/*++ Copyright (c) 2000 Microsoft Corporation. All rights reserved. --*/ // EBSessionFilter.cpp : Implementation of CEBSessionFilter #include "stdafx.h" #include "exeblock.h" #include "EBSessionFilter.h" #include "EBFTPDataFilter.h" #include "EBScannerDataFilter.h" ///////////////////////////////////////////////////////////////////////////// // CEBSessionFilter ////////////////////////////////////////////////////////////////////////////// // CEBSessionFilter::Initialize // // This is called from EBFilter::AttachToSession. // ////////////////////////////////////////////////////////////////////////////// HRESULT CEBSessionFilter::Initialize( IFWXSession *pSession, IFWXFirewall *pCallback ) { m_spCallBackInterface = pCallback; m_spSession = pSession; return S_OK; } ////////////////////////////////////////////////////////////////////////////// // CEBSessionFilter::FirewallEventHandler // // implements IFWXSessionFilter::FirewallEventHandler // // This is the sink for proxy events. // ////////////////////////////////////////////////////////////////////////////// STDMETHODIMP CEBSessionFilter::FirewallEventHandler(const FwxFirewallEvent *pEvent) { HRESULT hr; IFWXPreparedData *PreparedData = NULL; switch (pEvent->EventType) { case fwx_Connect_Tcp: if (pEvent->Parameters.Connect.PerRuleProcessedData) { hr = pEvent->Parameters.Connect.PerRuleProcessedData->QueryInterface( (IUnknown**)&PreparedData); if (FAILED(hr)) { return hr; } } return _OnConnect( pEvent->Parameters.Connect.Address, pEvent->Parameters.Connect.AddressLength, pEvent->Parameters.Connect.piConnection, PreparedData ); default: return E_NOTIMPL; }; } ////////////////////////////////////////////////////////////////////////////// // CEBSessionFilter::Detach // // implements IFWXSessionFilter::Detach // // Break reference circularity so that the objects can be deleted. // ////////////////////////////////////////////////////////////////////////////// STDMETHODIMP CEBSessionFilter::Detach() { // We are not allowed to hold a pointer to the sesion object after this // call. m_spSession = NULL; return S_OK; } ////////////////////////////////////////////////////////////////////////////// // CEBSessionFilter::_OnConnect // // Handler for TCP connection events. // // For connections to port 21 - install a data-filter for FTP control // channel. // // ////////////////////////////////////////////////////////////////////////////// HRESULT CEBSessionFilter::_OnConnect( PSOCKADDR Address, DWORD AddressLength, IFWXConnection *piConnection, IFWXPreparedData *PreparedData ) { UNREFERENCED_PARAMETER(AddressLength); UNREFERENCED_PARAMETER(Address); HRESULT hr = S_OK; //if ( PSOCKADDR_IN(Address)->sin_port == htons(21)) { // // Install a data filter on the FTP control connection // CComObject *pDataFilter; hr = CComObject::CreateInstance(&pDataFilter); if (SUCCEEDED(hr)) { pDataFilter->AddRef(); hr = pDataFilter->Initialize( static_cast*>(this), m_spCallBackInterface, m_spSession, PreparedData ); // As a security filter, this filter should be external. if (SUCCEEDED(hr)) { hr = piConnection->AttachDataFilter(pDataFilter, fwx_dfpc_External, NULL); } pDataFilter->Release(); } } if (FAILED(hr)) { // // If we can't install a scanner or a data filter we should not // allow the connection. // piConnection->Deny(0); } return hr; }