1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/installer/util/legacy_firewall_manager_win.h" 6 7#include "base/logging.h" 8#include "base/strings/stringprintf.h" 9#include "base/win/scoped_bstr.h" 10 11namespace installer { 12 13LegacyFirewallManager::LegacyFirewallManager() {} 14 15LegacyFirewallManager::~LegacyFirewallManager() {} 16 17bool LegacyFirewallManager::Init(const base::string16& app_name, 18 const base::FilePath& app_path) { 19 base::win::ScopedComPtr<INetFwMgr> firewall_manager; 20 HRESULT hr = firewall_manager.CreateInstance(CLSID_NetFwMgr); 21 if (FAILED(hr)) { 22 DLOG(ERROR) << logging::SystemErrorCodeToString(hr); 23 return false; 24 } 25 26 base::win::ScopedComPtr<INetFwPolicy> firewall_policy; 27 hr = firewall_manager->get_LocalPolicy(firewall_policy.Receive()); 28 if (FAILED(hr)) { 29 DLOG(ERROR) << logging::SystemErrorCodeToString(hr); 30 return false; 31 } 32 33 hr = firewall_policy->get_CurrentProfile(current_profile_.Receive()); 34 if (FAILED(hr)) { 35 DLOG(ERROR) << logging::SystemErrorCodeToString(hr); 36 current_profile_ = NULL; 37 return false; 38 } 39 40 app_name_ = app_name; 41 app_path_ = app_path; 42 return true; 43} 44 45bool LegacyFirewallManager::IsFirewallEnabled() { 46 VARIANT_BOOL is_enabled = VARIANT_TRUE; 47 HRESULT hr = current_profile_->get_FirewallEnabled(&is_enabled); 48 return SUCCEEDED(hr) && is_enabled != VARIANT_FALSE; 49} 50 51bool LegacyFirewallManager::GetAllowIncomingConnection(bool* value) { 52 // Otherwise, check to see if there is a rule either allowing or disallowing 53 // this chrome.exe. 54 base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps( 55 GetAuthorizedApplications()); 56 if (!authorized_apps.get()) 57 return false; 58 59 base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application; 60 HRESULT hr = authorized_apps->Item( 61 base::win::ScopedBstr(app_path_.value().c_str()), 62 chrome_application.Receive()); 63 if (FAILED(hr)) 64 return false; 65 VARIANT_BOOL is_enabled = VARIANT_FALSE; 66 hr = chrome_application->get_Enabled(&is_enabled); 67 if (FAILED(hr)) 68 return false; 69 if (value) 70 *value = (is_enabled == VARIANT_TRUE); 71 return true; 72} 73 74// The SharedAccess service must be running. 75bool LegacyFirewallManager::SetAllowIncomingConnection(bool allow) { 76 base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps( 77 GetAuthorizedApplications()); 78 if (!authorized_apps.get()) 79 return false; 80 81 // Authorize chrome. 82 base::win::ScopedComPtr<INetFwAuthorizedApplication> authorization = 83 CreateChromeAuthorization(allow); 84 if (!authorization.get()) 85 return false; 86 HRESULT hr = authorized_apps->Add(authorization); 87 DLOG_IF(ERROR, FAILED(hr)) << logging::SystemErrorCodeToString(hr); 88 return SUCCEEDED(hr); 89} 90 91void LegacyFirewallManager::DeleteRule() { 92 base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps( 93 GetAuthorizedApplications()); 94 if (!authorized_apps.get()) 95 return; 96 authorized_apps->Remove(base::win::ScopedBstr(app_path_.value().c_str())); 97} 98 99base::win::ScopedComPtr<INetFwAuthorizedApplications> 100LegacyFirewallManager::GetAuthorizedApplications() { 101 base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps; 102 HRESULT hr = 103 current_profile_->get_AuthorizedApplications(authorized_apps.Receive()); 104 if (FAILED(hr)) { 105 DLOG(ERROR) << logging::SystemErrorCodeToString(hr); 106 return base::win::ScopedComPtr<INetFwAuthorizedApplications>(); 107 } 108 109 return authorized_apps; 110} 111 112base::win::ScopedComPtr<INetFwAuthorizedApplication> 113LegacyFirewallManager::CreateChromeAuthorization(bool allow) { 114 base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application; 115 116 HRESULT hr = 117 chrome_application.CreateInstance(CLSID_NetFwAuthorizedApplication); 118 if (FAILED(hr)) { 119 DLOG(ERROR) << logging::SystemErrorCodeToString(hr); 120 return base::win::ScopedComPtr<INetFwAuthorizedApplication>(); 121 } 122 123 chrome_application->put_Name(base::win::ScopedBstr(app_name_.c_str())); 124 chrome_application->put_ProcessImageFileName( 125 base::win::ScopedBstr(app_path_.value().c_str())); 126 // IpVersion defaults to NET_FW_IP_VERSION_ANY. 127 // Scope defaults to NET_FW_SCOPE_ALL. 128 // RemoteAddresses defaults to "*". 129 chrome_application->put_Enabled(allow ? VARIANT_TRUE : VARIANT_FALSE); 130 131 return chrome_application; 132} 133 134} // namespace installer 135