Update winfw interface to include set of approved applications

author: Odd Stranne <odd@mullvad.net> 2020-06-08 15:38:14 +0200
committer: Odd Stranne <odd@mullvad.net> 2020-06-09 10:12:07 +0200
commit: 75a43ae0f64a12c4ef1fb6a853162ff8bed8b91e (patch)
tree: 8545f1483d486270213fd6391c63e63740e0c271 /windows
parent: 9fd0d3024378a2755bc93da61a1569f03b13b071 (diff)
download: mullvadvpn-75a43ae0f64a12c4ef1fb6a853162ff8bed8b91e.tar.xz
mullvadvpn-75a43ae0f64a12c4ef1fb6a853162ff8bed8b91e.zip
4 files changed, 51 insertions, 10 deletions
diff --git a/windows/winfw/src/winfw/winfw.cpp b/windows/winfw/src/winfw/winfw.cpp
index 6c1cc7cd5a..55587e03f9 100644
--- a/windows/winfw/src/winfw/winfw.cpp
+++ b/windows/winfw/src/winfw/winfw.cpp
@@ -42,6 +42,27 @@ std::optional<FwContext::PingableHosts> ConvertPingableHosts(const PingableHosts
 	return converted;
 }
 
+std::vector<std::wstring> ConvertApprovedApplications
+(
+	WinFwApprovedApplications *approvedApplications
+)
+{
+	if (nullptr == approvedApplications
+		|| 0 == approvedApplications->numApps)
+	{
+		THROW_ERROR("Invalid list of approved applications (empty list)");
+	}
+
+	std::vector<std::wstring> converted;
+
+	for (size_t i = 0; i < approvedApplications->numApps; ++i)
+	{
+		converted.emplace_back(std::wstring(approvedApplications->apps[i]));
+	}
+
+	return converted;
+}
+
 } // anonymous namespace
 
 WINFW_LINKAGE
@@ -49,6 +70,7 @@ bool
 WINFW_API
 WinFw_Initialize(
 	uint32_t timeout,
+	WinFwApprovedApplications *approvedApplications,
 	MullvadLogSink logSink,
 	void *logSinkContext
 )
@@ -70,7 +92,8 @@ WinFw_Initialize(
 		g_logSink = logSink;
 		g_logSinkContext = logSinkContext;
 
-		g_fwContext = new FwContext(timeout_ms);
+		g_fwContext = new FwContext(timeout_ms,
+			ConvertApprovedApplications(approvedApplications));
 	}
 	catch (std::exception &err)
 	{
@@ -96,6 +119,7 @@ WINFW_API
 WinFw_InitializeBlocked(
 	uint32_t timeout,
 	const WinFwSettings *settings,
+	WinFwApprovedApplications *approvedApplications,
 	MullvadLogSink logSink,
 	void *logSinkContext
 )
@@ -122,7 +146,8 @@ WinFw_InitializeBlocked(
 		g_logSink = logSink;
 		g_logSinkContext = logSinkContext;
 
-		g_fwContext = new FwContext(timeout_ms, *settings);
+		g_fwContext = new FwContext(timeout_ms, *settings,
+			ConvertApprovedApplications(approvedApplications));
 	}
 	catch (std::exception &err)
 	{
diff --git a/windows/winfw/src/winfw/winfw.h b/windows/winfw/src/winfw/winfw.h
index 8f418c333b..100c166d32 100644
--- a/windows/winfw/src/winfw/winfw.h
+++ b/windows/winfw/src/winfw/winfw.h
@@ -45,6 +45,17 @@ typedef struct tag_WinFwRelay
 }
 WinFwRelay;
 
+//
+// This structure is used to define the set of applications
+// that are allowed to communicate with the relay.
+//
+typedef struct tag_WinFwApprovedApplications
+{
+	const wchar_t **apps;
+	size_t numApps;
+}
+WinFwApprovedApplications;
+
 #pragma pack(pop)
 
 ///////////////////////////////////////////////////////////////////////////////
@@ -67,6 +78,7 @@ bool
 WINFW_API
 WinFw_Initialize(
 	uint32_t timeout,
+	WinFwApprovedApplications *approvedApplications,
 	MullvadLogSink logSink,
 	void *logSinkContext
 );
@@ -88,6 +100,7 @@ WINFW_API
 WinFw_InitializeBlocked(
 	uint32_t timeout,
 	const WinFwSettings *settings,
+	WinFwApprovedApplications *approvedApplications,
 	MullvadLogSink logSink,
 	void *logSinkContext
 );
diff --git a/windows/winfw/src/winfw/winfw.vcxproj b/windows/winfw/src/winfw/winfw.vcxproj
index c999f5aaca..85a6e0d0b4 100644
--- a/windows/winfw/src/winfw/winfw.vcxproj
+++ b/windows/winfw/src/winfw/winfw.vcxproj
@@ -32,12 +32,12 @@
     <ClCompile Include="rules\baseline\permitloopback.cpp" />
     <ClCompile Include="rules\baseline\permitndp.cpp" />
     <ClCompile Include="rules\baseline\permitping.cpp" />
-    <ClCompile Include="rules\baseline\permitvpnrelay.cpp" />
     <ClCompile Include="rules\baseline\permitvpntunnel.cpp" />
     <ClCompile Include="rules\baseline\permitvpntunnelservice.cpp" />
     <ClCompile Include="rules\dns\blockall.cpp" />
     <ClCompile Include="rules\dns\permitnontunnel.cpp" />
     <ClCompile Include="rules\dns\permittunnel.cpp" />
+    <ClCompile Include="rules\multi\permitvpnrelay.cpp" />
     <ClCompile Include="rules\shared.cpp" />
     <ClCompile Include="sessioncontroller.cpp" />
     <ClCompile Include="sessionrecord.cpp" />
@@ -65,12 +65,12 @@
     <ClInclude Include="rules\baseline\permitloopback.h" />
     <ClInclude Include="rules\baseline\permitndp.h" />
     <ClInclude Include="rules\baseline\permitping.h" />
-    <ClInclude Include="rules\baseline\permitvpnrelay.h" />
     <ClInclude Include="rules\baseline\permitvpntunnel.h" />
     <ClInclude Include="rules\baseline\permitvpntunnelservice.h" />
     <ClInclude Include="rules\dns\blockall.h" />
     <ClInclude Include="rules\dns\permitnontunnel.h" />
     <ClInclude Include="rules\dns\permittunnel.h" />
+    <ClInclude Include="rules\multi\permitvpnrelay.h" />
     <ClInclude Include="rules\ports.h" />
     <ClInclude Include="rules\shared.h" />
     <ClInclude Include="wfpobjecttype.h" />
diff --git a/windows/winfw/src/winfw/winfw.vcxproj.filters b/windows/winfw/src/winfw/winfw.vcxproj.filters
index 46c0594c10..9ac82e87fb 100644
--- a/windows/winfw/src/winfw/winfw.vcxproj.filters
+++ b/windows/winfw/src/winfw/winfw.vcxproj.filters
@@ -34,9 +34,6 @@
     <ClCompile Include="rules\baseline\permitping.cpp">
       <Filter>rules\baseline</Filter>
     </ClCompile>
-    <ClCompile Include="rules\baseline\permitvpnrelay.cpp">
-      <Filter>rules\baseline</Filter>
-    </ClCompile>
     <ClCompile Include="rules\baseline\permitvpntunnel.cpp">
       <Filter>rules\baseline</Filter>
     </ClCompile>
@@ -58,6 +55,9 @@
     <ClCompile Include="rules\shared.cpp">
       <Filter>rules</Filter>
     </ClCompile>
+    <ClCompile Include="rules\multi\permitvpnrelay.cpp">
+      <Filter>rules\multi</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="stdafx.h" />
@@ -99,9 +99,6 @@
     <ClInclude Include="rules\baseline\permitping.h">
       <Filter>rules\baseline</Filter>
     </ClInclude>
-    <ClInclude Include="rules\baseline\permitvpnrelay.h">
-      <Filter>rules\baseline</Filter>
-    </ClInclude>
     <ClInclude Include="rules\baseline\permitvpntunnel.h">
       <Filter>rules\baseline</Filter>
     </ClInclude>
@@ -126,6 +123,9 @@
     <ClInclude Include="rules\shared.h">
       <Filter>rules</Filter>
     </ClInclude>
+    <ClInclude Include="rules\multi\permitvpnrelay.h">
+      <Filter>rules\multi</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <Filter Include="rules">
@@ -137,6 +137,9 @@
     <Filter Include="rules\dns">
       <UniqueIdentifier>{9b35e8a4-84be-4ac3-9b6f-eb21cc02e065}</UniqueIdentifier>
     </Filter>
+    <Filter Include="rules\multi">
+      <UniqueIdentifier>{005cce7c-ed9d-4675-8e4f-759c9682b77e}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <None Include="winfw.def" />
author	Odd Stranne <odd@mullvad.net>	2020-06-08 15:38:14 +0200
committer	Odd Stranne <odd@mullvad.net>	2020-06-09 10:12:07 +0200
commit	75a43ae0f64a12c4ef1fb6a853162ff8bed8b91e (patch)
tree	8545f1483d486270213fd6391c63e63740e0c271 /windows
parent	9fd0d3024378a2755bc93da61a1569f03b13b071 (diff)
download	mullvadvpn-75a43ae0f64a12c4ef1fb6a853162ff8bed8b91e.tar.xz mullvadvpn-75a43ae0f64a12c4ef1fb6a853162ff8bed8b91e.zip