officecfg,desktop: add Office::Security::Net::AllowInsecureUNORemoteProtocol

This disables the "com.sun.star.office.Acceptor" UNO service that handles the soffice "--accept" argument; now it can be disabled and locked in configuration by system administrator. Change-Id: I6747a128c3afa6a0cb351766365c8affc0b2614e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159151 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
2023-11-08 16:12:08 +01:00 · 2023-11-08 16:12:08 +01:00 · ec3ffe6268
commit ec3ffe6268
parent 8e46dd9599
4 changed files with 21 additions and 2 deletions
--- a/desktop/Library_offacc.mk
+++ b/desktop/Library_offacc.mk
@ -11,6 +11,10 @@ $(eval $(call gb_Library_Library,offacc))

 $(eval $(call gb_Library_use_sdk_api,offacc))

+$(eval $(call gb_Library_use_custom_headers,offacc,\
+       officecfg/registry \
+))
+
 $(eval $(call gb_Library_use_libraries,offacc,\
    comphelper \
    cppu \
--- a/desktop/source/app/appinit.cxx
+++ b/desktop/source/app/appinit.cxx
@ -41,6 +41,8 @@
 #include <unotools/tempfile.hxx>
 #include <vcl/svapp.hxx>
 #include <unotools/pathoptions.hxx>
+
+#include <iostream>
 #include <map>

 using namespace ::com::sun::star::uno;
@ -165,7 +167,7 @@ void Desktop::createAcceptor(const OUString& aAcceptString)
    }
    else
    {
-        SAL_WARN( "desktop.app", "Acceptor could not be created");
+        ::std::cerr << "UNO Remote Protocol acceptor could not be created, presumably because it has been disabled in configuration." << ::std::endl;
    }
 }

--- a/desktop/source/offacc/acceptor.cxx
+++ b/desktop/source/offacc/acceptor.cxx
@ -23,6 +23,7 @@
 #include <com/sun/star/bridge/BridgeFactory.hpp>
 #include <com/sun/star/connection/Acceptor.hpp>
 #include <com/sun/star/uno/XNamingService.hpp>
+#include <officecfg/Office/Security.hxx>
 #include <cppuhelper/supportsservice.hxx>
 #include <sal/log.hxx>
 #include <comphelper/diagnose_ex.hxx>
@ -240,6 +241,12 @@ extern "C" SAL_DLLPUBLIC_EXPORT css::uno::XInterface*
 desktop_Acceptor_get_implementation(
    css::uno::XComponentContext* context, css::uno::Sequence<css::uno::Any> const&)
 {
+    if (!officecfg::Office::Security::Net::AllowInsecureUNORemoteProtocol::get())
+    {
+        // this is not allowed to throw
+        SAL_WARN("desktop", "UNO Remote Protocol is disabled by configuration");
+        return nullptr;
+    }
    return cppu::acquire(new desktop::Acceptor(context));
 }

--- a/officecfg/registry/schema/org/openoffice/Office/Security.xcs
+++ b/officecfg/registry/schema/org/openoffice/Office/Security.xcs
@ -46,7 +46,7 @@
    </group>
    <group oor:name="Net">
      <info>
-        <desc>Specifies how secure hyperlinks are processed.</desc>
+        <desc>Specifies security aspects of network connections.</desc>
      </info>
      <prop oor:name="AllowInsecureProtocols" oor:type="xs:boolean" oor:nillable="false">
        <info>
@ -54,6 +54,12 @@
        </info>
        <value>true</value>
      </prop>
+      <prop oor:name="AllowInsecureUNORemoteProtocol" oor:type="xs:boolean" oor:nillable="false">
+        <info>
+          <desc>Allow listening for unauthenticated remote code execution via soffice --accept.</desc>
+        </info>
+        <value>true</value>
+      </prop>
    </group>
  </component>
 </oor:component-schema>