FW_ERROR_CODE WinXPSP2FireWall::IsAppEnabled( const wchar_t* lpszProcessImageFileName, BOOL& bEnable )
{
FW_ERROR_CODE ret = FW_NOERROR;
HRESULT hr;
BSTR bstrFWProcessImageFileName = nullptr;
VARIANT_BOOL bFWEnabled;
INetFwAuthorizedApplication* pFWApp = nullptr;
INetFwAuthorizedApplications* pFWApps = nullptr;
bEnable = FALSE;
try
{
if( m_pFireWallProfile == nullptr )
throw FW_ERR_INITIALIZED;
if( lpszProcessImageFileName == nullptr )
throw FW_ERR_INVALID_ARG;
hr = m_pFireWallProfile->get_AuthorizedApplications( &pFWApps );
if( FAILED( hr ))
throw FW_ERR_AUTH_APPLICATIONS;
// Allocate a BSTR for the process image file name
bstrFWProcessImageFileName = SysAllocString( lpszProcessImageFileName );
if( SysStringLen( bstrFWProcessImageFileName ) == 0)
throw FW_ERR_SYS_ALLOC_STRING;
hr = pFWApps->Item( bstrFWProcessImageFileName, &pFWApp);
// If FAILED, the appliacation is not in the collection list
if( SUCCEEDED( hr ))
{
// Find out if the authorized application is enabled
hr = pFWApp->get_Enabled( &bFWEnabled );
if( FAILED( hr ))
throw FW_ERR_APP_ENABLED;
if( bFWEnabled == VARIANT_TRUE )
bEnable = TRUE;
}
}
catch( FW_ERROR_CODE nError )
{
ret = nError;
}
// Free the BSTR
SysFreeString( bstrFWProcessImageFileName );
// Release memories to retrieve the information of the application
if( pFWApp )
pFWApp->Release();
if( pFWApps )
pFWApps->Release();
return ret;
}
static bool IsIcfEnabled(void)
{
HRESULT hr;
VARIANT_BOOL fwEnabled = VARIANT_FALSE;
INetFwProfile* fwProfile = NULL;
INetFwMgr* fwMgr = NULL;
INetFwPolicy* fwPolicy = NULL;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
BSTR fwBstrProcessImageFileName = NULL;
wchar_t *wszFileName = NULL;
hr = CoInitialize(NULL);
if (FAILED(hr)) return false;
// Create an instance of the firewall settings manager.
hr = CoCreateInstance(CLSID_NetFwMgr, NULL, CLSCTX_INPROC_SERVER,
IID_INetFwMgr, (void**)&fwMgr );
if (FAILED(hr)) goto error;
// Retrieve the local firewall policy.
hr = fwMgr->get_LocalPolicy(&fwPolicy);
if (FAILED(hr)) goto error;
// Retrieve the firewall profile currently in effect.
hr = fwPolicy->get_CurrentProfile(&fwProfile);
if (FAILED(hr)) goto error;
// Get the current state of the firewall.
hr = fwProfile->get_FirewallEnabled(&fwEnabled);
if (FAILED(hr)) goto error;
if (fwEnabled == VARIANT_FALSE) goto error;
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr)) goto error;
TCHAR szFileName[MAX_PATH];
GetModuleFileName(NULL, szFileName, SIZEOF(szFileName));
wszFileName = mir_t2u(szFileName);
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(wszFileName);
if (FAILED(hr)) goto error;
// Attempt to retrieve the authorized application.
hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp);
if (SUCCEEDED(hr))
{
// Find out if the authorized application is enabled.
fwApp->get_Enabled(&fwEnabled);
fwEnabled = ~fwEnabled;
}
error:
// Free the BSTR.
SysFreeString(fwBstrProcessImageFileName);
mir_free(wszFileName);
// Release the authorized application instance.
if (fwApp != NULL) fwApp->Release();
// Release the authorized application collection.
if (fwApps != NULL) fwApps->Release();
// Release the firewall profile.
if (fwProfile != NULL) fwProfile->Release();
// Release the local firewall policy.
if (fwPolicy != NULL) fwPolicy->Release();
// Release the firewall settings manager.
if (fwMgr != NULL) fwMgr->Release();
CoUninitialize();
return fwEnabled != VARIANT_FALSE;
}
/******************************************************************
AddApplicationExceptionOnCurrentProfile
********************************************************************/
static HRESULT AddApplicationExceptionOnCurrentProfile(
__in LPCWSTR wzFile,
__in LPCWSTR wzName,
__in_opt LPCWSTR wzRemoteAddresses,
__in BOOL fIgnoreFailures
)
{
HRESULT hr = S_OK;
BSTR bstrFile = NULL;
BSTR bstrName = NULL;
BSTR bstrRemoteAddresses = NULL;
INetFwProfile* pfwProfile = NULL;
INetFwAuthorizedApplications* pfwApps = NULL;
INetFwAuthorizedApplication* pfwApp = NULL;
// convert to BSTRs to make COM happy
bstrFile = ::SysAllocString(wzFile);
ExitOnNull(bstrFile, hr, E_OUTOFMEMORY, "failed SysAllocString for path");
bstrName = ::SysAllocString(wzName);
ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name");
bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses);
ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses");
// get the firewall profile, which is our entry point for adding exceptions
hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile);
ExitOnFailure(hr, "failed to get firewall profile");
if (S_FALSE == hr) // user or package author chose to ignore missing firewall
{
ExitFunction();
}
// first, let's see if the app is already on the exception list
hr = pfwProfile->get_AuthorizedApplications(&pfwApps);
ExitOnFailure(hr, "failed to get list of authorized apps");
// try to find it (i.e., support reinstall)
hr = pfwApps->Item(bstrFile, &pfwApp);
if (HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) == hr)
{
// not found, so we get to add it
hr = ::CoCreateInstance(__uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), reinterpret_cast<void**>(&pfwApp));
ExitOnFailure(hr, "failed to create authorized app");
// set the display name
hr = pfwApp->put_Name(bstrName);
ExitOnFailure(hr, "failed to set authorized app name");
// set path
hr = pfwApp->put_ProcessImageFileName(bstrFile);
ExitOnFailure(hr, "failed to set authorized app path");
// set the allowed remote addresses
if (bstrRemoteAddresses && *bstrRemoteAddresses)
{
hr = pfwApp->put_RemoteAddresses(bstrRemoteAddresses);
ExitOnFailure(hr, "failed to set authorized app remote addresses");
}
// add it to the list of authorized apps
hr = pfwApps->Add(pfwApp);
ExitOnFailure(hr, "failed to add app to the authorized apps list");
}
else
{
// we found an existing app exception (if we succeeded, that is)
ExitOnFailure(hr, "failed trying to find existing app");
// enable it (just in case it was disabled)
pfwApp->put_Enabled(VARIANT_TRUE);
}
LExit:
ReleaseBSTR(bstrRemoteAddresses);
ReleaseBSTR(bstrName);
ReleaseBSTR(bstrFile);
ReleaseObject(pfwApp);
ReleaseObject(pfwApps);
ReleaseObject(pfwProfile);
return fIgnoreFailures ? S_OK : hr;
}
HRESULT WindowsFirewallAppIsEnabled(
IN INetFwProfile* fwProfile,
IN const wchar_t* fwProcessImageFileName,
OUT BOOL* fwAppEnabled
)
{
HRESULT hr = S_OK;
BSTR fwBstrProcessImageFileName = NULL;
VARIANT_BOOL fwEnabled;
INetFwAuthorizedApplication* fwApp = NULL;
INetFwAuthorizedApplications* fwApps = NULL;
_ASSERT(fwProfile != NULL);
_ASSERT(fwProcessImageFileName != NULL);
_ASSERT(fwAppEnabled != NULL);
*fwAppEnabled = FALSE;
// Retrieve the authorized application collection.
hr = fwProfile->get_AuthorizedApplications(&fwApps);
if (FAILED(hr))
{
goto error;
}
// Allocate a BSTR for the process image file name.
fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
if (fwBstrProcessImageFileName == NULL)
{
hr = E_OUTOFMEMORY;
goto error;
}
// Attempt to retrieve the authorized application.
hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp);
if (SUCCEEDED(hr))
{
// Find out if the authorized application is enabled.
hr = fwApp->get_Enabled(&fwEnabled);
if (FAILED(hr))
{
goto error;
}
if (fwEnabled != VARIANT_FALSE)
{
// The authorized application is enabled.
*fwAppEnabled = TRUE;
}
else
{
}
}
else
{
// The authorized application was not in the collection.
hr = S_OK;
}
error:
// Free the BSTR.
SysFreeString(fwBstrProcessImageFileName);
// Release the authorized application instance.
if (fwApp != NULL)
{
fwApp->Release();
}
// Release the authorized application collection.
if (fwApps != NULL)
{
fwApps->Release();
}
return hr;
}