private EmailAddressWrapper[] GetCertsFromDirectory(Participant p, bool isCurrent)
{
bool flag = false;
EmailAddressWrapper[] result;
try
{
this.timeoutTimeForDLExpansion = new ExDateTime?(ExDateTime.UtcNow.AddMilliseconds(this.smimeAdminOptions.DLExpansionTimeout));
ADRawEntry adentry = ((DirectoryParticipantOrigin)p.Origin).ADEntry;
if (adentry == null)
{
result = this.GetCurrent(p, isCurrent, "Unknown");
}
else if (this.IsHiddenMembership(adentry))
{
result = this.GetCurrent(p, isCurrent, "PublicDL");
}
else
{
Dictionary <string, EmailAddressWrapper> invalidRecipients = new Dictionary <string, EmailAddressWrapper>();
Action <ADRawEntry> addInvalidRecipient = delegate(ADRawEntry recipient)
{
invalidRecipients[recipient[ADObjectSchema.Id].ToString()] = this.GetEmailAddressWrapper(recipient);
};
Action <ADRawEntry> addCertsOrInvalidRecipients = delegate(ADRawEntry recipient)
{
try
{
string text = recipient[ADRecipientSchema.LegacyExchangeDN] as string;
if (text == null)
{
addInvalidRecipient(recipient);
}
else
{
text = text.ToLower();
byte[][] array = this.MultiValuePropertyToByteArray(recipient[ADRecipientSchema.Certificate] as MultiValuedProperty <byte[]>);
byte[][] array2 = this.MultiValuePropertyToByteArray(recipient[ADRecipientSchema.SMimeCertificate] as MultiValuedProperty <byte[]>);
if (array.Length == 0 && array2.Length == 0)
{
addInvalidRecipient(recipient);
}
else
{
string[] array3;
if (this.smimeAdminOptions.UseSecondaryProxiesWhenFindingCertificates)
{
ProxyAddressCollection proxyAddressCollection = recipient[ADRecipientSchema.EmailAddresses] as ProxyAddressCollection;
if (proxyAddressCollection != null && proxyAddressCollection.Count > 0)
{
array3 = new string[proxyAddressCollection.Count];
for (int i = 0; i < proxyAddressCollection.Count; i++)
{
array3[i] = proxyAddressCollection[i].AddressString;
}
}
else
{
array3 = new string[]
{
recipient[ADRecipientSchema.PrimarySmtpAddress].ToString()
};
}
}
else
{
array3 = new string[]
{
recipient[ADRecipientSchema.PrimarySmtpAddress].ToString()
};
}
X509Certificate2 x509Certificate = this.FindBestCert(array3, false, new byte[][][]
{
array,
array2
});
if (x509Certificate != null)
{
this.AddCertToCurrentParticipant(x509Certificate.RawData);
}
else
{
addInvalidRecipient(recipient);
}
}
}
}
catch (Exception ex3)
{
this.LogException(ex3, "Error occurred when getting cert from Directory User: {0}", new object[]
{
recipient.GetDistinguishedNameOrName()
});
addInvalidRecipient(recipient);
}
};
if (flag = this.IsDistributionList(adentry))
{
ADRecipientExpansion.HandleRecipientDelegate handleRecipient = delegate(ADRawEntry recipient, ExpansionType recipientExpansionType, ADRawEntry parent, ExpansionType parentExpansionType)
{
if (this.IsDLExpansionTimedOut())
{
throw new TimeoutException("The DL expansion is timeout.");
}
if (this.IsHiddenMembership(recipient))
{
addInvalidRecipient(recipient);
return(ExpansionControl.Skip);
}
if (!this.IsDistributionList(recipient))
{
addCertsOrInvalidRecipients(recipient);
}
return(ExpansionControl.Continue);
};
ADRecipientExpansion.HandleFailureDelegate handleFailure = delegate(ExpansionFailure failure, ADRawEntry recipient, ExpansionType recipientExpansionType, ADRawEntry parent, ExpansionType parentExpansionType)
{
if (this.IsDLExpansionTimedOut())
{
throw new TimeoutException("The DL expansion is timeout.");
}
ExTraceGlobals.RequestTracer.TraceDebug <string, string, ExpansionFailure>((long)this.GetHashCode(), "Error occured when expanding DL: {0}: {1} {2}", recipient.GetDistinguishedNameOrName(), failure.ToString(), failure);
addInvalidRecipient(recipient);
return(ExpansionControl.Continue);
};
try
{
this.adRecipientExpansion.Expand(adentry, handleRecipient, handleFailure);
goto IL_13C;
}
catch (Exception ex)
{
this.LogException(ex, "Error occurred when expanding PublicDL: {0}", new object[]
{
adentry.GetDistinguishedNameOrName()
});
addInvalidRecipient(adentry);
goto IL_13C;
}
}
addCertsOrInvalidRecipients(adentry);
IL_13C:
if (invalidRecipients.Count > 0)
{
Queue <EmailAddressWrapper> queue = new Queue <EmailAddressWrapper>(invalidRecipients.Count);
foreach (EmailAddressWrapper item in invalidRecipients.Values)
{
queue.Enqueue(item);
}
result = queue.ToArray();
}
else
{
result = null;
}
}
}
catch (Exception ex2)
{
this.LogException(ex2, "Error occurred when getting cert from Directory Object: {0}", new object[]
{
this.ParticipantToString(p)
});
result = this.GetCurrent(p, isCurrent, flag ? "PublicDL" : "MailBox");
}
return(result);
}
public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
{
if (adObject == null)
{
throw new ArgumentNullException("adObject");
}
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering RichCoexistenceCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
if (!adObject.propertyBag.Contains(IADMailStorageSchema.RemoteRecipientType))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "RichCoexistenceCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'. Object doesnt have 'RemoteRecipientType' property", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.NotApplicable);
}
if (OpathFilterEvaluator.FilterMatches(RichCoexistenceCapabilityIdentifierEvaluator.filter, adObject))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "RichCoexistenceCapabilityIdentifierEvaluator.Evaluate('{0}') adObject has RemoteRecipientType set. CapabilityToCheck '{1}'. ", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
return(base.Evaluate(adObject));
}
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "RichCoexistenceCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.No.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.No);
}
public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
{
if (adObject == null)
{
throw new ArgumentNullException("adObject");
}
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering SimpleCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
if (!adObject.propertyBag.Contains(SharedPropertyDefinitions.RawCapabilities))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "SimpleCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - object doesn't have the Capabilities property.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.NotApplicable);
}
CapabilityEvaluationResult capabilityEvaluationResult;
if (OpathFilterEvaluator.FilterMatches(this.filter, adObject))
{
capabilityEvaluationResult = CapabilityEvaluationResult.Yes;
}
else
{
capabilityEvaluationResult = CapabilityEvaluationResult.No;
}
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "SimpleCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
return(capabilityEvaluationResult);
}
public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
{
if (adObject == null)
{
throw new ArgumentNullException("adObject");
}
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
CapabilityEvaluationResult capabilityEvaluationResult = CapabilityEvaluationResult.NotApplicable;
ADUser aduser = adObject as ADUser;
ReducedRecipient reducedRecipient = adObject as ReducedRecipient;
if (aduser == null && reducedRecipient == null)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - adObject in not ADUser/ReducedRecipient.", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
return(capabilityEvaluationResult);
}
SmtpAddress value = (aduser != null) ? aduser.WindowsLiveID : reducedRecipient.WindowsLiveID;
if (value == SmtpAddress.Empty || value.Domain == null)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - user/recipient is not Live enabled.", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
return(capabilityEvaluationResult);
}
OrganizationId organizationId = (aduser != null) ? aduser.OrganizationId : reducedRecipient.OrganizationId;
if (organizationId == null || OrganizationId.ForestWideOrgId.Equals(organizationId))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - user/recipient does not belong to tenant scope.", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
return(capabilityEvaluationResult);
}
IConfigurationSession tenantScopedSystemConfigurationSession = base.GetTenantScopedSystemConfigurationSession(organizationId);
ExchangeConfigurationUnit exchangeConfigurationUnit = tenantScopedSystemConfigurationSession.Read <ExchangeConfigurationUnit>(organizationId.ConfigurationUnit);
if (exchangeConfigurationUnit == null)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - user/recipient does is not in tenant scope.", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
return(capabilityEvaluationResult);
}
capabilityEvaluationResult = (((exchangeConfigurationUnit.ObjectVersion < 13000) ? exchangeConfigurationUnit.IsFederated : FederatedUserCapabilityIdentifierEvaluator.IsNamespaceFederated(organizationId, value.Domain)) ? CapabilityEvaluationResult.Yes : CapabilityEvaluationResult.No);
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
return(capabilityEvaluationResult);
}
public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
{
if (adObject == null)
{
throw new ArgumentNullException("adObject");
}
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering UMFeatureRestrictedCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
if (!Datacenter.IsMultiTenancyEnabled())
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - not datacenter mode.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.NotApplicable);
}
CountryInfo countryInfo = (CountryInfo)adObject[ADRecipientSchema.UsageLocation];
if (null == countryInfo)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "UMFeatureRestrictedCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - UsageLocation is '<NULL>'.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.NotApplicable);
}
CountryList countryList = CountryListIdCache.Singleton.Get(UMFeatureRestrictedCapabilityIdentifierEvaluator.UMCountryListKey);
if (countryList == null)
{
ExTraceGlobals.AccessCheckTracer.TraceWarning <string, string, string>((long)this.GetHashCode(), "UMFeatureRestrictedCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - Cache lookup returned '<NULL>'.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.Yes.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.Yes);
}
if (countryList.Countries.Contains(countryInfo))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "UMFeatureRestrictedCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.No.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.No);
}
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "UMFeatureRestrictedCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.Yes.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.Yes);
}
public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
{
if (adObject == null)
{
throw new ArgumentNullException("adObject");
}
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering ResourceMailboxCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
CapabilityEvaluationResult capabilityEvaluationResult = CapabilityEvaluationResult.NotApplicable;
ADRecipient adrecipient = adObject as ADRecipient;
if (!(adObject is ReducedRecipient) && adrecipient == null)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "ResourceMailboxCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - adObject in not ReducedRecipient or ADUser.", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
return(capabilityEvaluationResult);
}
capabilityEvaluationResult = ((adObject[ReducedRecipientSchema.ResourceType] != null) ? CapabilityEvaluationResult.Yes : CapabilityEvaluationResult.No);
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "ResourceMailboxCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
return(capabilityEvaluationResult);
}
protected override bool InternalTryValidate(ADRawEntry adObject, out RuleValidationException validationException)
{
validationException = null;
OrganizationValidationRuleDefinition organizationValidationRuleDefinition = base.RuleDefinition as OrganizationValidationRuleDefinition;
if (!Datacenter.IsMultiTenancyEnabled())
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, bool>((long)this.GetHashCode(), "OrganizationValidationRule.InternalTryValidate('{0}') return '{1}'. - not datacenter mode.", adObject.GetDistinguishedNameOrName(), true);
return(true);
}
OrganizationId organizationId = (OrganizationId)adObject[ADObjectSchema.OrganizationId];
ADSessionSettings sessionSettings = OrganizationId.ForestWideOrgId.Equals(organizationId) ? ADSessionSettings.FromRootOrgScopeSet() : ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId);
IConfigurationSession session = DirectorySessionFactory.Default.CreateTenantConfigurationSession(adObject.OriginatingServer, true, ConsistencyMode.IgnoreInvalid, sessionSettings, 377, "InternalTryValidate", "f:\\15.00.1497\\sources\\dev\\data\\src\\directory\\ValidationRules\\ValidationRule.cs");
ExchangeConfigurationUnit exchangeConfigurationUnit = ProvisioningCache.Instance.TryAddAndGetOrganizationData <ExchangeConfigurationUnit>(CannedProvisioningCacheKeys.OrganizationCUContainer, organizationId, () => session.Read <ExchangeConfigurationUnit>(organizationId.ConfigurationUnit));
if (exchangeConfigurationUnit == null)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, bool>((long)this.GetHashCode(), "OrganizationValidationRule.InternalTryValidate('{0}') return '{1}'. - organization (ExchangeConfigurationUnit) object is not found.", adObject.GetDistinguishedNameOrName(), true);
return(true);
}
foreach (ValidationRuleExpression validationRuleExpression in organizationValidationRuleDefinition.OverridingAllowExpressions)
{
bool flag = true;
foreach (PropertyDefinition propertyDefinition in validationRuleExpression.QueryFilter.FilterProperties())
{
if (!exchangeConfigurationUnit.propertyBag.Contains((ProviderPropertyDefinition)propertyDefinition))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "ExpressionFilterValidationRule.InternalTryValidate({0}). Missing Property {1}.", exchangeConfigurationUnit.GetDistinguishedNameOrName(), propertyDefinition.Name);
flag = false;
break;
}
}
if (flag && OpathFilterEvaluator.FilterMatches(validationRuleExpression.QueryFilter, exchangeConfigurationUnit))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, bool, string>((long)this.GetHashCode(), "OrganizationValidationRule.InternalTryValidate('{0}') return '{1}'. - matched filter: {2}.", adObject.GetDistinguishedNameOrName(), true, validationRuleExpression.QueryString);
return(true);
}
}
foreach (ValidationRuleExpression validationRuleExpression2 in organizationValidationRuleDefinition.RestrictionExpressions)
{
bool flag2 = true;
foreach (PropertyDefinition propertyDefinition2 in validationRuleExpression2.QueryFilter.FilterProperties())
{
if (!exchangeConfigurationUnit.propertyBag.Contains((ProviderPropertyDefinition)propertyDefinition2))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "ExpressionFilterValidationRule.InternalTryValidate({0}). Missing Property {1}.", exchangeConfigurationUnit.GetDistinguishedNameOrName(), propertyDefinition2.Name);
flag2 = false;
break;
}
}
if (flag2 && OpathFilterEvaluator.FilterMatches(validationRuleExpression2.QueryFilter, exchangeConfigurationUnit))
{
validationException = new RuleValidationException(base.GetValidationRuleErrorMessage(adObject, validationRuleExpression2.QueryString));
return(false);
}
}
return(true);
}
public bool TryValidate(ADRawEntry adObject, out RuleValidationException validationException)
{
if (adObject == null)
{
throw new ArgumentNullException("adObject");
}
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "Entering {0}.TryValidate({1}). Rule {2}.", base.GetType().Name, adObject.GetDistinguishedNameOrName(), this.ruleDefinition.Name);
bool result = this.InternalTryValidate(adObject, out validationException);
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "{0}.TryValidate({1}). returns {2}", base.GetType().Name, adObject.GetDistinguishedNameOrName(), result.ToString());
return(result);
}
protected bool IsOverridingAllowCapabilityFound(ADRawEntry adObject)
{
CapabilityIdentifierEvaluator capabilityIdentifierEvaluator = this.OverridingAllowCapabilityEvaluators.FirstOrDefault((CapabilityIdentifierEvaluator x) => x.Evaluate(adObject) == CapabilityEvaluationResult.Yes);
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "ValidationRule.IsOverridingAllowCapabilityFound({0}). OverridingAllowCapability: {1}.", adObject.GetDistinguishedNameOrName(), (capabilityIdentifierEvaluator != null) ? capabilityIdentifierEvaluator.Capability.ToString() : "<NULL>");
return(capabilityIdentifierEvaluator != null);
}
protected override bool InternalTryValidate(ADRawEntry adObject, out RuleValidationException validationException)
{
validationException = null;
CapabilityIdentifierEvaluator capabilityIdentifierEvaluator = base.RestrictedCapabilityEvaluators.FirstOrDefault((CapabilityIdentifierEvaluator x) => CapabilityEvaluationResult.Yes == x.Evaluate(adObject));
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "ExpressionFilterValidationRule.InternalTryValidate({0}). CurlpritCapability {1}.", adObject.GetDistinguishedNameOrName(), (capabilityIdentifierEvaluator != null) ? capabilityIdentifierEvaluator.Capability.ToString() : "<NULL>");
if (capabilityIdentifierEvaluator == null)
{
return(true);
}
foreach (ValidationRuleExpression validationRuleExpression in base.RuleDefinition.Expressions)
{
if (validationRuleExpression.ApplicableObjects != null && validationRuleExpression.ApplicableObjects.Count > 0)
{
Type right = validationRuleExpression.ApplicableObjects.FirstOrDefault((Type x) => x.IsAssignableFrom(adObject.GetType()));
if (null == right)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, Type, string>((long)this.GetHashCode(), "ExpressionFilterValidationRule.InternalTryValidate({0}). Object type '{1}' is not on the list of applicable types for expression {2}.", adObject.GetDistinguishedNameOrName(), adObject.GetType(), validationRuleExpression.QueryString);
continue;
}
}
bool flag = true;
foreach (PropertyDefinition propertyDefinition in validationRuleExpression.QueryFilter.FilterProperties())
{
if (!adObject.propertyBag.Contains((ProviderPropertyDefinition)propertyDefinition))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "ExpressionFilterValidationRule.InternalTryValidate({0}). Missing Property {1}.", adObject.GetDistinguishedNameOrName(), propertyDefinition.Name);
flag = false;
break;
}
}
if (flag && !OpathFilterEvaluator.FilterMatches(validationRuleExpression.QueryFilter, adObject) && !base.IsOverridingAllowCapabilityFound(adObject))
{
validationException = new RuleValidationException(base.GetValidationRuleErrorMessage(adObject, capabilityIdentifierEvaluator.Capability));
return(false);
}
}
return(true);
}
public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
{
if (adObject == null)
{
throw new ArgumentNullException("adObject");
}
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
if (!Datacenter.IsMultiTenancyEnabled())
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - not datacenter mode.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.NotApplicable);
}
ADRecipient adrecipient = adObject as ADRecipient;
ReducedRecipient reducedRecipient = adObject as ReducedRecipient;
if (adrecipient == null && reducedRecipient == null)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - adObject in not ADRecipient or ReducedRecipient.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.NotApplicable);
}
if ((adrecipient == null || !adrecipient.IsDirSyncEnabled) && (reducedRecipient == null || !reducedRecipient.IsDirSyncEnabled))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - recipient is not Dirsynced.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.No.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.No);
}
OrganizationId organizationId = (adrecipient != null) ? adrecipient.OrganizationId : reducedRecipient.OrganizationId;
if (organizationId == null || OrganizationId.ForestWideOrgId.Equals(organizationId))
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - recipient does not belong to tenant scope.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.NotApplicable);
}
ExchangeConfigurationUnit exchangeConfigurationUnit = this.GetExchangeConfigurationUnit(organizationId);
if (exchangeConfigurationUnit == null)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - recipient is not in tenant scope.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.NotApplicable);
}
CapabilityEvaluationResult capabilityEvaluationResult = exchangeConfigurationUnit.IsDirSyncEnabled ? CapabilityEvaluationResult.Yes : CapabilityEvaluationResult.No;
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
return(capabilityEvaluationResult);
}
public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
{
if (adObject == null)
{
throw new ArgumentNullException("adObject");
}
ExchangeVirtualDirectory exchangeVirtualDirectory = adObject as ExchangeVirtualDirectory;
if (exchangeVirtualDirectory == null)
{
ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "BEVDirLockdownCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'. Object isn't a ExchangeVirtualDirectory object.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
return(CapabilityEvaluationResult.NotApplicable);
}
if (exchangeVirtualDirectory.Name.Contains("Exchange Back End"))
{
return(CapabilityEvaluationResult.Yes);
}
return(CapabilityEvaluationResult.No);
}