예제 #1
0
FW_ERROR_CODE WinXPSP2FireWall::AddApplication( const wchar_t* lpszProcessImageFileName, const wchar_t* lpszRegisterName )
{
	FW_ERROR_CODE ret = FW_NOERROR;
	HRESULT hr;
	BOOL bAppEnable;
	BSTR bstrProcessImageFileName = nullptr;
	BSTR bstrRegisterName = nullptr;
	INetFwAuthorizedApplication* pFWApp = nullptr;
	INetFwAuthorizedApplications* pFWApps = nullptr;

	try
	{
		if( m_pFireWallProfile == nullptr )
			throw FW_ERR_INITIALIZED;
		if( lpszProcessImageFileName == nullptr || lpszRegisterName  == nullptr )
			throw FW_ERR_INVALID_ARG;

		// First of all, check the application is already authorized;
		FW_ERROR_CODE  nError = this->IsAppEnabled( lpszProcessImageFileName, bAppEnable );
		if( nError != FW_NOERROR )
			throw nError;

		// Only add the application if it isn't authorized
		if( bAppEnable == FALSE )
		{
			// Retrieve the authorized application collection
			hr = m_pFireWallProfile->get_AuthorizedApplications( &pFWApps );
			if( FAILED( hr ))
				throw FW_ERR_AUTH_APPLICATIONS;

			// Create an instance of an authorized application
			hr = CoCreateInstance( CLSID_NetFwAuthorizedApplication, nullptr, CLSCTX_INPROC_SERVER, IID_INetFwAuthorizedApplication, (void**)&pFWApp);
			if( FAILED( hr ))
				throw FW_ERR_CREATE_APP_INSTANCE;

			// Allocate a BSTR for the Process Image FileName
			bstrProcessImageFileName = SysAllocString( lpszProcessImageFileName );
			if( SysStringLen( bstrProcessImageFileName ) == 0)
				throw FW_ERR_SYS_ALLOC_STRING;

			// Set the process image file name
			hr = pFWApp->put_ProcessImageFileName( bstrProcessImageFileName );
			if( FAILED( hr ) )
				throw FW_ERR_PUT_PROCESS_IMAGE_NAME;

			// Allocate a BSTR for register name
			bstrRegisterName = SysAllocString( lpszRegisterName );
			if( SysStringLen( bstrRegisterName ) == 0)
				throw FW_ERR_SYS_ALLOC_STRING;
			// Set a registered name of the process
			hr = pFWApp->put_Name( bstrRegisterName );
			if( FAILED( hr ))
				throw FW_ERR_PUT_REGISTER_NAME;

			// Add the application to the collection
			hr = pFWApps->Add( pFWApp );
			if( FAILED( hr ))
				throw FW_ERR_ADD_TO_COLLECTION;
		}
	}
	catch( FW_ERROR_CODE nError )
	{
		ret = nError;
	}

	SysFreeString( bstrProcessImageFileName );
	SysFreeString( bstrRegisterName );

	if( pFWApp )
		pFWApp->Release();
	if( pFWApps )
		pFWApps->Release();

	return ret;
}
예제 #2
0
HRESULT WindowsFirewallAddApp(
            IN INetFwProfile* fwProfile,
            IN const wchar_t* fwProcessImageFileName,
            IN const wchar_t* fwName
            )
{
    HRESULT hr = S_OK;
    BOOL fwAppEnabled;
    BSTR fwBstrName = NULL;
    BSTR fwBstrProcessImageFileName = NULL;
    INetFwAuthorizedApplication* fwApp = NULL;
    INetFwAuthorizedApplications* fwApps = NULL;

    _ASSERT(fwProfile != NULL);
    _ASSERT(fwProcessImageFileName != NULL);
    _ASSERT(fwName != NULL);

    // First check to see if the application is already authorized.
    hr = WindowsFirewallAppIsEnabled(
            fwProfile,
            fwProcessImageFileName,
            &fwAppEnabled
            );
    if (FAILED(hr))
    {
        goto error;
    }

    // Only add the application if it isn't already authorized.
    if (!fwAppEnabled)
    {
        // Retrieve the authorized application collection.
        hr = fwProfile->get_AuthorizedApplications(&fwApps);
        if (FAILED(hr))
        {
            goto error;
        }

        // Create an instance of an authorized application.
        hr = CoCreateInstance(
                __uuidof(NetFwAuthorizedApplication),
                NULL,
                CLSCTX_INPROC_SERVER,
                __uuidof(INetFwAuthorizedApplication),
                (void**)&fwApp
                );
        if (FAILED(hr))
        {
            goto error;
        }

        // Allocate a BSTR for the process image file name.
        fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
        if (fwBstrProcessImageFileName == NULL)
        {
            hr = E_OUTOFMEMORY;
            goto error;
        }

        // Set the process image file name.
        hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName);
        if (FAILED(hr))
        {
            goto error;
        }

        // Allocate a BSTR for the application friendly name.
        fwBstrName = SysAllocString(fwName);
        if (SysStringLen(fwBstrName) == 0)
        {
            hr = E_OUTOFMEMORY;
            goto error;
        }

        // Set the application friendly name.
        hr = fwApp->put_Name(fwBstrName);
        if (FAILED(hr))
        {
            goto error;
        }

        // Add the application to the collection.
        hr = fwApps->Add(fwApp);
        if (FAILED(hr))
        {
            goto error;
        }
    }

error:

    // Free the BSTRs.
    SysFreeString(fwBstrName);
    SysFreeString(fwBstrProcessImageFileName);

    // Release the authorized application instance.
    if (fwApp != NULL)
    {
        fwApp->Release();
    }

    // Release the authorized application collection.
    if (fwApps != NULL)
    {
        fwApps->Release();
    }

    return hr;
}
예제 #3
0
파일: firewall.cpp 프로젝트: BobSilent/wix3
/******************************************************************
 AddApplicationExceptionOnCurrentProfile

********************************************************************/
static HRESULT AddApplicationExceptionOnCurrentProfile(
    __in LPCWSTR wzFile, 
    __in LPCWSTR wzName, 
    __in_opt LPCWSTR wzRemoteAddresses,
    __in BOOL fIgnoreFailures
    )
{
    HRESULT hr = S_OK;
    BSTR bstrFile = NULL;
    BSTR bstrName = NULL;
    BSTR bstrRemoteAddresses = NULL;
    INetFwProfile* pfwProfile = NULL;
    INetFwAuthorizedApplications* pfwApps = NULL;
    INetFwAuthorizedApplication* pfwApp = NULL;

    // convert to BSTRs to make COM happy
    bstrFile = ::SysAllocString(wzFile);
    ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path");
    bstrName = ::SysAllocString(wzName);
    ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name");
    bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses);
    ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses");

    // get the firewall profile, which is our entry point for adding exceptions
    hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
    ExitOnFailure(hr, "failed to get firewall profile");
    if (S_FALSE == hr) // user or package author chose to ignore missing firewall
    {
        ExitFunction();
    }

    // first, let's see if the app is already on the exception list
    hr = pfwProfile->get_AuthorizedApplications(&pfwApps);
    ExitOnFailure(hr, "failed to get list of authorized apps");

    // try to find it (i.e., support reinstall)
    hr = pfwApps->Item(bstrFile, &pfwApp);
    if (HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) == hr)
    {
        // not found, so we get to add it
        hr = ::CoCreateInstance(__uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), reinterpret_cast<void**>(&pfwApp));
        ExitOnFailure(hr, "failed to create authorized app");

        // set the display name
        hr = pfwApp->put_Name(bstrName);
        ExitOnFailure(hr, "failed to set authorized app name");

        // set path
        hr = pfwApp->put_ProcessImageFileName(bstrFile);
        ExitOnFailure(hr, "failed to set authorized app path");

        // set the allowed remote addresses
        if (bstrRemoteAddresses && *bstrRemoteAddresses)
        {
            hr = pfwApp->put_RemoteAddresses(bstrRemoteAddresses);
            ExitOnFailure(hr, "failed to set authorized app remote addresses");
        }

        // add it to the list of authorized apps
        hr = pfwApps->Add(pfwApp);
        ExitOnFailure(hr, "failed to add app to the authorized apps list");
    }
    else
    {
        // we found an existing app exception (if we succeeded, that is)
        ExitOnFailure(hr, "failed trying to find existing app");

        // enable it (just in case it was disabled)
        pfwApp->put_Enabled(VARIANT_TRUE);
    }

LExit:
    ReleaseBSTR(bstrRemoteAddresses);
    ReleaseBSTR(bstrName);
    ReleaseBSTR(bstrFile);
    ReleaseObject(pfwApp);
    ReleaseObject(pfwApps);
    ReleaseObject(pfwProfile);

    return fIgnoreFailures ? S_OK : hr;
}
예제 #4
0
HRESULT WindowsFirewallAddApp(
    IN INetFwProfile* fwProfile,
    IN const wchar_t* fwProcessImageFileName,
    IN const wchar_t* fwName
    )
{
    HRESULT hr = S_OK;
    BOOL fwAppEnabled;
    BSTR fwBstrName = NULL;
    BSTR fwBstrProcessImageFileName = NULL;
    INetFwAuthorizedApplication* fwApp = NULL;
    INetFwAuthorizedApplications* fwApps = NULL;

    assert(fwProfile != NULL);
    assert(fwProcessImageFileName != NULL);
    assert(fwName != NULL);

    // First check to see if the application is already authorized.
    hr = WindowsFirewallAppIsEnabled(
        fwProfile,
        fwProcessImageFileName,
        &fwAppEnabled
        );
    if (FAILED(hr))
    {
        MYTRACE(ACE_TEXT("WindowsFirewallAppIsEnabled failed: 0x%08lx\n"), hr);
        goto error;
    }

    // Only add the application if it isn't already authorized.
    if (!fwAppEnabled)
    {
        // Retrieve the authorized application collection.
        hr = fwProfile->get_AuthorizedApplications(&fwApps);
        if (FAILED(hr))
        {
            MYTRACE(ACE_TEXT("get_AuthorizedApplications failed: 0x%08lx\n"), hr);
            goto error;
        }

        // Create an instance of an authorized application.
        hr = CoCreateInstance(
            __uuidof(NetFwAuthorizedApplication),
            NULL,
            CLSCTX_INPROC_SERVER,
            __uuidof(INetFwAuthorizedApplication),
            (void**)&fwApp
            );
        if (FAILED(hr))
        {
            MYTRACE(ACE_TEXT("CoCreateInstance failed: 0x%08lx\n"), hr);
            goto error;
        }

        // Allocate a BSTR for the process image file name.
        fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
        if (fwBstrProcessImageFileName == NULL)
        {
            hr = E_OUTOFMEMORY;
            MYTRACE(ACE_TEXT("SysAllocString failed: 0x%08lx\n"), hr);
            goto error;
        }

        // Set the process image file name.
        hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName);
        if (FAILED(hr))
        {
            MYTRACE(ACE_TEXT("put_ProcessImageFileName failed: 0x%08lx\n"), hr);
            goto error;
        }

        // Allocate a BSTR for the application friendly name.
        fwBstrName = SysAllocString(fwName);
        if (SysStringLen(fwBstrName) == 0)
        {
            hr = E_OUTOFMEMORY;
            MYTRACE(ACE_TEXT("SysAllocString failed: 0x%08lx\n"), hr);
            goto error;
        }

        // Set the application friendly name.
        hr = fwApp->put_Name(fwBstrName);
        if (FAILED(hr))
        {
            MYTRACE(ACE_TEXT("put_Name failed: 0x%08lx\n"), hr);
            goto error;
        }

        // Set scope (added by bdr -- begin)
        //hr = fwApp->put_Scope(NET_FW_SCOPE_ALL);
        //if (FAILED(hr))
        //{
        //    MYTRACE(ACE_TEXT("put_Scope failed: 0x%08lx\n"), hr);
        //    goto error;
        //}

        //hr = fwApp->put_RemoteAddresses(L"*");
        //if (FAILED(hr))
        //{
        //    MYTRACE(ACE_TEXT("put_Scope failed: 0x%08lx\n"), hr);
        //    goto error;
        //}
        // Set scope (added by bdr -- end)


        // Add the application to the collection.
        hr = fwApps->Add(fwApp);
        if (FAILED(hr))
        {
            MYTRACE(ACE_TEXT("Add failed: 0x%08lx\n"), hr);
            goto error;
        }

        MYTRACE(ACE_TEXT(
            "Authorized application %lS is now enabled in the firewall.\n"),
            fwProcessImageFileName
            );
    }

error:

    // Free the BSTRs.
    SysFreeString(fwBstrName);
    SysFreeString(fwBstrProcessImageFileName);

    // Release the authorized application instance.
    if (fwApp != NULL)
    {
        fwApp->Release();
    }

    // Release the authorized application collection.
    if (fwApps != NULL)
    {
        fwApps->Release();
    }

    return hr;
}