1

我尝试使用 Windows Mailslots 进行进程间通信,但我想拒绝任何远程通信。我为我的邮槽设置了众所周知的本地 sid 但我仍然可以从我域中的另一台计算机写入邮槽

SID_IDENTIFIER_AUTHORITY sid_auth_local = SECURITY_LOCAL_SID_AUTHORITY;
if (AllocateAndInitializeSid(&sid_auth_local, 1,
    SECURITY_LOCAL_LOGON_RID, 0, 0, 0, 0, 0, 0, 0, &localSid))

客户:

if ((mailslot = CreateFileA("\\\\MYDOMAIN\\mailslot\\MYSLOT", GENERIC_WRITE,
    FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE)

我附上了客户端服务器示例。

这里有什么问题?有没有办法通过邮槽排除远程连接?谢谢。

服务器示例:

#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include <accctrl.h>
#include <aclapi.h>

int main(void)
{
    char buffer[4];
    DWORD readBytes;
    DWORD res;
    HANDLE mailslot;

    PSID localSid = NULL;
    PACL acl = NULL;

    SECURITY_ATTRIBUTES *p_sa = NULL;

    SECURITY_DESCRIPTOR sd;
    EXPLICIT_ACCESS_A ea;
    SECURITY_ATTRIBUTES sa;
    SID_IDENTIFIER_AUTHORITY sid_auth_local = SECURITY_LOCAL_SID_AUTHORITY;

    if (AllocateAndInitializeSid(&sid_auth_local, 1,
        SECURITY_LOCAL_LOGON_RID, 0, 0, 0, 0, 0, 0, 0, &localSid)) //SECURITY_LOCAL_LOGON_RID
    {
        ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
        ea.grfAccessPermissions = GENERIC_READ | GENERIC_WRITE;
        ea.grfAccessMode = SET_ACCESS;
        ea.grfInheritance = NO_INHERITANCE;
        ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
        ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
        ea.Trustee.ptstrName = (LPSTR)localSid;

        if (SetEntriesInAclA(1, &ea, NULL, &acl) == ERROR_SUCCESS &&
            InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION) &&
            SetSecurityDescriptorDacl(&sd, TRUE, acl, FALSE))
        {
            sa.nLength = sizeof(SECURITY_ATTRIBUTES);
            sa.lpSecurityDescriptor = &sd;
            sa.bInheritHandle = FALSE;
            p_sa = &sa;
        }
    }

    if ((mailslot = CreateMailslot(L"\\\\.\\mailslot\\MYSLOT", 2048, MAILSLOT_WAIT_FOREVER, p_sa)) == INVALID_HANDLE_VALUE)
    {
        printf("Failed to create a MailSlot %d\n", GetLastError());
        return 0;
    }

    if (localSid) FreeSid(localSid);
    if (acl) LocalFree(acl);

    while ((res = ReadFile(mailslot, buffer, 4, &readBytes, NULL)) != 0)
    {
        printf("Received %d bytes %s\n", readBytes, buffer);
    }

    CloseHandle(mailslot);

    return 0;
}

客户端示例:

#include <windows.h>
#include <stdio.h>

void main(int argc, char *argv[])
{
    HANDLE mailslot;
    DWORD writtenBytes;
    if ((mailslot = CreateFileA("\\\\MYDOMAIN\\mailslot\\MYSLOT", GENERIC_WRITE,
        FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE)
    {
        printf("CreateFile failed with error %d\n", GetLastError());
        return;
    }

    if (WriteFile(mailslot, "Hi\n", 3, &writtenBytes, NULL) == 0)
    {
        printf("WriteFile failed with error %d\n", GetLastError());
        return;
    }
    printf("Wrote %d bytes\n", writtenBytes);
    CloseHandle(mailslot);
}
4

0 回答 0