FW_ERROR_CODE WinXPSP2FireWall::AddPort( LONG lPortNumber, NET_FW_IP_PROTOCOL ipProtocol, const wchar_t* lpszRegisterName ) { FW_ERROR_CODE ret = FW_NOERROR; INetFwOpenPort* pFWOpenPort = nullptr; INetFwOpenPorts* pFWOpenPorts = nullptr; BSTR bstrRegisterName = nullptr; HRESULT hr; try { if( m_pFireWallProfile == nullptr ) throw FW_ERR_INITIALIZED; BOOL bEnablePort; FW_ERROR_CODE nError = IsPortEnabled( lPortNumber, ipProtocol, bEnablePort); if( nError != FW_NOERROR) throw nError; // Only add the port, if it isn't added to the collection if( bEnablePort == FALSE ) { // Retrieve the collection of globally open ports hr = m_pFireWallProfile->get_GloballyOpenPorts( &pFWOpenPorts ); if( FAILED( hr )) throw FW_ERR_GLOBAL_OPEN_PORTS; // Create an instance of an open port hr = CoCreateInstance( CLSID_NetFwOpenPort, nullptr, CLSCTX_INPROC_SERVER, IID_INetFwOpenPort, (void**)&pFWOpenPort); if( FAILED( hr )) throw FW_ERR_CREATE_PORT_INSTANCE; // Set the port number hr = pFWOpenPort->put_Port( lPortNumber ); if( FAILED( hr )) throw FW_ERR_SET_PORT_NUMBER; // Set the IP Protocol hr = pFWOpenPort->put_Protocol( ipProtocol ); if( FAILED( hr )) throw FW_ERR_SET_IP_PROTOCOL; bstrRegisterName = SysAllocString( lpszRegisterName ); if( SysStringLen( bstrRegisterName ) == 0) throw FW_ERR_SYS_ALLOC_STRING; // Set the registered name hr = pFWOpenPort->put_Name( bstrRegisterName ); if( FAILED( hr )) throw FW_ERR_PUT_REGISTER_NAME; hr = pFWOpenPorts->Add( pFWOpenPort ); if( FAILED( hr )) throw FW_ERR_ADD_TO_COLLECTION; } } catch( FW_ERROR_CODE nError) { ret = nError; } SysFreeString( bstrRegisterName ); if( pFWOpenPort ) pFWOpenPort->Release(); if( pFWOpenPorts ) pFWOpenPorts->Release(); return ret; }
bool ControlUPnPPorts(bool open) { INetFwMgr *imgr = NULL; INetFwPolicy *ipol = NULL; INetFwProfile *iprof = NULL; HRESULT hr = S_OK; bool port2869 = false; bool port1900 = false; hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr); if(FAILED(hr)) return false; if(imgr->get_LocalPolicy(&ipol) == S_OK) { if(ipol->get_CurrentProfile(&iprof) == S_OK) { INetFwOpenPorts *iports = NULL; if(iprof->get_GloballyOpenPorts(&iports) == S_OK) { INetFwOpenPort *iport = NULL; VARIANT_BOOL portenabled = open ? -1 : 0; hr = iports->Item(2869L, NET_FW_IP_PROTOCOL_TCP, &iport); if(FAILED(hr)) { hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport); if(SUCCEEDED(hr)) { iport->put_Name(L"UPnP TCP 2869"); iport->put_Port(2869L); iport->put_Protocol(NET_FW_IP_PROTOCOL_TCP); iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET); hr = iports->Add(iport); } } if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK) { debug("TCP 2869 enabled"); port2869 = true; } if(iport) iport->Release(); hr = iports->Item(1900L, NET_FW_IP_PROTOCOL_UDP, &iport); if(FAILED(hr)) { hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport); if(SUCCEEDED(hr)) { iport->put_Name(L"UPnP UDP 1900"); iport->put_Port(1900L); iport->put_Protocol(NET_FW_IP_PROTOCOL_UDP); iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET); hr = iports->Add(iport); } } if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK) { debug("UDP 1900 enabled"); port1900 = true; } if(iport) iport->Release(); iports->Release(); } iprof->Release(); } ipol->Release(); } imgr->Release(); return port2869 & port1900; }
/****************************************************************** AddPortExceptionOnCurrentProfile ********************************************************************/ static HRESULT AddPortExceptionOnCurrentProfile( __in LPCWSTR wzName, __in_opt LPCWSTR wzRemoteAddresses, __in BOOL fIgnoreFailures, __in int iPort, __in int iProtocol ) { HRESULT hr = S_OK; BSTR bstrName = NULL; BSTR bstrRemoteAddresses = NULL; INetFwProfile* pfwProfile = NULL; INetFwOpenPorts* pfwPorts = NULL; INetFwOpenPort* pfwPort = NULL; // convert to BSTRs to make COM happy bstrName = ::SysAllocString(wzName); ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name"); bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses); ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses"); // create and initialize a new open port object hr = ::CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), reinterpret_cast<void**>(&pfwPort)); ExitOnFailure(hr, "failed to create new open port"); hr = pfwPort->put_Port(iPort); ExitOnFailure(hr, "failed to set exception port"); hr = pfwPort->put_Protocol(static_cast<NET_FW_IP_PROTOCOL>(iProtocol)); ExitOnFailure(hr, "failed to set exception protocol"); if (bstrRemoteAddresses && *bstrRemoteAddresses) { hr = pfwPort->put_RemoteAddresses(bstrRemoteAddresses); ExitOnFailure1(hr, "failed to set exception remote addresses '%ls'", bstrRemoteAddresses); } hr = pfwPort->put_Name(bstrName); ExitOnFailure(hr, "failed to set exception name"); // get the firewall profile, its current list of open ports, and add ours hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile); ExitOnFailure(hr, "failed to get firewall profile"); if (S_FALSE == hr) // user or package author chose to ignore missing firewall { ExitFunction(); } hr = pfwProfile->get_GloballyOpenPorts(&pfwPorts); ExitOnFailure(hr, "failed to get open ports"); hr = pfwPorts->Add(pfwPort); ExitOnFailure(hr, "failed to add exception to global list"); LExit: ReleaseBSTR(bstrRemoteAddresses); ReleaseBSTR(bstrName); ReleaseObject(pfwProfile); ReleaseObject(pfwPorts); ReleaseObject(pfwPort); return fIgnoreFailures ? S_OK : hr; }
HRESULT WindowsFirewallPortAdd( IN INetFwProfile* fwProfile, IN LONG portNumber, IN NET_FW_IP_PROTOCOL ipProtocol, IN const wchar_t* name ) { HRESULT hr = S_OK; BOOL fwPortEnabled; BSTR fwBstrName = NULL; INetFwOpenPort* fwOpenPort = NULL; INetFwOpenPorts* fwOpenPorts = NULL; _ASSERT(fwProfile != NULL); _ASSERT(name != NULL); // First check to see if the port is already added. hr = WindowsFirewallPortIsEnabled( fwProfile, portNumber, ipProtocol, &fwPortEnabled ); if (FAILED(hr)) { goto error; } // Only add the port if it isn't already added. if (!fwPortEnabled) { // Retrieve the collection of globally open ports. hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts); if (FAILED(hr)) { goto error; } // Create an instance of an open port. hr = CoCreateInstance( __uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&fwOpenPort ); if (FAILED(hr)) { goto error; } // Set the port number. hr = fwOpenPort->put_Port(portNumber); if (FAILED(hr)) { goto error; } // Set the IP protocol. hr = fwOpenPort->put_Protocol(ipProtocol); if (FAILED(hr)) { goto error; } // Allocate a BSTR for the friendly name of the port. fwBstrName = SysAllocString(name); if (SysStringLen(fwBstrName) == 0) { hr = E_OUTOFMEMORY; goto error; } // Set the friendly name of the port. hr = fwOpenPort->put_Name(fwBstrName); if (FAILED(hr)) { goto error; } // Opens the port and adds it to the collection. hr = fwOpenPorts->Add(fwOpenPort); if (FAILED(hr)) { goto error; } } error: // Free the BSTR. SysFreeString(fwBstrName); // Release the open port instance. if (fwOpenPort != NULL) { fwOpenPort->Release(); } // Release the globally open ports collection. if (fwOpenPorts != NULL) { fwOpenPorts->Release(); } return hr; }