我使用 LsaStorePrivateData 在计算机 A 上存储了一些数据。问题是使用同一本地网络上的任何其他 PC 的 LsaRetrievePrivateData api func 很容易读取它。我怎样才能防止这种情况发生?停止“远程注册表”服务没有帮助。还有其他技巧可以防止远程访问使用 LsaStorePrivateData 存储的数据吗?
问候, 阿图尔
最佳答案
没有必要做任何事情,除非:
目标机器上的操作系统严重损坏,在这种情况下,重新安装可能是唯一安全的方法。
您已使用 guest 帐户或不受信任的用户可以访问的其他帐户存储数据,在这种情况下,答案是不要这样做。 :-)
LsaStorePrivateData 的文档说:
The data stored by the LsaStorePrivateData function is not absolutey protected. However, the data is encrypted before being stored, and the key has a DACL that allows only the creator and administrators to read the data.
此测试代码可能对任何对该主题感兴趣的人有用,或者想要仔细检查他们的机器在这方面是否安全。我自己使用此代码进行的测试证实了记录的行为。
#include <Windows.h>
#include <Ntsecapi.h>
#include <stdio.h>
wchar_t keyname_string[] = L"harrytest";
LSA_UNICODE_STRING keyname;
LSA_OBJECT_ATTRIBUTES lsa_object_attributes;
int set(void)
{
LSA_HANDLE ph;
LSA_UNICODE_STRING secretdata;
wchar_t secretdata_buffer[2];
DWORD status;
status = LsaOpenPolicy(NULL, &lsa_object_attributes, POLICY_ALL_ACCESS, &ph);
if (status != 0)
{
printf("LsaOpenPolicy: %X\n", status);
return status;
}
secretdata.Length = 2;
secretdata.MaximumLength = sizeof(secretdata_buffer);
secretdata.Buffer = secretdata_buffer;
secretdata_buffer[0] = L'x';
secretdata_buffer[1] = L'\0';
status = LsaStorePrivateData(ph, &keyname, &secretdata);
if (status != 0)
{
printf("LsaStorePrivateData: %X\n", status);
return status;
}
printf("Success!\n");
return 0;
}
int get(wchar_t * target_string)
{
LSA_HANDLE ph;
LSA_UNICODE_STRING * secretdata;
LSA_UNICODE_STRING target;
DWORD status;
if (target_string != NULL)
{
target.Length = wcslen(target_string) * 2;
target.MaximumLength = target.Length + 2;
target.Buffer = target_string;
}
status = LsaOpenPolicy(target_string ? &target : NULL, &lsa_object_attributes, MAXIMUM_ALLOWED, &ph);
if (status != 0)
{
printf("LsaOpenPolicy: %X\n", status);
return status;
}
status = LsaRetrievePrivateData(ph, &keyname, &secretdata);
if (status != 0)
{
printf("LsaRetrievePrivateData: %X\n", status);
return status;
}
if (secretdata == NULL)
{
printf("NULL pointer retrieved\n");
return 1;
}
printf("%u bytes retrieved\n", secretdata->Length);
return 0;
}
int delete_data(void)
{
LSA_HANDLE ph;
DWORD status;
status = LsaOpenPolicy(NULL, &lsa_object_attributes, POLICY_ALL_ACCESS, &ph);
if (status != 0)
{
printf("LsaOpenPolicy: %X\n", status);
return status;
}
status = LsaStorePrivateData(ph, &keyname, NULL);
if (status != 0)
{
printf("LsaStorePrivateData: %X\n", status);
return status;
}
printf("Success!\n");
return 0;
}
int wmain(int argc, wchar_t ** argv)
{
keyname.Length = wcslen(keyname_string) * 2;
keyname.MaximumLength = keyname.Length + 2;
keyname.Buffer = keyname_string;
lsa_object_attributes.Length = sizeof(lsa_object_attributes);
lsa_object_attributes.RootDirectory = NULL;
lsa_object_attributes.ObjectName = NULL;
lsa_object_attributes.Attributes = 0;
lsa_object_attributes.SecurityDescriptor = NULL;
lsa_object_attributes.SecurityQualityOfService = NULL;
if (argc > 1)
{
if (_wcsicmp(argv[1], L"set") == 0)
{
return set();
}
if (_wcsicmp(argv[1], L"delete") == 0)
{
return delete_data();
}
else if (_wcsicmp(argv[1], L"get") == 0)
{
if (argc == 2)
{
return get(NULL);
}
else if (argc == 3)
{
return get(argv[2]);
}
}
}
printf("Syntax:\n"
"testprivatedata set\n"
"testprivatedata get\n"
"testprivatedata get \\\\target\n"
"testprivatedata delete\n");
return 1;
}
关于windows - 如何防止使用 LsaRetrievePrivateData 从远程机器的任何人轻松读取使用 LsaStorePrivateData 存储的数据?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9041495/