Description: FILESAVE to Microsoft Excel 2007-2013 XML (.xlsx) files as read-only with additional password protection for editing not working (Calc). SAVE WITH PASSWORD (.xlsx files) working. After closing the file, I am required to enter my password to access the file again. SAVE AS WITH PASSWORD (.xlsx files) working. After closing the file, I am required to enter my password to access the file again. SAVE OR SAVE AS WITH READ-ONLY PASSWORD AND EDIT PASSWORD OPTIONS SELECTED (.xlsx files) not working. After closing the file, I am required to enter my password to access the file again, but I can then edit and save changes without having to enter my edit password. Steps to Reproduce: 1. Create a spreadsheet 2. Save to .xlsx format (same thing happens if you do a Save As of a spreadsheet originally saved in a different format). 3. Select the option to password protect and add the option to make this read-only with an additional password for editing. 4. Enter and confirm your passwords and save the file. 5. Close the file. 6. Open the file, and you will see a password is requested to open the file again. 7. Edit the file and save it, and you see that you can do so without entering the required editing password you set up. Actual Results: When saving a Microsoft Excel 2007-2013 XML (.xlsx) file as read-only with an additional password for editing, I am only required to enter the read-only password. Once I have entered this and the file is opened, I can edit and save changes without ever having to enter the editing password. Expected Results: When saving a Microsoft Excel 2007-2013 XML (.xlsx) file as read-only with an additional password for editing, I would expect to be asked to enter the read-only password before being allowed to open the file. Then I would expect to be asked to enter the additional editing password upon attempting to edit the file. Reproducible: Always User Profile Reset: Yes Additional Info: I followed the steps to reset my profile, but the problem remains. I am not using OpenGL.
Created attachment 143760 [details] A supposedly read-only password-protected .xlsx spreadsheet A supposedly read-only password-protected .xlsx spreadsheet A simple spreadsheet saved as a read only, password-protected .xlsx file with an additional editing password. Read-only password: open Editing password: edit
Confirming with Version: 6.2.0.0.alpha0+ Build ID: 36e1f6ebf0c74b4b90bbf1aab8d9ab69b8746f3a CPU threads: 4; OS: Mac OS X 10.13.6; UI render: default; Locale: fr-FR (fr_FR.UTF-8); Calc: group threaded At step 7, I have to specifically activate the Edit Mode (Shift-Cmd-M) in order to be able to change the data in the spreadsheet, but I am not asked for the second password.
If I open the file in MS Excel 16.15 (180709), I get asked for the first password to load the file. Once the file is open, there is an indication beneath the main toolbar that the file has been marked "FINAL", with an option to reset that status and allow editing. If I click on the "MODIFY" button, the spreadsheet is released for editing and I can make changes, however, I am not asked to enter the second password.
Also reproduced in Version: 6.2.0.0.alpha0+ Build ID: 72b099d279e7096d41a04fe8c0dd493a5fc18a33 CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); Calc: group threaded
I can't reproduce it if I save it to .ODS
Also reproduced in Version: 5.2.0.0.alpha0+ Build ID: 3ca42d8d51174010d5e8a32b96e9b4c0b3730a53 Threads 4; Ver: 4.10; Render: default; Version: 4.3.0.0.alpha1+ Build ID: c15927f20d4727c3b8de68497b6949e72f9e6e9e
Created attachment 145306 [details] Example .xlsx document created by LibreOffice, with password "dupa"
Created attachment 145307 [details] Example .xlsx document created by MS Excel 2007, with password "dupa"
It seems that following line needs to be added (in file workbook.xml) to enable ReadOnly mode for .xlsx: <fileSharing readOnlyRecommended="1" userName="m" reservationPassword="CC82"/> More details is available at: http://www.datypic.com/sc/ooxml/e-ssml_fileSharing-1.html and https://c-rex.net/projects/samples/ooxml/e1/Part4/OOXML_P4_DOCX_fileSharing_topic_ID0E62E4.html
It seems that following two lines were needed to enable proper Read-Only mode: <fileVersion appName="xl"/> <fileSharing readOnlyRecommended="1" userName="m" reservationPassword="CC82"/> Unfortunately LibreOffice Calc is not asking for password, even if it is properly set by MS Office
This may be a duplicate.
So in an Excel xlsx file I see only this (about filesharing): <fileSharing userName="Kovács Ádám 2" algorithmName="SHA-512" hashValue="dyDIs0vnG/0BUo+sKak6IUuztKnjI1myOvqj3kadN+pKltb0DJ3vHDFkOARfGAqbMT8C3NwYMKoawbYdmVVuCQ==" saltValue="UaMTB2MJ8TfLvlkZmKk9dg==" spinCount="100000"/> In this file: xl/workbook.xml If I unzip the xlsx file. So we should add these more 2 lines, even if an Excel file doesn't contain it? <fileVersion appName="xl"/> <fileSharing readOnlyRecommended="1" userName="m" reservationPassword="CC82"/>
In Excel: Adding readOnlyRecommended="1" to <fileSharing ...> XML tag is only a popup message box with a text "the owner of this document recommends you to open this document as read only" with "yes", "no" and "cancel" buttons, but this is after entering the password. In Calc: Nothing change. Adding reservationPassword="CC82" to it is simply ignored by Excel, and Calc. So I'm talking about this in xl/workbook.xml: <fileSharing readOnlyRecommended="1" userName="Kovács Ádám 2" algorithmName="SHA-512" hashValue="dyDIs0vnG/0BUo+sKak6IUuztKnjI1myOvqj3kadN+pKltb0DJ3vHDFkOARfGAqbMT8C3NwYMKoawbYdmVVuCQ==" saltValue="UaMTB2MJ8TfLvlkZmKk9dg==" spinCount="100000" reservationPassword="CC82"/>
Related code is here: https://opengrok.libreoffice.org/xref/core/sc/source/filter/oox/workbooksettings.cxx#204 With this comment: /*TODO: not setting read-only if only mnPasswordHash ('password' attribute) is present looks a bit silly, any reason for that? 'readOnlyRecommended' is defined as "indicates on open, whether the application alerts the user that the file be marked as read-only", which sounds silly in itself and seems not to be present if the 'password' attribute isn't present, but.. */
This could be the main password code: https://opengrok.libreoffice.org/xref/core/include/comphelper/docpasswordhelper.hxx https://opengrok.libreoffice.org/xref/core/comphelper/source/misc/docpasswordhelper.cxx https://opengrok.libreoffice.org/xref/core/sfx2/source/dialog/securitypage.cxx https://opengrok.libreoffice.org/xref/core/oox/source/core/filterdetect.cxx#250 https://opengrok.libreoffice.org/xref/core/oox/source/core/filterdetect.cxx#266 https://opengrok.libreoffice.org/xref/core/oox/source/core/filterdetect.cxx#318 But this is at a different place and it has no relations with the readonly password code section.
can confirm on 6.X too: .xlsx files with write-protection do not ask for my password when I enter "edit mode". Basically the file stays in read-only mode and opens "save as..." when trying to save. Steps to reproduce: 1. create .xlsx file 2. write some stuff into it 3. save with write password protection as "Excel 2007-365" (read password protection doesn't seem to matter for this bug) 4. close LibreOffice 5. open said file 6. enter "edit mode" Tested on Win10 & NixOS (Linux) with current release and 6.3.5.2
Tünde Tóth committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/c082158018148be01476d5bc82c1cd71ea6541df tdf#118938 XLSX import/export: fix permission for editing It will be available in 7.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Verified in: Version: 7.3.0.0.alpha0+ (x64) / LibreOffice Community Build ID: 8151f3a1d99ab740d2affdccc7115faa156bf3ad CPU threads: 4; OS: Windows 10.0 Build 17134; UI render: Skia/Raster; VCL: win Locale: hu-HU (hu_HU); UI: hu-HU Calc: threaded
"The password for editing wasn't asked, also wasn't exported in XLSX documents. Now it's exported in Calc using the following steps, also verified before editing: - In File->Save As, choose Excel 2007–365 (.xlsx) format; - enable checkbox "Save with password" and click Save; - in the dialog "Set password", click on "Options" and enable checkbox "Open file read-only", and enter a password for editing (i.e. skip the password for opening). Note: Excel 2016 doesn't ask password for editing, but Office 365 does. Passwords created in Excel haven't been supported, yet. Also passwords with diacritics aren't interoperable. Note: saving the file under a different path is still allowed both in Calc and Excel without asking the password for editing." This bug is marked XLSX. Thanks for fix (now works in LO and MSO) and explanation. Filesave for XLS worked from before. There's a similar bug for DOCX (edit works without pass), I don't see a report, I'll make one and link to bug 89385 for DOC (edit doesn't work). Fileopen of MSO files is bug 89383.
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/708b1aa962dd667a9de6d6131cfc63937212536e related: tdf#118938: simplify uitest It will be available in 7.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.