FW_ERROR_CODE WinXPSP2FireWall::IsAppEnabled( const wchar_t* lpszProcessImageFileName, BOOL& bEnable )
{
FW_ERROR_CODE ret = FW_NOERROR;
HRESULT hr;
BSTR bstrFWProcessImageFileName = nullptr;
VARIANT_BOOL bFWEnabled;
INetFwAuthorizedApplication* pFWApp = nullptr;
INetFwAuthorizedApplications* pFWApps = nullptr;
bEnable = FALSE;
try
{
if( m_pFireWallProfile == nullptr )
throw FW_ERR_INITIALIZED;
if( lpszProcessImageFileName == nullptr )
throw FW_ERR_INVALID_ARG;
hr = m_pFireWallProfile->get_AuthorizedApplications( &pFWApps );
if( FAILED( hr ))
throw FW_ERR_AUTH_APPLICATIONS;
// Allocate a BSTR for the process image file name
bstrFWProcessImageFileName = SysAllocString( lpszProcessImageFileName );
if( SysStringLen( bstrFWProcessImageFileName ) == 0)
throw FW_ERR_SYS_ALLOC_STRING;
hr = pFWApps->Item( bstrFWProcessImageFileName, &pFWApp);
// If FAILED, the appliacation is not in the collection list
if( SUCCEEDED( hr ))
{
// Find out if the authorized application is enabled
hr = pFWApp->get_Enabled( &bFWEnabled );
if( FAILED( hr ))
throw FW_ERR_APP_ENABLED;
if( bFWEnabled == VARIANT_TRUE )
bEnable = TRUE;
}
}
catch( FW_ERROR_CODE nError )
{
ret = nError;
}
// Free the BSTR
SysFreeString( bstrFWProcessImageFileName );
// Release memories to retrieve the information of the application
if( pFWApp )
pFWApp->Release();
if( pFWApps )
pFWApps->Release();
return ret;
}
bool
WindowsFirewallHelper::applicationIsTrusted(const char* app_path) {
HRESULT hr;
BSTR app_path_bstr = NULL;
VARIANT_BOOL fwEnabled;
INetFwAuthorizedApplication* fwApp = NULL;
bool result;
result = false;
if ( ! ready() ) {
return false;
}
app_path_bstr = charToBstr(app_path);
// Attempt to retrieve the authorized application.
hr = fwApps->Item(app_path_bstr, &fwApp);
if (SUCCEEDED(hr))
{
// Find out if the authorized application is enabled.
hr = fwApp->get_Enabled(&fwEnabled);
if (FAILED(hr))
{
dprintf(D_ALWAYS, "WinFirewall: get_Enabled failed: 0x%08lx %s\n", hr, GetHRString(hr));
result = false;
} else {
result = (fwEnabled == VARIANT_TRUE);
}
}
// Free the BSTR.
SysFreeString(app_path_bstr);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
return result;
}
FW_ERROR_CODE WinXPSP2FireWall::AddApplication( const wchar_t* lpszProcessImageFileName, const wchar_t* lpszRegisterName )
{
FW_ERROR_CODE ret = FW_NOERROR;
HRESULT hr;
BOOL bAppEnable;
BSTR bstrProcessImageFileName = nullptr;
BSTR bstrRegisterName = nullptr;
INetFwAuthorizedApplication* pFWApp = nullptr;
INetFwAuthorizedApplications* pFWApps = nullptr;
try
{
if( m_pFireWallProfile == nullptr )
throw FW_ERR_INITIALIZED;
if( lpszProcessImageFileName == nullptr || lpszRegisterName == nullptr )
throw FW_ERR_INVALID_ARG;
// First of all, check the application is already authorized;
FW_ERROR_CODE nError = this->IsAppEnabled( lpszProcessImageFileName, bAppEnable );
if( nError != FW_NOERROR )
throw nError;
// Only add the application if it isn't authorized
if( bAppEnable == FALSE )
{
// Retrieve the authorized application collection
hr = m_pFireWallProfile->get_AuthorizedApplications( &pFWApps );
if( FAILED( hr ))
throw FW_ERR_AUTH_APPLICATIONS;
// Create an instance of an authorized application
hr = CoCreateInstance( CLSID_NetFwAuthorizedApplication, nullptr, CLSCTX_INPROC_SERVER, IID_INetFwAuthorizedApplication, (void**)&pFWApp);
if( FAILED( hr ))
throw FW_ERR_CREATE_APP_INSTANCE;
// Allocate a BSTR for the Process Image FileName
bstrProcessImageFileName = SysAllocString( lpszProcessImageFileName );
if( SysStringLen( bstrProcessImageFileName ) == 0)
throw FW_ERR_SYS_ALLOC_STRING;
// Set the process image file name
hr = pFWApp->put_ProcessImageFileName( bstrProcessImageFileName );
if( FAILED( hr ) )
throw FW_ERR_PUT_PROCESS_IMAGE_NAME;
// Allocate a BSTR for register name
bstrRegisterName = SysAllocString( lpszRegisterName );
if( SysStringLen( bstrRegisterName ) == 0)
throw FW_ERR_SYS_ALLOC_STRING;
// Set a registered name of the process
hr = pFWApp->put_Name( bstrRegisterName );
if( FAILED( hr ))
throw FW_ERR_PUT_REGISTER_NAME;
// Add the application to the collection
hr = pFWApps->Add( pFWApp );
if( FAILED( hr ))
throw FW_ERR_ADD_TO_COLLECTION;
}
}
catch( FW_ERROR_CODE nError )
{
ret = nError;
}
SysFreeString( bstrProcessImageFileName );
SysFreeString( bstrRegisterName );
if( pFWApp )
pFWApp->Release();
if( pFWApps )
pFWApps->Release();
return ret;
}
/******************************************************************
AddApplicationExceptionOnCurrentProfile
********************************************************************/
static HRESULT AddApplicationExceptionOnCurrentProfile(
__in LPCWSTR wzFile,
__in LPCWSTR wzName,
__in_opt LPCWSTR wzRemoteAddresses,
__in BOOL fIgnoreFailures
)
{
HRESULT hr = S_OK;
BSTR bstrFile = NULL;
BSTR bstrName = NULL;
BSTR bstrRemoteAddresses = NULL;
INetFwProfile* pfwProfile = NULL;
INetFwAuthorizedApplications* pfwApps = NULL;
INetFwAuthorizedApplication* pfwApp = NULL;
// convert to BSTRs to make COM happy
bstrFile = ::SysAllocString(wzFile);
ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path");
bstrName = ::SysAllocString(wzName);
ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name");
bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses);
ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses");
// get the firewall profile, which is our entry point for adding exceptions
hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
ExitOnFailure(hr, "failed to get firewall profile");
if (S_FALSE == hr) // user or package author chose to ignore missing firewall
{
ExitFunction();
}
// first, let's see if the app is already on the exception list
hr = pfwProfile->get_AuthorizedApplications(&pfwApps);
ExitOnFailure(hr, "failed to get list of authorized apps");
// try to find it (i.e., support reinstall)
hr = pfwApps->Item(bstrFile, &pfwApp);
if (HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) == hr)
{
// not found, so we get to add it
hr = ::CoCreateInstance(__uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), reinterpret_cast<void**>(&pfwApp));
ExitOnFailure(hr, "failed to create authorized app");
// set the display name
hr = pfwApp->put_Name(bstrName);
ExitOnFailure(hr, "failed to set authorized app name");
// set path
hr = pfwApp->put_ProcessImageFileName(bstrFile);
ExitOnFailure(hr, "failed to set authorized app path");
// set the allowed remote addresses
if (bstrRemoteAddresses && *bstrRemoteAddresses)
{
hr = pfwApp->put_RemoteAddresses(bstrRemoteAddresses);
ExitOnFailure(hr, "failed to set authorized app remote addresses");
}
// add it to the list of authorized apps
hr = pfwApps->Add(pfwApp);
ExitOnFailure(hr, "failed to add app to the authorized apps list");
}
else
{
// we found an existing app exception (if we succeeded, that is)
ExitOnFailure(hr, "failed trying to find existing app");
// enable it (just in case it was disabled)
pfwApp->put_Enabled(VARIANT_TRUE);
}
LExit:
ReleaseBSTR(bstrRemoteAddresses);
ReleaseBSTR(bstrName);
ReleaseBSTR(bstrFile);
ReleaseObject(pfwApp);
ReleaseObject(pfwApps);
ReleaseObject(pfwProfile);
return fIgnoreFailures ? S_OK : hr;
}
static bool IsIcfEnabled(void)
{
HRESULT hr;
VARIANT_BOOL fwEnabled = VARIANT_FALSE;
INetFwProfile* fwProfile = NULL;
INetFwMgr* fwMgr = NULL;
INetFwPolicy* fwPolicy = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
BSTR fwBstrProcessImageFileName = NULL;
wchar_t *wszFileName = NULL;
hr = CoInitialize(NULL);
if (FAILED(hr)) return false;
// Create an instance of the firewall settings manager.
hr = CoCreateInstance(CLSID_NetFwMgr, NULL, CLSCTX_INPROC_SERVER,
IID_INetFwMgr, (void**)&fwMgr );
if (FAILED(hr)) goto error;
// Retrieve the local firewall policy.
hr = fwMgr->get_LocalPolicy(&fwPolicy);
if (FAILED(hr)) goto error;
// Retrieve the firewall profile currently in effect.
hr = fwPolicy->get_CurrentProfile(&fwProfile);
if (FAILED(hr)) goto error;
// Get the current state of the firewall.
hr = fwProfile->get_FirewallEnabled(&fwEnabled);
if (FAILED(hr)) goto error;
if (fwEnabled == VARIANT_FALSE) goto error;
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr)) goto error;
TCHAR szFileName[MAX_PATH];
GetModuleFileName(NULL, szFileName, SIZEOF(szFileName));
wszFileName = mir_t2u(szFileName);
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(wszFileName);
if (FAILED(hr)) goto error;
// Attempt to retrieve the authorized application.
hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp);
if (SUCCEEDED(hr))
{
// Find out if the authorized application is enabled.
fwApp->get_Enabled(&fwEnabled);
fwEnabled = ~fwEnabled;
}
error:
// Free the BSTR.
SysFreeString(fwBstrProcessImageFileName);
mir_free(wszFileName);
// Release the authorized application instance.
if (fwApp != NULL) fwApp->Release();
// Release the authorized application collection.
if (fwApps != NULL) fwApps->Release();
// Release the firewall profile.
if (fwProfile != NULL) fwProfile->Release();
// Release the local firewall policy.
if (fwPolicy != NULL) fwPolicy->Release();
// Release the firewall settings manager.
if (fwMgr != NULL) fwMgr->Release();
CoUninitialize();
return fwEnabled != VARIANT_FALSE;
}
HRESULT
WindowsFirewallHelper::removeByBasename( const char *name ) {
HRESULT hr = S_OK;
IUnknown* pUnknown = NULL;
IEnumVARIANT* pEnum = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
bool result = true;
long count;
unsigned long cnt;
int i;
VARIANT v;
if ( ! ready() ) {
return S_FALSE;
}
hr = fwApps->get__NewEnum(&pUnknown);
if ( hr != S_OK ) {
dprintf(D_ERROR, "Failed to get enumerator for Authorized "
"Applications (err=%x)\n", hr);
return hr;
}
hr = fwApps->get_Count(&count);
if ( hr != S_OK ) {
dprintf(D_ERROR, "Failed to get count of Authorized "
"Applications (err=%x)\n", hr);
return hr;
}
hr = pUnknown->QueryInterface(IID_IEnumVARIANT, (void**)&pEnum);
if ( hr != S_OK ) {
if ( hr == E_NOINTERFACE ) {
dprintf(D_ERROR, "Failed to QueryInterface for trusted "
"applications. Interface not supported.\n");
} else {
dprintf(D_ERROR, "Failed to QueryInterface for trusted "
"applications. (err=%x)\n", hr);
}
return hr;
}
for (i=0; i<count; i++) {
BSTR str = NULL;
size_t len;
char *tmp;
const char *bn;
hr = pEnum->Next(1, &v, &cnt);
// interesting tidbit: Microsoft says Enum->Next() function
// either returns S_OK or S_FALSE. Funny, on Win2k3 SP1
// it returns 0x80020008, or Bad Variable Type. Sigh.
if ( hr != S_OK ) {
// no more elements. stop.
hr = S_FALSE;
break;
}
fwApp = (INetFwAuthorizedApplication*)v.byref;
fwApp->get_ProcessImageFileName(&str);
// This should not be printing to stdout, but if you are
// reading this and think it is necessary to print these
// executable names then dprintf() them.
// printf("Result is %lS\n", str);
len = wcslen(str);
tmp = (char*) malloc((len*2+1) * sizeof(char));
ASSERT(tmp);
sprintf(tmp, "%S", str);
bn = condor_basename(tmp);
if ( 0 == strcasecmp(bn, name) ) {
// basenames match, so remove it from the list.
hr = removeTrusted(tmp);
}
free(tmp);
SysFreeString(str);
if (hr == E_ACCESSDENIED) {
// don't have enough privilege to remove, so don't bother to keep trying.
break;
}
}
return hr;
}
HRESULT
WindowsFirewallHelper::addTrusted( const char *app_path ) {
const char *app_basename;
BSTR app_path_bstr = NULL;
BSTR app_basename_bstr = NULL;
HRESULT hr = S_OK;
INetFwAuthorizedApplication* fwApp = NULL;
if ( ! ready() || ! i_can_add) {
return S_FALSE;
}
if ( !firewallIsOn() ) {
// firewall is turned off, so there's nothing to do.
return S_FALSE;
}
if ( applicationIsTrusted(app_path) ) {
// this app is already set to be trusted, so do nothing.
return S_OK;
}
// now, if the basename of the app is condor_<something>, we
// want to make sure there aren't any other entries of the same
// condor daemon with a different path. We only do this for "condor_"
// executables as a safety to keep us from removing trusted applications
// that have nothing to do with condor.
app_basename = condor_basename(app_path);
if ( _strnicmp(app_basename, "condor_", strlen("condor_")) == 0 ) {
hr = removeByBasename(app_basename);
}
// now just add the application to the trusted list.
// Create an instance of an authorized application.
hr = CoCreateInstance(
__uuidof(NetFwAuthorizedApplication),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwAuthorizedApplication),
reinterpret_cast<void**>
(static_cast<INetFwAuthorizedApplication**>(&fwApp))
);
if (FAILED(hr))
{
i_can_add = false;
dprintf(D_ERROR | D_FULLDEBUG, "WinFirewall: CoCreateInstance failed: 0x%08lx %s\n", hr, GetHRString(hr));
return hr;
}
app_path_bstr = charToBstr(app_path);
// Set the process image file name.
hr = fwApp->put_ProcessImageFileName(app_path_bstr);
if (FAILED(hr))
{
if ( hr == 0x80070002 ) {
dprintf(D_ERROR, "WinFirewall Error: Could not find trusted app image %s\n",
app_path);
} else {
dprintf(D_ERROR, "put_ProcessImageFileName failed: 0x%08lx %s\n", hr, GetHRString(hr));
}
goto error;
}
// Allocate a BSTR for the application friendly name.
app_basename_bstr = charToBstr(app_basename);
// Set the application friendly name.
hr = fwApp->put_Name(app_basename_bstr);
if (FAILED(hr))
{
dprintf(D_ERROR | D_FULLDEBUG, "WinFirewall: put_Name failed: 0x%08lx %s\n", hr, GetHRString(hr));
goto error;
}
// Add the application to the collection.
hr = fwApps->Add(fwApp);
if (FAILED(hr))
{
dprintf(D_ERROR, "WinFirewall: Add failed: 0x%08lx %s\n", hr, GetHRString(hr));
goto error;
}
// it seems like we should always inform users somehow that we're
// doing this.
dprintf(D_STATUS, "Authorized application %s is now enabled in the"
" firewall.\n",
app_path );
error:
// Free the BSTRs.
SysFreeString(app_path_bstr);
SysFreeString(app_basename_bstr);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
if (hr == E_ACCESSDENIED) i_can_add = false;
return hr;
}
HRESULT WindowsFirewallAddApp(
IN INetFwProfile* fwProfile,
IN const wchar_t* fwProcessImageFileName,
IN const wchar_t* fwName
)
{
HRESULT hr = S_OK;
BOOL fwAppEnabled;
BSTR fwBstrName = NULL;
BSTR fwBstrProcessImageFileName = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
_ASSERT(fwProfile != NULL);
_ASSERT(fwProcessImageFileName != NULL);
_ASSERT(fwName != NULL);
// First check to see if the application is already authorized.
hr = WindowsFirewallAppIsEnabled(
fwProfile,
fwProcessImageFileName,
&fwAppEnabled
);
if (FAILED(hr))
{
goto error;
}
// Only add the application if it isn't already authorized.
if (!fwAppEnabled)
{
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr))
{
goto error;
}
// Create an instance of an authorized application.
hr = CoCreateInstance(
__uuidof(NetFwAuthorizedApplication),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwAuthorizedApplication),
(void**)&fwApp
);
if (FAILED(hr))
{
goto error;
}
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
if (fwBstrProcessImageFileName == NULL)
{
hr = E_OUTOFMEMORY;
goto error;
}
// Set the process image file name.
hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName);
if (FAILED(hr))
{
goto error;
}
// Allocate a BSTR for the application friendly name.
fwBstrName = SysAllocString(fwName);
if (SysStringLen(fwBstrName) == 0)
{
hr = E_OUTOFMEMORY;
goto error;
}
// Set the application friendly name.
hr = fwApp->put_Name(fwBstrName);
if (FAILED(hr))
{
goto error;
}
// Add the application to the collection.
hr = fwApps->Add(fwApp);
if (FAILED(hr))
{
goto error;
}
}
error:
// Free the BSTRs.
SysFreeString(fwBstrName);
SysFreeString(fwBstrProcessImageFileName);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
// Release the authorized application collection.
if (fwApps != NULL)
{
fwApps->Release();
}
return hr;
}
HRESULT WindowsFirewallAppIsEnabled(
IN INetFwProfile* fwProfile,
IN const wchar_t* fwProcessImageFileName,
OUT BOOL* fwAppEnabled
)
{
HRESULT hr = S_OK;
BSTR fwBstrProcessImageFileName = NULL;
VARIANT_BOOL fwEnabled;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
_ASSERT(fwProfile != NULL);
_ASSERT(fwProcessImageFileName != NULL);
_ASSERT(fwAppEnabled != NULL);
*fwAppEnabled = FALSE;
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr))
{
goto error;
}
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
if (fwBstrProcessImageFileName == NULL)
{
hr = E_OUTOFMEMORY;
goto error;
}
// Attempt to retrieve the authorized application.
hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp);
if (SUCCEEDED(hr))
{
// Find out if the authorized application is enabled.
hr = fwApp->get_Enabled(&fwEnabled);
if (FAILED(hr))
{
goto error;
}
if (fwEnabled != VARIANT_FALSE)
{
// The authorized application is enabled.
*fwAppEnabled = TRUE;
}
else
{
}
}
else
{
// The authorized application was not in the collection.
hr = S_OK;
}
error:
// Free the BSTR.
SysFreeString(fwBstrProcessImageFileName);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
// Release the authorized application collection.
if (fwApps != NULL)
{
fwApps->Release();
}
return hr;
}
HRESULT WindowsFirewallRemoveApp(
IN INetFwProfile* fwProfile,
IN const wchar_t* fwProcessImageFileName
)
{
HRESULT hr = S_OK;
BOOL fwAppEnabled;
BSTR fwBstrName = NULL;
BSTR fwBstrProcessImageFileName = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
assert(fwProfile != NULL);
assert(fwProcessImageFileName != NULL);
// First check to see if the application is already authorized.
hr = WindowsFirewallAppIsEnabled(
fwProfile,
fwProcessImageFileName,
&fwAppEnabled
);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("WindowsFirewallAppIsEnabled failed: 0x%08lx\n"), hr);
goto error;
}
// Only remove the application if it is already authorized.
if (fwAppEnabled)
{
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("get_AuthorizedApplications failed: 0x%08lx\n"), hr);
goto error;
}
// Create an instance of an authorized application.
hr = CoCreateInstance(
__uuidof(NetFwAuthorizedApplication),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwAuthorizedApplication),
(void**)&fwApp
);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("CoCreateInstance failed: 0x%08lx\n"), hr);
goto error;
}
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
if (fwBstrProcessImageFileName == NULL)
{
hr = E_OUTOFMEMORY;
MYTRACE(ACE_TEXT("SysAllocString failed: 0x%08lx\n"), hr);
goto error;
}
// Add the application to the collection.
hr = fwApps->Remove(fwBstrProcessImageFileName);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("Add failed: 0x%08lx\n"), hr);
goto error;
}
MYTRACE(ACE_TEXT(
"Authorized application %lS is now removed in the firewall.\n"),
fwProcessImageFileName
);
}
error:
// Free the BSTRs.
SysFreeString(fwBstrName);
SysFreeString(fwBstrProcessImageFileName);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
// Release the authorized application collection.
if (fwApps != NULL)
{
fwApps->Release();
}
return hr;
}
HRESULT WindowsFirewallAddApp(
IN INetFwProfile* fwProfile,
IN const wchar_t* fwProcessImageFileName,
IN const wchar_t* fwName
)
{
HRESULT hr = S_OK;
BOOL fwAppEnabled;
BSTR fwBstrName = NULL;
BSTR fwBstrProcessImageFileName = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
assert(fwProfile != NULL);
assert(fwProcessImageFileName != NULL);
assert(fwName != NULL);
// First check to see if the application is already authorized.
hr = WindowsFirewallAppIsEnabled(
fwProfile,
fwProcessImageFileName,
&fwAppEnabled
);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("WindowsFirewallAppIsEnabled failed: 0x%08lx\n"), hr);
goto error;
}
// Only add the application if it isn't already authorized.
if (!fwAppEnabled)
{
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("get_AuthorizedApplications failed: 0x%08lx\n"), hr);
goto error;
}
// Create an instance of an authorized application.
hr = CoCreateInstance(
__uuidof(NetFwAuthorizedApplication),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwAuthorizedApplication),
(void**)&fwApp
);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("CoCreateInstance failed: 0x%08lx\n"), hr);
goto error;
}
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
if (fwBstrProcessImageFileName == NULL)
{
hr = E_OUTOFMEMORY;
MYTRACE(ACE_TEXT("SysAllocString failed: 0x%08lx\n"), hr);
goto error;
}
// Set the process image file name.
hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("put_ProcessImageFileName failed: 0x%08lx\n"), hr);
goto error;
}
// Allocate a BSTR for the application friendly name.
fwBstrName = SysAllocString(fwName);
if (SysStringLen(fwBstrName) == 0)
{
hr = E_OUTOFMEMORY;
MYTRACE(ACE_TEXT("SysAllocString failed: 0x%08lx\n"), hr);
goto error;
}
// Set the application friendly name.
hr = fwApp->put_Name(fwBstrName);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("put_Name failed: 0x%08lx\n"), hr);
goto error;
}
// Set scope (added by bdr -- begin)
//hr = fwApp->put_Scope(NET_FW_SCOPE_ALL);
//if (FAILED(hr))
//{
// MYTRACE(ACE_TEXT("put_Scope failed: 0x%08lx\n"), hr);
// goto error;
//}
//hr = fwApp->put_RemoteAddresses(L"*");
//if (FAILED(hr))
//{
// MYTRACE(ACE_TEXT("put_Scope failed: 0x%08lx\n"), hr);
// goto error;
//}
// Set scope (added by bdr -- end)
// Add the application to the collection.
hr = fwApps->Add(fwApp);
if (FAILED(hr))
{
MYTRACE(ACE_TEXT("Add failed: 0x%08lx\n"), hr);
goto error;
}
MYTRACE(ACE_TEXT(
"Authorized application %lS is now enabled in the firewall.\n"),
fwProcessImageFileName
);
}
error:
// Free the BSTRs.
SysFreeString(fwBstrName);
SysFreeString(fwBstrProcessImageFileName);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
// Release the authorized application collection.
if (fwApps != NULL)
{
fwApps->Release();
}
return hr;
}
