private static void SaveArchiveSecurityDescriptor(ADUser mailbox, IConfigDataProvider writableAdSession, RawSecurityDescriptor rawSd, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError) { ADObjectId adobjectId = mailbox.ArchiveDatabase ?? mailbox.Database; MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(adobjectId), mailbox.ArchiveGuid); try { ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance(); DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(adobjectId.ObjectGuid); using (MapiMessageStoreSession mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, PermissionTaskHelper.CalcuteSystemAttendantMailboxLegacyDistingushName(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn))) { logVerbose(Strings.VerboseSaveStoreMailboxSecurityDescriptor(mailboxId.ToString(), mapiMessageStoreSession.ServerName)); mapiMessageStoreSession.ForceStoreToRefreshMailbox(mailboxId); } } catch (FormatException) { logError(new TaskInvalidOperationException(Strings.ErrorInvalidServerLegacyDistinguishName(mailbox.DistinguishedName.ToString())), ExchangeErrorCategory.ServerOperation, null); } catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException) { logVerbose(Strings.VerboseArchiveNotExistInStore(mailbox.Name)); PermissionTaskHelper.SaveAdSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError); } catch (LocalizedException exception) { logError(new SetArchivePermissionException(mailbox.Name, exception), ExchangeErrorCategory.ServerOperation, null); } }
internal static bool CheckFullAccessPermissions(ADUser executingAdUser, ADUser accessRequestedForADUser, IRecipientSession session) { ExTraceGlobals.TaskTracer.TraceDebug <string, string>(0L, "Checking if {0} has full access for mailbox {1}", executingAdUser.Alias, accessRequestedForADUser.Alias); ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance(); DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(accessRequestedForADUser.Database.ObjectGuid); RawSecurityDescriptor rawSecurityDescriptor = null; using (MapiMessageStoreSession mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, Server.GetSystemAttendantLegacyDN(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn))) { MailboxId mailboxId = new MailboxId(new DatabaseId(accessRequestedForADUser.Database.ObjectGuid), accessRequestedForADUser.ExchangeGuid); try { rawSecurityDescriptor = mapiMessageStoreSession.GetMailboxSecurityDescriptor(mailboxId); } catch (MailboxNotFoundException) { ExTraceGlobals.TaskTracer.TraceDebug <MailboxId>(0L, "Could not find mailbox {0} when attempting to read its security descriptor.", mailboxId); return(false); } } byte[] array = new byte[rawSecurityDescriptor.BinaryLength]; rawSecurityDescriptor.GetBinaryForm(array, 0); ActiveDirectorySecurity activeDirectorySecurity = new ActiveDirectorySecurity(); activeDirectorySecurity.SetSecurityDescriptorBinaryForm(array); int num = AuthzAuthorization.CheckGenericPermission(executingAdUser.Sid, rawSecurityDescriptor, AccessMask.CreateChild); return((num & 1) == 1); }
public static void SaveMailboxSecurityDescriptor(ADUser mailbox, ActiveDirectorySecurity adSecurity, IConfigDataProvider writableAdSession, ref MapiMessageStoreSession storeSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError) { if (writableAdSession == null) { throw new ArgumentException("writableAdSession"); } RawSecurityDescriptor rawSd = new RawSecurityDescriptor(adSecurity.GetSecurityDescriptorBinaryForm(), 0); PermissionTaskHelper.SaveAdSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError); string text = null; try { ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance(); DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(mailbox.Database.ObjectGuid); text = serverForDatabase.ServerFqdn; if (storeSession == null) { storeSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, PermissionTaskHelper.CalcuteSystemAttendantMailboxLegacyDistingushName(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn)); } else { storeSession.RedirectServer(serverForDatabase.ServerLegacyDN, Fqdn.Parse(serverForDatabase.ServerFqdn)); } MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(mailbox.Database), mailbox.ExchangeGuid); logVerbose(Strings.VerboseSaveStoreMailboxSecurityDescriptor(mailboxId.ToString(), storeSession.ServerName)); storeSession.Administration.PurgeCachedMailboxObject(mailboxId.MailboxGuid); } catch (DatabaseNotFoundException) { logVerbose(Strings.ErrorMailboxDatabaseNotFound(mailbox.Database.ToString())); } catch (MapiExceptionNetworkError) { logVerbose(Strings.ErrorFailedToConnectToStore((text != null) ? text : string.Empty)); } catch (FormatException) { logVerbose(Strings.ErrorInvalidServerLegacyDistinguishName(mailbox.DistinguishedName.ToString())); } catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException) { logVerbose(Strings.VerboseMailboxNotExistInStore(mailbox.DistinguishedName)); } if (mailbox.HasLocalArchive) { PermissionTaskHelper.SaveArchiveSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError); } }
public void Refresh(ADUser mailbox, IRecipientSession writableAdSession) { if (mailbox == null) { throw new ArgumentNullException("mailbox"); } if (writableAdSession == null) { throw new ArgumentNullException("writableAdSession"); } MapiMessageStoreSession mapiMessageStoreSession = null; try { ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance(); DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(mailbox.Database.ObjectGuid); mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, TeamMailboxSecurityRefresher.CalculateSystemAttendantMailboxLegacyDistingushName(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn)); MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(mailbox.Database), mailbox.ExchangeGuid); try { mapiMessageStoreSession.Administration.PurgeCachedMailboxObject(mailboxId.MailboxGuid); } catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException ex) { throw new ObjectNotFoundException(new LocalizedString(ex.ToString())); } catch (DatabaseUnavailableException ex2) { throw new ObjectNotFoundException(new LocalizedString(ex2.ToString())); } } finally { if (mapiMessageStoreSession != null) { mapiMessageStoreSession.Dispose(); } } }
internal void RefreshStoreCache() { this.AddVerboseLog("Start: RefreshStoreCache"); bool flag = this.groupMailbox.WhenMailboxCreated == null || this.groupMailbox.WhenMailboxCreated.Value.AddMinutes(15.0).ToUniversalTime() > DateTime.UtcNow; if (flag) { return; } string text = null; try { ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance(); DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(this.groupMailbox.Database.ObjectGuid); text = serverForDatabase.ServerFqdn; using (MapiMessageStoreSession mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, serverForDatabase.ServerLegacyDN + "/cn=Microsoft System Attendant", Fqdn.Parse(serverForDatabase.ServerFqdn))) { MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(this.groupMailbox.Database), this.groupMailbox.ExchangeGuid); this.AddVerboseLog(Strings.VerboseSaveStoreMailboxSecurityDescriptor(mailboxId.ToString(), mapiMessageStoreSession.ServerName)); mapiMessageStoreSession.Administration.PurgeCachedMailboxObject(mailboxId.MailboxGuid); } } catch (DatabaseNotFoundException) { this.AddVerboseLog(Strings.ErrorMailboxDatabaseNotFound(this.groupMailbox.Database.ToString())); } catch (MapiExceptionNetworkError) { this.AddVerboseLog(Strings.ErrorFailedToConnectToStore((text != null) ? text : string.Empty)); } catch (MailboxNotFoundException) { this.AddVerboseLog(Strings.VerboseMailboxNotExistInStore(this.groupMailbox.DistinguishedName)); } this.AddVerboseLog("End: RefreshStoreCache"); }
public static void SetMailboxAces(ADUser mailbox, IConfigDataProvider writableAdSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.TaskWarningLoggingDelegate logWarning, Task.ErrorLoggerDelegate logError, IConfigurationSession adSession, ref MapiMessageStoreSession storeSession, bool remove, params ActiveDirectoryAccessRule[] aces) { ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadMailboxSecurityDescriptor(mailbox, adSession, logVerbose, logError); if (activeDirectorySecurity != null) { DirectoryCommon.ApplyAcesOnAcl(logVerbose, logWarning, null, mailbox.DistinguishedName, activeDirectorySecurity, remove, aces); PermissionTaskHelper.SaveMailboxSecurityDescriptor(mailbox, activeDirectorySecurity, writableAdSession, ref storeSession, logVerbose, logError); } }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(new object[] { this.DataObject }); bool flag = false; if (false == this.Force && this.Arbitration) { TIdentity identity = this.Identity; if (!base.ShouldContinue(Strings.SetArbitrationMailboxConfirmationMessage(identity.ToString()))) { TaskLogger.LogExit(); return; } } if (false == this.Force && this.originalForwardingAddress == null && this.DataObject.ForwardingAddress != null && this.DataObject.ForwardingSmtpAddress != null) { LocalizedString message = (this.originalForwardingSmtpAddress != null) ? Strings.SetMailboxForwardingAddressConfirmationMessage : Strings.SetBothForwardingAddressConfirmationMessage; if (!base.ShouldContinue(message)) { TaskLogger.LogExit(); return; } } if (this.DataObject.IsModified(MailboxSchema.ForwardingSmtpAddress) && this.DataObject.ForwardingSmtpAddress != null && this.DataObject.ForwardingAddress != null && !base.Fields.IsModified(MailboxSchema.ForwardingAddress)) { this.WriteWarning(Strings.ContactAdminForForwardingWarning); } if (false == this.Force && this.DataObject.IsModified(ADRecipientSchema.AuditLogAgeLimit)) { EnhancedTimeSpan t; if (this.DataObject.MailboxAuditLogAgeLimit == EnhancedTimeSpan.Zero) { TIdentity identity2 = this.Identity; if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitZero(identity2.ToString()))) { TaskLogger.LogExit(); return; } } else if (this.DataObject.TryGetOriginalValue<EnhancedTimeSpan>(ADRecipientSchema.AuditLogAgeLimit, out t)) { EnhancedTimeSpan mailboxAuditLogAgeLimit = this.DataObject.MailboxAuditLogAgeLimit; if (t > mailboxAuditLogAgeLimit) { TIdentity identity3 = this.Identity; if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitSmaller(identity3.ToString(), mailboxAuditLogAgeLimit.ToString()))) { TaskLogger.LogExit(); return; } } } } bool flag2 = false; bool flag3 = false; MapiMessageStoreSession mapiMessageStoreSession = null; try { if (this.needChangeMailboxSubtype) { if (this.originalRecipientTypeDetails == RecipientTypeDetails.UserMailbox) { MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose)); flag2 = true; flag3 = true; } else if (this.targetRecipientTypeDetails == RecipientTypeDetails.UserMailbox) { MailboxTaskHelper.ClearExternalAssociatedAccountPermission(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose)); flag = true; flag3 = true; } } else if (this.DataObject.IsChanged(ADRecipientSchema.MasterAccountSid)) { MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose)); flag2 = true; flag3 = true; } base.InternalProcessRecord(); if (flag3) { PermissionTaskHelper.SaveMailboxSecurityDescriptor(this.DataObject, SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(this.DataObject.ExchangeSecurityDescriptor), (IRecipientSession)base.DataSession, ref mapiMessageStoreSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError)); } } finally { if (mapiMessageStoreSession != null) { mapiMessageStoreSession.Dispose(); } } if (flag2) { base.WriteVerbose(Strings.VerboseSaveADSecurityDescriptor(this.DataObject.Id.ToString())); this.DataObject.SaveSecurityDescriptor(((SecurityDescriptor)this.DataObject[ADObjectSchema.NTSecurityDescriptor]).ToRawSecurityDescriptor()); } bool flag4 = base.Fields.IsModified(ADUserSchema.SharingPolicy); if (this.RemoveManagedFolderAndPolicy || flag || flag4) { ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopes(base.RootOrgContainerId, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, false); IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(base.DomainController, true, ConsistencyMode.IgnoreInvalid, sessionSettings, 4021, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs"); if (!tenantOrRootOrgRecipientSession.IsReadConnectionAvailable()) { tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 4030, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs"); } MailboxSession mailboxSession = this.OpenMailboxSession(tenantOrRootOrgRecipientSession, this.DataObject); if (mailboxSession == null) { base.WriteError(new RecipientTaskException(Strings.LogonFailure), ExchangeErrorCategory.ServerOperation, null); return; } using (mailboxSession) { if (this.RemoveManagedFolderAndPolicy && !ElcMailboxHelper.RemoveElcInMailbox(mailboxSession)) { this.WriteWarning(Strings.WarningNonemptyManagedFolderNotDeleted); } if (flag) { using (CalendarConfigurationDataProvider calendarConfigurationDataProvider = new CalendarConfigurationDataProvider(mailboxSession)) { CalendarConfiguration calendarConfiguration = (CalendarConfiguration)calendarConfigurationDataProvider.Read<CalendarConfiguration>(null); calendarConfiguration.AutomateProcessing = CalendarProcessingFlags.None; try { calendarConfigurationDataProvider.Save(calendarConfiguration); } catch (LocalizedException exception) { base.WriteError(exception, ExchangeErrorCategory.ServerOperation, null); } } } if (flag4) { mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedId); mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedHash); mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedTime); mailboxSession.Mailbox.Save(); } } } if (base.IsSetRandomPassword) { MailboxTaskHelper.SetMailboxPassword((IRecipientSession)base.DataSession, this.DataObject, null, new Task.ErrorLoggerDelegate(base.WriteError)); } TaskLogger.LogExit(); }