private static void CheckReadOnlyHivesAccess(KeyDisposition disposition, KeySecurity samDesired) { if (disposition != KeyDisposition.DIFF_HIVE) { Debug.Assert(samDesired.IsOnlyForRead()); if (!samDesired.IsOnlyForRead()) { throw new AccessDeniedException(); } } }
private bool TryOpenOrCreateDiffKey(KeyIdentity existingBase, KeyIdentity identity, KeySecurity samDesired, out IKeyImpl openedImpl) { if (TryOpen(existingBase, KeyDisposition.DIFF_HIVE, identity, samDesired, out openedImpl)) { return(true); } // If some modification operation is requested and offreg key // does not exist, but it is in one of readonly hives - creating it if (samDesired.IsOnlyForRead() || !KeyExistsInROHives(identity)) { return(false); } try { openedImpl = Create(identity, null, (int)Win32Api.RegOption.REG_OPTION_NON_VOLATILE, IntPtr.Zero, IntPtr.Zero); return(true); } catch (FileNotFoundException) { return(false); } }
internal void ApplyReadOperation(string subKeyName, KeySecurity samDesired, KeyImplOperation operation) { Debug.Assert(samDesired.IsOnlyForRead()); if (!samDesired.IsOnlyForRead()) { throw new AccessDeniedException(); } foreach (KeyDisposition disposition in HIVES_ORDER) { if (TryApplyOperation(disposition, subKeyName, samDesired, operation)) { return; } } throw new FileNotFoundException(); }
// Opens virtual key not for regular operation, but just // when RegOpen*/RegCreate* is called, so access checking is not so strict // as for operation // TODO: don't check security access mode on open, // make just a reg function call check it internal VirtualKey OpenKeyPreliminarily(KeyIdentity existingBase, KeyIdentity identity, KeySecurity samDesired) { foreach (KeyDisposition disposition in VirtualKey.HIVES_ORDER) { try { VirtualKey key; if (TryOpenKey(existingBase, disposition, identity, samDesired, out key)) { return(key); } // Key not found if (!samDesired.IsOnlyForRead()) { // Key not present in reghive and write access requested // we can't give it in hives other than DIFF_HIVE throw new FileNotFoundException(); } } catch (AccessDeniedException) { if (!identity.IsSystemKey() || disposition == KeyDisposition.WINDOWS_REG) { // Access denied in reghive (may happen if key is system key) // but if not a system key throw; } } if (identity.IsSystemKey() && !samDesired.IsOnlyForRead()) { // Relaxing access (some apps request write access and do not use it // we want to make them work samDesired.RelaxToReadAccess(); } } throw new FileNotFoundException(); }
private static bool CheckSystemKeyAccess(KeyDisposition disposition, KeyIdentity identity, KeySecurity samDesired) { // This way we redirect system registry locations into windows registry // and make it fail for write operations if (disposition != KeyDisposition.WINDOWS_REG && identity.IsSystemKey()) { if (samDesired.IsOnlyForRead()) { // So that it retries to read from system registry return(false); } // So that user gets appropriate error code throw new AccessDeniedException(); } return(true); }