private static bool CanPostItemsToPublicFolder(Folder publicFolder, ClientSecurityContext userContext)
{
RawSecurityDescriptor rawSecurityDescriptor = publicFolder.TryGetProperty(FolderSchema.SecurityDescriptor) as RawSecurityDescriptor;
int grantedAccess = userContext.GetGrantedAccess(rawSecurityDescriptor, AccessMask.DeleteChild);
MailPublicFolderPermissionHandler.Diag.TraceDebug <int, Folder>(0L, "Granted access {0} for user on public folder {1}", grantedAccess, publicFolder);
return((grantedAccess & 2) != 0);
}
private bool HasReadAccessInAd(ServiceSecurityContext context)
{
SecurityIdentifier user = context.WindowsIdentity.User;
bool result;
using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(context.WindowsIdentity))
{
AccessMask accessMask = (AccessMask)131220;
try
{
AccessMask grantedAccess = (AccessMask)clientSecurityContext.GetGrantedAccess(this.GetSecurityDescriptorToCheckAgainst(), user, accessMask);
if ((grantedAccess & accessMask) == AccessMask.Open)
{
this.TraceAndLogError(ExTraceGlobals.DiagnosticsAggregationTracer, "Access check failed for {0}. Response={1}", new object[]
{
context.WindowsIdentity.Name,
grantedAccess
});
result = false;
}
else
{
result = true;
}
}
catch (ADTransientException ex)
{
this.TraceAndLogError(ExTraceGlobals.DiagnosticsAggregationTracer, "AD Transient Exception. Details {0}", new object[]
{
ex
});
result = false;
}
catch (AuthzException ex2)
{
this.TraceAndLogError(ExTraceGlobals.DiagnosticsAggregationTracer, "Authorization check failed. Details {0}", new object[]
{
ex2
});
result = false;
}
}
return(result);
}
private static bool CallerHasFullPermission(ClientSecurityContext clientSecurityContext, FreeBusyQuery freeBusyQuery)
{
SecurityIdentifier sid = freeBusyQuery.RecipientData.Sid;
SecurityIdentifier masterAccountSid = freeBusyQuery.RecipientData.MasterAccountSid;
bool flag = (sid != null && sid.Equals(clientSecurityContext.UserSid)) || (masterAccountSid != null && masterAccountSid.Equals(clientSecurityContext.UserSid));
if (flag)
{
FreeBusyPermission.SecurityTracer.TraceDebug(0L, "{0}: Caller {1} is owner of mailbox {2}, mailbox user SID {3}, master account SID {4}.", new object[]
{
TraceContext.Get(),
clientSecurityContext,
freeBusyQuery.Email,
sid,
masterAccountSid
});
return(true);
}
RawSecurityDescriptor exchangeSecurityDescriptor = freeBusyQuery.RecipientData.ExchangeSecurityDescriptor;
if (exchangeSecurityDescriptor != null)
{
if (FreeBusyPermission.SecurityTracer.IsTraceEnabled(TraceType.DebugTrace))
{
string sddlForm = exchangeSecurityDescriptor.GetSddlForm(AccessControlSections.All);
FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress, string>(0L, "{0}: The SDDL form of mailbox security descriptor of mailbox {1} is: {2}.", TraceContext.Get(), freeBusyQuery.Email, sddlForm);
}
if (clientSecurityContext.GetGrantedAccess(exchangeSecurityDescriptor, AccessMask.CreateChild) == 1 || clientSecurityContext.GetGrantedAccess(exchangeSecurityDescriptor, AccessMask.List) == 4)
{
FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: Caller does have 'owner' rights in mailbox {1}.", TraceContext.Get(), freeBusyQuery.Email);
return(true);
}
}
else
{
FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: User does not have an ExchangeSecurityDescriptor.", TraceContext.Get(), freeBusyQuery.Email);
}
FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: Caller does NOT have 'owner' rights in mailbox {1}.", TraceContext.Get(), freeBusyQuery.Email);
return(false);
}
public static FreeBusyPermissionLevel AccessCheck(RawSecurityDescriptor securityDescriptor, ClientSecurityContext clientContext)
{
int grantedAccess = clientContext.GetGrantedAccess(securityDescriptor, AccessMask.MaximumAllowed);
FreeBusyPermissionLevel freeBusyPermissionLevel = FreeBusyPermissionLevel.None;
if ((grantedAccess & 2) != 0)
{
freeBusyPermissionLevel = FreeBusyPermissionLevel.Detail;
}
else if ((grantedAccess & 1) != 0)
{
freeBusyPermissionLevel = FreeBusyPermissionLevel.Simple;
}
FreeBusyPermission.SecurityTracer.TraceDebug(0L, "{0}: Access check for {1} resulted in granted access {2}, permission level {3}", new object[]
{
TraceContext.Get(),
clientContext,
grantedAccess,
freeBusyPermissionLevel
});
return(freeBusyPermissionLevel);
}