private bool PreMembershipUpdate() { this.recipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(false, ConsistencyMode.IgnoreInvalid, this.mailboxSession.GetADSessionSettings(), 106, "PreMembershipUpdate", "f:\\15.00.1497\\sources\\dev\\UnifiedGroups\\src\\UnifiedGroups\\GroupMailboxAccessLayer\\Commands\\GroupMailboxMembershipUpdater.cs"); this.groupObject = this.recipientSession.FindADUserByObjectId(this.mailboxSession.MailboxOwner.ObjectId); if (this.groupObject == null) { GroupMailboxMembershipUpdater.Tracer.TraceError <string>((long)this.GetHashCode(), "PreMembershipUpdate: Unable to locate the AD object for the group mailbox {0} successfully", this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); return(false); } if (this.groupObject.RecipientTypeDetails != RecipientTypeDetails.GroupMailbox) { GroupMailboxMembershipUpdater.Tracer.TraceError <string>((long)this.GetHashCode(), "PreMembershipUpdate: The mailbox {0} is not of type group mailbox", this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); return(false); } GroupMailboxMembershipUpdater.Tracer.TraceDebug <string>((long)this.GetHashCode(), "PreMembershipUpdate: Located the AD object of the group mailbox {0} successfully", this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); this.previousExternalMemberUser = new ExternalUser(this.mailboxSession.DisplayName, this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString(), SmtpAddress.Parse(this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()), GroupMailboxMembershipUpdater.EarlierGroupMailboxMemberAccessSecurityIdentifier); this.currentExternalMemberUser = ExternalUser.CreateExternalUserForGroupMailbox(this.mailboxSession.DisplayName, "Member@local", this.mailboxSession.MailboxGuid, SecurityIdentity.GroupMailboxMemberType.Member); this.currentExternalOwnerUser = ExternalUser.CreateExternalUserForGroupMailbox(this.mailboxSession.DisplayName, "Owner@local", this.mailboxSession.MailboxGuid, SecurityIdentity.GroupMailboxMemberType.Owner); using (ExternalUserCollection externalUsers = this.mailboxSession.GetExternalUsers()) { if (!this.AddToExternalUserCollection(externalUsers, this.previousExternalMemberUser) || !this.AddToExternalUserCollection(externalUsers, this.currentExternalMemberUser) || !this.AddToExternalUserCollection(externalUsers, this.currentExternalOwnerUser)) { GroupMailboxMembershipUpdater.Tracer.TraceError <string>((long)this.GetHashCode(), "PreMembershipUpdate: Unable to update external user collection to the group mailbox {0} successfully", this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); return(false); } GroupMailboxMembershipUpdater.Tracer.TraceDebug <string>((long)this.GetHashCode(), "PreMembershipUpdate: Updated external user collection of the group mailbox {0} successfully", this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); } return(true); }
private static string GetExternalIdentity(ExternalClientContext externalClientContext, MailboxSession session) { FreeBusyPermission.SecurityTracer.TraceDebug <object, ExternalClientContext, IExchangePrincipal>(0L, "{0}: searching for external identity for caller {1} in mailbox {2}", TraceContext.Get(), externalClientContext, session.MailboxOwner); Stopwatch stopwatch = Stopwatch.StartNew(); try { PersonalClientContext personalClientContext = externalClientContext as PersonalClientContext; if (personalClientContext != null) { using (ExternalUserCollection externalUsers = session.GetExternalUsers()) { ExternalUser externalUser = externalUsers.FindExternalUser(personalClientContext.ExternalId.ToString()); if (externalUser != null) { string text = externalUser.Sid.ToString(); FreeBusyPermission.SecurityTracer.TraceDebug <object, string>(0L, "{0}: found personal client context from external identity: {1}", TraceContext.Get(), text); return(text); } } } } finally { stopwatch.Stop(); PerformanceCounters.AverageExternalAuthenticationIdentityMappingTime.IncrementBy(stopwatch.ElapsedTicks); PerformanceCounters.AverageExternalAuthenticationIdentityMappingTimeBase.Increment(); } return(null); }
private bool RemoveFromExternalUserCollection(ExternalUserCollection externalUserCollection, ExternalUser externalUser) { if (externalUserCollection.Contains(externalUser)) { externalUserCollection.Remove(externalUser); } externalUserCollection.Save(); if (externalUserCollection.Contains(externalUser)) { GroupMailboxMembershipUpdater.Tracer.TraceError <ExternalUser, string>((long)this.GetHashCode(), "Unable to remove external user {0} from the group mailbox {1}", externalUser, this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); return(false); } return(true); }
internal static ExternalIdentityToken GetExternalIdentityToken(MailboxSession session, SmtpAddress externalId) { if (session != null && session.Capabilities.CanHaveExternalUsers) { using (ExternalUserCollection externalUsers = session.GetExternalUsers()) { ExternalUser externalUser = externalUsers.FindExternalUser(externalId.ToString()); if (externalUser != null) { return(new ExternalIdentityToken(externalUser.Sid)); } ExternalIdentityToken.Tracer.TraceError <SmtpAddress, IExchangePrincipal>(0L, "{0}: Unable to find the requester in the external user collection in mailbox {1}.", externalId, session.MailboxOwner); } } return(null); }
private void PostMembershipUpdate() { ArgumentValidator.ThrowIfNull("previousExternalMemberUser", this.previousExternalMemberUser); using (ExternalUserCollection externalUsers = this.mailboxSession.GetExternalUsers()) { if (!this.RemoveFromExternalUserCollection(externalUsers, this.previousExternalMemberUser)) { GroupMailboxMembershipUpdater.Tracer.TraceError <string>((long)this.GetHashCode(), "PostMembershipUpdate: Unable to update external user collection of the group mailbox {0} successfully", this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); } else { GroupMailboxMembershipUpdater.Tracer.TraceDebug <string>((long)this.GetHashCode(), "PostMembershipUpdate: Updated external user collection of the group mailbox {0} successfully", this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); } } this.mailboxSession.Mailbox[MailboxSchema.GroupMailboxPermissionsVersion] = GroupMailboxPermissionHandler.GroupMailboxPermissionVersion; this.mailboxSession.Mailbox.Save(); this.mailboxSession.Mailbox.Load(); }
internal void EnsureExternalUser(MailboxSession mailboxSession) { if (this.UserType != MailboxFolderUserId.MailboxFolderUserType.External) { throw new InvalidOperationException("Only support External user type."); } if (this.externalUser != null) { return; } using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers()) { ExternalUser externalUser = externalUsers.FindExternalUser(this.smtpAddress); if (externalUser == null) { throw new InvalidExternalUserIdException(this.smtpAddress.ToString()); } this.externalUser = externalUser; } }
// Token: 0x06000E4E RID: 3662 RVA: 0x00056098 File Offset: 0x00054298 private static bool HasExternalUser(ExternalUserCollection externalUserCollection, RawSecurityDescriptor securityDescriptor) { if (securityDescriptor.DiscretionaryAcl != null) { foreach (GenericAce genericAce in securityDescriptor.DiscretionaryAcl) { if (genericAce.AceType == AceType.AccessAllowed || genericAce.AceType == AceType.AccessDenied) { CommonAce commonAce = genericAce as CommonAce; if (commonAce != null) { ExternalUser externalUser = externalUserCollection.FindExternalUser(commonAce.SecurityIdentifier); if (externalUser != null) { return(true); } } } } } return(false); }
private void SetFolderPermissions() { ExternalUser externalUser = ExternalUser.CreateExternalUserForGroupMailbox(this.MailboxPrincipal.MailboxInfo.DisplayName, "Member@local", this.MailboxPrincipal.MailboxInfo.MailboxGuid, SecurityIdentity.GroupMailboxMemberType.Member); ExternalUser externalUser2 = ExternalUser.CreateExternalUserForGroupMailbox(this.MailboxPrincipal.MailboxInfo.DisplayName, "Owner@local", this.MailboxPrincipal.MailboxInfo.MailboxGuid, SecurityIdentity.GroupMailboxMemberType.Owner); using (ExternalUserCollection externalUsers = this.mailboxSession.GetExternalUsers()) { if (!externalUsers.Contains(externalUser)) { externalUsers.Add(externalUser); } if (!externalUsers.Contains(externalUser2)) { externalUsers.Add(externalUser2); } externalUsers.Save(); if (!externalUsers.Contains(externalUser)) { throw new GroupMailboxFailedToAddExternalUserException(Strings.ErrorUnableToAddExternalUser(externalUser.Name)); } if (!externalUsers.Contains(externalUser2)) { throw new GroupMailboxFailedToAddExternalUserException(Strings.ErrorUnableToAddExternalUser(externalUser2.Name)); } this.TraceDebug("Added external member user {0} to external user collection", new object[] { externalUser.Name }); this.TraceDebug("Added external owner user {0} to external user collection", new object[] { externalUser2.Name }); } PermissionSecurityPrincipal userSecurityPrincipal = new PermissionSecurityPrincipal(externalUser); PermissionSecurityPrincipal userSecurityPrincipal2 = new PermissionSecurityPrincipal(externalUser2); int num = 0; List <PermissionEntry> list = new List <PermissionEntry>(3); var array = new < > f__AnonymousType0 <DefaultFolderType, MemberRights, MemberRights>[] { new { Folder = DefaultFolderType.MailboxAssociation, OwnerPermission = GroupMailboxPermissionHandler.MailboxAssociationPermission, MemberPermission = GroupMailboxPermissionHandler.MailboxAssociationPermission }, new { Folder = DefaultFolderType.SearchFolders, OwnerPermission = (GroupMailboxPermissionHandler.SearchFolderPermission | GroupMailboxPermissionHandler.OwnerSpecificPermission), MemberPermission = GroupMailboxPermissionHandler.SearchFolderPermission }, new { Folder = DefaultFolderType.Calendar, OwnerPermission = GroupMailboxPermissionHandler.CalendarFolderPermission, MemberPermission = GroupMailboxPermissionHandler.CalendarFolderPermission } }; list.Add(new PermissionEntry(userSecurityPrincipal2, GroupMailboxPermissionHandler.ConfigurationFolderPermission)); int num2; GroupMailboxPermissionHandler.AssignMemberRight(this.mailboxSession, list, DefaultFolderType.Configuration, out num2); num += num2; var array2 = array; for (int i = 0; i < array2.Length; i++) { var <> f__AnonymousType = array2[i]; list.Clear(); list.Add(new PermissionEntry(userSecurityPrincipal2, <> f__AnonymousType.OwnerPermission)); list.Add(new PermissionEntry(userSecurityPrincipal, <> f__AnonymousType.MemberPermission)); if (!GroupMailboxPermissionHandler.AssignMemberRight(this.mailboxSession, list, <> f__AnonymousType.Folder, out num2)) { throw new GroupMailboxFailedToConfigureMailboxException(Strings.ErrorUnableToConfigureMailbox(< > f__AnonymousType.Folder.ToString(), this.MailboxPrincipal.MailboxInfo.DisplayName)); } num += num2; } this.report.FoldersPrivilegedCount = num; this.mailboxSession.Mailbox[MailboxSchema.GroupMailboxPermissionsVersion] = GroupMailboxPermissionHandler.GroupMailboxPermissionVersion; this.mailboxSession.Mailbox.Save(); this.mailboxSession.Mailbox.Load(); }