private ADObjectId GetPolicyIdFromAD(OrganizationId key)
        {
            ExTraceGlobals.MobileDevicePolicyTracer.Information <OrganizationId>((long)this.GetHashCode(), "MobileDevicePolicyIdCacheByOrganization.GetPolicyFromAD({0})", key);
            ADSessionSettings     settings = ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(key);
            IConfigurationSession session  = this.GetConfigSession(settings);
            ADObjectId            rootId   = session.GetOrgContainerId();
            QueryFilter           filter   = new BitMaskAndFilter(MobileMailboxPolicySchema.MobileFlags, 4096UL);
            SortBy     sortBy   = new SortBy(ADObjectSchema.WhenChanged, SortOrder.Descending);
            ADObjectId policyId = null;

            try
            {
                ADNotificationAdapter.RunADOperation(delegate()
                {
                    MobileMailboxPolicy[] array = session.Find <MobileMailboxPolicy>(rootId, QueryScope.SubTree, filter, sortBy, 1);
                    if (array != null && array.Length > 0)
                    {
                        policyId = array[0].Id;
                        OrgIdADObjectWrapper key2 = new OrgIdADObjectWrapper(policyId, key);
                        if (!MobileDevicePolicyCache.Instance.Contains(key2))
                        {
                            MobileDevicePolicyData mobileDevicePolicyDataFromMobileMailboxPolicy = MobileDevicePolicyDataFactory.GetMobileDevicePolicyDataFromMobileMailboxPolicy(array[0]);
                            MobileDevicePolicyCache.Instance.TryAdd(key2, ref mobileDevicePolicyDataFromMobileMailboxPolicy);
                        }
                    }
                });
            }
            catch (LocalizedException arg)
            {
                ExTraceGlobals.MobileDevicePolicyTracer.TraceError <OrganizationId, LocalizedException>((long)this.GetHashCode(), "MobileDevicePolicyIdCacheByOrganization.GetPolicyIdFromAD({0}) threw exception: {1}", key, arg);
                throw;
            }
            ExTraceGlobals.MobileDevicePolicyTracer.Information <OrganizationId, ADObjectId>((long)this.GetHashCode(), "MobileDevicePolicyIdCacheByOrganization.GetPolicyFromAD({0}) returned: {1}", key, policyId);
            return(policyId);
        }
Beispiel #2
0
        internal static MobileDevicePolicyData GetMobileDevicePolicyDataFromMobileMailboxPolicy(MobileMailboxPolicy mobileMailboxPolicy)
        {
            MobileDevicePolicyData result = null;

            if (mobileMailboxPolicy != null)
            {
                result = new MobileDevicePolicyData
                {
                    AlphanumericDevicePasswordRequired = mobileMailboxPolicy.AlphanumericPasswordRequired,
                    DeviceEncryptionRequired           = mobileMailboxPolicy.RequireDeviceEncryption,
                    DevicePasswordRequired             = mobileMailboxPolicy.PasswordEnabled,
                    MaxDevicePasswordExpiration        = mobileMailboxPolicy.PasswordExpiration,
                    MaxDevicePasswordFailedAttempts    = mobileMailboxPolicy.MaxPasswordFailedAttempts,
                    MaxInactivityTimeDeviceLock        = mobileMailboxPolicy.MaxInactivityTimeLock,
                    MinDevicePasswordComplexCharacters = mobileMailboxPolicy.MinPasswordComplexCharacters,
                    MinDevicePasswordHistory           = mobileMailboxPolicy.PasswordHistory,
                    MinDevicePasswordLength            = mobileMailboxPolicy.MinPasswordLength,
                    SimpleDevicePasswordAllowed        = mobileMailboxPolicy.AllowSimplePassword,
                    AllowApplePushNotifications        = mobileMailboxPolicy.AllowApplePushNotifications,
                    AllowMicrosoftPushNotifications    = mobileMailboxPolicy.AllowMicrosoftPushNotifications,
                    AllowGooglePushNotifications       = mobileMailboxPolicy.AllowGooglePushNotifications
                };
            }
            return(result);
        }
Beispiel #3
0
        internal static MobileDevicePolicyData GetPolicyData(ExchangePrincipal principal, out ADObjectId policyId)
        {
            if (principal == null)
            {
                throw new ArgumentNullException("principal");
            }
            policyId = principal.MailboxInfo.Configuration.MobileDeviceMailboxPolicy;
            MobileDevicePolicyData mobileDevicePolicyData = null;

            if (policyId != null)
            {
                mobileDevicePolicyData = MobileDevicePolicyCache.Instance.Get(new OrgIdADObjectWrapper(policyId, principal.MailboxInfo.OrganizationId));
            }
            if (mobileDevicePolicyData == null)
            {
                ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug <ADObjectId, ADObjectId>(0L, "No policy returned for user '{0}' with policy '{1}'. Using org default policy.", principal.ObjectId, policyId);
                ADObjectId adobjectId = MobileDevicePolicyIdCacheByOrganization.Instance.Get(principal.MailboxInfo.OrganizationId);
                if (adobjectId != null)
                {
                    policyId = adobjectId;
                    mobileDevicePolicyData = MobileDevicePolicyCache.Instance.Get(new OrgIdADObjectWrapper(adobjectId, principal.MailboxInfo.OrganizationId));
                }
                if (mobileDevicePolicyData == null)
                {
                    ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug <ADObjectId, OrganizationId>(0L, "No default policy returned for user '{0}' with organization '{1}'. Using NO policy.", principal.ObjectId, principal.MailboxInfo.OrganizationId);
                }
            }
            return(mobileDevicePolicyData);
        }
Beispiel #4
0
        public static void CheckMobileDevicePolicyIsCorrect(string methodName, CallContext callContext)
        {
            if (!callContext.IsMowa)
            {
                Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Request is not coming from a MOWA session. Skipping policy check.");
                return;
            }
            if (string.IsNullOrEmpty(callContext.MobileDevicePolicyId))
            {
                Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Client isn't passing policy information (old client). Skipping policy check.");
                return;
            }
            if (methodName.Equals("GetOwaUserConfiguration", StringComparison.OrdinalIgnoreCase))
            {
                Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Executing GetOwaUserConfiguration method. Skipping policy check.");
                callContext.UpdateLastPolicyTime();
                return;
            }
            if (methodName.Equals("PingOwa", StringComparison.OrdinalIgnoreCase))
            {
                Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Executing PingOwa method. Skipping policy check.");
                return;
            }
            ADObjectId             policy     = null;
            MobileDevicePolicyData policyData = MobileDevicePolicyDataFactory.GetPolicyData(callContext.AccessingPrincipal, out policy);

            callContext.UpdatePolicyApplied(policy);
            string mobileDevicePolicyId = callContext.MobileDevicePolicyId;

            if (policyData != null && !string.Equals(policyData.PolicyIdentifier, mobileDevicePolicyId, StringComparison.Ordinal))
            {
                callContext.MarkDeviceAsBlockedByPolicy();
                string effectiveAccessingSmtpAddress = callContext.GetEffectiveAccessingSmtpAddress();
                Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceWarning(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Policy Identifier does not match expected value. Expected: '{0}'. Actual: '{1}'. Method: '{2}'. User: '******'.", new object[]
                {
                    policyData.PolicyIdentifier,
                    mobileDevicePolicyId,
                    methodName,
                    effectiveAccessingSmtpAddress
                });
                throw new OwaInvalidMobileDevicePolicyException(string.Format("The presented mobile device policy id '{0}' is not valid. Method '{1}' is being rejected.", mobileDevicePolicyId, methodName), effectiveAccessingSmtpAddress, policyData.PolicyIdentifier);
            }
            callContext.MarkDeviceAsAllowed();
        }
Beispiel #5
0
        internal static MobileDevicePolicySettingsType GetPolicySettings(MobileDevicePolicyData mobilePolicyData)
        {
            MobileDevicePolicySettingsType mobileDevicePolicySettingsType = new MobileDevicePolicySettingsType();

            if (mobilePolicyData != null)
            {
                mobileDevicePolicySettingsType.AlphanumericDevicePasswordRequired    = mobilePolicyData.AlphanumericDevicePasswordRequired;
                mobileDevicePolicySettingsType.DeviceEncryptionRequired              = mobilePolicyData.DeviceEncryptionRequired;
                mobileDevicePolicySettingsType.DevicePasswordRequired                = mobilePolicyData.DevicePasswordRequired;
                mobileDevicePolicySettingsType.MaxDevicePasswordExpirationString     = mobilePolicyData.MaxDevicePasswordExpirationString;
                mobileDevicePolicySettingsType.MaxDevicePasswordFailedAttemptsString = mobilePolicyData.MaxDevicePasswordFailedAttemptsString;
                mobileDevicePolicySettingsType.MaxInactivityTimeDeviceLockString     = mobilePolicyData.MaxInactivityTimeDeviceLockString;
                mobileDevicePolicySettingsType.MinDevicePasswordComplexCharacters    = mobilePolicyData.MinDevicePasswordComplexCharacters;
                mobileDevicePolicySettingsType.MinDevicePasswordHistory              = mobilePolicyData.MinDevicePasswordHistory;
                mobileDevicePolicySettingsType.MinDevicePasswordLength               = mobilePolicyData.MinDevicePasswordLength;
                mobileDevicePolicySettingsType.PolicyIdentifier                = mobilePolicyData.PolicyIdentifier;
                mobileDevicePolicySettingsType.SimpleDevicePasswordAllowed     = mobilePolicyData.SimpleDevicePasswordAllowed;
                mobileDevicePolicySettingsType.AllowApplePushNotifications     = mobilePolicyData.AllowApplePushNotifications;
                mobileDevicePolicySettingsType.AllowMicrosoftPushNotifications = mobilePolicyData.AllowMicrosoftPushNotifications;
                mobileDevicePolicySettingsType.AllowGooglePushNotifications    = mobilePolicyData.AllowGooglePushNotifications;
            }
            return(mobileDevicePolicySettingsType);
        }
Beispiel #6
0
        internal static MobileDevicePolicySettingsType GetPolicySettings(ExchangePrincipal principal)
        {
            MobileDevicePolicyData policyData = MobileDevicePolicyDataFactory.GetPolicyData(principal);

            return(MobileDevicePolicyDataFactory.GetPolicySettings(policyData));
        }