protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
base.InternalProcessRecord();
ExtendedProtection.CommitToMetabase(this.DataObject, this);
TaskLogger.LogExit();
}
public static void LoadFromMetabase(string metabasePath, ObjectId identity, Task task, out ExtendedProtectionTokenCheckingMode extendedProtectionTokenChecking, out MultiValuedProperty <ExtendedProtectionFlag> extendedProtectionFlags, out MultiValuedProperty <string> extendedProtectionSPNList)
{
extendedProtectionTokenChecking = ExtendedProtectionTokenCheckingMode.None;
extendedProtectionFlags = new MultiValuedProperty <ExtendedProtectionFlag>();
extendedProtectionSPNList = new MultiValuedProperty <string>();
using (DirectoryEntry directoryEntry = IisUtility.CreateIISDirectoryEntry(metabasePath, (task != null) ? new Task.TaskErrorLoggingReThrowDelegate(task.WriteError) : null, identity, false))
{
if (directoryEntry != null)
{
string text;
string str;
string str2;
if (ExtendedProtection.GetServerWebSiteAndPath(metabasePath, out text, out str, out str2))
{
using (ServerManager serverManager = ServerManager.OpenRemote(text))
{
Configuration applicationHostConfiguration = serverManager.GetApplicationHostConfiguration();
if (applicationHostConfiguration != null)
{
ConfigurationSection section = applicationHostConfiguration.GetSection("system.webServer/security/authentication/windowsAuthentication", "/" + str + str2);
if (section != null)
{
ConfigurationElement configurationElement = section.ChildElements["extendedProtection"];
if (configurationElement != null)
{
object attributeValue = configurationElement.GetAttributeValue("tokenChecking");
if (attributeValue != null && attributeValue is int)
{
extendedProtectionTokenChecking = (ExtendedProtectionTokenCheckingMode)attributeValue;
}
object attributeValue2 = configurationElement.GetAttributeValue("flags");
if (attributeValue2 != null && attributeValue2 is int)
{
extendedProtectionFlags.Add((ExtendedProtectionFlag)attributeValue2);
}
ConfigurationElementCollection collection = configurationElement.GetCollection();
if (collection != null)
{
foreach (ConfigurationElement configurationElement2 in collection)
{
if (configurationElement2.Schema.Name == "spn")
{
string item = configurationElement2.GetAttributeValue("name").ToString();
extendedProtectionSPNList.Add(item);
}
}
}
}
}
}
}
}
}
}
}
public static void LoadFromMetabase(ExchangeVirtualDirectory exchangeVirtualDirectory, Task task)
{
if (exchangeVirtualDirectory.ExchangeVersion.IsOlderThan(ExchangeObjectVersion.Exchange2010))
{
return;
}
string metabasePath = exchangeVirtualDirectory.MetabasePath;
ExtendedProtectionTokenCheckingMode extendedProtectionTokenCheckingMode;
MultiValuedProperty <ExtendedProtectionFlag> extendedProtectionFlags;
MultiValuedProperty <string> extendedProtectionSPNList;
ExtendedProtection.LoadFromMetabase(metabasePath, exchangeVirtualDirectory.Identity, task, out extendedProtectionTokenCheckingMode, out extendedProtectionFlags, out extendedProtectionSPNList);
exchangeVirtualDirectory[ExchangeVirtualDirectorySchema.ExtendedProtectionTokenChecking] = extendedProtectionTokenCheckingMode;
exchangeVirtualDirectory.ExtendedProtectionFlags = extendedProtectionFlags;
exchangeVirtualDirectory.ExtendedProtectionSPNList = extendedProtectionSPNList;
}
private static void UpdateSubDirectory(ADMobileVirtualDirectory dataObject, string vdirPath, Task task)
{
if (IisUtility.Exists(vdirPath))
{
using (DirectoryEntry directoryEntry = IisUtility.CreateIISDirectoryEntry(vdirPath))
{
IisUtility.SetAuthenticationMethod(directoryEntry, AuthenticationMethodFlags.None, false);
IisUtility.SetAuthenticationMethod(directoryEntry, AuthenticationMethodFlags.WindowsIntegrated, true);
IisUtility.SetProperty(directoryEntry, "AccessFlags", MetabasePropertyTypes.AccessFlags.Script, true);
directoryEntry.CommitChanges();
}
}
if (dataObject.ProxyVirtualDirectoryObject != null)
{
MobileSyncVirtualDirectoryHelper.CopyProxyExtendedParameters(dataObject);
ExtendedProtection.CommitToMetabase(dataObject.ProxyVirtualDirectoryObject, task);
}
}
protected override void InternalValidate()
{
base.InternalValidate();
if (base.HasErrors)
{
return;
}
T dataObject = this.DataObject;
string hostName = IisUtility.GetHostName(dataObject.MetabasePath);
try
{
if (!new IisVersionValidCondition(hostName).Verify())
{
Exception exception = new ArgumentException(Strings.ErrorIisVersionIsInvalid(hostName), "Server");
ErrorCategory category = ErrorCategory.InvalidArgument;
T dataObject2 = this.DataObject;
base.WriteError(exception, category, dataObject2.Identity);
return;
}
}
catch (IOException innerException)
{
Exception exception2 = new ArgumentException(Strings.ErrorCannotDetermineIisVersion(hostName), "Server", innerException);
ErrorCategory category2 = ErrorCategory.InvalidArgument;
T dataObject3 = this.DataObject;
base.WriteError(exception2, category2, dataObject3.Identity);
}
catch (InvalidOperationException innerException2)
{
Exception exception3 = new ArgumentException(Strings.ErrorCannotDetermineIisVersion(hostName), "Server", innerException2);
ErrorCategory category3 = ErrorCategory.InvalidArgument;
T dataObject4 = this.DataObject;
base.WriteError(exception3, category3, dataObject4.Identity);
}
ExtendedProtection.Validate(this, this.DataObject);
base.VerifyIsWithinScopes((IConfigurationSession)base.DataSession, this.DataObject, true, new DataAccessTask <T> .ADObjectOutOfScopeString(Strings.ErrorCannotSetVirtualDirectoryOutOfWriteScope));
TaskLogger.LogExit();
}
public static void CommitToMetabase(ExchangeVirtualDirectory exchangeVirtualDirectory, Task task)
{
if (exchangeVirtualDirectory.ExchangeVersion.IsOlderThan(ExchangeObjectVersion.Exchange2010))
{
return;
}
bool flag = task.Fields.IsModified("ExtendedProtectionTokenChecking");
bool flag2 = task.Fields.IsModified("ExtendedProtectionFlags");
bool flag3 = task.Fields.IsModified("ExtendedProtectionSPNList");
if (flag || flag2 || flag3)
{
string metabasePath = exchangeVirtualDirectory.MetabasePath;
using (DirectoryEntry directoryEntry = IisUtility.CreateIISDirectoryEntry(metabasePath, new Task.TaskErrorLoggingReThrowDelegate(task.WriteError), exchangeVirtualDirectory.Identity))
{
if (directoryEntry != null)
{
string text;
string text2;
string text3;
if (ExtendedProtection.GetServerWebSiteAndPath(metabasePath, out text, out text2, out text3))
{
if (!ExtendedProtection.WebConfigReflectionHelper.IsExtendedProtectionSupported(task))
{
TaskLogger.Trace("Warning: ExtendedProtectionPolicy has not been added to HttpTransportElement of web.config. Install the operating system update(s) specified in KB {0} onto server {1} and try again.", new object[]
{
"981205",
text
});
task.WriteWarning(Strings.WarnExtendedProtectionIsNotEnabled(text, "981205"));
}
else
{
string text4 = "/" + text2 + text3;
using (ServerManager serverManager = ServerManager.OpenRemote(text))
{
Configuration applicationHostConfiguration = serverManager.GetApplicationHostConfiguration();
if (applicationHostConfiguration != null)
{
ConfigurationSection section = applicationHostConfiguration.GetSection("system.webServer/security/authentication/windowsAuthentication", text4);
if (section != null)
{
ConfigurationElement configurationElement = section.ChildElements["extendedProtection"];
if (configurationElement != null)
{
if (flag)
{
int num = (int)exchangeVirtualDirectory[ExchangeVirtualDirectorySchema.ExtendedProtectionTokenChecking];
configurationElement.SetAttributeValue("tokenChecking", num);
}
if (flag2)
{
int num2 = (int)exchangeVirtualDirectory[ExchangeVirtualDirectorySchema.ExtendedProtectionFlags];
configurationElement.SetAttributeValue("flags", num2);
}
if (flag3)
{
ConfigurationElementCollection collection = configurationElement.GetCollection();
collection.Clear();
foreach (string text5 in exchangeVirtualDirectory.ExtendedProtectionSPNList)
{
ConfigurationElement configurationElement2 = collection.CreateElement("spn");
configurationElement2.SetAttributeValue("name", text5);
collection.Add(configurationElement2);
}
}
ExtendedProtection.WebConfigReflectionHelper.CommitToWebConfigMWA(exchangeVirtualDirectory, task, text3, text2, text, flag, flag3);
serverManager.CommitChanges();
return;
}
TaskLogger.Trace("Warning: Extended protection has not been enabled. Install the operating system update specified in KB {0} onto server {1} and try again.", new object[]
{
"973917",
text
});
task.WriteWarning(Strings.WarnExtendedProtectionIsNotEnabled(text, "973917"));
return;
}
}
TaskLogger.Trace("Error:ApplicationHost.config or {0} is not found for virtual directory with metabase path '{1}' and local path '{2}'.", new object[]
{
"system.webServer/security/authentication/windowsAuthentication",
metabasePath,
text4
});
task.WriteError(new ArgumentException(Strings.ErrorAppHostOrWindowsAuthenticationNotFound("system.webServer/security/authentication/windowsAuthentication", metabasePath, text4)), ErrorCategory.ObjectNotFound, exchangeVirtualDirectory.Identity);
}
}
}
}
}
}
}
protected virtual void InternalProcessMetabase()
{
ExtendedProtection.CommitToMetabase(this.DataObject, this);
}
protected override void InternalValidate()
{
object[] array = new object[1];
object[] array2 = array;
int num = 0;
T dataObject = this.DataObject;
array2[num] = dataObject.Identity;
TaskLogger.LogEnter(array);
base.InternalValidate();
if (base.HasErrors)
{
return;
}
string fqdn = base.OwningServer.Fqdn;
string text = base.Name.ToString();
if (string.IsNullOrEmpty(this.WebSiteName))
{
if (this.Role == VirtualDirectoryRole.ClientAccess)
{
this.WebSiteName = IisUtility.GetWebSiteName(IisUtility.CreateAbsolutePath(IisUtility.AbsolutePathType.WebSiteRoot, fqdn, "/W3SVC/1/ROOT", null));
this.ApplicationRoot = "/W3SVC/1/ROOT";
}
else
{
this.WebSiteName = "Exchange Back End";
}
}
if (string.Empty.Equals(this.AppPoolId))
{
Exception exception = new ArgumentException(Strings.ErrorAppPoolIdCannotBeEmpty, "AppPoolId");
ErrorCategory category = ErrorCategory.InvalidArgument;
T dataObject2 = this.DataObject;
base.WriteError(exception, category, dataObject2.Identity);
}
try
{
if (!new IisVersionValidCondition(fqdn).Verify())
{
Exception exception2 = new ArgumentException(Strings.ErrorIisVersionIsInvalid(fqdn), "Server");
ErrorCategory category2 = ErrorCategory.InvalidArgument;
T dataObject3 = this.DataObject;
base.WriteError(exception2, category2, dataObject3.Identity);
}
}
catch (IOException innerException)
{
Exception exception3 = new ArgumentException(Strings.ErrorCannotDetermineIisVersion(fqdn), "Server", innerException);
ErrorCategory category3 = ErrorCategory.InvalidArgument;
T dataObject4 = this.DataObject;
base.WriteError(exception3, category3, dataObject4.Identity);
}
catch (InvalidOperationException innerException2)
{
Exception exception4 = new ArgumentException(Strings.ErrorCannotDetermineIisVersion(fqdn), "Server", innerException2);
ErrorCategory category4 = ErrorCategory.InvalidArgument;
T dataObject5 = this.DataObject;
base.WriteError(exception4, category4, dataObject5.Identity);
}
try
{
if (!new WebSiteExistsCondition(fqdn, this.WebSiteName).Verify())
{
Exception exception5 = new ArgumentException(Strings.ErrorWebSiteNotExists(this.WebSiteName, fqdn), "WebSiteName");
ErrorCategory category5 = ErrorCategory.InvalidArgument;
T dataObject6 = this.DataObject;
base.WriteError(exception5, category5, dataObject6.Identity);
}
if (string.IsNullOrEmpty(this.ApplicationRoot))
{
this.ApplicationRoot = IisUtility.FindWebSiteRootPath(this.WebSiteName, fqdn);
}
}
catch (IisUtilityCannotDisambiguateWebSiteException innerException3)
{
Exception exception6 = new ArgumentException(Strings.ErrorWebsiteAmbiguousInIIS(this.WebSiteName, fqdn), "WebSiteName", innerException3);
ErrorCategory category6 = ErrorCategory.InvalidArgument;
T dataObject7 = this.DataObject;
base.WriteError(exception6, category6, dataObject7.Identity);
}
T dataObject8 = this.DataObject;
T dataObject9 = this.DataObject;
dataObject8.SetId(new ADObjectId(dataObject9.Server.DistinguishedName).GetDescendantId("Protocols", "HTTP", new string[]
{
string.Format("{0} ({1})", base.Name, this.WebSiteName)
}));
if (this.FailOnVirtualDirectoryADObjectAlreadyExists())
{
IConfigDataProvider dataSession = base.DataSession;
T dataObject10 = this.DataObject;
if (dataSession.Read <T>(dataObject10.Identity) != null)
{
string virtualDirectoryName = text;
T dataObject11 = this.DataObject;
Exception exception7 = new ArgumentException(Strings.ErrorVirtualDirectoryADObjectAlreadyExists(virtualDirectoryName, dataObject11.DistinguishedName), "VirtualDirectoryName");
ErrorCategory category7 = ErrorCategory.InvalidArgument;
T dataObject12 = this.DataObject;
base.WriteError(exception7, category7, dataObject12.Identity);
}
}
if (this.FailOnVirtualDirectoryAlreadyExists() && new VirtualDirectoryExistsCondition(fqdn, this.WebSiteName, text).Verify())
{
Exception exception8 = new ArgumentException(Strings.ErrorVirtualDirectoryAlreadyExists(text, this.WebSiteName, fqdn), "VirtualDirectoryName");
ErrorCategory category8 = ErrorCategory.InvalidArgument;
T dataObject13 = this.DataObject;
base.WriteError(exception8, category8, dataObject13.Identity);
}
T dataObject14 = this.DataObject;
dataObject14.MetabasePath = string.Format("IIS://{0}{1}/{2}", fqdn, IisUtility.FindWebSiteRootPath(this.WebSiteName, fqdn), text);
ExtendedProtection.Validate(this, this.DataObject);
TaskLogger.LogExit();
}
protected virtual void ProcessMetabaseProperties(ExchangeVirtualDirectory dataObject)
{
dataObject.Path = (string)IisUtility.GetIisPropertyValue("Path", this.MetabaseProperties);
ExtendedProtection.LoadFromMetabase(dataObject, this);
}
public static void ReadFromMetabase(ADMobileVirtualDirectory vdirObject, Task task)
{
MetabasePropertyTypes.AccessSSLFlags accessSSLFlags = MetabasePropertyTypes.AccessSSLFlags.AccessSSL | MetabasePropertyTypes.AccessSSLFlags.AccessSSLNegotiateCert | MetabasePropertyTypes.AccessSSLFlags.AccessSSLRequireCert;
string metabasePath = vdirObject.MetabasePath;
if (string.IsNullOrEmpty(metabasePath))
{
return;
}
MetabaseProperty[] array = null;
using (DirectoryEntry directoryEntry = IisUtility.CreateIISDirectoryEntry(metabasePath))
{
array = IisUtility.GetProperties(directoryEntry);
}
uint num = 0U;
bool flag = false;
foreach (MetabaseProperty metabaseProperty in array)
{
if (string.Equals(metabaseProperty.Name, "AuthFlags", StringComparison.OrdinalIgnoreCase))
{
object value = metabaseProperty.Value;
if (value != null)
{
MetabasePropertyTypes.AuthFlags authFlags = (MetabasePropertyTypes.AuthFlags)((int)value);
vdirObject.BasicAuthEnabled = ((authFlags & MetabasePropertyTypes.AuthFlags.Basic) == MetabasePropertyTypes.AuthFlags.Basic);
vdirObject.WindowsAuthEnabled = ((authFlags & MetabasePropertyTypes.AuthFlags.Ntlm) == MetabasePropertyTypes.AuthFlags.Ntlm);
}
num += 1U;
}
else if (string.Equals(metabaseProperty.Name, "DoDynamicCompression", StringComparison.OrdinalIgnoreCase))
{
object value2 = metabaseProperty.Value;
if (value2 != null)
{
vdirObject.CompressionEnabled = (bool)value2;
}
num += 1U;
}
else if (string.Equals(metabaseProperty.Name, "AccessSSLFlags", StringComparison.OrdinalIgnoreCase))
{
int?num2 = (int?)metabaseProperty.Value;
if (num2 != null)
{
if ((num2.Value & (int)accessSSLFlags) == (int)accessSSLFlags)
{
vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Required);
}
else if ((num2.Value & 32) == 32)
{
vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Accepted);
}
else
{
vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Ignore);
}
if ((num2.Value & 8) == 8)
{
vdirObject.WebSiteSSLEnabled = true;
}
else
{
vdirObject.WebSiteSSLEnabled = false;
}
}
else
{
vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Ignore);
vdirObject.WebSiteSSLEnabled = false;
}
flag = true;
num += 1U;
}
else if (string.Equals(metabaseProperty.Name, "AppFriendlyName", StringComparison.OrdinalIgnoreCase))
{
object value3 = metabaseProperty.Value;
if (value3 != null)
{
vdirObject.VirtualDirectoryName = (string)value3;
}
num += 1U;
}
else if (num == 4U)
{
break;
}
}
if (!flag)
{
int startIndex = metabasePath.LastIndexOf('/');
string iisDirectoryEntryPath = metabasePath.Remove(startIndex);
using (DirectoryEntry directoryEntry2 = IisUtility.CreateIISDirectoryEntry(iisDirectoryEntryPath))
{
int?num3 = (int?)directoryEntry2.Properties["AccessSSLFlags"].Value;
if (num3 != null)
{
if ((num3.Value & (int)accessSSLFlags) == (int)accessSSLFlags)
{
vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Required);
}
else if ((num3.Value & 32) == 32)
{
vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Accepted);
}
else
{
vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Ignore);
}
if ((num3.Value & 8) == 8)
{
vdirObject.WebSiteSSLEnabled = true;
}
else
{
vdirObject.WebSiteSSLEnabled = false;
}
}
else
{
vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Ignore);
vdirObject.WebSiteSSLEnabled = false;
}
}
}
char[] separator = new char[]
{
'/'
};
string[] array3 = metabasePath.Split(separator);
int num4 = array3.Length - 2;
if (num4 <= 0)
{
return;
}
StringBuilder stringBuilder = new StringBuilder(47);
for (int j = 0; j < num4; j++)
{
stringBuilder.Append(array3[j]);
if (j < num4 - 1)
{
stringBuilder.Append('/');
}
}
using (DirectoryEntry directoryEntry3 = IisUtility.CreateIISDirectoryEntry(stringBuilder.ToString()))
{
array = IisUtility.GetProperties(directoryEntry3);
}
MetabaseProperty[] array4 = array;
int k = 0;
while (k < array4.Length)
{
MetabaseProperty metabaseProperty2 = array4[k];
if (string.Compare(metabaseProperty2.Name, "ServerComment", true) == 0)
{
object value4 = metabaseProperty2.Value;
if (value4 != null)
{
vdirObject.WebsiteName = (string)value4;
break;
}
break;
}
else
{
k++;
}
}
vdirObject.InitProxyVDirDataObject();
ExtendedProtection.LoadFromMetabase(vdirObject, task);
}
