From 17d2bff03c77ecd0d09fe85a04973f3c5534c0b1 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Mon, 17 Oct 2005 22:30:00 +0000
Subject: [PATCH] STABLE14-windows-fw-service-test-20051017

Do not perform Firewall Configuration if the firewall service is not installed


(cherry picked from commit d16fb72074a3e81ad5ce295fbc49fa8707852545)
---
 src/WINNT/afsd/cm_daemon.c | 57 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 54 insertions(+), 3 deletions(-)

diff --git a/src/WINNT/afsd/cm_daemon.c b/src/WINNT/afsd/cm_daemon.c
index 3fc2b03a7..2f945c118 100644
--- a/src/WINNT/afsd/cm_daemon.c
+++ b/src/WINNT/afsd/cm_daemon.c
@@ -100,6 +100,57 @@ void cm_QueueBKGRequest(cm_scache_t *scp, cm_bkgProc_t *procp, long p1, long p2,
     osi_Wakeup((long) &cm_bkgListp);
 }
 
+static int
+IsWindowsFirewallPresent(void)
+{
+    SC_HANDLE scm;
+    SC_HANDLE svc;
+    BOOLEAN flag;
+    BOOLEAN result = FALSE;
+    LPQUERY_SERVICE_CONFIG pConfig = NULL;
+    DWORD BufSize;
+    LONG status;
+
+    /* Open services manager */
+    scm = OpenSCManager(NULL, NULL, GENERIC_READ);
+    if (!scm) return FALSE;
+
+    /* Open Windows Firewall service */
+    svc = OpenService(scm, "SharedAccess", SERVICE_QUERY_CONFIG);
+    if (!svc)
+        goto close_scm;
+
+    /* Query Windows Firewall service config, first just to get buffer size */
+    /* Expected to fail, so don't test return value */
+    (void) QueryServiceConfig(svc, NULL, 0, &BufSize);
+    status = GetLastError();
+    if (status != ERROR_INSUFFICIENT_BUFFER)
+        goto close_svc;
+
+    /* Allocate buffer */
+    pConfig = (LPQUERY_SERVICE_CONFIG)GlobalAlloc(GMEM_FIXED,BufSize);
+    if (!pConfig)
+        goto close_svc;
+
+    /* Query Windows Firewall service config, this time for real */
+    flag = QueryServiceConfig(svc, pConfig, BufSize, &BufSize);
+    if (!flag)
+        goto free_pConfig;
+
+    /* Is it autostart? */
+    if (pConfig->dwStartType < SERVICE_DEMAND_START)
+        result = TRUE;
+
+  free_pConfig:
+    GlobalFree(pConfig);
+  close_svc:
+    CloseServiceHandle(svc);
+  close_scm:
+    CloseServiceHandle(scm);
+
+    return result;
+}
+
 /* periodic check daemon */
 void cm_Daemon(long parm)
 {
@@ -114,7 +165,7 @@ void cm_Daemon(long parm)
     unsigned long code;
     struct hostent *thp;
     HMODULE hHookDll;
-    int firewallConfigured = 0;
+    int configureFirewall = IsWindowsFirewallPresent();
 
     /* ping all file servers, up or down, with unauthenticated connection,
      * to find out whether we have all our callbacks from the server still.
@@ -148,12 +199,12 @@ void cm_Daemon(long parm)
         if (daemon_ShutdownFlag == 1)
             return;
 
-	if (!firewallConfigured) {
+	if (configureFirewall) {
 	    /* Open Microsoft Firewall to allow in port 7001 */
 	    switch (icf_CheckAndAddAFSPorts(AFS_PORTSET_CLIENT)) {
 	    case 0:
 		afsi_log("Windows Firewall Configuration succeeded");
-		firewallConfigured = 1;
+		configureFirewall = 0;
 		break;
 	    case 1:
 		afsi_log("Invalid Windows Firewall Port Set");
-- 
2.39.5