private SecurityDescriptor GetSecurityDescriptorToCheckAgainst()
{
if (DiagnosticsAggregationServiceImpl.transportServerSecurity == null)
{
Server localServer = DiagnosticsAggregationServicelet.LocalServer;
RawSecurityDescriptor rawSecurityDescriptor = localServer.ReadSecurityDescriptor();
if (rawSecurityDescriptor != null)
{
try
{
ActiveDirectorySecurity activeDirectorySecurity = TransportADUtils.SetupActiveDirectorySecurity(rawSecurityDescriptor);
DiagnosticsAggregationServiceImpl.transportServerSecurity = new SecurityDescriptor(activeDirectorySecurity.GetSecurityDescriptorBinaryForm());
return(DiagnosticsAggregationServiceImpl.transportServerSecurity);
}
catch (OverflowException ex)
{
this.TraceAndLogError(ExTraceGlobals.DiagnosticsAggregationTracer, "Encountered exception while setting up Authorization setttings. Details {0}", new object[]
{
ex
});
}
}
DiagnosticsAggregationServiceImpl.transportServerSecurity = SecurityDescriptor.FromRawSecurityDescriptor(rawSecurityDescriptor);
}
return(DiagnosticsAggregationServiceImpl.transportServerSecurity);
}
public static byte[] BuildAclTableBlob(StoreSession session, RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor)
{
IRecipientSession adrecipientSession = session.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid);
ExternalUserCollection externalUserCollectionToDispose = null;
bool flag;
string canonicalErrorInformation;
List <AclTableEntry> source;
try
{
source = AclModifyTable.BuildAclTableFromSecurityDescriptor(securityDescriptor, freeBusySecurityDescriptor, new LazilyInitialized <ExternalUserCollection>(delegate()
{
MailboxSession mailboxSession = session as MailboxSession;
externalUserCollectionToDispose = ((mailboxSession != null) ? mailboxSession.GetExternalUsers() : null);
return(externalUserCollectionToDispose);
}), adrecipientSession, new AclTableIdMap(), out flag, out canonicalErrorInformation);
}
finally
{
Util.DisposeIfPresent(externalUserCollectionToDispose);
}
if (!flag)
{
ExTraceGlobals.StorageTracer.TraceError(0L, "Cannot build blob ACL table blob with non-canonical SD");
throw new NonCanonicalACLException(canonicalErrorInformation);
}
FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD = new FolderSecurity.AclTableAndSecurityDescriptorProperty(new ArraySegment <byte>(AclModifyTable.SerializeTableEntries(source)), source.ToDictionary((AclTableEntry tableEntry) => tableEntry.SecurityIdentifier, delegate(AclTableEntry tableEntry)
{
if (!tableEntry.IsGroup)
{
return(FolderSecurity.SecurityIdentifierType.User);
}
return(FolderSecurity.SecurityIdentifierType.Group);
}), SecurityDescriptor.FromRawSecurityDescriptor(securityDescriptor), SecurityDescriptor.FromRawSecurityDescriptor(freeBusySecurityDescriptor));
return(AclModifyTable.SerializeAclTableAndSecurityDecscriptor(aclTableAndSD));
}
public static ActiveDirectorySecurity ReadMailboxSecurityDescriptor(ADUser mailbox, IConfigurationSession adSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError)
{
TaskLogger.LogEnter();
RawSecurityDescriptor exchangeSecurityDescriptor = mailbox.ExchangeSecurityDescriptor;
RawSecurityDescriptor rawSecurityDescriptor;
if (mailbox.RecipientType == RecipientType.SystemAttendantMailbox)
{
rawSecurityDescriptor = exchangeSecurityDescriptor;
}
else
{
RawSecurityDescriptor rawSecurityDescriptor2 = adSession.ReadSecurityDescriptor(mailbox.Database);
if (rawSecurityDescriptor2 == null)
{
logError(new TaskInvalidOperationException(Strings.ErrorReadDatabaseSecurityDescriptor(mailbox.Database.ToString())), ExchangeErrorCategory.ServerOperation, null);
return(null);
}
rawSecurityDescriptor = MailboxSecurity.CreateMailboxSecurityDescriptor(SecurityDescriptor.FromRawSecurityDescriptor(rawSecurityDescriptor2), SecurityDescriptor.FromRawSecurityDescriptor(exchangeSecurityDescriptor)).ToRawSecurityDescriptor();
if (rawSecurityDescriptor == null)
{
logError(new TaskInvalidOperationException(Strings.ErrorReadMailboxSecurityDescriptor(mailbox.DistinguishedName)), ExchangeErrorCategory.ServerOperation, mailbox.Identity);
return(null);
}
}
ActiveDirectorySecurity result = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(rawSecurityDescriptor);
TaskLogger.LogExit();
return(result);
}
// Token: 0x06001A7D RID: 6781 RVA: 0x0006EDC8 File Offset: 0x0006CFC8
public virtual Result <TEntry> ReadSecurityDescriptor(ProxyAddress proxyAddress)
{
if (proxyAddress == null)
{
throw new ArgumentNullException("proxyAddress");
}
Result <TEntry> result = this.FindAndCacheRecipient(proxyAddress);
if (result.Data != null)
{
IDirectorySession adsession = this.ADSession;
TEntry data = result.Data;
RawSecurityDescriptor rawSecurityDescriptor = adsession.ReadSecurityDescriptor(data.Id);
lock (result.Data)
{
result.Data.propertyBag.SetField(ADObjectSchema.NTSecurityDescriptor, SecurityDescriptor.FromRawSecurityDescriptor(rawSecurityDescriptor));
}
}
return(result);
}
private void Save()
{
List <FolderSecurity.SecurityIdentifierAndFolderRights> list = new List <FolderSecurity.SecurityIdentifierAndFolderRights>(this.tableEntries.Count);
foreach (AclTableEntry aclTableEntry in this.tableEntries)
{
list.Add(new FolderSecurity.SecurityIdentifierAndFolderRights(aclTableEntry.SecurityIdentifier, (FolderSecurity.ExchangeFolderRights)aclTableEntry.MemberRights, aclTableEntry.IsGroup ? FolderSecurity.SecurityIdentifierType.Group : FolderSecurity.SecurityIdentifierType.User));
aclTableEntry.MemberRights = (MemberRights)FolderSecurity.NormalizeFolderRights((FolderSecurity.ExchangeFolderRights)aclTableEntry.MemberRights);
}
byte[] array = AclModifyTable.SerializeTableEntries(this.tableEntries);
RawAcl rawAcl = FolderSecurity.AnnotatedAceList.BuildFolderCanonicalAceList(list);
if (this.securityDescriptor != null)
{
this.securityDescriptor.DiscretionaryAcl = rawAcl;
}
else
{
this.securityDescriptor = FolderSecurity.AclTableAndSecurityDescriptorProperty.CreateFolderSecurityDescriptor(rawAcl).ToRawSecurityDescriptorThrow();
}
RawAcl rawAcl2 = FolderSecurity.AnnotatedAceList.BuildFreeBusyCanonicalAceList(list);
if (this.freeBusySecurityDescriptor != null)
{
this.freeBusySecurityDescriptor.DiscretionaryAcl = rawAcl2;
}
else if ((this.options & ModifyTableOptions.FreeBusyAware) == ModifyTableOptions.FreeBusyAware)
{
this.freeBusySecurityDescriptor = FolderSecurity.AclTableAndSecurityDescriptorProperty.CreateFolderSecurityDescriptor(rawAcl2).ToRawSecurityDescriptorThrow();
}
Dictionary <SecurityIdentifier, FolderSecurity.SecurityIdentifierType> dictionary = new Dictionary <SecurityIdentifier, FolderSecurity.SecurityIdentifierType>(list.Count);
foreach (FolderSecurity.SecurityIdentifierAndFolderRights securityIdentifierAndFolderRights in list)
{
if (dictionary.ContainsKey(securityIdentifierAndFolderRights.SecurityIdentifier))
{
throw new InvalidParamException(new LocalizedString(string.Format("SID {0} is not unique.", securityIdentifierAndFolderRights.SecurityIdentifier)));
}
dictionary.Add(securityIdentifierAndFolderRights.SecurityIdentifier, securityIdentifierAndFolderRights.SecurityIdentifierType);
}
FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD = new FolderSecurity.AclTableAndSecurityDescriptorProperty(new ArraySegment <byte>(array), dictionary, SecurityDescriptor.FromRawSecurityDescriptor(this.securityDescriptor), SecurityDescriptor.FromRawSecurityDescriptor(this.freeBusySecurityDescriptor));
this.coreFolder.OnBeforeFolderSave();
AclModifyTable.WriteFolderAclTable(this.coreFolder, AclModifyTable.SerializeAclTableAndSecurityDecscriptor(aclTableAndSD));
this.coreFolder.OnAfterFolderSave();
}
