public static bool HasRights(RegistryKey key, SecurityIdentifier sid, RegistryRights rights) { if (key == null) { return(false); } var security = key.GetAccessControl(); var rules = security.GetAccessRules(true, true, typeof(SecurityIdentifier)); foreach (RegistryAccessRule rule in rules) { if (rule.IdentityReference != sid) { continue; } if (rule.AccessControlType != AccessControlType.Allow) { continue; } if ((rule.RegistryRights & rights) == rights) { return(true); } } return(false); }
public RegistryAuditRule (String identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags auditFlags) : base(IdentityReference.IdentityFromName(identity), (int)registryRights, false, inheritanceFlags, propagationFlags, auditFlags) {}
/// <summary> /// Set registry permissions on a registry key for a specified account. /// </summary> public static bool SetRegPermission(RegistryKey rootKey, string subKeyPath, string account, RegistryRights rights) { bool result = false; RegistryAccessRule accessRule = new RegistryAccessRule(account, rights, InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow); using (RegistryKey key = rootKey.OpenSubKey(subKeyPath, true)) { RegistrySecurity keySecurity = key.GetAccessControl(AccessControlSections.Access); keySecurity.ModifyAccessRule(AccessControlModification.Add, accessRule, out result); if (result) { accessRule = new RegistryAccessRule(account, rights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); keySecurity.ModifyAccessRule(AccessControlModification.Add, accessRule, out result); if (result) { key.SetAccessControl(keySecurity); } } } return(result); }
internal TransactedRegistryAccessRule( string identity, RegistryRights registryRights, AccessControlType type) : this((IdentityReference) new NTAccount(identity), (int)registryRights, false, InheritanceFlags.None, PropagationFlags.None, type) { }
// Constructor. public RegistryAccessRule (IdentityReference identity, RegistryRights registryRights, AccessControlType type) : base(identity, (int)registryRights, false, InheritanceFlags.None, PropagationFlags.None, type) { }
private RegistryKey GetRegistryKey(REGISTRY_ROOT Root, string KeyPath, RegistryRights Desired) { try { switch (Root) { case REGISTRY_ROOT.HKEY_CLASSES_ROOT: return(Registry.ClassesRoot.OpenSubKey(KeyPath, RegistryKeyPermissionCheck.ReadWriteSubTree, Desired)); case REGISTRY_ROOT.HKEY_LOCAL_MACHINE: return(Registry.LocalMachine.OpenSubKey(KeyPath, RegistryKeyPermissionCheck.ReadWriteSubTree, Desired)); case REGISTRY_ROOT.HKEY_USERS: return(Registry.Users.OpenSubKey(KeyPath, RegistryKeyPermissionCheck.ReadWriteSubTree, Desired)); case REGISTRY_ROOT.HKEY_CURRENT_USER: return(Registry.CurrentUser.OpenSubKey(KeyPath, RegistryKeyPermissionCheck.ReadWriteSubTree, Desired)); default: return(null); } } catch (Exception) { return(null); } }
private RegistryKey InternalOpenSubKeyCore(string name, RegistryRights rights, bool throwOnPermissionFailure) { SafeRegistryHandle result = null; int ret = Interop.mincore.RegOpenKeyEx(_hkey, name, 0, ((int)rights | (int)_regView), out result); if (ret == 0 && !result.IsInvalid) { RegistryKey key = new RegistryKey(result, IsWritable((int)rights), false, _remoteKey, false, _regView); key._keyName = _keyName + "\\" + name; return(key); } if (throwOnPermissionFailure) { if (ret == Interop.Errors.ERROR_ACCESS_DENIED || ret == Interop.Errors.ERROR_BAD_IMPERSONATION_LEVEL) { // We need to throw SecurityException here for compatibility reason, // although UnauthorizedAccessException will make more sense. ThrowHelper.ThrowSecurityException(SR.Security_RegistryPermission); } } // Return null if we didn't find the key. return(null); }
public RegistryAccessRule (String identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : base(IdentityReference.IdentityFromName(identity), (int)registryRights, false, inheritanceFlags, propagationFlags, type) {}
internal static void GrantRegistryKeyRights(RegistryKey regKey, RegistryRights registryRights) { // Just to be sure if (regKey == null) { return; } try { var regSecurity = regKey.GetAccessControl(); var user = Environment.UserDomainName + "\\" + Environment.UserName; var rule = new RegistryAccessRule(user, registryRights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); regSecurity.AddAccessRule(rule); regKey.SetAccessControl(regSecurity); regKey.Flush(); } catch (Exception ex) { Debug.WriteLine("An error occurred trying to get permission to remove registry key ({0}). Error: {1}", regKey, ex.Message); } }
// Constructor. public RegistryAuditRule (IdentityReference identity, RegistryRights registryRights, AuditFlags auditFlags) : base(identity, (int)registryRights, false, InheritanceFlags.None, PropagationFlags.None, auditFlags) { }
public RegistryKey OpenSubKey(string name, RegistryRights rights) { ValidateKeyName(name); EnsureNotDisposed(); name = FixupName(name); // Fixup multiple slashes to a single slash return(InternalOpenSubKeyCore(name, rights, throwOnPermissionFailure: true)); }
public RegistryAccessRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) { this.registryRights = registryRights; }
public RegistryAccessRule (string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : this (new NTAccount (identity), registryRights, inheritanceFlags, propagationFlags, type) { }
public RegistryAccessRule (IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : this (identity, registryRights, false, inheritanceFlags, propagationFlags, type) { }
internal static extern int ClusterRegCreateKey( [In] SafeHKey hKey, [In, MarshalAs(UnmanagedType.LPWStr)] string lpszSubKey, [In] uint dwOption, [In] RegistryRights samDesired, [In] IntPtr lpSecurityAttributes, [Out] out SafeHKey phkResult, [Out] out int lpdwDisposition);
public RegistryAuditRule (string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : this (new NTAccount (identity), registryRights, inheritanceFlags, propagationFlags, flags) { }
public RegistryAuditRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : this(new NTAccount(identity), registryRights, inheritanceFlags, propagationFlags, flags) { }
public RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : this(identity, registryRights, false, inheritanceFlags, propagationFlags, type) { }
public RegistryAuditRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) { this.registryRights = registryRights; }
public RegistryAuditRule(IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : this(identity, registryRights, false, inheritanceFlags, propagationFlags, flags) { }
public RegistryAuditRule (IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : this (identity, registryRights, false, inheritanceFlags, propagationFlags, flags) { }
public RegistryAccessRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : this(new NTAccount(identity), registryRights, inheritanceFlags, propagationFlags, type) { }
internal RegistryAuditRule (IdentityReference identity, RegistryRights registryRights, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : base (identity, (int)registryRights, isInherited, inheritanceFlags, propagationFlags, flags) { }
internal RegistryAccessRule (IdentityReference identity, RegistryRights registryRights, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : base (identity, (int)registryRights, isInherited, inheritanceFlags, propagationFlags, type) { }
private static void ValidateKeyRights(RegistryRights rights) { if (0 != (rights & ~RegistryRights.FullControl)) { // We need to throw SecurityException here for compatiblity reason, // although UnauthorizedAccessException will make more sense. throw new SecurityException(SR.Security_RegistryPermission); } }
internal TransactedRegistryAuditRule( string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : this((IdentityReference) new NTAccount(identity), (int)registryRights, false, inheritanceFlags, propagationFlags, flags) { }
public RegistryAuditRule (String identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags auditFlags) : base(IdentityReference.IdentityFromName(identity), (int)registryRights, false, inheritanceFlags, propagationFlags, auditFlags) { }
public RegistryKey CreateRegKey(string regKeyName = "") { if (string.IsNullOrEmpty(regKeyName)) { regKeyName = _regKey; } else { regKeyName = $"{this._regKey}\\{regKeyName}"; } // creazione chiave _baseKey?.CreateSubKey(regKeyName ?? "", RegistryKeyPermissionCheck.ReadWriteSubTree)?.Close(); // apertura con permessi per modifica permesssi RegistryKey key = _baseKey?.OpenSubKey( regKeyName, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions | RegistryRights.ReadKey | RegistryRights.WriteKey | RegistryRights.FullControl ); // permessi da applicare RegistryRights acl = RegistryRights.WriteKey | RegistryRights.ReadKey | RegistryRights.Delete; // attuale policy if (EnvironmentUtils.IsWin()) { try { RegistrySecurity regSec = key?.GetAccessControl(); // aggiunta policy all'attuale regSec?.AddAccessRule( new RegistryAccessRule( $"{Environment.UserDomainName}\\{Environment.UserName}", acl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow ) ); // definizione proprietario regSec?.SetOwner(new NTAccount($"{Environment.UserDomainName}\\{Environment.UserName}")); // applicazione della policy key?.SetAccessControl(regSec); } catch { // ignore } } return(key); }
internal RegistryAuditRule(IdentityReference identity, RegistryRights registryRights, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : base(identity, (int)registryRights, isInherited, inheritanceFlags, propagationFlags, flags) { }
public RegistryAccessRule (String identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : base(IdentityReference.IdentityFromName(identity), (int)registryRights, false, inheritanceFlags, propagationFlags, type) { }
internal RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : base(identity, (int)registryRights, isInherited, inheritanceFlags, propagationFlags, type) { }
private static extern int RegCreateKeyEx( SafeRegistryHandle hKey, string lpSubKey, int Reserved, string lpClass, RegistryOptions dwOptions, RegistryRights samDesired, IntPtr lpSecurityAttributes, out SafeRegistryHandle phkResult, out int lpdwDisposition);
public RegistryAccessRule (IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) // FIXME: accessMask=0 likely causes an error : base (identity, 0, false, inheritanceFlags, propagationFlags, type) { this.rights = registryRights; }
public RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) // FIXME: accessMask=0 likely causes an error : base(identity.Translate(typeof(SecurityIdentifier)), 0, false, inheritanceFlags, propagationFlags, type) { this.rights = registryRights; }
/// <summary> /// Check if user have all specified rights to the registry key. /// </summary> /// <param name="key">Registry key to check.</param> /// <param name="rights">Rights to check.</param> /// <param name="identity">Windows identity to check. If null then check current user.</param> /// <param name="isElevated">Override elevated option. If set to false then return rights available when user is not running as Administrator.</param> /// <returns>True if user has rights, false if user don't have rights or rights not found.</returns> public static bool HasRights(RegistryKey key, RegistryRights rights, WindowsIdentity identity = null, bool?isElevated = null) { if (identity == null) { identity = WindowsIdentity.GetCurrent(); } var isAdmin = isElevated.HasValue ? isElevated.Value : identity.Owner.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid); return(HasRights(key, rights, identity.User, isAdmin)); }
/// <summary> /// Check if user have all specified rights to the registry key. /// </summary> /// <param name="key">Registry key to check.</param> /// <param name="rights">Rights to check.</param> /// <param name="identity">Windows identity to check. If null then check current user.</param> /// <param name="isElevated">Override elevated option. If set to false then return rights available when user is not running as Administrator.</param> /// <returns>True if user has rights, false if user don't have rights or rights not found.</returns> public static bool HasRights(RegistryKey key, RegistryRights rights, WindowsIdentity identity = null, bool?isElevated = null) { if (identity == null) { identity = WindowsIdentity.GetCurrent(); } var isAdmin = isElevated.HasValue ? isElevated.Value : identity.User != identity.Owner; return(HasRights(key, rights, identity.User, isAdmin)); }
public SetRegistryKeyPermissionsTask( RegistryKey rootKey, string registryKeyPath, string identity, RegistryRights registryRights, AccessControlType accessControlType) { this.rootKey = rootKey; this.registryKeyPath = registryKeyPath; this.identity = identity; this.registryRights = registryRights; this.accessControlType = accessControlType; }
public SafeRegistryHandle(RegistryHive hive, string key, RegistryRights samDesired) : base(true) { IntPtr handle; int result = UnsafeNativeMethods.RegOpenKeyEx(hive, key, 0, samDesired, out handle); if (result != 0) { throw new Win32Exception(result); } SetHandle(handle); }
public SafeRegistryHandle(RegistryHive hive, string key, RegistryRights samDesired) : base(true) { IntPtr handle; int result = UnsafeNativeMethods.RegOpenKeyEx(hive, key, 0, samDesired, out handle); if (result != 0) { throw new Win32Exception(result); } SetHandle(handle); }
private static void SetUserAccess(RegistryKey registryKey, IdentityReference user, RegistryRights accessType) { RegistrySecurity registrySecurity = registryKey.GetAccessControl(); RegistryAccessRule rule = new RegistryAccessRule( user, accessType, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow ); registrySecurity.AddAccessRule(rule); registryKey.SetAccessControl(registrySecurity); }
public TRunner SetRegistryKeyPermissions( RegistryKey rootKey, string registryKeyPath, string identity, RegistryRights registryRights, AccessControlType accessControlType) { SetRegistryKeyPermissionsTask.Execute( scriptExecutionEnvironment, rootKey, registryKeyPath, identity, registryRights, accessControlType); return(ReturnThisTRunner()); }
public static bool DoesUserHaveAccess(RegistryKey registryKey, string userNameOrSID, RegistryRights accessType) { RegistrySecurity registrySecurity = registryKey.GetAccessControl(); foreach (RegistryAccessRule registryAccessRule in registrySecurity.GetAccessRules(true, true, typeof(NTAccount))) { IdentityReference sidIdentityReference = registryAccessRule.IdentityReference.Translate(typeof(SecurityIdentifier)); if ( (userNameOrSID.Equals(registryAccessRule.IdentityReference.Value, StringComparison.InvariantCultureIgnoreCase) == true || userNameOrSID.Equals(sidIdentityReference.Value, StringComparison.InvariantCultureIgnoreCase) == true) && (registryAccessRule.RegistryRights & accessType) == accessType) return true; } return false; }
// Constructor for creating access rules for registry objects public RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, AccessControlType type) : this(identity, (int) registryRights, false, InheritanceFlags.None, PropagationFlags.None, type) { }
public RegistryKey OpenSubKey (string name, RegistryKeyPermissionCheck permissionCheck, RegistryRights rights) { throw new NotImplementedException (); }
public RegistryKey OpenSubKey (string name, RegistryKeyPermissionCheck permissionCheck, RegistryRights rights) { return OpenSubKey (name, permissionCheck == RegistryKeyPermissionCheck.ReadWriteSubTree); }
public RegistryKey OpenSubKey (string name, RegistryKeyPermissionCheck permissionCheck, RegistryRights rights) { return OpenSubKey (name); }
public RegistryAuditRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : base (default(System.Security.Principal.IdentityReference), default(int), default(bool), default(InheritanceFlags), default(PropagationFlags), default(AuditFlags)) { Contract.Ensures(0 <= identity.Length); Contract.Ensures(identity.Length <= 512); }
public RegistryAuditRule(System.Security.Principal.IdentityReference identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : base (default(System.Security.Principal.IdentityReference), default(int), default(bool), default(InheritanceFlags), default(PropagationFlags), default(AuditFlags)) { }
public RegistryKey OpenSubKey(string name, RegistryRights rights) { ValidateKeyName(name); EnsureNotDisposed(); name = FixupName(name); // Fixup multiple slashes to a single slash return InternalOpenSubKeyCore(name, rights, throwOnPermissionFailure: true); }
public RegistryAccessRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type);
private RegistryKey InternalOpenSubKeyCore(string name, RegistryRights rights, bool throwOnPermissionFailure) { // TODO: Implement this throw new PlatformNotSupportedException(); }
static extern int RegCreateKeyEx( SafeRegistryHandle hKey, string lpSubKey, int Reserved, string lpClass, RegistryOptions dwOptions, RegistryRights samDesired, IntPtr lpSecurityAttributes, out SafeRegistryHandle phkResult, out int lpdwDisposition);
public RegistryKey OpenSubKey(string name, RegistryRights rights);
public RegistryAccessRule(String identity, RegistryRights registryRights, AccessControlType type) : this(new NTAccount(identity), (int) registryRights, false, InheritanceFlags.None, PropagationFlags.None, type) { }
public RegistryAccessRule(string identity, RegistryRights registryRights, AccessControlType type);
public RegistryAuditRule(string identity, RegistryRights registryRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags);
private RegistryKey InternalOpenSubKeyCore(string name, RegistryRights rights, bool throwOnPermissionFailure) { SafeRegistryHandle result = null; int ret = Interop.Advapi32.RegOpenKeyEx(_hkey, name, 0, ((int)rights | (int)_regView), out result); if (ret == 0 && !result.IsInvalid) { RegistryKey key = new RegistryKey(result, IsWritable((int)rights), false, _remoteKey, false, _regView); key._keyName = _keyName + "\\" + name; return key; } if (throwOnPermissionFailure) { if (ret == Interop.Errors.ERROR_ACCESS_DENIED || ret == Interop.Errors.ERROR_BAD_IMPERSONATION_LEVEL) { // We need to throw SecurityException here for compatibility reason, // although UnauthorizedAccessException will make more sense. ThrowHelper.ThrowSecurityException(SR.Security_RegistryPermission); } } // Return null if we didn't find the key. return null; }
public RegistryKey OpenSubKey(String name, RegistryRights rights) { return InternalOpenSubKey(name, this.checkMode, (int)rights); }
public TransactedRegistryKey OpenSubKey(String name, RegistryKeyPermissionCheck permissionCheck, RegistryRights rights) { return InternalOpenSubKey(name, permissionCheck, (int)rights); }
public RegistryAccessRule(IdentityReference identity, RegistryRights registryRights, AccessControlType type);