Improve macro checks

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109552 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit 1dc71daf7fa7204a98c75dac680af664ab9c8edb) Change-Id: Ie40801df8866b52c1458e020ffa9cba120720af7 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110076 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Andras Timar <andras.timar@collabora.com>
author: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de> 2021-01-18 15:24:48 +0100
committer: Andras Timar <andras.timar@collabora.com> 2021-02-02 20:08:53 +0100
commit: 91cf71e27e7a317b002697b1e54b749599e1d982 (patch)
tree: 7d950e5c9b57c945d087b3cf833e299e269d27cf /sfx2
parent: 7a9b6456227c2a54b0b23cfc18679883b638e969 (diff)
2 files changed, 22 insertions, 6 deletions
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 492bd0a63009..2fa7b968fc41 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -113,6 +113,10 @@ namespace sfx2
 #endif
         }
 
+        void lcl_showMacrosDisabledUnsignedContentError( const Reference< XInteractionHandler >& rxHandler, bool& rbAlreadyShown )
+        {
+            lcl_showGeneralSfxErrorOnce( rxHandler, ERRCODE_SFX_DOCUMENT_MACRO_DISABLED_CONTENT_UNSIGNED, rbAlreadyShown );
+        }
 
         bool lcl_showMacroWarning( const Reference< XInteractionHandler >& rxHandler,
             const OUString& rDocumentLocation )
@@ -125,7 +129,8 @@ namespace sfx2
 
     //= DocumentMacroMode
     DocumentMacroMode::DocumentMacroMode( IMacroDocumentAccess& rDocumentAccess )
-        :m_xData( new DocumentMacroMode_Data( rDocumentAccess ) )
+        :m_xData( new DocumentMacroMode_Data( rDocumentAccess ) ),
+        m_bNeedsContentSigned(false)
     {
     }
 
@@ -141,7 +146,7 @@ namespace sfx2
         return false;
     }
 
-    bool DocumentMacroMode::adjustMacroMode( const Reference< XInteractionHandler >& rxInteraction )
+    bool DocumentMacroMode::adjustMacroMode( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
     {
         sal_uInt16 nMacroExecutionMode = m_xData->m_rDocumentAccess.getCurrentMacroExecMode();
 
@@ -238,6 +243,14 @@ namespace sfx2
                         lcl_showDocumentMacrosDisabledError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown);
                     return disallowMacroExecution();
                 }
+                else if ( m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading() &&
+                          bHasTrustedMacroSignature &&
+                          !bHasValidContentSignature)
+                {
+                    // When macros are signed, and the document has events which call macros, the document content needs to be signed too.
+                    lcl_showMacrosDisabledUnsignedContentError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown);
+                    return disallowMacroExecution();
+                }
                 else if ( bHasTrustedMacroSignature )
                 {
                     // there is trusted macro signature, allow macro execution
@@ -392,7 +405,7 @@ namespace sfx2
     }
 
 
-    bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction )
+    bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
     {
         bool bAllow = false;
         if ( SvtSecurityOptions().IsMacroDisabled() )
@@ -404,7 +417,9 @@ namespace sfx2
         {
             if (m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
             {
-                bAllow = adjustMacroMode( rxInteraction );
+                if (m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
+                    m_bNeedsContentSigned = true;
+                bAllow = adjustMacroMode( rxInteraction, bHasValidContentSignature );
             }
             else if ( !isMacroExecutionDisallowed() )
             {
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 681940462720..a9943a959484 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -953,7 +953,8 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl()
     CheckEncryption_Impl( xInteraction );
 
     // check macro security
-    pImpl->aMacroMode.checkMacrosOnLoading( xInteraction );
+    const bool bHasValidContentSignature = HasValidSignatures();
+    pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature );
 }
 
 
@@ -1620,7 +1621,7 @@ bool SfxObjectShell::AdjustMacroMode()
 
     CheckEncryption_Impl( xInteraction );
 
-    return pImpl->aMacroMode.adjustMacroMode( xInteraction );
+    return pImpl->aMacroMode.adjustMacroMode( xInteraction, true /*TODO*/ );
 }
 
 vcl::Window* SfxObjectShell::GetDialogParent( SfxMedium const * pLoadingMedium )
author	Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>	2021-01-18 15:24:48 +0100
committer	Andras Timar <andras.timar@collabora.com>	2021-02-02 20:08:53 +0100
commit	91cf71e27e7a317b002697b1e54b749599e1d982 (patch)
tree	7d950e5c9b57c945d087b3cf833e299e269d27cf /sfx2
parent	7a9b6456227c2a54b0b23cfc18679883b638e969 (diff)