protected override void CreateOrUpdateRoles(RoleNameMapping mapping, List <RoleDefinition> roleDefinitions, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
{
ExTraceGlobals.AccessCheckTracer.TraceFunction <int>(20009L, "-->CreateOrUpdateRoles: roleDefinitions count = {0}", roleDefinitions.Count);
RoleDefinition item = roleDefinitions.First((RoleDefinition x) => x.RoleName.Equals(mapping.OldName));
roleDefinitions.Remove(item);
List <ExchangeRole> list = new List <ExchangeRole>(roleDefinitions.Count);
foreach (RoleDefinition definition in roleDefinitions)
{
ExchangeRole exchangeRole = base.CreateOrUpdateRole(null, definition, enabledPermissionFeatures, suffix, mailboxPlanIndex);
if (exchangeRole != null)
{
list.Add(exchangeRole);
}
}
ExchangeRole exchangeRole2 = item.GenerateRole(enabledPermissionFeatures, this.settings.RolesContainerId, suffix, mailboxPlanIndex);
string unescapedCommonName = (suffix == null) ? mapping.OldName : (mapping.OldName + suffix);
ExchangeRole exchangeRole3 = this.settings.ConfigurationSession.Read <ExchangeRole>(this.settings.RolesContainerId.GetChildId(unescapedCommonName));
if (exchangeRole3 == null)
{
if (exchangeRole2.RoleEntries.Count > 0)
{
exchangeRole2.OrganizationId = this.settings.OrganizationId;
base.SaveRoleAndSuggestCleanupOnFailure(exchangeRole2);
ExTraceGlobals.AccessCheckTracer.TraceFunction(20009L, "<--CreateOrUpdateRole: New Role created");
}
return;
}
this.settings.LogReadObject(exchangeRole3);
this.UpdateCannedRole(exchangeRole3, exchangeRole2, list);
ExTraceGlobals.AccessCheckTracer.TraceFunction(20009L, "<--CreateOrUpdateRoles");
}
private void InstallCustomRole(RoleDefinition customRoleDefinition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
{
if (this.RoleNameExists(customRoleDefinition.RoleName + suffix))
{
return;
}
this.CreateCustomRole(customRoleDefinition, enabledPermissionFeatures, suffix, mailboxPlanIndex);
}
private void CreateCustomRole(RoleDefinition customRoleDefinition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
{
ADObjectId childId = this.rolesContainerId.GetChildId(customRoleDefinition.ParentRoleName + suffix);
ExchangeRole exchangeRole = customRoleDefinition.GenerateRole(enabledPermissionFeatures, childId, suffix, mailboxPlanIndex);
exchangeRole.OrganizationId = base.CurrentOrganizationId;
this.configurationSession.Save(exchangeRole);
}
public override void UpdateRole(RoleDefinition definition)
{
foreach (ServicePlan.MailboxPlan mailboxPlan in this.settings.ServicePlanSettings.MailboxPlans)
{
string suffix = "_" + mailboxPlan.Name;
base.CreateOrUpdateRole(this.roleNameMapping, definition, mailboxPlan.GetEnabledPermissionFeatures(), suffix, mailboxPlan.MailboxPlanIndex);
}
}
private ExchangeRole TryFindSafeDCRoleOrUseDefault(ExchangeRole cannedRole)
{
string dcsafeNameForRole = RoleDefinition.GetDCSafeNameForRole(cannedRole.Name);
ExchangeRole[] array = this.configurationSession.Find <ExchangeRole>(cannedRole.Id, QueryScope.OneLevel, new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Name, dcsafeNameForRole), null, 1);
if (array != null && array.Length == 1)
{
return(array[0]);
}
return(cannedRole);
}
public override void UpdateRole(RoleDefinition definition)
{
List <string> enabledPermissionFeatures = null;
if (this.settings.ServicePlanSettings != null)
{
if (definition.IsEndUserRole && !this.settings.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled)
{
enabledPermissionFeatures = this.settings.ServicePlanSettings.GetAggregatedMailboxPlanPermissions();
}
else if (!definition.IsEndUserRole)
{
enabledPermissionFeatures = this.settings.ServicePlanSettings.Organization.GetEnabledPermissionFeatures();
}
}
base.CreateOrUpdateRole(this.roleNameMapping, definition, enabledPermissionFeatures);
}
private void PurgeInvalidAssignmentsFromRoleGroup(RoleGroupRoleMapping rgMapping, ADGroup roleGroup, List <ExchangeRole> topCannedRoles)
{
TaskLogger.LogEnter();
if (!InstallCannedRbacRoleAssignments.MonitoredDCOnlyRoleGroups.Contains(rgMapping.RoleGroup))
{
return;
}
List <string> list = new List <string>(rgMapping.Assignments.Length * 2);
RoleAssignmentDefinition[] assignments = rgMapping.Assignments;
for (int i = 0; i < assignments.Length; i++)
{
RoleAssignmentDefinition assignmentDefinition = assignments[i];
List <ExchangeRole> list2 = topCannedRoles.FindAll((ExchangeRole x) => x.RoleType.Equals(assignmentDefinition.RoleType));
if (list2 != null)
{
foreach (ExchangeRole exchangeRole in list2)
{
list.Add(exchangeRole.DistinguishedName);
list.Add(exchangeRole.Id.GetChildId(RoleDefinition.GetDCSafeNameForRole(exchangeRole.Name)).DistinguishedName);
}
}
}
ADPagedReader <ExchangeRoleAssignment> adpagedReader = this.configurationSession.FindPaged <ExchangeRoleAssignment>(base.OrgContainerId.GetDescendantId(ExchangeRoleAssignment.RdnContainer), QueryScope.SubTree, new ComparisonFilter(ComparisonOperator.Equal, ExchangeRoleAssignmentSchema.User, roleGroup.Id), null, 0);
using (IEnumerator <ExchangeRoleAssignment> enumerator2 = adpagedReader.GetEnumerator())
{
while (enumerator2.MoveNext())
{
ExchangeRoleAssignment roleAssignment = enumerator2.Current;
if (!list.Contains(roleAssignment.Role.DistinguishedName, StringComparer.OrdinalIgnoreCase))
{
if (topCannedRoles.Find((ExchangeRole x) => x.Name.Equals(roleAssignment.Role.Name, StringComparison.OrdinalIgnoreCase) && x.RoleType.Equals(RoleType.UnScoped)) == null)
{
ExchangeRole exchangeRole2 = this.configurationSession.Read <ExchangeRole>(roleAssignment.Role);
if (exchangeRole2 != null && !exchangeRole2.RoleType.Equals(RoleType.UnScoped))
{
this.RemoveRoleAssignment(roleAssignment);
}
}
}
}
}
TaskLogger.LogExit();
}
protected void FindAndUpdateDerivedRoles(ExchangeRole updatedParentRole, RoleEntry[] oldParentRoleEntries, RoleDefinition roleDefinition, ref int recursionCount)
{
ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->FindAndUpdateDerivedRoles: updatedParentRole.Name = {0}, updatedParentRole.RoleEntries.Count = {1}, oldParentRoleEntries.Length = {2}, recursionCount = {3}", new object[]
{
updatedParentRole.Name,
updatedParentRole.RoleEntries.Count,
oldParentRoleEntries.Length,
recursionCount
});
if (++recursionCount >= 1000)
{
return;
}
bool flag = false;
bool flag2 = this.settings.Organization == null && (Datacenter.IsMicrosoftHostedOnly(false) || Datacenter.IsDatacenterDedicated(false)) && roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions);
ADPagedReader <ExchangeRole> adpagedReader = this.settings.ConfigurationSession.FindPaged <ExchangeRole>(updatedParentRole.Id, QueryScope.OneLevel, null, null, 0);
foreach (ExchangeRole exchangeRole in adpagedReader)
{
this.settings.LogReadObject(exchangeRole);
RoleEntry[] array = this.PrepareRoleForUpgradeAndGetOldSortedEntries(exchangeRole, false);
List <RoleEntry> value;
if (1 == recursionCount && flag2 && exchangeRole.Name.Equals(RoleDefinition.GetDCSafeNameForRole(updatedParentRole.Name), StringComparison.OrdinalIgnoreCase))
{
value = roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions);
flag = true;
}
else
{
value = this.GetListOfRoleEntriesForChildRole(oldParentRoleEntries, array, updatedParentRole.RoleEntries.ToArray(), exchangeRole.IsChanged(ADObjectSchema.ExchangeVersion));
}
exchangeRole.RoleEntries = new MultiValuedProperty <RoleEntry>(value);
this.FindAndUpdateDerivedRoles(exchangeRole, array, roleDefinition, ref recursionCount);
this.SaveDerivedRoleAndWarnOnValidationErrors(exchangeRole);
ExTraceGlobals.AccessCheckTracer.TraceFunction <string, int>(20005L, "----FindAndUpdateDerivedRoles: role.Name = {0}, role.RoleEntries.Count = {1}", exchangeRole.Name, exchangeRole.RoleEntries.Count);
}
if (1 == recursionCount && !flag)
{
this.CreateDCSafeRoleIfNeeded(updatedParentRole, roleDefinition);
}
recursionCount--;
ExTraceGlobals.AccessCheckTracer.TraceFunction <int>(20005L, "<--FindAndUpdateDerivedRoles: recursionCount = {0}", recursionCount);
}
protected void CreateDCSafeRoleIfNeeded(ExchangeRole cannedRole, RoleDefinition roleDefinition)
{
if (this.settings.Organization != null || !Datacenter.IsMicrosoftHostedOnly(false))
{
return;
}
if (!roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions))
{
return;
}
ExchangeRole exchangeRole = roleDefinition.GenerateRole(null, cannedRole.Id, null, null);
exchangeRole.Name = RoleDefinition.GetDCSafeNameForRole(cannedRole.Name);
exchangeRole.RoleEntries = new MultiValuedProperty <RoleEntry>(roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions));
exchangeRole.OrganizationId = this.settings.OrganizationId;
if (exchangeRole.RoleEntries.Count != 0)
{
this.SaveRoleAndWarnOnFailure(exchangeRole);
}
}
internal static RoleDefinition[] MergeRoleDefinitions(RoleDefinition[] cmdletRoleDefinitions, RoleDefinition[] webServiceRoleDefinitions)
{
List <RoleDefinition> list = cmdletRoleDefinitions.ToList <RoleDefinition>();
List <RoleDefinition> list2 = new List <RoleDefinition>();
for (int i = 0; i < webServiceRoleDefinitions.Length; i++)
{
RoleDefinition webServiceDef = webServiceRoleDefinitions[i];
int num = list.FindIndex(delegate(RoleDefinition x)
{
string roleName = x.RoleName;
RoleDefinition webServiceDef2 = webServiceDef;
if (roleName.Equals(webServiceDef2.RoleName, StringComparison.OrdinalIgnoreCase))
{
RoleType roleType = x.RoleType;
RoleDefinition webServiceDef3 = webServiceDef;
return(roleType == webServiceDef3.RoleType);
}
return(false);
});
if (num >= 0)
{
RoleDefinition roleDefinition = list[num];
List <RoleCmdlet> list3 = roleDefinition.Cmdlets.ToList <RoleCmdlet>();
List <RoleCmdlet> list4 = list3;
RoleDefinition webServiceDef4 = webServiceDef;
list4.AddRange(webServiceDef4.Cmdlets);
RoleDefinition value = new RoleDefinition(roleDefinition.RoleName, roleDefinition.ParentRoleName, roleDefinition.RoleType, list3.ToArray());
list[num] = value;
}
else
{
list2.Add(webServiceDef);
}
}
list.AddRange(list2);
return(list.ToArray());
}
protected ExchangeRole CreateOrUpdateRole(RoleNameMapping mapping, RoleDefinition definition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
{
ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->CreateOrUpdateRole: RoleDefinition = {0}, enabledPermissionFeatures is Null = {1}, suffix = {2}, mailboxPlanIndex = {3}", new object[]
{
definition.RoleName,
enabledPermissionFeatures == null,
string.IsNullOrEmpty(suffix) ? string.Empty : suffix,
string.IsNullOrEmpty(mailboxPlanIndex) ? string.Empty : mailboxPlanIndex
});
this.RenameExistingRole(mapping, suffix);
ExchangeRole exchangeRole = definition.GenerateRole(enabledPermissionFeatures, this.settings.RolesContainerId, suffix, mailboxPlanIndex);
if (exchangeRole.RoleEntries.Count > 0)
{
ExchangeRole exchangeRole2 = this.settings.ConfigurationSession.Read <ExchangeRole>(exchangeRole.Id);
if (exchangeRole2 != null)
{
this.settings.LogReadObject(exchangeRole2);
this.UpdateCannedRole(exchangeRole2, exchangeRole, definition);
exchangeRole = exchangeRole2;
ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: Role Updated");
}
else
{
exchangeRole.OrganizationId = this.settings.OrganizationId;
this.SaveRoleAndSuggestCleanupOnFailure(exchangeRole);
ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: New Role created");
this.CreateDCSafeRoleIfNeeded(exchangeRole, definition);
}
}
else
{
ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: No Role created");
this.settings.RemoveRoleAndAssignments(exchangeRole.Id);
exchangeRole = null;
}
return(exchangeRole);
}
public RoleDefinition(string theRoleName, string theParentRoleName, RoleType theRoleType, RoleCmdlet[] theCmdlets)
{
this = new RoleDefinition(theRoleName, theRoleType, theCmdlets);
this.parentRoleName = theParentRoleName;
}
protected void UpdateCannedRole(ExchangeRole existingRole, ExchangeRole cannedRole, RoleDefinition roleDefinition)
{
ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->UpdateCannedRole: existingRole = {0}, existingRoleVersion = {1}, existingRole-RoleType = {2}, cannedRole = {3}, cannedRoleVersion = {4}, cannedRole-RoleType = {5}", new object[]
{
existingRole.Name,
existingRole.ExchangeVersion.ToString(),
existingRole.RoleType.ToString(),
cannedRole.Name,
cannedRole.ExchangeVersion.ToString(),
cannedRole.RoleType.ToString()
});
bool flag = existingRole.ExchangeVersion == ExchangeRoleSchema.Exchange2009_R3;
RoleEntry[] array = this.PrepareRoleForUpgradeAndGetOldSortedEntries(existingRole, false);
existingRole.RoleEntries = (flag ? cannedRole.RoleEntries : this.CalculateUpdatedRoleEntries(cannedRole, array));
int num = 0;
this.FindAndUpdateDerivedRoles(existingRole, array, roleDefinition, ref num);
existingRole.OrganizationId = this.settings.OrganizationId;
this.SaveRoleAndSuggestCleanupOnFailure(existingRole);
ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<---UpdateCannedRole");
}
public override void UpdateRole(RoleDefinition definition)
{
throw new NotImplementedException("DeprecateRoleUpgrader feature not implemented");
}
protected ExchangeRole CreateOrUpdateRole(RoleNameMapping mapping, RoleDefinition definition, List <string> enabledPermissionFeatures)
{
return(this.CreateOrUpdateRole(mapping, definition, enabledPermissionFeatures, null, null));
}
public static bool CanUpgrade(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition, out RoleUpgrader roleUpgrader)
{
ExTraceGlobals.AccessCheckTracer.TraceFunction <string>(20006L, "-->NonDeprecatedRoleUpgrader.CanUpgrade: roleName = {0}", roleDefinition.RoleName);
bool flag = false;
roleUpgrader = null;
if (settings.Organization == null)
{
flag = true;
}
else if (!roleDefinition.IsEndUserRole || !settings.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled)
{
flag = true;
}
flag = (flag && (roleNameMapping == null || (!roleNameMapping.IsDeprecatedRole && !roleNameMapping.IsSplitting)));
if (flag)
{
roleUpgrader = new NonDeprecatedRoleUpgrader(settings, roleNameMapping);
}
ExTraceGlobals.AccessCheckTracer.TraceFunction <bool>(20006L, "<--NonDeprecatedRoleUpgrader.CanUpgrade: canUpgrade = {0}", flag);
return(flag);
}
public abstract void UpdateRole(RoleDefinition definition);
public static RoleUpgrader GetRoleUpgrader(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition)
{
RoleUpgrader result = null;
foreach (RoleUpgraderFactory.CanUpgradeRoleDelegate canUpgradeRoleDelegate in RoleUpgraderFactory.knownUpgrades)
{
if (canUpgradeRoleDelegate(settings, roleNameMapping, roleDefinition, out result))
{
break;
}
}
return(result);
}
public new static bool CanUpgrade(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition, out RoleUpgrader roleUpgrader)
{
ExTraceGlobals.AccessCheckTracer.TraceFunction <string>(20009L, "-->SplitRoleUpgrader.CanUpgrade: roleName = {0}", roleDefinition.RoleName);
bool flag = false;
roleUpgrader = null;
if (!roleDefinition.IsEndUserRole)
{
flag = true;
}
flag = (flag && roleNameMapping != null && roleNameMapping.IsSplitting);
if (flag)
{
roleUpgrader = new SplitRoleUpgrader(settings, roleNameMapping);
}
ExTraceGlobals.AccessCheckTracer.TraceFunction <bool>(20009L, "<--SplitRoleUpgrader.CanUpgrade: canUpgrade = {0}", flag);
return(flag);
}
public new static bool CanUpgrade(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition, out RoleUpgrader roleUpgrader)
{
ExTraceGlobals.AccessCheckTracer.TraceFunction <string>(20009L, "-->MailboxPlanDeprecatedRoleUpgrader.CanUpgrade: roleName = {0}", roleDefinition.RoleName);
bool flag = false;
roleUpgrader = null;
if (settings.Organization != null && roleDefinition.IsEndUserRole && roleNameMapping != null && roleNameMapping.IsDeprecatedRole && settings.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled)
{
flag = true;
}
if (flag)
{
roleUpgrader = new MailboxPlanDeprecatedRoleUpgrader(settings, roleNameMapping);
}
ExTraceGlobals.AccessCheckTracer.TraceFunction <bool>(20008L, "<--MailboxPlanDeprecatedRoleUpgrader.CanUpgrade: canUpgrade = {0}", flag);
return(flag);
}