예제 #1
0
 /// <summary>
 /// Constructor.
 /// </summary>
 /// <param name="match_type">The condition match type.</param>
 /// <param name="field_key">The field key.</param>
 /// <param name="value">The value.</param>
 public FirewallFilterCondition(FirewallMatchType match_type, Guid field_key, FirewallValue value)
 {
     MatchType    = match_type;
     FieldKey     = field_key;
     FieldKeyName = NamedGuidDictionary.ConditionGuids.Value.GetName(FieldKey);
     Value        = value;
 }
예제 #2
0
 internal FirewallFilterCondition(FWPM_FILTER_CONDITION0 condition)
 {
     MatchType    = condition.matchType;
     FieldKey     = condition.fieldKey;
     FieldKeyName = NamedGuidDictionary.ConditionGuids.Value.GetName(FieldKey);
     Value        = new FirewallValue(condition.conditionValue, condition.fieldKey);
 }
예제 #3
0
        private static FirewallAddressAndMask GetAddr(FWP_VALUE0 value)
        {
            var v = new FirewallValue(value, Guid.Empty);

            if (v.Value is FirewallAddressAndMask addr)
            {
                return(addr);
            }
            return(default);
예제 #4
0
        internal FirewallFilter(FWPM_FILTER0 filter, FirewallEngine engine, Func <SecurityInformation, bool, NtResult <SecurityDescriptor> > get_sd)
            : base(filter.filterKey, filter.displayData, new NamedGuidDictionary(), engine, get_sd)
        {
            ActionType = filter.action.type;
            if (ActionType.HasFlag(FirewallActionType.Callout))
            {
                CalloutKey     = filter.action.action.calloutKey;
                CalloutKeyName = NamedGuidDictionary.CalloutGuids.Value.GetName(CalloutKey);
            }
            else
            {
                FilterType = filter.action.action.filterType;
            }
            LayerKey        = filter.layerKey;
            LayerKeyName    = NamedGuidDictionary.LayerGuids.Value.GetName(LayerKey);
            SubLayerKey     = filter.subLayerKey;
            SubLayerKeyName = NamedGuidDictionary.SubLayerGuids.Value.GetName(SubLayerKey);
            Flags           = filter.flags;

            List <FirewallFilterCondition> conditions = new List <FirewallFilterCondition>();

            if (filter.numFilterConditions > 0)
            {
                var conds = new SafeHGlobalBuffer(filter.filterCondition, 1, false);
                conds.Initialize <FWPM_FILTER_CONDITION0>((uint)filter.numFilterConditions);
                conditions.AddRange(conds.ReadArray <FWPM_FILTER_CONDITION0>(0, filter.numFilterConditions).Select(c => new FirewallFilterCondition(c)));
            }
            Conditions      = conditions.AsReadOnly();
            Weight          = new FirewallValue(filter.weight, Guid.Empty);
            EffectiveWeight = new FirewallValue(filter.effectiveWeight, Guid.Empty);
            if (filter.providerKey != IntPtr.Zero)
            {
                ProviderKey = filter.providerKey.ReadGuid() ?? Guid.Empty;
            }
            ProviderData = filter.providerData.ToArray();
            FilterId     = filter.filterId;
        }
예제 #5
0
 /// <summary>
 /// Add a package SID condition.
 /// </summary>
 /// <param name="match_type">The match type.</param>
 /// <param name="package_sid">The package SID.</param>
 public void AddPackageSid(FirewallMatchType match_type, Sid package_sid)
 {
     AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_ALE_PACKAGE_ID, FirewallValue.FromSid(package_sid));
 }
예제 #6
0
 /// <summary>
 /// Add a remote user ID security descriptor condition.
 /// </summary>
 /// <param name="match_type">The match type for the condition.</param>
 /// <param name="security_descriptor">The security descriptor.</param>
 public void AddRemoteUserId(FirewallMatchType match_type, SecurityDescriptor security_descriptor)
 {
     AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_ALE_REMOTE_USER_ID,
                  FirewallValue.FromSecurityDescriptor(security_descriptor));
 }
예제 #7
0
 /// <summary>
 /// Add a conditions flag condition.
 /// </summary>
 /// <param name="match_type">The match type for the condition.</param>
 /// <param name="flags">The flags for the condition.</param>
 public void AddConditionFlags(FirewallMatchType match_type, FirewallConditionFlags flags)
 {
     AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_FLAGS, FirewallValue.FromConditionFlags(flags));
 }
예제 #8
0
 /// <summary>
 /// Add a condition range.
 /// </summary>
 /// <param name="field_key">The field key for the condition.</param>
 /// <param name="low">The low value for the range.</param>
 /// <param name="high">The high value from the range.</param>
 public void AddConditionRange(Guid field_key, FirewallValue low, FirewallValue high)
 {
     AddCondition(FirewallMatchType.Range, field_key, FirewallValue.FromRange(low, high));
 }
예제 #9
0
 /// <summary>
 /// Add an App ID condition.
 /// </summary>
 /// <param name="match_type">The match type for the condition.</param>
 /// <param name="appid">The path to the file already converted to absolute format.</param>
 public void AddAppId(FirewallMatchType match_type, string appid)
 {
     AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_ALE_APP_ID,
                  FirewallValue.FromBlobUnicodeString(appid));
 }
예제 #10
0
 /// <summary>
 /// Add a IP protocol type condition.
 /// </summary>
 /// <param name="match_type">The match type for the condition.</param>
 /// <param name="protocol">The protocol type for the condition.</param>
 public void AddProtocolType(FirewallMatchType match_type, ProtocolType protocol)
 {
     AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_IP_PROTOCOL, FirewallValue.FromProtocolType(protocol));
 }
예제 #11
0
 /// <summary>
 /// Add a condition.
 /// </summary>
 /// <param name="match_type">The match type for the condition.</param>
 /// <param name="field_key">The field key for the condition.</param>
 /// <param name="value">The value for the condition.</param>
 public void AddCondition(FirewallMatchType match_type, Guid field_key, FirewallValue value)
 {
     Conditions.Add(new FirewallFilterCondition(match_type, field_key, value));
 }
예제 #12
0
 /// <summary>
 /// Add IP address.
 /// </summary>
 /// <param name="match_type">The match type for the condition.</param>
 /// <param name="remote">True to specify remote, false for local.</param>
 /// <param name="address">The low IP address.</param>
 public void AddIpAddress(FirewallMatchType match_type, bool remote, IPAddress address)
 {
     AddCondition(match_type, remote ? FirewallConditionGuids.FWPM_CONDITION_IP_REMOTE_ADDRESS : FirewallConditionGuids.FWPM_CONDITION_IP_LOCAL_ADDRESS,
                  FirewallValue.FromIpAddress(address));
 }
예제 #13
0
 internal FirewallRange(FirewallValue low, FirewallValue high)
 {
     Low  = low;
     High = high;
 }
예제 #14
0
 /// <summary>
 /// Add remote machine token information.
 /// </summary>
 /// <param name="match_type">The match type.</param>
 /// <param name="token">The token.</param>
 public void AddRemoteMachineToken(FirewallMatchType match_type, NtToken token)
 {
     AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_ALE_REMOTE_MACHINE_ID,
                  FirewallValue.FromTokenInformation(token));
 }
예제 #15
0
 /// <summary>
 /// Add token information.
 /// </summary>
 /// <param name="match_type">The match type.</param>
 /// <param name="token">The token.</param>
 public void AddUserToken(FirewallMatchType match_type, NtToken token)
 {
     AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_ALE_USER_ID,
                  FirewallValue.FromTokenInformation(token));
 }
예제 #16
0
 /// <summary>
 /// Add port.
 /// </summary>
 /// <param name="match_type">The match type for the condition.</param>
 /// <param name="remote">True to specify remote, false for local.</param>
 /// <param name="port">The port.</param>
 public void AddPort(FirewallMatchType match_type, bool remote, int port)
 {
     AddCondition(match_type, remote ? FirewallConditionGuids.FWPM_CONDITION_IP_REMOTE_PORT : FirewallConditionGuids.FWPM_CONDITION_IP_LOCAL_PORT,
                  FirewallValue.FromUInt16((ushort)port));
 }
예제 #17
0
 /// <summary>
 /// Add port range.
 /// </summary>
 /// <param name="remote">True to specify remote, false for local.</param>
 /// <param name="low_port">The low port.</param>
 /// <param name="high_port">The high port.</param>
 public void AddPortRange(bool remote, int low_port, int high_port)
 {
     AddConditionRange(remote ? FirewallConditionGuids.FWPM_CONDITION_IP_REMOTE_PORT : FirewallConditionGuids.FWPM_CONDITION_IP_LOCAL_PORT,
                       FirewallValue.FromUInt16((ushort)low_port), FirewallValue.FromUInt16((ushort)high_port));
 }
예제 #18
0
 /// <summary>
 /// Add IP address range.
 /// </summary>
 /// <param name="remote">True to specify remote, false for local.</param>
 /// <param name="low_address">The low IP address.</param>
 /// <param name="high_address">The high IP address.</param>
 public void AddIpRange(bool remote, IPAddress low_address, IPAddress high_address)
 {
     AddConditionRange(remote ? FirewallConditionGuids.FWPM_CONDITION_IP_REMOTE_ADDRESS : FirewallConditionGuids.FWPM_CONDITION_IP_LOCAL_ADDRESS,
                       FirewallValue.FromIpAddress(low_address), FirewallValue.FromIpAddress(high_address));
 }
예제 #19
0
 internal FirewallRange(FWP_RANGE0 range, Guid condition_key)
 {
     Low  = new FirewallValue(range.valueLow, condition_key);
     High = new FirewallValue(range.valueHigh, condition_key);
 }
예제 #20
0
 /// <summary>
 /// Add the RPC UUID.
 /// </summary>
 /// <param name="match_type">Match type.</param>
 /// <param name="uuid">The RPC UUID.</param>
 public void AddRpcUuid(FirewallMatchType match_type, Guid uuid)
 {
     AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_RPC_IF_UUID, FirewallValue.FromGuid(uuid));
 }
예제 #21
0
 private static FirewallFilterCondition ConvertUserId(FirewallFilterCondition condition)
 {
     if (condition.FieldKey != FirewallConditionGuids.FWPM_CONDITION_ALE_USER_ID)
     {
         return(condition);
     }
     if (condition.Value.Type == FirewallDataType.Sid)
     {
         return(condition);
     }
     if (!(condition.Value.Value is FirewallTokenInformation token_info))
     {
         throw new ArgumentException("Must specify a SID or FirewallTokenInformation for FWPM_CONDITION_ALE_USER_ID.");
     }
     if (token_info.UserSid == null)
     {
         throw new ArgumentException("Must specify a user SID for the TokenInformation for FWPM_CONDITION_ALE_USER_ID.");
     }
     return(new FirewallFilterCondition(condition.MatchType, condition.FieldKey, FirewallValue.FromSid(token_info.UserSid)));
 }
예제 #22
0
 /// <summary>
 /// Add a network event type.
 /// </summary>
 /// <param name="match_type">Match type.</param>
 /// <param name="type">Network event type.</param>
 public void AddNetEventType(FirewallMatchType match_type, FirewallNetEventType type)
 {
     AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_NET_EVENT_TYPE, FirewallValue.FromUInt32((uint)type));
 }