lyfz_repos/经典版源码/lyfzClient/trunk/3.0.0.0/sdkInclude/netfw.idl

///////////////////////////////////////////////////////////////////////////////
//
// Copyright (c) Microsoft Corporation.
//
// SYNOPSIS
//
//   Interfaces for managing the firewall.
//
///////////////////////////////////////////////////////////////////////////////

import "icftypes.idl";
import "oaidl.idl";


// Provides access to the settings controlling Remote Administration. An
// instance of this interface is retrieved through the RemoteAdminSettings
// property of the INetFwProfile interface. All configuration changes take
// effect immediately.
[
   object,
   uuid(D4BECDDF-6F73-4A83-B832-9C66874CD20E),
   dual
]
interface INetFwRemoteAdminSettings : IDispatch
{
   // IP version for which remote admin is authorized. Only
   // NET_FW_IP_VERSION_ANY is supported.
   [id(1), propget]
   HRESULT IpVersion(
              [out, retval] NET_FW_IP_VERSION* ipVersion
              );
   [id(1), propput]
   HRESULT IpVersion(
              [in] NET_FW_IP_VERSION ipVersion
              );

   // Network scope from which remote admin is allowed. When setting the
   // property, only NET_FW_SCOPE_ALL and NET_FW_SCOPE_LOCAL_SUBNET are valid.
   // To create a custom scope, use the RemoteAddresses property.
   [id(2), propget]
   HRESULT Scope(
              [out, retval] NET_FW_SCOPE* scope
              );
   [id(2), propput]
   HRESULT Scope(
              [in] NET_FW_SCOPE scope
              );

   // Remote addresses from which remote administration is allowed.
   [id(3), propget]
   HRESULT RemoteAddresses(
              [out, retval] BSTR* remoteAddrs
              );
   [id(3), propput]
   HRESULT RemoteAddresses(
              [in] BSTR remoteAddrs
              );

   // True if Remote Administration is enabled.
   [id(4), propget]
   HRESULT Enabled(
              [out, retval] VARIANT_BOOL* enabled
              );
   [id(4), propput]
   HRESULT Enabled(
              [in] VARIANT_BOOL enabled
              );
}


// Provides access to the settings controlling ICMP packets. An instance of
// this interface is retrieved through the IcmpSettings property of the
// INetFwProfile interface. All configuration changes take effect
// immediately.
[
   object,
   uuid(A6207B2E-7CDD-426A-951E-5E1CBC5AFEAD),
   dual
]
interface INetFwIcmpSettings : IDispatch
{
   //////////
   // Types common to IPv4 and IPv6
   //////////

   [id(1), propget]
   HRESULT AllowOutboundDestinationUnreachable(
              [out, retval] VARIANT_BOOL* allow
              );
   [id(1), propput]
   HRESULT AllowOutboundDestinationUnreachable(
              [in] VARIANT_BOOL allow
              );

   [id(2), propget]
   HRESULT AllowRedirect(
              [out, retval] VARIANT_BOOL* allow
              );
   [id(2), propput]
   HRESULT AllowRedirect(
              [in] VARIANT_BOOL allow
              );

   [id(3), propget]
   HRESULT AllowInboundEchoRequest(
              [out, retval] VARIANT_BOOL* allow
              );
   [id(3), propput]
   HRESULT AllowInboundEchoRequest(
              [in] VARIANT_BOOL allow
              );

   [id(4), propget]
   HRESULT AllowOutboundTimeExceeded(
              [out, retval] VARIANT_BOOL* allow
              );
   [id(4), propput]
   HRESULT AllowOutboundTimeExceeded(
              [in] VARIANT_BOOL allow
              );

   [id(5), propget]
   HRESULT AllowOutboundParameterProblem(
              [out, retval] VARIANT_BOOL* allow
              );
   [id(5), propput]
   HRESULT AllowOutboundParameterProblem(
              [in] VARIANT_BOOL allow
              );

   //////////
   // IPv4 only types
   //////////

   [id(6), propget]
   HRESULT AllowOutboundSourceQuench(
              [out, retval] VARIANT_BOOL* allow
              );
   [id(6), propput]
   HRESULT AllowOutboundSourceQuench(
              [in] VARIANT_BOOL allow
              );

   [id(7), propget]
   HRESULT AllowInboundRouterRequest(
              [out, retval] VARIANT_BOOL* allow
              );
   [id(7), propput]
   HRESULT AllowInboundRouterRequest(
              [in] VARIANT_BOOL allow
              );

   [id(8), propget]
   HRESULT AllowInboundTimestampRequest(
              [out, retval] VARIANT_BOOL* allow
              );
   [id(8), propput]
   HRESULT AllowInboundTimestampRequest(
              [in] VARIANT_BOOL allow
              );

   [id(9), propget]
   HRESULT AllowInboundMaskRequest(
              [out, retval] VARIANT_BOOL* allow
              );
   [id(9), propput]
   HRESULT AllowInboundMaskRequest(
              [in] VARIANT_BOOL allow
              );

   //////////
   // IPv6 only types
   //////////

   [id(10), propget]
   HRESULT AllowOutboundPacketTooBig(
              [out, retval] VARIANT_BOOL* allow
              );
   [id(10), propput]
   HRESULT AllowOutboundPacketTooBig(
              [in] VARIANT_BOOL allow
              );
}


// Provides access to the properties of a port that has been opened in the
// firewall. When creating new ports, this interface is supported by the
// HNetCfg.FwOpenPort COM object. For reading or modifying existing ports,
// instances of this interface are retrieved through the INetFwOpenPorts
// collection. All configuration changes take effect immediately.
[
   object,
   uuid(E0483BA0-47FF-4D9C-A6D6-7741D0B195F7),
   dual
]
interface INetFwOpenPort : IDispatch
{
   // Friendly name of the port. Mandatory.
   [id(1), propget]
   HRESULT Name(
              [out, retval] BSTR* name
              );
   [id(1), propput]
   HRESULT Name(
              [in] BSTR name
              );

   // IP version for which the port is opened. Only NET_FW_IP_VERSION_ANY is
   // supported, and this is the default for new ports.
   [id(2), propget]
   HRESULT IpVersion(
              [out, retval] NET_FW_IP_VERSION* ipVersion
              );
   [id(2), propput]
   HRESULT IpVersion(
              [in] NET_FW_IP_VERSION ipVersion
              );

   // IP protocol. Default is TCP for new ports.
   [id(3), propget]
   HRESULT Protocol(
              [out, retval] NET_FW_IP_PROTOCOL* ipProtocol
              );
   [id(3), propput]
   HRESULT Protocol(
              [in] NET_FW_IP_PROTOCOL ipProtocol
              );

   // Port number in host order. Mandatory.
   [id(4), propget]
   HRESULT Port(
              [out, retval] LONG* portNumber
              );
   [id(4), propput]
   HRESULT Port(
              [in] LONG portNumber
              );

   // Network scope from which the port can listen. When setting the property,
   // only NET_FW_SCOPE_ALL and NET_FW_SCOPE_LOCAL_SUBNET are valid.  To create
   // a custom scope, use the RemoteAddresses property. Default is
   // NET_FW_SCOPE_ALL for new ports.
   [id(5), propget]
   HRESULT Scope(
              [out, retval] NET_FW_SCOPE* scope
              );
   [id(5), propput]
   HRESULT Scope(
              [in] NET_FW_SCOPE scope
              );

   // Remote addresses from which the port can listen for traffic.
   [id(6), propget]
   HRESULT RemoteAddresses(
              [out, retval] BSTR* remoteAddrs
              );
   [id(6), propput]
   HRESULT RemoteAddresses(
              [in] BSTR remoteAddrs
              );

   // True if the settings for this port are currently enabled. This can be set
   // to False to allow port settings to be stored in the open ports collection
   // without actually opening the port. Default is True for new ports.
   [id(7), propget]
   HRESULT Enabled(
              [out, retval] VARIANT_BOOL* enabled
              );
   [id(7), propput]
   HRESULT Enabled(
              [in] VARIANT_BOOL enabled
              );

   // True if this is a built-in port defined by the system. Built-in ports can
   // not be removed and only the LocalSubnetOnly and Enabled properties can be
   // modified.
   [id(8), propget]
   HRESULT BuiltIn(
              [out, retval] VARIANT_BOOL* builtIn
              );
}


// Provides access to a collection of ports opened in the firewall. An instance
// of this interface is retrieved through the GloballyOpenPorts property of the
// INetFwProfile interface. All configuration changes take effect
// immediately.
[
   object,
   uuid(C0E9D7FA-E07E-430A-B19A-090CE82D92E2),
   dual
]
interface INetFwOpenPorts : IDispatch
{
   // Returns the number of ports in the collection.
   [id(1), propget]
   HRESULT Count(
              [out, retval] long* count
              );

   // Opens a new port and adds it to the collection. If the port is already
   // open, the existing settings are overwritten.
   [id(2)]
   HRESULT Add(
              [in] INetFwOpenPort* port
              );

   // Closes a port and remove it from the collection. If the port is already
   // closed, it has no effect.
   [id(3)]
   HRESULT Remove(
              [in] LONG portNumber,
              [in] NET_FW_IP_PROTOCOL ipProtocol
              );

   // Return the specified port if present.
   [id(4)]
   HRESULT Item(
              [in] LONG portNumber,
              [in] NET_FW_IP_PROTOCOL ipProtocol,
              [out, retval] INetFwOpenPort** openPort
              );

   // Returns an object supporting IEnumVARIANT that can be used to iterate
   // through all the ports in the collection.
   [id(DISPID_NEWENUM), propget, restricted]
   HRESULT _NewEnum(
              [out, retval] IUnknown** newEnum
              );
}


// Provides access to the properties of a service that may be authorized to
// listen through the firewall.  Instances of this interface are retrieved
// through the INetFwServices collection. All configuration changes take
// effect immediately.
[
   object,
   uuid(79FD57C8-908E-4A36-9888-D5B3F0A444CF),
   dual
]
interface INetFwService : IDispatch
{
   // Friendly name of the service.
   [id(1), propget]
   HRESULT Name(
              [out, retval] BSTR* name
              );

   // Enumerator that uniquely identifies the service.
   [id(2), propget]
   HRESULT Type(
              [out, retval] NET_FW_SERVICE_TYPE* type
              );

   // Indicates whether at least one of the ports associated with the service
   // has been customized. If a service has been customized, the values
   // returned by the service properties do not reflect the configuration of
   // all the ports associated with the service.
   [id(3), propget]
   HRESULT Customized(
              [out, retval] VARIANT_BOOL* customized
              );

   // IP version for which the service is authorized. Only
   // NET_FW_IP_VERSION_ANY is supported.
   [id(4), propget]
   HRESULT IpVersion(
              [out, retval] NET_FW_IP_VERSION* ipVersion
              );
   [id(4), propput]
   HRESULT IpVersion(
              [in] NET_FW_IP_VERSION ipVersion
              );

   // Network scope from which the service can listen. When setting the
   // property, only NET_FW_SCOPE_ALL and NET_FW_SCOPE_LOCAL_SUBNET are valid.
   // To create a custom scope, use the RemoteAddresses property.
   [id(5), propget]
   HRESULT Scope(
              [out, retval] NET_FW_SCOPE* scope
              );
   [id(5), propput]
   HRESULT Scope(
              [in] NET_FW_SCOPE scope
              );

   // Remote addresses from which the service ports can listen for traffic. If
   // the service has been customized, get returns the union of the remote
   // addresses for all the service ports.
   [id(6), propget]
   HRESULT RemoteAddresses(
              [out, retval] BSTR* remoteAddrs
              );
   [id(6), propput]
   HRESULT RemoteAddresses(
              [in] BSTR remoteAddrs
              );

   // True if all the ports associated with the service are enabled.
   [id(7), propget]
   HRESULT Enabled(
              [out, retval] VARIANT_BOOL* enabled
              );
   [id(7), propput]
   HRESULT Enabled(
              [in] VARIANT_BOOL enabled
              );

   // The collection of globally open ports associated with the service.
   [id(8), propget]
   HRESULT GloballyOpenPorts(
              [out, retval] INetFwOpenPorts** openPorts
              );
}


// Provides access to a collection of services that may be authorized to listen
// through the firewall. An instance of this interface is retrieved through the
// Services property of the INetFwProfile interface. All configuration
// changes take effect immediately.
[
   object,
   uuid(79649BB4-903E-421B-94C9-79848E79F6EE),
   dual
]
interface INetFwServices : IDispatch
{
   // Returns the number of services in the collection.
   [id(1), propget]
   HRESULT Count(
              [out, retval] long* count
              );

   // Return the specified service.
   [id(2)]
   HRESULT Item(
              [in] NET_FW_SERVICE_TYPE svcType,
              [out, retval] INetFwService** service
              );

   // Returns an object supporting IEnumVARIANT that can be used to iterate
   // through all the services in the collection.
   [id(DISPID_NEWENUM), propget, restricted]
   HRESULT _NewEnum(
              [out, retval] IUnknown** newEnum
              );
}


// Provides access to the properties of an app that has been authorized to open
// holes in the firewall. When creating new apps, this interface is supported
// by the HNetCfg.FwAuthorizedApplication COM object.  For reading or
// modifying existing apps, instances of this interface are retrieved through
// the INetFwAuthorizedApplications collection. All configuration changes
// take effect immediately.
[
   object,
   uuid(B5E64FFA-C2C5-444E-A301-FB5E00018050),
   dual
]
interface INetFwAuthorizedApplication : IDispatch
{
   // Friendly name of the app. Mandatory.
   [id(1), propget]
   HRESULT Name(
              [out, retval] BSTR* name
              );
   [id(1), propput]
   HRESULT Name(
              [in] BSTR name
              );

   // Process image file name. This must be a fully-qualified path, but it may
   // contain environment variables. Mandatory.
   [id(2), propget]
   HRESULT ProcessImageFileName(
              [out, retval] BSTR* imageFileName
              );
   [id(2), propput]
   HRESULT ProcessImageFileName(
              [in] BSTR imageFileName
              );

   // IP version for which the app is authorized. Only NET_FW_IP_VERSION_ANY is
   // supported, and this is the default for new apps.
   [id(3), propget]
   HRESULT IpVersion(
              [out, retval] NET_FW_IP_VERSION* ipVersion
              );
   [id(3), propput]
   HRESULT IpVersion(
              [in] NET_FW_IP_VERSION ipVersion
              );


   // Network scope from which the app can listen. When setting the property,
   // only NET_FW_SCOPE_ALL and NET_FW_SCOPE_LOCAL_SUBNET are valid.  To create
   // a custom scope, use the RemoteAddresses property. Default is
   // NET_FW_SCOPE_ALL for new apps.
   [id(4), propget]
   HRESULT Scope(
              [out, retval] NET_FW_SCOPE* scope
              );
   [id(4), propput]
   HRESULT Scope(
              [in] NET_FW_SCOPE scope
              );

   // Remote addresses from which the app can listen for traffic.
   [id(5), propget]
   HRESULT RemoteAddresses(
              [out, retval] BSTR* remoteAddrs
              );
   [id(5), propput]
   HRESULT RemoteAddresses(
              [in] BSTR remoteAddrs
              );

   // True if the settings for this app are currently enabled. This can be set
   // to False to allow app settings to be stored in the authorized apps
   // collection without actually authorizing the app. Default is True for new
   // apps.
   [id(6), propget]
   HRESULT Enabled(
              [out, retval] VARIANT_BOOL* enabled
              );
   [id(6), propput]
   HRESULT Enabled(
              [in] VARIANT_BOOL enabled
              );
}


// Provides access to a collection of apps authorized to open ports in the
// firewall. An instance of this interface is retrieved through the
// AuthorizedApplications property of the INetFwProfile interface. All
// configuration changes take effect immediately.
[
   object,
   uuid(644EFD52-CCF9-486C-97A2-39F352570B30),
   dual
]
interface INetFwAuthorizedApplications : IDispatch
{
   // Returns the number of apps in the collection.
   [id(1), propget]
   HRESULT Count(
              [out, retval] long* count
              );

   // Adds a new app to the collection. If an app with the same image file name
   // already exists, the settings are overwritten.
   [id(2)]
   HRESULT Add(
              [in] INetFwAuthorizedApplication* app
              );

   // Removes an app from the collection. If the app doesn't exist, it has no
   // effect.
   [id(3)]
   HRESULT Remove(
              [in] BSTR imageFileName
              );

   // Return the specified app if present.
   [id(4)]
   HRESULT Item(
              [in] BSTR imageFileName,
              [out, retval] INetFwAuthorizedApplication** app
              );

   // Returns an object supporting IEnumVARIANT that can be used to iterate
   // through all the apps in the collection.
   [id(DISPID_NEWENUM), propget, restricted]
   HRESULT _NewEnum(
              [out, retval] IUnknown** newEnum
              );
}


// Provides access to a firewall settings profile. Instances of this interface
// are retrieved through the CurrentProfile property or GetProfileByType method
// of the INetFwPolicy interface. All configuration changes take effect
// immediately.
[
    object,
    uuid(174A0DDA-E9F9-449D-993B-21AB667CA456),
    dual
]
interface INetFwProfile : IDispatch
{
   // Type of profile
   [id(1), propget]
   HRESULT Type(
              [out, retval] NET_FW_PROFILE_TYPE* type
              );

   // True if firewall is enabled.
   [id(2), propget]
   HRESULT FirewallEnabled(
             [out, retval] VARIANT_BOOL* enabled
             );
   [id(2), propput]
   HRESULT FirewallEnabled(
              [in] VARIANT_BOOL enabled
              );

   // True if the firewall should not allow exceptions. In other words, all the
   // exceptions (e.g., GloballyOpenPorts) specified in the profile are ignored
   // and only locally initiated traffic is allowed.
   [id(3), propget]
   HRESULT ExceptionsNotAllowed(
              [out, retval] VARIANT_BOOL* notAllowed
              );
   [id(3), propput]
   HRESULT ExceptionsNotAllowed(
              [in] VARIANT_BOOL notAllowed
              );

   // True if interactive firewall notifications are disabled.
   [id(4), propget]
   HRESULT NotificationsDisabled(
             [out, retval] VARIANT_BOOL* disabled
             );
   [id(4), propput]
   HRESULT NotificationsDisabled(
              [in] VARIANT_BOOL disabled
              );

   // True if the firewall should not allow unicast responses to multicast and
   // broadcast traffic.
   [id(5), propget]
   HRESULT UnicastResponsesToMulticastBroadcastDisabled(
             [out, retval] VARIANT_BOOL* disabled
             );
   [id(5), propput]
   HRESULT UnicastResponsesToMulticastBroadcastDisabled(
              [in] VARIANT_BOOL disabled
              );

   // Settings governing remote administration.
   [id(6), propget]
   HRESULT RemoteAdminSettings(
              [out, retval] INetFwRemoteAdminSettings** remoteAdminSettings
              );

   // Settings governing ICMP packets.
   [id(7), propget]
   HRESULT IcmpSettings(
              [out, retval] INetFwIcmpSettings** icmpSettings
              );

   // Returns the collection of globally open ports.
   [id(8), propget]
   HRESULT GloballyOpenPorts(
              [out, retval] INetFwOpenPorts** openPorts
              );

   // Returns the collection of services.
   [id(9), propget]
   HRESULT Services(
              [out, retval] INetFwServices** services
              );

   // Returns the collection of authorized apps.
   [id(10), propget]
   HRESULT AuthorizedApplications(
              [out, retval] INetFwAuthorizedApplications** apps
              );
}


// Provides access to a firewall policy. Instances of this interface are
// retrieved through the LocalPolicy method of the INetFwMgr interface. All
// configuration changes take effect immediately.
[
    object,
    uuid(D46D2478-9AC9-4008-9DC7-5563CE5536CC),
    dual
]
interface INetFwPolicy : IDispatch
{
   // Returns the profile currently in effect.
   [id(1), propget]
   HRESULT CurrentProfile(
              [out, retval] INetFwProfile** profile
              );

   // Returns the profile of the requested type.
   [id(2)]
   HRESULT GetProfileByType(
              [in] NET_FW_PROFILE_TYPE profileType,
              [out, retval] INetFwProfile** profile
              );
}

// Provides access to the firewall settings for a computer. This interface is
// supported by the HNetCfg.FwMgr COM object. All configuration changes take
// effect immediately.
[
    object,
    uuid(F7898AF5-CAC4-4632-A2EC-DA06E5111AF2),
    dual
]
interface INetFwMgr : IDispatch
{
   // Returns the local firewall policy.
   [id(1), propget]
   HRESULT LocalPolicy(
              [out, retval] INetFwPolicy** localPolicy
              );

   // Returns the type of firewall profile currently in effect.
   [id(2), propget]
   HRESULT CurrentProfileType(
              [out, retval] NET_FW_PROFILE_TYPE* profileType
              );

   // Restores the local configuration to its default state.
   [id(3)]
   HRESULT RestoreDefaults();

   // Determines whether an application can listen for inbound traffic on the
   // specified port.
   //
   // Parameters:
   //
   // imageFileName - The image filename of the process listening on the
   // network. It must be a fully-qualified path, but it may contain
   // environment variables. If 'imageFileName' is NULL, the function
   // determines whether the port is allowed for all applications.
   //
   // ipVersion - IP version of the traffic. If 'localAddress' is non-NULL,
   // this must not be NET_FW_IP_VERSION_ANY.
   //
   // portNumber - Local IP port number of the traffic. If 'portNumber' is
   // zero, 'imageFileName' must not be NULL and the function checks if the
   // application is allowed to listen on any port.
   //
   // localAddress - Either a dotted-decimal IPv4 address or an IPv6 hex
   // address specifying the local address of the traffic. Typically, this is
   // the address passed to bind. If 'localAddress' is NULL, the function
   // determines whether the port is allowed for all interfaces.
   //
   // ipProtocol - IP protocol of the traffic, either NET_FW_IP_PROTOCOL_TCP or
   // NET_FW_IP_PROTOCOL_UDP. Ignored if 'portNumber' is zero.
   //
   // allowed - Returns a VARIANT of type VT_BOOL indicating whether the port
   // is allowed for at least some local interfaces and remote addresses.
   //
   // restricted - Returns a VARIANT of type VT_BOOL indicating whether some
   // local interfaces or remote addresses are blocked for this port. For
   // example, if the port is restricted to the local subnet only.
   //
   [id(4)]
   HRESULT IsPortAllowed(
              [in] BSTR imageFileName,
              [in] NET_FW_IP_VERSION ipVersion,
              [in] LONG portNumber,
              [in] BSTR localAddress,
              [in] NET_FW_IP_PROTOCOL ipProtocol,
              [out] VARIANT* allowed,
              [out] VARIANT* restricted
              );

   // Determines whether the specified ICMP type is allowed.
   [id(5)]
   HRESULT IsIcmpTypeAllowed(
              [in] NET_FW_IP_VERSION ipVersion,
              [in] BSTR localAddress,
              [in] BYTE type,
              [out] VARIANT* allowed,
              [out] VARIANT* restricted
              );
}

[
   uuid(DB4F3345-3EF8-45ED-B976-25A6D3B81B71),
   version(1.0)
]
library NetFwPublicTypeLib
{
   importlib("stdole2.tlb");

   interface INetFwRemoteAdminSettings;
   interface INetFwIcmpSettings;
   interface INetFwOpenPort;
   interface INetFwOpenPorts;
   interface INetFwService;
   interface INetFwServices;
   interface INetFwAuthorizedApplication;
   interface INetFwAuthorizedApplications;
   interface INetFwProfile;
   interface INetFwPolicy;
   interface INetFwMgr;

   [
      uuid(0CA545C6-37AD-4A6C-BF92-9F7610067EF5)
   ]
   coclass NetFwOpenPort
   {
      [default] interface INetFwOpenPort;
   }

   [
      uuid(EC9846B3-2762-4A6B-A214-6ACB603462D2)
   ]
   coclass NetFwAuthorizedApplication
   {
      [default] interface INetFwAuthorizedApplication;
   }

   [
      uuid(304CE942-6E39-40D8-943A-B913C40C9CD4)
   ]
   coclass NetFwMgr
   {
      [default] interface INetFwMgr;
   }
}