FW_ERROR_CODE WinXPSP2FireWall::AddApplication( const wchar_t* lpszProcessImageFileName, const wchar_t* lpszRegisterName ) { FW_ERROR_CODE ret = FW_NOERROR; HRESULT hr; BOOL bAppEnable; BSTR bstrProcessImageFileName = nullptr; BSTR bstrRegisterName = nullptr; INetFwAuthorizedApplication* pFWApp = nullptr; INetFwAuthorizedApplications* pFWApps = nullptr; try { if( m_pFireWallProfile == nullptr ) throw FW_ERR_INITIALIZED; if( lpszProcessImageFileName == nullptr || lpszRegisterName == nullptr ) throw FW_ERR_INVALID_ARG; // First of all, check the application is already authorized; FW_ERROR_CODE nError = this->IsAppEnabled( lpszProcessImageFileName, bAppEnable ); if( nError != FW_NOERROR ) throw nError; // Only add the application if it isn't authorized if( bAppEnable == FALSE ) { // Retrieve the authorized application collection hr = m_pFireWallProfile->get_AuthorizedApplications( &pFWApps ); if( FAILED( hr )) throw FW_ERR_AUTH_APPLICATIONS; // Create an instance of an authorized application hr = CoCreateInstance( CLSID_NetFwAuthorizedApplication, nullptr, CLSCTX_INPROC_SERVER, IID_INetFwAuthorizedApplication, (void**)&pFWApp); if( FAILED( hr )) throw FW_ERR_CREATE_APP_INSTANCE; // Allocate a BSTR for the Process Image FileName bstrProcessImageFileName = SysAllocString( lpszProcessImageFileName ); if( SysStringLen( bstrProcessImageFileName ) == 0) throw FW_ERR_SYS_ALLOC_STRING; // Set the process image file name hr = pFWApp->put_ProcessImageFileName( bstrProcessImageFileName ); if( FAILED( hr ) ) throw FW_ERR_PUT_PROCESS_IMAGE_NAME; // Allocate a BSTR for register name bstrRegisterName = SysAllocString( lpszRegisterName ); if( SysStringLen( bstrRegisterName ) == 0) throw FW_ERR_SYS_ALLOC_STRING; // Set a registered name of the process hr = pFWApp->put_Name( bstrRegisterName ); if( FAILED( hr )) throw FW_ERR_PUT_REGISTER_NAME; // Add the application to the collection hr = pFWApps->Add( pFWApp ); if( FAILED( hr )) throw FW_ERR_ADD_TO_COLLECTION; } } catch( FW_ERROR_CODE nError ) { ret = nError; } SysFreeString( bstrProcessImageFileName ); SysFreeString( bstrRegisterName ); if( pFWApp ) pFWApp->Release(); if( pFWApps ) pFWApps->Release(); return ret; }
HRESULT WindowsFirewallAddApp( IN INetFwProfile* fwProfile, IN const wchar_t* fwProcessImageFileName, IN const wchar_t* fwName ) { HRESULT hr = S_OK; BOOL fwAppEnabled; BSTR fwBstrName = NULL; BSTR fwBstrProcessImageFileName = NULL; INetFwAuthorizedApplication* fwApp = NULL; INetFwAuthorizedApplications* fwApps = NULL; _ASSERT(fwProfile != NULL); _ASSERT(fwProcessImageFileName != NULL); _ASSERT(fwName != NULL); // First check to see if the application is already authorized. hr = WindowsFirewallAppIsEnabled( fwProfile, fwProcessImageFileName, &fwAppEnabled ); if (FAILED(hr)) { goto error; } // Only add the application if it isn't already authorized. if (!fwAppEnabled) { // Retrieve the authorized application collection. hr = fwProfile->get_AuthorizedApplications(&fwApps); if (FAILED(hr)) { goto error; } // Create an instance of an authorized application. hr = CoCreateInstance( __uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), (void**)&fwApp ); if (FAILED(hr)) { goto error; } // Allocate a BSTR for the process image file name. fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName); if (fwBstrProcessImageFileName == NULL) { hr = E_OUTOFMEMORY; goto error; } // Set the process image file name. hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName); if (FAILED(hr)) { goto error; } // Allocate a BSTR for the application friendly name. fwBstrName = SysAllocString(fwName); if (SysStringLen(fwBstrName) == 0) { hr = E_OUTOFMEMORY; goto error; } // Set the application friendly name. hr = fwApp->put_Name(fwBstrName); if (FAILED(hr)) { goto error; } // Add the application to the collection. hr = fwApps->Add(fwApp); if (FAILED(hr)) { goto error; } } error: // Free the BSTRs. SysFreeString(fwBstrName); SysFreeString(fwBstrProcessImageFileName); // Release the authorized application instance. if (fwApp != NULL) { fwApp->Release(); } // Release the authorized application collection. if (fwApps != NULL) { fwApps->Release(); } return hr; }
/****************************************************************** AddApplicationExceptionOnCurrentProfile ********************************************************************/ static HRESULT AddApplicationExceptionOnCurrentProfile( __in LPCWSTR wzFile, __in LPCWSTR wzName, __in_opt LPCWSTR wzRemoteAddresses, __in BOOL fIgnoreFailures ) { HRESULT hr = S_OK; BSTR bstrFile = NULL; BSTR bstrName = NULL; BSTR bstrRemoteAddresses = NULL; INetFwProfile* pfwProfile = NULL; INetFwAuthorizedApplications* pfwApps = NULL; INetFwAuthorizedApplication* pfwApp = NULL; // convert to BSTRs to make COM happy bstrFile = ::SysAllocString(wzFile); ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path"); bstrName = ::SysAllocString(wzName); ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name"); bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses); ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses"); // get the firewall profile, which is our entry point for adding exceptions hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile); ExitOnFailure(hr, "failed to get firewall profile"); if (S_FALSE == hr) // user or package author chose to ignore missing firewall { ExitFunction(); } // first, let's see if the app is already on the exception list hr = pfwProfile->get_AuthorizedApplications(&pfwApps); ExitOnFailure(hr, "failed to get list of authorized apps"); // try to find it (i.e., support reinstall) hr = pfwApps->Item(bstrFile, &pfwApp); if (HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) == hr) { // not found, so we get to add it hr = ::CoCreateInstance(__uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), reinterpret_cast<void**>(&pfwApp)); ExitOnFailure(hr, "failed to create authorized app"); // set the display name hr = pfwApp->put_Name(bstrName); ExitOnFailure(hr, "failed to set authorized app name"); // set path hr = pfwApp->put_ProcessImageFileName(bstrFile); ExitOnFailure(hr, "failed to set authorized app path"); // set the allowed remote addresses if (bstrRemoteAddresses && *bstrRemoteAddresses) { hr = pfwApp->put_RemoteAddresses(bstrRemoteAddresses); ExitOnFailure(hr, "failed to set authorized app remote addresses"); } // add it to the list of authorized apps hr = pfwApps->Add(pfwApp); ExitOnFailure(hr, "failed to add app to the authorized apps list"); } else { // we found an existing app exception (if we succeeded, that is) ExitOnFailure(hr, "failed trying to find existing app"); // enable it (just in case it was disabled) pfwApp->put_Enabled(VARIANT_TRUE); } LExit: ReleaseBSTR(bstrRemoteAddresses); ReleaseBSTR(bstrName); ReleaseBSTR(bstrFile); ReleaseObject(pfwApp); ReleaseObject(pfwApps); ReleaseObject(pfwProfile); return fIgnoreFailures ? S_OK : hr; }
HRESULT WindowsFirewallAddApp( IN INetFwProfile* fwProfile, IN const wchar_t* fwProcessImageFileName, IN const wchar_t* fwName ) { HRESULT hr = S_OK; BOOL fwAppEnabled; BSTR fwBstrName = NULL; BSTR fwBstrProcessImageFileName = NULL; INetFwAuthorizedApplication* fwApp = NULL; INetFwAuthorizedApplications* fwApps = NULL; assert(fwProfile != NULL); assert(fwProcessImageFileName != NULL); assert(fwName != NULL); // First check to see if the application is already authorized. hr = WindowsFirewallAppIsEnabled( fwProfile, fwProcessImageFileName, &fwAppEnabled ); if (FAILED(hr)) { MYTRACE(ACE_TEXT("WindowsFirewallAppIsEnabled failed: 0x%08lx\n"), hr); goto error; } // Only add the application if it isn't already authorized. if (!fwAppEnabled) { // Retrieve the authorized application collection. hr = fwProfile->get_AuthorizedApplications(&fwApps); if (FAILED(hr)) { MYTRACE(ACE_TEXT("get_AuthorizedApplications failed: 0x%08lx\n"), hr); goto error; } // Create an instance of an authorized application. hr = CoCreateInstance( __uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), (void**)&fwApp ); if (FAILED(hr)) { MYTRACE(ACE_TEXT("CoCreateInstance failed: 0x%08lx\n"), hr); goto error; } // Allocate a BSTR for the process image file name. fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName); if (fwBstrProcessImageFileName == NULL) { hr = E_OUTOFMEMORY; MYTRACE(ACE_TEXT("SysAllocString failed: 0x%08lx\n"), hr); goto error; } // Set the process image file name. hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName); if (FAILED(hr)) { MYTRACE(ACE_TEXT("put_ProcessImageFileName failed: 0x%08lx\n"), hr); goto error; } // Allocate a BSTR for the application friendly name. fwBstrName = SysAllocString(fwName); if (SysStringLen(fwBstrName) == 0) { hr = E_OUTOFMEMORY; MYTRACE(ACE_TEXT("SysAllocString failed: 0x%08lx\n"), hr); goto error; } // Set the application friendly name. hr = fwApp->put_Name(fwBstrName); if (FAILED(hr)) { MYTRACE(ACE_TEXT("put_Name failed: 0x%08lx\n"), hr); goto error; } // Set scope (added by bdr -- begin) //hr = fwApp->put_Scope(NET_FW_SCOPE_ALL); //if (FAILED(hr)) //{ // MYTRACE(ACE_TEXT("put_Scope failed: 0x%08lx\n"), hr); // goto error; //} //hr = fwApp->put_RemoteAddresses(L"*"); //if (FAILED(hr)) //{ // MYTRACE(ACE_TEXT("put_Scope failed: 0x%08lx\n"), hr); // goto error; //} // Set scope (added by bdr -- end) // Add the application to the collection. hr = fwApps->Add(fwApp); if (FAILED(hr)) { MYTRACE(ACE_TEXT("Add failed: 0x%08lx\n"), hr); goto error; } MYTRACE(ACE_TEXT( "Authorized application %lS is now enabled in the firewall.\n"), fwProcessImageFileName ); } error: // Free the BSTRs. SysFreeString(fwBstrName); SysFreeString(fwBstrProcessImageFileName); // Release the authorized application instance. if (fwApp != NULL) { fwApp->Release(); } // Release the authorized application collection. if (fwApps != NULL) { fwApps->Release(); } return hr; }