private bool HasOrganizationRelationship(OrganizationId organizationId)
{
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId);
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(this.callerExternalIdentity.EmailAddress.Domain);
return(organizationRelationship != null && organizationRelationship.Enabled && organizationRelationship.DomainNames.Contains(new SmtpDomain(this.callerExternalIdentity.EmailAddress.Domain)));
}
// Token: 0x060003AC RID: 940 RVA: 0x00016E68 File Offset: 0x00015068
private ICollection <OrganizationRelationshipSettings> GetOrganizationRelationships(OrganizationIdCacheValue organizationIdCacheValue, List <SmtpAddress> addressList)
{
Dictionary <string, OrganizationRelationshipSettings> dictionary = new Dictionary <string, OrganizationRelationshipSettings>();
foreach (SmtpAddress smtpAddress in addressList)
{
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(smtpAddress.Domain);
if (organizationRelationship == null)
{
ExTraceGlobals.FrameworkTracer.TraceDebug <string>(0L, "GetOrganizationRelationshipSettingsRequestMessage.GetOrganizationRelationships() domain: {0} does not match any organization relationship.", smtpAddress.Domain);
}
else if (!organizationRelationship.Enabled)
{
ExTraceGlobals.FrameworkTracer.TraceDebug <string, OrganizationId>(0L, "GetOrganizationRelationshipSettingsRequestMessage.GetOrganizationRelationships() organization relationship for domain: {0} with id {1} is disabled.", smtpAddress.Domain, organizationIdCacheValue.OrganizationId);
}
else if (!dictionary.ContainsKey(organizationRelationship.DistinguishedName))
{
dictionary.Add(organizationRelationship.DistinguishedName, new OrganizationRelationshipSettings(organizationRelationship));
}
}
if (dictionary.Count == 0)
{
return(null);
}
return(dictionary.Values);
}
public IEnumerable <OrganizationRelationship> GetOrganizationRelationship()
{
IEnumerable <OrganizationRelationship> result;
try
{
object[] array = this.monadProvider.ExecuteCommand("Get-OrganizationRelationship");
if (array != null && array.Length > 0)
{
OrganizationRelationship[] array2 = new OrganizationRelationship[array.Length];
for (int i = 0; i < array.Length; i++)
{
array2[i] = (OrganizationRelationship)array[i];
}
result = array2;
}
else
{
result = null;
}
}
catch
{
result = null;
}
return(result);
}
private static TokenTarget FromOrganizationRelationship(string domain, OrganizationId organizationId)
{
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId);
TargetUriResolver.Tracer.TraceDebug <string, OrganizationId>(0L, "Searching for OrganizationRelationship that matches domain {0} in organization {1}", domain, organizationId);
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(domain);
if (organizationRelationship == null)
{
TargetUriResolver.Tracer.TraceError <string, OrganizationId>(0L, "Found no OrganizationRelationship that matches domain {0} in organization {1}", domain, organizationId);
return(null);
}
if (organizationRelationship.TargetApplicationUri == null)
{
TargetUriResolver.Tracer.TraceError <string, OrganizationId, ADObjectId>(0L, "Found OrganizationRelationship that matches domain {0} in organization {1}, but it has not TargetApplicationUri. OrganizationRelationship is {2}", domain, organizationId, organizationRelationship.Id);
return(null);
}
TokenTarget tokenTarget = organizationRelationship.GetTokenTarget();
TargetUriResolver.Tracer.TraceDebug(0L, "Found OrganizationRelationship that matches domain {0} in organization {1}. Target is '{2}'. OrganizationRelationship is {3}", new object[]
{
domain,
organizationId,
tokenTarget,
organizationRelationship.Id
});
return(tokenTarget);
}
protected ADObjectId ResolveMailboxDatabase(ADRawEntry activeDirectoryRawEntry)
{
if (activeDirectoryRawEntry == null)
{
throw new ArgumentNullException("activeDirectoryRawEntry");
}
SmtpProxyAddress smtpProxyAddress = (SmtpProxyAddress)activeDirectoryRawEntry[ADRecipientSchema.ExternalEmailAddress];
if (smtpProxyAddress != null)
{
OrganizationId key = (OrganizationId)activeDirectoryRawEntry[ADObjectSchema.OrganizationId];
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(key);
if (!((SmtpAddress)smtpProxyAddress).IsValidAddress)
{
ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[OwaProxyRequestHandler::ResolveMailboxDatabase]: ExternalEmailAddress configured is invalid.");
}
else
{
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(((SmtpAddress)smtpProxyAddress).Domain);
if (organizationRelationship != null && organizationRelationship.TargetOwaURL != null)
{
string absoluteUri = organizationRelationship.TargetOwaURL.AbsoluteUri;
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "[OwaProxyRequestHandler::ResolveMailboxDatabase]: Stop processing and redirect to {0}.", absoluteUri);
base.Logger.AppendGenericInfo("ExternalRedir", absoluteUri);
throw new ServerSideTransferException(absoluteUri, LegacyRedirectTypeOptions.Manual);
}
ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[OwaProxyRequestHandler::ResolveMailboxDatabase]: Unable to find OrganizationRelationShip or its TargetOwaUrl is not configured.");
base.Logger.AppendGenericInfo("ExternalRedir", "Org-Relationship or targetOwaUrl not found.");
}
}
return(null);
}
private static bool IsOrganizationHasOrganizationRelationshipWithDomain(OrganizationId organizationId, string domain)
{
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId);
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(domain);
return(organizationRelationship != null);
}
private bool TaskConfigure(ITaskContext taskContext)
{
IOrganizationConfig organizationConfig = taskContext.TenantSession.GetOrganizationConfig();
if (organizationConfig.IsDehydrated)
{
try
{
taskContext.TenantSession.EnableOrganizationCustomization();
}
catch
{
}
}
if (this.RequiresFederationTrust())
{
if (this.updateOnPremisesFedOrgId)
{
IFederatedOrganizationIdentifier federatedOrganizationIdentifier = base.OnPremisesSession.GetFederatedOrganizationIdentifier();
string text = (federatedOrganizationIdentifier != null && federatedOrganizationIdentifier.DelegationTrustLink != null) ? federatedOrganizationIdentifier.DelegationTrustLink.ToString() : Configuration.FederatedTrustIdentity;
taskContext.OnPremisesSession.SetFederationTrustRefreshMetadata(text);
SmtpDomain autoDiscoverHybridDomain = this.AutoDiscoverHybridDomain;
string defaultDomain = (autoDiscoverHybridDomain != null && autoDiscoverHybridDomain.Domain != null) ? autoDiscoverHybridDomain.Domain : null;
taskContext.OnPremisesSession.SetFederatedOrganizationIdentifier(this.accountNamespace, text, defaultDomain);
}
List <Uri> acceptedTokenIssuerUris = taskContext.Parameters.Get <List <Uri> >("_onPremAcceptedTokenIssuerUris");
if (!OrganizationRelationshipTask.VerifyAcceptedTokenIssuerUri(base.OnPremisesSession, acceptedTokenIssuerUris))
{
throw new LocalizedException(HybridStrings.ErrorOnPremUsingConsumerLiveID);
}
acceptedTokenIssuerUris = taskContext.Parameters.Get <List <Uri> >("_tenantAcceptedTokenIssuerUris");
if (!OrganizationRelationshipTask.VerifyAcceptedTokenIssuerUri(base.TenantSession, acceptedTokenIssuerUris))
{
throw new LocalizedException(HybridStrings.ErrorTenantUsingConsumerLiveID);
}
if (this.updateTenantFedOrgId)
{
base.TenantSession.SetFederatedOrganizationIdentifier(this.TenantCoexistenceDomain);
}
foreach (string domainName in this.addOnPremisesFedDomains)
{
taskContext.OnPremisesSession.AddFederatedDomain(domainName);
}
}
OrganizationRelationship value = OrganizationRelationshipTask.ProvisionOrganizationRelationship(base.OnPremisesSession, taskContext.Parameters.Get <OrganizationRelationship>("_onPremOrgRel"), this.OnpremisesFederationInfo, new SmtpDomain[]
{
new SmtpDomain(this.TenantCoexistenceDomain)
}, TaskCommon.GetOnPremOrgRelationshipName(this.OnPremOrgConfig));
taskContext.Parameters.Set <OrganizationRelationship>("_onPremOrgRel", value);
value = OrganizationRelationshipTask.ProvisionOrganizationRelationship(base.TenantSession, taskContext.Parameters.Get <OrganizationRelationship>("_tenantOrgRel"), this.TenantFederationInfo, this.HybridDomains, TaskCommon.GetTenantOrgRelationshipName(this.OnPremOrgConfig));
taskContext.Parameters.Set <OrganizationRelationship>("_tenantOrgRel", value);
return(true);
}
public override bool NeedsConfiguration(ITaskContext taskContext)
{
bool flag = base.NeedsConfiguration(taskContext);
OrganizationRelationship existingOrgRel = taskContext.Parameters.Get <OrganizationRelationship>("_onPremOrgRel");
OrganizationRelationship existingOrgRel2 = taskContext.Parameters.Get <OrganizationRelationship>("_tenantOrgRel");
return(flag || this.NeedProvisionOrganizationRelationship(base.OnPremisesSession, existingOrgRel, this.OnpremisesFederationInfo, new SmtpDomain[]
{
new SmtpDomain(this.TenantCoexistenceDomain)
}, TaskCommon.GetOnPremOrgRelationshipName(this.OnPremOrgConfig)) || this.NeedProvisionOrganizationRelationship(base.TenantSession, existingOrgRel2, this.TenantFederationInfo, this.HybridDomains, TaskCommon.GetTenantOrgRelationshipName(this.OnPremOrgConfig)) || (this.RequiresFederationTrust() && (this.updateOnPremisesFedOrgId || this.updateTenantFedOrgId || this.addOnPremisesFedDomains.Count > 0)));
}
public OrganizationRelationship GetOrganizationRelationship(OrganizationId organizationId, string domain)
{
OrganizationRelationship relationship = null;
this.DoAdCallAndTranslateExceptions(delegate
{
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId);
relationship = organizationIdCacheValue.GetOrganizationRelationship(domain);
}, "DirectoryAccessor:GetOrganizationRelationship");
return(relationship);
}
// Token: 0x0600021F RID: 543 RVA: 0x0000CAE0 File Offset: 0x0000ACE0
public static bool TryGetEasServerFromConfig(ADRecipient user, string userAgent, out string easServerName)
{
OrganizationRelationship organizationRelationship = null;
easServerName = null;
if (user == null)
{
ExTraceGlobals.FrameworkTracer.TraceError(0L, "[MobileRedirectOptimization] User object is null. Proceeding with <Redirect>.");
return(false);
}
ExTraceGlobals.FrameworkTracer.TraceDebug <string, string>(0L, "[MobileRedirectOptimization] Attempting to retrieve EAS settings with OrganizationRelationship for user {0}, user agent {1}.", MobileRedirectOptimization.SafeGetEmailAddressStringFromADUser(user), userAgent ?? string.Empty);
string text = FaultInjection.TraceTest <string>((FaultInjection.LIDs) 3866504509U);
if (text == null)
{
if (MobileRedirectOptimization.settings.Member.Enabled)
{
if (MobileRedirectOptimization.settings.Member.UserAgentEnabled(userAgent))
{
organizationRelationship = MobileRedirectOptimization.GetOrganizationRelationship(user, null);
}
else
{
ExTraceGlobals.FrameworkTracer.TraceDebug <string>(0L, "[MobileRedirectOptimization] Redirect bypass is disabled for user agent {0}. Proceeding with <Redirect>.", userAgent ?? string.Empty);
}
}
else
{
ExTraceGlobals.FrameworkTracer.TraceDebug(0L, "[MobileRedirectOptimization] Redirect bypass is disabled globally. Proceeding with <Redirect>.");
}
}
else
{
organizationRelationship = MobileRedirectOptimization.GetOrganizationRelationship(user, text);
}
if (organizationRelationship != null)
{
if (organizationRelationship.Enabled)
{
easServerName = MobileRedirectOptimization.GetEasServerFromOrgRelationship(user, organizationRelationship);
}
else
{
ExTraceGlobals.FrameworkTracer.TraceDebug <string>(0L, "[MobileRedirectOptimization] OrganizationRelationship is disabled for user {0}. Proceeding with <Redirect>.", MobileRedirectOptimization.SafeGetEmailAddressStringFromADUser(user));
}
}
else
{
ExTraceGlobals.FrameworkTracer.TraceError <string>(0L, "[MobileRedirectOptimization] OrganizationRelationship retrieval failed for user {0}. Proceeding with <Redirect>.", MobileRedirectOptimization.SafeGetEmailAddressStringFromADUser(user));
}
return(easServerName != null);
}
protected virtual bool TryGetAutodiscoveryEndpoint(IGenericADUser user, string domain, out TokenTarget tokenTarget, out Uri autodiscoveryEndpoint)
{
tokenTarget = null;
autodiscoveryEndpoint = null;
OrganizationRelationship organizationRelationship = this.directoryAccessor.GetOrganizationRelationship(user.OrganizationId ?? OrganizationId.ForestWideOrgId, domain);
if (this.CheckOrgRelationshipFromRemoteConnection(organizationRelationship, user, domain))
{
tokenTarget = organizationRelationship.GetTokenTarget();
autodiscoveryEndpoint = organizationRelationship.TargetAutodiscoverEpr;
return(true);
}
return(false);
}
// Token: 0x06000302 RID: 770 RVA: 0x000100E8 File Offset: 0x0000E2E8
private string GetRedirectAddressForUserHasNoMailbox(ActiveSyncMiniRecipient activesyncMiniRecipient)
{
string easEndpoint = null;
if (!VariantConfiguration.InvariantNoFlightingSnapshot.ActiveSync.RedirectForOnBoarding.Enabled)
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, this, "The hybrid on boarding redirect feature is only for OnPrem servers.");
return(null);
}
if (this.context.CommandType != CommandType.Options && this.context.AirSyncVersion < GlobalSettings.MinRedirectProtocolVersion)
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, this, "The protocol version is less than 14.0 that doesn't support 451 redirect protocol call.");
return(null);
}
AirSyncDiagnostics.FaultInjectionPoint(3414568253U, delegate
{
if (activesyncMiniRecipient != null && activesyncMiniRecipient.ExternalEmailAddress != null)
{
AirSyncDiagnostics.TraceDebug <string>(ExTraceGlobals.RequestsTracer, this, "Try to figure out eas endpoint for user: {0}.", activesyncMiniRecipient.ExternalEmailAddress.AddressString);
this.context.ProtocolLogger.SetValue(ProtocolLoggerData.RedirectTo, "TryToFigureOutEasEndpoint");
SmtpProxyAddress smtpProxyAddress = activesyncMiniRecipient.ExternalEmailAddress as SmtpProxyAddress;
if (smtpProxyAddress != null && !string.IsNullOrEmpty(smtpProxyAddress.AddressString))
{
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(activesyncMiniRecipient.OrganizationId);
string domain = ((SmtpAddress)smtpProxyAddress).Domain;
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(domain);
if (organizationRelationship != null)
{
Uri targetOwaURL = organizationRelationship.TargetOwaURL;
easEndpoint = this.TransferTargetOwaUrlToEasEndpoint(targetOwaURL);
AirSyncDiagnostics.TraceDebug <string>(ExTraceGlobals.RequestsTracer, this, "Redirect to EASEndpoint : {0}.", easEndpoint);
this.context.ProtocolLogger.AppendValue(ProtocolLoggerData.RedirectTo, easEndpoint);
return;
}
AirSyncDiagnostics.TraceDebug <string>(ExTraceGlobals.RequestsTracer, this, "OrganizationRelationShip is null for the domain {0}", domain);
return;
}
else
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, this, "External email address is null");
}
}
}, delegate
{
Uri targetOwaUri = new Uri("http://outlook.com/owa");
easEndpoint = this.TransferTargetOwaUrlToEasEndpoint(targetOwaUri);
});
return(easEndpoint);
}
public static void GetObjectPostAction(DataRow inputRow, DataTable dataTable, DataObjectStore store)
{
OrganizationRelationship organizationRelationship = store.GetDataObject("OrganizationRelationship") as OrganizationRelationship;
if (organizationRelationship != null && dataTable.Rows.Count == 1)
{
DataRow dataRow = dataTable.Rows[0];
if (organizationRelationship.FreeBusyAccessLevel == FreeBusyAccessLevel.None)
{
dataRow["FreeBusyAccessEnabled"] = false;
dataRow["FreeBusyAccessLevel"] = FreeBusyAccessLevel.AvailabilityOnly;
}
dataRow["DomainNames"] = OrganizationRelationshipAssistor.ToStringMVP(organizationRelationship.DomainNames);
dataRow["FormattedDomainNames"] = DDIHelper.JoinList <SmtpDomain>(organizationRelationship.DomainNames, (SmtpDomain domain) => domain.Domain);
}
}
private void UpgradeFopeConnectors(ITaskContext taskContext)
{
MultiValuedProperty <SmtpDomain> multiValuedProperty = new MultiValuedProperty <SmtpDomain>();
foreach (SmtpDomain item in base.TaskContext.HybridConfigurationObject.Domains)
{
multiValuedProperty.Add(item);
}
IOrganizationConfig organizationConfig = base.OnPremisesSession.GetOrganizationConfig();
List <string> domains = new List <string>();
OrganizationRelationship organizationRelationship = TaskCommon.GetOrganizationRelationship(base.OnPremisesSession, Configuration.OnPremGetOrgRel, domains);
OrganizationRelationship organizationRelationship2 = TaskCommon.GetOrganizationRelationship(base.TenantSession, Configuration.TenantGetOrgRel, domains);
if (organizationRelationship2 == null || organizationRelationship == null)
{
throw new LocalizedException(HybridStrings.InvalidOrganizationRelationship);
}
string onPremOrgRelationshipName = TaskCommon.GetOnPremOrgRelationshipName(organizationConfig);
string tenantOrgRelationshipName = TaskCommon.GetTenantOrgRelationshipName(organizationConfig);
SessionParameters sessionParameters = new SessionParameters();
SessionParameters sessionParameters2 = new SessionParameters();
sessionParameters.Set("Name", onPremOrgRelationshipName);
sessionParameters2.Set("Name", tenantOrgRelationshipName);
base.OnPremisesSession.SetOrganizationRelationship(organizationRelationship.Identity, sessionParameters);
base.TenantSession.SetOrganizationRelationship(organizationRelationship2.Identity, sessionParameters2);
organizationRelationship2 = TaskCommon.GetOrganizationRelationship(base.TenantSession, tenantOrgRelationshipName, domains);
if (organizationRelationship2 == null)
{
throw new LocalizedException(HybridStrings.InvalidOrganizationRelationship);
}
IInboundConnector inboundConnector = base.TenantSession.GetInboundConnectors().FirstOrDefault((IInboundConnector x) => x.ConnectorSource == TenantConnectorSource.HybridWizard);
if (inboundConnector == null)
{
throw new LocalizedException(HybridStrings.ErrorNoInboundConnector);
}
base.TenantSession.RenameInboundConnector(inboundConnector, Configuration.InboundConnectorName(organizationConfig.Guid.ToString()));
IOutboundConnector outboundConnector = base.TenantSession.GetOutboundConnectors().FirstOrDefault((IOutboundConnector x) => x.ConnectorSource == TenantConnectorSource.HybridWizard);
if (outboundConnector == null)
{
throw new LocalizedException(HybridStrings.ErrorNoOutboundConnector);
}
base.TenantSession.RenameOutboundConnector(outboundConnector, Configuration.OutboundConnectorName(organizationConfig.Guid.ToString()));
base.TenantSession.NewOnPremisesOrganization(organizationConfig, multiValuedProperty, inboundConnector, outboundConnector, organizationRelationship2);
}
internal static OrganizationRelationship GetOrganizationRelationship(OrganizationId organizationId, string requesterDomain)
{
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get((organizationId == null) ? OrganizationId.ForestWideOrgId : organizationId);
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(requesterDomain);
if (organizationRelationship == null)
{
FreeBusyPermission.SecurityTracer.TraceDebug <object, string>(0L, "{0}: No organization relationship found for domain {1}", TraceContext.Get(), requesterDomain);
return(null);
}
if (!organizationRelationship.Enabled)
{
FreeBusyPermission.SecurityTracer.TraceDebug <object, string>(0L, "{0}: Organization relationship for domain {1} is disabled.", TraceContext.Get(), requesterDomain);
return(null);
}
return(organizationRelationship);
}
private static FreeBusyPermissionLevel GetMaximumFreeBusyPermissionLevel(OrganizationRelationship organizationRelationship)
{
switch (organizationRelationship.FreeBusyAccessLevel)
{
case FreeBusyAccessLevel.None:
return(FreeBusyPermissionLevel.None);
case FreeBusyAccessLevel.AvailabilityOnly:
return(FreeBusyPermissionLevel.Simple);
case FreeBusyAccessLevel.LimitedDetails:
return(FreeBusyPermissionLevel.Detail);
default:
return(FreeBusyPermissionLevel.None);
}
}
private bool CheckOrgRelationshipFromRemoteConnection(OrganizationRelationship orgRelationship, IGenericADUser user, string domain)
{
if (orgRelationship == null)
{
StorageGlobals.EventLogger.LogEvent(StorageEventLogConstants.Tuple_XtcOrgRelationshipMissing, domain, new object[]
{
domain,
user.LegacyDn
});
ExTraceGlobals.XtcTracer.TraceError <string, string>(0L, "Organization relationship for domain {0} is missing. Remote mailbox/archive access will be disabled for user {1}.", domain, user.LegacyDn);
return(false);
}
if (!orgRelationship.ArchiveAccessEnabled)
{
StorageGlobals.EventLogger.LogEvent(StorageEventLogConstants.Tuple_XtcOrgRelationshipArchiveDisabled, domain, new object[]
{
domain,
user.LegacyDn
});
ExTraceGlobals.XtcTracer.TraceError <string, string>(0L, "Archive access is disabled for organization relationship (domain name: {0}). Remote mailbox/archive access will be disabled for user {1}.", domain, user.LegacyDn);
return(false);
}
if (orgRelationship.TargetAutodiscoverEpr == null)
{
StorageGlobals.EventLogger.LogEvent(StorageEventLogConstants.Tuple_XtcInvalidOrgRelationshipTargetAutodiscoverEpr, domain, new object[]
{
domain,
user.LegacyDn
});
ExTraceGlobals.XtcTracer.TraceError <string, string>(0L, "Organization relationship for domain {0} doesn't have TargetAutodiscoverEpr set. Remote mailbox/archive access will be disabled for user {1}.", domain, user.LegacyDn);
return(false);
}
if (orgRelationship.TargetApplicationUri == null)
{
StorageGlobals.EventLogger.LogEvent(StorageEventLogConstants.Tuple_XtcInvalidOrgRelationshipTargetApplicationUri, domain, new object[]
{
domain,
user.LegacyDn
});
ExTraceGlobals.XtcTracer.TraceError <string, string>(0L, "Organization relationship for domain {0} doesn't have TargetApplicationUri set. Remote mailbox/archive access will be disabled for user {1}.", domain, user.LegacyDn);
return(false);
}
return(true);
}
private static FreeBusyPermissionLevel FromExternalClientWithOrganizationalRelationship(ExternalClientContext externalClientContext, MailboxSession mailboxSession, RawSecurityDescriptor securityDescriptor, FreeBusyQuery freeBusyQuery)
{
OrganizationRelationship organizationRelationship = FreeBusyPermission.GetOrganizationRelationship(mailboxSession.MailboxOwner.MailboxInfo.OrganizationId, externalClientContext.EmailAddress.Domain);
if (organizationRelationship == null)
{
FreeBusyPermission.SecurityTracer.TraceDebug <object, SmtpAddress, string>(0L, "{0}: No organization relationship for {1} with organization id {2}", TraceContext.Get(), externalClientContext.EmailAddress, (mailboxSession.MailboxOwner.MailboxInfo.OrganizationId == null) ? "<null>" : mailboxSession.MailboxOwner.MailboxInfo.OrganizationId.ToString());
return(FreeBusyPermissionLevel.None);
}
FreeBusyPermissionLevel freeBusyPermissionLevel = FreeBusyPermissionLevel.Detail;
if (organizationRelationship != null)
{
freeBusyPermissionLevel = FreeBusyPermission.GetMaximumFreeBusyPermissionLevel(organizationRelationship);
if (freeBusyPermissionLevel == FreeBusyPermissionLevel.None)
{
FreeBusyPermission.SecurityTracer.TraceDebug <object, ADObjectId>(0L, "{0}: OrganizationRelationship {1} restricts permission level to None.", TraceContext.Get(), organizationRelationship.Id);
return(FreeBusyPermissionLevel.None);
}
}
FreeBusyPermissionLevel freeBusyPermissionLevel2 = FreeBusyPermission.AccessCheck(securityDescriptor, ClientSecurityContext.FreeBusyPermissionDefaultClientSecurityContext);
if (freeBusyPermissionLevel2 == FreeBusyPermissionLevel.None)
{
return(FreeBusyPermissionLevel.None);
}
if (freeBusyPermissionLevel2 > freeBusyPermissionLevel)
{
FreeBusyPermission.SecurityTracer.TraceDebug(0L, "{0}: OrganizationRelationship {1} restricts permission level to {2}. Lowering permission from {3}.", new object[]
{
TraceContext.Get(),
organizationRelationship.Id,
freeBusyPermissionLevel,
freeBusyPermissionLevel2
});
freeBusyPermissionLevel2 = freeBusyPermissionLevel;
}
if (!FreeBusyPermission.IsAllowedByFreeBusyAccessScope(freeBusyQuery, organizationRelationship))
{
freeBusyPermissionLevel2 = FreeBusyPermissionLevel.None;
}
return(freeBusyPermissionLevel2);
}
// Token: 0x06001232 RID: 4658 RVA: 0x0004D0F0 File Offset: 0x0004B2F0
private bool PhotoSharingEnabled(PhotoPrincipal requestor, PhotoPrincipal target)
{
OrganizationIdCacheValue organizationIdCacheValue = this.organizationConfigCache.Get((target.OrganizationId == null) ? OrganizationId.ForestWideOrgId : target.OrganizationId);
if (organizationIdCacheValue == null)
{
this.tracer.TraceError((long)this.GetHashCode(), "Photo authorization: target organization's configuration not available in cache.");
return(false);
}
foreach (string domain in requestor.GetEmailAddressDomains())
{
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(domain);
if (organizationRelationship != null && organizationRelationship.Enabled && organizationRelationship.PhotosEnabled)
{
return(true);
}
}
return(false);
}
// Token: 0x060005CB RID: 1483 RVA: 0x000202C4 File Offset: 0x0001E4C4
protected ADObjectId ResolveMailboxDatabase(ADRawEntry activeDirectoryRawEntry)
{
if (activeDirectoryRawEntry == null)
{
throw new ArgumentNullException("activeDirectoryRawEntry");
}
SmtpProxyAddress smtpProxyAddress = (SmtpProxyAddress)activeDirectoryRawEntry[ADRecipientSchema.ExternalEmailAddress];
if (smtpProxyAddress != null)
{
OrganizationId organizationId = (OrganizationId)activeDirectoryRawEntry[ADObjectSchema.OrganizationId];
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId);
SmtpAddress smtpAddress = (SmtpAddress)smtpProxyAddress;
if (!smtpAddress.IsValidAddress)
{
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[OwaProxyRequestHandler::ResolveMailboxDatabase]: ExternalEmailAddress configured is invalid.");
}
}
else
{
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(((SmtpAddress)smtpProxyAddress).Domain);
if (organizationRelationship != null && organizationRelationship.TargetOwaURL != null)
{
string absoluteUri = organizationRelationship.TargetOwaURL.AbsoluteUri;
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug <string>((long)this.GetHashCode(), "[OwaProxyRequestHandler::ResolveMailboxDatabase]: Stop processing and redirect to {0}.", absoluteUri);
}
base.Logger.AppendGenericInfo("ExternalRedir", absoluteUri);
throw new HttpException(302, this.GetCrossPremiseRedirectUrl(smtpAddress.Domain, organizationId.ToExternalDirectoryOrganizationId(), smtpProxyAddress.SmtpAddress));
}
if (ExTraceGlobals.VerboseTracer.IsTraceEnabled(1))
{
ExTraceGlobals.VerboseTracer.TraceDebug((long)this.GetHashCode(), "[OwaProxyRequestHandler::ResolveMailboxDatabase]: Unable to find OrganizationRelationShip or its TargetOwaUrl is not configured.");
}
base.Logger.AppendGenericInfo("ExternalRedir", "Org-Relationship or targetOwaUrl not found.");
}
}
return(null);
}
protected override AutoDiscoverQuery CreateAutoDiscoverQuery(string domain, AutoDiscoverQueryItem[] queryItems, int redirectionDepth)
{
AutoDiscoverQuery.AutoDiscoverTracer.TraceDebug <object, string>((long)this.GetHashCode(), "{0}: Search for OrganizationRelationship for domain {1}", TraceContext.Get(), domain);
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(base.ClientContext.OrganizationId);
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(domain);
if (organizationRelationship == null)
{
AutoDiscoverQuery.AutoDiscoverTracer.TraceError <object, string>((long)this.GetHashCode(), "{0}: OrganizationRelationship lookup for domain {1} found nothing", TraceContext.Get(), domain);
throw new AutoDiscoverFailedException(Strings.descConfigurationInformationNotFound(domain), 54588U);
}
if (organizationRelationship.TargetAutodiscoverEpr == null)
{
AutoDiscoverQuery.AutoDiscoverTracer.TraceError <object, string, ADObjectId>((long)this.GetHashCode(), "{0}: OrganizationRelationship lookup for domain {1} found {2}, but it doesn't have TargetAutodiscoverEpr set", TraceContext.Get(), domain, organizationRelationship.Id);
throw new AutoDiscoverFailedException(Strings.descMisconfiguredOrganizationRelationship(organizationRelationship.Id.ToString()), 42300U);
}
AutoDiscoverQuery.AutoDiscoverTracer.TraceDebug <object, string, ADObjectId>((long)this.GetHashCode(), "{0}: OrganizationRelationship lookup for domain {1} found {2}", TraceContext.Get(), domain, organizationRelationship.Id);
QueryList queryListFromQueryItems = base.GetQueryListFromQueryItems(queryItems);
return(new AutoDiscoverQueryExternal(base.Application, base.ClientContext, base.RequestLogger, organizationRelationship.TargetAutodiscoverEpr, base.Authenticator, queryItems, redirectionDepth, base.CreateAutoDiscoverRequest, queryListFromQueryItems));
}
internal OrganizationRelationshipSettings(OrganizationRelationship organizationRelationship)
{
if (organizationRelationship.DomainNames != null)
{
this.DomainNames = new DomainCollection();
foreach (SmtpDomain smtpDomain in organizationRelationship.DomainNames)
{
this.DomainNames.Add(smtpDomain.Domain);
}
}
this.Name = organizationRelationship.Name;
this.TargetApplicationUri = organizationRelationship.TargetApplicationUri;
this.FreeBusyAccessLevel = Enum.GetName(typeof(FreeBusyAccessLevel), organizationRelationship.FreeBusyAccessLevel);
this.FreeBusyAccessEnabled = organizationRelationship.FreeBusyAccessEnabled;
this.TargetSharingEpr = organizationRelationship.TargetSharingEpr;
this.TargetAutodiscoverEpr = organizationRelationship.TargetAutodiscoverEpr;
this.MailboxMoveEnabled = organizationRelationship.MailboxMoveEnabled;
this.DeliveryReportEnabled = organizationRelationship.DeliveryReportEnabled;
this.MailTipsAccessEnabled = organizationRelationship.MailTipsAccessEnabled;
this.MailTipsAccessLevel = Enum.GetName(typeof(MailTipsAccessLevel), organizationRelationship.MailTipsAccessLevel);
}
// Token: 0x06000221 RID: 545 RVA: 0x0000CC68 File Offset: 0x0000AE68
private static string GetEasServerFromOrgRelationship(ADRecipient user, OrganizationRelationship organizationRelationship)
{
Uri targetOwaURL = organizationRelationship.TargetOwaURL;
if (targetOwaURL != null && targetOwaURL.Host != null)
{
string text;
if (targetOwaURL.Host.Contains(MobileRedirectOptimization.legacyO365OwaHost))
{
text = MobileRedirectOptimization.correctO365OwaUrl;
}
else
{
text = MobileRedirectOptimization.httpsPrefix + targetOwaURL.Host + MobileRedirectOptimization.activeSyncServerSuffix;
}
ExTraceGlobals.FrameworkTracer.TraceDebug <string, string>(0L, "[MobileRedirectOptimization] Redirect bypass succeeded, writing config xml for user {0} using EAS server name {1}.", MobileRedirectOptimization.SafeGetEmailAddressStringFromADUser(user), text);
return(text);
}
ExTraceGlobals.FrameworkTracer.TraceError <string>(0L, "[MobileRedirectOptimization] TargetOwaUrl parsing failed for user {0}. Proceeding with <Redirect>.", MobileRedirectOptimization.SafeGetEmailAddressStringFromADUser(user));
return(null);
}
public static OrganizationRelationship GetOrganizationRelationship(ICommonSession session, string identity, IEnumerable <string> domains)
{
OrganizationRelationship organizationRelationship = null;
IEnumerable <OrganizationRelationship> organizationRelationship2 = session.GetOrganizationRelationship();
bool flag = false;
foreach (OrganizationRelationship organizationRelationship3 in organizationRelationship2)
{
if (organizationRelationship3.Identity.ToString().Equals(identity, StringComparison.InvariantCultureIgnoreCase))
{
if (flag)
{
throw new LocalizedException(HybridStrings.ErrorMultipleMatchingOrgRelationships);
}
organizationRelationship = organizationRelationship3;
}
foreach (string domain in domains)
{
SmtpDomain smtpDomain = new SmtpDomain(domain);
foreach (SmtpDomain smtpDomain2 in organizationRelationship3.DomainNames)
{
if (smtpDomain2.Domain.Equals(smtpDomain.Domain, StringComparison.InvariantCultureIgnoreCase))
{
if (flag)
{
throw new LocalizedException(HybridStrings.ErrorMultipleMatchingOrgRelationships);
}
organizationRelationship = organizationRelationship3;
break;
}
}
}
if (organizationRelationship != null)
{
flag = true;
}
}
return(organizationRelationship);
}
public bool IsRemoteTrustedOrg(OrganizationId organizationId, string domain)
{
TraceWrapper.SearchLibraryTracer.TraceDebug <OrganizationId, string>(this.GetHashCode(), "Looking for organization relationship for Org: {0} and domain: {1}", organizationId, domain);
OrganizationRelationship organizationRelationship = this.TryGetOrganizationRelationship(organizationId, domain);
if (organizationRelationship == null)
{
TraceWrapper.SearchLibraryTracer.TraceDebug(this.GetHashCode(), "Organization relationship not found", new object[0]);
return(false);
}
TraceWrapper.SearchLibraryTracer.TraceDebug(this.GetHashCode(), "Organization relationship found", new object[0]);
if (!organizationRelationship.Enabled)
{
TraceWrapper.SearchLibraryTracer.TraceDebug(this.GetHashCode(), "Org relationship disabled,", new object[0]);
return(false);
}
TraceWrapper.SearchLibraryTracer.TraceDebug(this.GetHashCode(), "Organization relationship is enabled", new object[0]);
if (!organizationRelationship.DeliveryReportEnabled)
{
TraceWrapper.SearchLibraryTracer.TraceDebug(this.GetHashCode(), "Delivery Report disabled for relationship.", new object[0]);
return(false);
}
return(true);
}
public override bool EnabledInRelationship(OrganizationRelationship organizationRelationship)
{
return(organizationRelationship.DeliveryReportEnabled);
}
private void Discover(ExchangePrincipal principal, ADUser executingUser, out string ewsEndpoint, out DelegationTokenRequest ewsTokenRequest)
{
SmtpAddress value = principal.MailboxInfo.RemoteIdentity.Value;
ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(OrganizationId.ForestWideOrgId);
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, true, ConsistencyMode.FullyConsistent, null, sessionSettings, ConfigScopes.TenantSubTree, 168, "Discover", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Search\\MailboxSearch\\MailboxSearchEwsClient.cs");
ADUser aduser = null;
TransportConfigContainer transportConfigContainer = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(true, ConsistencyMode.IgnoreInvalid, sessionSettings, 171, "Discover", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Search\\MailboxSearch\\MailboxSearchEwsClient.cs").FindSingletonConfigurationObject <TransportConfigContainer>();
if (transportConfigContainer != null && transportConfigContainer.OrganizationFederatedMailbox != SmtpAddress.NullReversePath)
{
SmtpAddress organizationFederatedMailbox = transportConfigContainer.OrganizationFederatedMailbox;
ProxyAddress proxyAddress = null;
try
{
proxyAddress = ProxyAddress.Parse(organizationFederatedMailbox.ToString());
}
catch (ArgumentException ex)
{
ExTraceGlobals.SessionTracer.TraceError <string>((long)this.GetHashCode(), "Proxy address of organization federated mailbox is invalid: {0}", ex.ToString());
}
if (proxyAddress != null && !(proxyAddress is InvalidProxyAddress))
{
aduser = (tenantOrRootOrgRecipientSession.FindByProxyAddress(proxyAddress) as ADUser);
}
}
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(OrganizationId.ForestWideOrgId);
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(value.Domain);
if (aduser == null || organizationRelationship == null)
{
throw new OrganizationNotFederatedException();
}
DelegationTokenRequest request = new DelegationTokenRequest
{
FederatedIdentity = aduser.GetFederatedIdentity(),
EmailAddress = aduser.GetFederatedSmtpAddress().ToString(),
Target = organizationRelationship.GetTokenTarget(),
Offer = Offer.Autodiscover
};
FedOrgCredentials credentials = new FedOrgCredentials(request, this.GetSecurityTokenService(aduser.OrganizationId));
Uri uri = null;
using (AutoDiscoverUserSettingsClient autoDiscoverUserSettingsClient = AutoDiscoverUserSettingsClient.CreateInstance(DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 215, "Discover", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Search\\MailboxSearch\\MailboxSearchEwsClient.cs"), credentials, value, organizationRelationship.TargetAutodiscoverEpr, MailboxSearchEwsClient.AutoDiscoverRequestedSettings))
{
UserSettings userSettings = autoDiscoverUserSettingsClient.Discover();
StringSetting stringSetting = userSettings.GetSetting("ExternalEwsUrl") as StringSetting;
if (stringSetting == null || !Uri.TryCreate(stringSetting.Value, UriKind.Absolute, out uri))
{
throw new AutoDAccessException(ServerStrings.AutoDRequestFailed);
}
}
ewsEndpoint = EwsWsSecurityUrl.Fix(uri.ToString());
string text = null;
if (executingUser.EmailAddresses != null && executingUser.EmailAddresses.Count > 0)
{
List <string> federatedEmailAddresses = executingUser.GetFederatedEmailAddresses();
if (federatedEmailAddresses != null && federatedEmailAddresses.Count > 0)
{
text = federatedEmailAddresses[0];
}
}
if (string.IsNullOrEmpty(text))
{
ewsTokenRequest = new DelegationTokenRequest
{
FederatedIdentity = aduser.GetFederatedIdentity(),
EmailAddress = aduser.GetFederatedSmtpAddress().ToString(),
Target = organizationRelationship.GetTokenTarget(),
Offer = Offer.MailboxSearch
};
return;
}
ewsTokenRequest = new DelegationTokenRequest
{
FederatedIdentity = executingUser.GetFederatedIdentity(),
EmailAddress = text.ToString(),
Target = organizationRelationship.GetTokenTarget(),
Offer = Offer.MailboxSearch
};
}
public void SetOnPremisesOrganization(IOnPremisesOrganization configuration, IOrganizationConfig onPremisesOrgConfig, MultiValuedProperty <SmtpDomain> hybridDomains, IInboundConnector inboundConnector, IOutboundConnector outboundConnector, OrganizationRelationship tenantOrgRel)
{
Microsoft.Exchange.Management.Hybrid.Entity.OnPremisesOrganization onPremisesOrganization = (Microsoft.Exchange.Management.Hybrid.Entity.OnPremisesOrganization)configuration;
onPremisesOrganization.HybridDomains = hybridDomains;
onPremisesOrganization.InboundConnector = inboundConnector.Identity;
onPremisesOrganization.OutboundConnector = outboundConnector.Identity;
onPremisesOrganization.OrganizationName = onPremisesOrgConfig.Name;
onPremisesOrganization.OrganizationRelationship = (ADObjectId)tenantOrgRel.Identity;
SessionParameters sessionParameters = this.BuildParameters(configuration);
sessionParameters.Set("Identity", configuration.Identity.ToString());
base.RemotePowershellSession.RunCommand("Set-OnPremisesOrganization", sessionParameters);
}
public IOnPremisesOrganization NewOnPremisesOrganization(IOrganizationConfig onPremisesOrgConfig, MultiValuedProperty <SmtpDomain> hybridDomains, IInboundConnector inboundConnector, IOutboundConnector outboundConnector, OrganizationRelationship tenantOrgRel)
{
Microsoft.Exchange.Management.Hybrid.Entity.OnPremisesOrganization onPremisesOrganization = new Microsoft.Exchange.Management.Hybrid.Entity.OnPremisesOrganization(onPremisesOrgConfig.Guid, onPremisesOrgConfig.Name, hybridDomains, inboundConnector.Identity, outboundConnector.Identity, onPremisesOrgConfig.Guid.ToString(), (ADObjectId)tenantOrgRel.Identity);
SessionParameters sessionParameters = this.BuildParameters(onPremisesOrganization);
sessionParameters.Set("Name", onPremisesOrganization.Name);
sessionParameters.Set("OrganizationGuid", onPremisesOrganization.OrganizationGuid);
Microsoft.Exchange.Data.Directory.SystemConfiguration.OnPremisesOrganization onPremisesOrganization2 = base.RemotePowershellSession.RunOneCommandSingleResult <Microsoft.Exchange.Data.Directory.SystemConfiguration.OnPremisesOrganization>("New-OnPremisesOrganization", sessionParameters, false);
if (onPremisesOrganization2 != null)
{
return(new Microsoft.Exchange.Management.Hybrid.Entity.OnPremisesOrganization
{
Identity = (ADObjectId)onPremisesOrganization2.Identity,
OrganizationGuid = onPremisesOrganization2.OrganizationGuid,
OrganizationName = onPremisesOrganization2.OrganizationName,
HybridDomains = onPremisesOrganization2.HybridDomains,
InboundConnector = onPremisesOrganization2.InboundConnector,
OutboundConnector = onPremisesOrganization2.OutboundConnector,
Name = onPremisesOrganization2.Name,
OrganizationRelationship = onPremisesOrganization2.OrganizationRelationship
});
}
return(null);
}
public override bool EnabledInRelationship(OrganizationRelationship organizationRelationship)
{
throw new NotImplementedException();
}
