1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef REMOTING_HOST_WIN_COM_SECURITY_H_ 6 #define REMOTING_HOST_WIN_COM_SECURITY_H_ 7 8 #include <string> 9 10 // Concatenates ACE type, permissions and sid given as SDDL strings into an ACE 11 // definition in SDDL form. 12 #define SDDL_ACE(type, permissions, sid) \ 13 L"(" type L";;" permissions L";;;" sid L")" 14 15 // Text representation of COM_RIGHTS_EXECUTE and COM_RIGHTS_EXECUTE_LOCAL 16 // permission bits that is used in the SDDL definition below. 17 #define SDDL_COM_EXECUTE_LOCAL L"0x3" 18 19 namespace remoting { 20 21 // Initializes COM security of the process applying the passed security 22 // descriptor. The mandatory label is applied if mandatory integrity control is 23 // supported by the OS (i.e. on Vista and above). The function configures 24 // the following settings: 25 // - the server authenticates that all data received is from the expected 26 // client. 27 // - the server can impersonate clients to check their identity but cannot act 28 // on their behalf. 29 // - the caller's identity is verified on every call (Dynamic cloaking). 30 // - Unless |activate_as_activator| is true, activations where the server would 31 // run under this process's identity are prohibited. 32 bool InitializeComSecurity(const std::string& security_descriptor, 33 const std::string& mandatory_label, 34 bool activate_as_activator); 35 36 } // namespace remoting 37 38 #endif // REMOTING_HOST_WIN_COM_SECURITY_H_ 39