| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/installer/util/legacy_firewall_manager_win.h" |
| 6 |
| 7 #include "base/logging.h" |
| 8 #include "base/strings/stringprintf.h" |
| 9 #include "base/win/scoped_bstr.h" |
| 10 #include "chrome/installer/util/browser_distribution.h" |
| 11 |
| 12 #include "installer_util_strings.h" // NOLINT |
| 13 |
| 14 namespace installer { |
| 15 |
| 16 LegacyFirewallManager::LegacyFirewallManager() {} |
| 17 |
| 18 LegacyFirewallManager::~LegacyFirewallManager() {} |
| 19 |
| 20 bool LegacyFirewallManager::Init(BrowserDistribution* dist, |
| 21 const base::FilePath& chrome_path) { |
| 22 HRESULT hr = firewall_manager_.CreateInstance(CLSID_NetFwMgr); |
| 23 if (FAILED(hr)) { |
| 24 DLOG(ERROR) << base::StringPrintf("0x%X", hr); |
| 25 return false; |
| 26 } |
| 27 distribution_ = dist; |
| 28 chrome_path_ = chrome_path; |
| 29 return true; |
| 30 } |
| 31 |
| 32 // The SharedAccess service must be running. |
| 33 bool LegacyFirewallManager::AddUDPFirewallRuleIfAbsent() { |
| 34 base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps( |
| 35 GetAuthorizedApplications()); |
| 36 if (!authorized_apps.get()) |
| 37 return false; |
| 38 |
| 39 // There is nothing to do if chrome is already authorized. |
| 40 base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application; |
| 41 HRESULT hr = authorized_apps->Item( |
| 42 base::win::ScopedBstr(chrome_path_.value().c_str()), |
| 43 chrome_application.Receive()); |
| 44 if (SUCCEEDED(hr)) |
| 45 return true; |
| 46 |
| 47 // Authorize chrome. |
| 48 chrome_application = CreateChromeAuthorization(); |
| 49 if (chrome_application.get()) { |
| 50 hr = authorized_apps->Add(chrome_application); |
| 51 DLOG_IF(ERROR, FAILED(hr)) << base::StringPrintf("0x%X", hr); |
| 52 } |
| 53 |
| 54 return SUCCEEDED(hr); |
| 55 } |
| 56 |
| 57 void LegacyFirewallManager::DeleteUDPFirewallRule() { |
| 58 base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps( |
| 59 GetAuthorizedApplications()); |
| 60 if (!authorized_apps.get()) |
| 61 return; |
| 62 |
| 63 HRESULT hr = authorized_apps->Remove( |
| 64 base::win::ScopedBstr(chrome_path_.value().c_str())); |
| 65 DLOG_IF(ERROR, FAILED(hr)) << base::StringPrintf("0x%X", hr); |
| 66 } |
| 67 |
| 68 bool LegacyFirewallManager::CanUseLocalUDPPort() { |
| 69 // It's always safe to bind to a local port if the firewall is disabled. |
| 70 base::win::ScopedComPtr<INetFwProfile> current_profile(GetCurrentProfile()); |
| 71 if (!current_profile.get()) |
| 72 return false; |
| 73 |
| 74 VARIANT_BOOL is_enabled = VARIANT_TRUE; |
| 75 HRESULT hr = current_profile->get_FirewallEnabled(&is_enabled); |
| 76 if (SUCCEEDED(hr) && is_enabled == VARIANT_FALSE) |
| 77 return true; |
| 78 |
| 79 // Otherwise, check to see if there is a rule either allowing or disallowing |
| 80 // this chrome.exe. |
| 81 base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps( |
| 82 GetAuthorizedApplications()); |
| 83 if (!authorized_apps.get()) |
| 84 return false; |
| 85 |
| 86 base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application; |
| 87 hr = authorized_apps->Item( |
| 88 base::win::ScopedBstr(chrome_path_.value().c_str()), |
| 89 chrome_application.Receive()); |
| 90 return SUCCEEDED(hr); |
| 91 } |
| 92 |
| 93 base::win::ScopedComPtr<INetFwProfile> |
| 94 LegacyFirewallManager::GetCurrentProfile() { |
| 95 if (current_profile_.get()) |
| 96 return current_profile_; |
| 97 |
| 98 base::win::ScopedComPtr<INetFwPolicy> firewall_policy; |
| 99 HRESULT hr = firewall_manager_->get_LocalPolicy(firewall_policy.Receive()); |
| 100 if (FAILED(hr)) { |
| 101 DLOG(ERROR) << base::StringPrintf("0x%X", hr); |
| 102 return base::win::ScopedComPtr<INetFwProfile>(); |
| 103 } |
| 104 |
| 105 hr = firewall_policy->get_CurrentProfile(current_profile_.Receive()); |
| 106 if (FAILED(hr)) { |
| 107 DLOG(ERROR) << base::StringPrintf("0x%X", hr); |
| 108 return base::win::ScopedComPtr<INetFwProfile>(); |
| 109 } |
| 110 |
| 111 return current_profile_; |
| 112 } |
| 113 |
| 114 base::win::ScopedComPtr<INetFwAuthorizedApplications> |
| 115 LegacyFirewallManager::GetAuthorizedApplications() { |
| 116 base::win::ScopedComPtr<INetFwProfile> current_profile(GetCurrentProfile()); |
| 117 if (!current_profile.get()) |
| 118 return base::win::ScopedComPtr<INetFwAuthorizedApplications>(); |
| 119 |
| 120 HRESULT hr = current_profile->get_AuthorizedApplications( |
| 121 authorized_apps_.Receive()); |
| 122 if (FAILED(hr)) { |
| 123 DLOG(ERROR) << base::StringPrintf("0x%X", hr); |
| 124 return base::win::ScopedComPtr<INetFwAuthorizedApplications>(); |
| 125 } |
| 126 |
| 127 return authorized_apps_; |
| 128 } |
| 129 |
| 130 base::win::ScopedComPtr<INetFwAuthorizedApplication> |
| 131 LegacyFirewallManager::CreateChromeAuthorization() { |
| 132 base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application; |
| 133 |
| 134 HRESULT hr = |
| 135 chrome_application.CreateInstance(CLSID_NetFwAuthorizedApplication); |
| 136 if (FAILED(hr)) { |
| 137 DLOG(ERROR) << base::StringPrintf("0x%X", hr); |
| 138 return base::win::ScopedComPtr<INetFwAuthorizedApplication>(); |
| 139 } |
| 140 |
| 141 chrome_application->put_Name( |
| 142 base::win::ScopedBstr(distribution_->GetDisplayName().c_str())); |
| 143 chrome_application->put_ProcessImageFileName( |
| 144 base::win::ScopedBstr(chrome_path_.value().c_str())); |
| 145 // IpVersion defaults to NET_FW_IP_VERSION_ANY. |
| 146 // Scope defaults to NET_FW_SCOPE_ALL. |
| 147 // RemoteAddresses defaults to "*". |
| 148 chrome_application->put_Enabled(VARIANT_FALSE); |
| 149 |
| 150 return chrome_application; |
| 151 } |
| 152 |
| 153 } // namespace installer |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 149023010:
UDP firewall rules for Windows. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src