15c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 25c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// found in the LICENSE file. 45c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 55c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)#include "chrome/installer/util/legacy_firewall_manager_win.h" 65c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 75c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)#include "base/logging.h" 85c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)#include "base/strings/stringprintf.h" 95c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)#include "base/win/scoped_bstr.h" 105c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 115c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)namespace installer { 125c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 135c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)LegacyFirewallManager::LegacyFirewallManager() {} 145c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 155c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)LegacyFirewallManager::~LegacyFirewallManager() {} 165c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 175c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)bool LegacyFirewallManager::Init(const base::string16& app_name, 185c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) const base::FilePath& app_path) { 195c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) base::win::ScopedComPtr<INetFwMgr> firewall_manager; 205c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) HRESULT hr = firewall_manager.CreateInstance(CLSID_NetFwMgr); 215c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) if (FAILED(hr)) { 225c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) DLOG(ERROR) << logging::SystemErrorCodeToString(hr); 235c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) return false; 245c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) } 255c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 265c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) base::win::ScopedComPtr<INetFwPolicy> firewall_policy; 275c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) hr = firewall_manager->get_LocalPolicy(firewall_policy.Receive()); 285c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) if (FAILED(hr)) { 295c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) DLOG(ERROR) << logging::SystemErrorCodeToString(hr); 305c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) return false; 315c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) } 325c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 335c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) hr = firewall_policy->get_CurrentProfile(current_profile_.Receive()); 3407a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch if (FAILED(hr)) { 35e69819bd8e388ea4ad1636a19aa6b2eed4952191Ben Murdoch DLOG(ERROR) << logging::SystemErrorCodeToString(hr); 36e69819bd8e388ea4ad1636a19aa6b2eed4952191Ben Murdoch current_profile_ = NULL; 375c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) return false; 385c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) } 395c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 40df95704c49daea886ddad70775bda23618d6274dBen Murdoch app_name_ = app_name; 415c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) app_path_ = app_path; 42f79f16f17ddc4f842d7b7a38603e280e94be826aTorne (Richard Coles) return true; 435c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)} 445c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 4507a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdochbool LegacyFirewallManager::IsFirewallEnabled() { 465c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) VARIANT_BOOL is_enabled = VARIANT_TRUE; 475c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) HRESULT hr = current_profile_->get_FirewallEnabled(&is_enabled); 485c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) return SUCCEEDED(hr) && is_enabled != VARIANT_FALSE; 495c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)} 505c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 515c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)bool LegacyFirewallManager::GetAllowIncomingConnection(bool* value) { 525c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) // Otherwise, check to see if there is a rule either allowing or disallowing 5307a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // this chrome.exe. 545c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps( 55df95704c49daea886ddad70775bda23618d6274dBen Murdoch GetAuthorizedApplications()); 565c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) if (!authorized_apps.get()) 57df95704c49daea886ddad70775bda23618d6274dBen Murdoch return false; 58df95704c49daea886ddad70775bda23618d6274dBen Murdoch 595c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application; 605c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) HRESULT hr = authorized_apps->Item( 615c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) base::win::ScopedBstr(app_path_.value().c_str()), 625c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) chrome_application.Receive()); 635c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) if (FAILED(hr)) 645c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) return false; 655c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) VARIANT_BOOL is_enabled = VARIANT_FALSE; 665c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) hr = chrome_application->get_Enabled(&is_enabled); 6707a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch if (FAILED(hr)) 685c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) return false; 695c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) if (value) 70df95704c49daea886ddad70775bda23618d6274dBen Murdoch *value = (is_enabled == VARIANT_TRUE); 71df95704c49daea886ddad70775bda23618d6274dBen Murdoch return true; 725c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)} 735c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 745c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// The SharedAccess service must be running. 7507a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdochbool LegacyFirewallManager::SetAllowIncomingConnection(bool allow) { 765c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps( 775c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) GetAuthorizedApplications()); 785c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) if (!authorized_apps.get()) 795c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) return false; 805c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 815c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) // Authorize chrome. 825c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) base::win::ScopedComPtr<INetFwAuthorizedApplication> authorization = 83 CreateChromeAuthorization(allow); 84 if (!authorization.get()) 85 return false; 86 HRESULT hr = authorized_apps->Add(authorization); 87 DLOG_IF(ERROR, FAILED(hr)) << logging::SystemErrorCodeToString(hr); 88 return SUCCEEDED(hr); 89} 90 91void LegacyFirewallManager::DeleteRule() { 92 base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps( 93 GetAuthorizedApplications()); 94 if (!authorized_apps.get()) 95 return; 96 authorized_apps->Remove(base::win::ScopedBstr(app_path_.value().c_str())); 97} 98 99base::win::ScopedComPtr<INetFwAuthorizedApplications> 100LegacyFirewallManager::GetAuthorizedApplications() { 101 base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps; 102 HRESULT hr = 103 current_profile_->get_AuthorizedApplications(authorized_apps.Receive()); 104 if (FAILED(hr)) { 105 DLOG(ERROR) << logging::SystemErrorCodeToString(hr); 106 return base::win::ScopedComPtr<INetFwAuthorizedApplications>(); 107 } 108 109 return authorized_apps; 110} 111 112base::win::ScopedComPtr<INetFwAuthorizedApplication> 113LegacyFirewallManager::CreateChromeAuthorization(bool allow) { 114 base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application; 115 116 HRESULT hr = 117 chrome_application.CreateInstance(CLSID_NetFwAuthorizedApplication); 118 if (FAILED(hr)) { 119 DLOG(ERROR) << logging::SystemErrorCodeToString(hr); 120 return base::win::ScopedComPtr<INetFwAuthorizedApplication>(); 121 } 122 123 chrome_application->put_Name(base::win::ScopedBstr(app_name_.c_str())); 124 chrome_application->put_ProcessImageFileName( 125 base::win::ScopedBstr(app_path_.value().c_str())); 126 // IpVersion defaults to NET_FW_IP_VERSION_ANY. 127 // Scope defaults to NET_FW_SCOPE_ALL. 128 // RemoteAddresses defaults to "*". 129 chrome_application->put_Enabled(allow ? VARIANT_TRUE : VARIANT_FALSE); 130 131 return chrome_application; 132} 133 134} // namespace installer 135