RegistrySecurity.cs source code in C# .NET

Source code for the .NET framework in C#

                        

Code:

/ FX-1434 / FX-1434 / 1.0 / untmp / whidbey / REDBITS / ndp / clr / src / BCL / System / Security / AccessControl / RegistrySecurity.cs / 1 / RegistrySecurity.cs

                            // ==++== 
//
//   Copyright (c) Microsoft Corporation.  All rights reserved.
//
// ==--== 
/*============================================================
** 
** Class:  RegistrySecurity 
**
** 
** Purpose: Managed ACL wrapper for registry keys.
**
**
===========================================================*/ 

using System; 
using System.Collections; 
using System.Security.Permissions;
using System.Security.Principal; 
using Microsoft.Win32;
using Microsoft.Win32.SafeHandles;
using System.Runtime.InteropServices;
using System.IO; 

namespace System.Security.AccessControl 
{ 
    // We derived this enum from the definitions of KEY_READ and such from
    // winnt.h and from MSDN, plus some experimental validation with regedit. 
    // http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/registry_key_security_and_access_rights.asp
    [Flags]
    public enum RegistryRights
    { 
        // No None field - An ACE with the value 0 cannot grant nor deny.
        QueryValues          = 0x0001,        // query the values of a registry key 
        SetValue             = 0x0002,        // create, delete, or set a registry value 
        CreateSubKey         = 0x0004,        // required to create a subkey of a specific key
        EnumerateSubKeys     = 0x0008,        // required to enumerate sub keys of a key 
        Notify               = 0x0010,        // needed to request change notifications
        CreateLink           = 0x0020,
        ExecuteKey           = ReadKey,
        ReadKey              = Win32Native.STANDARD_RIGHTS_READ | QueryValues | EnumerateSubKeys | Notify, 
        WriteKey             = Win32Native.STANDARD_RIGHTS_WRITE | SetValue | CreateSubKey,
        Delete               = 0x10000, 
        ReadPermissions      = 0x20000, 
        ChangePermissions    = 0x40000,
        TakeOwnership        = 0x80000, 
        FullControl          = 0xF003F | Win32Native.STANDARD_RIGHTS_READ | Win32Native.STANDARD_RIGHTS_WRITE
    }

 
    public sealed class RegistryAccessRule : AccessRule
    { 
        // Constructor for creating access rules for registry objects 

        public RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, AccessControlType type) 
            : this(identity, (int) registryRights, false, InheritanceFlags.None, PropagationFlags.None, type)
        {
        }
 
        public RegistryAccessRule(String identity, RegistryRights registryRights, AccessControlType type)
            : this(new NTAccount(identity), (int) registryRights, false, InheritanceFlags.None, PropagationFlags.None, type) 
        { 
        }
 
        public RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
            : this(identity, (int) registryRights, false, inheritanceFlags, propagationFlags, type)
        {
        } 

        public RegistryAccessRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) 
            : this(new NTAccount(identity), (int) registryRights, false, inheritanceFlags, propagationFlags, type) 
        {
        } 

        //
        // Internal constructor to be called by public constructors
        // and the access rule factory methods of {File|Folder}Security 
        //
        internal RegistryAccessRule( 
            IdentityReference identity, 
            int accessMask,
            bool isInherited, 
            InheritanceFlags inheritanceFlags,
            PropagationFlags propagationFlags,
            AccessControlType type )
            : base( 
                identity,
                accessMask, 
                isInherited, 
                inheritanceFlags,
                propagationFlags, 
                type )
        {
        }
 
        public RegistryRights RegistryRights {
            get { return (RegistryRights) base.AccessMask; } 
        } 
    }
 

    public sealed class RegistryAuditRule : AuditRule
    {
        public RegistryAuditRule(IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) 
            : this(identity, (int) registryRights, false, inheritanceFlags, propagationFlags, flags)
        { 
        } 

        public RegistryAuditRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) 
            : this(new NTAccount(identity), (int) registryRights, false, inheritanceFlags, propagationFlags, flags)
        {
        }
 
        internal RegistryAuditRule(IdentityReference identity, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
            : base(identity, accessMask, isInherited, inheritanceFlags, propagationFlags, flags) 
        { 
        }
 
        public RegistryRights RegistryRights {
            get { return (RegistryRights) base.AccessMask; }
        }
    } 

 
    public sealed class RegistrySecurity : NativeObjectSecurity 
    {
        public RegistrySecurity() 
            : base(true, ResourceType.RegistryKey)
        {
        }
 
        /*
        // The name of registry key must start with a predefined string, 
        // like CLASSES_ROOT, CURRENT_USER, MACHINE, and USERS.  See 
        // MSDN's help for SetNamedSecurityInfo for details.
        [SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)] 
        internal RegistrySecurity(String name, AccessControlSections includeSections)
            : base(true, ResourceType.RegistryKey, HKeyNameToWindowsName(name), includeSections)
        {
            new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.View, name).Demand(); 
        }
        */ 
 
        [SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
        internal RegistrySecurity(SafeRegistryHandle hKey, String name, AccessControlSections includeSections) 
            : base(true, ResourceType.RegistryKey, hKey, includeSections, _HandleErrorCode, null )
        {
            new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.View, name).Demand();
        } 

        private static Exception _HandleErrorCode(int errorCode, string name, SafeHandle handle, object context) 
        { 
            System.Exception exception = null;
 
            switch (errorCode) {
            case Win32Native.ERROR_FILE_NOT_FOUND:
                exception = new IOException(Environment.GetResourceString("Arg_RegKeyNotFound", errorCode));
                break; 

            case Win32Native.ERROR_INVALID_NAME: 
                exception = new ArgumentException(Environment.GetResourceString("Arg_RegInvalidKeyName", "name")); 
                break;
 
            case Win32Native.ERROR_INVALID_HANDLE:
                exception = new ArgumentException(Environment.GetResourceString("AccessControl_InvalidHandle"));
                break;
 
            default:
                break; 
            } 

            return exception; 
        }

        public override AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
        { 
            return new RegistryAccessRule(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, type);
        } 
 
        public override AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
        { 
            return new RegistryAuditRule(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, flags);
        }

        internal AccessControlSections GetAccessControlSectionsFromChanges() 
        {
            AccessControlSections persistRules = AccessControlSections.None; 
            if (AccessRulesModified) 
                persistRules = AccessControlSections.Access;
            if (AuditRulesModified) 
                persistRules |= AccessControlSections.Audit;
            if (OwnerModified)
                persistRules |= AccessControlSections.Owner;
            if (GroupModified) 
                persistRules |= AccessControlSections.Group;
            return persistRules; 
        } 

        /* 
        // See SetNamedSecurityInfo docs - we must start strings
        // with names like CURRENT_USER, MACHINE, CLASSES_ROOT, etc.
        // (Look at SE_OBJECT_TYPE, then the docs for SE_REGISTRY_KEY)
        internal static String HKeyNameToWindowsName(String keyName) 
        {
            if (keyName.StartsWith("HKEY_")) { 
                if (keyName.Equals("HKEY_LOCAL_MACHINE")) 
                    return "MACHINE";
                return keyName.Substring(5); 
            }
            return keyName;
        }
 
        [SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
        internal void Persist(String keyName) 
        { 
            new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.Change, keyName).Demand();
 
            AccessControlSections persistRules = GetAccessControlSectionsFromChanges();
            if (persistRules == AccessControlSections.None)
                return;  // Don't need to persist anything.
 
            String windowsKeyName = HKeyNameToWindowsName(keyName);
            base.Persist(windowsKeyName, persistRules); 
            OwnerModified = GroupModified = AuditRulesModified = AccessRulesModified = false; 
        }
        */ 

        [SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]
        internal void Persist(SafeRegistryHandle hKey, String keyName)
        { 
            new RegistryPermission(RegistryPermissionAccess.NoAccess, AccessControlActions.Change, keyName).Demand();
 
            WriteLock(); 

            try 
            {
                AccessControlSections persistRules = GetAccessControlSectionsFromChanges();
                if (persistRules == AccessControlSections.None)
                    return;  // Don't need to persist anything. 

                base.Persist(hKey, persistRules); 
                OwnerModified = GroupModified = AuditRulesModified = AccessRulesModified = false; 
            }
            finally 
            {
                WriteUnlock();
            }
        } 

        public void AddAccessRule(RegistryAccessRule rule) 
        { 
            base.AddAccessRule(rule);
        } 

        public void SetAccessRule(RegistryAccessRule rule)
        {
            base.SetAccessRule(rule); 
        }
 
        public void ResetAccessRule(RegistryAccessRule rule) 
        {
            base.ResetAccessRule(rule); 
        }

        public bool RemoveAccessRule(RegistryAccessRule rule)
        { 
            return base.RemoveAccessRule(rule);
        } 
 
        public void RemoveAccessRuleAll(RegistryAccessRule rule)
        { 
            base.RemoveAccessRuleAll(rule);
        }

        public void RemoveAccessRuleSpecific(RegistryAccessRule rule) 
        {
            base.RemoveAccessRuleSpecific(rule); 
        } 

        public void AddAuditRule(RegistryAuditRule rule) 
        {
            base.AddAuditRule(rule);
        }
 
        public void SetAuditRule(RegistryAuditRule rule)
        { 
            base.SetAuditRule(rule); 
        }
 
        public bool RemoveAuditRule(RegistryAuditRule rule)
        {
            return base.RemoveAuditRule(rule);
        } 

        public void RemoveAuditRuleAll(RegistryAuditRule rule) 
        { 
            base.RemoveAuditRuleAll(rule);
        } 

        public void RemoveAuditRuleSpecific(RegistryAuditRule rule)
        {
            base.RemoveAuditRuleSpecific(rule); 
        }
 
        public override Type AccessRightType 
        {
            get { return typeof(RegistryRights); } 
        }

        public override Type AccessRuleType
        { 
            get { return typeof(RegistryAccessRule); }
        } 
 
        public override Type AuditRuleType
        { 
            get { return typeof(RegistryAuditRule); }
        }
    }
}
                        

Link Menu

Network programming in C#, Network Programming in VB.NET, Network Programming in .NET
This book is available now!
Buy at Amazon US or
Buy at Amazon UK