blob: 84a4f679868b86bce7b2b76674b04d0a0dc81790 [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "remoting/host/win/com_security.h"
#include <objidl.h>
#include "base/compiler_specific.h"
#include "base/logging.h"
#include "remoting/host/win/security_descriptor.h"
namespace remoting {
bool InitializeComSecurity(const std::string& security_descriptor,
const std::string& mandatory_label,
bool activate_as_activator) {
std::string sddl = security_descriptor + mandatory_label;
// Convert the SDDL description into a security descriptor in absolute format.
ScopedSd relative_sd = ConvertSddlToSd(sddl);
if (!relative_sd) {
PLOG(ERROR) << "Failed to create a security descriptor";
return false;
ScopedSd absolute_sd;
ScopedAcl dacl;
ScopedSid group;
ScopedSid owner;
ScopedAcl sacl;
if (!MakeScopedAbsoluteSd(relative_sd, &absolute_sd, &dacl, &group, &owner,
&sacl)) {
PLOG(ERROR) << "MakeScopedAbsoluteSd() failed";
return false;
if (!activate_as_activator)
capabilities |= EOAC_DISABLE_AAA;
// Apply the security descriptor and default security settings. See
// InitializeComSecurity's declaration for details.
HRESULT result = CoInitializeSecurity(
-1, // Let COM choose which authentication services to register.
nullptr, // See above.
nullptr, // Reserved, must be nullptr.
nullptr, // Default authentication information is not provided.
nullptr); /// Reserved, must be nullptr
if (FAILED(result)) {
LOG(ERROR) << "CoInitializeSecurity() failed, result=0x"
<< std::hex << result << std::dec << ".";
return false;
return true;
} // namespace remoting