private static bool TryGetADRecipient(Trace tracer, ADRecipientCache <TransportMiniRecipient> recipientCache, MailRecipient mailRecipient, out ADRecipient recipient)
{
recipient = null;
ProxyAddress proxyAddress = new SmtpProxyAddress((string)mailRecipient.Email, true);
TransportMiniRecipient recipientEntry = recipientCache.FindAndCacheRecipient(proxyAddress).Data;
if (recipientEntry == null)
{
tracer.TraceWarning <RoutingAddress>(0L, "Could not find recipient entry for {0}", mailRecipient.Email);
return(false);
}
ADRecipient tempRecipient = null;
ADNotificationAdapter.TryRunADOperation(delegate()
{
SmtpAddress smtpAddress = new SmtpAddress(proxyAddress.AddressString);
ADSessionSettings sessionSettings = ADSessionSettings.RootOrgOrSingleTenantFromAcceptedDomainAutoDetect(smtpAddress.Domain);
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, null, LcidMapper.DefaultLcid, true, ConsistencyMode.IgnoreInvalid, null, sessionSettings, 178, "TryGetADRecipient", "f:\\15.00.1497\\sources\\dev\\MailboxTransport\\src\\MailboxTransportDelivery\\StoreDriver\\agents\\UM\\UMAgentUtil.cs");
tempRecipient = tenantOrRootOrgRecipientSession.Read(recipientEntry.Id);
});
if (tempRecipient == null)
{
tracer.TraceWarning <ADObjectId>(0L, "Could not read recipient object for {0}", recipientEntry.Id);
return(false);
}
recipient = tempRecipient;
return(true);
}
internal static bool IsRetentionPolicyEnabled(ADRecipientCache <TransportMiniRecipient> cache, RoutingAddress address)
{
ProxyAddress proxyAddress = new SmtpProxyAddress((string)address, true);
TransportMiniRecipient data = cache.FindAndCacheRecipient(proxyAddress).Data;
if (data == null)
{
return(false);
}
ElcMailboxFlags elcMailboxFlags = data.ElcMailboxFlags;
ADObjectId elcPolicyTemplate = data.ElcPolicyTemplate;
return(((elcMailboxFlags & ElcMailboxFlags.ElcV2) != ElcMailboxFlags.None && elcPolicyTemplate != null) || ((elcMailboxFlags & ElcMailboxFlags.ShouldUseDefaultRetentionPolicy) != ElcMailboxFlags.None && elcPolicyTemplate == null));
}
internal static AccessCheckResult CheckAccessForEmailDelivery(MailItemDeliver mailItemDeliver, Folder mailPublicFolder)
{
if (mailItemDeliver == null)
{
throw new ArgumentNullException("MailItemDeliver");
}
if (mailPublicFolder == null)
{
throw new ArgumentNullException("MailPublicFolder");
}
if (mailItemDeliver.ReplayItem == null)
{
MailPublicFolderPermissionHandler.Diag.TraceError(0L, "ReplayItem for the message appears to be null.");
return(AccessCheckResult.NotAllowedInternalSystemError);
}
if (mailItemDeliver.ReplayItem.From == null)
{
MailPublicFolderPermissionHandler.Diag.TraceError(0L, "From attribute of the ReplayItem for the given message appears to be null.");
return(AccessCheckResult.NotAllowedInternalSystemError);
}
AccessCheckResult accessCheckResult = AccessCheckResult.NotAllowedAuthenticated;
ClientSecurityContext context = null;
bool isAnonymous = false;
ADRecipientCache <TransportMiniRecipient> recipientCache = mailItemDeliver.MbxTransportMailItem.ADRecipientCache;
IRecipientSession recipientSession = (recipientCache != null) ? recipientCache.ADSession : null;
if (recipientSession != null)
{
recipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(recipientSession.SessionSettings.CurrentOrganizationId), 146, "CheckAccessForEmailDelivery", "f:\\15.00.1497\\sources\\dev\\MailboxTransport\\src\\MailboxTransportDelivery\\StoreDriver\\MailPublicFolderPermissionHandler.cs");
try
{
GrayException.MapAndReportGrayExceptions(delegate()
{
Participant from = mailItemDeliver.ReplayItem.From;
if (from.RoutingType != "EX")
{
MailPublicFolderPermissionHandler.Diag.TraceDebug(0L, "Determined the sent user as an anonymous entity");
isAnonymous = true;
context = MailPublicFolderPermissionHandler.GetAnonymousClientSecurityContext();
MailPublicFolderPermissionHandler.Diag.TraceDebug(0L, "Constructed clientSecurityContext for anonymous user");
}
else
{
MailPublicFolderPermissionHandler.Diag.TraceDebug(0L, "Determined the sent user as an authorized entity");
byte[] valueOrDefault = from.GetValueOrDefault <byte[]>(ParticipantSchema.ParticipantSID);
SecurityIdentifier securityIdentifier = (valueOrDefault == null) ? null : new SecurityIdentifier(valueOrDefault, 0);
TransportMiniRecipient data = recipientCache.FindAndCacheRecipient(ProxyAddress.Parse(mailItemDeliver.MbxTransportMailItem.From.ToString())).Data;
if (securityIdentifier == null)
{
context = MailPublicFolderPermissionHandler.GetUserClientSecurityContext(MailPublicFolderPermissionHandler.EveryoneSID, null);
}
else if (data == null)
{
context = MailPublicFolderPermissionHandler.GetUserClientSecurityContext(securityIdentifier, null);
}
else
{
context = MailPublicFolderPermissionHandler.GetUserClientSecurityContext(securityIdentifier, recipientSession.GetTokenSids((ADObjectId)data[ADObjectSchema.Id], AssignmentMethod.S4U));
}
MailPublicFolderPermissionHandler.Diag.TraceDebug(0L, "Constructed clientSecurityContext for user {0}.", new object[]
{
(data != null) ? data[ADRecipientSchema.PrimarySmtpAddress] : context.UserSid
});
}
if (MailPublicFolderPermissionHandler.CanPostItemsToPublicFolder(mailPublicFolder, context))
{
accessCheckResult = AccessCheckResult.Allowed;
return;
}
if (isAnonymous)
{
accessCheckResult = AccessCheckResult.NotAllowedAnonymous;
}
});
}
catch (GrayException ex)
{
string arg = string.Empty;
if (ex.InnerException != null)
{
arg = ex.InnerException.Message;
}
accessCheckResult = AccessCheckResult.NotAllowedInternalSystemError;
MailPublicFolderPermissionHandler.Diag.TraceError <ClientSecurityContext, string>(0L, "Access check failed on ClientSecurityContext {0} with {1}.", context, arg);
}
finally
{
if (context != null)
{
context.Dispose();
context = null;
}
}
}
return(accessCheckResult);
}