/******************************************************************
RemovePortExceptionFromCurrentProfile
********************************************************************/
static HRESULT RemovePortExceptionFromCurrentProfile(
__in int iPort,
__in int iProtocol,
__in BOOL fIgnoreFailures
)
{
HRESULT hr = S_OK;
INetFwProfile* pfwProfile = NULL;
INetFwOpenPorts* pfwPorts = NULL;
// get the firewall profile, which is our entry point for adding exceptions
hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
ExitOnFailure(hr, "failed to get firewall profile");
if (S_FALSE == hr) // user or package author chose to ignore missing firewall
{
ExitFunction();
}
hr = pfwProfile->get_GloballyOpenPorts(&pfwPorts);
ExitOnFailure(hr, "failed to get open ports");
hr = pfwPorts->Remove(iPort, static_cast<NET_FW_IP_PROTOCOL>(iProtocol));
ExitOnFailure2(hr, "failed to remove open port %d, protocol %d", iPort, iProtocol);
LExit:
return fIgnoreFailures ? S_OK : hr;
}
int CheckFirewallPortState(long number, NET_FW_IP_PROTOCOL protocol)
{
INetFwMgr *imgr = NULL;
INetFwPolicy *ipol = NULL;
INetFwProfile *iprof = NULL;
HRESULT hr = S_OK;
VARIANT_BOOL portenabled = 0; // false
int result = 0; // error
hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr);
if(FAILED(hr))
return 0;
hr = S_FALSE;
if(imgr->get_LocalPolicy(&ipol) == S_OK)
{
if(ipol->get_CurrentProfile(&iprof) == S_OK)
{
INetFwOpenPorts *iports = NULL;
if(iprof->get_GloballyOpenPorts(&iports) == S_OK)
{
INetFwOpenPort *iport = NULL;
hr = iports->Item(number, protocol, &iport);
if(SUCCEEDED(hr))
{
hr = iport->get_Enabled(&portenabled);
iport->Release();
}
iports->Release();
}
iprof->Release();
}
ipol->Release();
}
imgr->Release();
if(hr == S_OK)
{
if(portenabled)
result = 1;
else
result = -1;
}
return result;
}
FW_ERROR_CODE WinXPSP2FireWall::IsPortEnabled( LONG lPortNumber, NET_FW_IP_PROTOCOL ipProtocol, BOOL& bEnable )
{
FW_ERROR_CODE ret = FW_NOERROR;
VARIANT_BOOL bFWEnabled;
INetFwOpenPort* pFWOpenPort = nullptr;
INetFwOpenPorts* pFWOpenPorts = nullptr;
HRESULT hr;
bEnable = FALSE;
try
{
if( m_pFireWallProfile == nullptr )
throw FW_ERR_INITIALIZED;
// Retrieve the open ports collection
hr = m_pFireWallProfile->get_GloballyOpenPorts( &pFWOpenPorts );
if( FAILED( hr ))
throw FW_ERR_GLOBAL_OPEN_PORTS;
// Get the open port
hr = pFWOpenPorts->Item( lPortNumber, ipProtocol, &pFWOpenPort );
if( SUCCEEDED( hr ))
{
hr = pFWOpenPort->get_Enabled( &bFWEnabled );
if( FAILED( hr ))
throw FW_ERR_PORT_IS_ENABLED;
if( bFWEnabled == VARIANT_TRUE )
bEnable = TRUE;
}
}
catch( FW_ERROR_CODE nError)
{
ret = nError;
}
if( pFWOpenPort )
pFWOpenPort->Release();
if( pFWOpenPorts )
pFWOpenPorts->Release();
return ret;
}
FW_ERROR_CODE WinXPSP2FireWall::RemovePort( LONG lPortNumber, NET_FW_IP_PROTOCOL ipProtocol )
{
FW_ERROR_CODE ret = FW_NOERROR;
INetFwOpenPorts* pFWOpenPorts = nullptr;
HRESULT hr;
try
{
if( m_pFireWallProfile == nullptr )
throw FW_ERR_INITIALIZED;
BOOL bEnablePort;
FW_ERROR_CODE nError = IsPortEnabled( lPortNumber, ipProtocol, bEnablePort);
if( nError != FW_NOERROR)
throw nError;
// Only remove the port, if it is on the collection
if( bEnablePort == TRUE )
{
// Retrieve the collection of globally open ports
hr = m_pFireWallProfile->get_GloballyOpenPorts( &pFWOpenPorts );
if( FAILED( hr ))
throw FW_ERR_GLOBAL_OPEN_PORTS;
hr = pFWOpenPorts->Remove( lPortNumber, ipProtocol );
if (FAILED( hr ))
throw FW_ERR_REMOVE_FROM_COLLECTION;
}
}
catch( FW_ERROR_CODE nError)
{
ret = nError;
}
if( pFWOpenPorts )
pFWOpenPorts->Release();
return ret;
}
FW_ERROR_CODE WinXPSP2FireWall::AddPort( LONG lPortNumber, NET_FW_IP_PROTOCOL ipProtocol, const wchar_t* lpszRegisterName )
{
FW_ERROR_CODE ret = FW_NOERROR;
INetFwOpenPort* pFWOpenPort = nullptr;
INetFwOpenPorts* pFWOpenPorts = nullptr;
BSTR bstrRegisterName = nullptr;
HRESULT hr;
try
{
if( m_pFireWallProfile == nullptr )
throw FW_ERR_INITIALIZED;
BOOL bEnablePort;
FW_ERROR_CODE nError = IsPortEnabled( lPortNumber, ipProtocol, bEnablePort);
if( nError != FW_NOERROR)
throw nError;
// Only add the port, if it isn't added to the collection
if( bEnablePort == FALSE )
{
// Retrieve the collection of globally open ports
hr = m_pFireWallProfile->get_GloballyOpenPorts( &pFWOpenPorts );
if( FAILED( hr ))
throw FW_ERR_GLOBAL_OPEN_PORTS;
// Create an instance of an open port
hr = CoCreateInstance( CLSID_NetFwOpenPort, nullptr, CLSCTX_INPROC_SERVER, IID_INetFwOpenPort, (void**)&pFWOpenPort);
if( FAILED( hr ))
throw FW_ERR_CREATE_PORT_INSTANCE;
// Set the port number
hr = pFWOpenPort->put_Port( lPortNumber );
if( FAILED( hr ))
throw FW_ERR_SET_PORT_NUMBER;
// Set the IP Protocol
hr = pFWOpenPort->put_Protocol( ipProtocol );
if( FAILED( hr ))
throw FW_ERR_SET_IP_PROTOCOL;
bstrRegisterName = SysAllocString( lpszRegisterName );
if( SysStringLen( bstrRegisterName ) == 0)
throw FW_ERR_SYS_ALLOC_STRING;
// Set the registered name
hr = pFWOpenPort->put_Name( bstrRegisterName );
if( FAILED( hr ))
throw FW_ERR_PUT_REGISTER_NAME;
hr = pFWOpenPorts->Add( pFWOpenPort );
if( FAILED( hr ))
throw FW_ERR_ADD_TO_COLLECTION;
}
}
catch( FW_ERROR_CODE nError)
{
ret = nError;
}
SysFreeString( bstrRegisterName );
if( pFWOpenPort )
pFWOpenPort->Release();
if( pFWOpenPorts )
pFWOpenPorts->Release();
return ret;
}
/******************************************************************
AddPortExceptionOnCurrentProfile
********************************************************************/
static HRESULT AddPortExceptionOnCurrentProfile(
__in LPCWSTR wzName,
__in_opt LPCWSTR wzRemoteAddresses,
__in BOOL fIgnoreFailures,
__in int iPort,
__in int iProtocol
)
{
HRESULT hr = S_OK;
BSTR bstrName = NULL;
BSTR bstrRemoteAddresses = NULL;
INetFwProfile* pfwProfile = NULL;
INetFwOpenPorts* pfwPorts = NULL;
INetFwOpenPort* pfwPort = NULL;
// convert to BSTRs to make COM happy
bstrName = ::SysAllocString(wzName);
ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name");
bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses);
ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses");
// create and initialize a new open port object
hr = ::CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), reinterpret_cast<void**>(&pfwPort));
ExitOnFailure(hr, "failed to create new open port");
hr = pfwPort->put_Port(iPort);
ExitOnFailure(hr, "failed to set exception port");
hr = pfwPort->put_Protocol(static_cast<NET_FW_IP_PROTOCOL>(iProtocol));
ExitOnFailure(hr, "failed to set exception protocol");
if (bstrRemoteAddresses && *bstrRemoteAddresses)
{
hr = pfwPort->put_RemoteAddresses(bstrRemoteAddresses);
ExitOnFailure1(hr, "failed to set exception remote addresses '%ls'", bstrRemoteAddresses);
}
hr = pfwPort->put_Name(bstrName);
ExitOnFailure(hr, "failed to set exception name");
// get the firewall profile, its current list of open ports, and add ours
hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
ExitOnFailure(hr, "failed to get firewall profile");
if (S_FALSE == hr) // user or package author chose to ignore missing firewall
{
ExitFunction();
}
hr = pfwProfile->get_GloballyOpenPorts(&pfwPorts);
ExitOnFailure(hr, "failed to get open ports");
hr = pfwPorts->Add(pfwPort);
ExitOnFailure(hr, "failed to add exception to global list");
LExit:
ReleaseBSTR(bstrRemoteAddresses);
ReleaseBSTR(bstrName);
ReleaseObject(pfwProfile);
ReleaseObject(pfwPorts);
ReleaseObject(pfwPort);
return fIgnoreFailures ? S_OK : hr;
}
bool ControlUPnPPorts(bool open)
{
INetFwMgr *imgr = NULL;
INetFwPolicy *ipol = NULL;
INetFwProfile *iprof = NULL;
HRESULT hr = S_OK;
bool port2869 = false;
bool port1900 = false;
hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr);
if(FAILED(hr))
return false;
if(imgr->get_LocalPolicy(&ipol) == S_OK)
{
if(ipol->get_CurrentProfile(&iprof) == S_OK)
{
INetFwOpenPorts *iports = NULL;
if(iprof->get_GloballyOpenPorts(&iports) == S_OK)
{
INetFwOpenPort *iport = NULL;
VARIANT_BOOL portenabled = open ? -1 : 0;
hr = iports->Item(2869L, NET_FW_IP_PROTOCOL_TCP, &iport);
if(FAILED(hr))
{
hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport);
if(SUCCEEDED(hr))
{
iport->put_Name(L"UPnP TCP 2869");
iport->put_Port(2869L);
iport->put_Protocol(NET_FW_IP_PROTOCOL_TCP);
iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET);
hr = iports->Add(iport);
}
}
if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK)
{
debug("TCP 2869 enabled");
port2869 = true;
}
if(iport)
iport->Release();
hr = iports->Item(1900L, NET_FW_IP_PROTOCOL_UDP, &iport);
if(FAILED(hr))
{
hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport);
if(SUCCEEDED(hr))
{
iport->put_Name(L"UPnP UDP 1900");
iport->put_Port(1900L);
iport->put_Protocol(NET_FW_IP_PROTOCOL_UDP);
iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET);
hr = iports->Add(iport);
}
}
if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK)
{
debug("UDP 1900 enabled");
port1900 = true;
}
if(iport)
iport->Release();
iports->Release();
}
iprof->Release();
}
ipol->Release();
}
imgr->Release();
return port2869 & port1900;
}
HRESULT WindowsFirewallPortAdd(
IN INetFwProfile* fwProfile,
IN LONG portNumber,
IN NET_FW_IP_PROTOCOL ipProtocol,
IN const wchar_t* name
)
{
HRESULT hr = S_OK;
BOOL fwPortEnabled;
BSTR fwBstrName = NULL;
INetFwOpenPort* fwOpenPort = NULL;
INetFwOpenPorts* fwOpenPorts = NULL;
_ASSERT(fwProfile != NULL);
_ASSERT(name != NULL);
// First check to see if the port is already added.
hr = WindowsFirewallPortIsEnabled(
fwProfile,
portNumber,
ipProtocol,
&fwPortEnabled
);
if (FAILED(hr))
{
goto error;
}
// Only add the port if it isn't already added.
if (!fwPortEnabled)
{
// Retrieve the collection of globally open ports.
hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts);
if (FAILED(hr))
{
goto error;
}
// Create an instance of an open port.
hr = CoCreateInstance(
__uuidof(NetFwOpenPort),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwOpenPort),
(void**)&fwOpenPort
);
if (FAILED(hr))
{
goto error;
}
// Set the port number.
hr = fwOpenPort->put_Port(portNumber);
if (FAILED(hr))
{
goto error;
}
// Set the IP protocol.
hr = fwOpenPort->put_Protocol(ipProtocol);
if (FAILED(hr))
{
goto error;
}
// Allocate a BSTR for the friendly name of the port.
fwBstrName = SysAllocString(name);
if (SysStringLen(fwBstrName) == 0)
{
hr = E_OUTOFMEMORY;
goto error;
}
// Set the friendly name of the port.
hr = fwOpenPort->put_Name(fwBstrName);
if (FAILED(hr))
{
goto error;
}
// Opens the port and adds it to the collection.
hr = fwOpenPorts->Add(fwOpenPort);
if (FAILED(hr))
{
goto error;
}
}
error:
// Free the BSTR.
SysFreeString(fwBstrName);
// Release the open port instance.
if (fwOpenPort != NULL)
{
fwOpenPort->Release();
}
// Release the globally open ports collection.
if (fwOpenPorts != NULL)
{
fwOpenPorts->Release();
}
return hr;
}
HRESULT WindowsFirewallPortIsEnabled(
IN INetFwProfile* fwProfile,
IN LONG portNumber,
IN NET_FW_IP_PROTOCOL ipProtocol,
OUT BOOL* fwPortEnabled
)
{
HRESULT hr = S_OK;
VARIANT_BOOL fwEnabled;
INetFwOpenPort* fwOpenPort = NULL;
INetFwOpenPorts* fwOpenPorts = NULL;
_ASSERT(fwProfile != NULL);
_ASSERT(fwPortEnabled != NULL);
*fwPortEnabled = FALSE;
// Retrieve the globally open ports collection.
hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts);
if (FAILED(hr))
{
goto error;
}
// Attempt to retrieve the globally open port.
hr = fwOpenPorts->Item(portNumber, ipProtocol, &fwOpenPort);
if (SUCCEEDED(hr))
{
// Find out if the globally open port is enabled.
hr = fwOpenPort->get_Enabled(&fwEnabled);
if (FAILED(hr))
{
goto error;
}
if (fwEnabled != VARIANT_FALSE)
{
// The globally open port is enabled.
*fwPortEnabled = TRUE;
}
else
{
}
}
else
{
// The globally open port was not in the collection.
hr = S_OK;
}
error:
// Release the globally open port.
if (fwOpenPort != NULL)
{
fwOpenPort->Release();
}
// Release the globally open ports collection.
if (fwOpenPorts != NULL)
{
fwOpenPorts->Release();
}
return hr;
}
