internal static bool ValidateFilteringOnlyUser(string domain, string username)
{
if (string.IsNullOrEmpty(domain) || !VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).CmdletInfra.ValidateFilteringOnlyUser.Enabled)
{
return(false);
}
if (username.EndsWith(".exchangemon.net", StringComparison.InvariantCultureIgnoreCase))
{
AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("Bypass monitoring account {0} check.", username));
return(false);
}
bool result;
try
{
bool flag = false;
domain = domain.ToLower();
if (!UserValidationHelper.filteringOnlyCache.TryGetValue(domain, out flag))
{
CustomerType customerType = CustomerType.None;
Guid guid;
string text;
string text2;
UserValidationHelper.GlsSession.GetFfoTenantSettingsByDomain(domain, out guid, out text, out text2, out customerType);
flag = (customerType == CustomerType.FilteringOnly);
UserValidationHelper.filteringOnlyCache.TryInsertAbsolute(domain, flag, UserValidationHelper.DefaultAbsoluteTimeout);
ExTraceGlobals.PublicPluginAPITracer.TraceDebug(0L, "[UserValidationHelper.ValidateFilteringOnlyUser] Domain:{0} belongs to TenantId:{1}, Region:{2}, Version: {3}, CustomerType: {4}.", new object[]
{
domain,
guid,
text,
text2,
customerType
});
AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("Domain:{0} belongs to TenantId:{1}, Region:{2}, Version: {3}, CustomerType: {4}.", new object[]
{
domain,
guid,
text,
text2,
customerType
}));
}
else
{
AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("HitCache Domain: {0} is filteringOnly: {1}.", domain, flag));
}
result = flag;
}
catch (Exception ex)
{
ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>(0L, "[UserValidationHelper.ValidateFilteringOnlyUser] Exception:{0}", ex);
AuthZLogger.SafeAppendGenericError("ValidateFilteringOnlyUser", ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
result = false;
}
return(result);
}
// Token: 0x060012EA RID: 4842 RVA: 0x0003D9DC File Offset: 0x0003BBDC
private static T HandleExceptionAndRetry <T>(string methodName, Func <T> func, bool throwException, T defaultReturnValue)
{
for (int i = 0; i < 2; i++)
{
try
{
Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, int>(0L, "Retry function {0} the {1} times.", methodName, i);
return(func());
}
catch (Exception ex)
{
bool flag = ex is TransientException;
bool flag2 = AuthZPluginHelper.IsFatalException(ex);
bool flag3 = flag2 || AuthZLogHelper.ExceptionNoNeedToRetry(ex);
Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceDebug(0L, "{0} caught Exception {1}. IsTransientException = {2}. IsFatalException = {3}. NoNeedToRetry = {4}.", new object[]
{
methodName,
ex,
flag,
flag2,
flag3
});
ExEventLog.EventTuple eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_UnknownError;
if (flag)
{
eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_TransientError;
}
else if (flag2)
{
eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_FatalError;
}
TaskLogger.LogRbacEvent(eventInfo, null, new object[]
{
methodName,
ex
});
if (flag3 || i == 1)
{
if (!(ex is ADTransientException) && (flag2 || throwException))
{
throw;
}
AuthZLogHelper.LogException(ex, methodName, false);
break;
}
else
{
AuthZLogger.SafeAppendGenericInfo(methodName + "-" + ex.GetType().Name + "-Retried", ex.Message);
}
}
}
Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceError <string, T>(0L, "{0} returns default value {1}.", methodName, defaultReturnValue);
return(defaultReturnValue);
}
// Token: 0x06001273 RID: 4723 RVA: 0x0003B5D8 File Offset: 0x000397D8
internal static IIdentity GetExecutingAuthZUser(UserToken userToken)
{
Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType = userToken.AuthenticationType;
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Microsoft.Exchange.Configuration.Core.AuthenticationType>(0L, "[PswsAuthZHelper.GetExecutingAuthZUser] authenticationType = \"{0}\".", authenticationType);
IIdentity identity = HttpContext.Current.Items["X-Psws-CurrentLogonUser"] as IIdentity;
if (identity is SidOAuthIdentity)
{
AuthZLogger.SafeAppendGenericInfo("PswsLogonUser", "SidOAuthIdentity");
return(identity);
}
if (identity is WindowsTokenIdentity)
{
AuthZLogger.SafeAppendGenericInfo("PswsLogonUser", "WindowsTokenIdentity");
return(((WindowsTokenIdentity)identity).ToSerializedIdentity());
}
return(AuthZPluginHelper.ConstructAuthZUser(userToken, authenticationType));
}
// Token: 0x06001246 RID: 4678 RVA: 0x00039C60 File Offset: 0x00037E60
private bool ConnectionBlockedByClientAccessRules(PswsAuthZUserToken userToken, out string blockingRuleName)
{
blockingRuleName = null;
if (userToken.OrgId != null && VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).CmdletInfra.PswsClientAccessRulesEnabled.Enabled)
{
string blockRuleName = null;
bool result = ClientAccessRulesUtils.ShouldBlockConnection(userToken.OrgId, ClientAccessRulesUtils.GetUsernameFromADRawEntry(userToken.UserEntry), ClientAccessProtocol.PowerShellWebServices, ClientAccessRulesUtils.GetRemoteEndPointFromContext(HttpContext.Current), ClientAccessAuthenticationMethod.BasicAuthentication, userToken.UserEntry, delegate(ClientAccessRulesEvaluationContext context)
{
blockRuleName = context.CurrentRule.Name;
AuthZLogger.SafeAppendGenericError(ClientAccessRulesConstants.ClientAccessRuleName, context.CurrentRule.Name, false);
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Blocked by Client Access Rules ({0}={1})", ClientAccessRulesConstants.ClientAccessRuleName, context.CurrentRule.Name);
}, delegate(double latency)
{
if (latency > 50.0)
{
AuthZLogger.SafeAppendGenericInfo(ClientAccessRulesConstants.ClientAccessRulesLatency, latency.ToString());
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Client Access Rules latency logger ({0}={1})", ClientAccessRulesConstants.ClientAccessRulesLatency, latency.ToString());
}
});
blockingRuleName = blockRuleName;
return(result);
}
return(false);
}
private void LogCommonValues()
{
AuthZLogger.SafeSetLogger(RpsCommonMetadata.SessionId, this.sessionId);
AuthZLogger.SafeAppendGenericInfo("FirstRequestId", this.firstRequestId);
AuthZLogHelper.LogAuthZUserToken(this.currentAuthZUserToken);
}
internal static bool RevertExpiredThrottlingPolicyIfNeeded(IPowerShellBudget budget)
{
if (budget == null)
{
return(false);
}
bool result;
using (new MonitoredScope("PowerShellThrottlingPolicyUpdater", "RevertExpiredThrottlingPolicyIfNeeded", AuthZLogHelper.AuthZPerfMonitors))
{
ThrottlingPolicy throttlingPolicy = null;
try
{
throttlingPolicy = ((EffectiveThrottlingPolicy)budget.ThrottlingPolicy).ThrottlingPolicy;
Match match = Regex.Match(throttlingPolicy.Name, "^\\[(?<expiredtime>[0-9]{4}(-[0-9]{2}){2}T([0-9]{2}:){2}[0-9]{2})\\](?<orginalname>.+)", RegexOptions.Compiled);
DateTime t;
if (!match.Success)
{
result = false;
}
else if (!DateTime.TryParse(match.Groups["expiredtime"].Value, out t))
{
AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Unrecognized time format in throttling policy '{0}'.", throttlingPolicy.Name));
result = false;
}
else if (t > DateTime.UtcNow)
{
AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Throttlling policy '{0}' is not expired yet.", throttlingPolicy.Name));
result = false;
}
else
{
IConfigurationSession configuationSession = PowerShellThrottlingPolicyUpdater.GetConfiguationSession(throttlingPolicy.OrganizationId);
ThrottlingPolicy writableThrottlingPolicy = PowerShellThrottlingPolicyUpdater.GetWritableThrottlingPolicy(configuationSession, throttlingPolicy);
if (writableThrottlingPolicy == null || writableThrottlingPolicy.Name != throttlingPolicy.Name)
{
AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Throttlling policy '{0}' is updated and don't need to be expired.", throttlingPolicy.Name));
result = false;
}
else
{
string arg;
if (PowerShellThrottlingPolicyUpdater.RevertBackupThrottlingSettings(writableThrottlingPolicy, out arg))
{
writableThrottlingPolicy.Name = match.Groups["orginalname"].Value;
configuationSession.Save(writableThrottlingPolicy);
AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Revert throttling policy '{0}' to name: {1} and restore backup throttling value: {2}.", throttlingPolicy.Name, writableThrottlingPolicy.Name, arg));
}
else
{
PowerShellThrottlingPolicyUpdater.ClearThrottlingPolicyAssoicate(PowerShellThrottlingPolicyUpdater.GetRecipientSession(throttlingPolicy.OrganizationId), throttlingPolicy);
configuationSession.Delete(writableThrottlingPolicy);
AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Delete throttling policy '{0}' and clear associates with it.", throttlingPolicy.Name));
}
result = true;
}
}
}
catch (TransientException arg2)
{
AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Occur transient exception on revert throttling policy '{0}': {1}", (throttlingPolicy != null) ? throttlingPolicy.Name : string.Empty, arg2));
result = false;
}
catch (Exception ex)
{
AuthZLogger.SafeAppendGenericError("PowerShellThrottlingPolicyUpdater", string.Format("Error on revert throttling policy '{0}': {1}", (throttlingPolicy != null) ? throttlingPolicy.Name : string.Empty, ex), KnownException.IsUnhandledException(ex));
result = false;
}
}
return(result);
}
