• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "remoting/host/win/com_security.h"
6 
7 #include <objidl.h>
8 
9 #include "base/basictypes.h"
10 #include "base/compiler_specific.h"
11 #include "base/logging.h"
12 #include "base/win/windows_version.h"
13 #include "remoting/host/win/security_descriptor.h"
14 
15 namespace remoting {
16 
InitializeComSecurity(const std::string & security_descriptor,const std::string & mandatory_label,bool activate_as_activator)17 bool InitializeComSecurity(const std::string& security_descriptor,
18                            const std::string& mandatory_label,
19                            bool activate_as_activator) {
20   std::string sddl = security_descriptor;
21   if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
22     sddl += mandatory_label;
23   }
24 
25   // Convert the SDDL description into a security descriptor in absolute format.
26   ScopedSd relative_sd = ConvertSddlToSd(sddl);
27   if (!relative_sd) {
28     PLOG(ERROR) << "Failed to create a security descriptor";
29     return false;
30   }
31   ScopedSd absolute_sd;
32   ScopedAcl dacl;
33   ScopedSid group;
34   ScopedSid owner;
35   ScopedAcl sacl;
36   if (!MakeScopedAbsoluteSd(relative_sd, &absolute_sd, &dacl, &group, &owner,
37                             &sacl)) {
38     PLOG(ERROR) << "MakeScopedAbsoluteSd() failed";
39     return false;
40   }
41 
42   DWORD capabilities = EOAC_DYNAMIC_CLOAKING;
43   if (!activate_as_activator)
44     capabilities |= EOAC_DISABLE_AAA;
45 
46   // Apply the security descriptor and default security settings. See
47   // InitializeComSecurity's declaration for details.
48   HRESULT result = CoInitializeSecurity(
49       absolute_sd.get(),
50       -1,       // Let COM choose which authentication services to register.
51       NULL,     // See above.
52       NULL,     // Reserved, must be NULL.
53       RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
54       RPC_C_IMP_LEVEL_IDENTIFY,
55       NULL,     // Default authentication information is not provided.
56       capabilities,
57       NULL);    /// Reserved, must be NULL
58   if (FAILED(result)) {
59     LOG(ERROR) << "CoInitializeSecurity() failed, result=0x"
60                << std::hex << result << std::dec << ".";
61     return false;
62   }
63 
64   return true;
65 }
66 
67 } // namespace remoting
68