// Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/installer/util/legacy_firewall_manager_win.h" #include "base/logging.h" #include "base/strings/stringprintf.h" #include "base/win/scoped_bstr.h" namespace installer { LegacyFirewallManager::LegacyFirewallManager() {} LegacyFirewallManager::~LegacyFirewallManager() {} bool LegacyFirewallManager::Init(const base::string16& app_name, const base::FilePath& app_path) { base::win::ScopedComPtr firewall_manager; HRESULT hr = firewall_manager.CreateInstance(CLSID_NetFwMgr); if (FAILED(hr)) { DLOG(ERROR) << logging::SystemErrorCodeToString(hr); return false; } base::win::ScopedComPtr firewall_policy; hr = firewall_manager->get_LocalPolicy(firewall_policy.Receive()); if (FAILED(hr)) { DLOG(ERROR) << logging::SystemErrorCodeToString(hr); return false; } hr = firewall_policy->get_CurrentProfile(current_profile_.Receive()); if (FAILED(hr)) { DLOG(ERROR) << logging::SystemErrorCodeToString(hr); current_profile_ = NULL; return false; } app_name_ = app_name; app_path_ = app_path; return true; } bool LegacyFirewallManager::IsFirewallEnabled() { VARIANT_BOOL is_enabled = VARIANT_TRUE; HRESULT hr = current_profile_->get_FirewallEnabled(&is_enabled); return SUCCEEDED(hr) && is_enabled != VARIANT_FALSE; } bool LegacyFirewallManager::GetAllowIncomingConnection(bool* value) { // Otherwise, check to see if there is a rule either allowing or disallowing // this chrome.exe. base::win::ScopedComPtr authorized_apps( GetAuthorizedApplications()); if (!authorized_apps.get()) return false; base::win::ScopedComPtr chrome_application; HRESULT hr = authorized_apps->Item( base::win::ScopedBstr(app_path_.value().c_str()), chrome_application.Receive()); if (FAILED(hr)) return false; VARIANT_BOOL is_enabled = VARIANT_FALSE; hr = chrome_application->get_Enabled(&is_enabled); if (FAILED(hr)) return false; if (value) *value = (is_enabled == VARIANT_TRUE); return true; } // The SharedAccess service must be running. bool LegacyFirewallManager::SetAllowIncomingConnection(bool allow) { base::win::ScopedComPtr authorized_apps( GetAuthorizedApplications()); if (!authorized_apps.get()) return false; // Authorize chrome. base::win::ScopedComPtr authorization = CreateChromeAuthorization(allow); if (!authorization.get()) return false; HRESULT hr = authorized_apps->Add(authorization); DLOG_IF(ERROR, FAILED(hr)) << logging::SystemErrorCodeToString(hr); return SUCCEEDED(hr); } void LegacyFirewallManager::DeleteRule() { base::win::ScopedComPtr authorized_apps( GetAuthorizedApplications()); if (!authorized_apps.get()) return; authorized_apps->Remove(base::win::ScopedBstr(app_path_.value().c_str())); } base::win::ScopedComPtr LegacyFirewallManager::GetAuthorizedApplications() { base::win::ScopedComPtr authorized_apps; HRESULT hr = current_profile_->get_AuthorizedApplications(authorized_apps.Receive()); if (FAILED(hr)) { DLOG(ERROR) << logging::SystemErrorCodeToString(hr); return base::win::ScopedComPtr(); } return authorized_apps; } base::win::ScopedComPtr LegacyFirewallManager::CreateChromeAuthorization(bool allow) { base::win::ScopedComPtr chrome_application; HRESULT hr = chrome_application.CreateInstance(CLSID_NetFwAuthorizedApplication); if (FAILED(hr)) { DLOG(ERROR) << logging::SystemErrorCodeToString(hr); return base::win::ScopedComPtr(); } chrome_application->put_Name(base::win::ScopedBstr(app_name_.c_str())); chrome_application->put_ProcessImageFileName( base::win::ScopedBstr(app_path_.value().c_str())); // IpVersion defaults to NET_FW_IP_VERSION_ANY. // Scope defaults to NET_FW_SCOPE_ALL. // RemoteAddresses defaults to "*". chrome_application->put_Enabled(allow ? VARIANT_TRUE : VARIANT_FALSE); return chrome_application; } } // namespace installer