| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/LibreOffice/unotools/source/config/ (Office von Apache Version 25.8.3.2©) Datei vom 5.10.2025 mit Größe 18 kB |
|
Quelle securityoptions.cxx Sprache: C |
|||||||||||||||
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * This file is part of the LibreOffice project. * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. * * This file incorporates work covered by the following license notice: * * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed * with this work for additional information regarding copyright * ownership. The ASF licenses this file to you under the Apache * License, Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of * the License at http://www.apache.org/licenses/LICENSE-2.0 . */ #include <unotools/securityoptions.hxx> #include <unotools/configmgr.hxx> #include <unotools/configitem.hxx> #include <unotools/ucbhelper.hxx> #include <com/sun/star/uno/Any.hxx> #include <com/sun/star/uno/Sequence.hxx> #include <com/sun/star/beans/PropertyValue.hpp> #include <com/sun/star/container/XNameContainer.hpp> #include <com/sun/star/container/XHierarchicalNameAccess.hpp> #include <com/sun/star/util/XChangesBatch.hpp> #include <comphelper/propertyvalue.hxx> #include <comphelper/sequence.hxx> #include <tools/urlobj.hxx> #include <unotools/pathoptions.hxx> #include <officecfg/Office/Common.hxx> // namespaces using namespace ::com::sun::star::uno; constexpr OUString PROPERTYNAME_MACRO_TRUSTEDAUTHORS = u"TrustedAuthors"_ustr; constexpr OUString PROPERTYNAME_TRUSTEDAUTHOR_SUBJECTNAME = u"SubjectName"_ustr; constexpr OUString PROPERTYNAME_TRUSTEDAUTHOR_SERIALNUMBER = u"SerialNumber"_ustr; constexpr OUString PROPERTYNAME_TRUSTEDAUTHOR_RAWDATA = u"RawData"_ustr; namespace SvtSecurityOptions { bool IsReadOnly( EOption eOption ) { bool bReadonly; switch(eOption) { case SvtSecurityOptions::EOption::SecureUrls : bReadonly = officecfg::Office::Common::Security::Scripting::SecureURL::isReadOnly( break; case SvtSecurityOptions::EOption::DocWarnSaveOrSend: bReadonly = officecfg::Office::Common::Security::Scripting::WarnSaveOrSendDoc::isR break; case SvtSecurityOptions::EOption::DocWarnSigning: bReadonly = officecfg::Office::Common::Security::Scripting::WarnSignDoc::isReadOnl break; case SvtSecurityOptions::EOption::DocWarnPrint: bReadonly = officecfg::Office::Common::Security::Scripting::WarnPrintDoc::isReadOn break; case SvtSecurityOptions::EOption::DocWarnCreatePdf: bReadonly = officecfg::Office::Common::Security::Scripting::WarnCreatePDF::isReadO break; case SvtSecurityOptions::EOption::DocWarnRemovePersonalInfo: bReadonly = officecfg::Office::Common::Security::Scripting::RemovePersonalInfoOnSa break; case SvtSecurityOptions::EOption::DocWarnKeepRedlineInfo: bReadonly = officecfg::Office::Common::Security::Scripting::KeepRedlineInfoOnSavin break; case SvtSecurityOptions::EOption::DocWarnKeepDocUserInfo: bReadonly = officecfg::Office::Common::Security::Scripting::KeepDocUserInfoOnSavin break; case SvtSecurityOptions::EOption::DocWarnKeepNoteAuthorDateInfo: bReadonly = officecfg::Office::Common::Security::Scripting::KeepNoteAuthorDateInfo break; case SvtSecurityOptions::EOption::DocWarnKeepDocVersionInfo: bReadonly = officecfg::Office::Common::Security::Scripting::KeepDocVersionInfoOnSa break; case SvtSecurityOptions::EOption::DocKeepPrinterSettings: bReadonly = officecfg::Office::Common::Security::Scripting::KeepDocPrinterSettings break; case SvtSecurityOptions::EOption::DocWarnRecommendPassword: bReadonly = officecfg::Office::Common::Security::Scripting::RecommendPasswordProte break; case SvtSecurityOptions::EOption::MacroSecLevel: bReadonly = officecfg::Office::Common::Security::Scripting::MacroSecurityLevel::is break; case SvtSecurityOptions::EOption::MacroTrustedAuthors: bReadonly = officecfg::Office::Common::Security::Scripting::TrustedAuthors::isRead break; case SvtSecurityOptions::EOption::CtrlClickHyperlink: bReadonly = officecfg::Office::Common::Security::Scripting::HyperlinksWithCtrlClic break; case SvtSecurityOptions::EOption::BlockUntrustedRefererLinks: bReadonly = officecfg::Office::Common::Security::Scripting::BlockUntrustedRefererL break; case SvtSecurityOptions::EOption::DisableActiveContent: bReadonly = officecfg::Office::Common::Security::Scripting::DisableActiveContent:: officecfg::Office::Common::Security::Scripting::DisableOLEAutomation::isReadOnly break; default: assert(false); bReadonly = true; } return bReadonly; } std::vector< OUString > GetSecureURLs() { if (comphelper::IsFuzzing()) return {}; std::vector<OUString> aRet = comphelper::sequenceToContainer<std::vector<OUString>>( officecfg::Office::Common::Security::Scripting::SecureURL::get()); SvtPathOptions aOpt; std::transform(aRet.begin(), aRet.end(), aRet.begin(), [&aOpt](const OUString& rUrl) -> OUString { return aOpt.SubstituteVa return aRet; } void SetSecureURLs( std::vector< OUString >&& urlList ) { // DBG_ASSERT(!officecfg::SecureURL::isReadOnly(), "SvtSecurityOptions_Impl::SetSe // if (officecfg::SecureURL::isReadOnly()) // return; std::vector< OUString > lURLs( std::move(urlList) ); SvtPathOptions aOpt; std::transform(lURLs.begin(), lURLs.end(), lURLs.begin(), [&aOpt](const OUString& rUrl) -> OUString { return aOpt.UseVariable( std::shared_ptr<comphelper::ConfigurationChanges> xChanges = comphelper::Configuratio officecfg::Office::Common::Security::Scripting::SecureURL::set(comphelper::conta xChanges->commit(); } bool isSecureMacroUri( OUString const & uri, OUString const & referer) { switch (INetURLObject(uri).GetProtocol()) { case INetProtocol::Macro: if (uri.startsWithIgnoreAsciiCase("macro:///")) { // Denotes an App-BASIC macro (see SfxMacroLoader::loadMacro), which // is considered safe: return true; } [[fallthrough]]; case INetProtocol::Slot: return referer.equalsIgnoreAsciiCase("private:user") || isTrustedLocationUri(referer); default: return true; } } bool isUntrustedReferer(OUString const & referer) { return IsOptionSet(EOption::BlockUntrustedRefererLinks) && !(referer.isEmpty() || referer.startsWithIgnoreAsciiCase("private:") || isTrustedLocationUri(referer)); } bool isTrustedLocationUri(OUString const & uri) { for (const auto & url : GetSecureURLs()) { if (utl::UCBContentHelper::IsSubPath(url, uri)) { return true; } } return false; } bool isTrustedLocationUriForUpdatingLinks(OUString const & uri) { return GetMacroSecurityLevel() == 0 || uri.isEmpty() || uri.startsWithIgnoreAsciiCase("private:") || isTrustedLocationUri(uri); } sal_Int32 GetMacroSecurityLevel() { return comphelper::IsFuzzing() ? 3 : officecfg::Office::Common::Security::Scripting:: } void SetMacroSecurityLevel( sal_Int32 _nLevel ) { if (comphelper::IsFuzzing() || officecfg::Office::Common::Security::Scripting::Macr return; if( _nLevel > 3 || _nLevel < 0 ) _nLevel = 3; std::shared_ptr<comphelper::ConfigurationChanges> xChanges = comphelper::Configuratio officecfg::Office::Common::Security::Scripting::MacroSecurityLevel::set(_nLevel, xChanges->commit(); } bool IsMacroDisabled() { return comphelper::IsFuzzing() || officecfg::Office::Common::Security::Scripting::DisableMacrosExecution::get() || officecfg::Office::Common::Misc::ViewerAppMode::get(); } std::vector< SvtSecurityOptions::Certificate > GetTrustedAuthors() { Reference<css::container::XHierarchicalNameAccess> xHierarchyAccess = utl::ConfigMana const Sequence< OUString > lAuthors = utl::ConfigItem::GetNodeNames( xHierarchyAccess, PRO sal_Int32 c1 = lAuthors.getLength(); if( !c1 ) return {}; sal_Int32 c2 = c1 * 3; // 3 Properties inside Struct TrustedAuthor Sequence< OUString > lAllAuthors( c2 ); auto plAllAuthors = lAllAuthors.getArray(); sal_Int32 i2 = 0; OUString aSep( u"/"_ustr ); for( const auto& rAuthor : lAuthors ) { plAllAuthors[ i2 ] = PROPERTYNAME_MACRO_TRUSTEDAUTHORS + aSep + rAuthor + aSep + PROPERTYNAM ++i2; plAllAuthors[ i2 ] = PROPERTYNAME_MACRO_TRUSTEDAUTHORS + aSep + rAuthor + aSep + PROPERTYNAM ++i2; plAllAuthors[ i2 ] = PROPERTYNAME_MACRO_TRUSTEDAUTHORS + aSep + rAuthor + aSep + PROPERTYNAM ++i2; } Sequence< Any > lValues = utl::ConfigItem::GetProperties( xHierarchyAccess, lAllAuthors, / if( lValues.getLength() != c2 ) return {}; std::vector< SvtSecurityOptions::Certificate > aTrustedAuthors; SvtSecurityOptions::Certificate aCert; i2 = 0; for( sal_Int32 i1 = 0; i1 < c1; ++i1 ) { lValues[ i2 ] >>= aCert.SubjectName; ++i2; lValues[ i2 ] >>= aCert.SerialNumber; ++i2; lValues[ i2 ] >>= aCert.RawData; ++i2; // Filter out TrustedAuthor entries with empty RawData, which // would cause an unexpected std::bad_alloc in // SecurityEnvironment_NssImpl::createCertificateFromAscii and // have been observed in the wild (fdo#55019): if( !aCert.RawData.isEmpty() ) { aTrustedAuthors.push_back( aCert ); } } return aTrustedAuthors; } void SetTrustedAuthors( const std::vector< Certificate >& rAuthors ) { // DBG_ASSERT(!m_bROTrustedAuthors, "SvtSecurityOptions_Impl::SetTrustedAuthors()\ // if( m_bROTrustedAuthors ) // return; Reference<css::container::XHierarchicalNameAccess> xHierarchyAccess = utl::ConfigMana // first, clear existing entries { Reference<css::container::XNameContainer> xCont; xHierarchyAccess->getByHierarchicalName(PROPERTYNAME_MACRO_TRUSTEDAUTHORS) >>= xCont; const Sequence< OUString > aNames = xCont->getElementNames(); Reference<css::util::XChangesBatch> xBatch(xHierarchyAccess, UNO_QUERY); for (const OUString& rName : aNames) xCont->removeByName(rName); xBatch->commitChanges(); } sal_Int32 nCnt = rAuthors.size(); for( sal_Int32 i = 0; i < nCnt; ++i ) { OUString aPrefix( PROPERTYNAME_MACRO_TRUSTEDAUTHORS + "/a" + OUString::number(i) + "/"); Sequence< css::beans::PropertyValue > lPropertyValues{ comphelper::makePropertyValue(aPrefix + PROPERTYNAME_TRUSTEDAUTHOR_SUBJECTNAME, rAuthors[i].SubjectName), comphelper::makePropertyValue(aPrefix + PROPERTYNAME_TRUSTEDAUTHOR_SERIALNUMBER, rAuthors[i].SerialNumber), comphelper::makePropertyValue(aPrefix + PROPERTYNAME_TRUSTEDAUTHOR_RAWDATA, rAuthors[i].RawData) }; utl::ConfigItem::SetSetProperties( xHierarchyAccess, PROPERTYNAME_MACRO_TRUSTEDAUT } } bool IsOptionSet( EOption eOption ) { if (comphelper::IsFuzzing()) return false; bool bSet = false; switch(eOption) { case SvtSecurityOptions::EOption::DocWarnSaveOrSend: bSet = officecfg::Office::Common::Security::Scripting::WarnSaveOrSendDoc::get(); break; case SvtSecurityOptions::EOption::DocWarnSigning: bSet = officecfg::Office::Common::Security::Scripting::WarnSignDoc::get(); break; case SvtSecurityOptions::EOption::DocWarnPrint: bSet = officecfg::Office::Common::Security::Scripting::WarnPrintDoc::get(); break; case SvtSecurityOptions::EOption::DocWarnCreatePdf: bSet = officecfg::Office::Common::Security::Scripting::WarnCreatePDF::get(); break; case SvtSecurityOptions::EOption::DocWarnRemoveEditingTimeInfo: bSet = officecfg::Office::Common::Security::Scripting::RemoveEditingTimeOnSaving:: break; case SvtSecurityOptions::EOption::DocWarnRemovePersonalInfo: bSet = officecfg::Office::Common::Security::Scripting::RemovePersonalInfoOnSaving: break; case SvtSecurityOptions::EOption::DocWarnKeepRedlineInfo: bSet = officecfg::Office::Common::Security::Scripting::KeepRedlineInfoOnSaving::ge break; case SvtSecurityOptions::EOption::DocWarnKeepDocUserInfo: bSet = officecfg::Office::Common::Security::Scripting::KeepDocUserInfoOnSaving::ge break; case SvtSecurityOptions::EOption::DocWarnKeepNoteAuthorDateInfo: bSet = officecfg::Office::Common::Security::Scripting::KeepNoteAuthorDateInfoOnSav break; case SvtSecurityOptions::EOption::DocWarnKeepDocVersionInfo: bSet = officecfg::Office::Common::Security::Scripting::KeepDocVersionInfoOnSaving: break; case SvtSecurityOptions::EOption::DocKeepPrinterSettings: bSet = officecfg::Office::Common::Security::Scripting::KeepDocPrinterSettingsOnSav break; case SvtSecurityOptions::EOption::DocWarnRecommendPassword: bSet = officecfg::Office::Common::Security::Scripting::RecommendPasswordProtection break; case SvtSecurityOptions::EOption::CtrlClickHyperlink: bSet = officecfg::Office::Common::Security::Scripting::HyperlinksWithCtrlClick::ge break; case SvtSecurityOptions::EOption::BlockUntrustedRefererLinks: bSet = officecfg::Office::Common::Security::Scripting::BlockUntrustedRefererLinks: break; case SvtSecurityOptions::EOption::DisableActiveContent: bSet = officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() && officecfg::Office::Common::Security::Scripting::DisableOLEAutomation::get(); break; default: assert(false); } return bSet; } void SetOption( EOption eOption, bool bValue ) { std::shared_ptr<comphelper::ConfigurationChanges> xChanges = comphelper::Configuratio switch(eOption) { case SvtSecurityOptions::EOption::DocWarnSaveOrSend: officecfg::Office::Common::Security::Scripting::WarnSaveOrSendDoc::set(bValue, xC break; case SvtSecurityOptions::EOption::DocWarnSigning: officecfg::Office::Common::Security::Scripting::WarnSignDoc::set(bValue, xChanges break; case SvtSecurityOptions::EOption::DocWarnPrint: officecfg::Office::Common::Security::Scripting::WarnPrintDoc::set(bValue, xChange break; case SvtSecurityOptions::EOption::DocWarnCreatePdf: officecfg::Office::Common::Security::Scripting::WarnCreatePDF::set(bValue, xChang break; case SvtSecurityOptions::EOption::DocWarnRemoveEditingTimeInfo: officecfg::Office::Common::Security::Scripting::RemoveEditingTimeOnSaving::set(b break; case SvtSecurityOptions::EOption::DocWarnRemovePersonalInfo: officecfg::Office::Common::Security::Scripting::RemovePersonalInfoOnSaving::set( break; case SvtSecurityOptions::EOption::DocWarnKeepRedlineInfo: officecfg::Office::Common::Security::Scripting::KeepRedlineInfoOnSaving::set(bVa break; case SvtSecurityOptions::EOption::DocWarnKeepDocUserInfo: officecfg::Office::Common::Security::Scripting::KeepDocUserInfoOnSaving::set(bVa break; case SvtSecurityOptions::EOption::DocWarnKeepNoteAuthorDateInfo: officecfg::Office::Common::Security::Scripting::KeepNoteAuthorDateInfoOnSaving:: break; case SvtSecurityOptions::EOption::DocWarnKeepDocVersionInfo: officecfg::Office::Common::Security::Scripting::KeepDocVersionInfoOnSaving::set( break; case SvtSecurityOptions::EOption::DocKeepPrinterSettings: officecfg::Office::Common::Security::Scripting::KeepDocPrinterSettingsOnSaving:: break; case SvtSecurityOptions::EOption::DocWarnRecommendPassword: officecfg::Office::Common::Security::Scripting::RecommendPasswordProtection::set break; case SvtSecurityOptions::EOption::CtrlClickHyperlink: officecfg::Office::Common::Security::Scripting::HyperlinksWithCtrlClick::set(bVa break; case SvtSecurityOptions::EOption::BlockUntrustedRefererLinks: officecfg::Office::Common::Security::Scripting::BlockUntrustedRefererLinks::set( break; case SvtSecurityOptions::EOption::DisableActiveContent: officecfg::Office::Common::Security::Scripting::DisableActiveContent::set(bValue officecfg::Office::Common::Security::Scripting::DisableOLEAutomation::set(bValue break; default: assert(false); } xChanges->commit(); } } // namespace SvtSecurityOptions // map personal info strings to 1, 2, ... to remove personal info size_t SvtSecurityMapPersonalInfo::GetInfoID( const OUString& sPersonalInfo ) { auto aIter = aInfoIDs.find( sPersonalInfo ); if ( aIter == aInfoIDs.end() ) { size_t nNewID = aInfoIDs.size() + 1; aInfoIDs[sPersonalInfo] = nNewID; return nNewID; } return aIter->second; } /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
¤ Dauer der Verarbeitung: 0.12 Sekunden (vorverarbeitet) ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-04-02