1 /**************************************************************
2  *
3  * Licensed to the Apache Software Foundation (ASF) under one
4  * or more contributor license agreements.  See the NOTICE file
5  * distributed with this work for additional information
6  * regarding copyright ownership.  The ASF licenses this file
7  * to you under the Apache License, Version 2.0 (the
8  * "License"); you may not use this file except in compliance
9  * with the License.  You may obtain a copy of the License at
10  *
11  *   http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing,
14  * software distributed under the License is distributed on an
15  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16  * KIND, either express or implied.  See the License for the
17  * specific language governing permissions and limitations
18  * under the License.
19  *
20  *************************************************************/
21 
22 
23 #ifndef INCLUDED_unotools_SECURITYOPTIONS_HXX
24 #define INCLUDED_unotools_SECURITYOPTIONS_HXX
25 
26 //_________________________________________________________________________________________________________________
27 //	includes
28 //_________________________________________________________________________________________________________________
29 
30 #include "unotools/unotoolsdllapi.h"
31 #include <sal/types.h>
32 #include <osl/mutex.hxx>
33 #include <com/sun/star/uno/Sequence.h>
34 #include <rtl/ustring.hxx>
35 #include <unotools/options.hxx>
36 
37 //_________________________________________________________________________________________________________________
38 //	forward declarations
39 //_________________________________________________________________________________________________________________
40 
41 /*-************************************************************************************************************//**
42 	@short			forward declaration to our private date container implementation
43 	@descr			We use these class as internal member to support small memory requirements.
44 					You can create the container if it is neccessary. The class which use these mechanism
45 					is faster and smaller then a complete implementation!
46 *//*-*************************************************************************************************************/
47 
48 class SvtSecurityOptions_Impl;
49 
50 //_________________________________________________________________________________________________________________
51 //	declarations
52 //_________________________________________________________________________________________________________________
53 
54 /*-************************************************************************************************************//**
55 	@descr          These values present modes to handle StarOffice basic scripts.
56 					see GetBasicMode/SetBasicMode() for further informations
57 *//*-*************************************************************************************************************/
58 
59 enum EBasicSecurityMode
60 {
61 	eNEVER_EXECUTE	= 0,
62 	eFROM_LIST		= 1,
63 	eALWAYS_EXECUTE = 2
64 };
65 
66 /*-************************************************************************************************************//**
67 	@short			collect informations about security features
68 	@descr          -
69 
70 	@implements		-
71 	@base			-
72 
73 	@ATTENTION		This class is partially threadsafe.
74 
75 	@devstatus		ready to use
76 *//*-*************************************************************************************************************/
77 
78 class UNOTOOLS_DLLPUBLIC SvtSecurityOptions: public utl::detail::Options
79 {
80 	//-------------------------------------------------------------------------------------------------------------
81 	//  public types
82 	//-------------------------------------------------------------------------------------------------------------
83 	public:
84 
85 		enum EOption
86 		{
87             E_SECUREURLS,
88             E_BASICMODE,					// xmlsec05 depricated
89             E_EXECUTEPLUGINS,				// xmlsec05 depricated
90             E_WARNING,						// xmlsec05 depricated
91             E_CONFIRMATION,					// xmlsec05 depricated
92 			E_DOCWARN_SAVEORSEND,
93 			E_DOCWARN_SIGNING,
94 			E_DOCWARN_PRINT,
95 			E_DOCWARN_CREATEPDF,
96 			E_DOCWARN_REMOVEPERSONALINFO,
97 			E_DOCWARN_RECOMMENDPASSWORD,
98 			E_MACRO_SECLEVEL,
99 			E_MACRO_TRUSTEDAUTHORS,
100             E_MACRO_DISABLE,
101             E_CTRLCLICK_HYPERLINK
102 		};
103 
104 		enum MacroAction
105 		{
106 			MA_DONTRUN = 0,
107 			MA_CONFIRM,
108 			MA_RUN
109 		};
110 
111 		typedef ::com::sun::star::uno::Sequence< ::rtl::OUString > Certificate;
112 
113         /*
114         // MT: Doesn't work for sequence...
115         struct Certificate
116         {
117             ::rtl::OUString SubjectName;
118             ::rtl::OUString SerialNumber;
119             ::rtl::OUString RawData;
120         };
121         */
122 
123 	//-------------------------------------------------------------------------------------------------------------
124 	//	public methods
125 	//-------------------------------------------------------------------------------------------------------------
126 
127 	public:
128 
129 		//---------------------------------------------------------------------------------------------------------
130 		//	constructor / destructor
131 		//---------------------------------------------------------------------------------------------------------
132 
133 		/*-****************************************************************************************************//**
134 			@short		standard constructor and destructor
135 			@descr		This will initialize an instance with default values.
136 						We implement these class with a refcount mechanism! Every instance of this class increase it
137 						at create and decrease it at delete time - but all instances use the same data container!
138 						He is implemented as a static member ...
139 
140 			@seealso	member m_nRefCount
141 			@seealso	member m_pDataContainer
142 
143 			@param		-
144 			@return		-
145 
146 			@onerror	-
147 		*//*-*****************************************************************************************************/
148 
149          SvtSecurityOptions();
150         virtual ~SvtSecurityOptions();
151 
152 		//---------------------------------------------------------------------------------------------------------
153 		//	interface
154 		//---------------------------------------------------------------------------------------------------------
155 
156         /*-****************************************************************************************************//**
157             @short      returns readonly state
158             @descr      It can be called to get information about the readonly state of a provided item.
159             @seealso    -
160 
161             @param      "eOption", specify, which item is queried
162             @return     <TRUE/> if item is readonly; <FALSE/> otherwhise
163 
164             @onerror    No error should occurre!
165         *//*-*****************************************************************************************************/
166 
167         sal_Bool IsReadOnly( EOption eOption ) const ;
168 
169         /*-****************************************************************************************************//**
170 			@short		interface methods to get and set value of config key "org.openoffice.Office.Common/Security/Scripting/SecureURL"
171 			@descr		These value displays the list of all trustworthy URLs.
172 						zB.:	file:/					=> All scripts from the local file system including a LAN;
173 								private:explorer		=> Scripts from the Explorer;
174 								private:help			=> Scripts in the help system;
175 								private:newmenu			=> Scripts that are executed by the commands File-New and AutoPilot;
176 								private:schedule		=> Scripts of  the scheduler;
177 								private:searchfolder	=> Scripts of the searchfolder;
178 								private:user			=> Scripts that are entered in the URL field.
179 			@seealso	-
180 
181 			@param		"seqURLList", new values to set it in configuration.
182 			@return		The values which represent current state of internal variable.
183 
184 			@onerror	No error should occurre!
185 		*//*-*****************************************************************************************************/
186 
187 		::com::sun::star::uno::Sequence< ::rtl::OUString >	GetSecureURLs(																		) const	;
188 		void												SetSecureURLs( const ::com::sun::star::uno::Sequence< ::rtl::OUString >& seqURLList	)		;
189 
190 		/*-****************************************************************************************************//**
191 			@short		interface methods to get and set value of config key "org.openoffice.Office.Common/Security/Scripting/StarOfficeBasic"
192 			@descr		These value determines how StarOffice Basic scripts should be handled.
193 						It exist 3 different modes:
194 							0 = never execute
195 							1 = from list
196 							2 = always execute
197 
198 			@ATTENTION	These methods don't check for valid or invalid values!
199 						Our configuration server can do it ... but these implementation don't get any notifications
200 						about wrong commits ...!
201 						=> If you set an invalid value - nothing will be changed. The information will lost.
202 
203 			@seealso	enum EBasicSecurityMode
204 
205 			@param		"eMode" to set new mode ... Value must defined as an enum of type EBasicSecurityMode!
206 			@return		An enum value, which present current mode.
207 
208 			@onerror	No error should occurre!
209 		*//*-*****************************************************************************************************/
210 
211 		sal_Int32			GetMacroSecurityLevel		(					) const	;
212 		void				SetMacroSecurityLevel		( sal_Int32 _nLevel	)		;
213 
214 		sal_Bool			IsMacroDisabled				(					) const	;
215 
216 		/*-****************************************************************************************************//**
217 			@short		special method to check an URL and his referer corresponding to ouer internal security cessation
218 			@descr		Give us an URL and his referer and we will say you if these url can be scripted or not!
219 
220 			@seealso	-
221 
222 			@param		"sURL" reference to URL for checking
223 			@param		"sReferer" reference to referer which whish to run script by given URL
224 			@return		sal_True if URL is secure or security is obsolete(!) or sal_False otherwise.
225 
226 			@onerror	No error should occurre!
227 		*//*-*****************************************************************************************************/
228 
229 		sal_Bool IsSecureURL(	const	::rtl::OUString&	sURL		,
230 								const	::rtl::OUString&	sReferer	) const ;
231 
232 		::com::sun::star::uno::Sequence< Certificate >	GetTrustedAuthors		(																	) const	;
233 		void											SetTrustedAuthors		( const ::com::sun::star::uno::Sequence< Certificate >& rAuthors	)		;
234 		sal_Bool										IsTrustedAuthorsEnabled	(																	)		;
235 
236 		// for bool options only!
237 		bool		IsOptionSet		( EOption eOption					) const	;
238 		bool		SetOption		( EOption eOption, bool bValue		)		;
239 		bool		IsOptionEnabled	( EOption eOption					) const	;
240 
241 		// xmlsec05 depricated methods
242         sal_Bool    IsExecutePlugins() const;
243         void        SetExecutePlugins( sal_Bool bSet );
244 		EBasicSecurityMode	GetBasicMode(							) const	;
245 		void				SetBasicMode( EBasicSecurityMode eMode	)		;
246         sal_Bool IsWarningEnabled() const;
247         void SetWarningEnabled( sal_Bool bSet );
248         sal_Bool IsConfirmationEnabled() const;
249         void SetConfirmationEnabled( sal_Bool bSet );
250 
251 	//-------------------------------------------------------------------------------------------------------------
252 	//	private methods
253 	//-------------------------------------------------------------------------------------------------------------
254 
255 	private:
256 
257 		/*-****************************************************************************************************//**
258 			@short		return a reference to a static mutex
259 			@descr		These class is partially threadsafe (for de-/initialization only).
260 						All access methods are'nt safe!
261 						We create a static mutex only for one ime and use at different times.
262 
263 			@seealso	-
264 
265 			@param		-
266 			@return		A reference to a static mutex member.
267 
268 			@onerror	-
269 		*//*-*****************************************************************************************************/
270 
271         UNOTOOLS_DLLPRIVATE static ::osl::Mutex& GetInitMutex();
272 
273 	//-------------------------------------------------------------------------------------------------------------
274 	//	private member
275 	//-------------------------------------------------------------------------------------------------------------
276 
277 	private:
278 
279 		/*Attention
280 
281 			Don't initialize these static member in these header!
282 			a) Double dfined symbols will be detected ...
283 			b) and unresolved externals exist at linking time.
284 			Do it in your source only.
285 		 */
286 
287     	static SvtSecurityOptions_Impl*	m_pDataContainer	;	/// impl. data container as dynamic pointer for smaller memory requirements!
288 		static sal_Int32				m_nRefCount			;	/// internal ref count mechanism
289 
290 };		// class SvtSecurityOptions
291 
292 #endif  // #ifndef INCLUDED_unotools_SECURITYOPTIONS_HXX
293