예제 #1
0
        private EmailAddressWrapper[] GetCertsFromDirectory(Participant p, bool isCurrent)
        {
            bool flag = false;

            EmailAddressWrapper[] result;
            try
            {
                this.timeoutTimeForDLExpansion = new ExDateTime?(ExDateTime.UtcNow.AddMilliseconds(this.smimeAdminOptions.DLExpansionTimeout));
                ADRawEntry adentry = ((DirectoryParticipantOrigin)p.Origin).ADEntry;
                if (adentry == null)
                {
                    result = this.GetCurrent(p, isCurrent, "Unknown");
                }
                else if (this.IsHiddenMembership(adentry))
                {
                    result = this.GetCurrent(p, isCurrent, "PublicDL");
                }
                else
                {
                    Dictionary <string, EmailAddressWrapper> invalidRecipients = new Dictionary <string, EmailAddressWrapper>();
                    Action <ADRawEntry> addInvalidRecipient = delegate(ADRawEntry recipient)
                    {
                        invalidRecipients[recipient[ADObjectSchema.Id].ToString()] = this.GetEmailAddressWrapper(recipient);
                    };
                    Action <ADRawEntry> addCertsOrInvalidRecipients = delegate(ADRawEntry recipient)
                    {
                        try
                        {
                            string text = recipient[ADRecipientSchema.LegacyExchangeDN] as string;
                            if (text == null)
                            {
                                addInvalidRecipient(recipient);
                            }
                            else
                            {
                                text = text.ToLower();
                                byte[][] array  = this.MultiValuePropertyToByteArray(recipient[ADRecipientSchema.Certificate] as MultiValuedProperty <byte[]>);
                                byte[][] array2 = this.MultiValuePropertyToByteArray(recipient[ADRecipientSchema.SMimeCertificate] as MultiValuedProperty <byte[]>);
                                if (array.Length == 0 && array2.Length == 0)
                                {
                                    addInvalidRecipient(recipient);
                                }
                                else
                                {
                                    string[] array3;
                                    if (this.smimeAdminOptions.UseSecondaryProxiesWhenFindingCertificates)
                                    {
                                        ProxyAddressCollection proxyAddressCollection = recipient[ADRecipientSchema.EmailAddresses] as ProxyAddressCollection;
                                        if (proxyAddressCollection != null && proxyAddressCollection.Count > 0)
                                        {
                                            array3 = new string[proxyAddressCollection.Count];
                                            for (int i = 0; i < proxyAddressCollection.Count; i++)
                                            {
                                                array3[i] = proxyAddressCollection[i].AddressString;
                                            }
                                        }
                                        else
                                        {
                                            array3 = new string[]
                                            {
                                                recipient[ADRecipientSchema.PrimarySmtpAddress].ToString()
                                            };
                                        }
                                    }
                                    else
                                    {
                                        array3 = new string[]
                                        {
                                            recipient[ADRecipientSchema.PrimarySmtpAddress].ToString()
                                        };
                                    }
                                    X509Certificate2 x509Certificate = this.FindBestCert(array3, false, new byte[][][]
                                    {
                                        array,
                                        array2
                                    });
                                    if (x509Certificate != null)
                                    {
                                        this.AddCertToCurrentParticipant(x509Certificate.RawData);
                                    }
                                    else
                                    {
                                        addInvalidRecipient(recipient);
                                    }
                                }
                            }
                        }
                        catch (Exception ex3)
                        {
                            this.LogException(ex3, "Error occurred when getting cert from Directory User: {0}", new object[]
                            {
                                recipient.GetDistinguishedNameOrName()
                            });
                            addInvalidRecipient(recipient);
                        }
                    };
                    if (flag = this.IsDistributionList(adentry))
                    {
                        ADRecipientExpansion.HandleRecipientDelegate handleRecipient = delegate(ADRawEntry recipient, ExpansionType recipientExpansionType, ADRawEntry parent, ExpansionType parentExpansionType)
                        {
                            if (this.IsDLExpansionTimedOut())
                            {
                                throw new TimeoutException("The DL expansion is timeout.");
                            }
                            if (this.IsHiddenMembership(recipient))
                            {
                                addInvalidRecipient(recipient);
                                return(ExpansionControl.Skip);
                            }
                            if (!this.IsDistributionList(recipient))
                            {
                                addCertsOrInvalidRecipients(recipient);
                            }
                            return(ExpansionControl.Continue);
                        };
                        ADRecipientExpansion.HandleFailureDelegate handleFailure = delegate(ExpansionFailure failure, ADRawEntry recipient, ExpansionType recipientExpansionType, ADRawEntry parent, ExpansionType parentExpansionType)
                        {
                            if (this.IsDLExpansionTimedOut())
                            {
                                throw new TimeoutException("The DL expansion is timeout.");
                            }
                            ExTraceGlobals.RequestTracer.TraceDebug <string, string, ExpansionFailure>((long)this.GetHashCode(), "Error occured when expanding DL: {0}: {1} {2}", recipient.GetDistinguishedNameOrName(), failure.ToString(), failure);
                            addInvalidRecipient(recipient);
                            return(ExpansionControl.Continue);
                        };
                        try
                        {
                            this.adRecipientExpansion.Expand(adentry, handleRecipient, handleFailure);
                            goto IL_13C;
                        }
                        catch (Exception ex)
                        {
                            this.LogException(ex, "Error occurred when expanding PublicDL: {0}", new object[]
                            {
                                adentry.GetDistinguishedNameOrName()
                            });
                            addInvalidRecipient(adentry);
                            goto IL_13C;
                        }
                    }
                    addCertsOrInvalidRecipients(adentry);
IL_13C:
                    if (invalidRecipients.Count > 0)
                    {
                        Queue <EmailAddressWrapper> queue = new Queue <EmailAddressWrapper>(invalidRecipients.Count);
                        foreach (EmailAddressWrapper item in invalidRecipients.Values)
                        {
                            queue.Enqueue(item);
                        }
                        result = queue.ToArray();
                    }
                    else
                    {
                        result = null;
                    }
                }
            }
            catch (Exception ex2)
            {
                this.LogException(ex2, "Error occurred when getting cert from Directory Object: {0}", new object[]
                {
                    this.ParticipantToString(p)
                });
                result = this.GetCurrent(p, isCurrent, flag ? "PublicDL" : "MailBox");
            }
            return(result);
        }
 public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
 {
     if (adObject == null)
     {
         throw new ArgumentNullException("adObject");
     }
     ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering RichCoexistenceCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
     if (!adObject.propertyBag.Contains(IADMailStorageSchema.RemoteRecipientType))
     {
         ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "RichCoexistenceCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'. Object doesnt have 'RemoteRecipientType' property", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
         return(CapabilityEvaluationResult.NotApplicable);
     }
     if (OpathFilterEvaluator.FilterMatches(RichCoexistenceCapabilityIdentifierEvaluator.filter, adObject))
     {
         ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "RichCoexistenceCapabilityIdentifierEvaluator.Evaluate('{0}') adObject has RemoteRecipientType set. CapabilityToCheck '{1}'. ", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
         return(base.Evaluate(adObject));
     }
     ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "RichCoexistenceCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.No.ToString(), base.Capability.ToString());
     return(CapabilityEvaluationResult.No);
 }
예제 #3
0
        public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
        {
            if (adObject == null)
            {
                throw new ArgumentNullException("adObject");
            }
            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering SimpleCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
            if (!adObject.propertyBag.Contains(SharedPropertyDefinitions.RawCapabilities))
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "SimpleCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - object doesn't have the Capabilities property.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.NotApplicable);
            }
            CapabilityEvaluationResult capabilityEvaluationResult;

            if (OpathFilterEvaluator.FilterMatches(this.filter, adObject))
            {
                capabilityEvaluationResult = CapabilityEvaluationResult.Yes;
            }
            else
            {
                capabilityEvaluationResult = CapabilityEvaluationResult.No;
            }
            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "SimpleCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
            return(capabilityEvaluationResult);
        }
예제 #4
0
        public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
        {
            if (adObject == null)
            {
                throw new ArgumentNullException("adObject");
            }
            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
            CapabilityEvaluationResult capabilityEvaluationResult = CapabilityEvaluationResult.NotApplicable;
            ADUser           aduser           = adObject as ADUser;
            ReducedRecipient reducedRecipient = adObject as ReducedRecipient;

            if (aduser == null && reducedRecipient == null)
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - adObject in not ADUser/ReducedRecipient.", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
                return(capabilityEvaluationResult);
            }
            SmtpAddress value = (aduser != null) ? aduser.WindowsLiveID : reducedRecipient.WindowsLiveID;

            if (value == SmtpAddress.Empty || value.Domain == null)
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - user/recipient is not Live enabled.", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
                return(capabilityEvaluationResult);
            }
            OrganizationId organizationId = (aduser != null) ? aduser.OrganizationId : reducedRecipient.OrganizationId;

            if (organizationId == null || OrganizationId.ForestWideOrgId.Equals(organizationId))
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - user/recipient does not belong to tenant scope.", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
                return(capabilityEvaluationResult);
            }
            IConfigurationSession     tenantScopedSystemConfigurationSession = base.GetTenantScopedSystemConfigurationSession(organizationId);
            ExchangeConfigurationUnit exchangeConfigurationUnit = tenantScopedSystemConfigurationSession.Read <ExchangeConfigurationUnit>(organizationId.ConfigurationUnit);

            if (exchangeConfigurationUnit == null)
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - user/recipient does is not in tenant scope.", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
                return(capabilityEvaluationResult);
            }
            capabilityEvaluationResult = (((exchangeConfigurationUnit.ObjectVersion < 13000) ? exchangeConfigurationUnit.IsFederated : FederatedUserCapabilityIdentifierEvaluator.IsNamespaceFederated(organizationId, value.Domain)) ? CapabilityEvaluationResult.Yes : CapabilityEvaluationResult.No);
            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "FederatedUserCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
            return(capabilityEvaluationResult);
        }
예제 #5
0
        public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
        {
            if (adObject == null)
            {
                throw new ArgumentNullException("adObject");
            }
            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering UMFeatureRestrictedCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
            if (!Datacenter.IsMultiTenancyEnabled())
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - not datacenter mode.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.NotApplicable);
            }
            CountryInfo countryInfo = (CountryInfo)adObject[ADRecipientSchema.UsageLocation];

            if (null == countryInfo)
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "UMFeatureRestrictedCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'.  CapabilityToCheck '{2}' - UsageLocation is '<NULL>'.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.NotApplicable);
            }
            CountryList countryList = CountryListIdCache.Singleton.Get(UMFeatureRestrictedCapabilityIdentifierEvaluator.UMCountryListKey);

            if (countryList == null)
            {
                ExTraceGlobals.AccessCheckTracer.TraceWarning <string, string, string>((long)this.GetHashCode(), "UMFeatureRestrictedCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'.  CapabilityToCheck '{2}' - Cache lookup returned '<NULL>'.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.Yes.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.Yes);
            }
            if (countryList.Countries.Contains(countryInfo))
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "UMFeatureRestrictedCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'.  CapabilityToCheck '{2}'.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.No.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.No);
            }
            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "UMFeatureRestrictedCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'.  CapabilityToCheck '{2}'.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.Yes.ToString(), base.Capability.ToString());
            return(CapabilityEvaluationResult.Yes);
        }
예제 #6
0
        public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
        {
            if (adObject == null)
            {
                throw new ArgumentNullException("adObject");
            }
            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering ResourceMailboxCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
            CapabilityEvaluationResult capabilityEvaluationResult = CapabilityEvaluationResult.NotApplicable;
            ADRecipient adrecipient = adObject as ADRecipient;

            if (!(adObject is ReducedRecipient) && adrecipient == null)
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "ResourceMailboxCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - adObject in not ReducedRecipient or ADUser.", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
                return(capabilityEvaluationResult);
            }
            capabilityEvaluationResult = ((adObject[ReducedRecipientSchema.ResourceType] != null) ? CapabilityEvaluationResult.Yes : CapabilityEvaluationResult.No);
            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "ResourceMailboxCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
            return(capabilityEvaluationResult);
        }
        protected override bool InternalTryValidate(ADRawEntry adObject, out RuleValidationException validationException)
        {
            validationException = null;
            OrganizationValidationRuleDefinition organizationValidationRuleDefinition = base.RuleDefinition as OrganizationValidationRuleDefinition;

            if (!Datacenter.IsMultiTenancyEnabled())
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, bool>((long)this.GetHashCode(), "OrganizationValidationRule.InternalTryValidate('{0}') return '{1}'. - not datacenter mode.", adObject.GetDistinguishedNameOrName(), true);
                return(true);
            }
            OrganizationId            organizationId            = (OrganizationId)adObject[ADObjectSchema.OrganizationId];
            ADSessionSettings         sessionSettings           = OrganizationId.ForestWideOrgId.Equals(organizationId) ? ADSessionSettings.FromRootOrgScopeSet() : ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId);
            IConfigurationSession     session                   = DirectorySessionFactory.Default.CreateTenantConfigurationSession(adObject.OriginatingServer, true, ConsistencyMode.IgnoreInvalid, sessionSettings, 377, "InternalTryValidate", "f:\\15.00.1497\\sources\\dev\\data\\src\\directory\\ValidationRules\\ValidationRule.cs");
            ExchangeConfigurationUnit exchangeConfigurationUnit = ProvisioningCache.Instance.TryAddAndGetOrganizationData <ExchangeConfigurationUnit>(CannedProvisioningCacheKeys.OrganizationCUContainer, organizationId, () => session.Read <ExchangeConfigurationUnit>(organizationId.ConfigurationUnit));

            if (exchangeConfigurationUnit == null)
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, bool>((long)this.GetHashCode(), "OrganizationValidationRule.InternalTryValidate('{0}') return '{1}'. - organization (ExchangeConfigurationUnit) object is not found.", adObject.GetDistinguishedNameOrName(), true);
                return(true);
            }
            foreach (ValidationRuleExpression validationRuleExpression in organizationValidationRuleDefinition.OverridingAllowExpressions)
            {
                bool flag = true;
                foreach (PropertyDefinition propertyDefinition in validationRuleExpression.QueryFilter.FilterProperties())
                {
                    if (!exchangeConfigurationUnit.propertyBag.Contains((ProviderPropertyDefinition)propertyDefinition))
                    {
                        ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "ExpressionFilterValidationRule.InternalTryValidate({0}). Missing Property {1}.", exchangeConfigurationUnit.GetDistinguishedNameOrName(), propertyDefinition.Name);
                        flag = false;
                        break;
                    }
                }
                if (flag && OpathFilterEvaluator.FilterMatches(validationRuleExpression.QueryFilter, exchangeConfigurationUnit))
                {
                    ExTraceGlobals.AccessCheckTracer.TraceDebug <string, bool, string>((long)this.GetHashCode(), "OrganizationValidationRule.InternalTryValidate('{0}') return '{1}'. - matched filter: {2}.", adObject.GetDistinguishedNameOrName(), true, validationRuleExpression.QueryString);
                    return(true);
                }
            }
            foreach (ValidationRuleExpression validationRuleExpression2 in organizationValidationRuleDefinition.RestrictionExpressions)
            {
                bool flag2 = true;
                foreach (PropertyDefinition propertyDefinition2 in validationRuleExpression2.QueryFilter.FilterProperties())
                {
                    if (!exchangeConfigurationUnit.propertyBag.Contains((ProviderPropertyDefinition)propertyDefinition2))
                    {
                        ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "ExpressionFilterValidationRule.InternalTryValidate({0}). Missing Property {1}.", exchangeConfigurationUnit.GetDistinguishedNameOrName(), propertyDefinition2.Name);
                        flag2 = false;
                        break;
                    }
                }
                if (flag2 && OpathFilterEvaluator.FilterMatches(validationRuleExpression2.QueryFilter, exchangeConfigurationUnit))
                {
                    validationException = new RuleValidationException(base.GetValidationRuleErrorMessage(adObject, validationRuleExpression2.QueryString));
                    return(false);
                }
            }
            return(true);
        }
예제 #8
0
        public bool TryValidate(ADRawEntry adObject, out RuleValidationException validationException)
        {
            if (adObject == null)
            {
                throw new ArgumentNullException("adObject");
            }
            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "Entering {0}.TryValidate({1}). Rule {2}.", base.GetType().Name, adObject.GetDistinguishedNameOrName(), this.ruleDefinition.Name);
            bool result = this.InternalTryValidate(adObject, out validationException);

            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "{0}.TryValidate({1}). returns {2}", base.GetType().Name, adObject.GetDistinguishedNameOrName(), result.ToString());
            return(result);
        }
예제 #9
0
        protected bool IsOverridingAllowCapabilityFound(ADRawEntry adObject)
        {
            CapabilityIdentifierEvaluator capabilityIdentifierEvaluator = this.OverridingAllowCapabilityEvaluators.FirstOrDefault((CapabilityIdentifierEvaluator x) => x.Evaluate(adObject) == CapabilityEvaluationResult.Yes);

            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "ValidationRule.IsOverridingAllowCapabilityFound({0}). OverridingAllowCapability: {1}.", adObject.GetDistinguishedNameOrName(), (capabilityIdentifierEvaluator != null) ? capabilityIdentifierEvaluator.Capability.ToString() : "<NULL>");
            return(capabilityIdentifierEvaluator != null);
        }
        protected override bool InternalTryValidate(ADRawEntry adObject, out RuleValidationException validationException)
        {
            validationException = null;
            CapabilityIdentifierEvaluator capabilityIdentifierEvaluator = base.RestrictedCapabilityEvaluators.FirstOrDefault((CapabilityIdentifierEvaluator x) => CapabilityEvaluationResult.Yes == x.Evaluate(adObject));

            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "ExpressionFilterValidationRule.InternalTryValidate({0}). CurlpritCapability {1}.", adObject.GetDistinguishedNameOrName(), (capabilityIdentifierEvaluator != null) ? capabilityIdentifierEvaluator.Capability.ToString() : "<NULL>");
            if (capabilityIdentifierEvaluator == null)
            {
                return(true);
            }
            foreach (ValidationRuleExpression validationRuleExpression in base.RuleDefinition.Expressions)
            {
                if (validationRuleExpression.ApplicableObjects != null && validationRuleExpression.ApplicableObjects.Count > 0)
                {
                    Type right = validationRuleExpression.ApplicableObjects.FirstOrDefault((Type x) => x.IsAssignableFrom(adObject.GetType()));
                    if (null == right)
                    {
                        ExTraceGlobals.AccessCheckTracer.TraceDebug <string, Type, string>((long)this.GetHashCode(), "ExpressionFilterValidationRule.InternalTryValidate({0}). Object type '{1}' is not on the list of applicable types for expression {2}.", adObject.GetDistinguishedNameOrName(), adObject.GetType(), validationRuleExpression.QueryString);
                        continue;
                    }
                }
                bool flag = true;
                foreach (PropertyDefinition propertyDefinition in validationRuleExpression.QueryFilter.FilterProperties())
                {
                    if (!adObject.propertyBag.Contains((ProviderPropertyDefinition)propertyDefinition))
                    {
                        ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "ExpressionFilterValidationRule.InternalTryValidate({0}). Missing Property {1}.", adObject.GetDistinguishedNameOrName(), propertyDefinition.Name);
                        flag = false;
                        break;
                    }
                }
                if (flag && !OpathFilterEvaluator.FilterMatches(validationRuleExpression.QueryFilter, adObject) && !base.IsOverridingAllowCapabilityFound(adObject))
                {
                    validationException = new RuleValidationException(base.GetValidationRuleErrorMessage(adObject, capabilityIdentifierEvaluator.Capability));
                    return(false);
                }
            }
            return(true);
        }
예제 #11
0
        public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
        {
            if (adObject == null)
            {
                throw new ArgumentNullException("adObject");
            }
            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string>((long)this.GetHashCode(), "Entering MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') CapabilityToCheck '{1}'.", adObject.GetDistinguishedNameOrName(), base.Capability.ToString());
            if (!Datacenter.IsMultiTenancyEnabled())
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - not datacenter mode.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.NotApplicable);
            }
            ADRecipient      adrecipient      = adObject as ADRecipient;
            ReducedRecipient reducedRecipient = adObject as ReducedRecipient;

            if (adrecipient == null && reducedRecipient == null)
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - adObject in not ADRecipient or ReducedRecipient.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.NotApplicable);
            }
            if ((adrecipient == null || !adrecipient.IsDirSyncEnabled) && (reducedRecipient == null || !reducedRecipient.IsDirSyncEnabled))
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - recipient is not Dirsynced.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.No.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.No);
            }
            OrganizationId organizationId = (adrecipient != null) ? adrecipient.OrganizationId : reducedRecipient.OrganizationId;

            if (organizationId == null || OrganizationId.ForestWideOrgId.Equals(organizationId))
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - recipient does not belong to tenant scope.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.NotApplicable);
            }
            ExchangeConfigurationUnit exchangeConfigurationUnit = this.GetExchangeConfigurationUnit(organizationId);

            if (exchangeConfigurationUnit == null)
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}' - recipient is not in tenant scope.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.NotApplicable);
            }
            CapabilityEvaluationResult capabilityEvaluationResult = exchangeConfigurationUnit.IsDirSyncEnabled ? CapabilityEvaluationResult.Yes : CapabilityEvaluationResult.No;

            ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "MasteredOnPremiseCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'", adObject.GetDistinguishedNameOrName(), capabilityEvaluationResult.ToString(), base.Capability.ToString());
            return(capabilityEvaluationResult);
        }
예제 #12
0
        public override CapabilityEvaluationResult Evaluate(ADRawEntry adObject)
        {
            if (adObject == null)
            {
                throw new ArgumentNullException("adObject");
            }
            ExchangeVirtualDirectory exchangeVirtualDirectory = adObject as ExchangeVirtualDirectory;

            if (exchangeVirtualDirectory == null)
            {
                ExTraceGlobals.AccessCheckTracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "BEVDirLockdownCapabilityIdentifierEvaluator.Evaluate('{0}') return '{1}'. CapabilityToCheck '{2}'. Object isn't a ExchangeVirtualDirectory object.", adObject.GetDistinguishedNameOrName(), CapabilityEvaluationResult.NotApplicable.ToString(), base.Capability.ToString());
                return(CapabilityEvaluationResult.NotApplicable);
            }
            if (exchangeVirtualDirectory.Name.Contains("Exchange Back End"))
            {
                return(CapabilityEvaluationResult.Yes);
            }
            return(CapabilityEvaluationResult.No);
        }