internal SharingProvider GetTargetSharingProvider(ADRecipient mailboxOwner) { Util.ThrowOnNullArgument(mailboxOwner, "mailboxOwner"); if (this.AvailableSharingProviders.Keys.Count == 1) { using (Dictionary <SharingProvider, CheckRecipientsResults> .KeyCollection.Enumerator enumerator = this.AvailableSharingProviders.Keys.GetEnumerator()) { if (enumerator.MoveNext()) { SharingProvider sharingProvider = enumerator.Current; ExTraceGlobals.SharingTracer.TraceDebug <ADRecipient, SharingProvider>((long)this.GetHashCode(), "{0}: Found target provider {1} for current user.", mailboxOwner, sharingProvider); return(sharingProvider); } } } foreach (KeyValuePair <SharingProvider, CheckRecipientsResults> keyValuePair in this.AvailableSharingProviders) { SharingProvider key = keyValuePair.Key; CheckRecipientsResults value = keyValuePair.Value; if (value != null && mailboxOwner.IsAnyAddressMatched(ValidRecipient.ConvertToStringArray(value.ValidRecipients))) { ExTraceGlobals.SharingTracer.TraceDebug <ADRecipient, SharingProvider>((long)this.GetHashCode(), "{0}: Found target provider {1} for current user.", mailboxOwner, key); return(key); } } ExTraceGlobals.SharingTracer.TraceError <ADRecipient>((long)this.GetHashCode(), "{0}: No available provider is found for this user.", mailboxOwner); return(null); }
protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator) { if (recipients.Length != 1) { throw new InvalidOperationException("Only single recipient is allowed."); } ValidRecipient validRecipient = recipients[0]; string folderId = context.FolderId.ToBase64String(); ExternalUser externalUser = this.ApplyPermission(mailboxSession, new SmtpAddress(validRecipient.SmtpAddress), context); IRecipientSession adrecipientSession = mailboxSession.GetADRecipientSession(false, ConsistencyMode.FullyConsistent); ADUser aduser = (ADUser)adrecipientSession.Read(mailboxSession.MailboxOwner.ObjectId); string text = aduser.SharingAnonymousIdentities.FindExistingUrlId(SharingDataType.ReachCalendar.PublishResourceName, folderId); Uri owaVdirUrl = OwaAnonymousVdirLocater.Instance.GetOwaVdirUrl(mailboxSession.MailboxOwner, frontEndLocator); SmtpAddress primarySmtpAddress = mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress; ObscureUrl obscureUrl = ObscureUrl.CreatePublishReachCalendarUrl(owaVdirUrl.ToString(), mailboxSession.MailboxGuid, primarySmtpAddress.Domain, text, externalUser.Sid); if (string.IsNullOrEmpty(text)) { aduser.SharingAnonymousIdentities.AddOrUpdate(SharingDataType.ReachCalendar.PublishResourceName, obscureUrl.Identity, folderId); adrecipientSession.Save(aduser); } context.BrowseUrl = obscureUrl.ToString() + ".html"; context.ICalUrl = obscureUrl.ToString() + ".ics"; return(new PerformInvitationResults(recipients)); }
protected override void InternalPerformRevocation(MailboxSession mailboxSession, SharingContext context) { using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context)) { ValidRecipient recipient = new ValidRecipient(context.InitiatorSmtpAddress, null); PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(recipient, mailboxSession.MailboxOwner); current.RemovePermission(principal); } }
private PermissionSecurityPrincipal CreatePermissionSecurityPrincipal(ValidRecipient recipient, IExchangePrincipal mailboxPrincipal) { ADRecipient adrecipient = recipient.ADRecipient; if (adrecipient == null) { IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, true, ConsistencyMode.FullyConsistent, null, mailboxPrincipal.MailboxInfo.OrganizationId.ToADSessionSettings(), 248, "CreatePermissionSecurityPrincipal", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Sharing\\SharingProviderHandlerInternal.cs"); adrecipient = tenantOrRootOrgRecipientSession.FindByProxyAddress(new SmtpProxyAddress(recipient.SmtpAddress, false)); } return(new PermissionSecurityPrincipal(adrecipient)); }
private CheckRecipientsResults CheckRecipients() { List <string> list = new List <string>(base.Recipients.Count); List <string> list2 = new List <string>(base.Recipients.Count); foreach (Recipient recipient in base.Recipients) { string valueOrDefault = recipient.GetValueOrDefault <string>(ParticipantSchema.SmtpAddress, string.Empty); if (!string.IsNullOrEmpty(valueOrDefault)) { list2.Add(valueOrDefault); } else { list.Add(recipient.Participant.EmailAddress); } } List <ValidRecipient> list3 = new List <ValidRecipient>(list2.Count); string[] array = list2.ToArray(); List <SharingProvider> list4 = new List <SharingProvider>(this.SharingContext.AvailableSharingProviders.Keys); foreach (SharingProvider sharingProvider in list4) { if (array == null || array.Length == 0) { break; } CheckRecipientsResults checkRecipientsResults; if (this.ForceSharingProvider != null) { if (sharingProvider == this.ForceSharingProvider) { checkRecipientsResults = new CheckRecipientsResults(ValidRecipient.ConvertFromStringArray(array)); } else { checkRecipientsResults = new CheckRecipientsResults(array); } this.SharingContext.AvailableSharingProviders[sharingProvider] = checkRecipientsResults; } else { checkRecipientsResults = sharingProvider.CheckRecipients(this.MailboxOwner, this.SharingContext, array); } list3.AddRange(checkRecipientsResults.ValidRecipients); array = checkRecipientsResults.InvalidRecipients; } list.AddRange(array); return(new CheckRecipientsResults(list3.ToArray(), list.ToArray())); }
internal CheckRecipientsResults CheckRecipients(ADRecipient mailboxOwner, string[] recipients) { Util.ThrowOnNullArgument(mailboxOwner, "mailboxOwner"); Util.ThrowOnNullArgument(recipients, "recipients"); IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, true, ConsistencyMode.FullyConsistent, mailboxOwner.Session.NetworkCredential, mailboxOwner.OrganizationId.ToADSessionSettings(), 127, "CheckRecipients", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Sharing\\SharingProviderHandler.cs"); List <ValidRecipient> list = new List <ValidRecipient>(recipients.Length); List <string> list2 = new List <string>(recipients.Length); foreach (string text in recipients) { ValidRecipient validRecipient = this.InternalCheckOneRecipient(mailboxOwner, text, tenantOrRootOrgRecipientSession); if (validRecipient != null) { ExTraceGlobals.SharingTracer.TraceDebug <ADRecipient, string, SharingProviderHandler>((long)this.GetHashCode(), "{0}: {1} is a valid recipient for sharing handler {2}.", mailboxOwner, text, this); list.Add(validRecipient); } else { ExTraceGlobals.SharingTracer.TraceDebug <ADRecipient, string, SharingProviderHandler>((long)this.GetHashCode(), "{0}: {1} is an invalid recipient for sharing handler {2}.", mailboxOwner, text, this); list2.Add(text); } } return(new CheckRecipientsResults(list.ToArray(), list2.ToArray())); }
public EncryptionResults Encrypt(IExchangePrincipal mailboxOwner, IRecipientSession recipientSession, ExternalUserCollection externalUserCollection, ValidRecipient[] recipients, string sender, string containerClass, string folderId, IFrontEndLocator frontEndLocator) { SharingDataType sharingDataType = SharingDataType.FromContainerClass(containerClass); if (sharingDataType == null || !sharingDataType.IsExternallySharable) { throw new ArgumentOutOfRangeException("containerClass"); } ADUser aduser = DirectoryHelper.ReadADRecipient(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession) as ADUser; if (aduser == null) { SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The Active Directory user was not found. Sender={1}.", this, sender); throw new ObjectNotFoundException(ServerStrings.ADUserNotFound); } ProxyAddress item = new SmtpProxyAddress(sender, false); if (!aduser.EmailAddresses.Contains(item)) { SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The SMTP address was not found in the user AD object for this mailbox. Sender={1}.", this, sender); throw new ObjectNotFoundException(ServerStrings.ADUserNotFound); } SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession); SharedFolderDataEncryption.Tracer.TraceDebug <SharedFolderDataEncryption, object>((long)this.GetHashCode(), "{0}: Sharing policy to be applied to this user: {1}", this, (sharingPolicy == null) ? "<null>" : sharingPolicy.Id); SharingPolicyAction sharingPolicyActions = SharedFolderDataEncryption.GetSharingPolicyActions(sharingDataType.StoreObjectType); SharedFolderDataRecipient[] externalIdentities = SharedFolderDataEncryption.GetExternalIdentities(externalUserCollection, recipients); List <InvalidRecipient> list = new List <InvalidRecipient>(); Dictionary <TokenTarget, List <SharedFolderDataRecipient> > dictionary = new Dictionary <TokenTarget, List <SharedFolderDataRecipient> >(externalIdentities.Length, SharedFolderDataEncryption.TokenTargetComparer); for (int i = 0; i < recipients.Length; i++) { SharedFolderDataRecipient item2 = externalIdentities[i]; ValidRecipient validRecipient = recipients[i]; SmtpAddress smtpAddress = new SmtpAddress(validRecipient.SmtpAddress); string domain = smtpAddress.Domain; if (sharingPolicy == null || !sharingPolicy.IsAllowedForAnySharing(domain, sharingPolicyActions)) { SharedFolderDataEncryption.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Sharing policy does not allow user to share with domain {0}", domain); list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.SystemPolicyBlocksSharingWithThisRecipient)); } else { SmtpAddress smtpAddress2 = new SmtpAddress(validRecipient.SmtpAddressForEncryption); TokenTarget tokenTarget = TargetUriResolver.Resolve(smtpAddress2.Domain, aduser.OrganizationId); if (tokenTarget == null) { list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.RecipientOrganizationNotFederated)); } else { List <SharedFolderDataRecipient> list2; if (!dictionary.TryGetValue(tokenTarget, out list2)) { list2 = new List <SharedFolderDataRecipient>(1); dictionary.Add(tokenTarget, list2); } list2.Add(item2); } } } List <EncryptedSharedFolderData> list3 = new List <EncryptedSharedFolderData>(dictionary.Count); SharedFolderData sharedFolderData = new SharedFolderData(); sharedFolderData.DataType = sharingDataType.ExternalName; sharedFolderData.FolderId = folderId; sharedFolderData.SharingUrl = this.GetSharingUrl(aduser, frontEndLocator); sharedFolderData.FederationUri = this.externalAuthentication.TokenValidator.TargetUri.ToString(); sharedFolderData.SenderSmtpAddress = sender; DelegationTokenRequest delegationTokenRequest = new DelegationTokenRequest { FederatedIdentity = aduser.GetFederatedIdentity(), EmailAddress = aduser.GetFederatedSmtpAddress(new SmtpAddress(sender)).ToString(), Offer = Offer.SharingInviteMessage }; SecurityTokenService securityTokenService = this.externalAuthentication.GetSecurityTokenService(aduser.OrganizationId); foreach (KeyValuePair <TokenTarget, List <SharedFolderDataRecipient> > keyValuePair in dictionary) { delegationTokenRequest.Target = keyValuePair.Key; sharedFolderData.Recipients = keyValuePair.Value.ToArray(); try { RequestedToken requestedToken = securityTokenService.IssueToken(delegationTokenRequest); list3.Add(this.Encrypt(requestedToken, sharedFolderData)); } catch (WSTrustException ex) { foreach (SharedFolderDataRecipient sharedFolderDataRecipient in sharedFolderData.Recipients) { list.Add(new InvalidRecipient(sharedFolderDataRecipient.SmtpAddress, SharedFolderDataEncryption.GetResponseCodeFromException(ex), ex.ToString())); } } } return(new EncryptionResults(list3.ToArray(), list.ToArray())); }
private static SharedFolderDataRecipient GetExternalIdentity(ExternalUserCollection externalUserCollection, ValidRecipient recipient) { if (!SmtpAddress.IsValidSmtpAddress(recipient.SmtpAddress)) { throw new ArgumentOutOfRangeException(ServerStrings.InvalidSmtpAddress(recipient.SmtpAddress)); } SmtpAddress smtpAddress = new SmtpAddress(recipient.SmtpAddress); ExternalUser externalUser = externalUserCollection.FindFederatedUserWithOriginalSmtpAddress(smtpAddress); if (externalUser == null) { externalUser = externalUserCollection.AddFederatedUser(smtpAddress); } return(new SharedFolderDataRecipient { SmtpAddress = recipient.SmtpAddressForEncryption, SharingKey = externalUser.ExternalId.ToString() }); }
protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator) { ExternalAuthentication current = ExternalAuthentication.GetCurrent(); if (!current.Enabled) { ExTraceGlobals.SharingTracer.TraceError <string>((long)this.GetHashCode(), "{0}: The organization is not federated for external sharing.", context.InitiatorSmtpAddress); return(new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), new OrganizationNotFederatedException()))); } SharedFolderDataEncryption sharedFolderDataEncryption = new SharedFolderDataEncryption(current); string text = StoreId.StoreIdToEwsId(mailboxSession.MailboxOwner.MailboxInfo.MailboxGuid, context.FolderId); PerformInvitationResults result; using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers()) { PerformInvitationResults performInvitationResults = null; EncryptionResults encryptionResults = null; Exception ex = null; try { encryptionResults = sharedFolderDataEncryption.Encrypt(mailboxSession.MailboxOwner, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid), externalUsers, recipients, context.InitiatorSmtpAddress, context.FolderClass, text, frontEndLocator); } catch (UserWithoutFederatedProxyAddressException ex2) { ex = ex2; } catch (InvalidFederatedOrganizationIdException ex3) { ex = ex3; } catch (StoragePermanentException ex4) { ex = ex4; } if (ex != null) { ExTraceGlobals.SharingTracer.TraceError <string, Exception>((long)this.GetHashCode(), "{0}: Error occurred when trying to encrypt. Exception = {1}", context.InitiatorSmtpAddress, ex); result = new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), ex)); } else { if (encryptionResults.InvalidRecipients != null && encryptionResults.InvalidRecipients.Length > 0) { InvalidSharingRecipientsException exception = new InvalidSharingRecipientsException(encryptionResults.InvalidRecipients); if (encryptionResults.InvalidRecipients.Length == recipients.Length) { return(new PerformInvitationResults(exception)); } performInvitationResults = new PerformInvitationResults(recipients, exception); recipients = performInvitationResults.SucceededRecipients; } else { performInvitationResults = new PerformInvitationResults(recipients); } PermissionLevel permissionLevel = this.GetPermissionLevel(context); FreeBusyAccess? freeBusy = this.GetFreeBusy(context); using (FolderPermissionContext current2 = FolderPermissionContext.GetCurrent(mailboxSession, context)) { foreach (ValidRecipient validRecipient in recipients) { PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(validRecipient.SmtpAddress, externalUsers); current2.AddOrChangePermission(principal, permissionLevel, freeBusy); ExternalUser externalUser = externalUsers.FindReachUserWithOriginalSmtpAddress(new SmtpAddress(validRecipient.SmtpAddress)); if (externalUser != null) { current2.RemovePermission(new PermissionSecurityPrincipal(externalUser)); } } } context.FolderEwsId = text; context.EncryptedSharedFolderDataCollection = encryptionResults.EncryptedSharedFolderDataCollection; result = performInvitationResults; } } return(result); }
private void ReadActionFromMetadataXml(SharingMessageAction action) { if (action != null) { this.context.IsPrimary = string.IsNullOrEmpty(action.Title); if (!this.context.IsPrimary) { this.context.FolderName = action.Title; } foreach (SharingMessageProvider sharingMessageProvider in action.Providers) { string[] recipients = sharingMessageProvider.TargetRecipients.Split(new char[] { ';' }); SharingProvider sharingProvider = SharingProvider.FromExternalName(sharingMessageProvider.Type); if (sharingProvider != null) { sharingProvider.ParseSharingMessageProvider(this.context, sharingMessageProvider); this.context.AvailableSharingProviders.Add(sharingProvider, new CheckRecipientsResults(ValidRecipient.ConvertFromStringArray(recipients))); } } } }