private static bool TryGetADRecipient(Trace tracer, ADRecipientCache <TransportMiniRecipient> recipientCache, MailRecipient mailRecipient, out ADRecipient recipient) { recipient = null; ProxyAddress proxyAddress = new SmtpProxyAddress((string)mailRecipient.Email, true); TransportMiniRecipient recipientEntry = recipientCache.FindAndCacheRecipient(proxyAddress).Data; if (recipientEntry == null) { tracer.TraceWarning <RoutingAddress>(0L, "Could not find recipient entry for {0}", mailRecipient.Email); return(false); } ADRecipient tempRecipient = null; ADNotificationAdapter.TryRunADOperation(delegate() { SmtpAddress smtpAddress = new SmtpAddress(proxyAddress.AddressString); ADSessionSettings sessionSettings = ADSessionSettings.RootOrgOrSingleTenantFromAcceptedDomainAutoDetect(smtpAddress.Domain); IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, null, LcidMapper.DefaultLcid, true, ConsistencyMode.IgnoreInvalid, null, sessionSettings, 178, "TryGetADRecipient", "f:\\15.00.1497\\sources\\dev\\MailboxTransport\\src\\MailboxTransportDelivery\\StoreDriver\\agents\\UM\\UMAgentUtil.cs"); tempRecipient = tenantOrRootOrgRecipientSession.Read(recipientEntry.Id); }); if (tempRecipient == null) { tracer.TraceWarning <ADObjectId>(0L, "Could not read recipient object for {0}", recipientEntry.Id); return(false); } recipient = tempRecipient; return(true); }
internal static bool IsRetentionPolicyEnabled(ADRecipientCache <TransportMiniRecipient> cache, RoutingAddress address) { ProxyAddress proxyAddress = new SmtpProxyAddress((string)address, true); TransportMiniRecipient data = cache.FindAndCacheRecipient(proxyAddress).Data; if (data == null) { return(false); } ElcMailboxFlags elcMailboxFlags = data.ElcMailboxFlags; ADObjectId elcPolicyTemplate = data.ElcPolicyTemplate; return(((elcMailboxFlags & ElcMailboxFlags.ElcV2) != ElcMailboxFlags.None && elcPolicyTemplate != null) || ((elcMailboxFlags & ElcMailboxFlags.ShouldUseDefaultRetentionPolicy) != ElcMailboxFlags.None && elcPolicyTemplate == null)); }
internal static AccessCheckResult CheckAccessForEmailDelivery(MailItemDeliver mailItemDeliver, Folder mailPublicFolder) { if (mailItemDeliver == null) { throw new ArgumentNullException("MailItemDeliver"); } if (mailPublicFolder == null) { throw new ArgumentNullException("MailPublicFolder"); } if (mailItemDeliver.ReplayItem == null) { MailPublicFolderPermissionHandler.Diag.TraceError(0L, "ReplayItem for the message appears to be null."); return(AccessCheckResult.NotAllowedInternalSystemError); } if (mailItemDeliver.ReplayItem.From == null) { MailPublicFolderPermissionHandler.Diag.TraceError(0L, "From attribute of the ReplayItem for the given message appears to be null."); return(AccessCheckResult.NotAllowedInternalSystemError); } AccessCheckResult accessCheckResult = AccessCheckResult.NotAllowedAuthenticated; ClientSecurityContext context = null; bool isAnonymous = false; ADRecipientCache <TransportMiniRecipient> recipientCache = mailItemDeliver.MbxTransportMailItem.ADRecipientCache; IRecipientSession recipientSession = (recipientCache != null) ? recipientCache.ADSession : null; if (recipientSession != null) { recipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(recipientSession.SessionSettings.CurrentOrganizationId), 146, "CheckAccessForEmailDelivery", "f:\\15.00.1497\\sources\\dev\\MailboxTransport\\src\\MailboxTransportDelivery\\StoreDriver\\MailPublicFolderPermissionHandler.cs"); try { GrayException.MapAndReportGrayExceptions(delegate() { Participant from = mailItemDeliver.ReplayItem.From; if (from.RoutingType != "EX") { MailPublicFolderPermissionHandler.Diag.TraceDebug(0L, "Determined the sent user as an anonymous entity"); isAnonymous = true; context = MailPublicFolderPermissionHandler.GetAnonymousClientSecurityContext(); MailPublicFolderPermissionHandler.Diag.TraceDebug(0L, "Constructed clientSecurityContext for anonymous user"); } else { MailPublicFolderPermissionHandler.Diag.TraceDebug(0L, "Determined the sent user as an authorized entity"); byte[] valueOrDefault = from.GetValueOrDefault <byte[]>(ParticipantSchema.ParticipantSID); SecurityIdentifier securityIdentifier = (valueOrDefault == null) ? null : new SecurityIdentifier(valueOrDefault, 0); TransportMiniRecipient data = recipientCache.FindAndCacheRecipient(ProxyAddress.Parse(mailItemDeliver.MbxTransportMailItem.From.ToString())).Data; if (securityIdentifier == null) { context = MailPublicFolderPermissionHandler.GetUserClientSecurityContext(MailPublicFolderPermissionHandler.EveryoneSID, null); } else if (data == null) { context = MailPublicFolderPermissionHandler.GetUserClientSecurityContext(securityIdentifier, null); } else { context = MailPublicFolderPermissionHandler.GetUserClientSecurityContext(securityIdentifier, recipientSession.GetTokenSids((ADObjectId)data[ADObjectSchema.Id], AssignmentMethod.S4U)); } MailPublicFolderPermissionHandler.Diag.TraceDebug(0L, "Constructed clientSecurityContext for user {0}.", new object[] { (data != null) ? data[ADRecipientSchema.PrimarySmtpAddress] : context.UserSid }); } if (MailPublicFolderPermissionHandler.CanPostItemsToPublicFolder(mailPublicFolder, context)) { accessCheckResult = AccessCheckResult.Allowed; return; } if (isAnonymous) { accessCheckResult = AccessCheckResult.NotAllowedAnonymous; } }); } catch (GrayException ex) { string arg = string.Empty; if (ex.InnerException != null) { arg = ex.InnerException.Message; } accessCheckResult = AccessCheckResult.NotAllowedInternalSystemError; MailPublicFolderPermissionHandler.Diag.TraceError <ClientSecurityContext, string>(0L, "Access check failed on ClientSecurityContext {0} with {1}.", context, arg); } finally { if (context != null) { context.Dispose(); context = null; } } } return(accessCheckResult); }