Ejemplo n.º 1
0
        static CertificateAuthenticationModule()
        {
            if (!int.TryParse(ConfigurationManager.AppSettings["CertificateAuthentication.MaxRetryForADTransient"], out CertificateAuthenticationModule.maxRetryForADTransient))
            {
                CertificateAuthenticationModule.maxRetryForADTransient = 2;
            }
            int num;

            if (!int.TryParse(ConfigurationManager.AppSettings["CertificateAuthentication.UserCacheMappingMaximumSize"], out num) || num < 0)
            {
                num = 300;
            }
            if (num != 0)
            {
                int num2;
                if (!int.TryParse(ConfigurationManager.AppSettings["CertificateAuthentication.UserCacheMappingExpirationInHours"], out num2) || num2 < 0)
                {
                    num2 = 4;
                }
                CertificateAuthenticationModule.certCache = new CertificateADUserCache(num2, num);
            }
            bool.TryParse(ConfigurationManager.AppSettings["CertificateAuthenticationModule.CafeProxy"], out CertificateAuthenticationModule.cafeProxy);
            if (DatacenterRegistry.IsForefrontForOffice())
            {
                AppDomain.CurrentDomain.AssemblyResolve += CertificateAuthenticationModule.CurrentDomain_AssemblyResolve;
            }
        }
Ejemplo n.º 2
0
 public static void SetRecipientFilterPreAction(DataRow inputRow, DataTable dataTable, DataObjectStore store)
 {
     if (DatacenterRegistry.IsForefrontForOffice())
     {
         inputRow["RecipientTypeFilter"] = inputRow["FFORecipientTypeFilter"].ToString();
     }
 }
Ejemplo n.º 3
0
        public static void SaveToFfo <T>(Task task, T adObject, TenantSettingSyncLogType logType, string oldName = null) where T : ADObject, new()
        {
            bool flag = false;

            try
            {
                if (!DatacenterRegistry.IsForefrontForOffice() && !task.CurrentOrganizationId.Equals(OrganizationId.ForestWideOrgId) && DatacenterRegistry.IsDualWriteAllowed() && adObject != null)
                {
                    flag = true;
                    if (adObject.m_Session != null)
                    {
                        ComparisonFilter filter = new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Name, adObject.Name);
                        T t = adObject.m_Session.Find <T>(null, QueryScope.SubTree, filter, null, 0).FirstOrDefault <T>();
                        if (t != null)
                        {
                            adObject = t;
                        }
                    }
                    FfoDualWriter.FixTenantId(adObject);
                    FfoDualWriter.HandleRenaming(adObject, oldName);
                    FfoDualWriter.FfoDataProvider.Save(adObject);
                }
            }
            catch (Exception ex)
            {
                if (flag)
                {
                    FfoDualWriter.LogToFile <T>(adObject, logType, oldName);
                }
                FfoDualWriter.LogException(ex);
            }
        }
Ejemplo n.º 4
0
 internal static object InstantiateFfoOrExoClass(string ffoTypeName, Type exoType)
 {
     if (DatacenterRegistry.IsForefrontForOffice() && !DatacenterRegistry.IsForefrontForOfficeDeployment())
     {
         Assembly assembly = Assembly.Load("Microsoft.Exchange.Hygiene.Data");
         Type     type     = assembly.GetType(ffoTypeName);
         return(Activator.CreateInstance(type));
     }
     return(Activator.CreateInstance(exoType));
 }
Ejemplo n.º 5
0
        public void StartLogging()
        {
            if (!Directory.Exists(SetupLoggerImpl.setupLogDirectory))
            {
                Directory.CreateDirectory(SetupLoggerImpl.setupLogDirectory);
            }
            string filename       = Path.Combine(SetupLoggerImpl.setupLogDirectory, SetupLoggerImpl.setupLogFileNameForWatson);
            string filename2      = Path.Combine(SetupLoggerImpl.setupLogDirectory, "ExchangeSetup.msilog");
            string dataMiningPath = null;

            if (DatacenterRegistry.IsMicrosoftHostedOnly())
            {
                string text = "d:\\ExchangeSetupLogs";
                if (!Directory.Exists(text))
                {
                    Directory.CreateDirectory(text);
                }
                dataMiningPath = Path.Combine(text, SetupLoggerImpl.setupLogFileName);
            }
            ExWatson.TryAddExtraFile(filename);
            ExWatson.TryAddExtraFile(filename2);
            try
            {
                TaskLogger.IsSetupLogging = true;
                TaskLogger.StartFileLogging(SetupLoggerImpl.setupLogFilePath, dataMiningPath);
                this.isLoggingStarted = true;
            }
            catch (IOException ex)
            {
                throw new SetupLogInitializeException(ex.Message, ex);
            }
            catch (UnauthorizedAccessException ex2)
            {
                throw new SetupLogInitializeException(ex2.Message, ex2);
            }
            this.Log(SetupLoggerImpl.AsterixLine);
            this.Log(Strings.SetupLogStarted);
            this.Log(SetupLoggerImpl.AsterixLine);
            this.Log(Strings.LocalTimeZone(TimeZoneInfo.Local.DisplayName));
            this.Log(Strings.OSVersion(Environment.OSVersion.ToString()));
            try
            {
                this.LogAssemblyVersion();
            }
            catch (FileVersionNotFoundException ex3)
            {
                throw new SetupLogInitializeException(ex3.Message, ex3);
            }
            this.LogUserName();
            this.TaskStartTime = DateTime.UtcNow;
        }
Ejemplo n.º 6
0
        private string GetUserUniqueKey()
        {
            DelegatedPrincipal delegatedPrincipal = this.OriginalUser as DelegatedPrincipal;

            if (delegatedPrincipal != null)
            {
                return(delegatedPrincipal.UserId);
            }
            if (DatacenterRegistry.IsForefrontForOffice())
            {
                return(this.OriginalLogonUserIdentity.Name);
            }
            return(this.OriginalLogonUserIdentity.GetSecurityIdentifier().Value);
        }
Ejemplo n.º 7
0
 public static ArbitrationMailboxStatus CheckArbitrationMailboxStatus(OrganizationId organizationId, out ADUser user, out ExchangePrincipal principal, out Exception exception)
 {
     user      = null;
     principal = null;
     exception = null;
     try
     {
         if (DatacenterRegistry.IsForefrontForOffice())
         {
             return(ArbitrationMailboxStatus.FFO);
         }
         user      = AdminAuditLogHelper.GetTenantArbitrationMailbox(organizationId);
         principal = ExchangePrincipal.FromADUser(ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId), user, RemotingOptions.AllowCrossSite);
         AdminAuditLogHelper.Tracer.TraceDebug <int>(0L, "AdminAuditLogHelper: Tenant arbitration mailbox server version is {0}", principal.MailboxInfo.Location.ServerVersion);
         if (principal.MailboxInfo.Location.ServerVersion < Server.E14SP1MinVersion)
         {
             return(ArbitrationMailboxStatus.R4);
         }
         if (principal.MailboxInfo.Location.ServerVersion < Server.E15MinVersion)
         {
             return(ArbitrationMailboxStatus.R5);
         }
         return(ArbitrationMailboxStatus.E15);
     }
     catch (ObjectNotFoundException ex)
     {
         exception = ex;
         AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, ObjectNotFoundException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex);
     }
     catch (MailboxInfoStaleException ex2)
     {
         exception = ex2;
         AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, MailboxInfoStaleException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex2);
     }
     catch (SuitabilityDirectoryException ex3)
     {
         exception = ex3;
         AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, SuitabilityDirectoryException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex3);
     }
     catch (DatabaseLocationUnavailableException ex4)
     {
         exception = ex4;
         AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, DatabaseLocationUnavailableException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex4);
     }
     return(ArbitrationMailboxStatus.UnableToKnow);
 }
Ejemplo n.º 8
0
        internal void ValidateDlpPolicy(PropertyInfo property, object task, IConfigDataProvider configSession)
        {
            IList <string> list;

            if (!DatacenterRegistry.IsForefrontForOffice() && this.TryGetValues <string>(property, task, out list) && list.Count > 0)
            {
                if (configSession == null)
                {
                    throw new NullReferenceException("ValidateDlpPolicy requires an IConfigDataProvider");
                }
                HashSet <string> installedDlp = new HashSet <string>(from dlp in DlpUtils.GetInstalledTenantDlpPolicies(configSession)
                                                                     select dlp.Name.ToLower());
                if (!list.All((string dlp) => installedDlp.Contains(dlp.ToLower())))
                {
                    this.ThrowError(property);
                }
            }
        }
Ejemplo n.º 9
0
        private static GlsLookupMode InitializeLookupMode()
        {
            string value = null;

            try
            {
                using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(GlsMServDirectorySession.RegistryKey))
                {
                    value = ((registryKey != null) ? ((string)registryKey.GetValue(GlsMServDirectorySession.GlobalDirectoryLookupTypeValue, null)) : null);
                }
            }
            catch (SecurityException ex)
            {
                ExTraceGlobals.GLSTracer.TraceError <string>(0L, "SecurityException: {0}", ex.Message);
            }
            catch (UnauthorizedAccessException ex2)
            {
                ExTraceGlobals.GLSTracer.TraceError <string>(0L, "UnauthorizedAccessException: {0}", ex2.Message);
            }
            GlsLookupMode result;

            if (Enum.TryParse <GlsLookupMode>(value, true, out result))
            {
                return(result);
            }
            if (DatacenterRegistry.IsForefrontForOffice())
            {
                return(GlsLookupMode.GlsOnly);
            }
            ITopologyConfigurationSession topologyConfigurationSession = DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromRootOrgScopeSet(), 694, "InitializeLookupMode", "f:\\15.00.1497\\sources\\dev\\data\\src\\directory\\GlsMServDirectorySession.cs");
            ADSite localSite = topologyConfigurationSession.GetLocalSite();

            if (localSite.DistinguishedName.EndsWith("DC=extest,DC=microsoft,DC=com"))
            {
                return(GlsLookupMode.MServOnly);
            }
            return(GlsLookupMode.BothGLSAndMServ);
        }
Ejemplo n.º 10
0
        public static void DeleteFromFfo <T>(Task task, T adObject, TenantSettingSyncLogType logType) where T : ADObject, new()
        {
            bool flag = false;

            try
            {
                if (!DatacenterRegistry.IsForefrontForOffice() && !task.CurrentOrganizationId.Equals(OrganizationId.ForestWideOrgId) && DatacenterRegistry.IsDualWriteAllowed())
                {
                    flag = true;
                    FfoDualWriter.FixTenantId(adObject);
                    TenantSettingSyncLogGenerator.Instance.LogChangesForDelete(adObject, logType, new Guid?(adObject.OrganizationalUnitRoot.ObjectGuid));
                    FfoDualWriter.FfoDataProvider.Delete(adObject);
                }
            }
            catch (Exception ex)
            {
                if (flag)
                {
                    FfoDualWriter.LogToFile <T>(adObject, logType, null);
                }
                FfoDualWriter.LogException(ex);
            }
        }
Ejemplo n.º 11
0
 public RbacContext(RbacSettings settings)
 {
     RbacContext < > 4__this = this;
     ExTraceGlobals.RBACTracer.TraceInformation <string>(0, 0L, "Creating RBAC context for {0}", settings.UserName);
     this.Settings = settings;
     this.roles    = new LazilyInitialized <ExchangeRunspaceConfiguration>(delegate()
     {
         ExchangeRunspaceConfiguration exchangeRunspaceConfiguration;
         if (DatacenterRegistry.IsForefrontForOffice())
         {
             Assembly assembly = Assembly.Load("Microsoft.Exchange.Hygiene.Security.Authorization");
             string siteName   = HostingEnvironment.ApplicationHost.GetSiteName();
             try
             {
                 string name = (RbacContext.PullHostedTenantRbac && (bool)HttpContext.Current.Items["IsHostedTenant"]) ? "Microsoft.Exchange.Hygiene.Security.Authorization.ForefrontRunspaceConfigurationForHostedTenant" : "Microsoft.Exchange.Hygiene.Security.Authorization.ForefrontRunspaceConfiguration";
                 Type type   = assembly.GetType(name);
                 exchangeRunspaceConfiguration = (ExchangeRunspaceConfiguration)Activator.CreateInstance(type, new object[]
                 {
                     < > 4__this.Settings.OriginalLogonUserIdentity,
                     siteName
                 });
                 goto IL_222;
             }
Ejemplo n.º 12
0
 public virtual bool IsForefrontForOffice()
 {
     return(DatacenterRegistry.IsForefrontForOffice());
 }
Ejemplo n.º 13
0
 private static bool IsLatencyEventLoggingEnabled()
 {
     return(DatacenterRegistry.IsMicrosoftHostedOnly() || DatacenterRegistry.IsDatacenterDedicated());
 }
Ejemplo n.º 14
0
 internal static bool HasDlpRole(Task task)
 {
     return(!DatacenterRegistry.IsForefrontForOffice() && (task.ExchangeRunspaceConfig == null || task.ExchangeRunspaceConfig.HasRoleOfType(RoleType.DataLossPrevention) || task.ExchangeRunspaceConfig.HasRoleOfType(RoleType.PersonallyIdentifiableInformation)));
 }
Ejemplo n.º 15
0
 internal static bool IsForefrontObject(PartitionId id)
 {
     return(DatacenterRegistry.IsForefrontForOffice() && id.ForestFQDN == "FFO.extest.microsoft.com");
 }
Ejemplo n.º 16
0
 public override bool?TryIsInRole(ExchangeRunspaceConfiguration rbacConfiguration)
 {
     return(new bool?(DatacenterRegistry.IsForefrontForOffice() || RbacQuery.OrganizationConfigurationQueryProcessor.IsEOPStandardCapability.TryIsInRole(rbacConfiguration).Value));
 }
Ejemplo n.º 17
0
        protected override void InternalBeginProcessing()
        {
            bool flag = false;

            TaskLogger.LogEnter();
            base.InternalBeginProcessing();
            if (this.ValidationOrganization != null && !string.Equals(this.ValidationOrganization, base.CurrentOrganizationId.ToString(), StringComparison.OrdinalIgnoreCase))
            {
                base.ThrowTerminatingError(new ValidationOrgCurrentOrgNotMatchException(this.ValidationOrganization, base.CurrentOrganizationId.ToString()), ExchangeErrorCategory.Client, null);
            }
            if ("crossforest" == base.ParameterSetName)
            {
                try
                {
                    NetworkCredential userForestCredential = (this.LinkedCredential == null) ? null : this.LinkedCredential.GetNetworkCredential();
                    this.linkedGroupSid = MailboxTaskHelper.GetSidFromAnotherForest <ADGroup>(this.LinkedForeignGroup, this.LinkedDomainController, userForestCredential, base.GlobalConfigSession, new MailboxTaskHelper.GetUniqueObject(base.GetDataObject <ADGroup>), new Task.ErrorLoggerDelegate(base.ThrowTerminatingError), new MailboxTaskHelper.OneStringErrorDelegate(Strings.ErrorLinkedGroupInTheCurrentForest), new MailboxTaskHelper.TwoStringErrorDelegate(Strings.ErrorGroupNotFoundOnGlobalCatalog), new MailboxTaskHelper.TwoStringErrorDelegate(Strings.ErrorGroupNotFoundOnDomainController), new MailboxTaskHelper.TwoStringErrorDelegate(Strings.ErrorGroupNotUniqueOnGlobalCatalog), new MailboxTaskHelper.TwoStringErrorDelegate(Strings.ErrorGroupNotUniqueOnDomainController), new MailboxTaskHelper.OneStringErrorDelegate(Strings.ErrorVerifyLinkedGroupForest));
                }
                catch (PSArgumentException exception)
                {
                    base.ThrowTerminatingError(exception, ErrorCategory.InvalidArgument, this.LinkedCredential);
                }
            }
            if (!base.Fields.IsModified(ADGroupSchema.ManagedBy) && base.CurrentOrganizationId.Equals(base.ExecutingUserOrganizationId))
            {
                List <SecurityPrincipalIdParameter> list = new List <SecurityPrincipalIdParameter>(2);
                flag = true;
                bool useGlobalCatalog     = base.TenantGlobalCatalogSession.UseGlobalCatalog;
                bool useConfigNC          = base.TenantGlobalCatalogSession.UseConfigNC;
                bool skipRangedAttributes = base.TenantGlobalCatalogSession.SkipRangedAttributes;
                try
                {
                    base.TenantGlobalCatalogSession.UseGlobalCatalog     = true;
                    base.TenantGlobalCatalogSession.UseConfigNC          = false;
                    base.TenantGlobalCatalogSession.SkipRangedAttributes = true;
                    ADGroup adgroup = base.TenantGlobalCatalogSession.ResolveWellKnownGuid <ADGroup>(RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid, OrganizationId.ForestWideOrgId.Equals(base.CurrentOrganizationId) ? this.ConfigurationSession.ConfigurationNamingContext : base.TenantGlobalCatalogSession.SessionSettings.CurrentOrganizationId.ConfigurationUnit);
                    if (adgroup == null)
                    {
                        base.ThrowTerminatingError(new ManagementObjectNotFoundException(DirectoryStrings.ExceptionADTopologyCannotFindWellKnownExchangeGroup), (ErrorCategory)1001, RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid);
                    }
                    list.Add(new SecurityPrincipalIdParameter(adgroup.DistinguishedName));
                }
                finally
                {
                    base.TenantGlobalCatalogSession.UseGlobalCatalog     = useGlobalCatalog;
                    base.TenantGlobalCatalogSession.UseConfigNC          = useConfigNC;
                    base.TenantGlobalCatalogSession.SkipRangedAttributes = skipRangedAttributes;
                }
                ADObjectId adObjectId;
                if (base.TryGetExecutingUserId(out adObjectId))
                {
                    list.Add(new SecurityPrincipalIdParameter(adObjectId));
                }
                this.ManagedBy = new MultiValuedProperty <SecurityPrincipalIdParameter>(list);
            }
            if (this.ManagedBy == null)
            {
                base.WriteError(new RecipientTaskException(Strings.ErrorManagedByCannotBeEmpty), (ErrorCategory)1000, null);
            }
            if (!flag || !DatacenterRegistry.IsForefrontForOffice())
            {
                MailboxTaskHelper.CheckAndResolveManagedBy <ADGroup>(this, new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>), ExchangeErrorCategory.Client, this.ManagedBy.ToArray(), out this.managedByRecipients);
            }
            TaskLogger.LogExit();
        }
Ejemplo n.º 18
0
 public override bool?TryIsInRole(ExchangeRunspaceConfiguration rbacConfiguration)
 {
     return(new bool?(DatacenterRegistry.IsForefrontForOffice() ? DatacenterRegistry.IsFFOGallatinDatacenter() : DatacenterRegistry.IsGallatinDatacenter()));
 }
Ejemplo n.º 19
0
 public static bool IsForefrontForOfficeDatacenter()
 {
     return(DatacenterRegistry.IsForefrontForOffice());
 }
Ejemplo n.º 20
0
        private InitialSessionState GetInitialSessionStateCore(PSSenderInfo senderInfo)
        {
            InitialSessionState result;

            using (new MonitoredScope("GetInitialSessionStateCore", "GetInitialSessionStateCore", AuthZLogHelper.AuthZPerfMonitors))
            {
                if (senderInfo == null || senderInfo.UserInfo == null || senderInfo.UserInfo.Identity == null || senderInfo.UserInfo.Identity.Name == null)
                {
                    throw new ArgumentException("senderInfo");
                }
                PSPrincipal userInfo = senderInfo.UserInfo;
                ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "Entering EAP.GetInitialSessionState({0})", userInfo.Identity.Name);
                UserToken userToken = null;
                Microsoft.Exchange.Configuration.Core.AuthenticationType authenticatedType;
                IIdentity executingUserIdentity = this.GetExecutingUserIdentity(userInfo, senderInfo.ConnectionString, out userToken, out authenticatedType);
                ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = this.BuildRunspaceConfigurationSettings(senderInfo.ConnectionString, executingUserIdentity);
                if (userToken != null)
                {
                    exchangeRunspaceConfigurationSettings.UserToken = userToken;
                }
                if (AppSettings.Current.SiteRedirectTemplate != null)
                {
                    ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "EAP.GetInitialSessionState({0}) site redirection template used is {1}, pod redirection template used is {2}", userInfo.Identity.Name, AppSettings.Current.SiteRedirectTemplate, AppSettings.Current.PodRedirectTemplate);
                    exchangeRunspaceConfigurationSettings.SiteRedirectionTemplate = AppSettings.Current.SiteRedirectTemplate;
                    exchangeRunspaceConfigurationSettings.PodRedirectionTemplate  = AppSettings.Current.PodRedirectTemplate;
                }
                ExchangeExpiringRunspaceConfiguration exchangeExpiringRunspaceConfiguration;
                using (new MonitoredScope("GetInitialSessionStateCore", "ExchangeExpiringRunspaceConfiguration", AuthZLogHelper.AuthZPerfMonitors))
                {
                    if (DatacenterRegistry.IsForefrontForOffice())
                    {
                        try
                        {
                            using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(string.Format("SOFTWARE\\Microsoft\\ExchangeServer\\{0}\\Setup", "v15")))
                            {
                                string   name         = "Microsoft.Exchange.Hygiene.Security.Authorization.ForefrontExpiringDatacenterRunspaceConfiguration";
                                string   path         = (string)registryKey.GetValue("MsiInstallPath");
                                string   assemblyFile = Path.Combine(path, "Bin", "Microsoft.Exchange.Hygiene.Security.Authorization.dll");
                                Assembly assembly     = Assembly.LoadFrom(assemblyFile);
                                Type     type         = assembly.GetType(name);
                                exchangeExpiringRunspaceConfiguration = (ExchangeExpiringRunspaceConfiguration)type.InvokeMember("Instance", BindingFlags.InvokeMethod, Type.DefaultBinder, null, new object[]
                                {
                                    executingUserIdentity,
                                    exchangeRunspaceConfigurationSettings,
                                    senderInfo.ConnectionString,
                                    Constants.IsPowerShellWebService
                                });
                            }
                            goto IL_1FA;
                        }
                        catch (TargetInvocationException ex)
                        {
                            throw ex.InnerException ?? ex;
                        }
                    }
                    exchangeExpiringRunspaceConfiguration = new ExchangeExpiringRunspaceConfiguration(executingUserIdentity, exchangeRunspaceConfigurationSettings, Constants.IsPowerShellWebService);
                    IL_1FA :;
                }
                this.currentAuthZUserToken = new AuthZPluginUserToken(exchangeExpiringRunspaceConfiguration.DelegatedPrincipal, exchangeExpiringRunspaceConfiguration.LogonUser, authenticatedType, exchangeExpiringRunspaceConfiguration.IdentityName);
                ADRawEntry logonUser = exchangeExpiringRunspaceConfiguration.LogonUser;
                if (logonUser[ADRecipientSchema.RemotePowerShellEnabled] != null && !(bool)logonUser[ADRecipientSchema.RemotePowerShellEnabled])
                {
                    AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", "RemotePowerShellEnabled false", false);
                    ExTraceGlobals.AccessDeniedTracer.TraceError <string>(0L, "EAP.GetInitialSessionStateCore user {0} is not allowed to use remote Powershell, access denied", executingUserIdentity.Name);
                    AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
                    throw new RemotePowerShellNotEnabledException(Strings.ErrorRemotePowerShellNotEnabled);
                }
                if (exchangeExpiringRunspaceConfiguration.DelegatedPrincipal == null)
                {
                    ExchangeAuthorizationPlugin.ValidateQueryString(senderInfo.ConnectionString, logonUser);
                }
                else if (exchangeExpiringRunspaceConfiguration.DelegatedPrincipal.UserOrganizationId == null)
                {
                    AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", "User Token is delegated user, but user.OrgId is null.", false);
                    ExTraceGlobals.AccessDeniedTracer.TraceError(0L, "EAP.GetInitialSessionStateCore delegated user is not in organization.");
                    AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
                    throw new DelegatedUserNotInOrgException(Strings.ErrorDelegatedUserNotInOrg);
                }
                string friendlyName = exchangeExpiringRunspaceConfiguration.OrganizationId.GetFriendlyName();
                if (exchangeExpiringRunspaceConfiguration.HasAdminRoles && exchangeExpiringRunspaceConfiguration.IsAppPasswordUsed)
                {
                    AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", string.Format("User {0} of Domain {1} is not allowed to create session using app password.", userInfo.Identity.Name, friendlyName), false);
                    AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
                    throw new AppPasswordLoginException(Strings.ErrorAdminLoginUsingAppPassword);
                }
                if (string.Equals(executingUserIdentity.AuthenticationType, "LiveIdBasic", StringComparison.OrdinalIgnoreCase) || DelegatedPrincipal.DelegatedAuthenticationType.Equals(executingUserIdentity.AuthenticationType, StringComparison.OrdinalIgnoreCase))
                {
                    using (new MonitoredScope("GetInitialSessionStateCore", "ValidateFilteringOnlyUser", AuthZLogHelper.AuthZPerfMonitors))
                    {
                        if (UserValidationHelper.ValidateFilteringOnlyUser(friendlyName, this.currentAuthZUserToken.WindowsLiveId))
                        {
                            AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", string.Format("User {0} of Domain {1} doesn't have valid subscriptions for Exchange Hosted.", userInfo.Identity.Name, friendlyName), false);
                            AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
                            throw new FilteringOnlyUserLoginException(Strings.ErrorFilteringOnlyUserLogin);
                        }
                    }
                }
                InitialSessionState initialSessionState;
                using (new MonitoredScope("GetInitialSessionStateCore", "exchangeRunspaceConfig.CreateInitialSessionState", AuthZLogHelper.AuthZPerfMonitors))
                {
                    initialSessionState = exchangeExpiringRunspaceConfiguration.CreateInitialSessionState();
                }
                ExTraceGlobals.PublicPluginAPITracer.TraceDebug <int>((long)this.GetHashCode(), "EAP.GetInitialSessionState(PSSenderInfo) returns ISS with {0} commands", initialSessionState.Commands.Count);
                result = initialSessionState;
            }
            return(result);
        }
Ejemplo n.º 21
0
 public static bool IsFFOGallatinDatacenter()
 {
     return(DatacenterRegistry.IsFFOGallatinDatacenter());
 }
Ejemplo n.º 22
0
 private bool ShouldBufferBatches()
 {
     return(DatacenterRegistry.IsForefrontForOffice() && (this.logPrefix.StartsWith("MSGTRKSPLIT", StringComparison.OrdinalIgnoreCase) || this.logPrefix.StartsWith("MSGTRACECOMBOSPLIT", StringComparison.OrdinalIgnoreCase)) && this.messageBatchFlushInterval > 0);
 }
Ejemplo n.º 23
0
 public static bool IsDatacenterDedicated()
 {
     return(DatacenterRegistry.IsDatacenterDedicated());
 }
 // Token: 0x06001171 RID: 4465 RVA: 0x00054010 File Offset: 0x00052210
 public static bool IsDehydratedConfiguration(OrganizationId orgId)
 {
     return(Globals.IsDatacenter && !(orgId == null) && !OrganizationId.ForestWideOrgId.Equals(orgId) && !DatacenterRegistry.IsForefrontForOffice() && ProvisioningCache.Instance.TryAddAndGetOrganizationData <bool>(CannedProvisioningCacheKeys.IsDehydratedConfigurationCacheKey, orgId, delegate()
     {
         IConfigurationSession tenantOrTopologyConfigurationSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(ConsistencyMode.FullyConsistent, ADSessionSettings.FromAllTenantsPartitionId(orgId.PartitionId), 310, "IsDehydratedConfiguration", "f:\\15.00.1497\\sources\\dev\\data\\src\\directory\\SharedConfiguration.cs");
         ExchangeConfigurationUnit[] array = tenantOrTopologyConfigurationSession.Find <ExchangeConfigurationUnit>(orgId.ConfigurationUnit, QueryScope.Base, new ExistsFilter(OrganizationSchema.SupportedSharedConfigurations), null, 1);
         return array != null && array.Length == 1 && array[0].IsDehydrated;
     }));
 }
Ejemplo n.º 25
0
        public AdminAuditLogEvent[] Search()
        {
            TaskLogger.LogEnter();
            TaskLogger.Trace("Search criteria:\\r\\n{0}", new object[]
            {
                this.searchCriteria.ToString()
            });
            if (DatacenterRegistry.IsForefrontForOffice())
            {
                return(this.SearchInFFO());
            }
            ADUser tenantArbitrationMailbox;

            try
            {
                tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(this.searchCriteria.OrganizationId);
            }
            catch (ObjectNotFoundException innerException)
            {
                TaskLogger.Trace("ObjectNotFoundException occurred when getting Exchange principal from the discovery mailbox user.", new object[0]);
                throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException);
            }
            catch (NonUniqueRecipientException innerException2)
            {
                TaskLogger.Trace("More than one tenant arbitration mailbox found for the current organization.", new object[0]);
                throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException2);
            }
            Exception         ex        = null;
            ExchangePrincipal principal = ExchangePrincipal.FromADUser(this.searchCriteria.OrganizationId.ToADSessionSettings(), tenantArbitrationMailbox, RemotingOptions.AllowCrossSite);

            AdminAuditLogEvent[] result;
            try
            {
                TaskLogger.Trace("Opening EWS connection for the tenant arbitration mailbox", new object[0]);
                EwsAuditClient ewsAuditClient = new EwsAuditClient(new EwsConnectionManager(principal, OpenAsAdminOrSystemServiceBudgetTypeType.Default, AdminAuditLogSearchWorker.Tracer), TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), AdminAuditLogSearchWorker.Tracer);
                FolderIdType   folderIdType   = null;
                ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.root, DistinguishedFolderIdNameType.recoverableitemsroot, out folderIdType);
                ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.recoverableitemsroot, DistinguishedFolderIdNameType.adminauditlogs, out folderIdType);
                if (folderIdType == null)
                {
                    result = Array <AdminAuditLogEvent> .Empty;
                }
                else
                {
                    EwsAuditLogCollection            logCollection    = new EwsAuditLogCollection(ewsAuditClient, folderIdType);
                    AuditLogSearchId                 auditLogSearchId = this.searchCriteria.Identity as AuditLogSearchId;
                    IEnumerable <AdminAuditLogEvent> source;
                    if (this.UseFASTQuery())
                    {
                        QueryStringType queryFilter = this.GenerateFASTSearchQueryString();
                        source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, QueryStringType>(logCollection, queryFilter, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer);
                    }
                    else
                    {
                        RestrictionType queryFilter2 = this.GenerateSearchQueryFilterForEWS();
                        source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, RestrictionType>(logCollection, queryFilter2, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer);
                    }
                    if (this.searchStatistics != null)
                    {
                        this.searchStatistics.QueryComplexity = this.searchCriteria.QueryComplexity;
                        this.searchStatistics.CorrelationID   = ((auditLogSearchId != null) ? auditLogSearchId.Guid.ToString() : string.Empty);
                    }
                    AdminAuditLogEvent[] array = source.Take(this.searchCriteria.ResultSize).ToArray <AdminAuditLogEvent>();
                    this.RedactCallerField(array);
                    if (this.searchStatistics != null)
                    {
                        this.searchStatistics.ResultsReturned += array.LongLength;
                        this.searchStatistics.CallResult       = true;
                    }
                    result = array;
                }
            }
            catch (StorageTransientException ex2)
            {
                ex = ex2;
                TaskLogger.Trace("Search admin audit log failed with transient storage exception. {0}", new object[]
                {
                    ex2
                });
                throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex2, this.searchCriteria);
            }
            catch (StoragePermanentException ex3)
            {
                ex = ex3;
                TaskLogger.Trace("Search admin audit log failed with permanent storage exception. {0}", new object[]
                {
                    ex3
                });
                throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex3, this.searchCriteria);
            }
            catch (AuditLogException ex4)
            {
                ex = ex4;
                TaskLogger.Trace("Search admin audit log failed with storage exception. {0}", new object[]
                {
                    ex4
                });
                throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex4, this.searchCriteria);
            }
            finally
            {
                if (this.searchStatistics != null && ex != null)
                {
                    this.searchStatistics.ErrorType = ex;
                    this.searchStatistics.ErrorCount++;
                }
                TaskLogger.LogExit();
            }
            return(result);
        }
Ejemplo n.º 26
0
 internal static bool IsForefrontObject(ADObjectId id)
 {
     return(DatacenterRegistry.IsForefrontForOffice() && id.Depth >= 3 && string.Equals(id.AncestorDN(id.Depth - 3).Name, "FFO", StringComparison.OrdinalIgnoreCase) && string.Equals(id.AncestorDN(id.Depth - 2).Name, "EXTEST", StringComparison.OrdinalIgnoreCase) && string.Equals(id.AncestorDN(id.Depth - 1).Name, "MICROSOFT", StringComparison.OrdinalIgnoreCase) && string.Equals(id.AncestorDN(id.Depth).Name, "COM", StringComparison.OrdinalIgnoreCase));
 }
Ejemplo n.º 27
0
 private EcpIdentity(IIdentity logonUserIdentity, string cacheKeySuffix, bool isExplicitSignon)
 {
     this.IsExplicitSignon  = isExplicitSignon;
     this.identityResolved  = !isExplicitSignon;
     this.cacheKeySuffix    = cacheKeySuffix;
     this.LogonUserIdentity = logonUserIdentity;
     if (logonUserIdentity.AuthenticationType != DelegatedPrincipal.DelegatedAuthenticationType && !DatacenterRegistry.IsForefrontForOffice())
     {
         this.logonUserSid = logonUserIdentity.GetSecurityIdentifier();
     }
 }