/******************************************************************
RemoveApplicationExceptionFromCurrentProfile
********************************************************************/
static HRESULT RemoveApplicationExceptionFromCurrentProfile(
__in LPCWSTR wzFile,
__in BOOL fIgnoreFailures
)
{
HRESULT hr = S_OK;
INetFwProfile* pfwProfile = NULL;
INetFwAuthorizedApplications* pfwApps = NULL;
// convert to BSTRs to make COM happy
BSTR bstrFile = ::SysAllocString(wzFile);
ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path");
// get the firewall profile, which is our entry point for removing exceptions
hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
ExitOnFailure(hr, "failed to get firewall profile");
if (S_FALSE == hr) // user or package author chose to ignore missing firewall
{
ExitFunction();
}
// now get the list of app exceptions and remove the one
hr = pfwProfile->get_AuthorizedApplications(&pfwApps);
ExitOnFailure(hr, "failed to get list of authorized apps");
hr = pfwApps->Remove(bstrFile);
ExitOnFailure(hr, "failed to remove authorized app");
LExit:
ReleaseBSTR(bstrFile);
ReleaseObject(pfwApps);
ReleaseObject(pfwProfile);
return fIgnoreFailures ? S_OK : hr;
}
FW_ERROR_CODE WinXPSP2FireWall::IsAppEnabled( const wchar_t* lpszProcessImageFileName, BOOL& bEnable )
{
FW_ERROR_CODE ret = FW_NOERROR;
HRESULT hr;
BSTR bstrFWProcessImageFileName = nullptr;
VARIANT_BOOL bFWEnabled;
INetFwAuthorizedApplication* pFWApp = nullptr;
INetFwAuthorizedApplications* pFWApps = nullptr;
bEnable = FALSE;
try
{
if( m_pFireWallProfile == nullptr )
throw FW_ERR_INITIALIZED;
if( lpszProcessImageFileName == nullptr )
throw FW_ERR_INVALID_ARG;
hr = m_pFireWallProfile->get_AuthorizedApplications( &pFWApps );
if( FAILED( hr ))
throw FW_ERR_AUTH_APPLICATIONS;
// Allocate a BSTR for the process image file name
bstrFWProcessImageFileName = SysAllocString( lpszProcessImageFileName );
if( SysStringLen( bstrFWProcessImageFileName ) == 0)
throw FW_ERR_SYS_ALLOC_STRING;
hr = pFWApps->Item( bstrFWProcessImageFileName, &pFWApp);
// If FAILED, the appliacation is not in the collection list
if( SUCCEEDED( hr ))
{
// Find out if the authorized application is enabled
hr = pFWApp->get_Enabled( &bFWEnabled );
if( FAILED( hr ))
throw FW_ERR_APP_ENABLED;
if( bFWEnabled == VARIANT_TRUE )
bEnable = TRUE;
}
}
catch( FW_ERROR_CODE nError )
{
ret = nError;
}
// Free the BSTR
SysFreeString( bstrFWProcessImageFileName );
// Release memories to retrieve the information of the application
if( pFWApp )
pFWApp->Release();
if( pFWApps )
pFWApps->Release();
return ret;
}
FW_ERROR_CODE WinXPSP2FireWall::RemoveApplication( const wchar_t* lpszProcessImageFileName )
{
FW_ERROR_CODE ret = FW_NOERROR;
HRESULT hr;
BOOL bAppEnable;
BSTR bstrProcessImageFileName = nullptr;
INetFwAuthorizedApplications* pFWApps = nullptr;
try
{
if( m_pFireWallProfile == nullptr )
throw FW_ERR_INITIALIZED;
if( lpszProcessImageFileName == nullptr )
throw FW_ERR_INVALID_ARG;
FW_ERROR_CODE nError = this->IsAppEnabled( lpszProcessImageFileName, bAppEnable );
if( nError != FW_NOERROR )
throw nError;
// Only remove the application if it is authorized
if( bAppEnable == TRUE )
{
// Retrieve the authorized application collection
hr = m_pFireWallProfile->get_AuthorizedApplications( &pFWApps );
if( FAILED( hr ))
throw FW_ERR_AUTH_APPLICATIONS;
// Allocate a BSTR for the Process Image FileName
bstrProcessImageFileName = SysAllocString( lpszProcessImageFileName );
if( SysStringLen( bstrProcessImageFileName ) == 0)
throw FW_ERR_SYS_ALLOC_STRING;
hr = pFWApps->Remove( bstrProcessImageFileName );
if( FAILED( hr ))
throw FW_ERR_REMOVE_FROM_COLLECTION;
}
}
catch( FW_ERROR_CODE nError)
{
ret = nError;
}
SysFreeString( bstrProcessImageFileName);
if( pFWApps )
pFWApps->Release();
return ret;
}
FW_ERROR_CODE WinXPSP2FireWall::AddApplication( const wchar_t* lpszProcessImageFileName, const wchar_t* lpszRegisterName )
{
FW_ERROR_CODE ret = FW_NOERROR;
HRESULT hr;
BOOL bAppEnable;
BSTR bstrProcessImageFileName = nullptr;
BSTR bstrRegisterName = nullptr;
INetFwAuthorizedApplication* pFWApp = nullptr;
INetFwAuthorizedApplications* pFWApps = nullptr;
try
{
if( m_pFireWallProfile == nullptr )
throw FW_ERR_INITIALIZED;
if( lpszProcessImageFileName == nullptr || lpszRegisterName == nullptr )
throw FW_ERR_INVALID_ARG;
// First of all, check the application is already authorized;
FW_ERROR_CODE nError = this->IsAppEnabled( lpszProcessImageFileName, bAppEnable );
if( nError != FW_NOERROR )
throw nError;
// Only add the application if it isn't authorized
if( bAppEnable == FALSE )
{
// Retrieve the authorized application collection
hr = m_pFireWallProfile->get_AuthorizedApplications( &pFWApps );
if( FAILED( hr ))
throw FW_ERR_AUTH_APPLICATIONS;
// Create an instance of an authorized application
hr = CoCreateInstance( CLSID_NetFwAuthorizedApplication, nullptr, CLSCTX_INPROC_SERVER, IID_INetFwAuthorizedApplication, (void**)&pFWApp);
if( FAILED( hr ))
throw FW_ERR_CREATE_APP_INSTANCE;
// Allocate a BSTR for the Process Image FileName
bstrProcessImageFileName = SysAllocString( lpszProcessImageFileName );
if( SysStringLen( bstrProcessImageFileName ) == 0)
throw FW_ERR_SYS_ALLOC_STRING;
// Set the process image file name
hr = pFWApp->put_ProcessImageFileName( bstrProcessImageFileName );
if( FAILED( hr ) )
throw FW_ERR_PUT_PROCESS_IMAGE_NAME;
// Allocate a BSTR for register name
bstrRegisterName = SysAllocString( lpszRegisterName );
if( SysStringLen( bstrRegisterName ) == 0)
throw FW_ERR_SYS_ALLOC_STRING;
// Set a registered name of the process
hr = pFWApp->put_Name( bstrRegisterName );
if( FAILED( hr ))
throw FW_ERR_PUT_REGISTER_NAME;
// Add the application to the collection
hr = pFWApps->Add( pFWApp );
if( FAILED( hr ))
throw FW_ERR_ADD_TO_COLLECTION;
}
}
catch( FW_ERROR_CODE nError )
{
ret = nError;
}
SysFreeString( bstrProcessImageFileName );
SysFreeString( bstrRegisterName );
if( pFWApp )
pFWApp->Release();
if( pFWApps )
pFWApps->Release();
return ret;
}
/******************************************************************
AddApplicationExceptionOnCurrentProfile
********************************************************************/
static HRESULT AddApplicationExceptionOnCurrentProfile(
__in LPCWSTR wzFile,
__in LPCWSTR wzName,
__in_opt LPCWSTR wzRemoteAddresses,
__in BOOL fIgnoreFailures
)
{
HRESULT hr = S_OK;
BSTR bstrFile = NULL;
BSTR bstrName = NULL;
BSTR bstrRemoteAddresses = NULL;
INetFwProfile* pfwProfile = NULL;
INetFwAuthorizedApplications* pfwApps = NULL;
INetFwAuthorizedApplication* pfwApp = NULL;
// convert to BSTRs to make COM happy
bstrFile = ::SysAllocString(wzFile);
ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path");
bstrName = ::SysAllocString(wzName);
ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name");
bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses);
ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses");
// get the firewall profile, which is our entry point for adding exceptions
hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
ExitOnFailure(hr, "failed to get firewall profile");
if (S_FALSE == hr) // user or package author chose to ignore missing firewall
{
ExitFunction();
}
// first, let's see if the app is already on the exception list
hr = pfwProfile->get_AuthorizedApplications(&pfwApps);
ExitOnFailure(hr, "failed to get list of authorized apps");
// try to find it (i.e., support reinstall)
hr = pfwApps->Item(bstrFile, &pfwApp);
if (HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) == hr)
{
// not found, so we get to add it
hr = ::CoCreateInstance(__uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), reinterpret_cast<void**>(&pfwApp));
ExitOnFailure(hr, "failed to create authorized app");
// set the display name
hr = pfwApp->put_Name(bstrName);
ExitOnFailure(hr, "failed to set authorized app name");
// set path
hr = pfwApp->put_ProcessImageFileName(bstrFile);
ExitOnFailure(hr, "failed to set authorized app path");
// set the allowed remote addresses
if (bstrRemoteAddresses && *bstrRemoteAddresses)
{
hr = pfwApp->put_RemoteAddresses(bstrRemoteAddresses);
ExitOnFailure(hr, "failed to set authorized app remote addresses");
}
// add it to the list of authorized apps
hr = pfwApps->Add(pfwApp);
ExitOnFailure(hr, "failed to add app to the authorized apps list");
}
else
{
// we found an existing app exception (if we succeeded, that is)
ExitOnFailure(hr, "failed trying to find existing app");
// enable it (just in case it was disabled)
pfwApp->put_Enabled(VARIANT_TRUE);
}
LExit:
ReleaseBSTR(bstrRemoteAddresses);
ReleaseBSTR(bstrName);
ReleaseBSTR(bstrFile);
ReleaseObject(pfwApp);
ReleaseObject(pfwApps);
ReleaseObject(pfwProfile);
return fIgnoreFailures ? S_OK : hr;
}
static bool IsIcfEnabled(void)
{
HRESULT hr;
VARIANT_BOOL fwEnabled = VARIANT_FALSE;
INetFwProfile* fwProfile = NULL;
INetFwMgr* fwMgr = NULL;
INetFwPolicy* fwPolicy = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
BSTR fwBstrProcessImageFileName = NULL;
wchar_t *wszFileName = NULL;
hr = CoInitialize(NULL);
if (FAILED(hr)) return false;
// Create an instance of the firewall settings manager.
hr = CoCreateInstance(CLSID_NetFwMgr, NULL, CLSCTX_INPROC_SERVER,
IID_INetFwMgr, (void**)&fwMgr );
if (FAILED(hr)) goto error;
// Retrieve the local firewall policy.
hr = fwMgr->get_LocalPolicy(&fwPolicy);
if (FAILED(hr)) goto error;
// Retrieve the firewall profile currently in effect.
hr = fwPolicy->get_CurrentProfile(&fwProfile);
if (FAILED(hr)) goto error;
// Get the current state of the firewall.
hr = fwProfile->get_FirewallEnabled(&fwEnabled);
if (FAILED(hr)) goto error;
if (fwEnabled == VARIANT_FALSE) goto error;
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr)) goto error;
TCHAR szFileName[MAX_PATH];
GetModuleFileName(NULL, szFileName, SIZEOF(szFileName));
wszFileName = mir_t2u(szFileName);
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(wszFileName);
if (FAILED(hr)) goto error;
// Attempt to retrieve the authorized application.
hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp);
if (SUCCEEDED(hr))
{
// Find out if the authorized application is enabled.
fwApp->get_Enabled(&fwEnabled);
fwEnabled = ~fwEnabled;
}
error:
// Free the BSTR.
SysFreeString(fwBstrProcessImageFileName);
mir_free(wszFileName);
// Release the authorized application instance.
if (fwApp != NULL) fwApp->Release();
// Release the authorized application collection.
if (fwApps != NULL) fwApps->Release();
// Release the firewall profile.
if (fwProfile != NULL) fwProfile->Release();
// Release the local firewall policy.
if (fwPolicy != NULL) fwPolicy->Release();
// Release the firewall settings manager.
if (fwMgr != NULL) fwMgr->Release();
CoUninitialize();
return fwEnabled != VARIANT_FALSE;
}
HRESULT WindowsFirewallAddApp(
IN INetFwProfile* fwProfile,
IN const wchar_t* fwProcessImageFileName,
IN const wchar_t* fwName
)
{
HRESULT hr = S_OK;
BOOL fwAppEnabled;
BSTR fwBstrName = NULL;
BSTR fwBstrProcessImageFileName = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
_ASSERT(fwProfile != NULL);
_ASSERT(fwProcessImageFileName != NULL);
_ASSERT(fwName != NULL);
// First check to see if the application is already authorized.
hr = WindowsFirewallAppIsEnabled(
fwProfile,
fwProcessImageFileName,
&fwAppEnabled
);
if (FAILED(hr))
{
goto error;
}
// Only add the application if it isn't already authorized.
if (!fwAppEnabled)
{
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr))
{
goto error;
}
// Create an instance of an authorized application.
hr = CoCreateInstance(
__uuidof(NetFwAuthorizedApplication),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwAuthorizedApplication),
(void**)&fwApp
);
if (FAILED(hr))
{
goto error;
}
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
if (fwBstrProcessImageFileName == NULL)
{
hr = E_OUTOFMEMORY;
goto error;
}
// Set the process image file name.
hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName);
if (FAILED(hr))
{
goto error;
}
// Allocate a BSTR for the application friendly name.
fwBstrName = SysAllocString(fwName);
if (SysStringLen(fwBstrName) == 0)
{
hr = E_OUTOFMEMORY;
goto error;
}
// Set the application friendly name.
hr = fwApp->put_Name(fwBstrName);
if (FAILED(hr))
{
goto error;
}
// Add the application to the collection.
hr = fwApps->Add(fwApp);
if (FAILED(hr))
{
goto error;
}
}
error:
// Free the BSTRs.
SysFreeString(fwBstrName);
SysFreeString(fwBstrProcessImageFileName);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
// Release the authorized application collection.
if (fwApps != NULL)
{
fwApps->Release();
}
return hr;
}
HRESULT WindowsFirewallAppIsEnabled(
IN INetFwProfile* fwProfile,
IN const wchar_t* fwProcessImageFileName,
OUT BOOL* fwAppEnabled
)
{
HRESULT hr = S_OK;
BSTR fwBstrProcessImageFileName = NULL;
VARIANT_BOOL fwEnabled;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
_ASSERT(fwProfile != NULL);
_ASSERT(fwProcessImageFileName != NULL);
_ASSERT(fwAppEnabled != NULL);
*fwAppEnabled = FALSE;
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr))
{
goto error;
}
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
if (fwBstrProcessImageFileName == NULL)
{
hr = E_OUTOFMEMORY;
goto error;
}
// Attempt to retrieve the authorized application.
hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp);
if (SUCCEEDED(hr))
{
// Find out if the authorized application is enabled.
hr = fwApp->get_Enabled(&fwEnabled);
if (FAILED(hr))
{
goto error;
}
if (fwEnabled != VARIANT_FALSE)
{
// The authorized application is enabled.
*fwAppEnabled = TRUE;
}
else
{
}
}
else
{
// The authorized application was not in the collection.
hr = S_OK;
}
error:
// Free the BSTR.
SysFreeString(fwBstrProcessImageFileName);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
// Release the authorized application collection.
if (fwApps != NULL)
{
fwApps->Release();
}
return hr;
}
HRESULT WindowsFirewallRemoveApp(
IN INetFwProfile* fwProfile,
IN const wchar_t* fwProcessImageFileName
)
{
HRESULT hr = S_OK;
BOOL fwAppEnabled;
BSTR fwBstrName = NULL;
BSTR fwBstrProcessImageFileName = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
assert(fwProfile != NULL);
assert(fwProcessImageFileName != NULL);
// First check to see if the application is already authorized.
hr = WindowsFirewallAppIsEnabled(
fwProfile,
fwProcessImageFileName,
&fwAppEnabled
);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("WindowsFirewallAppIsEnabled failed: 0x%08lx\n"), hr);
goto error;
}
// Only remove the application if it is already authorized.
if (fwAppEnabled)
{
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("get_AuthorizedApplications failed: 0x%08lx\n"), hr);
goto error;
}
// Create an instance of an authorized application.
hr = CoCreateInstance(
__uuidof(NetFwAuthorizedApplication),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwAuthorizedApplication),
(void**)&fwApp
);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("CoCreateInstance failed: 0x%08lx\n"), hr);
goto error;
}
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
if (fwBstrProcessImageFileName == NULL)
{
hr = E_OUTOFMEMORY;
MYTRACE(ACE_TEXT("SysAllocString failed: 0x%08lx\n"), hr);
goto error;
}
// Add the application to the collection.
hr = fwApps->Remove(fwBstrProcessImageFileName);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("Add failed: 0x%08lx\n"), hr);
goto error;
}
MYTRACE(ACE_TEXT(
"Authorized application %lS is now removed in the firewall.\n"),
fwProcessImageFileName
);
}
error:
// Free the BSTRs.
SysFreeString(fwBstrName);
SysFreeString(fwBstrProcessImageFileName);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
// Release the authorized application collection.
if (fwApps != NULL)
{
fwApps->Release();
}
return hr;
}
HRESULT WindowsFirewallAddApp(
IN INetFwProfile* fwProfile,
IN const wchar_t* fwProcessImageFileName,
IN const wchar_t* fwName
)
{
HRESULT hr = S_OK;
BOOL fwAppEnabled;
BSTR fwBstrName = NULL;
BSTR fwBstrProcessImageFileName = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
assert(fwProfile != NULL);
assert(fwProcessImageFileName != NULL);
assert(fwName != NULL);
// First check to see if the application is already authorized.
hr = WindowsFirewallAppIsEnabled(
fwProfile,
fwProcessImageFileName,
&fwAppEnabled
);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("WindowsFirewallAppIsEnabled failed: 0x%08lx\n"), hr);
goto error;
}
// Only add the application if it isn't already authorized.
if (!fwAppEnabled)
{
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("get_AuthorizedApplications failed: 0x%08lx\n"), hr);
goto error;
}
// Create an instance of an authorized application.
hr = CoCreateInstance(
__uuidof(NetFwAuthorizedApplication),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwAuthorizedApplication),
(void**)&fwApp
);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("CoCreateInstance failed: 0x%08lx\n"), hr);
goto error;
}
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
if (fwBstrProcessImageFileName == NULL)
{
hr = E_OUTOFMEMORY;
MYTRACE(ACE_TEXT("SysAllocString failed: 0x%08lx\n"), hr);
goto error;
}
// Set the process image file name.
hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("put_ProcessImageFileName failed: 0x%08lx\n"), hr);
goto error;
}
// Allocate a BSTR for the application friendly name.
fwBstrName = SysAllocString(fwName);
if (SysStringLen(fwBstrName) == 0)
{
hr = E_OUTOFMEMORY;
MYTRACE(ACE_TEXT("SysAllocString failed: 0x%08lx\n"), hr);
goto error;
}
// Set the application friendly name.
hr = fwApp->put_Name(fwBstrName);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("put_Name failed: 0x%08lx\n"), hr);
goto error;
}
// Set scope (added by bdr -- begin)
//hr = fwApp->put_Scope(NET_FW_SCOPE_ALL);
//if (FAILED(hr))
//{
// MYTRACE(ACE_TEXT("put_Scope failed: 0x%08lx\n"), hr);
// goto error;
//}
//hr = fwApp->put_RemoteAddresses(L"*");
//if (FAILED(hr))
//{
// MYTRACE(ACE_TEXT("put_Scope failed: 0x%08lx\n"), hr);
// goto error;
//}
// Set scope (added by bdr -- end)
// Add the application to the collection.
hr = fwApps->Add(fwApp);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("Add failed: 0x%08lx\n"), hr);
goto error;
}
MYTRACE(ACE_TEXT(
"Authorized application %lS is now enabled in the firewall.\n"),
fwProcessImageFileName
);
}
error:
// Free the BSTRs.
SysFreeString(fwBstrName);
SysFreeString(fwBstrProcessImageFileName);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
// Release the authorized application collection.
if (fwApps != NULL)
{
fwApps->Release();
}
return hr;
}