/****************************************************************** RemoveApplicationExceptionFromCurrentProfile ********************************************************************/ static HRESULT RemoveApplicationExceptionFromCurrentProfile( __in LPCWSTR wzFile, __in BOOL fIgnoreFailures ) { HRESULT hr = S_OK; INetFwProfile* pfwProfile = NULL; INetFwAuthorizedApplications* pfwApps = NULL; // convert to BSTRs to make COM happy BSTR bstrFile = ::SysAllocString(wzFile); ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path"); // get the firewall profile, which is our entry point for removing exceptions hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile); ExitOnFailure(hr, "failed to get firewall profile"); if (S_FALSE == hr) // user or package author chose to ignore missing firewall { ExitFunction(); } // now get the list of app exceptions and remove the one hr = pfwProfile->get_AuthorizedApplications(&pfwApps); ExitOnFailure(hr, "failed to get list of authorized apps"); hr = pfwApps->Remove(bstrFile); ExitOnFailure(hr, "failed to remove authorized app"); LExit: ReleaseBSTR(bstrFile); ReleaseObject(pfwApps); ReleaseObject(pfwProfile); return fIgnoreFailures ? S_OK : hr; }
/****************************************************************** RemovePortExceptionFromCurrentProfile ********************************************************************/ static HRESULT RemovePortExceptionFromCurrentProfile( __in int iPort, __in int iProtocol, __in BOOL fIgnoreFailures ) { HRESULT hr = S_OK; INetFwProfile* pfwProfile = NULL; INetFwOpenPorts* pfwPorts = NULL; // get the firewall profile, which is our entry point for adding exceptions hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile); ExitOnFailure(hr, "failed to get firewall profile"); if (S_FALSE == hr) // user or package author chose to ignore missing firewall { ExitFunction(); } hr = pfwProfile->get_GloballyOpenPorts(&pfwPorts); ExitOnFailure(hr, "failed to get open ports"); hr = pfwPorts->Remove(iPort, static_cast<NET_FW_IP_PROTOCOL>(iProtocol)); ExitOnFailure2(hr, "failed to remove open port %d, protocol %d", iPort, iProtocol); LExit: return fIgnoreFailures ? S_OK : hr; }
int CheckFirewallPortState(long number, NET_FW_IP_PROTOCOL protocol) { INetFwMgr *imgr = NULL; INetFwPolicy *ipol = NULL; INetFwProfile *iprof = NULL; HRESULT hr = S_OK; VARIANT_BOOL portenabled = 0; // false int result = 0; // error hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr); if(FAILED(hr)) return 0; hr = S_FALSE; if(imgr->get_LocalPolicy(&ipol) == S_OK) { if(ipol->get_CurrentProfile(&iprof) == S_OK) { INetFwOpenPorts *iports = NULL; if(iprof->get_GloballyOpenPorts(&iports) == S_OK) { INetFwOpenPort *iport = NULL; hr = iports->Item(number, protocol, &iport); if(SUCCEEDED(hr)) { hr = iport->get_Enabled(&portenabled); iport->Release(); } iports->Release(); } iprof->Release(); } ipol->Release(); } imgr->Release(); if(hr == S_OK) { if(portenabled) result = 1; else result = -1; } return result; }
/****************************************************************** AddPortExceptionOnCurrentProfile ********************************************************************/ static HRESULT AddPortExceptionOnCurrentProfile( __in LPCWSTR wzName, __in_opt LPCWSTR wzRemoteAddresses, __in BOOL fIgnoreFailures, __in int iPort, __in int iProtocol ) { HRESULT hr = S_OK; BSTR bstrName = NULL; BSTR bstrRemoteAddresses = NULL; INetFwProfile* pfwProfile = NULL; INetFwOpenPorts* pfwPorts = NULL; INetFwOpenPort* pfwPort = NULL; // convert to BSTRs to make COM happy bstrName = ::SysAllocString(wzName); ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name"); bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses); ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses"); // create and initialize a new open port object hr = ::CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), reinterpret_cast<void**>(&pfwPort)); ExitOnFailure(hr, "failed to create new open port"); hr = pfwPort->put_Port(iPort); ExitOnFailure(hr, "failed to set exception port"); hr = pfwPort->put_Protocol(static_cast<NET_FW_IP_PROTOCOL>(iProtocol)); ExitOnFailure(hr, "failed to set exception protocol"); if (bstrRemoteAddresses && *bstrRemoteAddresses) { hr = pfwPort->put_RemoteAddresses(bstrRemoteAddresses); ExitOnFailure1(hr, "failed to set exception remote addresses '%ls'", bstrRemoteAddresses); } hr = pfwPort->put_Name(bstrName); ExitOnFailure(hr, "failed to set exception name"); // get the firewall profile, its current list of open ports, and add ours hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile); ExitOnFailure(hr, "failed to get firewall profile"); if (S_FALSE == hr) // user or package author chose to ignore missing firewall { ExitFunction(); } hr = pfwProfile->get_GloballyOpenPorts(&pfwPorts); ExitOnFailure(hr, "failed to get open ports"); hr = pfwPorts->Add(pfwPort); ExitOnFailure(hr, "failed to add exception to global list"); LExit: ReleaseBSTR(bstrRemoteAddresses); ReleaseBSTR(bstrName); ReleaseObject(pfwProfile); ReleaseObject(pfwPorts); ReleaseObject(pfwPort); return fIgnoreFailures ? S_OK : hr; }
/****************************************************************** AddApplicationExceptionOnCurrentProfile ********************************************************************/ static HRESULT AddApplicationExceptionOnCurrentProfile( __in LPCWSTR wzFile, __in LPCWSTR wzName, __in_opt LPCWSTR wzRemoteAddresses, __in BOOL fIgnoreFailures ) { HRESULT hr = S_OK; BSTR bstrFile = NULL; BSTR bstrName = NULL; BSTR bstrRemoteAddresses = NULL; INetFwProfile* pfwProfile = NULL; INetFwAuthorizedApplications* pfwApps = NULL; INetFwAuthorizedApplication* pfwApp = NULL; // convert to BSTRs to make COM happy bstrFile = ::SysAllocString(wzFile); ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path"); bstrName = ::SysAllocString(wzName); ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name"); bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses); ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses"); // get the firewall profile, which is our entry point for adding exceptions hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile); ExitOnFailure(hr, "failed to get firewall profile"); if (S_FALSE == hr) // user or package author chose to ignore missing firewall { ExitFunction(); } // first, let's see if the app is already on the exception list hr = pfwProfile->get_AuthorizedApplications(&pfwApps); ExitOnFailure(hr, "failed to get list of authorized apps"); // try to find it (i.e., support reinstall) hr = pfwApps->Item(bstrFile, &pfwApp); if (HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) == hr) { // not found, so we get to add it hr = ::CoCreateInstance(__uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), reinterpret_cast<void**>(&pfwApp)); ExitOnFailure(hr, "failed to create authorized app"); // set the display name hr = pfwApp->put_Name(bstrName); ExitOnFailure(hr, "failed to set authorized app name"); // set path hr = pfwApp->put_ProcessImageFileName(bstrFile); ExitOnFailure(hr, "failed to set authorized app path"); // set the allowed remote addresses if (bstrRemoteAddresses && *bstrRemoteAddresses) { hr = pfwApp->put_RemoteAddresses(bstrRemoteAddresses); ExitOnFailure(hr, "failed to set authorized app remote addresses"); } // add it to the list of authorized apps hr = pfwApps->Add(pfwApp); ExitOnFailure(hr, "failed to add app to the authorized apps list"); } else { // we found an existing app exception (if we succeeded, that is) ExitOnFailure(hr, "failed trying to find existing app"); // enable it (just in case it was disabled) pfwApp->put_Enabled(VARIANT_TRUE); } LExit: ReleaseBSTR(bstrRemoteAddresses); ReleaseBSTR(bstrName); ReleaseBSTR(bstrFile); ReleaseObject(pfwApp); ReleaseObject(pfwApps); ReleaseObject(pfwProfile); return fIgnoreFailures ? S_OK : hr; }
static bool IsIcfEnabled(void) { HRESULT hr; VARIANT_BOOL fwEnabled = VARIANT_FALSE; INetFwProfile* fwProfile = NULL; INetFwMgr* fwMgr = NULL; INetFwPolicy* fwPolicy = NULL; INetFwAuthorizedApplication* fwApp = NULL; INetFwAuthorizedApplications* fwApps = NULL; BSTR fwBstrProcessImageFileName = NULL; wchar_t *wszFileName = NULL; hr = CoInitialize(NULL); if (FAILED(hr)) return false; // Create an instance of the firewall settings manager. hr = CoCreateInstance(CLSID_NetFwMgr, NULL, CLSCTX_INPROC_SERVER, IID_INetFwMgr, (void**)&fwMgr ); if (FAILED(hr)) goto error; // Retrieve the local firewall policy. hr = fwMgr->get_LocalPolicy(&fwPolicy); if (FAILED(hr)) goto error; // Retrieve the firewall profile currently in effect. hr = fwPolicy->get_CurrentProfile(&fwProfile); if (FAILED(hr)) goto error; // Get the current state of the firewall. hr = fwProfile->get_FirewallEnabled(&fwEnabled); if (FAILED(hr)) goto error; if (fwEnabled == VARIANT_FALSE) goto error; // Retrieve the authorized application collection. hr = fwProfile->get_AuthorizedApplications(&fwApps); if (FAILED(hr)) goto error; TCHAR szFileName[MAX_PATH]; GetModuleFileName(NULL, szFileName, SIZEOF(szFileName)); wszFileName = mir_t2u(szFileName); // Allocate a BSTR for the process image file name. fwBstrProcessImageFileName = SysAllocString(wszFileName); if (FAILED(hr)) goto error; // Attempt to retrieve the authorized application. hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp); if (SUCCEEDED(hr)) { // Find out if the authorized application is enabled. fwApp->get_Enabled(&fwEnabled); fwEnabled = ~fwEnabled; } error: // Free the BSTR. SysFreeString(fwBstrProcessImageFileName); mir_free(wszFileName); // Release the authorized application instance. if (fwApp != NULL) fwApp->Release(); // Release the authorized application collection. if (fwApps != NULL) fwApps->Release(); // Release the firewall profile. if (fwProfile != NULL) fwProfile->Release(); // Release the local firewall policy. if (fwPolicy != NULL) fwPolicy->Release(); // Release the firewall settings manager. if (fwMgr != NULL) fwMgr->Release(); CoUninitialize(); return fwEnabled != VARIANT_FALSE; }
bool ControlUPnPPorts(bool open) { INetFwMgr *imgr = NULL; INetFwPolicy *ipol = NULL; INetFwProfile *iprof = NULL; HRESULT hr = S_OK; bool port2869 = false; bool port1900 = false; hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr); if(FAILED(hr)) return false; if(imgr->get_LocalPolicy(&ipol) == S_OK) { if(ipol->get_CurrentProfile(&iprof) == S_OK) { INetFwOpenPorts *iports = NULL; if(iprof->get_GloballyOpenPorts(&iports) == S_OK) { INetFwOpenPort *iport = NULL; VARIANT_BOOL portenabled = open ? -1 : 0; hr = iports->Item(2869L, NET_FW_IP_PROTOCOL_TCP, &iport); if(FAILED(hr)) { hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport); if(SUCCEEDED(hr)) { iport->put_Name(L"UPnP TCP 2869"); iport->put_Port(2869L); iport->put_Protocol(NET_FW_IP_PROTOCOL_TCP); iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET); hr = iports->Add(iport); } } if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK) { debug("TCP 2869 enabled"); port2869 = true; } if(iport) iport->Release(); hr = iports->Item(1900L, NET_FW_IP_PROTOCOL_UDP, &iport); if(FAILED(hr)) { hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport); if(SUCCEEDED(hr)) { iport->put_Name(L"UPnP UDP 1900"); iport->put_Port(1900L); iport->put_Protocol(NET_FW_IP_PROTOCOL_UDP); iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET); hr = iports->Add(iport); } } if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK) { debug("UDP 1900 enabled"); port1900 = true; } if(iport) iport->Release(); iports->Release(); } iprof->Release(); } ipol->Release(); } imgr->Release(); return port2869 & port1900; }