HRESULT
WindowsFirewallHelper::removeTrusted( const char *app_path) {
BSTR app_path_bstr = NULL;
if ( ! ready() || ! i_can_remove) {
return S_FALSE;
}
app_path_bstr = charToBstr(app_path);
if ( app_path_bstr == NULL ) {
return S_FALSE;
}
// Attempt to retrieve the authorized application.
HRESULT hr = fwApps->Remove(app_path_bstr);
if (FAILED(hr)) {
dprintf(D_ERROR, "WinFirewall: remove trusted app %s failed: 0x%08lx %s\n", app_path, hr, GetHRString(hr));
if (hr == E_ACCESSDENIED) {
i_can_remove = false;
}
}
// Free the BSTR.
SysFreeString(app_path_bstr);
return hr;
}
bool
WindowsFirewallHelper::removeTrusted( const char *app_path ) {
BSTR app_path_bstr = NULL;
HRESULT hr = S_OK;
bool result = false;
if ( ! ready() ) {
return false;
}
app_path_bstr = charToBstr(app_path);
if ( app_path_bstr == NULL ) {
return false;
}
// Attempt to retrieve the authorized application.
hr = fwApps->Remove(app_path_bstr);
if (SUCCEEDED(hr)) {
result = true;
} else if (FAILED(hr)) {
dprintf(D_ALWAYS, "WinFirewall: remove trusted app failed: 0x%08lx\n",
hr);
result = false;
}
// Free the BSTR.
SysFreeString(app_path_bstr);
return result;
}
bool
WindowsFirewallHelper::applicationIsTrusted(const char* app_path) {
HRESULT hr;
BSTR app_path_bstr = NULL;
VARIANT_BOOL fwEnabled;
INetFwAuthorizedApplication* fwApp = NULL;
bool result;
result = false;
if ( ! ready() ) {
return false;
}
app_path_bstr = charToBstr(app_path);
// Attempt to retrieve the authorized application.
hr = fwApps->Item(app_path_bstr, &fwApp);
if (SUCCEEDED(hr))
{
// Find out if the authorized application is enabled.
hr = fwApp->get_Enabled(&fwEnabled);
if (FAILED(hr))
{
dprintf(D_ALWAYS, "WinFirewall: get_Enabled failed: 0x%08lx %s\n", hr, GetHRString(hr));
result = false;
} else {
result = (fwEnabled == VARIANT_TRUE);
}
}
// Free the BSTR.
SysFreeString(app_path_bstr);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
return result;
}
HRESULT
WindowsFirewallHelper::addTrusted( const char *app_path ) {
const char *app_basename;
BSTR app_path_bstr = NULL;
BSTR app_basename_bstr = NULL;
HRESULT hr = S_OK;
INetFwAuthorizedApplication* fwApp = NULL;
if ( ! ready() || ! i_can_add) {
return S_FALSE;
}
if ( !firewallIsOn() ) {
// firewall is turned off, so there's nothing to do.
return S_FALSE;
}
if ( applicationIsTrusted(app_path) ) {
// this app is already set to be trusted, so do nothing.
return S_OK;
}
// now, if the basename of the app is condor_<something>, we
// want to make sure there aren't any other entries of the same
// condor daemon with a different path. We only do this for "condor_"
// executables as a safety to keep us from removing trusted applications
// that have nothing to do with condor.
app_basename = condor_basename(app_path);
if ( _strnicmp(app_basename, "condor_", strlen("condor_")) == 0 ) {
hr = removeByBasename(app_basename);
}
// now just add the application to the trusted list.
// Create an instance of an authorized application.
hr = CoCreateInstance(
__uuidof(NetFwAuthorizedApplication),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwAuthorizedApplication),
reinterpret_cast<void**>
(static_cast<INetFwAuthorizedApplication**>(&fwApp))
);
if (FAILED(hr))
{
i_can_add = false;
dprintf(D_ERROR | D_FULLDEBUG, "WinFirewall: CoCreateInstance failed: 0x%08lx %s\n", hr, GetHRString(hr));
return hr;
}
app_path_bstr = charToBstr(app_path);
// Set the process image file name.
hr = fwApp->put_ProcessImageFileName(app_path_bstr);
if (FAILED(hr))
{
if ( hr == 0x80070002 ) {
dprintf(D_ERROR, "WinFirewall Error: Could not find trusted app image %s\n",
app_path);
} else {
dprintf(D_ERROR, "put_ProcessImageFileName failed: 0x%08lx %s\n", hr, GetHRString(hr));
}
goto error;
}
// Allocate a BSTR for the application friendly name.
app_basename_bstr = charToBstr(app_basename);
// Set the application friendly name.
hr = fwApp->put_Name(app_basename_bstr);
if (FAILED(hr))
{
dprintf(D_ERROR | D_FULLDEBUG, "WinFirewall: put_Name failed: 0x%08lx %s\n", hr, GetHRString(hr));
goto error;
}
// Add the application to the collection.
hr = fwApps->Add(fwApp);
if (FAILED(hr))
{
dprintf(D_ERROR, "WinFirewall: Add failed: 0x%08lx %s\n", hr, GetHRString(hr));
goto error;
}
// it seems like we should always inform users somehow that we're
// doing this.
dprintf(D_STATUS, "Authorized application %s is now enabled in the"
" firewall.\n",
app_path );
error:
// Free the BSTRs.
SysFreeString(app_path_bstr);
SysFreeString(app_basename_bstr);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
if (hr == E_ACCESSDENIED) i_can_add = false;
return hr;
}
