2012-01-17 08:17:00 +01:00
|
|
|
|
using System;
|
|
|
|
|
|
using System.Diagnostics;
|
|
|
|
|
|
using System.Linq;
|
|
|
|
|
|
using System.Security.Principal;
|
|
|
|
|
|
using NLog;
|
2013-02-17 17:09:49 +01:00
|
|
|
|
#if __MonoCS__
|
|
|
|
|
|
#else
|
2012-01-17 08:17:00 +01:00
|
|
|
|
using NetFwTypeLib;
|
2013-02-17 17:09:49 +01:00
|
|
|
|
#endif
|
2012-01-17 08:17:00 +01:00
|
|
|
|
|
|
|
|
|
|
namespace NzbDrone.Common
|
|
|
|
|
|
{
|
2013-03-26 05:03:16 +01:00
|
|
|
|
public interface ISecurityProvider
|
|
|
|
|
|
{
|
|
|
|
|
|
void MakeAccessible();
|
|
|
|
|
|
bool IsCurrentUserAdmin();
|
|
|
|
|
|
bool IsNzbDronePortOpen();
|
|
|
|
|
|
bool IsNzbDroneUrlRegistered();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public class SecurityProvider : ISecurityProvider
|
2013-02-17 17:09:49 +01:00
|
|
|
|
{
|
2013-05-11 01:53:50 +02:00
|
|
|
|
private readonly IConfigFileProvider _configFileProvider;
|
|
|
|
|
|
private readonly IEnvironmentProvider _environmentProvider;
|
|
|
|
|
|
private readonly IProcessProvider _processProvider;
|
2013-03-26 05:03:16 +01:00
|
|
|
|
private readonly Logger _logger;
|
2012-01-17 08:17:00 +01:00
|
|
|
|
|
2013-05-11 01:53:50 +02:00
|
|
|
|
public SecurityProvider(IConfigFileProvider configFileProvider, IEnvironmentProvider environmentProvider,
|
|
|
|
|
|
IProcessProvider processProvider, Logger logger)
|
2013-02-17 17:09:49 +01:00
|
|
|
|
{
|
|
|
|
|
|
_configFileProvider = configFileProvider;
|
|
|
|
|
|
_environmentProvider = environmentProvider;
|
|
|
|
|
|
_processProvider = processProvider;
|
2013-03-26 05:03:16 +01:00
|
|
|
|
_logger = logger;
|
2013-02-17 17:09:49 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
public void MakeAccessible()
|
2013-02-17 17:09:49 +01:00
|
|
|
|
{
|
2013-03-26 05:03:16 +01:00
|
|
|
|
if (!IsCurrentUserAdmin ())
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.Trace ("User is not an admin, skipping.");
|
2013-02-17 17:09:49 +01:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int port = 0;
|
|
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
if (IsFirewallEnabled ())
|
|
|
|
|
|
{
|
|
|
|
|
|
if (IsNzbDronePortOpen ())
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.Trace ("NzbDrone port is already open, skipping.");
|
2013-02-17 17:09:49 +01:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//Close any old ports
|
|
|
|
|
|
port = CloseFirewallPort ();
|
|
|
|
|
|
|
|
|
|
|
|
//Open the new port
|
|
|
|
|
|
OpenFirewallPort (_configFileProvider.Port);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//Skip Url Register if not Vista or 7
|
|
|
|
|
|
if (_environmentProvider.GetOsVersion ().Major < 6)
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
|
|
//Unregister Url (if port != 0)
|
|
|
|
|
|
if (port != 0)
|
2013-03-26 05:03:16 +01:00
|
|
|
|
UnregisterUrl(port);
|
2013-02-17 17:09:49 +01:00
|
|
|
|
|
|
|
|
|
|
//Register Url
|
2013-03-26 05:03:16 +01:00
|
|
|
|
RegisterUrl(_configFileProvider.Port);
|
2013-02-17 17:09:49 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
public bool IsCurrentUserAdmin()
|
2013-02-17 17:09:49 +01:00
|
|
|
|
{
|
|
|
|
|
|
try {
|
|
|
|
|
|
var principal = new WindowsPrincipal (WindowsIdentity.GetCurrent ());
|
|
|
|
|
|
return principal.IsInRole (WindowsBuiltInRole.Administrator);
|
|
|
|
|
|
} catch (Exception ex) {
|
2013-03-26 05:03:16 +01:00
|
|
|
|
_logger.WarnException ("Error checking if the current user is an administrator.", ex);
|
2013-02-17 17:09:49 +01:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
public bool IsNzbDronePortOpen()
|
2013-02-17 17:09:49 +01:00
|
|
|
|
{
|
|
|
|
|
|
#if __MonoCS__
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
var netFwMgrType = Type.GetTypeFromProgID ("HNetCfg.FwMgr", false);
|
|
|
|
|
|
|
|
|
|
|
|
var mgr = (INetFwMgr)Activator.CreateInstance (netFwMgrType);
|
|
|
|
|
|
|
|
|
|
|
|
if (!mgr.LocalPolicy.CurrentProfile.FirewallEnabled)
|
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
|
|
var ports = mgr.LocalPolicy.CurrentProfile.GloballyOpenPorts;
|
|
|
|
|
|
|
|
|
|
|
|
foreach (INetFwOpenPort p in ports) {
|
|
|
|
|
|
if (p.Port == _configFileProvider.Port)
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
2013-03-26 05:03:16 +01:00
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex) {
|
|
|
|
|
|
_logger.WarnException ("Failed to check for open port in firewall", ex);
|
2013-02-17 17:09:49 +01:00
|
|
|
|
}
|
|
|
|
|
|
#endif
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
public bool IsNzbDroneUrlRegistered()
|
|
|
|
|
|
{
|
|
|
|
|
|
return CheckIfUrlIsRegisteredUrl(_configFileProvider.Port);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private void OpenFirewallPort(int portNumber)
|
2013-02-17 17:09:49 +01:00
|
|
|
|
{
|
|
|
|
|
|
#if __MonoCS__
|
|
|
|
|
|
return true;
|
|
|
|
|
|
#else
|
|
|
|
|
|
try {
|
|
|
|
|
|
var type = Type.GetTypeFromProgID ("HNetCfg.FWOpenPort", false);
|
|
|
|
|
|
var port = Activator.CreateInstance (type) as INetFwOpenPort;
|
|
|
|
|
|
|
|
|
|
|
|
port.Port = portNumber;
|
|
|
|
|
|
port.Name = "NzbDrone";
|
|
|
|
|
|
port.Protocol = NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP;
|
|
|
|
|
|
port.Enabled = true;
|
|
|
|
|
|
|
|
|
|
|
|
var netFwMgrType = Type.GetTypeFromProgID ("HNetCfg.FwMgr", false);
|
|
|
|
|
|
var mgr = (INetFwMgr)Activator.CreateInstance (netFwMgrType);
|
|
|
|
|
|
var ports = mgr.LocalPolicy.CurrentProfile.GloballyOpenPorts;
|
|
|
|
|
|
|
|
|
|
|
|
ports.Add (port);
|
2013-03-26 05:03:16 +01:00
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex) {
|
|
|
|
|
|
_logger.WarnException ("Failed to open port in firewall for NzbDrone " + portNumber, ex);
|
2013-02-17 17:09:49 +01:00
|
|
|
|
}
|
|
|
|
|
|
#endif
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
private int CloseFirewallPort()
|
2013-02-17 17:09:49 +01:00
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
#if __MonoCS__
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
var netFwMgrType = Type.GetTypeFromProgID ("HNetCfg.FwMgr", false);
|
|
|
|
|
|
var mgr = (INetFwMgr)Activator.CreateInstance (netFwMgrType);
|
|
|
|
|
|
var ports = mgr.LocalPolicy.CurrentProfile.GloballyOpenPorts;
|
|
|
|
|
|
|
|
|
|
|
|
var portNumber = 8989;
|
|
|
|
|
|
|
|
|
|
|
|
foreach (INetFwOpenPort p in ports) {
|
|
|
|
|
|
if (p.Name == "NzbDrone") {
|
|
|
|
|
|
portNumber = p.Port;
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
if (portNumber != _configFileProvider.Port)
|
|
|
|
|
|
{
|
2013-02-17 17:09:49 +01:00
|
|
|
|
ports.Remove (portNumber, NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP);
|
|
|
|
|
|
return portNumber;
|
|
|
|
|
|
}
|
2013-03-26 05:03:16 +01:00
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.WarnException ("Failed to close port in firewall for NzbDrone", ex);
|
2013-02-17 17:09:49 +01:00
|
|
|
|
}
|
|
|
|
|
|
#endif
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
private bool IsFirewallEnabled()
|
2013-02-17 17:09:49 +01:00
|
|
|
|
{
|
|
|
|
|
|
#if __MonoCS__
|
|
|
|
|
|
return true;
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
var netFwMgrType = Type.GetTypeFromProgID ("HNetCfg.FwMgr", false);
|
|
|
|
|
|
var mgr = (INetFwMgr)Activator.CreateInstance (netFwMgrType);
|
|
|
|
|
|
return mgr.LocalPolicy.CurrentProfile.FirewallEnabled;
|
2013-03-26 05:03:16 +01:00
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.WarnException ("Failed to check if the firewall is enabled", ex);
|
2013-02-17 17:09:49 +01:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
#endif
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
private void RegisterUrl(int portNumber)
|
2013-02-17 17:09:49 +01:00
|
|
|
|
{
|
2013-05-07 09:25:10 +02:00
|
|
|
|
var arguments = String.Format("http add urlacl http://*:{0}/ user=EVERYONE", portNumber);
|
2013-03-26 05:03:16 +01:00
|
|
|
|
RunNetsh(arguments);
|
2013-02-17 17:09:49 +01:00
|
|
|
|
}
|
2012-01-17 08:17:00 +01:00
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
private void UnregisterUrl(int portNumber)
|
2013-02-17 17:09:49 +01:00
|
|
|
|
{
|
2013-05-07 09:25:10 +02:00
|
|
|
|
var arguments = String.Format("http delete urlacl http://*:{0}/", portNumber);
|
2013-03-26 05:03:16 +01:00
|
|
|
|
RunNetsh(arguments);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private bool CheckIfUrlIsRegisteredUrl(int portNumber)
|
|
|
|
|
|
{
|
2013-05-07 09:25:10 +02:00
|
|
|
|
var url = String.Format("http://*:{0}/", portNumber);
|
2013-03-26 05:03:16 +01:00
|
|
|
|
var arguments = String.Format("http show urlacl url=\"{0}\"", url);
|
|
|
|
|
|
var output = RunNetsh(arguments);
|
|
|
|
|
|
|
|
|
|
|
|
if(String.IsNullOrWhiteSpace(output))
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.Error("netsh output is invalid for arguments: {0}", arguments);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if(!output.Contains(url))
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.Trace("Url has not already been registered");
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
_logger.Trace("Url has already been registered!");
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private string RunNetsh(string arguments)
|
|
|
|
|
|
{
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
var startInfo = new ProcessStartInfo()
|
2012-01-17 08:17:00 +01:00
|
|
|
|
{
|
2013-03-26 05:03:16 +01:00
|
|
|
|
RedirectStandardOutput = true,
|
|
|
|
|
|
UseShellExecute = false,
|
2012-01-17 08:17:00 +01:00
|
|
|
|
FileName = "netsh.exe",
|
2013-03-26 05:03:16 +01:00
|
|
|
|
Arguments = arguments
|
2012-01-17 08:17:00 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
2013-03-26 05:03:16 +01:00
|
|
|
|
var process = _processProvider.Start(startInfo);
|
|
|
|
|
|
process.WaitForExit(5000);
|
|
|
|
|
|
return process.StandardOutput.ReadToEnd();
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.WarnException("Error executing netsh with arguments: " + arguments, ex);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
|
}
|
2013-02-17 17:09:49 +01:00
|
|
|
|
}
|
2012-01-17 08:17:00 +01:00
|
|
|
|
}
|
