summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThorsten Behrens <thorsten.behrens@allotropia.de>2022-12-29 23:08:43 +0100
committerThorsten Behrens <thorsten.behrens@allotropia.de>2022-12-30 00:33:51 +0000
commitf6bcd6eea8a8b0c75193c99e806ce48c007fa58d (patch)
tree3e5ad1111c09009683bbed9d2bc0ecc1f4495f5a
parent45aee4858c62fb4c8066bd0bb0aa4f468d110a5e (diff)
Support for Windows Security Zones for macro enable/disabledistro/lhm/libreoffice-6-1+backports
In Windows, files have security zones (local, from intranet, from internet, etc) used by MS Word to decide in which mode it is safe to open file. This patch implements basic support for similar feature: it is now possible to use expert configuration options to set up default behavior and configure for example automatic disabling of macros, if a file is downloaded from Internet or other unsafe location. Changed defaults: files from untrusted zones, or the internet, get macros disabled unconditionally. Can be overridden via officecfg::Office::Common::Security::Scripting::WindowsSecurityZone.* in the expert config dialog. Change-Id: I0bf1ae4e54d75dd5d07cab309124a67a85ef2d4d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143750 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144871
-rw-r--r--officecfg/registry/schema/org/openoffice/Office/Common.xcs125
-rw-r--r--sfx2/source/doc/docmacromode.cxx56
2 files changed, 180 insertions, 1 deletions
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
index fb627eba4317..8c9add931d14 100644
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
@@ -2707,6 +2707,131 @@
<desc>List with trusted authors.</desc>
</info>
</set>
+ <group oor:name="WindowsSecurityZone">
+ <info>
+ <desc>Contains security settings regarding Basic scripts.</desc>
+ </info>
+ <prop oor:name="ZoneLocal" oor:type="xs:int" oor:nillable="false">
+ <info>
+ <desc>Action needed for opening document with macro with Windows zone
+ identifier URLZONE_LOCAL_MACHINE (0, local machine).</desc>
+ </info>
+ <constraints>
+ <enumeration oor:value="0">
+ <info>
+ <desc>Ask</desc>
+ </info>
+ </enumeration>
+ <enumeration oor:value="1">
+ <info>
+ <desc>Allow</desc>
+ </info>
+ </enumeration>
+ <enumeration oor:value="2">
+ <info>
+ <desc>Deny</desc>
+ </info>
+ </enumeration>
+ </constraints>
+ <value>0</value>
+ </prop>
+ <prop oor:name="ZoneIntranet" oor:type="xs:int" oor:nillable="false">
+ <info>
+ <desc>Action needed for opening document with macro with Windows zone
+ identifier URLZONE_INTRANET (1, local machine).</desc>
+ </info>
+ <constraints>
+ <enumeration oor:value="0">
+ <info>
+ <desc>Ask</desc>
+ </info>
+ </enumeration>
+ <enumeration oor:value="1">
+ <info>
+ <desc>Allow</desc>
+ </info>
+ </enumeration>
+ <enumeration oor:value="2">
+ <info>
+ <desc>Deny</desc>
+ </info>
+ </enumeration>
+ </constraints>
+ <value>0</value>
+ </prop>
+ <prop oor:name="ZoneTrusted" oor:type="xs:int" oor:nillable="false">
+ <info>
+ <desc>Action needed for opening document with macro with Windows zone
+ identifier URLZONE_TRUSTED (2, trusted).</desc>
+ </info>
+ <constraints>
+ <enumeration oor:value="0">
+ <info>
+ <desc>Ask</desc>
+ </info>
+ </enumeration>
+ <enumeration oor:value="1">
+ <info>
+ <desc>Allow</desc>
+ </info>
+ </enumeration>
+ <enumeration oor:value="2">
+ <info>
+ <desc>Deny</desc>
+ </info>
+ </enumeration>
+ </constraints>
+ <value>0</value>
+ </prop>
+ <prop oor:name="ZoneInternet" oor:type="xs:int" oor:nillable="false">
+ <info>
+ <desc>Action needed for opening document with macro with Windows zone
+ identifier URLZONE_INTERNET (3, internet).</desc>
+ </info>
+ <constraints>
+ <enumeration oor:value="0">
+ <info>
+ <desc>Ask</desc>
+ </info>
+ </enumeration>
+ <enumeration oor:value="1">
+ <info>
+ <desc>Allow</desc>
+ </info>
+ </enumeration>
+ <enumeration oor:value="2">
+ <info>
+ <desc>Deny</desc>
+ </info>
+ </enumeration>
+ </constraints>
+ <value>2</value>
+ </prop>
+ <prop oor:name="ZoneUntrusted" oor:type="xs:int" oor:nillable="false">
+ <info>
+ <desc>Action needed for opening document with macro with Windows zone
+ identifier URLZONE_UNTRUSTED (3, untrusted source).</desc>
+ </info>
+ <constraints>
+ <enumeration oor:value="0">
+ <info>
+ <desc>Ask</desc>
+ </info>
+ </enumeration>
+ <enumeration oor:value="1">
+ <info>
+ <desc>Allow</desc>
+ </info>
+ </enumeration>
+ <enumeration oor:value="2">
+ <info>
+ <desc>Deny</desc>
+ </info>
+ </enumeration>
+ </constraints>
+ <value>2</value>
+ </prop>
+ </group>
</group>
</group>
<group oor:name="View">
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index ea0d46babdfa..58edfba428c9 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -38,6 +38,10 @@
#include <tools/diagnose_ex.h>
#include <tools/urlobj.hxx>
+#if defined(_WIN32)
+#include <systools/win32/comtools.hxx>
+#include <urlmon.h>
+#endif
namespace sfx2
{
@@ -286,7 +290,57 @@ namespace sfx2
}
}
- // conformation is required
+#if defined(_WIN32)
+ // Windows specific: try to decide macros loading depending on Windows Security Zones
+ // (file is local, or it was downloaded from internet, etc)
+ OUString sURL(m_xData->m_rDocumentAccess.getDocumentLocation());
+ sal::systools::COMReference<IZoneIdentifier> pZoneId;
+ auto e1 = CoCreateInstance(
+ CLSID_PersistentZoneIdentifier, nullptr, CLSCTX_ALL, IID_PPV_ARGS(&pZoneId));
+ if (FAILED(e1))
+ return disallowMacroExecution();
+ sal::systools::COMReference<IPersistFile> pPersist(pZoneId.QueryInterface<IPersistFile>(IID_IPersistFile));
+ DWORD dwZone;
+ OUString sFilePath;
+ osl::FileBase::getSystemPathFromFileURL(sURL, sFilePath);
+ if (SUCCEEDED(pPersist->Load(reinterpret_cast<LPCOLESTR>(sFilePath.getStr()), STGM_READ)) &&
+ SUCCEEDED(pZoneId->GetId(&dwZone))) {
+ // We got zone id
+ sal_Int32 nAction = 0;
+ switch (dwZone) {
+ case 0:
+ nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneLocal::get();
+ break;
+ case 1:
+ nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneIntranet::get();
+ break;
+ case 2:
+ nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneTrusted::get();
+ break;
+ case 3:
+ nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneInternet::get();
+ break;
+ case 4:
+ nAction = officecfg::Office::Common::Security::Scripting::WindowsSecurityZone::ZoneUntrusted::get();
+ break;
+ default:
+ nAction = 0;
+ break;
+ }
+ switch (nAction)
+ {
+ case 0: // Ask
+ break;
+ case 1: // Allow
+ return allowMacroExecution();
+ default:
+ [[fallthrough]];
+ case 2: // Deny
+ return disallowMacroExecution();
+ }
+ }
+#endif
+ // confirmation is required
bool bSecure = false;
if ( eAutoConfirm == eNoAutoConfirm )