Home | History | Annotate | Download | only in win 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "remoting/host/win/com_security.h"
      6 
      7 #include <objidl.h>
      8 
      9 #include "base/basictypes.h"
     10 #include "base/compiler_specific.h"
     11 #include "base/logging.h"
     12 #include "base/win/windows_version.h"
     13 #include "remoting/host/win/security_descriptor.h"
     14 
     15 namespace remoting {
     16 
     17 bool InitializeComSecurity(const std::string& security_descriptor,
     18                            const std::string& mandatory_label,
     19                            bool activate_as_activator) {
     20   std::string sddl = security_descriptor;
     21   if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
     22     sddl += mandatory_label;
     23   }
     24 
     25   // Convert the SDDL description into a security descriptor in absolute format.
     26   ScopedSd relative_sd = ConvertSddlToSd(sddl);
     27   if (!relative_sd) {
     28     LOG_GETLASTERROR(ERROR) << "Failed to create a security descriptor";
     29     return false;
     30   }
     31   ScopedSd absolute_sd;
     32   ScopedAcl dacl;
     33   ScopedSid group;
     34   ScopedSid owner;
     35   ScopedAcl sacl;
     36   if (!MakeScopedAbsoluteSd(relative_sd, &absolute_sd, &dacl, &group, &owner,
     37                             &sacl)) {
     38     LOG_GETLASTERROR(ERROR) << "MakeScopedAbsoluteSd() failed";
     39     return false;
     40   }
     41 
     42   DWORD capabilities = EOAC_DYNAMIC_CLOAKING;
     43   if (!activate_as_activator)
     44     capabilities |= EOAC_DISABLE_AAA;
     45 
     46   // Apply the security descriptor and default security settings. See
     47   // InitializeComSecurity's declaration for details.
     48   HRESULT result = CoInitializeSecurity(
     49       absolute_sd.get(),
     50       -1,       // Let COM choose which authentication services to register.
     51       NULL,     // See above.
     52       NULL,     // Reserved, must be NULL.
     53       RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
     54       RPC_C_IMP_LEVEL_IDENTIFY,
     55       NULL,     // Default authentication information is not provided.
     56       capabilities,
     57       NULL);    /// Reserved, must be NULL
     58   if (FAILED(result)) {
     59     LOG(ERROR) << "CoInitializeSecurity() failed, result=0x"
     60                << std::hex << result << std::dec << ".";
     61     return false;
     62   }
     63 
     64   return true;
     65 }
     66 
     67 } // namespace remoting
     68