protected XsoMailboxDataProviderBase(ExchangePrincipal mailboxOwner, ISecurityAccessToken userToken, string action) { using (DisposeGuard disposeGuard = this.Guard()) { Util.ThrowOnNullArgument(mailboxOwner, "mailboxOwner"); Util.ThrowOnNullOrEmptyArgument(action, "action"); if (userToken == null) { this.MailboxSession = MailboxSession.Open(mailboxOwner, new WindowsPrincipal(WindowsIdentity.GetCurrent()), CultureInfo.InvariantCulture, string.Format("Client=Management;Action={0}", action)); } else { try { using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(userToken, AuthzFlags.AuthzSkipTokenGroups)) { clientSecurityContext.SetSecurityAccessToken(userToken); this.MailboxSession = MailboxSession.Open(mailboxOwner, clientSecurityContext, CultureInfo.InvariantCulture, string.Format("Client=Management;Action={0}", action)); } } catch (AuthzException ex) { throw new AccessDeniedException(new LocalizedString(ex.Message)); } } disposeGuard.Success(); } }
public void SetSecurityAccessToken(ISecurityAccessToken securityAccessToken) { if (this.clientSecurityContext != null) { this.clientSecurityContext.Dispose(); this.clientSecurityContext = null; } this.clientSecurityContext = new ClientSecurityContext(securityAccessToken); }
internal static ClientSecurityContext GetSecurityContextForUser(ISecurityAccessToken executingUser, DelegatedPrincipal delegatedPrincipal, ADUser trackedUser) { bool enabled = VariantConfiguration.InvariantNoFlightingSnapshot.Global.MultiTenancy.Enabled; ExTraceGlobals.TaskTracer.TraceDebug <string, string, bool>(0L, "executing-user={0}, tracked-user={1}, ismultitenancyenabled={2}", (executingUser != null) ? executingUser.UserSid.ToString() : delegatedPrincipal.ToString(), trackedUser.Sid.Value, enabled); if (!enabled || (executingUser != null && string.Equals(executingUser.UserSid, trackedUser.Sid.Value, StringComparison.OrdinalIgnoreCase))) { ExTraceGlobals.TaskTracer.TraceDebug(0L, "executing-user == tracked-user or we are not running in a Multi Tenant environment."); return(new ClientSecurityContext(executingUser, AuthzFlags.AuthzSkipTokenGroups)); } WindowsIdentity identity; try { ExTraceGlobals.TaskTracer.TraceDebug(0L, "executing-user != tracked-user"); if (string.IsNullOrEmpty(trackedUser.UserPrincipalName)) { ExTraceGlobals.TaskTracer.TraceError <ADObjectId>(0L, "Null/Empty UPN for user {0}", trackedUser.Id); Strings.TrackingErrorUserObjectCorrupt(trackedUser.Id.ToString(), "UserPrincipalName"); string data = string.Format("Missing UserPrincipalName attribute for user {0}", trackedUser.Id.ToString()); TrackingError trackingError = new TrackingError(ErrorCode.InvalidADData, string.Empty, data, string.Empty); throw new TrackingFatalException(trackingError, null, false); } identity = new WindowsIdentity(trackedUser.UserPrincipalName); } catch (UnauthorizedAccessException ex) { ExTraceGlobals.TaskTracer.TraceError <string, UnauthorizedAccessException>(0L, "Not authorized to get WindowsIdentity for {0}, Exception: {1}", trackedUser.UserPrincipalName, ex); TrackingError trackingError2 = new TrackingError(ErrorCode.UnexpectedErrorPermanent, string.Empty, string.Format("Cannot logon as {0}", trackedUser.Id.ToString()), ex.ToString()); throw new TrackingFatalException(trackingError2, ex, false); } catch (SecurityException arg) { ExTraceGlobals.TaskTracer.TraceError <string, SecurityException>(0L, "Not authorized to get WindowsIdentity for {0}, falling back to ExecutingUser, Exception: {1}", trackedUser.UserPrincipalName, arg); return(new ClientSecurityContext(executingUser, AuthzFlags.AuthzSkipTokenGroups)); } return(new ClientSecurityContext(identity)); }
internal abstract IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken);
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken) { return(new XsoDictionaryDataProvider(principal, "Get-MailboxMessageConfiguration")); }
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken) { return(new MailboxAutoReplyConfigurationDataProvider(principal, "Set-MailboxAutoReplyConfiguration")); }
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken) { return(new CalendarConfigurationDataProvider(principal, "Set-CalendarProcessing")); }
public MailMessageDataProvider(ADSessionSettings adSessionSettings, ADUser mailboxOwner, ISecurityAccessToken userToken, string action) : base(adSessionSettings, mailboxOwner, userToken, action) { }
// Token: 0x06001047 RID: 4167 RVA: 0x0004EE81 File Offset: 0x0004D081 public RbacScope(ScopeType scopeType, ISecurityAccessToken securityAccessToken, bool isFromEndUserRole) : this(scopeType, securityAccessToken) { this.isFromEndUserRole = isFromEndUserRole; }
internal RoleAssignmentScopeSet GetEffectiveScopeSet(Dictionary <ADObjectId, ManagementScope> scopeCache, ISecurityAccessToken securityAccessToken) { RbacScope recipientReadScope = (this.RecipientReadScope == ScopeType.MyGAL) ? new RbacScope(this.RecipientReadScope, securityAccessToken) : new RbacScope(this.RecipientReadScope); RbacScope recipientWriteRbacScope = ExchangeRoleAssignment.GetRecipientWriteRbacScope(this.RecipientWriteScope, this.CustomRecipientWriteScope, scopeCache, securityAccessToken, this.IsFromEndUserRole); if (recipientWriteRbacScope == null) { return(null); } RbacScope configReadScope = new RbacScope(this.ConfigReadScope); ConfigWriteScopeType configWriteScope = this.ConfigWriteScope; RbacScope configWriteScope2; switch (configWriteScope) { case ConfigWriteScopeType.None: break; case ConfigWriteScopeType.NotApplicable: configWriteScope2 = new RbacScope(ScopeType.NotApplicable); goto IL_E0; default: switch (configWriteScope) { case ConfigWriteScopeType.OrganizationConfig: goto IL_85; case ConfigWriteScopeType.CustomConfigScope: case ConfigWriteScopeType.ExclusiveConfigScope: { ManagementScope managementScope = scopeCache[this.CustomConfigWriteScope]; if (managementScope == null) { return(null); } configWriteScope2 = new RbacScope((ScopeType)this.ConfigWriteScope, managementScope); goto IL_E0; } case ConfigWriteScopeType.PartnerDelegatedTenantScope: if (scopeCache[this.CustomConfigWriteScope] == null) { return(null); } configWriteScope2 = new RbacScope(ScopeType.OrganizationConfig); goto IL_E0; } configWriteScope2 = null; goto IL_E0; } IL_85: configWriteScope2 = new RbacScope((ScopeType)this.ConfigWriteScope); IL_E0: return(new RoleAssignmentScopeSet(recipientReadScope, recipientWriteRbacScope, configReadScope, configWriteScope2)); }
public static MailboxFolder ResolveMailboxFolder(MailboxFolderIdParameter folderId, DataAccessHelper.GetDataObjectDelegate getUserHandler, DataAccessHelper.GetDataObjectDelegate getFolderHandler, IRecipientSession resolveUserSession, ADSessionSettings sessionSettings, ADUser adUser, ISecurityAccessToken userToken, ManageInboxRule.ThrowTerminatingErrorDelegate errorHandler) { if (!ManageInboxRule.TryValidateFolderId(folderId, getUserHandler, getFolderHandler, resolveUserSession, adUser, errorHandler)) { return(null); } MailboxFolder result; using (MailboxFolderDataProvider mailboxFolderDataProvider = new MailboxFolderDataProvider(sessionSettings, adUser, userToken, "ResolveMailboxFolder")) { result = (MailboxFolder)getFolderHandler(folderId, mailboxFolderDataProvider, null, null, new LocalizedString?(Strings.ErrorMailboxFolderNotFound(folderId.ToString())), new LocalizedString?(Strings.ErrorMailboxFolderNotUnique(folderId.ToString()))); } return(result); }
public XsoMailboxDataProviderBase(ADSessionSettings adSessionSettings, ADUser mailboxOwner, ISecurityAccessToken userToken, string action) : this(XsoStoreDataProviderBase.GetExchangePrincipalWithAdSessionSettingsForOrg(adSessionSettings.CurrentOrganizationId, mailboxOwner), userToken, action) { this.MailboxOwner = mailboxOwner; }
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken) { if (this.ExtendedProperties.IsPresent) { return(new MailboxDiagnosticLogsDataProvider(principal, "ExportMailboxDiagnosticLogs")); } return(new MailboxDiagnosticLogsDataProvider(this.ComponentName, principal, "ExportMailboxDiagnosticLogs")); }
public VersionedXmlDataProvider(ExchangePrincipal mailboxOwner, ISecurityAccessToken userToken, string action) : base(mailboxOwner, userToken, action) { }
public XsoDictionaryDataProvider(ExchangePrincipal mailboxOwner, ISecurityAccessToken userToken, string action) : base(mailboxOwner, userToken, action) { }
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken) { return(new VersionedXmlDataProvider(principal, "Get-TextMessagingAccount")); }
// Token: 0x06001043 RID: 4163 RVA: 0x0004EE39 File Offset: 0x0004D039 public RbacScope(ScopeType scopeType, ISecurityAccessToken securityAccessToken) { this.scopeType = scopeType; this.securityAccessToken = securityAccessToken; }
internal static RbacScope GetRecipientWriteRbacScope(RecipientWriteScopeType recipientWriteScope, ADObjectId customRecipientWriteScope, Dictionary <ADObjectId, ManagementScope> scopeCache, ISecurityAccessToken securityAccessToken, bool isEndUserRole) { RbacScope result = null; switch (recipientWriteScope) { case RecipientWriteScopeType.None: case RecipientWriteScopeType.Organization: case RecipientWriteScopeType.Self: case RecipientWriteScopeType.MyDirectReports: case RecipientWriteScopeType.MyDistributionGroups: case RecipientWriteScopeType.MyExecutive: return(new RbacScope((ScopeType)recipientWriteScope, isEndUserRole)); case RecipientWriteScopeType.NotApplicable: return(new RbacScope(ScopeType.NotApplicable, isEndUserRole)); case RecipientWriteScopeType.MyGAL: case RecipientWriteScopeType.MailboxICanDelegate: return(new RbacScope((ScopeType)recipientWriteScope, securityAccessToken, isEndUserRole)); case RecipientWriteScopeType.OU: return(new RbacScope(ScopeType.OU, customRecipientWriteScope, isEndUserRole)); case RecipientWriteScopeType.CustomRecipientScope: case RecipientWriteScopeType.ExclusiveRecipientScope: { ManagementScope managementScope = scopeCache[customRecipientWriteScope]; if (managementScope != null) { return(new RbacScope((ScopeType)recipientWriteScope, managementScope, isEndUserRole)); } return(result); } } result = null; return(result); }
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken) { return(new VersionedXmlDataProvider(principal, "Get-CalendarNotification")); }
internal static MailboxSession OpenMailboxSessionAsOwner(ExchangePrincipal principal, ISecurityAccessToken userToken, string taskName) { TaskLogger.LogEnter(); MailboxSession result = null; if (principal == null) { throw new ArgumentNullException("principal"); } if (string.IsNullOrEmpty(taskName)) { throw new ArgumentNullException("taskName"); } if (userToken == null) { result = MailboxSession.Open(principal, new WindowsPrincipal(WindowsIdentity.GetCurrent()), CultureInfo.InvariantCulture, string.Format("Client=Management;Action={0}", taskName)); } else { try { using (ClientSecurityContext clientSecurityContext = new ClientSecurityContext(userToken, AuthzFlags.AuthzSkipTokenGroups)) { clientSecurityContext.SetSecurityAccessToken(userToken); result = MailboxSession.Open(principal, clientSecurityContext, CultureInfo.InvariantCulture, string.Format("Client=Management;Action={0}", taskName)); } } catch (AuthzException ex) { throw new AccessDeniedException(new LocalizedString(ex.Message)); } } TaskLogger.LogExit(); return(result); }
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken) { return(new MailboxJunkEmailConfigurationDataProvider(principal, base.TenantGlobalCatalogSession, "Get-MailboxJunkEmailConfiguration")); }
internal override IConfigDataProvider CreateXsoMailboxDataProvider(ExchangePrincipal principal, ISecurityAccessToken userToken) { XsoDictionaryDataProvider xsoDictionaryDataProvider = new XsoDictionaryDataProvider(principal, "Set-MailboxMessageConfiguration"); this.mailboxSession = xsoDictionaryDataProvider.MailboxSession; return(xsoDictionaryDataProvider); }