Powershell-Modules
/
NTFSSecurity-Module
mirror of https://github.com/raandree/NTFSSecurity
1
0
Fork 0
Code Issues 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
3 Branches
17 MiB
 
 
Tree: 34a13efb74
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '34a13efb74'
${ noResults }
NTFSSecurity-Module/Security2/Registry/RegistrySecurity.cs

499 lines
16 KiB
Raw Blame History 

  1. using System;

  2. using System.Collections.Generic;

  3. using System.Security.AccessControl;

  4. using Microsoft.Win32;

  5. using System.Runtime.InteropServices;

  6. using System.Security.Principal;

  7. 

  8. namespace Security2

  9. {

  10.     //#region FileSecurity2

  11.     //public class FileSecurity2 : ICast<FileSecurity>, IDisposable

  12.     //{

  13.     //    protected FileSecurity securityDescriptor;

  14. 

  15.     //    public string FullName { get; set; }

  16. 

  17.     //    public string Name { get { return System.IO.Path.GetFileName(FullName); } }

  18. 

  19.     //    public FileSecurity2() { }

  20.     //    public FileSecurity2(FileSecurity SecurityDescriptor)

  21.     //    {

  22.     //        this.securityDescriptor = SecurityDescriptor;

  23.     //    }

  24. 

  25.     //    #region conversion

  26.     //    public static implicit operator FileSecurity(FileSecurity2 V)

  27.     //    {

  28.     //        return V.securityDescriptor;

  29.     //    }

  30.     //    public static implicit operator FileSecurity2(FileSecurity n)

  31.     //    {

  32.     //        return new FileSecurity2(n);

  33.     //    }

  34.     //    //REQUIRED BECAUSE OF CONVERSION OPERATORS

  35.     //    public override bool Equals(object obj)

  36.     //    {

  37.     //        return this.securityDescriptor == (FileSecurity)obj;

  38.     //    }

  39.     //    public override int GetHashCode()

  40.     //    {

  41.     //        return this.securityDescriptor.GetHashCode();

  42.     //    }

  43.     //    #endregion

  44. 

  45.     //    #region ICast<FileSecurity> Members

  46.     //    public FileSecurity Cast

  47.     //    {

  48.     //        get { return this.securityDescriptor; }

  49.     //    }

  50.     //    #endregion

  51. 

  52.     //    #region IDisposable Members

  53.     //    public void Dispose()

  54.     //    { }

  55.     //    #endregion

  56.     //}

  57.     //#endregion

  58. 

  59.     //#region DirectorySecurity2

  60.     //public class DirectorySecurity2 : ICast<DirectorySecurity>, IDisposable

  61.     //{

  62.     //    protected DirectorySecurity securityDescriptor;

  63. 

  64.     //    public string FullName { get; set; }

  65. 

  66.     //    public string Name { get { return System.IO.Path.GetFileName(FullName); } }

  67. 

  68.     //    public DirectorySecurity2() { }

  69.     //    public DirectorySecurity2(DirectorySecurity SecurityDescriptor)

  70.     //    {

  71.     //        this.securityDescriptor = SecurityDescriptor;

  72.     //    }

  73. 

  74.     //    #region conversion

  75.     //    public static implicit operator DirectorySecurity(DirectorySecurity2 V)

  76.     //    {

  77.     //        return V.securityDescriptor;

  78.     //    }

  79.     //    public static implicit operator DirectorySecurity2(DirectorySecurity n)

  80.     //    {

  81.     //        return new DirectorySecurity2(n);

  82.     //    }

  83.     //    //REQUIRED BECAUSE OF CONVERSION OPERATORS

  84.     //    public override bool Equals(object obj)

  85.     //    {

  86.     //        return this.securityDescriptor == (DirectorySecurity)obj;

  87.     //    }

  88.     //    public override int GetHashCode()

  89.     //    {

  90.     //        return this.securityDescriptor.GetHashCode();

  91.     //    }

  92.     //    #endregion

  93. 

  94.     //    #region ICast<DirectorySecurity> Members

  95.     //    public DirectorySecurity Cast

  96.     //    {

  97.     //        get { return this.securityDescriptor; }

  98.     //    }

  99.     //    #endregion

  100. 

  101.     //    #region IDisposable Members

  102.     //    public void Dispose()

  103.     //    { }

  104.     //    #endregion

  105.     //}

  106.     //#endregion

  107. 

  108.     #region RegistryAccessRule2

  109.     public class RegistryAccessRule2 : IDisposable

  110.     {

  111.         protected RegistryAccessRule registryAccessRule;

  112. 

  113.         public string Name

  114.         {

  115.             get

  116.             {

  117.                 if (!string.IsNullOrEmpty(FullName))

  118.                 {

  119.                     if (FullName.Contains("\\"))

  120.                     {

  121.                         var elements = FullName.Split('\\');

  122.                         return elements[elements.Length - 1];

  123.                     }

  124.                     else

  125.                     {

  126.                         return FullName;

  127.                     }

  128.                 }

  129.                 else

  130.                 {

  131.                     return null;

  132.                 }

  133.             }

  134.         }

  135. 

  136.         public string FullName { get; set; }

  137. 

  138.         public bool InheritanceEnabled { get; set; }

  139. 

  140.         public RegistryAccessRule2(RegistryAccessRule registryAccessRule)

  141.         {

  142.             this.registryAccessRule = registryAccessRule;

  143.         }

  144. 

  145.         #region Properties

  146.         public AccessControlType AccessControlType { get { return registryAccessRule.AccessControlType; } }

  147.         public RegistryRights RegistryRights { get { return registryAccessRule.RegistryRights; } }

  148.         public IdentityReference2 IdentityReference { get { return (IdentityReference2)registryAccessRule.IdentityReference; } }

  149.         public InheritanceFlags InheritanceFlags { get { return registryAccessRule.InheritanceFlags; } }

  150.         public bool IsInherited { get { return registryAccessRule.IsInherited; } }

  151.         public PropagationFlags PropagationFlags { get { return registryAccessRule.PropagationFlags; } }

  152.         #endregion

  153. 

  154.         #region conversion

  155.         public static implicit operator RegistryAccessRule(RegistryAccessRule2 V)

  156.         {

  157.             return V.registryAccessRule;

  158.         }

  159.         public static implicit operator RegistryAccessRule2(RegistryAccessRule n)

  160.         {

  161.             return new RegistryAccessRule2(n);

  162.         }

  163.         //REQUIRED BECAUSE OF CONVERSION OPERATORS

  164.         public override bool Equals(object obj)

  165.         {

  166.             return this.registryAccessRule == (RegistryAccessRule)obj;

  167.         }

  168.         public override int GetHashCode()

  169.         {

  170.             return this.registryAccessRule.GetHashCode();

  171.         }

  172.         public override string ToString()

  173.         {

  174.             return registryAccessRule.ToString();

  175.         }

  176.         #endregion

  177. 

  178.         #region IDisposable Members

  179.         public void Dispose()

  180.         { }

  181.         #endregion

  182.     }

  183.     #endregion

  184. 

  185.     #region RegistryInheritanceInfo

  186.     public class RegistryInheritanceInfo

  187.     {

  188.         public RegistryKey Item { get; set; }

  189.         public bool InheritanceEnabled { get; set; }

  190. 

  191.         public string FullName { get { return Item.Name; } }

  192.         public string Name

  193.         {

  194.             get

  195.             {

  196.                 if (!string.IsNullOrEmpty(FullName))

  197.                 {

  198.                     if (FullName.Contains("\\"))

  199.                     {

  200.                         var elements = FullName.Split('\\');

  201.                         return elements[elements.Length - 1];

  202.                     }

  203.                     else

  204.                     {

  205.                         return FullName;

  206.                     }

  207.                 }

  208.                 else

  209.                 {

  210.                     return null;

  211.                 }

  212.             }

  213.         }

  214.     }

  215.     #endregion

  216. 

  217.     #region RegistryEffectivePermissionEntry

  218.     public class RegistryEffectivePermissionEntry

  219.     {

  220.         private IdentityReference2 account;

  221.         public IdentityReference2 Account { get { return account; } }

  222. 

  223.         private uint accessMask;

  224.         public uint AccessMask { get { return accessMask; } }

  225. 

  226.         private string objectPath;

  227.         public string FullName { get { return objectPath; } }

  228.         public string Name { get

  229.             {

  230.                 if (!string.IsNullOrEmpty(FullName))

  231.                 {

  232.                     if (FullName.Contains("\\"))

  233.                     {

  234.                         var elements = FullName.Split('\\');

  235.                         return elements[elements.Length - 1];

  236.                     }

  237.                     else

  238.                     {

  239.                         return FullName;

  240.                     }

  241.                 }

  242.                 else

  243.                 {

  244.                     return null;

  245.                 }

  246.             }

  247.         }

  248. 

  249.         private List<string> accessAsString;

  250.         public List<string> AccessAsString { get { return accessAsString; } }

  251. 

  252.         public RegistryEffectivePermissionEntry(IdentityReference2 id, uint AccessMask, string FullName)

  253.         {

  254.             this.account = id;

  255.             this.accessMask = AccessMask;

  256.             this.objectPath = FullName;

  257.             this.accessAsString = new List<string>();

  258. 

  259.             if (accessMask == 0)

  260.             {

  261.                 accessAsString.Add("None");

  262.             }

  263.             else

  264.             {

  265.                 string tempString = ((RegistryRights)this.accessMask).ToString();

  266.                 foreach (var s in tempString.Split(','))

  267.                 {

  268.                     this.accessAsString.Add(s);

  269.                 }

  270.             }

  271.         }

  272.     }

  273.     #endregion

  274. 

  275.     #region RegistryOwner

  276.     public class RegistryOwner

  277.     {

  278.         public RegistryKey Item { get; set; }

  279.         public Security2.IdentityReference2 Account { get; set; }

  280.     }

  281.     #endregion

  282. 

  283.     #region Win32

  284.     #region Win32Enums

  285.     /// <summary>

  286.     /// enum used by RegOpenKeyEx

  287.     /// </summary>

  288.     public enum SAM_DESIRED : long

  289.     {

  290.         KEY_QUERY_VALUE = 0x1,

  291.         KEY_SET_VALUE = 0x2,

  292.         KEY_ALL_ACCESS = 0xf003f,

  293.         KEY_CREATE_SUB_KEY = 0x4,

  294.         KEY_ENUMERATE_SUB_KEYS = 0x8,

  295.         KEY_NOTIFY = 0x10,

  296.         KEY_CREATE_LINK = 0x20,

  297.         READ_CONTROL = 0x20000,

  298.         WRITE_DAC = 0x40000,

  299.         WRITE_OWNER = 0x80000,

  300.         SYNCHRONIZE = 0x100000,

  301. 

  302.         STANDARD_RIGHTS_REQUIRED = 0xf0000,

  303. 

  304.         STANDARD_RIGHTS_READ = READ_CONTROL,

  305.         STANDARD_RIGHTS_WRITE = READ_CONTROL,

  306.         STANDARD_RIGHTS_EXECUTE = READ_CONTROL,

  307. 

  308.         KEY_READ = STANDARD_RIGHTS_READ | KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY,

  309. 

  310.         KEY_WRITE = STANDARD_RIGHTS_WRITE | KEY_SET_VALUE | KEY_CREATE_SUB_KEY,

  311. 

  312.         KEY_EXECUTE = KEY_READ

  313.     }

  314. 

  315.     /// <summary>

  316.     /// constant enum for registry roots

  317.     /// </summary>

  318.     public enum REGISTRY_ROOT : long

  319.     {

  320.         HKEY_CLASSES_ROOT = 0x80000000,

  321.         HKEY_CURRENT_USER = 0x80000001,

  322.         HKEY_LOCAL_MACHINE = 0x80000002,

  323.         HKEY_USERS = 0x80000003

  324.     }

  325.     #endregion

  326. 

  327.     public class RegistryKeyOpenException : System.Exception

  328.     {

  329.         private long win32ErrorCode;

  330.         public long Win32ErrorCode { get { return win32ErrorCode; } }

  331. 

  332.         public RegistryKeyOpenException()

  333.             : base("Cannot open Registry Key")

  334.         { }

  335. 

  336.         public RegistryKeyOpenException(Exception innerException)

  337.             : base("Cannot open Registry Key", innerException)

  338.         { }

  339. 

  340.         public RegistryKeyOpenException(long Win32ErrorCode)

  341.             : base("Cannot open Registry Key")

  342.         {

  343.             this.win32ErrorCode = Win32ErrorCode;

  344.         }

  345. 

  346.         public RegistryKeyOpenException(Exception innerException, long Win32ErrorCode)

  347.             : base("Cannot open Registry Key", innerException)

  348.         {

  349.             this.win32ErrorCode = Win32ErrorCode;

  350.         }

  351.     }

  352. 

  353.     public class RegistryKeySetSecurityException : System.Exception

  354.     {

  355.         private long win32ErrorCode;

  356.         public long Win32ErrorCode { get { return win32ErrorCode; } }

  357. 

  358.         public RegistryKeySetSecurityException()

  359.             : base("Cannot set security descriptor on registry key")

  360.         { }

  361. 

  362.         public RegistryKeySetSecurityException(Exception innerException)

  363.             : base("Cannot set security descriptor on registry key", innerException)

  364.         { }

  365. 

  366.         public RegistryKeySetSecurityException(long Win32ErrorCode)

  367.             : base("Cannot set security descriptor on registry key")

  368.         {

  369.             this.win32ErrorCode = Win32ErrorCode;

  370.         }

  371. 

  372.         public RegistryKeySetSecurityException(Exception innerException, long Win32ErrorCode)

  373.             : base("Cannot set security descriptor on registry key", innerException)

  374.         {

  375.             this.win32ErrorCode = Win32ErrorCode;

  376.         }

  377.     }

  378. 

  379.     public class Win32RegistrySecurity

  380.     {

  381. 

  382.         #region DllImports

  383.         [DllImport("kernel32.dll")]

  384.         private static extern long CloseHandle(IntPtr hHandle);

  385. 

  386.         [DllImport("advapi32.dll")]

  387.         private static extern long InitializeSecurityDescriptor(ref SECURITY_DESCRIPTOR pSecurityDescriptor, long dwRevision);

  388. 

  389.         [DllImport("advapi32.dll")]

  390.         private static extern long SetSecurityDescriptorOwner(ref SECURITY_DESCRIPTOR pSecurityDescriptor, byte[] pOwner, long bOwnerDefaulted);

  391. 

  392.         [DllImport("advapi32.dll")]

  393.         private static extern long RegSetKeySecurity(IntPtr ptrKey, SECURITY_INFORMATION SecurityInformation, SECURITY_DESCRIPTOR pSecurityDescriptor);

  394. 

  395.         [DllImport("advapi32.dll", EntryPoint = "RegOpenKeyExA")]

  396.         private static extern long RegOpenKeyEx(REGISTRY_ROOT hKey, string lpSubKey, long ulOptions, SAM_DESIRED samDesired, ref IntPtr ptrKey);

  397. 

  398.         [DllImport("advapi32.dll")]

  399.         private static extern long RegCloseKey(IntPtr ptrKey);

  400. 

  401.         private struct SECURITY_DESCRIPTOR

  402.         {

  403.             public byte Revision;

  404.             public byte Sbz1;

  405.             public long Control;

  406.             public long Owner;

  407.             public long Group;

  408.             public ACL Sacl;

  409.             public ACL Dacl;

  410.         }

  411. 

  412.         private struct ACL

  413.         {

  414.             public byte AclRevision;

  415.             public byte Sbz1;

  416.             public int AclSize;

  417.             public int AceCount;

  418.             public int Sbz2;

  419.         }

  420.         #endregion

  421. 

  422.         private RegistryKey GetRegistryKey(REGISTRY_ROOT Root, string KeyPath, RegistryRights Desired)

  423.         {

  424.             try

  425.             {

  426.                 switch (Root)

  427.                 {

  428.                     case REGISTRY_ROOT.HKEY_CLASSES_ROOT:

  429.                         return Registry.ClassesRoot.OpenSubKey(KeyPath, RegistryKeyPermissionCheck.ReadWriteSubTree, Desired);

  430.                     case REGISTRY_ROOT.HKEY_LOCAL_MACHINE:

  431.                         return Registry.LocalMachine.OpenSubKey(KeyPath, RegistryKeyPermissionCheck.ReadWriteSubTree, Desired);

  432.                     case REGISTRY_ROOT.HKEY_USERS:

  433.                         return Registry.Users.OpenSubKey(KeyPath, RegistryKeyPermissionCheck.ReadWriteSubTree, Desired);

  434.                     case REGISTRY_ROOT.HKEY_CURRENT_USER:

  435.                         return Registry.CurrentUser.OpenSubKey(KeyPath, RegistryKeyPermissionCheck.ReadWriteSubTree, Desired);

  436.                     default:

  437.                         return null;

  438.                 }

  439.             }

  440.             catch (Exception)

  441.             {

  442.                 return null;

  443.             }

  444.         }

  445. 

  446.         public void SetRegistryOwner(REGISTRY_ROOT Root, string KeyPath, SecurityIdentifier sid)

  447.         {

  448.             long win32ErrorCode = 0;

  449. 

  450.             SECURITY_DESCRIPTOR sd = new SECURITY_DESCRIPTOR();

  451.             byte[] byteSid = new byte[sid.BinaryLength];

  452.             sid.GetBinaryForm(byteSid, 0);

  453. 

  454.             IntPtr pRegKey = IntPtr.Zero;

  455. 

  456.             try

  457.             {

  458.                 win32ErrorCode = RegOpenKeyEx(Root, KeyPath, 0, SAM_DESIRED.WRITE_OWNER, ref pRegKey);

  459.                 if (win32ErrorCode != 0)

  460.                 {

  461.                     throw new RegistryKeyOpenException(win32ErrorCode);

  462.                 }

  463.             }

  464.             catch (RegistryKeyOpenException)

  465.             {

  466.                 throw;

  467.             }

  468.             catch (Exception ex)

  469.             {

  470.                 throw new RegistryKeyOpenException(ex);

  471.             }

  472. 

  473.             InitializeSecurityDescriptor(ref sd, 1);            

  474.             SetSecurityDescriptorOwner(ref sd, byteSid, 0);

  475. 

  476.             try

  477.             {

  478.                 win32ErrorCode = RegSetKeySecurity(pRegKey, SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION, sd);

  479.                 if (win32ErrorCode != 0)

  480.                 {

  481.                     throw new RegistryKeySetSecurityException(win32ErrorCode);

  482.                 }

  483.             }

  484.             catch (RegistryKeySetSecurityException)

  485.             {

  486.                 throw;

  487.             }

  488.             catch (Exception ex)

  489.             {

  490.                 throw new RegistryKeyOpenException(ex);

  491.             }

  492.             finally

  493.             {

  494.                 RegCloseKey(pRegKey);

  495.             }

  496.         }

  497.     }

  498. #endregion

  499. }