1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "remoting/host/win/com_security.h"
6
7#include <objidl.h>
8
9#include "base/basictypes.h"
10#include "base/compiler_specific.h"
11#include "base/logging.h"
12#include "base/win/windows_version.h"
13#include "remoting/host/win/security_descriptor.h"
14
15namespace remoting {
16
17bool InitializeComSecurity(const std::string& security_descriptor,
18                           const std::string& mandatory_label,
19                           bool activate_as_activator) {
20  std::string sddl = security_descriptor;
21  if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
22    sddl += mandatory_label;
23  }
24
25  // Convert the SDDL description into a security descriptor in absolute format.
26  ScopedSd relative_sd = ConvertSddlToSd(sddl);
27  if (!relative_sd) {
28    PLOG(ERROR) << "Failed to create a security descriptor";
29    return false;
30  }
31  ScopedSd absolute_sd;
32  ScopedAcl dacl;
33  ScopedSid group;
34  ScopedSid owner;
35  ScopedAcl sacl;
36  if (!MakeScopedAbsoluteSd(relative_sd, &absolute_sd, &dacl, &group, &owner,
37                            &sacl)) {
38    PLOG(ERROR) << "MakeScopedAbsoluteSd() failed";
39    return false;
40  }
41
42  DWORD capabilities = EOAC_DYNAMIC_CLOAKING;
43  if (!activate_as_activator)
44    capabilities |= EOAC_DISABLE_AAA;
45
46  // Apply the security descriptor and default security settings. See
47  // InitializeComSecurity's declaration for details.
48  HRESULT result = CoInitializeSecurity(
49      absolute_sd.get(),
50      -1,       // Let COM choose which authentication services to register.
51      NULL,     // See above.
52      NULL,     // Reserved, must be NULL.
53      RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
54      RPC_C_IMP_LEVEL_IDENTIFY,
55      NULL,     // Default authentication information is not provided.
56      capabilities,
57      NULL);    /// Reserved, must be NULL
58  if (FAILED(result)) {
59    LOG(ERROR) << "CoInitializeSecurity() failed, result=0x"
60               << std::hex << result << std::dec << ".";
61    return false;
62  }
63
64  return true;
65}
66
67} // namespace remoting
68