protected XsoMailboxDataProviderBase(ExchangePrincipal mailboxOwner, ISecurityAccessToken userToken, string action)
{
using (DisposeGuard disposeGuard = this.Guard())
{
Util.ThrowOnNullArgument(mailboxOwner, "mailboxOwner");
Util.ThrowOnNullOrEmptyArgument(action, "action");
if (userToken == null)
{
this.MailboxSession = MailboxSession.Open(mailboxOwner, new WindowsPrincipal(WindowsIdentity.GetCurrent()), CultureInfo.InvariantCulture, string.Format("Client=Management;Action={0}", action));
}
else
{
try
{
using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(userToken, AuthzFlags.AuthzSkipTokenGroups))
{
clientSecurityContext.SetSecurityAccessToken(userToken);
this.MailboxSession = MailboxSession.Open(mailboxOwner, clientSecurityContext, CultureInfo.InvariantCulture, string.Format("Client=Management;Action={0}", action));
}
}
catch (AuthzException ex)
{
throw new AccessDeniedException(new LocalizedString(ex.Message));
}
}
disposeGuard.Success();
}
}
public void SetSecurityAccessToken(ISecurityAccessToken securityAccessToken)
{
if (this.clientSecurityContext != null)
{
this.clientSecurityContext.Dispose();
this.clientSecurityContext = null;
}
this.clientSecurityContext = new ClientSecurityContext(securityAccessToken);
}
internal static ClientSecurityContext GetSecurityContextForUser(ISecurityAccessToken executingUser, DelegatedPrincipal delegatedPrincipal, ADUser trackedUser)
{
bool enabled = VariantConfiguration.InvariantNoFlightingSnapshot.Global.MultiTenancy.Enabled;
ExTraceGlobals.TaskTracer.TraceDebug <string, string, bool>(0L, "executing-user={0}, tracked-user={1}, ismultitenancyenabled={2}", (executingUser != null) ? executingUser.UserSid.ToString() : delegatedPrincipal.ToString(), trackedUser.Sid.Value, enabled);
if (!enabled || (executingUser != null && string.Equals(executingUser.UserSid, trackedUser.Sid.Value, StringComparison.OrdinalIgnoreCase)))
{
ExTraceGlobals.TaskTracer.TraceDebug(0L, "executing-user == tracked-user or we are not running in a Multi Tenant environment.");
return(new ClientSecurityContext(executingUser, AuthzFlags.AuthzSkipTokenGroups));
}
WindowsIdentity identity;
try
{
ExTraceGlobals.TaskTracer.TraceDebug(0L, "executing-user != tracked-user");
if (string.IsNullOrEmpty(trackedUser.UserPrincipalName))
{
ExTraceGlobals.TaskTracer.TraceError <ADObjectId>(0L, "Null/Empty UPN for user {0}", trackedUser.Id);
Strings.TrackingErrorUserObjectCorrupt(trackedUser.Id.ToString(), "UserPrincipalName");
string data = string.Format("Missing UserPrincipalName attribute for user {0}", trackedUser.Id.ToString());
TrackingError trackingError = new TrackingError(ErrorCode.InvalidADData, string.Empty, data, string.Empty);
throw new TrackingFatalException(trackingError, null, false);
}
identity = new WindowsIdentity(trackedUser.UserPrincipalName);
}
catch (UnauthorizedAccessException ex)
{
ExTraceGlobals.TaskTracer.TraceError <string, UnauthorizedAccessException>(0L, "Not authorized to get WindowsIdentity for {0}, Exception: {1}", trackedUser.UserPrincipalName, ex);
TrackingError trackingError2 = new TrackingError(ErrorCode.UnexpectedErrorPermanent, string.Empty, string.Format("Cannot logon as {0}", trackedUser.Id.ToString()), ex.ToString());
throw new TrackingFatalException(trackingError2, ex, false);
}
catch (SecurityException arg)
{
ExTraceGlobals.TaskTracer.TraceError <string, SecurityException>(0L, "Not authorized to get WindowsIdentity for {0}, falling back to ExecutingUser, Exception: {1}", trackedUser.UserPrincipalName, arg);
return(new ClientSecurityContext(executingUser, AuthzFlags.AuthzSkipTokenGroups));
}
return(new ClientSecurityContext(identity));
}
internal abstract IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken);
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken)
{
return(new XsoDictionaryDataProvider(principal, "Get-MailboxMessageConfiguration"));
}
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken)
{
return(new MailboxAutoReplyConfigurationDataProvider(principal, "Set-MailboxAutoReplyConfiguration"));
}
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken)
{
return(new CalendarConfigurationDataProvider(principal, "Set-CalendarProcessing"));
}
public MailMessageDataProvider(ADSessionSettings adSessionSettings, ADUser mailboxOwner, ISecurityAccessToken userToken, string action) : base(adSessionSettings, mailboxOwner, userToken, action)
{
}
// Token: 0x06001047 RID: 4167 RVA: 0x0004EE81 File Offset: 0x0004D081
public RbacScope(ScopeType scopeType, ISecurityAccessToken securityAccessToken, bool isFromEndUserRole) : this(scopeType, securityAccessToken)
{
this.isFromEndUserRole = isFromEndUserRole;
}
internal RoleAssignmentScopeSet GetEffectiveScopeSet(Dictionary <ADObjectId, ManagementScope> scopeCache, ISecurityAccessToken securityAccessToken)
{
RbacScope recipientReadScope = (this.RecipientReadScope == ScopeType.MyGAL) ? new RbacScope(this.RecipientReadScope, securityAccessToken) : new RbacScope(this.RecipientReadScope);
RbacScope recipientWriteRbacScope = ExchangeRoleAssignment.GetRecipientWriteRbacScope(this.RecipientWriteScope, this.CustomRecipientWriteScope, scopeCache, securityAccessToken, this.IsFromEndUserRole);
if (recipientWriteRbacScope == null)
{
return(null);
}
RbacScope configReadScope = new RbacScope(this.ConfigReadScope);
ConfigWriteScopeType configWriteScope = this.ConfigWriteScope;
RbacScope configWriteScope2;
switch (configWriteScope)
{
case ConfigWriteScopeType.None:
break;
case ConfigWriteScopeType.NotApplicable:
configWriteScope2 = new RbacScope(ScopeType.NotApplicable);
goto IL_E0;
default:
switch (configWriteScope)
{
case ConfigWriteScopeType.OrganizationConfig:
goto IL_85;
case ConfigWriteScopeType.CustomConfigScope:
case ConfigWriteScopeType.ExclusiveConfigScope:
{
ManagementScope managementScope = scopeCache[this.CustomConfigWriteScope];
if (managementScope == null)
{
return(null);
}
configWriteScope2 = new RbacScope((ScopeType)this.ConfigWriteScope, managementScope);
goto IL_E0;
}
case ConfigWriteScopeType.PartnerDelegatedTenantScope:
if (scopeCache[this.CustomConfigWriteScope] == null)
{
return(null);
}
configWriteScope2 = new RbacScope(ScopeType.OrganizationConfig);
goto IL_E0;
}
configWriteScope2 = null;
goto IL_E0;
}
IL_85:
configWriteScope2 = new RbacScope((ScopeType)this.ConfigWriteScope);
IL_E0:
return(new RoleAssignmentScopeSet(recipientReadScope, recipientWriteRbacScope, configReadScope, configWriteScope2));
}
public static MailboxFolder ResolveMailboxFolder(MailboxFolderIdParameter folderId, DataAccessHelper.GetDataObjectDelegate getUserHandler, DataAccessHelper.GetDataObjectDelegate getFolderHandler, IRecipientSession resolveUserSession, ADSessionSettings sessionSettings, ADUser adUser, ISecurityAccessToken userToken, ManageInboxRule.ThrowTerminatingErrorDelegate errorHandler)
{
if (!ManageInboxRule.TryValidateFolderId(folderId, getUserHandler, getFolderHandler, resolveUserSession, adUser, errorHandler))
{
return(null);
}
MailboxFolder result;
using (MailboxFolderDataProvider mailboxFolderDataProvider = new MailboxFolderDataProvider(sessionSettings, adUser, userToken, "ResolveMailboxFolder"))
{
result = (MailboxFolder)getFolderHandler(folderId, mailboxFolderDataProvider, null, null, new LocalizedString?(Strings.ErrorMailboxFolderNotFound(folderId.ToString())), new LocalizedString?(Strings.ErrorMailboxFolderNotUnique(folderId.ToString())));
}
return(result);
}
public XsoMailboxDataProviderBase(ADSessionSettings adSessionSettings, ADUser mailboxOwner, ISecurityAccessToken userToken, string action) : this(XsoStoreDataProviderBase.GetExchangePrincipalWithAdSessionSettingsForOrg(adSessionSettings.CurrentOrganizationId, mailboxOwner), userToken, action)
{
this.MailboxOwner = mailboxOwner;
}
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken)
{
if (this.ExtendedProperties.IsPresent)
{
return(new MailboxDiagnosticLogsDataProvider(principal, "ExportMailboxDiagnosticLogs"));
}
return(new MailboxDiagnosticLogsDataProvider(this.ComponentName, principal, "ExportMailboxDiagnosticLogs"));
}
public VersionedXmlDataProvider(ExchangePrincipal mailboxOwner, ISecurityAccessToken userToken, string action) : base(mailboxOwner, userToken, action)
{
}
public XsoDictionaryDataProvider(ExchangePrincipal mailboxOwner, ISecurityAccessToken userToken, string action) : base(mailboxOwner, userToken, action)
{
}
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken)
{
return(new VersionedXmlDataProvider(principal, "Get-TextMessagingAccount"));
}
// Token: 0x06001043 RID: 4163 RVA: 0x0004EE39 File Offset: 0x0004D039
public RbacScope(ScopeType scopeType, ISecurityAccessToken securityAccessToken)
{
this.scopeType = scopeType;
this.securityAccessToken = securityAccessToken;
}
internal static RbacScope GetRecipientWriteRbacScope(RecipientWriteScopeType recipientWriteScope, ADObjectId customRecipientWriteScope, Dictionary <ADObjectId, ManagementScope> scopeCache, ISecurityAccessToken securityAccessToken, bool isEndUserRole)
{
RbacScope result = null;
switch (recipientWriteScope)
{
case RecipientWriteScopeType.None:
case RecipientWriteScopeType.Organization:
case RecipientWriteScopeType.Self:
case RecipientWriteScopeType.MyDirectReports:
case RecipientWriteScopeType.MyDistributionGroups:
case RecipientWriteScopeType.MyExecutive:
return(new RbacScope((ScopeType)recipientWriteScope, isEndUserRole));
case RecipientWriteScopeType.NotApplicable:
return(new RbacScope(ScopeType.NotApplicable, isEndUserRole));
case RecipientWriteScopeType.MyGAL:
case RecipientWriteScopeType.MailboxICanDelegate:
return(new RbacScope((ScopeType)recipientWriteScope, securityAccessToken, isEndUserRole));
case RecipientWriteScopeType.OU:
return(new RbacScope(ScopeType.OU, customRecipientWriteScope, isEndUserRole));
case RecipientWriteScopeType.CustomRecipientScope:
case RecipientWriteScopeType.ExclusiveRecipientScope:
{
ManagementScope managementScope = scopeCache[customRecipientWriteScope];
if (managementScope != null)
{
return(new RbacScope((ScopeType)recipientWriteScope, managementScope, isEndUserRole));
}
return(result);
}
}
result = null;
return(result);
}
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken)
{
return(new VersionedXmlDataProvider(principal, "Get-CalendarNotification"));
}
internal static MailboxSession OpenMailboxSessionAsOwner(ExchangePrincipal principal, ISecurityAccessToken userToken, string taskName)
{
TaskLogger.LogEnter();
MailboxSession result = null;
if (principal == null)
{
throw new ArgumentNullException("principal");
}
if (string.IsNullOrEmpty(taskName))
{
throw new ArgumentNullException("taskName");
}
if (userToken == null)
{
result = MailboxSession.Open(principal, new WindowsPrincipal(WindowsIdentity.GetCurrent()), CultureInfo.InvariantCulture, string.Format("Client=Management;Action={0}", taskName));
}
else
{
try
{
using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(userToken, AuthzFlags.AuthzSkipTokenGroups))
{
clientSecurityContext.SetSecurityAccessToken(userToken);
result = MailboxSession.Open(principal, clientSecurityContext, CultureInfo.InvariantCulture, string.Format("Client=Management;Action={0}", taskName));
}
}
catch (AuthzException ex)
{
throw new AccessDeniedException(new LocalizedString(ex.Message));
}
}
TaskLogger.LogExit();
return(result);
}
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken)
{
return(new MailboxJunkEmailConfigurationDataProvider(principal, base.TenantGlobalCatalogSession, "Get-MailboxJunkEmailConfiguration"));
}
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken)
{
XsoDictionaryDataProvider xsoDictionaryDataProvider = new XsoDictionaryDataProvider(principal, "Set-MailboxMessageConfiguration");
this.mailboxSession = xsoDictionaryDataProvider.MailboxSession;
return(xsoDictionaryDataProvider);
}
