1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "remoting/host/win/com_security.h"
9 #include "base/basictypes.h"
10 #include "base/compiler_specific.h"
11 #include "base/logging.h"
12 #include "base/win/windows_version.h"
13 #include "remoting/host/win/security_descriptor.h"
17 bool InitializeComSecurity(const std::string
& security_descriptor
,
18 const std::string
& mandatory_label
,
19 bool activate_as_activator
) {
20 std::string sddl
= security_descriptor
;
21 if (base::win::GetVersion() >= base::win::VERSION_VISTA
) {
22 sddl
+= mandatory_label
;
25 // Convert the SDDL description into a security descriptor in absolute format.
26 ScopedSd relative_sd
= ConvertSddlToSd(sddl
);
28 PLOG(ERROR
) << "Failed to create a security descriptor";
36 if (!MakeScopedAbsoluteSd(relative_sd
, &absolute_sd
, &dacl
, &group
, &owner
,
38 PLOG(ERROR
) << "MakeScopedAbsoluteSd() failed";
42 DWORD capabilities
= EOAC_DYNAMIC_CLOAKING
;
43 if (!activate_as_activator
)
44 capabilities
|= EOAC_DISABLE_AAA
;
46 // Apply the security descriptor and default security settings. See
47 // InitializeComSecurity's declaration for details.
48 HRESULT result
= CoInitializeSecurity(
50 -1, // Let COM choose which authentication services to register.
51 nullptr, // See above.
52 nullptr, // Reserved, must be nullptr.
53 RPC_C_AUTHN_LEVEL_PKT_PRIVACY
,
54 RPC_C_IMP_LEVEL_IDENTIFY
,
55 nullptr, // Default authentication information is not provided.
57 nullptr); /// Reserved, must be nullptr
59 LOG(ERROR
) << "CoInitializeSecurity() failed, result=0x"
60 << std::hex
<< result
<< std::dec
<< ".";
67 } // namespace remoting
