/****************************************************************** RemoveApplicationExceptionFromCurrentProfile ********************************************************************/ static HRESULT RemoveApplicationExceptionFromCurrentProfile( __in LPCWSTR wzFile, __in BOOL fIgnoreFailures ) { HRESULT hr = S_OK; INetFwProfile* pfwProfile = NULL; INetFwAuthorizedApplications* pfwApps = NULL; // convert to BSTRs to make COM happy BSTR bstrFile = ::SysAllocString(wzFile); ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path"); // get the firewall profile, which is our entry point for removing exceptions hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile); ExitOnFailure(hr, "failed to get firewall profile"); if (S_FALSE == hr) // user or package author chose to ignore missing firewall { ExitFunction(); } // now get the list of app exceptions and remove the one hr = pfwProfile->get_AuthorizedApplications(&pfwApps); ExitOnFailure(hr, "failed to get list of authorized apps"); hr = pfwApps->Remove(bstrFile); ExitOnFailure(hr, "failed to remove authorized app"); LExit: ReleaseBSTR(bstrFile); ReleaseObject(pfwApps); ReleaseObject(pfwProfile); return fIgnoreFailures ? S_OK : hr; }
/****************************************************************** AddApplicationExceptionOnCurrentProfile ********************************************************************/ static HRESULT AddApplicationExceptionOnCurrentProfile( __in LPCWSTR wzFile, __in LPCWSTR wzName, __in_opt LPCWSTR wzRemoteAddresses, __in BOOL fIgnoreFailures ) { HRESULT hr = S_OK; BSTR bstrFile = NULL; BSTR bstrName = NULL; BSTR bstrRemoteAddresses = NULL; INetFwProfile* pfwProfile = NULL; INetFwAuthorizedApplications* pfwApps = NULL; INetFwAuthorizedApplication* pfwApp = NULL; // convert to BSTRs to make COM happy bstrFile = ::SysAllocString(wzFile); ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path"); bstrName = ::SysAllocString(wzName); ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name"); bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses); ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses"); // get the firewall profile, which is our entry point for adding exceptions hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile); ExitOnFailure(hr, "failed to get firewall profile"); if (S_FALSE == hr) // user or package author chose to ignore missing firewall { ExitFunction(); } // first, let's see if the app is already on the exception list hr = pfwProfile->get_AuthorizedApplications(&pfwApps); ExitOnFailure(hr, "failed to get list of authorized apps"); // try to find it (i.e., support reinstall) hr = pfwApps->Item(bstrFile, &pfwApp); if (HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) == hr) { // not found, so we get to add it hr = ::CoCreateInstance(__uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), reinterpret_cast<void**>(&pfwApp)); ExitOnFailure(hr, "failed to create authorized app"); // set the display name hr = pfwApp->put_Name(bstrName); ExitOnFailure(hr, "failed to set authorized app name"); // set path hr = pfwApp->put_ProcessImageFileName(bstrFile); ExitOnFailure(hr, "failed to set authorized app path"); // set the allowed remote addresses if (bstrRemoteAddresses && *bstrRemoteAddresses) { hr = pfwApp->put_RemoteAddresses(bstrRemoteAddresses); ExitOnFailure(hr, "failed to set authorized app remote addresses"); } // add it to the list of authorized apps hr = pfwApps->Add(pfwApp); ExitOnFailure(hr, "failed to add app to the authorized apps list"); } else { // we found an existing app exception (if we succeeded, that is) ExitOnFailure(hr, "failed trying to find existing app"); // enable it (just in case it was disabled) pfwApp->put_Enabled(VARIANT_TRUE); } LExit: ReleaseBSTR(bstrRemoteAddresses); ReleaseBSTR(bstrName); ReleaseBSTR(bstrFile); ReleaseObject(pfwApp); ReleaseObject(pfwApps); ReleaseObject(pfwProfile); return fIgnoreFailures ? S_OK : hr; }
static bool IsIcfEnabled(void) { HRESULT hr; VARIANT_BOOL fwEnabled = VARIANT_FALSE; INetFwProfile* fwProfile = NULL; INetFwMgr* fwMgr = NULL; INetFwPolicy* fwPolicy = NULL; INetFwAuthorizedApplication* fwApp = NULL; INetFwAuthorizedApplications* fwApps = NULL; BSTR fwBstrProcessImageFileName = NULL; wchar_t *wszFileName = NULL; hr = CoInitialize(NULL); if (FAILED(hr)) return false; // Create an instance of the firewall settings manager. hr = CoCreateInstance(CLSID_NetFwMgr, NULL, CLSCTX_INPROC_SERVER, IID_INetFwMgr, (void**)&fwMgr ); if (FAILED(hr)) goto error; // Retrieve the local firewall policy. hr = fwMgr->get_LocalPolicy(&fwPolicy); if (FAILED(hr)) goto error; // Retrieve the firewall profile currently in effect. hr = fwPolicy->get_CurrentProfile(&fwProfile); if (FAILED(hr)) goto error; // Get the current state of the firewall. hr = fwProfile->get_FirewallEnabled(&fwEnabled); if (FAILED(hr)) goto error; if (fwEnabled == VARIANT_FALSE) goto error; // Retrieve the authorized application collection. hr = fwProfile->get_AuthorizedApplications(&fwApps); if (FAILED(hr)) goto error; TCHAR szFileName[MAX_PATH]; GetModuleFileName(NULL, szFileName, SIZEOF(szFileName)); wszFileName = mir_t2u(szFileName); // Allocate a BSTR for the process image file name. fwBstrProcessImageFileName = SysAllocString(wszFileName); if (FAILED(hr)) goto error; // Attempt to retrieve the authorized application. hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp); if (SUCCEEDED(hr)) { // Find out if the authorized application is enabled. fwApp->get_Enabled(&fwEnabled); fwEnabled = ~fwEnabled; } error: // Free the BSTR. SysFreeString(fwBstrProcessImageFileName); mir_free(wszFileName); // Release the authorized application instance. if (fwApp != NULL) fwApp->Release(); // Release the authorized application collection. if (fwApps != NULL) fwApps->Release(); // Release the firewall profile. if (fwProfile != NULL) fwProfile->Release(); // Release the local firewall policy. if (fwPolicy != NULL) fwPolicy->Release(); // Release the firewall settings manager. if (fwMgr != NULL) fwMgr->Release(); CoUninitialize(); return fwEnabled != VARIANT_FALSE; }