static bool WriteRegistry()
{
try
{
// 로컬호스트 관리자그룹을 사용해서 레지스트리 쓰기 권한을 할당한다.
// 도메인에 속하는 컴퓨터인 경우 아래 코드가 잘 될지 안될지 모르겠다.
RegistryAccessRule allow_write_rule = new RegistryAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), RegistryRights.FullControl, AccessControlType.Allow);
RegistrySecurity securitySettings = new RegistrySecurity();
securitySettings.AddAccessRule(allow_write_rule);
// MSDN의 샘플은 HKEY_CLASSROOT 에 저장하게 되어있는데
// HKEY_CURRENT_USER 에 저장하는걸 권장한다고 하더라.
// 난 그냥 HKEY_LOCAL_MACHINE 에 저장한다.
RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Classes", RegistryKeyPermissionCheck.ReadWriteSubTree);
key.SetAccessControl(securitySettings);
// 스키마 생성
RegistryKey reg_base = key.CreateSubKey("mytro.RecPlayer");
if (null == reg_base)
return false;
// 기본값 설정
reg_base.SetValue("", "mytro record player URI", RegistryValueKind.String);
// 이게 꼭 필요한지는 모르겠음
reg_base.SetValue("Content Type", "application/x-mytrorec", RegistryValueKind.String);
// 이게 있어야 브라우저에서 클릭했을때 동작한다.
reg_base.SetValue("URL Protocol", "", RegistryValueKind.String);
// icon 설정
RegistryKey icon = reg_base.CreateSubKey("DefaultIcon");
if (null == icon)
return false;
icon.SetValue("", @"C:\MYTRO\RecordPlayer\MytroPlayer.exe,1", RegistryValueKind.String);
// 핸들러 설정 (shell open 을 만들어준다.)
RegistryKey shell = reg_base.CreateSubKey("shell");
if (null == shell)
return false;
shell.SetValue("", "open", RegistryValueKind.String);
RegistryKey open = shell.CreateSubKey("open");
if (null == open)
return false;
RegistryKey command = open.CreateSubKey("command");
if (null == command)
return false;
// 실행파일도 Environment.SpecialFolder.ApplicationData 에 넣고 사용하는걸 권장하는데 왜 그런지는 잘 모르겠음...
// 저 규칙에 따른다면 경로는 이렇게 된다. C:/Users/홍준기/AppData/Roaming/RecordPlayer/MytroPlayer.exe
command.SetValue("", @"""C:\MYTRO\RecordPlayer\MytroPlayer.exe"" ""%1""", RegistryValueKind.String);
return true;
}
catch (Exception e)
{
MessageBox.Show(e.ToString());
}
return false;
}
private RegistryKey OpenExplorerPoliciesKey()
{
RegistrySecurity RegistrySecurity = new RegistrySecurity();
WindowsIdentity WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent();
RegistryAccessRule AccessRule = new RegistryAccessRule(WindowsIdentity.Name, RegistryRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow);
RegistrySecurity.AddAccessRule(AccessRule);
RegistrySecurity.SetAccessRuleProtection(false, true);
RegistryKey RegistryKey = Registry.LocalMachine.OpenSubKey(ExplorerPolitiesRegistryPath, true);
RegistryKey.SetAccessControl(RegistrySecurity);
return RegistryKey;
}
private static void Main(params string[] args)
{
if (args.Length == 0)
{
Console.WriteLine(Resources.Help);
Pause();
return;
}
if (args.Contains(Factory.FormFlag))
{
CommandLineBuilder form = new CommandLineBuilder();
form.ShowDialog();
return;
}
Console.WriteLine(Resources.NotifyStartMessage);
Factory factory = new Factory();
ExecutionInfo executionInfo = factory.CreateExecutationInfo();
// TODO: validate parameters
try
{
RegistryKey registryKey = branchRegistryKey[executionInfo.MainBranch];
registryKey = registryKey.OpenSubKey(executionInfo.PathToKey, true);
RegistryAccessRule registryAccessRule = new RegistryAccessRule(
executionInfo.User,
executionInfo.Permission,
executionInfo.InheritanceFlags,
executionInfo.PropagationFlags,
executionInfo.AccessControlType);
RegistrySecurity registrySecurity = new RegistrySecurity();
registrySecurity.SetAccessRule(registryAccessRule);
registryKey.SetAccessControl(registrySecurity);
Console.WriteLine(Resources.SuccessMessage);
}
catch (Exception ex)
{
Console.WriteLine("ERROR: {0}", ex.ToString());
}
Pause();
}
private static void SetUserAccess(RegistryKey registryKey, IdentityReference user, RegistryRights accessType)
{
RegistrySecurity registrySecurity = registryKey.GetAccessControl();
RegistryAccessRule rule = new RegistryAccessRule(
user,
accessType,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow
);
registrySecurity.AddAccessRule(rule);
registryKey.SetAccessControl(registrySecurity);
}
private static RegistryKey GetRegistryKey()
{
// Create a security context for a new key that we will use to store our data.
// The security context will restrict access to only our user.
string user = Environment.UserDomainName + "\\" + Environment.UserName;
RegistrySecurity security = new RegistrySecurity();
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.FullControl,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
security.AddAccessRule(rule);
RegistryKey key = Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run",
RegistryKeyPermissionCheck.ReadWriteSubTree, security);
return key;
}
static RegistryUtilities()
{
MSec = new RegistrySecurity();
string user = Environment.UserDomainName +
"\\" + Environment.UserName;
try
{
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete | RegistryRights.FullControl | RegistryRights.CreateSubKey,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow
);
MSec.AddAccessRule(rule);
}
catch
{
}
}
public ForcedProxy()
{
InitializeComponent();
RegistryKey key;
key = Registry.LocalMachine.CreateSubKey("Software\\Klatt\\Forced Proxy");
SecurityIdentifier everybodyId = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
NTAccount everybody = everybodyId.Translate(typeof(NTAccount)) as NTAccount;
RegistryAccessRule rule = new RegistryAccessRule(
everybody.ToString(),
RegistryRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
RegistrySecurity security = new RegistrySecurity();
security.AddAccessRule(rule);
key.SetAccessControl(security);
ip.Text = (string)key.GetValue(null, "127.0.0.1");
key.Close();
programs.Items.Clear();
readAvaiablePrograms();
setInstallButtonCaption();
}
public void ResetAccessRule(RegistryAccessRule rule)
{
base.ResetAccessRule(rule);
}
public void AddAccessRule(RegistryAccessRule rule)
{
base.AddAccessRule(rule);
}
public void RemoveAccessRuleAll(RegistryAccessRule rule)
{
}
public void AddAccessRule(RegistryAccessRule rule)
{
}
/// <summary>
/// Grant All Access Permission to user
/// </summary>
/// <param name="key"></param>
protected void GrantAllAccessPermission(String key)
{
try
{
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
NTAccount account = sid.Translate(typeof(NTAccount)) as NTAccount;
// Get ACL from Windows
using (RegistryKey rk = Registry.LocalMachine.OpenSubKey(key))
{
RegistrySecurity rs = new RegistrySecurity();
// Creating registry access rule for 'Everyone' NT account
RegistryAccessRule rar = new RegistryAccessRule(
account.ToString(),
RegistryRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
rs.AddAccessRule(rar);
rk.SetAccessControl(rs);
}
}
catch (System.Security.SecurityException ex)
{
//throw new InstallException(
// String.Format("An exception in GrantAllAccessPermission, security exception! {0}", key),
// ex);
}
catch (UnauthorizedAccessException ex)
{
//throw new InstallException(
// String.Format("An exception in GrantAllAccessPermission, access denied! {0}", key),
// ex);
}
}
public bool RemoveAccessRule (RegistryAccessRule rule)
{
throw new NotImplementedException ();
}
public void RemoveAccessRuleSpecific(RegistryAccessRule rule)
{
base.RemoveAccessRuleSpecific(rule);
}
public void AddAccessRule (RegistryAccessRule rule)
{
AddAccessRule ((AccessRule)rule);
}
public void ResetAccessRule(RegistryAccessRule rule)
{
ResetAccessRule((AccessRule)rule);
}
public void SetAccessRule(RegistryAccessRule rule)
{
SetAccessRule((AccessRule)rule);
}
private static void SetRegistryAcls()
{
string ToopherSubKey = Abstractions.Settings.DynamicSettings.ROOT_KEY;
using(RegistryKey key = Registry.LocalMachine.CreateSubKey (ToopherSubKey)) {
if(key != null) {
RegistryAccessRule allowRead = new RegistryAccessRule (
USERS_GROUP, RegistryRights.ReadKey,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
RegistryAccessRule adminFull = new RegistryAccessRule (
ADMIN_GROUP, RegistryRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
RegistryAccessRule systemFull = new RegistryAccessRule (
SYSTEM_ACCT, RegistryRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
RegistrySecurity keySec = key.GetAccessControl ();
// Remove inherited rules
keySec.SetAccessRuleProtection (true, false);
// Add full control for administrators and system.
keySec.AddAccessRule (adminFull);
keySec.AddAccessRule (systemFull);
// Remove any read rules for users (if they exist)
keySec.RemoveAccessRuleAll (allowRead);
// Apply the rules..
key.SetAccessControl (keySec);
}
}
}
public void RemoveAccessRuleSpecific (RegistryAccessRule rule)
{
throw new NotImplementedException ();
}
public void RemoveAccessRuleAll(RegistryAccessRule rule)
{
base.RemoveAccessRuleAll(rule);
}
public bool RemoveAccessRule (RegistryAccessRule rule)
{
return RemoveAccessRule ((AccessRule)rule);
}
public bool RemoveAccessRule(RegistryAccessRule rule)
{
return base.RemoveAccessRule(rule);
}
public void RemoveAccessRuleAll (RegistryAccessRule rule)
{
RemoveAccessRuleAll ((AccessRule)rule);
}
public void SetAccessRule(RegistryAccessRule rule)
{
base.SetAccessRule(rule);
}
public void RemoveAccessRuleSpecific (RegistryAccessRule rule)
{
RemoveAccessRuleSpecific ((AccessRule)rule);
}
/// <summary>
/// Compare two rules on important properties.
/// </summary>
/// <param name="rule1">access rule 1</param>
/// <param name="rule2">access rule 2</param>
/// <returns>true if equal</returns>
private static bool IsEqualRule(RegistryAccessRule rule1, RegistryAccessRule rule2)
{
if (rule1.AccessControlType != rule2.AccessControlType ||
rule1.RegistryRights != rule2.RegistryRights ||
rule1.IdentityReference != rule2.IdentityReference ||
rule1.InheritanceFlags != rule2.InheritanceFlags)
return false;
else
return true;
}
public void ResetAccessRule (RegistryAccessRule rule)
{
ResetAccessRule ((AccessRule)rule);
}
public bool RemoveAccessRule(RegistryAccessRule rule)
{
return(RemoveAccessRule((AccessRule)rule));
}
public void SetAccessRule (RegistryAccessRule rule)
{
SetAccessRule ((AccessRule)rule);
}
public bool RemoveAccessRule(RegistryAccessRule rule)
{
return(default(bool));
}
public void RemoveAccessRuleSpecific(RegistryAccessRule rule)
{
RemoveAccessRuleSpecific((AccessRule)rule);
}
public void SetAccessRule(RegistryAccessRule rule)
{
}
private static void GrantRegistryAccess(string key, Prison prison)
{
NTAccount account = new NTAccount(null, prison.User.Username);
var hklm = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64);
using (RegistryKey rk = hklm.OpenSubKey(key, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.FullControl))
{
RegistrySecurity rs = rk.GetAccessControl();
RegistryAccessRule rar = new RegistryAccessRule(
account.ToString(),
RegistryRights.FullControl,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
rs.AddAccessRule(rar);
rk.SetAccessControl(rs);
}
}
public void SetAccessRule(RegistryAccessRule rule)
{
base.SetAccessRule(rule);
}
internal void AdjustRegKeyPermission()
{
try
{
RegistryKey regKey;
regKey = Registry.LocalMachine.OpenSubKey(
WsatKeys.WsatRegKey,
RegistryKeyPermissionCheck.ReadWriteSubTree,
RegistryRights.FullControl);
if (regKey != null)
{
using (regKey)
{
// NetworkService always needs access to the WS-AT key
// On some platforms, it doesn't inherit this permission from the parent MSDTC key
RegistryAccessRule rule = new RegistryAccessRule(
new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null),
RegistryRights.ReadKey,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
// Ensure the authenticated users have read access to the WS-AT key
// there is a key under the WS-AT key named OleTxUpgradeEnabled that requires the permission
RegistryAccessRule rule2 = new RegistryAccessRule(
new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null),
RegistryRights.ReadKey,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
RegistrySecurity registrySecurity = regKey.GetAccessControl();
registrySecurity.AddAccessRule(rule);
registrySecurity.AddAccessRule(rule2);
regKey.SetAccessControl(registrySecurity);
}
}
}
catch (SecurityException e)
{
throw registryExceptionHelper.CreateRegistryWriteException(e);
}
catch (ObjectDisposedException e)
{
throw registryExceptionHelper.CreateRegistryWriteException(e);
}
catch (ArgumentNullException e)
{
throw registryExceptionHelper.CreateRegistryWriteException(e);
}
catch (ArgumentException e)
{
throw registryExceptionHelper.CreateRegistryWriteException(e);
}
catch (UnauthorizedAccessException e)
{
throw registryExceptionHelper.CreateRegistryWriteException(e);
}
}
public bool RemoveAccessRule(RegistryAccessRule rule)
{
return(base.RemoveAccessRule(rule));
}
private static void SetRegistryAcls()
{
string pGinaSubKey = pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot;
using (RegistryKey key = Registry.LocalMachine.CreateSubKey(pGinaSubKey))
{
if (key != null)
{
m_logger.InfoFormat("Setting ACLs on {0}", key.Name);
RegistryAccessRule allowRead = new RegistryAccessRule(
USERS_GROUP, RegistryRights.ReadKey,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
RegistryAccessRule adminFull = new RegistryAccessRule(
ADMIN_GROUP, RegistryRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
RegistryAccessRule systemFull = new RegistryAccessRule(
SYSTEM_ACCT, RegistryRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
RegistrySecurity keySec = key.GetAccessControl();
if (m_logger.IsDebugEnabled)
{
m_logger.DebugFormat("{0} before update:", key.Name);
ShowSecurity(keySec);
}
// Remove inherited rules
keySec.SetAccessRuleProtection(true, false);
// Add full control for administrators and system.
keySec.AddAccessRule(adminFull);
keySec.AddAccessRule(systemFull);
// Remove any read rules for users (if they exist)
keySec.RemoveAccessRuleAll(allowRead);
// Apply the rules..
key.SetAccessControl(keySec);
if (m_logger.IsDebugEnabled)
{
m_logger.DebugFormat("{0} after update: ", key.Name);
ShowSecurity(keySec);
}
}
}
}
public void RemoveAccessRuleSpecific(RegistryAccessRule rule)
{
base.RemoveAccessRuleSpecific(rule);
}
/// <summary>Searches for a matching access control with which the new rule can be merged. If none are found, adds the new rule.</summary>
/// <param name="rule">The access control rule to add.</param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="rule" /> is null.</exception>
public void AddAccessRule(RegistryAccessRule rule)
{
throw new NotImplementedException();
}
public void RemoveAccessRuleAll(RegistryAccessRule rule)
{
base.RemoveAccessRuleAll(rule);
}
public void AddAccessRule(RegistryAccessRule rule)
{
AddAccessRule((AccessRule)rule);
}
public void ResetAccessRule(RegistryAccessRule rule)
{
base.ResetAccessRule(rule);
}
/// <summary>
/// Checks if the rule already exists in the collection.
/// </summary>
/// <param name="allRules">collection of existing rules</param>
/// <param name="checkRule">rule to check for</param>
/// <returns>true if existing</returns>
private static bool ContainsRule(AuthorizationRuleCollection allRules, RegistryAccessRule checkRule)
{
foreach (RegistryAccessRule existingRule in allRules)
{
if (IsEqualRule(existingRule, checkRule))
return true;
}
return false;
}
public void AddAccessRule(RegistryAccessRule rule)
{
base.AddAccessRule(rule);
}
public void AddAccessRule (RegistryAccessRule rule)
{
throw new NotImplementedException ();
}
/// <summary>Searches for an access control rule that exactly matches the specified rule and, if found, removes it.</summary>
/// <param name="rule">The <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> to remove.</param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="rule" /> is null.</exception>
public void RemoveAccessRuleSpecific(RegistryAccessRule rule)
{
throw new NotImplementedException();
}
/// <summary>
/// Grants full control on the given registry key under RegistryKey for everyone
/// </summary>
/// <param name="subKey">subkey name</param>
public static void GrantFullControlRegKey(RegistryKey baseKey, string subKey)
{
RegistryKey rKey = baseKey.OpenSubKey(subKey, true);
if (rKey == null) return;
Console.WriteLine("Granting full control to: {0}\\{1}", baseKey, subKey);
try
{
// Create a SecurityIdentifier object for "everyone".
SecurityIdentifier everyoneSid =
new SecurityIdentifier(WellKnownSidType.WorldSid, null);
RegistrySecurity security = rKey.GetAccessControl();
RegistryAccessRule newRule =
new RegistryAccessRule(
everyoneSid,
RegistryRights.FullControl, // modify is enough for reading/writing/deleting
InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, // all subfolders and files
PropagationFlags.None,
AccessControlType.Allow);
// Check if such a rule already exists, if so skip the modifications
if (ContainsRule(security.GetAccessRules(true, true, typeof (SecurityIdentifier)), newRule))
{
Console.WriteLine("Permissions already set.");
return;
}
security.AddAccessRule(newRule);
rKey.SetAccessControl(security);
rKey.Close();
}
catch (Exception ex)
{
Console.WriteLine("Error while setting full write access to everyone for file: {0} : {1}", subKey, ex);
}
}
/// <summary>Searches for an access control rule with the same user and <see cref="T:System.Security.AccessControl.AccessControlType" /> (allow or deny) as the specified access rule, and with compatible inheritance and propagation flags; if such a rule is found, the rights contained in the specified access rule are removed from it.</summary>
/// <returns>true if a compatible rule is found; otherwise false.</returns>
/// <param name="rule">A <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> that specifies the user and <see cref="T:System.Security.AccessControl.AccessControlType" /> to search for, and a set of inheritance and propagation flags that a matching rule, if found, must be compatible with. Specifies the rights to remove from the compatible rule, if found.</param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="rule" /> is null.</exception>
public bool RemoveAccessRule(RegistryAccessRule rule)
{
throw new NotImplementedException();
}
/// <summary>搜索与指定的规则具有相同用户和 <see cref="T:System.Security.AccessControl.AccessControlType" />(允许或拒绝)的所有访问控制规则,如果找到则将其移除。</summary>
/// <param name="rule">一个 <see cref="T:System.Security.AccessControl.RegistryAccessRule" />,指定要搜索的用户和 <see cref="T:System.Security.AccessControl.AccessControlType" />。忽略此规则指定的任何权限、继承标志或传播标志。</param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="rule" /> 为 null。</exception>
public void RemoveAccessRuleAll(RegistryAccessRule rule)
{
this.RemoveAccessRuleAll((AccessRule)rule);
}
