private void LoadPublishedCalendarOptionsForReachUser()
{
this.publishedOptions = new MailboxCalendarFolder();
PermissionSecurityPrincipal targetPrincipal = null;
using (ExternalUserCollection externalUsers = base.MailboxSession.GetExternalUsers())
{
ExternalUser externalUser = externalUsers.FindExternalUser(this.reachUserSid);
if (externalUser == null || !externalUser.IsReachUser)
{
ExTraceGlobals.SharingTracer.TraceDebug <SecurityIdentifier, bool, bool>((long)this.GetHashCode(), "ReachAccessSid={0}, Found ExternalUser:{1}, IsReachUser:{2}", this.reachUserSid, externalUser != null, externalUser != null && externalUser.IsReachUser);
throw new PublishedFolderAccessDeniedException();
}
targetPrincipal = new PermissionSecurityPrincipal(externalUser);
}
DetailLevelEnumType?freeBusyAccessLevel = this.GetFreeBusyAccessLevel(targetPrincipal);
if (freeBusyAccessLevel == null)
{
throw new PublishedFolderAccessDeniedException();
}
this.publishedOptions.DetailLevel = freeBusyAccessLevel.Value;
this.publishedOptions.PublishEnabled = true;
this.publishedOptions.PublishDateRangeFrom = DateRangeEnumType.OneMonth;
this.publishedOptions.PublishDateRangeTo = DateRangeEnumType.SixMonths;
}
private ExternalUser ApplyPermission(MailboxSession mailboxSession, SmtpAddress smtpAddress, SharingContext context)
{
ExternalUser externalUser = null;
ExternalUser externalUser2;
using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
{
externalUser2 = externalUsers.FindReachUserWithOriginalSmtpAddress(smtpAddress);
externalUser = externalUsers.FindFederatedUserWithOriginalSmtpAddress(smtpAddress);
if (externalUser2 == null)
{
externalUser2 = externalUsers.AddReachUser(smtpAddress);
externalUsers.Save();
}
}
using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
FreeBusyAccess freeBusy = this.GetFreeBusy(context);
PermissionSecurityPrincipal principal = new PermissionSecurityPrincipal(externalUser2);
PermissionLevel permissionLevel = (context.SharingDetail == SharingContextDetailLevel.FullDetails) ? PermissionLevel.Reviewer : PermissionLevel.None;
current.AddOrChangePermission(principal, permissionLevel, new FreeBusyAccess?(freeBusy));
if (externalUser != null)
{
current.RemovePermission(new PermissionSecurityPrincipal(externalUser));
}
}
return(externalUser2);
}
private Permission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, PermissionOrigin origin)
{
this.securityPrincipal = securityPrincipal;
this.initialMemberRights = memberRights;
this.memberRights = memberRights;
this.origin = origin;
}
internal void AddOrChangePermission(PermissionSecurityPrincipal principal, PermissionLevel permissionLevel, FreeBusyAccess?freeBusyAccess)
{
this.CheckDisposed();
Util.ThrowOnNullArgument(principal, "principal");
Permission permission;
if (freeBusyAccess == null)
{
permission = new Permission(principal, MemberRights.None);
}
else
{
permission = new CalendarFolderPermission(principal, MemberRights.None)
{
FreeBusyAccess = freeBusyAccess.Value
};
}
permission.PermissionLevel = permissionLevel;
if (freeBusyAccess != null)
{
permission.MemberRights |= MemberRights.Visible;
}
if (this.permissionsToRemove.Remove(principal))
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: Removed {1} from permissionsToRemove list.", this.mailboxSession.MailboxOwner, principal);
}
if (!this.permissionsToAddOrChange.ContainsKey(principal))
{
this.permissionsToAddOrChange.Add(principal, permission.MemberRights);
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal, MemberRights>((long)this.GetHashCode(), "{0}: Added {1} to permissionsToAddOrChange list: MemberRights = {2}.", this.mailboxSession.MailboxOwner, principal, permission.MemberRights);
return;
}
this.permissionsToAddOrChange[principal] = permission.MemberRights;
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal, MemberRights>((long)this.GetHashCode(), "{0}: Changed {1} in permissionsToAddOrChange list: MemberRights = {2}.", this.mailboxSession.MailboxOwner, principal, permission.MemberRights);
}
private void AddUnknownEntry(string memberName, long memberId, byte[] memberEntryId, MemberRights rights)
{
PermissionSecurityPrincipal securityPrincipal = new PermissionSecurityPrincipal(memberName, memberEntryId, memberId);
Permission permission = this.permissionSet.CreatePermission(securityPrincipal, rights, memberId);
this.AddPermissionEntry(securityPrincipal, permission);
}
private DetailLevelEnumType?GetFreeBusyAccessLevel(PermissionSecurityPrincipal targetPrincipal)
{
DetailLevelEnumType? result = null;
CalendarFolderPermission calendarFolderPermission = null;
using (CalendarFolder calendarFolder = (CalendarFolder)this.GetCalendarFolder())
{
CalendarFolderPermissionSet permissionSet = calendarFolder.GetPermissionSet();
calendarFolderPermission = permissionSet.GetEntry(targetPrincipal);
if (calendarFolderPermission != null)
{
if ((calendarFolderPermission.MemberRights & MemberRights.ReadAny) == MemberRights.ReadAny)
{
result = new DetailLevelEnumType?(DetailLevelEnumType.FullDetails);
}
else if (calendarFolderPermission.FreeBusyAccess == FreeBusyAccess.Details)
{
result = new DetailLevelEnumType?(DetailLevelEnumType.LimitedDetails);
}
else if (calendarFolderPermission.FreeBusyAccess == FreeBusyAccess.Basic)
{
result = new DetailLevelEnumType?(DetailLevelEnumType.AvailabilityOnly);
}
}
}
if (result == null)
{
ExTraceGlobals.SharingTracer.TraceDebug <SmtpAddress, string>((long)this.GetHashCode(), "ReachUser ={0}, Not authroized to view published calendar. Permissions:{1}", targetPrincipal.ExternalUser.OriginalSmtpAddress, (calendarFolderPermission == null) ? "No permission" : calendarFolderPermission.MemberRights.ToString());
}
return(result);
}
private void AddPermissionEntry(PermissionSecurityPrincipal securityPrincipal, Permission permission)
{
if (this.permissions.ContainsKey(securityPrincipal.IndexString))
{
throw new CorruptDataException(ServerStrings.SecurityPrincipalAlreadyDefined);
}
this.permissions.Add(securityPrincipal.IndexString, permission);
}
public PrincipalNotAllowedByPolicyException(PermissionSecurityPrincipal principal) : base(ServerStrings.PrincipalNotAllowedByPolicy((principal == null) ? string.Empty : principal.ToString()))
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
this.principal = principal;
}
protected override void InternalPerformRevocation(MailboxSession mailboxSession, SharingContext context)
{
using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
ValidRecipient recipient = new ValidRecipient(context.InitiatorSmtpAddress, null);
PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(recipient, mailboxSession.MailboxOwner);
current.RemovePermission(principal);
}
}
public Permission AddEntry(PermissionSecurityPrincipal securityPrincipal, PermissionLevel initialPermissionLevel)
{
if (!EnumValidator <PermissionLevel> .IsMemberOf(initialPermissionLevel, PermissionSet.ValidPermissionLevelForAddEntry))
{
throw new EnumOutOfRangeException("initialPermissionLevel", ServerStrings.BadEnumValue(typeof(PermissionLevel)));
}
Permission permission = this.PermissionTable.AddEntry(securityPrincipal, MemberRights.None);
permission.PermissionLevel = initialPermissionLevel;
return(permission);
}
internal Permission GetEntry(PermissionSecurityPrincipal securityPrincipal)
{
this.CheckValid();
Util.ThrowOnNullArgument(securityPrincipal, "securityPrincipal");
Permission result = null;
if (this.permissions.TryGetValue(securityPrincipal.IndexString, out result))
{
return(result);
}
return(null);
}
internal void RemovePermission(PermissionSecurityPrincipal principal)
{
this.CheckDisposed();
Util.ThrowOnNullArgument(principal, "principal");
if (this.permissionsToAddOrChange.Remove(principal))
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: Removed {1} from permissionsToAddOrChange list.", this.mailboxSession.MailboxOwner, principal);
}
if (this.permissionsToRemove.Add(principal))
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: Added {1} to permissionsToRemove list.", this.mailboxSession.MailboxOwner, principal);
}
}
private void AddNonADEntry(MapiAclTableAdapter mapiAclTableAdapter, ref ExternalUserCollection externalUsers, string memberName, long memberId, byte[] memberEntryId, MemberRights rights)
{
ExternalUser externalUser = mapiAclTableAdapter.TryGetExternalUser(memberEntryId, ref externalUsers);
if (externalUser != null)
{
PermissionSecurityPrincipal securityPrincipal = new PermissionSecurityPrincipal(externalUser);
Permission permission = this.permissionSet.CreatePermission(securityPrincipal, rights, memberId);
this.AddPermissionEntry(securityPrincipal, permission);
return;
}
ExTraceGlobals.StorageTracer.TraceDebug <string>(0L, "PermissionTable::PermissionTable. Member has invalid entry id, member name = {0}.", memberName);
this.AddUnknownEntry(memberName, memberId, memberEntryId, rights);
}
protected override void InternalPerformRevocation(MailboxSession mailboxSession, SharingContext context)
{
using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
{
PermissionSecurityPrincipal permissionSecurityPrincipal = this.CreatePermissionSecurityPrincipal(context.InitiatorSmtpAddress, externalUsers);
if (permissionSecurityPrincipal != null)
{
current.RemovePermission(permissionSecurityPrincipal);
}
}
}
}
internal void RemoveEntry(PermissionSecurityPrincipal securityPrincipal)
{
this.CheckValid();
Util.ThrowOnNullArgument(securityPrincipal, "securityPrincipal");
Permission permission;
if (this.permissions.TryGetValue(securityPrincipal.IndexString, out permission))
{
if (permission.Origin == PermissionOrigin.Read)
{
this.removedPermissions.Add(securityPrincipal.IndexString, permission);
}
this.permissions.Remove(securityPrincipal.IndexString);
}
}
protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator)
{
PermissionLevel permissionLevel = this.GetPermissionLevel(context);
FreeBusyAccess? freeBusy = this.GetFreeBusy(context);
using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
foreach (ValidRecipient recipient in recipients)
{
PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(recipient, mailboxSession.MailboxOwner);
current.AddOrChangePermission(principal, permissionLevel, freeBusy);
}
}
return(new PerformInvitationResults(recipients));
}
internal Permission AddEntry(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights)
{
this.CheckValid();
EnumValidator.ThrowIfInvalid <MemberRights>(memberRights, "memberRights");
if (securityPrincipal == null)
{
throw new ArgumentNullException("securityPrincipal");
}
if (string.IsNullOrEmpty(securityPrincipal.IndexString))
{
throw new ArgumentException("SecurityPrincipal must at least have a valid index string.", "securityPrincipal");
}
if (securityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ADRecipientPrincipal && !PermissionTable.isCrossPremiseDelegateAllowedForMailboxOwner)
{
ADRecipient adrecipient = securityPrincipal.ADRecipient;
if (!ADRecipient.IsValidRecipient(adrecipient, !this.isPublicFolder))
{
throw new ArgumentException("Cannot use " + adrecipient.DisplayName + " as security principal", "securityPrincipal");
}
}
Permission permission = null;
if (!this.permissions.ContainsKey(securityPrincipal.IndexString))
{
if (this.removedPermissions.TryGetValue(securityPrincipal.IndexString, out permission))
{
this.removedPermissions.Remove(securityPrincipal.IndexString);
permission.MemberRights = memberRights;
}
else
{
permission = this.PermissionSet.CreatePermission(securityPrincipal, memberRights);
}
}
this.AddPermissionEntry(securityPrincipal, permission);
return(permission);
}
private void ApplyBatchPermissions()
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Entering FolderPermissionContext::ApplyBatchPermissions()", this.mailboxSession.MailboxOwner);
if (this.permissionsToAddOrChange.Count == 0 && this.permissionsToRemove.Count == 0)
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Exiting FolderPermissionContext::ApplyBatchPermissions() due to no changes requested", this.mailboxSession.MailboxOwner);
return;
}
using (Folder folder = Folder.Bind(this.mailboxSession, this.folderId))
{
for (int i = 2; i >= 0; i--)
{
PermissionSet permissionSet = folder.GetPermissionSet();
foreach (KeyValuePair <PermissionSecurityPrincipal, MemberRights> keyValuePair in this.permissionsToAddOrChange)
{
PermissionSecurityPrincipal key = keyValuePair.Key;
MemberRights value = keyValuePair.Value;
Permission permission = permissionSet.GetEntry(key);
if (permission == null)
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal, MemberRights>((long)this.GetHashCode(), "{0}: {1} is NOT found in permission table. Adding a new entry: MemberRights = {2}.", this.mailboxSession.MailboxOwner, key, value);
permission = permissionSet.AddEntry(key, value);
}
else
{
ExTraceGlobals.SharingTracer.TraceDebug((long)this.GetHashCode(), "{0}: {1} is found in permission table: MemberRights = {2}. Modifying the entry: MemberRights = {3}.", new object[]
{
this.mailboxSession.MailboxOwner,
key,
permission.MemberRights,
value
});
permission.MemberRights = value;
}
}
foreach (PermissionSecurityPrincipal permissionSecurityPrincipal in this.permissionsToRemove)
{
if (permissionSet.GetEntry(permissionSecurityPrincipal) != null)
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: {1} is found in permission table, Removing the entry.", this.mailboxSession.MailboxOwner, permissionSecurityPrincipal);
permissionSet.RemoveEntry(permissionSecurityPrincipal);
}
else
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: {1} is NOT found in permission table, ignored.", this.mailboxSession.MailboxOwner, permissionSecurityPrincipal);
}
}
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Applying permission changes on the folder.", this.mailboxSession.MailboxOwner);
try
{
folder.Save();
break;
}
catch (RightsNotAllowedByPolicyException ex)
{
string[] invalidRecipients = Array.ConvertAll <RightsNotAllowedRecipient, string>(ex.RightsNotAllowedRecipients, delegate(RightsNotAllowedRecipient recipient)
{
ExTraceGlobals.StorageTracer.TraceError <IExchangePrincipal, PermissionSecurityPrincipal, MemberRights>((long)this.GetHashCode(), "{0}: Policy does not allow granting permission {2} to user {1}.", this.mailboxSession.MailboxOwner, recipient.Principal, recipient.NotAllowedRights);
return(recipient.Principal.ToString());
});
throw new InvalidSharingRecipientsException(invalidRecipients, ex);
}
catch (StoragePermanentException)
{
if (i == 0)
{
throw;
}
folder.Load();
}
}
}
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Exiting FolderPermissionContext::ApplyBatchPermissions()", this.mailboxSession.MailboxOwner);
}
internal RightsNotAllowedRecipient(PermissionSecurityPrincipal principal, MemberRights notAllowedRights)
{
Util.ThrowOnNullArgument(principal, "principal");
this.principal = principal;
this.notAllowedRights = notAllowedRights;
}
internal override Permission CreatePermission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, long memberId)
{
return(new CalendarFolderPermission(securityPrincipal, memberRights, memberId));
}
public new CalendarFolderPermission GetEntry(PermissionSecurityPrincipal securityPrincipal)
{
return((CalendarFolderPermission)base.GetEntry(securityPrincipal));
}
public new CalendarFolderPermission AddEntry(PermissionSecurityPrincipal securityPrincipal, PermissionLevel initialPermissionLevel)
{
return((CalendarFolderPermission)base.AddEntry(securityPrincipal, initialPermissionLevel));
}
internal CalendarFolderPermission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, long memberId) : base(securityPrincipal, memberRights, memberId)
{
}
public Permission GetEntry(PermissionSecurityPrincipal securityPrincipal)
{
return(this.PermissionTable.GetEntry(securityPrincipal));
}
public void RemoveEntry(PermissionSecurityPrincipal securityPrincipal)
{
this.PermissionTable.RemoveEntry(securityPrincipal);
}
public Permission AddEntry(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights)
{
return(this.PermissionTable.AddEntry(securityPrincipal, memberRights));
}
public Permission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights) : this(securityPrincipal, memberRights, PermissionOrigin.New)
{
this.ValidateMemberRights(memberRights);
}
internal Permission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, long memberId) : this(securityPrincipal, memberRights, PermissionOrigin.Read)
{
this.memberId = new long?(memberId);
}
protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator)
{
ExternalAuthentication current = ExternalAuthentication.GetCurrent();
if (!current.Enabled)
{
ExTraceGlobals.SharingTracer.TraceError <string>((long)this.GetHashCode(), "{0}: The organization is not federated for external sharing.", context.InitiatorSmtpAddress);
return(new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), new OrganizationNotFederatedException())));
}
SharedFolderDataEncryption sharedFolderDataEncryption = new SharedFolderDataEncryption(current);
string text = StoreId.StoreIdToEwsId(mailboxSession.MailboxOwner.MailboxInfo.MailboxGuid, context.FolderId);
PerformInvitationResults result;
using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
{
PerformInvitationResults performInvitationResults = null;
EncryptionResults encryptionResults = null;
Exception ex = null;
try
{
encryptionResults = sharedFolderDataEncryption.Encrypt(mailboxSession.MailboxOwner, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid), externalUsers, recipients, context.InitiatorSmtpAddress, context.FolderClass, text, frontEndLocator);
}
catch (UserWithoutFederatedProxyAddressException ex2)
{
ex = ex2;
}
catch (InvalidFederatedOrganizationIdException ex3)
{
ex = ex3;
}
catch (StoragePermanentException ex4)
{
ex = ex4;
}
if (ex != null)
{
ExTraceGlobals.SharingTracer.TraceError <string, Exception>((long)this.GetHashCode(), "{0}: Error occurred when trying to encrypt. Exception = {1}", context.InitiatorSmtpAddress, ex);
result = new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), ex));
}
else
{
if (encryptionResults.InvalidRecipients != null && encryptionResults.InvalidRecipients.Length > 0)
{
InvalidSharingRecipientsException exception = new InvalidSharingRecipientsException(encryptionResults.InvalidRecipients);
if (encryptionResults.InvalidRecipients.Length == recipients.Length)
{
return(new PerformInvitationResults(exception));
}
performInvitationResults = new PerformInvitationResults(recipients, exception);
recipients = performInvitationResults.SucceededRecipients;
}
else
{
performInvitationResults = new PerformInvitationResults(recipients);
}
PermissionLevel permissionLevel = this.GetPermissionLevel(context);
FreeBusyAccess? freeBusy = this.GetFreeBusy(context);
using (FolderPermissionContext current2 = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
foreach (ValidRecipient validRecipient in recipients)
{
PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(validRecipient.SmtpAddress, externalUsers);
current2.AddOrChangePermission(principal, permissionLevel, freeBusy);
ExternalUser externalUser = externalUsers.FindReachUserWithOriginalSmtpAddress(new SmtpAddress(validRecipient.SmtpAddress));
if (externalUser != null)
{
current2.RemovePermission(new PermissionSecurityPrincipal(externalUser));
}
}
}
context.FolderEwsId = text;
context.EncryptedSharedFolderDataCollection = encryptionResults.EncryptedSharedFolderDataCollection;
result = performInvitationResults;
}
}
return(result);
}
internal virtual Permission CreatePermission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, long memberId)
{
return(new Permission(securityPrincipal, memberRights, memberId));
}
