internal static bool ValidateFilteringOnlyUser(string domain, string username) { if (string.IsNullOrEmpty(domain) || !VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).CmdletInfra.ValidateFilteringOnlyUser.Enabled) { return(false); } if (username.EndsWith(".exchangemon.net", StringComparison.InvariantCultureIgnoreCase)) { AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("Bypass monitoring account {0} check.", username)); return(false); } bool result; try { bool flag = false; domain = domain.ToLower(); if (!UserValidationHelper.filteringOnlyCache.TryGetValue(domain, out flag)) { CustomerType customerType = CustomerType.None; Guid guid; string text; string text2; UserValidationHelper.GlsSession.GetFfoTenantSettingsByDomain(domain, out guid, out text, out text2, out customerType); flag = (customerType == CustomerType.FilteringOnly); UserValidationHelper.filteringOnlyCache.TryInsertAbsolute(domain, flag, UserValidationHelper.DefaultAbsoluteTimeout); ExTraceGlobals.PublicPluginAPITracer.TraceDebug(0L, "[UserValidationHelper.ValidateFilteringOnlyUser] Domain:{0} belongs to TenantId:{1}, Region:{2}, Version: {3}, CustomerType: {4}.", new object[] { domain, guid, text, text2, customerType }); AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("Domain:{0} belongs to TenantId:{1}, Region:{2}, Version: {3}, CustomerType: {4}.", new object[] { domain, guid, text, text2, customerType })); } else { AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("HitCache Domain: {0} is filteringOnly: {1}.", domain, flag)); } result = flag; } catch (Exception ex) { ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>(0L, "[UserValidationHelper.ValidateFilteringOnlyUser] Exception:{0}", ex); AuthZLogger.SafeAppendGenericError("ValidateFilteringOnlyUser", ex, new Func <Exception, bool>(KnownException.IsUnhandledException)); result = false; } return(result); }
// Token: 0x060012EA RID: 4842 RVA: 0x0003D9DC File Offset: 0x0003BBDC private static T HandleExceptionAndRetry <T>(string methodName, Func <T> func, bool throwException, T defaultReturnValue) { for (int i = 0; i < 2; i++) { try { Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, int>(0L, "Retry function {0} the {1} times.", methodName, i); return(func()); } catch (Exception ex) { bool flag = ex is TransientException; bool flag2 = AuthZPluginHelper.IsFatalException(ex); bool flag3 = flag2 || AuthZLogHelper.ExceptionNoNeedToRetry(ex); Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceDebug(0L, "{0} caught Exception {1}. IsTransientException = {2}. IsFatalException = {3}. NoNeedToRetry = {4}.", new object[] { methodName, ex, flag, flag2, flag3 }); ExEventLog.EventTuple eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_UnknownError; if (flag) { eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_TransientError; } else if (flag2) { eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_FatalError; } TaskLogger.LogRbacEvent(eventInfo, null, new object[] { methodName, ex }); if (flag3 || i == 1) { if (!(ex is ADTransientException) && (flag2 || throwException)) { throw; } AuthZLogHelper.LogException(ex, methodName, false); break; } else { AuthZLogger.SafeAppendGenericInfo(methodName + "-" + ex.GetType().Name + "-Retried", ex.Message); } } } Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceError <string, T>(0L, "{0} returns default value {1}.", methodName, defaultReturnValue); return(defaultReturnValue); }
// Token: 0x06001273 RID: 4723 RVA: 0x0003B5D8 File Offset: 0x000397D8 internal static IIdentity GetExecutingAuthZUser(UserToken userToken) { Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType = userToken.AuthenticationType; ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Microsoft.Exchange.Configuration.Core.AuthenticationType>(0L, "[PswsAuthZHelper.GetExecutingAuthZUser] authenticationType = \"{0}\".", authenticationType); IIdentity identity = HttpContext.Current.Items["X-Psws-CurrentLogonUser"] as IIdentity; if (identity is SidOAuthIdentity) { AuthZLogger.SafeAppendGenericInfo("PswsLogonUser", "SidOAuthIdentity"); return(identity); } if (identity is WindowsTokenIdentity) { AuthZLogger.SafeAppendGenericInfo("PswsLogonUser", "WindowsTokenIdentity"); return(((WindowsTokenIdentity)identity).ToSerializedIdentity()); } return(AuthZPluginHelper.ConstructAuthZUser(userToken, authenticationType)); }
// Token: 0x06001246 RID: 4678 RVA: 0x00039C60 File Offset: 0x00037E60 private bool ConnectionBlockedByClientAccessRules(PswsAuthZUserToken userToken, out string blockingRuleName) { blockingRuleName = null; if (userToken.OrgId != null && VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).CmdletInfra.PswsClientAccessRulesEnabled.Enabled) { string blockRuleName = null; bool result = ClientAccessRulesUtils.ShouldBlockConnection(userToken.OrgId, ClientAccessRulesUtils.GetUsernameFromADRawEntry(userToken.UserEntry), ClientAccessProtocol.PowerShellWebServices, ClientAccessRulesUtils.GetRemoteEndPointFromContext(HttpContext.Current), ClientAccessAuthenticationMethod.BasicAuthentication, userToken.UserEntry, delegate(ClientAccessRulesEvaluationContext context) { blockRuleName = context.CurrentRule.Name; AuthZLogger.SafeAppendGenericError(ClientAccessRulesConstants.ClientAccessRuleName, context.CurrentRule.Name, false); ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Blocked by Client Access Rules ({0}={1})", ClientAccessRulesConstants.ClientAccessRuleName, context.CurrentRule.Name); }, delegate(double latency) { if (latency > 50.0) { AuthZLogger.SafeAppendGenericInfo(ClientAccessRulesConstants.ClientAccessRulesLatency, latency.ToString()); ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Client Access Rules latency logger ({0}={1})", ClientAccessRulesConstants.ClientAccessRulesLatency, latency.ToString()); } }); blockingRuleName = blockRuleName; return(result); } return(false); }
private void LogCommonValues() { AuthZLogger.SafeSetLogger(RpsCommonMetadata.SessionId, this.sessionId); AuthZLogger.SafeAppendGenericInfo("FirstRequestId", this.firstRequestId); AuthZLogHelper.LogAuthZUserToken(this.currentAuthZUserToken); }
internal static bool RevertExpiredThrottlingPolicyIfNeeded(IPowerShellBudget budget) { if (budget == null) { return(false); } bool result; using (new MonitoredScope("PowerShellThrottlingPolicyUpdater", "RevertExpiredThrottlingPolicyIfNeeded", AuthZLogHelper.AuthZPerfMonitors)) { ThrottlingPolicy throttlingPolicy = null; try { throttlingPolicy = ((EffectiveThrottlingPolicy)budget.ThrottlingPolicy).ThrottlingPolicy; Match match = Regex.Match(throttlingPolicy.Name, "^\\[(?<expiredtime>[0-9]{4}(-[0-9]{2}){2}T([0-9]{2}:){2}[0-9]{2})\\](?<orginalname>.+)", RegexOptions.Compiled); DateTime t; if (!match.Success) { result = false; } else if (!DateTime.TryParse(match.Groups["expiredtime"].Value, out t)) { AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Unrecognized time format in throttling policy '{0}'.", throttlingPolicy.Name)); result = false; } else if (t > DateTime.UtcNow) { AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Throttlling policy '{0}' is not expired yet.", throttlingPolicy.Name)); result = false; } else { IConfigurationSession configuationSession = PowerShellThrottlingPolicyUpdater.GetConfiguationSession(throttlingPolicy.OrganizationId); ThrottlingPolicy writableThrottlingPolicy = PowerShellThrottlingPolicyUpdater.GetWritableThrottlingPolicy(configuationSession, throttlingPolicy); if (writableThrottlingPolicy == null || writableThrottlingPolicy.Name != throttlingPolicy.Name) { AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Throttlling policy '{0}' is updated and don't need to be expired.", throttlingPolicy.Name)); result = false; } else { string arg; if (PowerShellThrottlingPolicyUpdater.RevertBackupThrottlingSettings(writableThrottlingPolicy, out arg)) { writableThrottlingPolicy.Name = match.Groups["orginalname"].Value; configuationSession.Save(writableThrottlingPolicy); AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Revert throttling policy '{0}' to name: {1} and restore backup throttling value: {2}.", throttlingPolicy.Name, writableThrottlingPolicy.Name, arg)); } else { PowerShellThrottlingPolicyUpdater.ClearThrottlingPolicyAssoicate(PowerShellThrottlingPolicyUpdater.GetRecipientSession(throttlingPolicy.OrganizationId), throttlingPolicy); configuationSession.Delete(writableThrottlingPolicy); AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Delete throttling policy '{0}' and clear associates with it.", throttlingPolicy.Name)); } result = true; } } } catch (TransientException arg2) { AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Occur transient exception on revert throttling policy '{0}': {1}", (throttlingPolicy != null) ? throttlingPolicy.Name : string.Empty, arg2)); result = false; } catch (Exception ex) { AuthZLogger.SafeAppendGenericError("PowerShellThrottlingPolicyUpdater", string.Format("Error on revert throttling policy '{0}': {1}", (throttlingPolicy != null) ? throttlingPolicy.Name : string.Empty, ex), KnownException.IsUnhandledException(ex)); result = false; } } return(result); }