCODE_SFX_INCOMPLETE_ENCRYPTION   ErrCode(WarningFlag::Yes, ErrCodeArea::Sfx, ErrCodeClass::NONE, 55)
 #define ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_MAC \
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -111,6 +111,10 @@ namespace sfx2
 #endif
        }

+        void lcl_showMacrosDisabledUnsignedContentError( const Reference< XInteractionHandler >& rxHandler, bool& rbAlreadyShown )
+        {
+            lcl_showGeneralSfxErrorOnce( rxHandler, ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_CONTENT_UNSIGNED, rbAlreadyShown );
+        }

        bool lcl_showMacroWarning( const Reference< XInteractionHandler >& rxHandler,
            const OUString& rDocumentLocation )
@@ -123,7 +127,8 @@ namespace sfx2

    //= DocumentMacroMode
    DocumentMacroMode::DocumentMacroMode( IMacroDocumentAccess& rDocumentAccess )
-        :m_xData( std::make_shared<DocumentMacroMode_Data>( rDocumentAccess ) )
+        :m_xData( std::make_shared<DocumentMacroMode_Data>( rDocumentAccess ) ),
+        m_bNeedsContentSigned(false)
    {
    }

@@ -139,7 +144,7 @@ namespace sfx2
        return false;
    }

-    bool DocumentMacroMode::adjustMacroMode( const Reference< XInteractionHandler >& rxInteraction )
+    bool DocumentMacroMode::adjustMacroMode( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
    {
        sal_uInt16 nMacroExecutionMode = m_xData->m_rDocumentAccess.getCurrentMacroExecMode();

@@ -237,6 +242,14 @@ namespace sfx2
                        lcl_showDocumentMacrosDisabledError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown);
                    return disallowMacroExecution();
                }
+                else if ( m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading() &&
+                          bHasTrustedMacroSignature &&
+                          !bHasValidContentSignature)
+                {
+                    // When macros are signed, and the document has events which call macros, the document content needs to be signed too.
+                    lcl_showMacrosDisabledUnsignedContentError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown);
+                    return disallowMacroExecution();
+                }
                else if ( bHasTrustedMacroSignature )
                {
                    // there is trusted macro signature, allow macro execution
@@ -391,7 +404,7 @@ namespace sfx2
    }


-    bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction )
+    bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
    {
        bool bAllow = false;
        if ( SvtSecurityOptions().IsMacroDisabled() )
@@ -403,7 +416,9 @@ namespace sfx2
        {
            if (m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
            {
-                bAllow = adjustMacroMode( rxInteraction );
+                if (m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
+                    m_bNeedsContentSigned = true;
+                bAllow = adjustMacroMode( rxInteraction, bHasValidContentSignature );
            }
            else if ( !isMacroExecutionDisallowed() )
            {
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -942,7 +942,8 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl()
    CheckEncryption_Impl( xInteraction );

    // check macro security
-    pImpl->aMacroMode.checkMacrosOnLoading( xInteraction );
+    const bool bHasValidContentSignature = HasValidSignatures();
+    pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature );
 }


@@ -1598,7 +1599,7 @@ bool SfxObjectShell::AdjustMacroMode()

    CheckEncryption_Impl( xInteraction );

-    return pImpl->aMacroMode.adjustMacroMode( xInteraction );
+    return pImpl->aMacroMode.adjustMacroMode( xInteraction, true /*TODO*/ );
 }

 vcl::Window* SfxObjectShell::GetDialogParent( SfxMedium const * pLoadingMedium )
--- a/svtools/inc/errtxt.hrc
+++ b/svtools/inc/errtxt.hrc
@@ -119,6 +119,7 @@ const ErrMsgCode RID_ERRHDL[] =
    { NC_("RID_ERRHDL", "The maximum number of documents that can be opened at the same time has been reached. You need to close one or more documents before you can open a new document."), ERRCODE_SFX_NOMOREDOCUMENTSALLOWED },
    { NC_("RID_ERRHDL", "Could not create backup copy.") , ERRCODE_SFX_CANTCREATEBACKUP },
    { NC_("RID_ERRHDL", "An attempt was made to execute a macro.\nFor security reasons, macro support is disabled."), ERRCODE_SFX_MACROS_SUPPORT_DISABLED },
+    { NC_("RID_ERRHDL", "Execution of macros is disabled. Macros are signed, but the document (containing document events) is not signed."), ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_CONTENT_UNSIGNED },
    { NC_("RID_ERRHDL", "This document contains macros.\n\nMacros may contain viruses. Execution of macros is disabled due to the current macro security setting in %PRODUCTNAME - Preferences - %PRODUCTNAME - Security.\n\nTherefore, some functionality may not be available.") , ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_MAC },
    { NC_("RID_ERRHDL", "This document contains macros.\n\nMacros may contain viruses. Execution of macros is disabled due to the current macro security setting in Tools - Options - %PRODUCTNAME - Security.\n\nTherefore, some functionality may not be available.") , ERRCODE_SFX_DOCUMENT_MACRO_DISABLED },
    { NC_("RID_ERRHDL", "The encrypted document contains unexpected non-encrypted streams.\n\nThis could be the result of document manipulation.\n\nWe recommend that you do not trust the content of the current document.\nExecution of macros is disabled for this document.\n ") , ERRCODE_SFX_INCOMPLETE_ENCRYPTION },