private ADObjectId GetPolicyIdFromAD(OrganizationId key) { ExTraceGlobals.MobileDevicePolicyTracer.Information <OrganizationId>((long)this.GetHashCode(), "MobileDevicePolicyIdCacheByOrganization.GetPolicyFromAD({0})", key); ADSessionSettings settings = ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(key); IConfigurationSession session = this.GetConfigSession(settings); ADObjectId rootId = session.GetOrgContainerId(); QueryFilter filter = new BitMaskAndFilter(MobileMailboxPolicySchema.MobileFlags, 4096UL); SortBy sortBy = new SortBy(ADObjectSchema.WhenChanged, SortOrder.Descending); ADObjectId policyId = null; try { ADNotificationAdapter.RunADOperation(delegate() { MobileMailboxPolicy[] array = session.Find <MobileMailboxPolicy>(rootId, QueryScope.SubTree, filter, sortBy, 1); if (array != null && array.Length > 0) { policyId = array[0].Id; OrgIdADObjectWrapper key2 = new OrgIdADObjectWrapper(policyId, key); if (!MobileDevicePolicyCache.Instance.Contains(key2)) { MobileDevicePolicyData mobileDevicePolicyDataFromMobileMailboxPolicy = MobileDevicePolicyDataFactory.GetMobileDevicePolicyDataFromMobileMailboxPolicy(array[0]); MobileDevicePolicyCache.Instance.TryAdd(key2, ref mobileDevicePolicyDataFromMobileMailboxPolicy); } } }); } catch (LocalizedException arg) { ExTraceGlobals.MobileDevicePolicyTracer.TraceError <OrganizationId, LocalizedException>((long)this.GetHashCode(), "MobileDevicePolicyIdCacheByOrganization.GetPolicyIdFromAD({0}) threw exception: {1}", key, arg); throw; } ExTraceGlobals.MobileDevicePolicyTracer.Information <OrganizationId, ADObjectId>((long)this.GetHashCode(), "MobileDevicePolicyIdCacheByOrganization.GetPolicyFromAD({0}) returned: {1}", key, policyId); return(policyId); }
internal static MobileDevicePolicyData GetMobileDevicePolicyDataFromMobileMailboxPolicy(MobileMailboxPolicy mobileMailboxPolicy) { MobileDevicePolicyData result = null; if (mobileMailboxPolicy != null) { result = new MobileDevicePolicyData { AlphanumericDevicePasswordRequired = mobileMailboxPolicy.AlphanumericPasswordRequired, DeviceEncryptionRequired = mobileMailboxPolicy.RequireDeviceEncryption, DevicePasswordRequired = mobileMailboxPolicy.PasswordEnabled, MaxDevicePasswordExpiration = mobileMailboxPolicy.PasswordExpiration, MaxDevicePasswordFailedAttempts = mobileMailboxPolicy.MaxPasswordFailedAttempts, MaxInactivityTimeDeviceLock = mobileMailboxPolicy.MaxInactivityTimeLock, MinDevicePasswordComplexCharacters = mobileMailboxPolicy.MinPasswordComplexCharacters, MinDevicePasswordHistory = mobileMailboxPolicy.PasswordHistory, MinDevicePasswordLength = mobileMailboxPolicy.MinPasswordLength, SimpleDevicePasswordAllowed = mobileMailboxPolicy.AllowSimplePassword, AllowApplePushNotifications = mobileMailboxPolicy.AllowApplePushNotifications, AllowMicrosoftPushNotifications = mobileMailboxPolicy.AllowMicrosoftPushNotifications, AllowGooglePushNotifications = mobileMailboxPolicy.AllowGooglePushNotifications }; } return(result); }
internal static MobileDevicePolicyData GetPolicyData(ExchangePrincipal principal, out ADObjectId policyId) { if (principal == null) { throw new ArgumentNullException("principal"); } policyId = principal.MailboxInfo.Configuration.MobileDeviceMailboxPolicy; MobileDevicePolicyData mobileDevicePolicyData = null; if (policyId != null) { mobileDevicePolicyData = MobileDevicePolicyCache.Instance.Get(new OrgIdADObjectWrapper(policyId, principal.MailboxInfo.OrganizationId)); } if (mobileDevicePolicyData == null) { ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug <ADObjectId, ADObjectId>(0L, "No policy returned for user '{0}' with policy '{1}'. Using org default policy.", principal.ObjectId, policyId); ADObjectId adobjectId = MobileDevicePolicyIdCacheByOrganization.Instance.Get(principal.MailboxInfo.OrganizationId); if (adobjectId != null) { policyId = adobjectId; mobileDevicePolicyData = MobileDevicePolicyCache.Instance.Get(new OrgIdADObjectWrapper(adobjectId, principal.MailboxInfo.OrganizationId)); } if (mobileDevicePolicyData == null) { ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug <ADObjectId, OrganizationId>(0L, "No default policy returned for user '{0}' with organization '{1}'. Using NO policy.", principal.ObjectId, principal.MailboxInfo.OrganizationId); } } return(mobileDevicePolicyData); }
public static void CheckMobileDevicePolicyIsCorrect(string methodName, CallContext callContext) { if (!callContext.IsMowa) { Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Request is not coming from a MOWA session. Skipping policy check."); return; } if (string.IsNullOrEmpty(callContext.MobileDevicePolicyId)) { Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Client isn't passing policy information (old client). Skipping policy check."); return; } if (methodName.Equals("GetOwaUserConfiguration", StringComparison.OrdinalIgnoreCase)) { Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Executing GetOwaUserConfiguration method. Skipping policy check."); callContext.UpdateLastPolicyTime(); return; } if (methodName.Equals("PingOwa", StringComparison.OrdinalIgnoreCase)) { Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Executing PingOwa method. Skipping policy check."); return; } ADObjectId policy = null; MobileDevicePolicyData policyData = MobileDevicePolicyDataFactory.GetPolicyData(callContext.AccessingPrincipal, out policy); callContext.UpdatePolicyApplied(policy); string mobileDevicePolicyId = callContext.MobileDevicePolicyId; if (policyData != null && !string.Equals(policyData.PolicyIdentifier, mobileDevicePolicyId, StringComparison.Ordinal)) { callContext.MarkDeviceAsBlockedByPolicy(); string effectiveAccessingSmtpAddress = callContext.GetEffectiveAccessingSmtpAddress(); Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceWarning(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Policy Identifier does not match expected value. Expected: '{0}'. Actual: '{1}'. Method: '{2}'. User: '******'.", new object[] { policyData.PolicyIdentifier, mobileDevicePolicyId, methodName, effectiveAccessingSmtpAddress }); throw new OwaInvalidMobileDevicePolicyException(string.Format("The presented mobile device policy id '{0}' is not valid. Method '{1}' is being rejected.", mobileDevicePolicyId, methodName), effectiveAccessingSmtpAddress, policyData.PolicyIdentifier); } callContext.MarkDeviceAsAllowed(); }
internal static MobileDevicePolicySettingsType GetPolicySettings(MobileDevicePolicyData mobilePolicyData) { MobileDevicePolicySettingsType mobileDevicePolicySettingsType = new MobileDevicePolicySettingsType(); if (mobilePolicyData != null) { mobileDevicePolicySettingsType.AlphanumericDevicePasswordRequired = mobilePolicyData.AlphanumericDevicePasswordRequired; mobileDevicePolicySettingsType.DeviceEncryptionRequired = mobilePolicyData.DeviceEncryptionRequired; mobileDevicePolicySettingsType.DevicePasswordRequired = mobilePolicyData.DevicePasswordRequired; mobileDevicePolicySettingsType.MaxDevicePasswordExpirationString = mobilePolicyData.MaxDevicePasswordExpirationString; mobileDevicePolicySettingsType.MaxDevicePasswordFailedAttemptsString = mobilePolicyData.MaxDevicePasswordFailedAttemptsString; mobileDevicePolicySettingsType.MaxInactivityTimeDeviceLockString = mobilePolicyData.MaxInactivityTimeDeviceLockString; mobileDevicePolicySettingsType.MinDevicePasswordComplexCharacters = mobilePolicyData.MinDevicePasswordComplexCharacters; mobileDevicePolicySettingsType.MinDevicePasswordHistory = mobilePolicyData.MinDevicePasswordHistory; mobileDevicePolicySettingsType.MinDevicePasswordLength = mobilePolicyData.MinDevicePasswordLength; mobileDevicePolicySettingsType.PolicyIdentifier = mobilePolicyData.PolicyIdentifier; mobileDevicePolicySettingsType.SimpleDevicePasswordAllowed = mobilePolicyData.SimpleDevicePasswordAllowed; mobileDevicePolicySettingsType.AllowApplePushNotifications = mobilePolicyData.AllowApplePushNotifications; mobileDevicePolicySettingsType.AllowMicrosoftPushNotifications = mobilePolicyData.AllowMicrosoftPushNotifications; mobileDevicePolicySettingsType.AllowGooglePushNotifications = mobilePolicyData.AllowGooglePushNotifications; } return(mobileDevicePolicySettingsType); }
internal static MobileDevicePolicySettingsType GetPolicySettings(ExchangePrincipal principal) { MobileDevicePolicyData policyData = MobileDevicePolicyDataFactory.GetPolicyData(principal); return(MobileDevicePolicyDataFactory.GetPolicySettings(policyData)); }