private void InitializeADUserIfNeeded()
{
if (this.adUserInitialized)
{
return;
}
SecurityIdentifier userSid = this.clientSecurityContext.UserSid;
base.CheckOverBudget();
ADSessionSettings sessionSettings;
if (this.organizationId != null)
{
sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(this.organizationId);
}
else
{
sessionSettings = ADSessionSettings.FromRootOrgScopeSet();
}
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.FullyConsistent, sessionSettings, 397, "InitializeADUserIfNeeded", "f:\\15.00.1497\\sources\\dev\\infoworker\\src\\common\\RequestDispatch\\InternalClientContext.cs");
if (base.Budget != null)
{
tenantOrRootOrgRecipientSession.SessionSettings.AccountingObject = base.Budget;
}
this.adUser = (tenantOrRootOrgRecipientSession.FindBySid(userSid) as ADUser);
InternalClientContext.Tracer.TraceDebug((long)this.GetHashCode(), "{0}: {1}: found internal caller by SID {2} in the AD. User is {3}", new object[]
{
TraceContext.Get(),
this,
userSid,
this.adUser
});
this.adUserInitialized = true;
}
internal static List <ADRecipient> GetUsersGrantedSendAsPermission(ADRecipient mailbox, IRecipientSession galSession)
{
TraceWrapper.SearchLibraryTracer.TraceDebug <ADRecipient>(0, "Reading users who have SendAs rights for: {0}", mailbox);
RawSecurityDescriptor rawSecurityDescriptor = galSession.ReadSecurityDescriptor(mailbox.Id);
if (rawSecurityDescriptor == null)
{
TraceWrapper.SearchLibraryTracer.TraceDebug(0, "Null security-descriptor returned for mailbox", new object[0]);
return(null);
}
byte[] array = new byte[rawSecurityDescriptor.BinaryLength];
rawSecurityDescriptor.GetBinaryForm(array, 0);
ActiveDirectorySecurity activeDirectorySecurity = new ActiveDirectorySecurity();
activeDirectorySecurity.SetSecurityDescriptorBinaryForm(array);
AuthorizationRuleCollection accessRules = activeDirectorySecurity.GetAccessRules(true, false, typeof(SecurityIdentifier));
if (accessRules == null)
{
TraceWrapper.SearchLibraryTracer.TraceDebug(0, "No rules on ACL for this mailbox", new object[0]);
return(null);
}
List <ADRecipient> list = null;
foreach (object obj in accessRules)
{
ActiveDirectoryAccessRule activeDirectoryAccessRule = (ActiveDirectoryAccessRule)obj;
if (activeDirectoryAccessRule.AccessControlType == AccessControlType.Allow && object.Equals(activeDirectoryAccessRule.ObjectType, WellKnownGuid.SendAsExtendedRightGuid))
{
IdentityReference identityReference = activeDirectoryAccessRule.IdentityReference;
string value = identityReference.Value;
try
{
ADRecipient adrecipient = galSession.FindBySid(new SecurityIdentifier(value));
if (adrecipient == null)
{
TraceWrapper.SearchLibraryTracer.TraceError <string>(0, "User not found for SID: {0}", value);
}
else
{
if (list == null)
{
list = new List <ADRecipient>();
}
list.Add(adrecipient);
TraceWrapper.SearchLibraryTracer.TraceDebug <string, string>(0, "Added {0} to list of users who have Send-As permission for {1}.", adrecipient.DisplayName, mailbox.DisplayName);
}
}
catch (NonUniqueRecipientException arg)
{
TraceWrapper.SearchLibraryTracer.TraceError <string, string, NonUniqueRecipientException>(0, "Caught NonUniqueRecipientException when attempting to look up user with SID {0} while reading list of users granted Send-As permission to {1}: {2}", value, mailbox.Name, arg);
}
}
}
return(list);
}
public IGenericADUser FindBySid(IRecipientSession recipientSession, SecurityIdentifier sid)
{
ArgumentValidator.ThrowIfNull("recipientSession", recipientSession);
IGenericADUser adUser = null;
this.DoAdCallAndTranslateExceptions(delegate
{
adUser = this.TranslateADRecipient(recipientSession.FindBySid(sid), false);
}, "DirectoryAccessor::FindBySid");
return(adUser);
}
public ADRecipient CreateADRecipientBySid()
{
IRecipientSession recipientSession = (this.UserOrganizationId == null) ? UserContextUtilities.CreateScopedRecipientSession(true, ConsistencyMode.FullyConsistent, this.DomainName, null) : UserContextUtilities.CreateScopedRecipientSession(true, ConsistencyMode.FullyConsistent, null, this.UserOrganizationId);
ADRecipient adrecipient = recipientSession.FindBySid(this.UserSid);
if (adrecipient == null)
{
throw new OwaADUserNotFoundException(this.SafeGetRenderableName());
}
return(adrecipient);
}
// Token: 0x06000B8C RID: 2956 RVA: 0x00024868 File Offset: 0x00022A68
internal static ADObject GetRawRoleAssignee(RoleAssigneeIdParameter user, IConfigurationSession configSession, IRecipientSession recipientSession)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (recipientSession == null)
{
throw new ArgumentNullException("recipientSession");
}
if (configSession == null)
{
throw new ArgumentNullException("configSession");
}
IEnumerable <ADObject> enumerable = user.GetObjects <RoleAssignmentPolicy>(null, configSession).Cast <ADObject>();
EnumerableWrapper <ADObject> wrapper = EnumerableWrapper <ADObject> .GetWrapper(enumerable);
if (!wrapper.HasElements())
{
SecurityIdentifier securityIdentifier = SecurityPrincipalIdParameter.TryParseToSID(user.RawIdentity);
if (null != securityIdentifier)
{
ADRecipient adrecipient = recipientSession.FindBySid(securityIdentifier);
if (adrecipient != null)
{
enumerable = new ADObject[]
{
adrecipient
};
wrapper = EnumerableWrapper <ADObject> .GetWrapper(enumerable);
}
}
else
{
enumerable = user.GetObjects <ADRecipient>(null, recipientSession).Cast <ADObject>();
wrapper = EnumerableWrapper <ADObject> .GetWrapper(enumerable);
}
}
ADObject result = null;
using (IEnumerator <ADObject> enumerator = wrapper.GetEnumerator())
{
if (!enumerator.MoveNext())
{
throw new ManagementObjectNotFoundException(Strings.ErrorPolicyUserOrSecurityGroupNotFound(user.ToString()));
}
result = enumerator.Current;
if (enumerator.MoveNext())
{
throw new ManagementObjectAmbiguousException(Strings.ErrorPolicyUserOrSecurityGroupNotUnique(user.ToString()));
}
}
return(result);
}
public ADRecipient CreateADRecipientBySid()
{
IRecipientSession recipientSession = Utilities.CreateScopedRecipientSession(true, ConsistencyMode.FullyConsistent, this.DomainName);
ADRecipient adrecipient = recipientSession.FindBySid(this.UserSid);
this.LastRecipientSessionDCServerName = recipientSession.LastUsedDc;
if (adrecipient == null)
{
throw new OwaADObjectNotFoundException();
}
return(adrecipient);
}
// Token: 0x0600009D RID: 157 RVA: 0x00004E80 File Offset: 0x00003080
public static void ResolveCaller()
{
IIdentity identity = HttpContext.Current.User.Identity;
if (!(identity is WindowsIdentity) && !(identity is ClientSecurityContextIdentity))
{
return;
}
try
{
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.TrackLatency(ServiceLatencyMetadata.CallerADLatency, delegate()
{
DateTime utcNow = DateTime.UtcNow;
OrganizationId organizationId = (OrganizationId)HttpContext.Current.Items["UserOrganizationId"];
ADSessionSettings adsessionSettings;
if (organizationId != null)
{
adsessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId);
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("ADSessionSettingsFromOrgId", (DateTime.UtcNow - utcNow).TotalMilliseconds);
}
else
{
string memberName = HttpContext.Current.GetMemberName();
if (string.IsNullOrEmpty(memberName) && identity is SidBasedIdentity)
{
memberName = (identity as SidBasedIdentity).MemberName;
}
adsessionSettings = Common.SessionSettingsFromAddress(memberName);
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("ADSessionSettingsFromAddress", (DateTime.UtcNow - utcNow).TotalMilliseconds);
}
HttpContext.Current.Items["ADSessionSettings"] = adsessionSettings;
utcNow = DateTime.UtcNow;
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(true, ConsistencyMode.IgnoreInvalid, adsessionSettings, 989, "ResolveCaller", "f:\\15.00.1497\\sources\\dev\\autodisc\\src\\Common\\Common.cs");
tenantOrRootOrgRecipientSession.ServerTimeout = new TimeSpan?(Common.RecipientLookupTimeout);
ADRecipient adrecipient = tenantOrRootOrgRecipientSession.FindBySid(identity.GetSecurityIdentifier());
RequestDetailsLoggerBase <RequestDetailsLogger> .Current.AppendGenericInfo("ADRecipientSessionFindBySid", (DateTime.UtcNow - utcNow).TotalMilliseconds);
if (adrecipient != null)
{
ExTraceGlobals.FrameworkTracer.TraceDebug <ObjectId>(0L, "ResolveCaller -- Resolved caller is {0}.", adrecipient.Identity);
}
HttpContext.Current.Items["CallerRecipient"] = adrecipient;
ADUser aduser = adrecipient as ADUser;
if (aduser != null && aduser.NetID != null)
{
HttpContext.Current.Items["PassportUniqueId"] = aduser.NetID.ToString();
}
});
}
catch (NonUniqueRecipientException)
{
ExTraceGlobals.FrameworkTracer.TraceError <string>(0L, "ResolveCaller -- InternalResolveCaller returned non-unique user for {0}.", identity.Name);
}
}
private static bool FindUser(string username, string domain, out ADUser user)
{
UmConnectivityCredentialsHelper.DebugTrace("Inside FindUser()", new object[0]);
user = null;
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.RootOrgOrSingleTenantFromAcceptedDomainAutoDetect(domain), 500, "FindUser", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\um\\UmConnectivityCredentialsHelper.cs");
string sUserPrincipalName = username + "@" + domain;
try
{
using (WindowsIdentity windowsIdentity = new WindowsIdentity(sUserPrincipalName))
{
user = (ADUser)tenantOrRootOrgRecipientSession.FindBySid(windowsIdentity.User);
}
}
catch (SecurityException)
{
}
catch (UnauthorizedAccessException)
{
}
catch (ArgumentException)
{
}
catch (LocalizedException)
{
}
if (user == null)
{
string accountName = domain + "\\" + username;
try
{
user = (ADUser)tenantOrRootOrgRecipientSession.FindByAccountName <ADRecipient>(domain, accountName);
}
catch (LocalizedException)
{
}
}
if (user == null)
{
if (username.Length > 20)
{
username = username.Substring(0, 20);
}
try
{
user = (ADUser)tenantOrRootOrgRecipientSession.FindByAccountName <ADRecipient>(domain, username);
}
catch (LocalizedException)
{
}
}
return(user != null);
}
public int?GetPrimaryGroupId(IRecipientSession recipientSession, SecurityIdentifier userSid)
{
ArgumentValidator.ThrowIfNull("recipientSession", recipientSession);
ADUser adUser = null;
this.DoAdCallAndTranslateExceptions(delegate
{
adUser = (recipientSession.FindBySid(userSid) as ADUser);
}, "DirectoryAccessor::GetPrimaryGroupId");
if (adUser == null)
{
return(null);
}
return((int?)adUser[ADUserSchema.PrimaryGroupId]);
}
internal override ExchangePrincipal InternalCreateExchangePrincipal()
{
ExTraceGlobals.CoreCallTracer.TraceDebug <string>(0L, "OwaClientSecurityContextIdentity.CreateExchangePrincipal Creating scoped AD session for {0}", (base.UserOrganizationId == null) ? this.DomainName : base.UserOrganizationId.ToString());
bool flag = HttpContext.Current != null && UserAgentUtilities.IsMonitoringRequest(HttpContext.Current.Request.UserAgent);
ExchangePrincipal result;
try
{
ADSessionSettings sessionSettings = (base.UserOrganizationId == null) ? UserContextUtilities.CreateScopedSessionSettings(this.DomainName, null) : UserContextUtilities.CreateScopedSessionSettings(null, base.UserOrganizationId);
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, true, ConsistencyMode.IgnoreInvalid, null, sessionSettings, 417, "InternalCreateExchangePrincipal", "f:\\15.00.1497\\sources\\dev\\clients\\src\\Owa2\\Server\\Core\\common\\OwaClientSecurityContextIdentity.cs");
if (flag)
{
TimeSpan value = TimeSpan.FromSeconds((double)OwaClientSecurityContextIdentity.ADTimeoutForExchangePrincipalInstantiation.Value);
ExTraceGlobals.CoreCallTracer.TraceDebug <double>(0L, "OwaClientSecurityContextIdentity.CreateExchangePrincipal Reduced AD timeout to {0} seconds", value.TotalSeconds);
tenantOrRootOrgRecipientSession.ClientSideSearchTimeout = new TimeSpan?(value);
}
ExTraceGlobals.CoreCallTracer.TraceDebug(0L, "OwaClientSecurityContextIdentity.CreateExchangePrincipal Calling ExchangePrincipal.FromUserSid");
try
{
result = ExchangePrincipal.FromUserSid(tenantOrRootOrgRecipientSession, this.UserSid);
}
catch (UserHasNoMailboxException ex)
{
ADUser aduser = tenantOrRootOrgRecipientSession.FindBySid(this.UserSid) as ADUser;
ex.Data.Add("PrimarySmtpAddress", this.logonName);
if (aduser == null)
{
throw;
}
if (aduser.RecipientType == RecipientType.MailUser && aduser.SKUAssigned != true)
{
throw new OwaUserHasNoMailboxAndNoLicenseAssignedException(ex.Message, ex.InnerException);
}
throw;
}
}
catch (Exception ex2)
{
OwaDiagnostics.Logger.LogEvent(ClientsEventLogConstants.Tuple_OwaFailedToCreateExchangePrincipal, string.Empty, new object[]
{
this.UserSid,
flag,
ex2
});
throw;
}
return(result);
}
private static FolderSecurity.SecurityIdentifierType GetSecurityIdentifierType(IRecipientSession recipientSession, SecurityIdentifier securityIdentifier)
{
if (ExternalUser.IsExternalUserSid(securityIdentifier))
{
return(FolderSecurity.SecurityIdentifierType.User);
}
ADRecipient adrecipient = recipientSession.FindBySid(securityIdentifier);
if (adrecipient == null)
{
return(FolderSecurity.SecurityIdentifierType.Unknown);
}
if (!AclHelper.IsGroupRecipientType(adrecipient.RecipientType))
{
return(FolderSecurity.SecurityIdentifierType.User);
}
return(FolderSecurity.SecurityIdentifierType.Group);
}
internal OWAMiniRecipient FixCorruptOWAMiniRecipientCultureEntry()
{
if (ExTraceGlobals.CoreTracer.IsTraceEnabled(TraceType.DebugTrace))
{
ExTraceGlobals.CoreTracer.TraceDebug <string>(0L, "User {0} has corrupt culture, setting client culture to empty", this.SafeGetRenderableName());
}
IRecipientSession recipientSession = Utilities.CreateScopedRecipientSession(true, ConsistencyMode.FullyConsistent, this.DomainName);
ADUser aduser = recipientSession.FindBySid(this.UserSid) as ADUser;
this.LastRecipientSessionDCServerName = recipientSession.LastUsedDc;
if (aduser != null)
{
aduser.Languages = new MultiValuedProperty <CultureInfo>();
if (ExTraceGlobals.CoreTracer.IsTraceEnabled(TraceType.DebugTrace))
{
ExTraceGlobals.CoreTracer.TraceDebug <string>(0L, "Saving culture for User {0}, setting client culture to empty", this.SafeGetRenderableName());
}
recipientSession.Save(aduser);
return(recipientSession.FindMiniRecipientBySid <OWAMiniRecipient>(this.UserSid, OWAMiniRecipientSchema.AdditionalProperties));
}
return(null);
}
internal OWAMiniRecipient FixCorruptOWAMiniRecipientCultureEntry()
{
if (ExTraceGlobals.CoreTracer.IsTraceEnabled(TraceType.DebugTrace))
{
ExTraceGlobals.CoreTracer.TraceDebug <string>(0L, "User {0} has corrupt culture, setting client culture to empty", this.SafeGetRenderableName());
}
IRecipientSession recipientSession = (this.UserOrganizationId == null) ? UserContextUtilities.CreateScopedRecipientSession(false, ConsistencyMode.PartiallyConsistent, this.DomainName, null) : UserContextUtilities.CreateScopedRecipientSession(false, ConsistencyMode.PartiallyConsistent, null, this.UserOrganizationId);
ADUser aduser = recipientSession.FindBySid(this.UserSid) as ADUser;
if (aduser != null)
{
aduser.Languages = new MultiValuedProperty <CultureInfo>();
if (ExTraceGlobals.CoreTracer.IsTraceEnabled(TraceType.DebugTrace))
{
ExTraceGlobals.CoreTracer.TraceDebug <string>(0L, "Saving culture for User {0}, setting client culture to empty", this.SafeGetRenderableName());
}
recipientSession.Save(aduser);
return(recipientSession.FindMiniRecipientBySid <OWAMiniRecipient>(this.UserSid, OWAMiniRecipientSchema.AdditionalProperties));
}
ExTraceGlobals.CoreTracer.TraceDebug <SecurityIdentifier>(0L, "OwaIdentity.FixCorruptOWAMiniRecipientCultureEntry: got null adUser for Sid: {0}", this.UserSid);
return(null);
}
private static void PrePopulateUserGroupSids(SidBasedIdentity sidBasedIdentity)
{
if (sidBasedIdentity.PrepopulatedGroupSidIds == null || sidBasedIdentity.PrepopulatedGroupSidIds.Count <string>() <= 0)
{
ExTraceGlobals.CoreCallTracer.TraceDebug <string>(0L, "Attempting to prepopulate group SIDS for user '{0}'.", sidBasedIdentity.Sid.Value);
if (sidBasedIdentity.UserOrganizationId != null)
{
List <string> list = null;
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, true, ConsistencyMode.IgnoreInvalid, null, ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(sidBasedIdentity.UserOrganizationId), 647, "PrePopulateUserGroupSids", "f:\\15.00.1497\\sources\\dev\\clients\\src\\Owa2\\Server\\Core\\common\\OwaClientSecurityContextIdentity.cs");
if (tenantOrRootOrgRecipientSession != null)
{
ExTraceGlobals.CoreCallTracer.TraceDebug <string>(0L, "OwaClientSecurityContextIdentity.GetUserGroupSidIds created IRecipientSession instance for user '{0}'.", sidBasedIdentity.Sid.Value);
ADRecipient adrecipient = tenantOrRootOrgRecipientSession.FindBySid(sidBasedIdentity.Sid);
if (adrecipient != null)
{
ExTraceGlobals.CoreCallTracer.TraceDebug <string, SmtpAddress, string>(0L, "OwaClientSecurityContextIdentity.GetUserGroupSidIds fetched ADRecipient instance with DisplaName '{0}' and PrimarySmtpAddress '{1}' for user '{2}'.", adrecipient.DisplayName, adrecipient.PrimarySmtpAddress, sidBasedIdentity.Sid.Value);
list = tenantOrRootOrgRecipientSession.GetTokenSids(adrecipient, AssignmentMethod.S4U);
}
else
{
ExTraceGlobals.CoreCallTracer.TraceError <string>(0L, "OwaClientSecurityContextIdentity.GetUserGroupSidIds was unable to get ADRecipient instance for user '{0}'.", sidBasedIdentity.Sid.Value);
}
}
else
{
ExTraceGlobals.CoreCallTracer.TraceError <string>(0L, "OwaClientSecurityContextIdentity.GetUserGroupSidIds was unable to get IRecipientSession instance for user '{0}'.", sidBasedIdentity.Sid.Value);
}
if (list == null)
{
ExTraceGlobals.CoreCallTracer.TraceError <string>(0L, "OwaClientSecurityContextIdentity.GetUserGroupSidIds was unable to find any group SIDs for user '{0}'.", sidBasedIdentity.Sid.Value);
return;
}
ExTraceGlobals.CoreCallTracer.TraceDebug <string, string>(0L, "Prepopulating User group SIds '{0}', for user '{1}'.", string.Join(", ", list), sidBasedIdentity.Sid.Value);
sidBasedIdentity.PrepopulateGroupSidIds(list);
}
}
}
internal static LocalizedException SetUserInformation(TestCasConnectivity.TestCasConnectivityRunInstance instance, IConfigDataProvider session, ref ADUser user)
{
if (session == null)
{
throw new LocalizedException(Strings.ErrorNullParameter("session"));
}
if (instance == null)
{
throw new LocalizedException(Strings.ErrorNullParameter("instance"));
}
IRecipientSession recipientSession = session as IRecipientSession;
if (recipientSession == null)
{
throw new LocalizedException(Strings.ErrorNullParameter("recipientSession"));
}
if (!string.IsNullOrEmpty(instance.credentials.Domain) && instance.credentials.UserName.IndexOf('@') == -1)
{
WindowsIdentity windowsIdentity = null;
string text = instance.credentials.UserName + "@" + instance.credentials.Domain;
try
{
windowsIdentity = new WindowsIdentity(text);
}
catch (SecurityException ex)
{
return(new CasHealthUserNotFoundException(text, ex.Message));
}
using (windowsIdentity)
{
user = (recipientSession.FindBySid(windowsIdentity.User) as ADUser);
if (user == null)
{
return(new AdUserNotFoundException(text, string.Empty));
}
goto IL_174;
}
}
user = null;
RecipientIdParameter recipientIdParameter = RecipientIdParameter.Parse(instance.credentials.UserName);
IEnumerable <ADUser> objects = recipientIdParameter.GetObjects <ADUser>(null, recipientSession);
if (objects != null)
{
IEnumerator <ADUser> enumerator = objects.GetEnumerator();
if (enumerator != null && enumerator.MoveNext())
{
user = enumerator.Current;
}
if (enumerator.MoveNext())
{
user = null;
return(new AdUserNotUniqueException(instance.credentials.UserName));
}
}
if (user == null)
{
return(new AdUserNotFoundException(instance.credentials.UserName, string.Empty));
}
IL_174:
return(null);
}