/******************************************************************
RemoveApplicationExceptionFromCurrentProfile
********************************************************************/
static HRESULT RemoveApplicationExceptionFromCurrentProfile(
__in LPCWSTR wzFile,
__in BOOL fIgnoreFailures
)
{
HRESULT hr = S_OK;
INetFwProfile* pfwProfile = NULL;
INetFwAuthorizedApplications* pfwApps = NULL;
// convert to BSTRs to make COM happy
BSTR bstrFile = ::SysAllocString(wzFile);
ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path");
// get the firewall profile, which is our entry point for removing exceptions
hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
ExitOnFailure(hr, "failed to get firewall profile");
if (S_FALSE == hr) // user or package author chose to ignore missing firewall
{
ExitFunction();
}
// now get the list of app exceptions and remove the one
hr = pfwProfile->get_AuthorizedApplications(&pfwApps);
ExitOnFailure(hr, "failed to get list of authorized apps");
hr = pfwApps->Remove(bstrFile);
ExitOnFailure(hr, "failed to remove authorized app");
LExit:
ReleaseBSTR(bstrFile);
ReleaseObject(pfwApps);
ReleaseObject(pfwProfile);
return fIgnoreFailures ? S_OK : hr;
}
/******************************************************************
RemovePortExceptionFromCurrentProfile
********************************************************************/
static HRESULT RemovePortExceptionFromCurrentProfile(
__in int iPort,
__in int iProtocol,
__in BOOL fIgnoreFailures
)
{
HRESULT hr = S_OK;
INetFwProfile* pfwProfile = NULL;
INetFwOpenPorts* pfwPorts = NULL;
// get the firewall profile, which is our entry point for adding exceptions
hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
ExitOnFailure(hr, "failed to get firewall profile");
if (S_FALSE == hr) // user or package author chose to ignore missing firewall
{
ExitFunction();
}
hr = pfwProfile->get_GloballyOpenPorts(&pfwPorts);
ExitOnFailure(hr, "failed to get open ports");
hr = pfwPorts->Remove(iPort, static_cast<NET_FW_IP_PROTOCOL>(iProtocol));
ExitOnFailure2(hr, "failed to remove open port %d, protocol %d", iPort, iProtocol);
LExit:
return fIgnoreFailures ? S_OK : hr;
}
int CheckFirewallPortState(long number, NET_FW_IP_PROTOCOL protocol)
{
INetFwMgr *imgr = NULL;
INetFwPolicy *ipol = NULL;
INetFwProfile *iprof = NULL;
HRESULT hr = S_OK;
VARIANT_BOOL portenabled = 0; // false
int result = 0; // error
hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr);
if(FAILED(hr))
return 0;
hr = S_FALSE;
if(imgr->get_LocalPolicy(&ipol) == S_OK)
{
if(ipol->get_CurrentProfile(&iprof) == S_OK)
{
INetFwOpenPorts *iports = NULL;
if(iprof->get_GloballyOpenPorts(&iports) == S_OK)
{
INetFwOpenPort *iport = NULL;
hr = iports->Item(number, protocol, &iport);
if(SUCCEEDED(hr))
{
hr = iport->get_Enabled(&portenabled);
iport->Release();
}
iports->Release();
}
iprof->Release();
}
ipol->Release();
}
imgr->Release();
if(hr == S_OK)
{
if(portenabled)
result = 1;
else
result = -1;
}
return result;
}
/******************************************************************
AddPortExceptionOnCurrentProfile
********************************************************************/
static HRESULT AddPortExceptionOnCurrentProfile(
__in LPCWSTR wzName,
__in_opt LPCWSTR wzRemoteAddresses,
__in BOOL fIgnoreFailures,
__in int iPort,
__in int iProtocol
)
{
HRESULT hr = S_OK;
BSTR bstrName = NULL;
BSTR bstrRemoteAddresses = NULL;
INetFwProfile* pfwProfile = NULL;
INetFwOpenPorts* pfwPorts = NULL;
INetFwOpenPort* pfwPort = NULL;
// convert to BSTRs to make COM happy
bstrName = ::SysAllocString(wzName);
ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name");
bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses);
ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses");
// create and initialize a new open port object
hr = ::CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), reinterpret_cast<void**>(&pfwPort));
ExitOnFailure(hr, "failed to create new open port");
hr = pfwPort->put_Port(iPort);
ExitOnFailure(hr, "failed to set exception port");
hr = pfwPort->put_Protocol(static_cast<NET_FW_IP_PROTOCOL>(iProtocol));
ExitOnFailure(hr, "failed to set exception protocol");
if (bstrRemoteAddresses && *bstrRemoteAddresses)
{
hr = pfwPort->put_RemoteAddresses(bstrRemoteAddresses);
ExitOnFailure1(hr, "failed to set exception remote addresses '%ls'", bstrRemoteAddresses);
}
hr = pfwPort->put_Name(bstrName);
ExitOnFailure(hr, "failed to set exception name");
// get the firewall profile, its current list of open ports, and add ours
hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
ExitOnFailure(hr, "failed to get firewall profile");
if (S_FALSE == hr) // user or package author chose to ignore missing firewall
{
ExitFunction();
}
hr = pfwProfile->get_GloballyOpenPorts(&pfwPorts);
ExitOnFailure(hr, "failed to get open ports");
hr = pfwPorts->Add(pfwPort);
ExitOnFailure(hr, "failed to add exception to global list");
LExit:
ReleaseBSTR(bstrRemoteAddresses);
ReleaseBSTR(bstrName);
ReleaseObject(pfwProfile);
ReleaseObject(pfwPorts);
ReleaseObject(pfwPort);
return fIgnoreFailures ? S_OK : hr;
}
/******************************************************************
AddApplicationExceptionOnCurrentProfile
********************************************************************/
static HRESULT AddApplicationExceptionOnCurrentProfile(
__in LPCWSTR wzFile,
__in LPCWSTR wzName,
__in_opt LPCWSTR wzRemoteAddresses,
__in BOOL fIgnoreFailures
)
{
HRESULT hr = S_OK;
BSTR bstrFile = NULL;
BSTR bstrName = NULL;
BSTR bstrRemoteAddresses = NULL;
INetFwProfile* pfwProfile = NULL;
INetFwAuthorizedApplications* pfwApps = NULL;
INetFwAuthorizedApplication* pfwApp = NULL;
// convert to BSTRs to make COM happy
bstrFile = ::SysAllocString(wzFile);
ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path");
bstrName = ::SysAllocString(wzName);
ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name");
bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses);
ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses");
// get the firewall profile, which is our entry point for adding exceptions
hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
ExitOnFailure(hr, "failed to get firewall profile");
if (S_FALSE == hr) // user or package author chose to ignore missing firewall
{
ExitFunction();
}
// first, let's see if the app is already on the exception list
hr = pfwProfile->get_AuthorizedApplications(&pfwApps);
ExitOnFailure(hr, "failed to get list of authorized apps");
// try to find it (i.e., support reinstall)
hr = pfwApps->Item(bstrFile, &pfwApp);
if (HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) == hr)
{
// not found, so we get to add it
hr = ::CoCreateInstance(__uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), reinterpret_cast<void**>(&pfwApp));
ExitOnFailure(hr, "failed to create authorized app");
// set the display name
hr = pfwApp->put_Name(bstrName);
ExitOnFailure(hr, "failed to set authorized app name");
// set path
hr = pfwApp->put_ProcessImageFileName(bstrFile);
ExitOnFailure(hr, "failed to set authorized app path");
// set the allowed remote addresses
if (bstrRemoteAddresses && *bstrRemoteAddresses)
{
hr = pfwApp->put_RemoteAddresses(bstrRemoteAddresses);
ExitOnFailure(hr, "failed to set authorized app remote addresses");
}
// add it to the list of authorized apps
hr = pfwApps->Add(pfwApp);
ExitOnFailure(hr, "failed to add app to the authorized apps list");
}
else
{
// we found an existing app exception (if we succeeded, that is)
ExitOnFailure(hr, "failed trying to find existing app");
// enable it (just in case it was disabled)
pfwApp->put_Enabled(VARIANT_TRUE);
}
LExit:
ReleaseBSTR(bstrRemoteAddresses);
ReleaseBSTR(bstrName);
ReleaseBSTR(bstrFile);
ReleaseObject(pfwApp);
ReleaseObject(pfwApps);
ReleaseObject(pfwProfile);
return fIgnoreFailures ? S_OK : hr;
}
static bool IsIcfEnabled(void)
{
HRESULT hr;
VARIANT_BOOL fwEnabled = VARIANT_FALSE;
INetFwProfile* fwProfile = NULL;
INetFwMgr* fwMgr = NULL;
INetFwPolicy* fwPolicy = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
BSTR fwBstrProcessImageFileName = NULL;
wchar_t *wszFileName = NULL;
hr = CoInitialize(NULL);
if (FAILED(hr)) return false;
// Create an instance of the firewall settings manager.
hr = CoCreateInstance(CLSID_NetFwMgr, NULL, CLSCTX_INPROC_SERVER,
IID_INetFwMgr, (void**)&fwMgr );
if (FAILED(hr)) goto error;
// Retrieve the local firewall policy.
hr = fwMgr->get_LocalPolicy(&fwPolicy);
if (FAILED(hr)) goto error;
// Retrieve the firewall profile currently in effect.
hr = fwPolicy->get_CurrentProfile(&fwProfile);
if (FAILED(hr)) goto error;
// Get the current state of the firewall.
hr = fwProfile->get_FirewallEnabled(&fwEnabled);
if (FAILED(hr)) goto error;
if (fwEnabled == VARIANT_FALSE) goto error;
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr)) goto error;
TCHAR szFileName[MAX_PATH];
GetModuleFileName(NULL, szFileName, SIZEOF(szFileName));
wszFileName = mir_t2u(szFileName);
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(wszFileName);
if (FAILED(hr)) goto error;
// Attempt to retrieve the authorized application.
hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp);
if (SUCCEEDED(hr))
{
// Find out if the authorized application is enabled.
fwApp->get_Enabled(&fwEnabled);
fwEnabled = ~fwEnabled;
}
error:
// Free the BSTR.
SysFreeString(fwBstrProcessImageFileName);
mir_free(wszFileName);
// Release the authorized application instance.
if (fwApp != NULL) fwApp->Release();
// Release the authorized application collection.
if (fwApps != NULL) fwApps->Release();
// Release the firewall profile.
if (fwProfile != NULL) fwProfile->Release();
// Release the local firewall policy.
if (fwPolicy != NULL) fwPolicy->Release();
// Release the firewall settings manager.
if (fwMgr != NULL) fwMgr->Release();
CoUninitialize();
return fwEnabled != VARIANT_FALSE;
}
bool ControlUPnPPorts(bool open)
{
INetFwMgr *imgr = NULL;
INetFwPolicy *ipol = NULL;
INetFwProfile *iprof = NULL;
HRESULT hr = S_OK;
bool port2869 = false;
bool port1900 = false;
hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr);
if(FAILED(hr))
return false;
if(imgr->get_LocalPolicy(&ipol) == S_OK)
{
if(ipol->get_CurrentProfile(&iprof) == S_OK)
{
INetFwOpenPorts *iports = NULL;
if(iprof->get_GloballyOpenPorts(&iports) == S_OK)
{
INetFwOpenPort *iport = NULL;
VARIANT_BOOL portenabled = open ? -1 : 0;
hr = iports->Item(2869L, NET_FW_IP_PROTOCOL_TCP, &iport);
if(FAILED(hr))
{
hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport);
if(SUCCEEDED(hr))
{
iport->put_Name(L"UPnP TCP 2869");
iport->put_Port(2869L);
iport->put_Protocol(NET_FW_IP_PROTOCOL_TCP);
iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET);
hr = iports->Add(iport);
}
}
if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK)
{
debug("TCP 2869 enabled");
port2869 = true;
}
if(iport)
iport->Release();
hr = iports->Item(1900L, NET_FW_IP_PROTOCOL_UDP, &iport);
if(FAILED(hr))
{
hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport);
if(SUCCEEDED(hr))
{
iport->put_Name(L"UPnP UDP 1900");
iport->put_Port(1900L);
iport->put_Protocol(NET_FW_IP_PROTOCOL_UDP);
iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET);
hr = iports->Add(iport);
}
}
if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK)
{
debug("UDP 1900 enabled");
port1900 = true;
}
if(iport)
iport->Release();
iports->Release();
}
iprof->Release();
}
ipol->Release();
}
imgr->Release();
return port2869 & port1900;
}
