private static void RefreshLimitsFromRegistryIfNeeded()
 {
     if (DateTime.UtcNow >= ExchangeExpiringRunspaceConfiguration.ExpiryRefreshTime)
     {
         lock (ExchangeExpiringRunspaceConfiguration.syncRoot)
         {
             if (DateTime.UtcNow >= ExchangeExpiringRunspaceConfiguration.ExpiryRefreshTime)
             {
                 ExchangeExpiringRunspaceConfiguration.ExpiryPeriods[0]  = ExchangeExpiringRunspaceConfiguration.GetMaximumAgeLimitFromRegistry(ExpirationLimit.RunspaceRefresh);
                 ExchangeExpiringRunspaceConfiguration.ExpiryPeriods[1]  = ExchangeExpiringRunspaceConfiguration.GetMaximumAgeLimitFromRegistry(ExpirationLimit.ExternalAccountRunspaceTermination);
                 ExchangeExpiringRunspaceConfiguration.ExpiryRefreshTime = DateTime.UtcNow.AddMinutes(5.0);
             }
         }
     }
 }
 private void SetMaxAgeLimit(ExpirationLimit limit)
 {
     this.maxAgeLimits[(int)limit] = DateTime.UtcNow.Add(ExchangeExpiringRunspaceConfiguration.GetMaximumAgeLimit(limit));
 }
 public static TimeSpan GetMaximumAgeLimit(ExpirationLimit limit)
 {
     ExchangeExpiringRunspaceConfiguration.RefreshLimitsFromRegistryIfNeeded();
     return(ExchangeExpiringRunspaceConfiguration.ExpiryPeriods[(int)limit]);
 }
Beispiel #4
0
        private InitialSessionState GetInitialSessionStateCore(PSSenderInfo senderInfo)
        {
            InitialSessionState result;

            using (new MonitoredScope("GetInitialSessionStateCore", "GetInitialSessionStateCore", AuthZLogHelper.AuthZPerfMonitors))
            {
                if (senderInfo == null || senderInfo.UserInfo == null || senderInfo.UserInfo.Identity == null || senderInfo.UserInfo.Identity.Name == null)
                {
                    throw new ArgumentException("senderInfo");
                }
                PSPrincipal userInfo = senderInfo.UserInfo;
                ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "Entering EAP.GetInitialSessionState({0})", userInfo.Identity.Name);
                UserToken userToken = null;
                Microsoft.Exchange.Configuration.Core.AuthenticationType authenticatedType;
                IIdentity executingUserIdentity = this.GetExecutingUserIdentity(userInfo, senderInfo.ConnectionString, out userToken, out authenticatedType);
                ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = this.BuildRunspaceConfigurationSettings(senderInfo.ConnectionString, executingUserIdentity);
                if (userToken != null)
                {
                    exchangeRunspaceConfigurationSettings.UserToken = userToken;
                }
                if (AppSettings.Current.SiteRedirectTemplate != null)
                {
                    ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "EAP.GetInitialSessionState({0}) site redirection template used is {1}, pod redirection template used is {2}", userInfo.Identity.Name, AppSettings.Current.SiteRedirectTemplate, AppSettings.Current.PodRedirectTemplate);
                    exchangeRunspaceConfigurationSettings.SiteRedirectionTemplate = AppSettings.Current.SiteRedirectTemplate;
                    exchangeRunspaceConfigurationSettings.PodRedirectionTemplate  = AppSettings.Current.PodRedirectTemplate;
                }
                ExchangeExpiringRunspaceConfiguration exchangeExpiringRunspaceConfiguration;
                using (new MonitoredScope("GetInitialSessionStateCore", "ExchangeExpiringRunspaceConfiguration", AuthZLogHelper.AuthZPerfMonitors))
                {
                    if (DatacenterRegistry.IsForefrontForOffice())
                    {
                        try
                        {
                            using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(string.Format("SOFTWARE\\Microsoft\\ExchangeServer\\{0}\\Setup", "v15")))
                            {
                                string   name         = "Microsoft.Exchange.Hygiene.Security.Authorization.ForefrontExpiringDatacenterRunspaceConfiguration";
                                string   path         = (string)registryKey.GetValue("MsiInstallPath");
                                string   assemblyFile = Path.Combine(path, "Bin", "Microsoft.Exchange.Hygiene.Security.Authorization.dll");
                                Assembly assembly     = Assembly.LoadFrom(assemblyFile);
                                Type     type         = assembly.GetType(name);
                                exchangeExpiringRunspaceConfiguration = (ExchangeExpiringRunspaceConfiguration)type.InvokeMember("Instance", BindingFlags.InvokeMethod, Type.DefaultBinder, null, new object[]
                                {
                                    executingUserIdentity,
                                    exchangeRunspaceConfigurationSettings,
                                    senderInfo.ConnectionString,
                                    Constants.IsPowerShellWebService
                                });
                            }
                            goto IL_1FA;
                        }
                        catch (TargetInvocationException ex)
                        {
                            throw ex.InnerException ?? ex;
                        }
                    }
                    exchangeExpiringRunspaceConfiguration = new ExchangeExpiringRunspaceConfiguration(executingUserIdentity, exchangeRunspaceConfigurationSettings, Constants.IsPowerShellWebService);
                    IL_1FA :;
                }
                this.currentAuthZUserToken = new AuthZPluginUserToken(exchangeExpiringRunspaceConfiguration.DelegatedPrincipal, exchangeExpiringRunspaceConfiguration.LogonUser, authenticatedType, exchangeExpiringRunspaceConfiguration.IdentityName);
                ADRawEntry logonUser = exchangeExpiringRunspaceConfiguration.LogonUser;
                if (logonUser[ADRecipientSchema.RemotePowerShellEnabled] != null && !(bool)logonUser[ADRecipientSchema.RemotePowerShellEnabled])
                {
                    AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", "RemotePowerShellEnabled false", false);
                    ExTraceGlobals.AccessDeniedTracer.TraceError <string>(0L, "EAP.GetInitialSessionStateCore user {0} is not allowed to use remote Powershell, access denied", executingUserIdentity.Name);
                    AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
                    throw new RemotePowerShellNotEnabledException(Strings.ErrorRemotePowerShellNotEnabled);
                }
                if (exchangeExpiringRunspaceConfiguration.DelegatedPrincipal == null)
                {
                    ExchangeAuthorizationPlugin.ValidateQueryString(senderInfo.ConnectionString, logonUser);
                }
                else if (exchangeExpiringRunspaceConfiguration.DelegatedPrincipal.UserOrganizationId == null)
                {
                    AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", "User Token is delegated user, but user.OrgId is null.", false);
                    ExTraceGlobals.AccessDeniedTracer.TraceError(0L, "EAP.GetInitialSessionStateCore delegated user is not in organization.");
                    AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
                    throw new DelegatedUserNotInOrgException(Strings.ErrorDelegatedUserNotInOrg);
                }
                string friendlyName = exchangeExpiringRunspaceConfiguration.OrganizationId.GetFriendlyName();
                if (exchangeExpiringRunspaceConfiguration.HasAdminRoles && exchangeExpiringRunspaceConfiguration.IsAppPasswordUsed)
                {
                    AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", string.Format("User {0} of Domain {1} is not allowed to create session using app password.", userInfo.Identity.Name, friendlyName), false);
                    AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
                    throw new AppPasswordLoginException(Strings.ErrorAdminLoginUsingAppPassword);
                }
                if (string.Equals(executingUserIdentity.AuthenticationType, "LiveIdBasic", StringComparison.OrdinalIgnoreCase) || DelegatedPrincipal.DelegatedAuthenticationType.Equals(executingUserIdentity.AuthenticationType, StringComparison.OrdinalIgnoreCase))
                {
                    using (new MonitoredScope("GetInitialSessionStateCore", "ValidateFilteringOnlyUser", AuthZLogHelper.AuthZPerfMonitors))
                    {
                        if (UserValidationHelper.ValidateFilteringOnlyUser(friendlyName, this.currentAuthZUserToken.WindowsLiveId))
                        {
                            AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", string.Format("User {0} of Domain {1} doesn't have valid subscriptions for Exchange Hosted.", userInfo.Identity.Name, friendlyName), false);
                            AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
                            throw new FilteringOnlyUserLoginException(Strings.ErrorFilteringOnlyUserLogin);
                        }
                    }
                }
                InitialSessionState initialSessionState;
                using (new MonitoredScope("GetInitialSessionStateCore", "exchangeRunspaceConfig.CreateInitialSessionState", AuthZLogHelper.AuthZPerfMonitors))
                {
                    initialSessionState = exchangeExpiringRunspaceConfiguration.CreateInitialSessionState();
                }
                ExTraceGlobals.PublicPluginAPITracer.TraceDebug <int>((long)this.GetHashCode(), "EAP.GetInitialSessionState(PSSenderInfo) returns ISS with {0} commands", initialSessionState.Commands.Count);
                result = initialSessionState;
            }
            return(result);
        }