remoting/host/win/com_security.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef REMOTING_HOST_WIN_COM_SECURITY_H_
   6 #define REMOTING_HOST_WIN_COM_SECURITY_H_
   7
   8 #include <string>
   9
  10 // Concatenates ACE type, permissions and sid given as SDDL strings into an ACE
  11 // definition in SDDL form.
  12 #define SDDL_ACE(type, permissions, sid) \
  13     L"(" type L";;" permissions L";;;" sid L")"
  14
  15 // Text representation of COM_RIGHTS_EXECUTE and COM_RIGHTS_EXECUTE_LOCAL
  16 // permission bits that is used in the SDDL definition below.
  17 #define SDDL_COM_EXECUTE_LOCAL L"0x3"
  18
  19 namespace remoting {
  20
  21 // Initializes COM security of the process applying the passed security
  22 // descriptor. The mandatory label is applied if mandatory integrity control is
  23 // supported by the OS (i.e. on Vista and above). The function configures
  24 // the following settings:
  25 //  - the server authenticates that all data received is from the expected
  26 //    client.
  27 //  - the server can impersonate clients to check their identity but cannot act
  28 //    on their behalf.
  29 //  - the caller's identity is verified on every call (Dynamic cloaking).
  30 //  - Unless |activate_as_activator| is true, activations where the server would
  31 //    run under this process's identity are prohibited.
  32 bool InitializeComSecurity(const std::string& security_descriptor,
  33                            const std::string& mandatory_label,
  34                            bool activate_as_activator);
  35
  36 } // namespace remoting
  37
  38 #endif  // REMOTING_HOST_WIN_COM_SECURITY_H_