private static ObjectSecurity GetServerAdminSecurity()
{
FileSecurity securityDescriptor = null;
ADNotificationAdapter.TryRunADOperation(delegate()
{
ITopologyConfigurationSession topologyConfigurationSession = DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromRootOrgScopeSet(), 578, "GetServerAdminSecurity", "f:\\15.00.1497\\sources\\dev\\data\\src\\ApplicationLogic\\ProcessAccessManager.cs");
Server server = null;
try
{
server = topologyConfigurationSession.FindLocalServer();
}
catch (LocalServerNotFoundException)
{
return;
}
RawSecurityDescriptor rawSecurityDescriptor = server.ReadSecurityDescriptor();
if (rawSecurityDescriptor != null)
{
securityDescriptor = new FileSecurity();
byte[] array = new byte[rawSecurityDescriptor.BinaryLength];
rawSecurityDescriptor.GetBinaryForm(array, 0);
securityDescriptor.SetSecurityDescriptorBinaryForm(array);
IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromRootOrgScopeSet(), 605, "GetServerAdminSecurity", "f:\\15.00.1497\\sources\\dev\\data\\src\\ApplicationLogic\\ProcessAccessManager.cs");
SecurityIdentifier exchangeServersUsgSid = rootOrganizationRecipientSession.GetExchangeServersUsgSid();
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(exchangeServersUsgSid, FileSystemRights.ReadData, AccessControlType.Allow);
securityDescriptor.SetAccessRule(fileSystemAccessRule);
SecurityIdentifier identity = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
fileSystemAccessRule = new FileSystemAccessRule(identity, FileSystemRights.ReadData, AccessControlType.Allow);
securityDescriptor.AddAccessRule(fileSystemAccessRule);
return;
}
}, 3);
return(securityDescriptor);
}
// Token: 0x06000026 RID: 38 RVA: 0x00002938 File Offset: 0x00000B38
private static ObjectSecurity GetRpcSecurityDescriptor()
{
FileSecurity fileSecurity = new FileSecurity();
IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromRootOrgScopeSet(), 348, "GetRpcSecurityDescriptor", "f:\\15.00.1497\\sources\\dev\\data\\src\\ThrottlingService\\Service\\ThrottlingRpcServerImpl.cs");
ThrottlingService.StartStopBreadcrumbs.Drop("Calling GetExchangeServersUsgSid", new object[0]);
SecurityIdentifier exchangeServersUsgSid = rootOrganizationRecipientSession.GetExchangeServersUsgSid();
ThrottlingService.StartStopBreadcrumbs.Drop("GetExchangeServersUsgSid call completed", new object[0]);
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(exchangeServersUsgSid, FileSystemRights.ReadData, AccessControlType.Allow);
fileSecurity.SetAccessRule(fileSystemAccessRule);
if (ThrottlingAppConfig.AuthenticatedUsersRpcEnabled)
{
SecurityIdentifier identity = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
fileSystemAccessRule = new FileSystemAccessRule(identity, FileSystemRights.ReadData, AccessControlType.Allow);
fileSecurity.AddAccessRule(fileSystemAccessRule);
ThrottlingService.Tracer.TraceDebug(0L, "RPC calls are allowed for all authenticated users.");
}
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
fileSystemAccessRule = new FileSystemAccessRule(securityIdentifier, FileSystemRights.ReadData, AccessControlType.Allow);
fileSecurity.AddAccessRule(fileSystemAccessRule);
SecurityIdentifier identity2 = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
fileSystemAccessRule = new FileSystemAccessRule(identity2, FileSystemRights.ReadData, AccessControlType.Allow);
fileSecurity.AddAccessRule(fileSystemAccessRule);
fileSecurity.SetOwner(securityIdentifier);
return(fileSecurity);
}
// Token: 0x0600018B RID: 395 RVA: 0x00007A68 File Offset: 0x00005C68
public void Init()
{
ExTraceGlobals.DatabaseManagerTracer.TraceDebug <DatabaseManager>((long)this.GetHashCode(), "{0}: Really starting", this);
AIBreadcrumbs.DatabaseStatusTrail.Drop("Init Starting. Waiting on lock.");
bool flag = false;
try
{
Monitor.Enter(this, ref flag);
AIBreadcrumbs.DatabaseStatusTrail.Drop("Init startup progressing. Lock acquired.");
SecurityIdentifier exchangeServersSid = null;
ADOperationResult adoperationResult = ADNotificationAdapter.TryRunADOperation(delegate()
{
IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromRootOrgScopeSet(), 514, "Init", "f:\\15.00.1497\\sources\\dev\\assistants\\src\\Assistants\\DatabaseManager.cs");
exchangeServersSid = rootOrganizationRecipientSession.GetExchangeServersUsgSid();
});
if (exchangeServersSid == null)
{
AIBreadcrumbs.DatabaseStatusTrail.Drop("Database Manager unable to contact AD.");
TransientServerException ex = new TransientServerException(adoperationResult.Exception);
ExTraceGlobals.DatabaseManagerTracer.TraceDebug <DatabaseManager, ADOperationErrorCode, TransientServerException>((long)this.GetHashCode(), "{0}: Unable to contact AD. Will not continue to start at this time. Code: {1}, Exception: {2}", this, adoperationResult.ErrorCode, ex);
throw ex;
}
if (this.startState != DatabaseManager.StartState.Started)
{
ExTraceGlobals.DatabaseManagerTracer.TraceDebug <DatabaseManager, DatabaseManager.StartState>((long)this.GetHashCode(), "{0}: Init when not started: {1}", this, this.startState);
return;
}
this.performanceCountersTotal = new PerformanceCountersPerDatabaseInstance(this.serviceName + "-Total", null);
this.performanceCountersTotal.Reset();
if (this.timeBasedDriverManager != null)
{
this.timeBasedDriverManager.Start(exchangeServersSid);
}
this.databaseStatusTimer = new Timer(new TimerCallback(this.CheckDatabaseStatusTimerProc));
this.databaseStatusTimer.Change(TimeSpan.Zero, DatabaseManager.DatabaseStatusPollingInterval);
base.TracePfd("PFD AIS {0} {1}: Started", new object[]
{
23383,
this
});
this.startState = DatabaseManager.StartState.Initialized;
}
finally
{
if (flag)
{
Monitor.Exit(this);
}
}
AIBreadcrumbs.DatabaseStatusTrail.Drop("Database manager startup completed.");
}
internal override AdminRoleDefinition[] ComputeAdminRoles(IRootOrganizationRecipientSession recipientSession, ITopologyConfigurationSession configSession)
{
string containerDN = configSession.ConfigurationNamingContext.ToDNString();
ADGroup adgroup = recipientSession.ResolveWellKnownGuid <ADGroup>(WellKnownGuid.EmaWkGuid, containerDN);
return(new AdminRoleDefinition[]
{
new AdminRoleDefinition(adgroup.Sid, "RecipientAdmins"),
new AdminRoleDefinition(recipientSession.GetExchangeServersUsgSid(), "ExchangeServers"),
new AdminRoleDefinition(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), "LocalSystem"),
new AdminRoleDefinition(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), "BuiltinAdmins")
});
}
internal override AdminRoleDefinition[] ComputeAdminRoles(IRootOrganizationRecipientSession recipientSession, ITopologyConfigurationSession configSession)
{
string containerDN = configSession.ConfigurationNamingContext.ToDNString();
ADGroup adgroup = recipientSession.ResolveWellKnownGuid <ADGroup>(WellKnownGuid.EmaWkGuid, containerDN);
List <AdminRoleDefinition> list = new List <AdminRoleDefinition>(4);
list.Add(new AdminRoleDefinition(adgroup.Sid, "RecipientAdmins"));
list.Add(new AdminRoleDefinition(recipientSession.GetExchangeServersUsgSid(), "ExchangeServers"));
list.Add(new AdminRoleDefinition(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), "LocalSystem"));
list.Add(new AdminRoleDefinition(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), "BuiltinAdmins"));
SecurityIdentifier[] additionalSids = this.GetAdditionalSids();
for (int i = 0; i < additionalSids.Length; i++)
{
string roleName = string.Format("AdditionalAdminRoleFromConfiguration {0}", i);
list.Add(new AdminRoleDefinition(additionalSids[i], roleName));
}
return(list.ToArray());
}