/* some pretty lame, but useful test code */
int main(int argc, char **argv) {
WindowsFirewallHelper wfh;
int result;
bool isOn;
const char* app;
result = 0;
dprintf_set_tool_debug("TOOL", 0);
isOn = wfh.firewallIsOn();
printf("firewall is %s.\n", (isOn) ? "On" : "Off");
if ( argc <= 1 ) {
app = "C:\\Condor\\bin\\condor_master.exe";
} else {
app = argv[1];
}
isOn = wfh.applicationIsTrusted(app);
printf("%s is %s by the firewall.\n", app, (isOn) ? "Trusted" : "Not Trusted");
wfh.removeTrusted(app);
// wfh.addTrusted(app);
if ( ! SUCCEEDED(wfh.addTrusted("C:\\Condor\\bin\\condor_master.exe")) ) {
printf("first addTrusted() failed\n");
result = 1;
}
if ( ! SUCCEEDED(wfh.addTrusted("C:\\Condor\\condor_master.exe")) ) {
printf("second addTrusted() failed\n");
result = 1;
}
HRESULT hr = wfh.removeTrusted("C:\\Condor\\bin\\condor_master.exe");
if (FAILED(hr)) {
printf("first removeTrusted() failed 0x%08x\n", hr);
result = 1;
}
hr = wfh.removeTrusted("C:\\Condor\\bin\\condor_master.exe");
if (FAILED(hr)) {
printf("second removeTrusted() failed 0x%08x\n", hr);
result = 1;
}
printf("tests are done!\n");
return result;
}
/* some pretty lame, but useful test code */
int main(int argc, char **argv) {
WindowsFirewallHelper wfh;
int result;
bool isOn;
const char* app;
param_functions *p_funcs = NULL;
result = 0;
Termlog = 1;
p_funcs = get_param_functions();
dprintf_config ("TOOL", p_funcs );
isOn = wfh.firewallIsOn();
printf("firewall is %s.\n", (isOn) ? "On" : "Off");
if ( argc <= 1 ) {
app = "C:\\Condor\\bin\\condor_master.exe";
} else {
app = argv[1];
}
isOn = wfh.applicationIsTrusted(app);
printf("%s is %s by the firewall.\n", app, (isOn) ? "Trusted" : "Not Trusted");
wfh.removeTrusted(app);
// wfh.addTrusted(app);
if ( ! wfh.addTrusted("C:\\Condor\\bin\\condor_master.exe") ) {
printf("first addTrusted() failed\n");
result = 1;
}
if ( ! wfh.addTrusted("C:\\Condor\\condor_master.exe") ) {
printf("second addTrusted() failed\n");
result = 1;
}
if ( ! wfh.removeTrusted("C:\\Condor\\bin\\condor_master.exe") ) {
printf("first removeTrusted() failed\n");
result = 1;
}
if ( ! wfh.removeTrusted("C:\\Condor\\bin\\condor_master.exe") ) {
printf("second removeTrusted() failed\n");
result = 1;
}
printf("tests are done!\n");
return result;
}
void init_firewall_exceptions() {
#ifdef WIN32
bool add_exception;
char *master_image_path, *schedd_image_path, *startd_image_path,
*dbmsd_image_path, *quill_image_path, *dagman_image_path,
*negotiator_image_path, *collector_image_path, *starter_image_path,
*shadow_image_path, *gridmanager_image_path, *gahp_image_path,
*gahp_worker_image_path, *credd_image_path,
*vmgahp_image_path, *kbdd_image_path, *hdfs_image_path, *bin_path;
const char* dagman_exe = "condor_dagman.exe";
WindowsFirewallHelper wfh;
add_exception = param_boolean("ADD_WINDOWS_FIREWALL_EXCEPTION", true);
if ( add_exception == false ) {
dprintf(D_FULLDEBUG, "ADD_WINDOWS_FIREWALL_EXCEPTION is false, skipping\n");
return;
}
// We use getExecPath() here instead of param() since it's
// possible the the Windows Service Control Manager
// (SCM) points to one location for the master (which
// is exec'd), while MASTER points to something else
// (and ignored).
master_image_path = getExecPath();
if ( !master_image_path ) {
dprintf(D_ALWAYS,
"WARNING: Failed to get condor_master image path.\n"
"Condor will not be excepted from the Windows firewall.\n");
return;
}
// We want to add exceptions for the SCHEDD and the STARTD
// so that (1) shadows can accept incoming connections on their
// command port and (2) so starters can do the same.
schedd_image_path = param("SCHEDD");
startd_image_path = param("STARTD");
// We to also add exceptions for Quill and DBMSD
quill_image_path = param("QUILL");
dbmsd_image_path = param("DBMSD");
// And add exceptions for all the other daemons, since they very well
// may need to open a listen port for mechanisms like CCB, or HTTPS
negotiator_image_path = param("NEGOTIATOR");
collector_image_path = param("COLLECTOR");
starter_image_path = param("STARTER");
shadow_image_path = param("SHADOW");
gridmanager_image_path = param("GRIDMANAGER");
gahp_image_path = param("CONDOR_GAHP");
gahp_worker_image_path = param("CONDOR_GAHP_WORKER");
credd_image_path = param("CREDD");
kbdd_image_path = param("KBDD");
hdfs_image_path = param("HDFS");
vmgahp_image_path = param("VM_GAHP_SERVER");
// We also want to add exceptions for the DAGMan we ship
// with Condor:
bin_path = param ( "BIN" );
if ( bin_path ) {
dagman_image_path = (char*) malloc (
strlen ( bin_path ) + strlen ( dagman_exe ) + 2 );
if ( dagman_image_path ) {
sprintf ( dagman_image_path, "%s\\%s", bin_path, dagman_exe );
}
free ( bin_path );
}
// Insert the master
if ( !SUCCEEDED(wfh.addTrusted(master_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
master_image_path);
}
// Insert daemons needed on a central manager
if ( (daemons.FindDaemon("NEGOTIATOR") != NULL) && negotiator_image_path ) {
if ( !SUCCEEDED(wfh.addTrusted(negotiator_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
negotiator_image_path);
}
}
if ( (daemons.FindDaemon("COLLECTOR") != NULL) && collector_image_path ) {
if ( !SUCCEEDED(wfh.addTrusted(collector_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
collector_image_path);
}
}
// Insert daemons needed on a submit node
if ( (daemons.FindDaemon("SCHEDD") != NULL) && schedd_image_path ) {
// put in schedd
if ( !SUCCEEDED(wfh.addTrusted(schedd_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
schedd_image_path);
}
// put in shadow
if ( shadow_image_path && !SUCCEEDED(wfh.addTrusted(shadow_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
shadow_image_path);
}
// put in gridmanager
if ( gridmanager_image_path && !SUCCEEDED(wfh.addTrusted(gridmanager_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
gridmanager_image_path);
}
// put in condor gahp
if ( gahp_image_path && !SUCCEEDED(wfh.addTrusted(gahp_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
gahp_image_path);
}
// put in condor worker gahp
if ( gahp_worker_image_path && !SUCCEEDED(wfh.addTrusted(gahp_worker_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
gahp_worker_image_path);
}
}
// Insert daemons needed on a execute node.
// Note we include the starter and friends seperately, since the
// starter could run on either execute or submit nodes (think
// local universe jobs).
if ( (daemons.FindDaemon("STARTD") != NULL) && startd_image_path ) {
if ( !SUCCEEDED(wfh.addTrusted(startd_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
startd_image_path);
}
if ( !SUCCEEDED(wfh.addTrusted(kbdd_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
kbdd_image_path);
}
}
if ( (daemons.FindDaemon("QUILL") != NULL) && quill_image_path ) {
if ( !SUCCEEDED(wfh.addTrusted(quill_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
quill_image_path);
}
}
if ( (daemons.FindDaemon("DBMSD") != NULL) && dbmsd_image_path ) {
if ( !SUCCEEDED(wfh.addTrusted(dbmsd_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
dbmsd_image_path);
}
}
if ( starter_image_path ) {
if ( !SUCCEEDED(wfh.addTrusted(starter_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
starter_image_path);
}
}
if ( (daemons.FindDaemon("CREDD") != NULL) && credd_image_path ) {
if ( !SUCCEEDED(wfh.addTrusted(credd_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
credd_image_path);
}
}
if ( (daemons.FindDaemon("HDFS") != NULL) && hdfs_image_path ) {
if ( !SUCCEEDED(wfh.addTrusted(hdfs_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n", hdfs_image_path);
}
}
if ( vmgahp_image_path ) {
if ( !SUCCEEDED(wfh.addTrusted(vmgahp_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to the "
"windows firewall exception list.\n",
vmgahp_image_path);
}
}
if ( dagman_image_path ) {
if ( !SUCCEEDED(wfh.addTrusted (dagman_image_path)) ) {
dprintf(D_FULLDEBUG, "WinFirewall: unable to add %s to "
"the windows firewall exception list.\n",
dagman_image_path);
}
}
if ( master_image_path ) { free(master_image_path); }
if ( schedd_image_path ) { free(schedd_image_path); }
if ( startd_image_path ) { free(startd_image_path); }
if ( quill_image_path ) { free(quill_image_path); }
if ( dbmsd_image_path ) { free(dbmsd_image_path); }
if ( dagman_image_path ) { free(dagman_image_path); }
if ( negotiator_image_path ) { free(negotiator_image_path); }
if ( collector_image_path ) { free(collector_image_path); }
if ( shadow_image_path ) { free(shadow_image_path); }
if ( gridmanager_image_path ) { free(gridmanager_image_path); }
if ( gahp_image_path ) { free(gahp_image_path); }
if ( credd_image_path ) { free(credd_image_path); }
if ( vmgahp_image_path ) { free(vmgahp_image_path); }
if ( kbdd_image_path ) { free(kbdd_image_path); }
#endif
}
