Code:
/ Dotnetfx_Win7_3.5.1 / Dotnetfx_Win7_3.5.1 / 3.5.1 / DEVDIV / depot / DevDiv / releases / whidbey / NetFXspW7 / ndp / clr / src / BCL / System / Security / AccessControl / RegistrySecurity.cs / 1 / RegistrySecurity.cs
// ==++==
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// ==--==
/*============================================================
**
** Class: RegistrySecurity
**
**
** Purpose: Managed ACL wrapper for registry keys.
**
**
===========================================================*/
using System;
using System.Collections;
using System.Security.Permissions;
using System.Security.Principal;
using Microsoft.Win32;
using Microsoft.Win32.SafeHandles;
using System.Runtime.InteropServices;
using System.IO;
namespace System.Security.AccessControl
{
// We derived this enum from the definitions of KEY_READ and such from
// winnt.h and from MSDN, plus some experimental validation with regedit.
// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/registry_key_security_and_access_rights.asp
[Flags]
public enum RegistryRights
{
// No None field - An ACE with the value 0 cannot grant nor deny.
QueryValues = 0x0001, // query the values of a registry key
SetValue = 0x0002, // create, delete, or set a registry value
CreateSubKey = 0x0004, // required to create a subkey of a specific key
EnumerateSubKeys = 0x0008, // required to enumerate sub keys of a key
Notify = 0x0010, // needed to request change notifications
CreateLink = 0x0020,
ExecuteKey = ReadKey,
ReadKey = Win32Native.STANDARD_RIGHTS_READ | QueryValues | EnumerateSubKeys | Notify,
WriteKey = Win32Native.STANDARD_RIGHTS_WRITE | SetValue | CreateSubKey,
Delete = 0x10000,
ReadPermissions = 0x20000,
ChangePermissions = 0x40000,
TakeOwnership = 0x80000,
FullControl = 0xF003F | Win32Native.STANDARD_RIGHTS_READ | Win32Native.STANDARD_RIGHTS_WRITE
}
public sealed class RegistryAccessRule : AccessRule
{
// Constructor for creating access rules for registry objects
public RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, AccessControlType type)
: this(identity, (int) registryRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
public RegistryAccessRule(String identity, RegistryRights registryRights, AccessControlType type)
: this(new NTAccount(identity), (int) registryRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
public RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
: this(identity, (int) registryRights, false, inheritanceFlags, propagationFlags, type)
{
}
public RegistryAccessRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
: this(new NTAccount(identity), (int) registryRights, false, inheritanceFlags, propagationFlags, type)
{
}
//
// Internal constructor to be called by public constructors
// and the access rule factory methods of {File|Folder}Security
//
internal RegistryAccessRule(
IdentityReference identity,
int accessMask,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type )
: base(
identity,
accessMask,
isInherited,
inheritanceFlags,
propagationFlags,
type )
{
}
public RegistryRights RegistryRights {
get { return (RegistryRights) base.AccessMask; }
}
}
public sealed class RegistryAuditRule : AuditRule
{
public RegistryAuditRule(IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
: this(identity, (int) registryRights, false, inheritanceFlags, propagationFlags, flags)
{
}
public RegistryAuditRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
: this(new NTAccount(identity), (int) registryRights, false, inheritanceFlags, propagationFlags, flags)
{
}
internal RegistryAuditRule(IdentityReference identity, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
: base(identity, accessMask, isInherited, inheritanceFlags, propagationFlags, flags)
{
}
public RegistryRights RegistryRights {
get { return (RegistryRights) base.AccessMask; }
}
}
public sealed class RegistrySecurity : NativeObjectSecurity
{
public RegistrySecurity()
: base(true, ResourceType.RegistryKey)
{
}
/*
// The name of registry key must start with a predefined string,
// like CLASSES_ROOT, CURRENT_USER, MACHINE, and USERS. See
// MSDN's help for SetNamedSecurityInfo for details.
[SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
internal RegistrySecurity(String name, AccessControlSections includeSections)
: base(true, ResourceType.RegistryKey, HKeyNameToWindowsName(name), includeSections)
{
new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.View, name).Demand();
}
*/
[SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
internal RegistrySecurity(SafeRegistryHandle hKey, String name, AccessControlSections includeSections)
: base(true, ResourceType.RegistryKey, hKey, includeSections, _HandleErrorCode, null )
{
new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.View, name).Demand();
}
private static Exception _HandleErrorCode(int errorCode, string name, SafeHandle handle, object context)
{
System.Exception exception = null;
switch (errorCode) {
case Win32Native.ERROR_FILE_NOT_FOUND:
exception = new IOException(Environment.GetResourceString("Arg_RegKeyNotFound", errorCode));
break;
case Win32Native.ERROR_INVALID_NAME:
exception = new ArgumentException(Environment.GetResourceString("Arg_RegInvalidKeyName", "name"));
break;
case Win32Native.ERROR_INVALID_HANDLE:
exception = new ArgumentException(Environment.GetResourceString("AccessControl_InvalidHandle"));
break;
default:
break;
}
return exception;
}
public override AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
{
return new RegistryAccessRule(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, type);
}
public override AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
{
return new RegistryAuditRule(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, flags);
}
internal AccessControlSections GetAccessControlSectionsFromChanges()
{
AccessControlSections persistRules = AccessControlSections.None;
if (AccessRulesModified)
persistRules = AccessControlSections.Access;
if (AuditRulesModified)
persistRules |= AccessControlSections.Audit;
if (OwnerModified)
persistRules |= AccessControlSections.Owner;
if (GroupModified)
persistRules |= AccessControlSections.Group;
return persistRules;
}
/*
// See SetNamedSecurityInfo docs - we must start strings
// with names like CURRENT_USER, MACHINE, CLASSES_ROOT, etc.
// (Look at SE_OBJECT_TYPE, then the docs for SE_REGISTRY_KEY)
internal static String HKeyNameToWindowsName(String keyName)
{
if (keyName.StartsWith("HKEY_")) {
if (keyName.Equals("HKEY_LOCAL_MACHINE"))
return "MACHINE";
return keyName.Substring(5);
}
return keyName;
}
[SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
internal void Persist(String keyName)
{
new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.Change, keyName).Demand();
AccessControlSections persistRules = GetAccessControlSectionsFromChanges();
if (persistRules == AccessControlSections.None)
return; // Don't need to persist anything.
String windowsKeyName = HKeyNameToWindowsName(keyName);
base.Persist(windowsKeyName, persistRules);
OwnerModified = GroupModified = AuditRulesModified = AccessRulesModified = false;
}
*/
[SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
internal void Persist(SafeRegistryHandle hKey, String keyName)
{
new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.Change, keyName).Demand();
WriteLock();
try
{
AccessControlSections persistRules = GetAccessControlSectionsFromChanges();
if (persistRules == AccessControlSections.None)
return; // Don't need to persist anything.
base.Persist(hKey, persistRules);
OwnerModified = GroupModified = AuditRulesModified = AccessRulesModified = false;
}
finally
{
WriteUnlock();
}
}
public void AddAccessRule(RegistryAccessRule rule)
{
base.AddAccessRule(rule);
}
public void SetAccessRule(RegistryAccessRule rule)
{
base.SetAccessRule(rule);
}
public void ResetAccessRule(RegistryAccessRule rule)
{
base.ResetAccessRule(rule);
}
public bool RemoveAccessRule(RegistryAccessRule rule)
{
return base.RemoveAccessRule(rule);
}
public void RemoveAccessRuleAll(RegistryAccessRule rule)
{
base.RemoveAccessRuleAll(rule);
}
public void RemoveAccessRuleSpecific(RegistryAccessRule rule)
{
base.RemoveAccessRuleSpecific(rule);
}
public void AddAuditRule(RegistryAuditRule rule)
{
base.AddAuditRule(rule);
}
public void SetAuditRule(RegistryAuditRule rule)
{
base.SetAuditRule(rule);
}
public bool RemoveAuditRule(RegistryAuditRule rule)
{
return base.RemoveAuditRule(rule);
}
public void RemoveAuditRuleAll(RegistryAuditRule rule)
{
base.RemoveAuditRuleAll(rule);
}
public void RemoveAuditRuleSpecific(RegistryAuditRule rule)
{
base.RemoveAuditRuleSpecific(rule);
}
public override Type AccessRightType
{
get { return typeof(RegistryRights); }
}
public override Type AccessRuleType
{
get { return typeof(RegistryAccessRule); }
}
public override Type AuditRuleType
{
get { return typeof(RegistryAuditRule); }
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// ==++==
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// ==--==
/*============================================================
**
** Class: RegistrySecurity
**
**
** Purpose: Managed ACL wrapper for registry keys.
**
**
===========================================================*/
using System;
using System.Collections;
using System.Security.Permissions;
using System.Security.Principal;
using Microsoft.Win32;
using Microsoft.Win32.SafeHandles;
using System.Runtime.InteropServices;
using System.IO;
namespace System.Security.AccessControl
{
// We derived this enum from the definitions of KEY_READ and such from
// winnt.h and from MSDN, plus some experimental validation with regedit.
// http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/registry_key_security_and_access_rights.asp
[Flags]
public enum RegistryRights
{
// No None field - An ACE with the value 0 cannot grant nor deny.
QueryValues = 0x0001, // query the values of a registry key
SetValue = 0x0002, // create, delete, or set a registry value
CreateSubKey = 0x0004, // required to create a subkey of a specific key
EnumerateSubKeys = 0x0008, // required to enumerate sub keys of a key
Notify = 0x0010, // needed to request change notifications
CreateLink = 0x0020,
ExecuteKey = ReadKey,
ReadKey = Win32Native.STANDARD_RIGHTS_READ | QueryValues | EnumerateSubKeys | Notify,
WriteKey = Win32Native.STANDARD_RIGHTS_WRITE | SetValue | CreateSubKey,
Delete = 0x10000,
ReadPermissions = 0x20000,
ChangePermissions = 0x40000,
TakeOwnership = 0x80000,
FullControl = 0xF003F | Win32Native.STANDARD_RIGHTS_READ | Win32Native.STANDARD_RIGHTS_WRITE
}
public sealed class RegistryAccessRule : AccessRule
{
// Constructor for creating access rules for registry objects
public RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, AccessControlType type)
: this(identity, (int) registryRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
public RegistryAccessRule(String identity, RegistryRights registryRights, AccessControlType type)
: this(new NTAccount(identity), (int) registryRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
public RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
: this(identity, (int) registryRights, false, inheritanceFlags, propagationFlags, type)
{
}
public RegistryAccessRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
: this(new NTAccount(identity), (int) registryRights, false, inheritanceFlags, propagationFlags, type)
{
}
//
// Internal constructor to be called by public constructors
// and the access rule factory methods of {File|Folder}Security
//
internal RegistryAccessRule(
IdentityReference identity,
int accessMask,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type )
: base(
identity,
accessMask,
isInherited,
inheritanceFlags,
propagationFlags,
type )
{
}
public RegistryRights RegistryRights {
get { return (RegistryRights) base.AccessMask; }
}
}
public sealed class RegistryAuditRule : AuditRule
{
public RegistryAuditRule(IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
: this(identity, (int) registryRights, false, inheritanceFlags, propagationFlags, flags)
{
}
public RegistryAuditRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
: this(new NTAccount(identity), (int) registryRights, false, inheritanceFlags, propagationFlags, flags)
{
}
internal RegistryAuditRule(IdentityReference identity, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
: base(identity, accessMask, isInherited, inheritanceFlags, propagationFlags, flags)
{
}
public RegistryRights RegistryRights {
get { return (RegistryRights) base.AccessMask; }
}
}
public sealed class RegistrySecurity : NativeObjectSecurity
{
public RegistrySecurity()
: base(true, ResourceType.RegistryKey)
{
}
/*
// The name of registry key must start with a predefined string,
// like CLASSES_ROOT, CURRENT_USER, MACHINE, and USERS. See
// MSDN's help for SetNamedSecurityInfo for details.
[SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
internal RegistrySecurity(String name, AccessControlSections includeSections)
: base(true, ResourceType.RegistryKey, HKeyNameToWindowsName(name), includeSections)
{
new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.View, name).Demand();
}
*/
[SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
internal RegistrySecurity(SafeRegistryHandle hKey, String name, AccessControlSections includeSections)
: base(true, ResourceType.RegistryKey, hKey, includeSections, _HandleErrorCode, null )
{
new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.View, name).Demand();
}
private static Exception _HandleErrorCode(int errorCode, string name, SafeHandle handle, object context)
{
System.Exception exception = null;
switch (errorCode) {
case Win32Native.ERROR_FILE_NOT_FOUND:
exception = new IOException(Environment.GetResourceString("Arg_RegKeyNotFound", errorCode));
break;
case Win32Native.ERROR_INVALID_NAME:
exception = new ArgumentException(Environment.GetResourceString("Arg_RegInvalidKeyName", "name"));
break;
case Win32Native.ERROR_INVALID_HANDLE:
exception = new ArgumentException(Environment.GetResourceString("AccessControl_InvalidHandle"));
break;
default:
break;
}
return exception;
}
public override AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
{
return new RegistryAccessRule(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, type);
}
public override AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
{
return new RegistryAuditRule(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, flags);
}
internal AccessControlSections GetAccessControlSectionsFromChanges()
{
AccessControlSections persistRules = AccessControlSections.None;
if (AccessRulesModified)
persistRules = AccessControlSections.Access;
if (AuditRulesModified)
persistRules |= AccessControlSections.Audit;
if (OwnerModified)
persistRules |= AccessControlSections.Owner;
if (GroupModified)
persistRules |= AccessControlSections.Group;
return persistRules;
}
/*
// See SetNamedSecurityInfo docs - we must start strings
// with names like CURRENT_USER, MACHINE, CLASSES_ROOT, etc.
// (Look at SE_OBJECT_TYPE, then the docs for SE_REGISTRY_KEY)
internal static String HKeyNameToWindowsName(String keyName)
{
if (keyName.StartsWith("HKEY_")) {
if (keyName.Equals("HKEY_LOCAL_MACHINE"))
return "MACHINE";
return keyName.Substring(5);
}
return keyName;
}
[SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
internal void Persist(String keyName)
{
new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.Change, keyName).Demand();
AccessControlSections persistRules = GetAccessControlSectionsFromChanges();
if (persistRules == AccessControlSections.None)
return; // Don't need to persist anything.
String windowsKeyName = HKeyNameToWindowsName(keyName);
base.Persist(windowsKeyName, persistRules);
OwnerModified = GroupModified = AuditRulesModified = AccessRulesModified = false;
}
*/
[SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
internal void Persist(SafeRegistryHandle hKey, String keyName)
{
new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.Change, keyName).Demand();
WriteLock();
try
{
AccessControlSections persistRules = GetAccessControlSectionsFromChanges();
if (persistRules == AccessControlSections.None)
return; // Don't need to persist anything.
base.Persist(hKey, persistRules);
OwnerModified = GroupModified = AuditRulesModified = AccessRulesModified = false;
}
finally
{
WriteUnlock();
}
}
public void AddAccessRule(RegistryAccessRule rule)
{
base.AddAccessRule(rule);
}
public void SetAccessRule(RegistryAccessRule rule)
{
base.SetAccessRule(rule);
}
public void ResetAccessRule(RegistryAccessRule rule)
{
base.ResetAccessRule(rule);
}
public bool RemoveAccessRule(RegistryAccessRule rule)
{
return base.RemoveAccessRule(rule);
}
public void RemoveAccessRuleAll(RegistryAccessRule rule)
{
base.RemoveAccessRuleAll(rule);
}
public void RemoveAccessRuleSpecific(RegistryAccessRule rule)
{
base.RemoveAccessRuleSpecific(rule);
}
public void AddAuditRule(RegistryAuditRule rule)
{
base.AddAuditRule(rule);
}
public void SetAuditRule(RegistryAuditRule rule)
{
base.SetAuditRule(rule);
}
public bool RemoveAuditRule(RegistryAuditRule rule)
{
return base.RemoveAuditRule(rule);
}
public void RemoveAuditRuleAll(RegistryAuditRule rule)
{
base.RemoveAuditRuleAll(rule);
}
public void RemoveAuditRuleSpecific(RegistryAuditRule rule)
{
base.RemoveAuditRuleSpecific(rule);
}
public override Type AccessRightType
{
get { return typeof(RegistryRights); }
}
public override Type AccessRuleType
{
get { return typeof(RegistryAccessRule); }
}
public override Type AuditRuleType
{
get { return typeof(RegistryAuditRule); }
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- Buffer.cs
- RequestCacheValidator.cs
- FixedSOMFixedBlock.cs
- NodeLabelEditEvent.cs
- FileDialogPermission.cs
- SurrogateSelector.cs
- TextServicesManager.cs
- RegexTree.cs
- TableRowCollection.cs
- ToolStripSettings.cs
- BitmapEffectGeneralTransform.cs
- SessionViewState.cs
- SimpleColumnProvider.cs
- PaintValueEventArgs.cs
- DataGridViewColumnCollectionDialog.cs
- BlobPersonalizationState.cs
- ScopeCompiler.cs
- KeyGesture.cs
- RepeaterItemCollection.cs
- WebPartConnectionsCancelEventArgs.cs
- InternalConfigEventArgs.cs
- ListItemCollection.cs
- IItemContainerGenerator.cs
- PersonalizationStateInfoCollection.cs
- CompModHelpers.cs
- FixedSOMGroup.cs
- MouseBinding.cs
- ReadOnlyCollectionBuilder.cs
- Int32Storage.cs
- ObservableCollection.cs
- DetailsViewDesigner.cs
- StringStorage.cs
- SQLMembershipProvider.cs
- UrlRoutingModule.cs
- BitmapDecoder.cs
- TypeTypeConverter.cs
- ManagedCodeMarkers.cs
- RowVisual.cs
- ObjectTag.cs
- RC2.cs
- Marshal.cs
- EpmHelper.cs
- MailHeaderInfo.cs
- OleDbDataReader.cs
- DetailsViewInsertedEventArgs.cs
- Parser.cs
- SspiWrapper.cs
- Mutex.cs
- ControlCollection.cs
- ModelItemDictionary.cs
- UndoManager.cs
- MultipartIdentifier.cs
- ProtocolsConfigurationHandler.cs
- Matrix3DStack.cs
- BaseCollection.cs
- StrokeRenderer.cs
- TableRow.cs
- TextOutput.cs
- MultiDataTrigger.cs
- CodeGroup.cs
- InstanceOwnerQueryResult.cs
- GZipObjectSerializer.cs
- DecimalAnimation.cs
- LookupNode.cs
- ThreadStaticAttribute.cs
- SyntaxCheck.cs
- CaretElement.cs
- SoapReflectionImporter.cs
- FileVersionInfo.cs
- ListViewTableRow.cs
- BindingContext.cs
- TextParaLineResult.cs
- XmlCustomFormatter.cs
- KeySpline.cs
- JapaneseLunisolarCalendar.cs
- QueuePathEditor.cs
- XmlDictionaryReaderQuotas.cs
- OracleConnectionStringBuilder.cs
- uribuilder.cs
- WizardPanelChangingEventArgs.cs
- Repeater.cs
- PeerApplication.cs
- AuthenticationSection.cs
- ResizeGrip.cs
- sqlnorm.cs
- EncodingStreamWrapper.cs
- EntryIndex.cs
- SectionUpdates.cs
- AppSettingsExpressionBuilder.cs
- SwitchAttribute.cs
- MachineKeySection.cs
- FragmentQueryProcessor.cs
- BindableTemplateBuilder.cs
- ComponentSerializationService.cs
- GeneralTransform.cs
- TreeNodeMouseHoverEvent.cs
- AssemblyInfo.cs
- RsaEndpointIdentity.cs
- LinqDataSource.cs
- WorkflowServiceBehavior.cs