Home | History | Annotate | Download | only in util 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/installer/util/legacy_firewall_manager_win.h"
      6 
      7 #include "base/logging.h"
      8 #include "base/strings/stringprintf.h"
      9 #include "base/win/scoped_bstr.h"
     10 
     11 namespace installer {
     12 
     13 LegacyFirewallManager::LegacyFirewallManager() {}
     14 
     15 LegacyFirewallManager::~LegacyFirewallManager() {}
     16 
     17 bool LegacyFirewallManager::Init(const base::string16& app_name,
     18                                  const base::FilePath& app_path) {
     19   base::win::ScopedComPtr<INetFwMgr> firewall_manager;
     20   HRESULT hr = firewall_manager.CreateInstance(CLSID_NetFwMgr);
     21   if (FAILED(hr)) {
     22     DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
     23     return false;
     24   }
     25 
     26   base::win::ScopedComPtr<INetFwPolicy> firewall_policy;
     27   hr = firewall_manager->get_LocalPolicy(firewall_policy.Receive());
     28   if (FAILED(hr)) {
     29     DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
     30     return false;
     31   }
     32 
     33   hr = firewall_policy->get_CurrentProfile(current_profile_.Receive());
     34   if (FAILED(hr)) {
     35     DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
     36     current_profile_ = NULL;
     37     return false;
     38   }
     39 
     40   app_name_ = app_name;
     41   app_path_ = app_path;
     42   return true;
     43 }
     44 
     45 bool LegacyFirewallManager::IsFirewallEnabled() {
     46   VARIANT_BOOL is_enabled = VARIANT_TRUE;
     47   HRESULT hr = current_profile_->get_FirewallEnabled(&is_enabled);
     48   return SUCCEEDED(hr) && is_enabled != VARIANT_FALSE;
     49 }
     50 
     51 bool LegacyFirewallManager::GetAllowIncomingConnection(bool* value) {
     52   // Otherwise, check to see if there is a rule either allowing or disallowing
     53   // this chrome.exe.
     54   base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
     55       GetAuthorizedApplications());
     56   if (!authorized_apps.get())
     57     return false;
     58 
     59   base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application;
     60   HRESULT hr = authorized_apps->Item(
     61       base::win::ScopedBstr(app_path_.value().c_str()),
     62       chrome_application.Receive());
     63   if (FAILED(hr))
     64     return false;
     65   VARIANT_BOOL is_enabled = VARIANT_FALSE;
     66   hr = chrome_application->get_Enabled(&is_enabled);
     67   if (FAILED(hr))
     68     return false;
     69   if (value)
     70     *value = (is_enabled == VARIANT_TRUE);
     71   return true;
     72 }
     73 
     74 // The SharedAccess service must be running.
     75 bool LegacyFirewallManager::SetAllowIncomingConnection(bool allow) {
     76   base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
     77       GetAuthorizedApplications());
     78   if (!authorized_apps.get())
     79     return false;
     80 
     81   // Authorize chrome.
     82   base::win::ScopedComPtr<INetFwAuthorizedApplication> authorization =
     83       CreateChromeAuthorization(allow);
     84   if (!authorization.get())
     85     return false;
     86   HRESULT hr = authorized_apps->Add(authorization);
     87   DLOG_IF(ERROR, FAILED(hr)) << logging::SystemErrorCodeToString(hr);
     88   return SUCCEEDED(hr);
     89 }
     90 
     91 void LegacyFirewallManager::DeleteRule() {
     92   base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
     93       GetAuthorizedApplications());
     94   if (!authorized_apps.get())
     95     return;
     96   authorized_apps->Remove(base::win::ScopedBstr(app_path_.value().c_str()));
     97 }
     98 
     99 base::win::ScopedComPtr<INetFwAuthorizedApplications>
    100 LegacyFirewallManager::GetAuthorizedApplications() {
    101   base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps;
    102   HRESULT hr =
    103       current_profile_->get_AuthorizedApplications(authorized_apps.Receive());
    104   if (FAILED(hr)) {
    105     DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
    106     return base::win::ScopedComPtr<INetFwAuthorizedApplications>();
    107   }
    108 
    109   return authorized_apps;
    110 }
    111 
    112 base::win::ScopedComPtr<INetFwAuthorizedApplication>
    113 LegacyFirewallManager::CreateChromeAuthorization(bool allow) {
    114   base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application;
    115 
    116   HRESULT hr =
    117       chrome_application.CreateInstance(CLSID_NetFwAuthorizedApplication);
    118   if (FAILED(hr)) {
    119     DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
    120     return base::win::ScopedComPtr<INetFwAuthorizedApplication>();
    121   }
    122 
    123   chrome_application->put_Name(base::win::ScopedBstr(app_name_.c_str()));
    124   chrome_application->put_ProcessImageFileName(
    125       base::win::ScopedBstr(app_path_.value().c_str()));
    126   // IpVersion defaults to NET_FW_IP_VERSION_ANY.
    127   // Scope defaults to NET_FW_SCOPE_ALL.
    128   // RemoteAddresses defaults to "*".
    129   chrome_application->put_Enabled(allow ? VARIANT_TRUE : VARIANT_FALSE);
    130 
    131   return chrome_application;
    132 }
    133 
    134 }  // namespace installer
    135