private void CheckSessionOverBudget()
{
OverBudgetException exception;
if (WSManBudgetManager.Instance.CheckOverBudget(this.currentAuthZUserToken, CostType.ActiveRunspace, out exception))
{
LocalizedString message = AuthZPluginHelper.HandleUserOverBudgetException(exception, this.currentAuthZUserToken);
throw new AuthorizationException(message);
}
if (this.currentAuthZUserToken.OrgId != null && WSManTenantBudgetManager.Instance.CheckOverBudget(this.currentAuthZUserToken, CostType.ActiveRunspace, out exception))
{
LocalizedString message2 = AuthZPluginHelper.HandleTenantOverBudgetException(exception, this.currentAuthZUserToken);
throw new AuthorizationException(message2);
}
if (AppSettings.Current.MaxPowershellAppPoolConnections > 0 && WSManBudgetManager.Instance.TotalActiveRunspaces >= AppSettings.Current.MaxPowershellAppPoolConnections)
{
string windowsLiveId = this.currentAuthZUserToken.WindowsLiveId;
if (!string.IsNullOrEmpty(windowsLiveId))
{
FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, TimeSpan.Zero);
}
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-Machine", LoggerHelper.GetContributeToFailFastValue("AllUsers", "-1", "NewSesion", -1.0));
FailFastUserCache.Instance.AddAllUsersToCache(BlockedType.NewSession, TimeSpan.Zero);
LocalizedString localizedString = Strings.ErrorMaxConnectionLimit(AppSettings.Current.VDirName);
ExTraceGlobals.RunspaceConfigTracer.TraceError(0L, localizedString);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPSConnectionLimit, null, new object[]
{
AppSettings.Current.VDirName,
AppSettings.Current.MaxPowershellAppPoolConnections
});
throw new AuthorizationException(localizedString);
}
}
private static void RemoveCmdletParams(RoleEntryInfo entry, IList <string> paramList, IList <RoleEntryInfo> cmdletTobeRemoved, IList <RoleEntryInfo> cmdletTobeAdded, bool fNewCmdlet)
{
if (paramList == null || paramList.Count == 0)
{
return;
}
if (cmdletTobeRemoved == null)
{
return;
}
if (cmdletTobeAdded == null)
{
return;
}
cmdletTobeRemoved.Add(entry);
IEnumerable <string> source = entry.RoleEntry.Parameters.Except(paramList);
RoleEntryInfo roleEntryInfo;
if (entry.RoleAssignment == null)
{
roleEntryInfo = new RoleEntryInfo(entry.RoleEntry.Clone(source.ToList <string>()));
}
else
{
roleEntryInfo = new RoleEntryInfo(entry.RoleEntry.Clone(source.ToList <string>()), entry.RoleAssignment);
}
roleEntryInfo.ScopeSet = entry.ScopeSet;
cmdletTobeAdded.Add(roleEntryInfo);
if (fNewCmdlet)
{
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.CmdletFlightDisabled, entry.RoleEntry.Name, string.Join(" ", paramList));
}
}
private static void RemoveCmdlet(RoleEntryInfo entry, IList <RoleEntryInfo> cmdletTobeRemoved, bool fNewCmdlet)
{
cmdletTobeRemoved.Add(entry);
if (fNewCmdlet)
{
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.CmdletFlightDisabled, entry.RoleEntry.Name, "*");
}
}
// Token: 0x060012F3 RID: 4851 RVA: 0x0003DE30 File Offset: 0x0003C030
internal static LocalizedString HandleTenantOverBudgetException(OverBudgetException exception, AuthZPluginUserToken userToken)
{
string policyPart = exception.PolicyPart;
string orgIdInString = userToken.OrgIdInString;
string userName = userToken.UserName;
string windowsLiveId = userToken.WindowsLiveId;
ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string, string>(0L, "Get Tenant OverBudgetException for user {0}, Organization {1}. Message: {2}", userName, orgIdInString, exception.ToString());
AuthZLogger.SafeAppendGenericError("Tenant_OverBudgetException", exception.ToString(), false);
TimeSpan blockedTime = TimeSpan.FromMilliseconds((double)exception.BackoffTime);
if (windowsLiveId != null)
{
FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, blockedTime);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserOrg", LoggerHelper.GetContributeToFailFastValue("User", windowsLiveId, "NewSession", blockedTime.TotalMilliseconds));
}
if (!string.IsNullOrEmpty(orgIdInString))
{
FailFastUserCache.Instance.AddTenantToCache(orgIdInString, BlockedType.NewSession, blockedTime);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-Org", LoggerHelper.GetContributeToFailFastValue("Tenant", orgIdInString, "NewSession", blockedTime.TotalMilliseconds));
foreach (string text in userToken.DomainsToBlockTogether)
{
FailFastUserCache.Instance.AddTenantToCache(text, BlockedType.NewSession, blockedTime);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-AcceptedDomain-" + text, LoggerHelper.GetContributeToFailFastValue("Tenant", text, "NewSession", blockedTime.TotalMilliseconds));
}
}
IThrottlingPolicy throttlingPolicy = userToken.GetThrottlingPolicy();
LocalizedString value;
if (policyPart == "MaxTenantConcurrency")
{
value = Strings.ErrorMaxTenantPSConnectionLimit(orgIdInString);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxTenantPSConnectionLimit, null, new object[]
{
userName,
orgIdInString,
throttlingPolicy.PowerShellMaxTenantConcurrency
});
}
else
{
if (!(policyPart == "MaxTenantRunspaces"))
{
throw new NotSupportedException(string.Format("DEV bug. The exception policy part {0} is not expected.", policyPart));
}
value = Strings.ErrorTenantMaxRunspacesTarpitting(orgIdInString, exception.BackoffTime / 1000);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxTenantPSRunspaceInTimePeriodLimit, null, new object[]
{
userName,
orgIdInString,
throttlingPolicy.PowerShellMaxTenantRunspaces,
throttlingPolicy.PowerShellMaxRunspacesTimePeriod,
exception.BackoffTime
});
}
return(new LocalizedString(value + string.Format("{2}Policy: {0}; {2}Snapshot: {1}", exception.ThrottlingPolicyDN, exception.Snapshot, Environment.NewLine)));
}
// Token: 0x060012F4 RID: 4852 RVA: 0x0003E08C File Offset: 0x0003C28C
internal static void TriggerFailFastForAuthZFailure(string windowsLiveId)
{
if (string.IsNullOrEmpty(windowsLiveId))
{
return;
}
FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, TimeSpan.Zero);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserSelf", LoggerHelper.GetContributeToFailFastValue("User", windowsLiveId, "NewSession", -1.0));
}
// Token: 0x060012F2 RID: 4850 RVA: 0x0003DC08 File Offset: 0x0003BE08
internal static LocalizedString HandleUserOverBudgetException(OverBudgetException exception, AuthZPluginUserToken userToken)
{
string policyPart = exception.PolicyPart;
string userName = userToken.UserName;
string windowsLiveId = userToken.WindowsLiveId;
ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string>(0L, "Get User OverBudgetException for user {0}. Message: {1}", userName, exception.ToString());
AuthZLogger.SafeAppendGenericError("User_OverBudgetException", exception.ToString(), false);
if (!string.IsNullOrEmpty(windowsLiveId))
{
BlockedType blockedType = (policyPart == "PowerShellMaxCmdlets") ? BlockedType.NewRequest : BlockedType.NewSession;
FailFastUserCache.Instance.AddUserToCache(userToken.WindowsLiveId, blockedType, TimeSpan.Zero);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserSelf", LoggerHelper.GetContributeToFailFastValue("User", userToken.WindowsLiveId, blockedType.ToString(), -1.0));
}
IThrottlingPolicy throttlingPolicy = userToken.GetThrottlingPolicy();
LocalizedString value;
if (policyPart == "MaxConcurrency")
{
value = Strings.ErrorMaxRunspacesLimit(throttlingPolicy.PowerShellMaxConcurrency.ToString(), policyPart);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxUserPSConnectionLimit, null, new object[]
{
userName,
throttlingPolicy.PowerShellMaxConcurrency
});
}
else if (policyPart == "MaxRunspacesTimePeriod")
{
value = Strings.ErrorMaxRunspacesTarpitting(exception.BackoffTime / 1000);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPSRunspaceInTimePeriodLimit, null, new object[]
{
userName,
throttlingPolicy.PowerShellMaxRunspaces,
throttlingPolicy.PowerShellMaxRunspacesTimePeriod,
exception.BackoffTime
});
}
else
{
if (!(policyPart == "PowerShellMaxCmdlets"))
{
throw new NotSupportedException(string.Format("DEV bug. The exception policy part {0} is not expected.", policyPart));
}
value = Strings.ErrorOperationTarpitting(exception.BackoffTime / 1000);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPowershellCmdletLimit, null, new object[]
{
userName,
throttlingPolicy.PowerShellMaxCmdlets,
throttlingPolicy.PowerShellMaxCmdletsTimePeriod,
exception.BackoffTime
});
}
return(new LocalizedString(value + string.Format("{2}Policy: {0}; {2}Snapshot: {1}", exception.ThrottlingPolicyDN, exception.Snapshot, Environment.NewLine)));
}
internal static VariantConfigurationSnapshot GetSnapshot(ADRawEntry executingUser, IEnumerable <KeyValuePair <string, string> > additionalConstraints)
{
if (executingUser == null)
{
return(null);
}
VariantConfigurationSnapshot variantConfigurationSnapshot = null;
MiniRecipient miniRecipient = new MiniRecipient();
try
{
try
{
miniRecipient[MiniRecipientSchema.UserPrincipalName] = executingUser[ADUserSchema.UserPrincipalName];
miniRecipient[ADObjectSchema.OrganizationId] = executingUser[ADObjectSchema.OrganizationId];
miniRecipient[MiniRecipientSchema.ExternalDirectoryObjectId] = executingUser[ADRecipientSchema.ExternalDirectoryObjectId];
miniRecipient[MiniRecipientSchema.Languages] = executingUser[ADOrgPersonSchema.Languages];
}
catch (DataValidationException ex)
{
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "DataValidationException", ex.Message);
}
ConstraintCollection constraintCollection = null;
if (additionalConstraints != null)
{
constraintCollection = ConstraintCollection.CreateEmpty();
foreach (KeyValuePair <string, string> keyValuePair in additionalConstraints)
{
constraintCollection.Add(keyValuePair.Key, keyValuePair.Value);
}
}
variantConfigurationSnapshot = VariantConfiguration.GetSnapshot(miniRecipient.GetContext(null), constraintCollection, null);
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "Flights", string.Join(" ", variantConfigurationSnapshot.Flights));
}
catch (Exception ex2)
{
AuthZLogger.SafeAppendGenericError("VariantConfigurationSnapshot.Exception", ex2.Message, false);
}
finally
{
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "User", executingUser[ADUserSchema.UserPrincipalName].ToString());
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "Org", executingUser[ADObjectSchema.OrganizationId].ToString());
}
return(variantConfigurationSnapshot);
}
private static void BuildParamFlightingList(RoleEntryInfo entry, ICmdletSettings cmdletSettings, ref IList <string> paramFlightingList)
{
IEnumerable <string> enumerable = cmdletSettings.Params0.Union(cmdletSettings.Params1);
enumerable = enumerable.Union(cmdletSettings.Params2);
enumerable = enumerable.Union(cmdletSettings.Params3);
enumerable = enumerable.Union(cmdletSettings.Params4);
enumerable = enumerable.Union(cmdletSettings.Params5);
enumerable = enumerable.Union(cmdletSettings.Params6);
enumerable = enumerable.Union(cmdletSettings.Params7);
enumerable = enumerable.Union(cmdletSettings.Params8);
enumerable = enumerable.Union(cmdletSettings.Params9);
if (enumerable != null)
{
paramFlightingList = enumerable.ToList <string>();
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.CmdletFlightEnabled, entry.RoleEntry.Name, string.Join(" ", paramFlightingList));
}
}
// Token: 0x060012E1 RID: 4833 RVA: 0x0003D75C File Offset: 0x0003B95C
internal static void EndLogging(bool shouldCommit)
{
Microsoft.Exchange.Diagnostics.Components.Configuration.Core.ExTraceGlobals.InstrumentationTracer.TraceDebug(0L, "[AuthZLogHelper.EndLogging] End logging.");
try
{
if (AuthZLogHelper.latencyTracker != null)
{
long num = Diagnostics.ExecuteAndLog <long>("AuthZLogHelper.StopLatencyTracker", false, null, Constants.CoreEventLogger, Microsoft.Exchange.Configuration.Core.EventLog.TaskEventLogConstants.Tuple_NonCrashingException, Microsoft.Exchange.Diagnostics.Components.Configuration.Core.ExTraceGlobals.InstrumentationTracer, null, delegate(Exception ex)
{
AuthZLogHelper.LogException(ex, "AuthZLogHelper.StopLatencyTracker", false);
}, -1L, new Func <long>(AuthZLogHelper.StopLatencyTracker));
AuthZLogger.SafeSetLogger(ConfigurationCoreMetadata.TotalTime, num);
AuthZLogHelper.latencyTracker.PushLatencyDetailsToLog(AuthZLogHelper.funcNameToLogMetadataDic, new Action <Enum, double>(AuthZLogger.UpdateLatency), delegate(string funcName, string totalLatency)
{
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, funcName, totalLatency);
});
}
else
{
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, "LatencyMissed", "AuthZLogHelper.latencyTracker is null");
}
}
finally
{
try
{
if (shouldCommit)
{
AuthZLogger.AsyncCommit(true);
}
}
finally
{
AuthZLogHelper.latencyTracker = null;
}
}
}
// Token: 0x060012DD RID: 4829 RVA: 0x0003D4C8 File Offset: 0x0003B6C8
internal static T ExecuteWSManPluginAPI <T>(string funcName, bool throwException, bool trackLatency, T defaultReturnValue, Func <T> func)
{
ExWatson.IsExceptionInteresting isExceptionInteresting = null;
T result;
try
{
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, funcName, DateTime.UtcNow.ToString());
string funcName2 = funcName;
bool throwException2 = throwException;
LatencyTracker latencyTracker = trackLatency ? AuthZLogHelper.latencyTracker : null;
ExEventLog rbacEventLogger = AuthZLogHelper.RbacEventLogger;
ExEventLog.EventTuple tuple_RemotePSPublicAPIFailed = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RemotePSPublicAPIFailed;
Trace publicPluginAPITracer = Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer;
if (isExceptionInteresting == null)
{
isExceptionInteresting = ((object ex) => AuthZPluginHelper.IsFatalException(ex as Exception));
}
result = Diagnostics.ExecuteAndLog <T>(funcName2, throwException2, latencyTracker, rbacEventLogger, tuple_RemotePSPublicAPIFailed, publicPluginAPITracer, isExceptionInteresting, delegate(Exception ex)
{
AuthZLogHelper.LogException(ex, funcName, throwException);
}, defaultReturnValue, () => AuthZLogHelper.HandleExceptionAndRetry <T>(funcName, func, throwException, defaultReturnValue));
}
catch (Exception ex)
{
string arg = (AuthZLogger.ActivityScope != null) ? AuthZLogger.ActivityScope.ActivityId.ToString() : null;
AuthZLogHelper.EndLogging(true);
Exception ex3;
string str = string.Format("[FailureCategory={0}] ", FailureCategory.AuthZ + "-" + ex3.GetType().Name);
string str2 = string.Format("[AuthZRequestId={0}]", arg);
LocalizedString message = new LocalizedString(str2 + str + ex3.Message);
AuthorizationException ex2 = new AuthorizationException(message, ex3);
throw ex2;
}
return(result);
}
// Token: 0x060012DF RID: 4831 RVA: 0x0003D670 File Offset: 0x0003B870
internal static bool StartLogging(string funcName, out bool latencyTrackerStartedByMe)
{
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, funcName, DateTime.UtcNow.ToString());
latencyTrackerStartedByMe = false;
if (AuthZLogHelper.latencyTracker == null)
{
Diagnostics.ExecuteAndLog("AuthZLogHelper.StartLatencyTracker", false, null, Constants.CoreEventLogger, Microsoft.Exchange.Configuration.Core.EventLog.TaskEventLogConstants.Tuple_NonCrashingException, Microsoft.Exchange.Diagnostics.Components.Configuration.Core.ExTraceGlobals.InstrumentationTracer, null, delegate(Exception ex)
{
AuthZLogHelper.LogException(ex, "AuthZLogHelper.StartLatencyTracker", false);
}, delegate()
{
AuthZLogHelper.StartLatencyTracker(funcName);
});
latencyTrackerStartedByMe = (AuthZLogHelper.latencyTracker != null);
}
if (AuthZLogger.LoggerNotDisposed)
{
return(false);
}
InitializeLoggerSettingsHelper.InitLoggerSettings();
AuthZLogger.InitializeRequestLogger();
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.Function, funcName);
return(true);
}
internal static void FilterCmdletsAndParams(VariantConfigurationSnapshot configurationSnapshot, List <RoleEntryInfo> cmdletList)
{
if (configurationSnapshot == null)
{
return;
}
IDictionary <string, ICmdletSettings> dictionary = null;
try
{
dictionary = configurationSnapshot.GetObjectsOfType <ICmdletSettings>("CmdletInfra.settings.ini");
}
catch (KeyNotFoundException ex)
{
AuthZLogger.SafeAppendGenericError("VanriantConfigurationSnapshot.KeyNotFoundException", ex.Message, false);
}
if (dictionary == null || dictionary.Count == 0)
{
return;
}
List <RoleEntryInfo> cmdletTobeAdded = new List <RoleEntryInfo>();
List <RoleEntryInfo> cmdletTobeRemoved = new List <RoleEntryInfo>();
string value = "";
ICmdletSettings cmdletSettings = null;
IList <string> list = null;
foreach (RoleEntryInfo roleEntryInfo in cmdletList)
{
if (dictionary.TryGetValue(roleEntryInfo.RoleEntry.Name, out cmdletSettings))
{
bool flag = !roleEntryInfo.RoleEntry.Name.Equals(value, StringComparison.OrdinalIgnoreCase);
if (flag)
{
value = roleEntryInfo.RoleEntry.Name;
}
IList <string> list2 = cmdletSettings.AllFlightingParams;
if (!cmdletSettings.Enabled)
{
CmdletFlight.RemoveCmdlet(roleEntryInfo, cmdletTobeRemoved, flag);
}
else if (list2 != null && list2.Count > 0)
{
if (flag)
{
CmdletFlight.BuildParamFlightingList(roleEntryInfo, cmdletSettings, ref list);
}
if (list != null)
{
IEnumerable <string> source = list2.Except(list);
list2 = source.ToList <string>();
}
CmdletFlight.RemoveCmdletParams(roleEntryInfo, list2, cmdletTobeRemoved, cmdletTobeAdded, flag);
}
else if (flag)
{
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.CmdletFlightEnabled, roleEntryInfo.RoleEntry.Name, "*");
}
}
}
CmdletFlight.CommitChanges(cmdletList, cmdletTobeRemoved, cmdletTobeAdded);
}
