/******************************************************************
GetCurrentFirewallProfile - get the active firewall profile as an
INetFwProfile, which owns the lists of exceptions we're
updating.
********************************************************************/
static HRESULT GetCurrentFirewallProfile(
__in BOOL fIgnoreFailures,
__out INetFwProfile** ppfwProfile
)
{
HRESULT hr = S_OK;
INetFwMgr* pfwMgr = NULL;
INetFwPolicy* pfwPolicy = NULL;
INetFwProfile* pfwProfile = NULL;
*ppfwProfile = NULL;
do
{
ReleaseNullObject(pfwPolicy);
ReleaseNullObject(pfwMgr);
ReleaseNullObject(pfwProfile);
if (SUCCEEDED(hr = ::CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&pfwMgr)) &&
SUCCEEDED(hr = pfwMgr->get_LocalPolicy(&pfwPolicy)) &&
SUCCEEDED(hr = pfwPolicy->get_CurrentProfile(&pfwProfile)))
{
break;
}
else if (fIgnoreFailures)
{
ExitFunction1(hr = S_FALSE);
}
else
{
WcaLog(LOGMSG_STANDARD, "Failed to connect to Windows Firewall");
UINT er = WcaErrorMessage(msierrFirewallCannotConnect, hr, INSTALLMESSAGE_ERROR | MB_ABORTRETRYIGNORE, 0);
switch (er)
{
case IDABORT: // exit with the current HRESULT
ExitFunction();
case IDRETRY: // clean up and retry the loop
hr = S_FALSE;
break;
case IDIGNORE: // pass S_FALSE back to the caller, who knows how to ignore the failure
ExitFunction1(hr = S_FALSE);
default: // No UI, so default is to fail.
ExitFunction();
}
}
} while (S_FALSE == hr);
*ppfwProfile = pfwProfile;
pfwProfile = NULL;
LExit:
ReleaseObject(pfwPolicy);
ReleaseObject(pfwMgr);
ReleaseObject(pfwProfile);
return hr;
}
HRESULT WindowsFirewallInitialize(OUT INetFwProfile** fwProfile)
{
HRESULT hr = S_OK;
INetFwMgr* fwMgr = NULL;
INetFwPolicy* fwPolicy = NULL;
_ASSERT(fwProfile != NULL);
*fwProfile = NULL;
// Create an instance of the firewall settings manager.
hr = CoCreateInstance(
__uuidof(NetFwMgr),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwMgr),
(void**)&fwMgr
);
if (FAILED(hr))
{
goto error;
}
// Retrieve the local firewall policy.
hr = fwMgr->get_LocalPolicy(&fwPolicy);
if (FAILED(hr))
{
goto error;
}
// Retrieve the firewall profile currently in effect.
hr = fwPolicy->get_CurrentProfile(fwProfile);
if (FAILED(hr))
{
goto error;
}
error:
// Release the local firewall policy.
if (fwPolicy != NULL)
{
fwPolicy->Release();
}
// Release the firewall settings manager.
if (fwMgr != NULL)
{
fwMgr->Release();
}
return hr;
}
int CheckFirewallPortState(long number, NET_FW_IP_PROTOCOL protocol)
{
INetFwMgr *imgr = NULL;
INetFwPolicy *ipol = NULL;
INetFwProfile *iprof = NULL;
HRESULT hr = S_OK;
VARIANT_BOOL portenabled = 0; // false
int result = 0; // error
hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr);
if(FAILED(hr))
return 0;
hr = S_FALSE;
if(imgr->get_LocalPolicy(&ipol) == S_OK)
{
if(ipol->get_CurrentProfile(&iprof) == S_OK)
{
INetFwOpenPorts *iports = NULL;
if(iprof->get_GloballyOpenPorts(&iports) == S_OK)
{
INetFwOpenPort *iport = NULL;
hr = iports->Item(number, protocol, &iport);
if(SUCCEEDED(hr))
{
hr = iport->get_Enabled(&portenabled);
iport->Release();
}
iports->Release();
}
iprof->Release();
}
ipol->Release();
}
imgr->Release();
if(hr == S_OK)
{
if(portenabled)
result = 1;
else
result = -1;
}
return result;
}
FW_ERROR_CODE WinXPSP2FireWall::Initialize()
{
HRESULT hr = S_FALSE;
INetFwMgr* fwMgr = nullptr;
INetFwPolicy* fwPolicy = nullptr;
FW_ERROR_CODE ret = FW_NOERROR;
try
{
if( m_pFireWallProfile )
throw FW_ERR_INITIALIZED;
// Create an instance of the firewall settings manager.
hr = CoCreateInstance( CLSID_NetFwMgr, nullptr, CLSCTX_INPROC_SERVER, IID_INetFwMgr, (void**)&fwMgr );
if( FAILED( hr ))
throw FW_ERR_CREATE_SETTING_MANAGER;
// Retrieve the local firewall policy.
hr = fwMgr->get_LocalPolicy( &fwPolicy );
if( FAILED( hr ))
throw FW_ERR_LOCAL_POLICY;
// Retrieve the firewall profile currently in effect
hr = fwPolicy->get_CurrentProfile( &m_pFireWallProfile );
if( FAILED( hr ))
throw FW_ERR_PROFILE;
}
catch( FW_ERROR_CODE nError)
{
ret = nError;
}
if( fwPolicy )
fwPolicy->Release();
if( fwMgr )
fwMgr->Release();
return ret;
}
static bool IsIcfEnabled(void)
{
HRESULT hr;
VARIANT_BOOL fwEnabled = VARIANT_FALSE;
INetFwProfile* fwProfile = NULL;
INetFwMgr* fwMgr = NULL;
INetFwPolicy* fwPolicy = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
BSTR fwBstrProcessImageFileName = NULL;
wchar_t *wszFileName = NULL;
hr = CoInitialize(NULL);
if (FAILED(hr)) return false;
// Create an instance of the firewall settings manager.
hr = CoCreateInstance(CLSID_NetFwMgr, NULL, CLSCTX_INPROC_SERVER,
IID_INetFwMgr, (void**)&fwMgr );
if (FAILED(hr)) goto error;
// Retrieve the local firewall policy.
hr = fwMgr->get_LocalPolicy(&fwPolicy);
if (FAILED(hr)) goto error;
// Retrieve the firewall profile currently in effect.
hr = fwPolicy->get_CurrentProfile(&fwProfile);
if (FAILED(hr)) goto error;
// Get the current state of the firewall.
hr = fwProfile->get_FirewallEnabled(&fwEnabled);
if (FAILED(hr)) goto error;
if (fwEnabled == VARIANT_FALSE) goto error;
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr)) goto error;
TCHAR szFileName[MAX_PATH];
GetModuleFileName(NULL, szFileName, SIZEOF(szFileName));
wszFileName = mir_t2u(szFileName);
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(wszFileName);
if (FAILED(hr)) goto error;
// Attempt to retrieve the authorized application.
hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp);
if (SUCCEEDED(hr))
{
// Find out if the authorized application is enabled.
fwApp->get_Enabled(&fwEnabled);
fwEnabled = ~fwEnabled;
}
error:
// Free the BSTR.
SysFreeString(fwBstrProcessImageFileName);
mir_free(wszFileName);
// Release the authorized application instance.
if (fwApp != NULL) fwApp->Release();
// Release the authorized application collection.
if (fwApps != NULL) fwApps->Release();
// Release the firewall profile.
if (fwProfile != NULL) fwProfile->Release();
// Release the local firewall policy.
if (fwPolicy != NULL) fwPolicy->Release();
// Release the firewall settings manager.
if (fwMgr != NULL) fwMgr->Release();
CoUninitialize();
return fwEnabled != VARIANT_FALSE;
}
bool ControlUPnPPorts(bool open)
{
INetFwMgr *imgr = NULL;
INetFwPolicy *ipol = NULL;
INetFwProfile *iprof = NULL;
HRESULT hr = S_OK;
bool port2869 = false;
bool port1900 = false;
hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr);
if(FAILED(hr))
return false;
if(imgr->get_LocalPolicy(&ipol) == S_OK)
{
if(ipol->get_CurrentProfile(&iprof) == S_OK)
{
INetFwOpenPorts *iports = NULL;
if(iprof->get_GloballyOpenPorts(&iports) == S_OK)
{
INetFwOpenPort *iport = NULL;
VARIANT_BOOL portenabled = open ? -1 : 0;
hr = iports->Item(2869L, NET_FW_IP_PROTOCOL_TCP, &iport);
if(FAILED(hr))
{
hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport);
if(SUCCEEDED(hr))
{
iport->put_Name(L"UPnP TCP 2869");
iport->put_Port(2869L);
iport->put_Protocol(NET_FW_IP_PROTOCOL_TCP);
iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET);
hr = iports->Add(iport);
}
}
if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK)
{
debug("TCP 2869 enabled");
port2869 = true;
}
if(iport)
iport->Release();
hr = iports->Item(1900L, NET_FW_IP_PROTOCOL_UDP, &iport);
if(FAILED(hr))
{
hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport);
if(SUCCEEDED(hr))
{
iport->put_Name(L"UPnP UDP 1900");
iport->put_Port(1900L);
iport->put_Protocol(NET_FW_IP_PROTOCOL_UDP);
iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET);
hr = iports->Add(iport);
}
}
if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK)
{
debug("UDP 1900 enabled");
port1900 = true;
}
if(iport)
iport->Release();
iports->Release();
}
iprof->Release();
}
ipol->Release();
}
imgr->Release();
return port2869 & port1900;
}
HRESULT WindowsFirewallInitialize(OUT INetFwProfile** fwProfile, BOOL bInvokeUAE)
{
HRESULT hr = S_OK;
INetFwMgr* fwMgr = NULL;
INetFwPolicy* fwPolicy = NULL;
assert(fwProfile != NULL);
*fwProfile = NULL;
if(bInvokeUAE)
hr = CoCreateInstanceAsAdmin(NULL, __uuidof(NetFwMgr),
__uuidof(INetFwMgr), (void**)&fwMgr);
else
{
// Create an instance of the firewall settings manager.
hr = CoCreateInstance(
__uuidof(NetFwMgr),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwMgr),
(void**)&fwMgr
);
}
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("CoCreateInstance failed: 0x%08lx\n"), hr);
goto error;
}
// Retrieve the local firewall policy.
hr = fwMgr->get_LocalPolicy(&fwPolicy);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("get_LocalPolicy failed: 0x%08lx\n"), hr);
goto error;
}
// Retrieve the firewall profile currently in effect.
hr = fwPolicy->get_CurrentProfile(fwProfile);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("get_CurrentProfile failed: 0x%08lx\n"), hr);
goto error;
}
error:
// Release the local firewall policy.
if (fwPolicy != NULL)
{
fwPolicy->Release();
}
// Release the firewall settings manager.
if (fwMgr != NULL)
{
fwMgr->Release();
}
return hr;
}
