CVE-2022-26306, CVE-2022-26307: add infobar to prompt to refresh to replace old format

This patch ask an user to replace old format thus partially closing CVE-2022-26306, CVE-2022-26307

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
Reviewed-by: Sophie Gautier <sophi@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)

(cherry picked from commit df05d27336927373bf83664a90156fbe505fc546)

Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
origin: https://github.com/LibreOffice/core/commit/cedd8063fed50cfd75fa3c69c4c87e2ae79b944d.patch

Gbp-Pq: Name 0068-CVE-2022-26306-CVE-2022-26307-add-infobar-to-prompt-.patch

diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index e2de56b5376ff3d007192d5164d06e65ca4e213c..6861775db0944c716a7c5193c315febd840b6840 100644 (file)
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -263,6 +263,8 @@
 #define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK   NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be validated and the document is only partially signed.")
 #define STR_SIGNATURE_OK                        NC_("STR_SIGNATURE_OK", "This document is digitally signed and the signature is valid.")
 #define STR_SIGNATURE_SHOW                      NC_("STR_SIGNATURE_SHOW", "Show Signatures")
+#define STR_REFRESH_MASTER_PASSWORD             NC_("STR_REFRESH_MASTER_PASSWORD", "The master password is stored in an outdated format, you should refresh it")
+#define STR_REFRESH_PASSWORD                    NC_("STR_REFRESH_PASSWORD", "Refresh Password")
 
 #define STR_CLOSE_PANE                          NC_("STR_CLOSE_PANE", "Close Pane")
 #define STR_SFX_DOCK                            NC_("STR_SFX_DOCK", "Dock")

diff --git a/include/sfx2/viewfrm.hxx b/include/sfx2/viewfrm.hxx
index 3fafd9e1762d8ca34d7a66b35754220fc4d8a683..6a17fa9f9bbbb8a06383f58041fd5112557678e2 100644 (file)
--- a/include/sfx2/viewfrm.hxx
+++ b/include/sfx2/viewfrm.hxx
@@ -79,6 +79,7 @@ protected:
     DECL_LINK(GetInvolvedHandler, Button*, void);
     DECL_LINK(SwitchReadOnlyHandler, Button*, void);
     DECL_LINK(SignDocumentHandler, Button*, void);
+    DECL_DLLPRIVATE_LINK(RefreshMasterPasswordHdl, Button*, void);
     SAL_DLLPRIVATE void KillDispatcher_Impl();
 
     virtual                 ~SfxViewFrame() override;

diff --git a/sfx2/source/view/viewfrm.cxx b/sfx2/source/view/viewfrm.cxx
index 510e7238a4176794030c984403e8d5e4f88b4461..2fc204e679146ced38b7b856a0c80ed94a7aa824 100644 (file)
--- a/sfx2/source/view/viewfrm.cxx
+++ b/sfx2/source/view/viewfrm.cxx
@@ -29,6 +29,7 @@
 #include <com/sun/star/frame/XLoadable.hpp>
 #include <com/sun/star/frame/XLayoutManager.hpp>
 #include <com/sun/star/frame/XComponentLoader.hpp>
+#include <com/sun/star/task/PasswordContainer.hpp>
 #include <officecfg/Office/Common.hxx>
 #include <officecfg/Setup.hxx>
 #include <toolkit/helper/vclunohelper.hxx>
@@ -1228,6 +1229,24 @@ void SfxViewFrame::Notify( SfxBroadcaster& /*rBC*/, const SfxHint& rHint )
                     batch->commit();
                 }
 
+                if (officecfg::Office::Common::Passwords::HasMaster::get() &&
+                    officecfg::Office::Common::Passwords::StorageVersion::get() == 0)
+                {
+                    // master password stored in deprecated format
+                    VclPtr<SfxInfoBarWindow> pOldMasterPasswordInfoBar =
+                        AppendInfoBar("oldmasterpassword",
+                                      SfxResId(STR_REFRESH_MASTER_PASSWORD), InfoBarType::Danger);
+                    if (pOldMasterPasswordInfoBar)
+                    {
+                        VclPtrInstance<PushButton> const xBtn(&GetWindow());
+                        xBtn->SetText(SfxResId(STR_REFRESH_PASSWORD));
+                        xBtn->SetSizePixel(xBtn->GetOptimalSize());
+                        xBtn->SetClickHdl(LINK(this,
+                           SfxViewFrame, RefreshMasterPasswordHdl));
+                        pOldMasterPasswordInfoBar->addButton(xBtn);
+                    }
+                }
+
                 // read-only infobar if necessary
                 const SfxViewShell *pVSh;
                 const SfxShell *pFSh;
@@ -1379,6 +1398,27 @@ IMPL_LINK_NOARG(SfxViewFrame, SignDocumentHandler, Button*, void)
     GetDispatcher()->Execute(SID_SIGNATURE);
 }
 
+IMPL_LINK_NOARG(SfxViewFrame, RefreshMasterPasswordHdl, Button*, void)
+{
+    bool bChanged = false;
+    try
+    {
+        Reference< task::XPasswordContainer2 > xMasterPasswd(
+            task::PasswordContainer::create(comphelper::getProcessComponentContext()));
+
+        css::uno::Reference<css::frame::XFrame> xFrame = GetFrame().GetFrameInterface();
+        css::uno::Reference<css::awt::XWindow> xContainerWindow = xFrame->getContainerWindow();
+
+        uno::Reference<task::XInteractionHandler> xTmpHandler(task::InteractionHandler::createWithParent(comphelper::getProcessComponentContext(),
+                                                              xContainerWindow));
+        bChanged = xMasterPasswd->changeMasterPassword(xTmpHandler);
+    }
+    catch (const Exception&)
+    {}
+    if (bChanged)
+        RemoveInfoBar(u"oldmasterpassword");
+}
+
 void SfxViewFrame::Construct_Impl( SfxObjectShell *pObjSh )
 {
     m_pImpl->bResizeInToOut = true;