bool CFirewallOpener::AddRule(const CICSRuleInfo& riPortRule, const INetSharingConfigurationPtr pNSC, const INetConnectionPropsPtr pNCP) {
INetSharingPortMappingPtr pNSPM;
HRESULT hr = pNSC->AddPortMapping(riPortRule.m_strRuleName.AllocSysString(),
riPortRule.m_byProtocol,
riPortRule.m_nPortNumber,
riPortRule.m_nPortNumber,
0,
CComBSTR(L"127.0.0.1"),
ICSTT_IPADDRESS,
&pNSPM);
CComBSTR bstrName;
pNCP->get_Name(&bstrName);
if ( SUCCEEDED(hr) && SUCCEEDED(pNSPM->Enable())) {
// ==> Improved ICS-Firewall support [MoNKi] - Max
if(riPortRule.m_bRemoveOnExit || m_bClearMappings) {
CICSRuleInfo ruleToAdd(riPortRule);
AddToICFdat(ruleToAdd);
}
// <== Improved ICS-Firewall support [MoNKi] - Max
theApp.QueueDebugLogLine(false, _T("Succeeded to add Rule '%s' for Port '%u' on Connection '%s'"),riPortRule.m_strRuleName, riPortRule.m_nPortNumber, CString(bstrName));
return true;
}
else {
theApp.QueueDebugLogLine(false, _T("Failed to add Rule '%s' for Port '%u' on Connection '%s'"),riPortRule.m_strRuleName, riPortRule.m_nPortNumber, CString(bstrName));
return false;
}
}
bool CFirewallOpener::AddRule(const CICSRuleInfo& riPortRule, const INetSharingConfigurationPtr pNSC, const INetConnectionPropsPtr pNCP){
INetSharingPortMappingPtr pNSPM;
HRESULT hr = pNSC->AddPortMapping(riPortRule.m_strRuleName.AllocSysString(),
riPortRule.m_byProtocol,
riPortRule.m_nPortNumber,
riPortRule.m_nPortNumber,
0,
L"127.0.0.1",
ICSTT_IPADDRESS,
&pNSPM);
CComBSTR bstrName;
pNCP->get_Name(&bstrName);
if ( SUCCEEDED(hr) && SUCCEEDED(pNSPM->Enable())){
theApp.QueueDebugLogLine(false, _T("Succeeded to add Rule '%s' for Port '%u' on Connection '%s'"),riPortRule.m_strRuleName, riPortRule.m_nPortNumber, CString(bstrName));
return true;
}
else{
theApp.QueueDebugLogLine(false, _T("Failed to add Rule '%s' for Port '%u' on Connection '%s'"),riPortRule.m_strRuleName, riPortRule.m_nPortNumber, CString(bstrName));
return false;
}
}
bool CFirewallOpener::DoAction(const EFOCAction eAction, const CICSRuleInfo& riPortRule){
if ( !Init() )
return false;
//TODO lets see if we can find a reliable method to find out the internet standard connection set by the user
bool bSuccess = true;
bool bPartialSucceeded = false;
bool bFoundAtLeastOneConn = false;
INetSharingEveryConnectionCollectionPtr NSECCP;
IEnumVARIANTPtr varEnum;
IUnknownPtr pUnk;
RETURN_ON_FAIL(m_pINetSM->get_EnumEveryConnection(&NSECCP));
RETURN_ON_FAIL(NSECCP->get__NewEnum(&pUnk));
RETURN_ON_FAIL(pUnk->QueryInterface(__uuidof(IEnumVARIANT), (void**)&varEnum));
_variant_t var;
while (S_OK == varEnum->Next(1, &var, NULL)) {
INetConnectionPtr NCP;
if (V_VT(&var) == VT_UNKNOWN
&& SUCCEEDED(V_UNKNOWN(&var)->QueryInterface(__uuidof(INetConnection),(void**)&NCP)))
{
INetConnectionPropsPtr pNCP;
if ( !SUCCEEDED(m_pINetSM->get_NetConnectionProps (NCP, &pNCP)) )
continue;
DWORD dwCharacteristics = 0;
pNCP->get_Characteristics(&dwCharacteristics);
if (dwCharacteristics & (NCCF_FIREWALLED)) {
NETCON_MEDIATYPE MediaType = NCM_NONE;
pNCP->get_MediaType (&MediaType);
if ((MediaType != NCM_SHAREDACCESSHOST_LAN) && (MediaType != NCM_SHAREDACCESSHOST_RAS) ){
INetSharingConfigurationPtr pNSC;
if ( !SUCCEEDED(m_pINetSM->get_INetSharingConfigurationForINetConnection (NCP, &pNSC)) )
continue;
VARIANT_BOOL varbool = VARIANT_FALSE;
pNSC->get_InternetFirewallEnabled(&varbool);
if (varbool == VARIANT_FALSE)
continue;
bFoundAtLeastOneConn = true;
switch(eAction){
case FOC_ADDRULE:{
bool bResult;
// we do not want to overwrite an existing rule
if (FindRule(FOC_FINDRULEBYPORT, riPortRule, pNSC, NULL)){
bResult = true;
}
else
bResult = AddRule(riPortRule, pNSC, pNCP);
bSuccess = bSuccess && bResult;
if (bResult && !bPartialSucceeded)
m_liAddedRules.Add(riPortRule); // keep track of added rules
bPartialSucceeded = bPartialSucceeded || bResult;
break;
}
case FOC_FWCONNECTIONEXISTS:
return true;
case FOC_DELETERULEBYNAME:
case FOC_DELETERULEEXCACT:
bSuccess = bSuccess && FindRule(eAction, riPortRule, pNSC, NULL);
break;
case FOC_FINDRULEBYNAME:
if (FindRule(FOC_FINDRULEBYNAME, riPortRule, pNSC, NULL))
return true;
else
bSuccess = false;
break;
case FOC_FINDRULEBYPORT:
if (FindRule(FOC_FINDRULEBYPORT, riPortRule, pNSC, NULL))
return true;
else
bSuccess = false;
break;
default:
ASSERT ( false );
}
}
}
}
var.Clear();
}
return bSuccess && bFoundAtLeastOneConn;
}
bool CFirewallOpener::FindRule(const EFOCAction eAction, const CICSRuleInfo& riPortRule, const INetSharingConfigurationPtr pNSC, INetSharingPortMappingPropsPtr* outNSPMP){
INetSharingPortMappingCollectionPtr pNSPMC;
RETURN_ON_FAIL(pNSC->get_EnumPortMappings (ICSSC_DEFAULT, &pNSPMC));
INetSharingPortMappingPtr pNSPM;
IEnumVARIANTPtr varEnum;
IUnknownPtr pUnk;
RETURN_ON_FAIL(pNSPMC->get__NewEnum(&pUnk));
RETURN_ON_FAIL(pUnk->QueryInterface(__uuidof(IEnumVARIANT), (void**)&varEnum));
_variant_t var;
while (S_OK == varEnum->Next(1, &var, NULL)) {
INetSharingPortMappingPropsPtr pNSPMP;
if (V_VT(&var) == VT_DISPATCH
&& SUCCEEDED(V_DISPATCH(&var)->QueryInterface(__uuidof(INetSharingPortMapping),(void**)&pNSPM))
&& SUCCEEDED(pNSPM->get_Properties (&pNSPMP)))
{
UCHAR ucProt = 0;
long uExternal = 0;
CComBSTR bstrName;
pNSPMP->get_IPProtocol (&ucProt);
pNSPMP->get_ExternalPort (&uExternal);
pNSPMP->get_Name(&bstrName);
switch(eAction){
case FOC_FINDRULEBYPORT:
if (riPortRule.m_nPortNumber == uExternal && riPortRule.m_byProtocol == ucProt){
if (outNSPMP != NULL)
*outNSPMP = pNSPM;
return true;
}
break;
case FOC_FINDRULEBYNAME:
if (riPortRule.m_strRuleName == CString(bstrName)){
if (outNSPMP != NULL)
*outNSPMP = pNSPM;
return true;
}
break;
case FOC_DELETERULEEXCACT:
if (riPortRule.m_strRuleName == CString(bstrName)
&& riPortRule.m_nPortNumber == uExternal && riPortRule.m_byProtocol == ucProt)
{
RETURN_ON_FAIL(pNSC->RemovePortMapping(pNSPM));
theApp.QueueDebugLogLine(false,_T("Rule removed"));
}
break;
case FOC_DELETERULEBYNAME:
if (riPortRule.m_strRuleName == CString(bstrName)){
RETURN_ON_FAIL(pNSC->RemovePortMapping(pNSPM));
theApp.QueueDebugLogLine(false,_T("Rule removed"));
}
break;
default:
ASSERT( false );
}
}
var.Clear();
}
switch(eAction){
case FOC_DELETERULEBYNAME:
case FOC_DELETERULEEXCACT:
return true;
case FOC_FINDRULEBYPORT:
case FOC_FINDRULEBYNAME:
default:
return false;
}
}
