HRESULT WindowsFirewallHelper::removeTrusted( const char *app_path) { BSTR app_path_bstr = NULL; if ( ! ready() || ! i_can_remove) { return S_FALSE; } app_path_bstr = charToBstr(app_path); if ( app_path_bstr == NULL ) { return S_FALSE; } // Attempt to retrieve the authorized application. HRESULT hr = fwApps->Remove(app_path_bstr); if (FAILED(hr)) { dprintf(D_ERROR, "WinFirewall: remove trusted app %s failed: 0x%08lx %s\n", app_path, hr, GetHRString(hr)); if (hr == E_ACCESSDENIED) { i_can_remove = false; } } // Free the BSTR. SysFreeString(app_path_bstr); return hr; }
bool WindowsFirewallHelper::removeTrusted( const char *app_path ) { BSTR app_path_bstr = NULL; HRESULT hr = S_OK; bool result = false; if ( ! ready() ) { return false; } app_path_bstr = charToBstr(app_path); if ( app_path_bstr == NULL ) { return false; } // Attempt to retrieve the authorized application. hr = fwApps->Remove(app_path_bstr); if (SUCCEEDED(hr)) { result = true; } else if (FAILED(hr)) { dprintf(D_ALWAYS, "WinFirewall: remove trusted app failed: 0x%08lx\n", hr); result = false; } // Free the BSTR. SysFreeString(app_path_bstr); return result; }
bool WindowsFirewallHelper::applicationIsTrusted(const char* app_path) { HRESULT hr; BSTR app_path_bstr = NULL; VARIANT_BOOL fwEnabled; INetFwAuthorizedApplication* fwApp = NULL; bool result; result = false; if ( ! ready() ) { return false; } app_path_bstr = charToBstr(app_path); // Attempt to retrieve the authorized application. hr = fwApps->Item(app_path_bstr, &fwApp); if (SUCCEEDED(hr)) { // Find out if the authorized application is enabled. hr = fwApp->get_Enabled(&fwEnabled); if (FAILED(hr)) { dprintf(D_ALWAYS, "WinFirewall: get_Enabled failed: 0x%08lx %s\n", hr, GetHRString(hr)); result = false; } else { result = (fwEnabled == VARIANT_TRUE); } } // Free the BSTR. SysFreeString(app_path_bstr); // Release the authorized application instance. if (fwApp != NULL) { fwApp->Release(); } return result; }
HRESULT WindowsFirewallHelper::addTrusted( const char *app_path ) { const char *app_basename; BSTR app_path_bstr = NULL; BSTR app_basename_bstr = NULL; HRESULT hr = S_OK; INetFwAuthorizedApplication* fwApp = NULL; if ( ! ready() || ! i_can_add) { return S_FALSE; } if ( !firewallIsOn() ) { // firewall is turned off, so there's nothing to do. return S_FALSE; } if ( applicationIsTrusted(app_path) ) { // this app is already set to be trusted, so do nothing. return S_OK; } // now, if the basename of the app is condor_<something>, we // want to make sure there aren't any other entries of the same // condor daemon with a different path. We only do this for "condor_" // executables as a safety to keep us from removing trusted applications // that have nothing to do with condor. app_basename = condor_basename(app_path); if ( _strnicmp(app_basename, "condor_", strlen("condor_")) == 0 ) { hr = removeByBasename(app_basename); } // now just add the application to the trusted list. // Create an instance of an authorized application. hr = CoCreateInstance( __uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), reinterpret_cast<void**> (static_cast<INetFwAuthorizedApplication**>(&fwApp)) ); if (FAILED(hr)) { i_can_add = false; dprintf(D_ERROR | D_FULLDEBUG, "WinFirewall: CoCreateInstance failed: 0x%08lx %s\n", hr, GetHRString(hr)); return hr; } app_path_bstr = charToBstr(app_path); // Set the process image file name. hr = fwApp->put_ProcessImageFileName(app_path_bstr); if (FAILED(hr)) { if ( hr == 0x80070002 ) { dprintf(D_ERROR, "WinFirewall Error: Could not find trusted app image %s\n", app_path); } else { dprintf(D_ERROR, "put_ProcessImageFileName failed: 0x%08lx %s\n", hr, GetHRString(hr)); } goto error; } // Allocate a BSTR for the application friendly name. app_basename_bstr = charToBstr(app_basename); // Set the application friendly name. hr = fwApp->put_Name(app_basename_bstr); if (FAILED(hr)) { dprintf(D_ERROR | D_FULLDEBUG, "WinFirewall: put_Name failed: 0x%08lx %s\n", hr, GetHRString(hr)); goto error; } // Add the application to the collection. hr = fwApps->Add(fwApp); if (FAILED(hr)) { dprintf(D_ERROR, "WinFirewall: Add failed: 0x%08lx %s\n", hr, GetHRString(hr)); goto error; } // it seems like we should always inform users somehow that we're // doing this. dprintf(D_STATUS, "Authorized application %s is now enabled in the" " firewall.\n", app_path ); error: // Free the BSTRs. SysFreeString(app_path_bstr); SysFreeString(app_basename_bstr); // Release the authorized application instance. if (fwApp != NULL) { fwApp->Release(); } if (hr == E_ACCESSDENIED) i_can_add = false; return hr; }