diff options
author | Jan-Marek Glogowski <jan-marek.glogowski@extern.cib.de> | 2019-12-10 18:42:40 +0100 |
---|---|---|
committer | Jan-Marek Glogowski <glogow@fbihome.de> | 2019-12-18 12:14:03 +0100 |
commit | 9cdb97cd93e60a0faf0a531949d94cff79e1aab9 (patch) | |
tree | 96332ec3a6ad10233a4042b4bc1897a028aa5e2e | |
parent | 4b2d4f3c4a68361a6bc03c9ab110ce9376b14b20 (diff) |
tdf#129311 don't allow temporary trusted certs
This simply skips the DocumentMacroConfirmationRequest, if the
macro security level (MSL) is *High* and the list of trusted
authors is read-only. For the MSL *Medium*, the check box of
the dialog is hidden with read-only trusted authors.
Change-Id: If6c08e4fdbf200e778d181370cc73fd947cecff5
Reviewed-on: https://gerrit.libreoffice.org/84887
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
(cherry picked from commit 71c6f438cecc3ce5e8060efe1df840652885701c)
Reviewed-on: https://gerrit.libreoffice.org/85299
-rw-r--r-- | sfx2/source/doc/docmacromode.cxx | 10 | ||||
-rw-r--r-- | uui/source/secmacrowarnings.cxx | 9 |
2 files changed, 16 insertions, 3 deletions
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index 13954b06f6d8..492bd0a63009 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -225,11 +225,17 @@ namespace sfx2 if ( nMacroExecutionMode != MacroExecMode::FROM_LIST ) { // the trusted macro check will also retrieve the signature state ( small optimization ) - bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature( nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN ); + const SvtSecurityOptions aSecOption; + const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN + && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE + || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors)); + const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor); SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState(); if ( nSignatureState == SignatureState::BROKEN ) { + if (!bAllowUIToAddAuthor) + lcl_showDocumentMacrosDisabledError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown); return disallowMacroExecution(); } else if ( bHasTrustedMacroSignature ) @@ -241,6 +247,8 @@ namespace sfx2 || nSignatureState == SignatureState::NOTVALIDATED ) { // there is valid signature, but it is not from the trusted author + if (!bAllowUIToAddAuthor) + lcl_showDocumentMacrosDisabledError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown); return disallowMacroExecution(); } } diff --git a/uui/source/secmacrowarnings.cxx b/uui/source/secmacrowarnings.cxx index 6c6e343a08f0..0bc2e1d04d72 100644 --- a/uui/source/secmacrowarnings.cxx +++ b/uui/source/secmacrowarnings.cxx @@ -137,9 +137,14 @@ void MacroWarning::InitControls() { mxViewSignsBtn->connect_clicked(LINK(this, MacroWarning, ViewSignsBtnHdl)); mxViewSignsBtn->set_sensitive(false); - mxAlwaysTrustCB->connect_clicked(LINK(this, MacroWarning, AlwaysTrustCheckHdl)); - mnActSecLevel = SvtSecurityOptions().GetMacroSecurityLevel(); + const SvtSecurityOptions aSecOption; + if (!aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors)) + mxAlwaysTrustCB->connect_clicked(LINK(this, MacroWarning, AlwaysTrustCheckHdl)); + else + mxAlwaysTrustCB->set_visible(false); + + mnActSecLevel = aSecOption.GetMacroSecurityLevel(); if ( mnActSecLevel >= 2 ) mxEnableBtn->set_sensitive(false); } |