// Token: 0x06000D6E RID: 3438 RVA: 0x00049944 File Offset: 0x00047B44
public OofSetting(XmlNode request, XmlNode response, MailboxSession mailboxSession, DeviceAccessState currentAccessState, ProtocolLogger protocolLogger) : base(request, response, protocolLogger)
{
this.mailboxSession = mailboxSession;
this.verbResponseNodes = new List <XmlNode>();
this.currentAccessState = currentAccessState;
}
private static bool ParsePolicyEvaluationStatusToAccessState(string evalPolicyStatus, out DeviceAccessState accessState, out DeviceAccessStateReason accessReason)
{
accessState = DeviceAccessState.Unknown;
accessReason = DeviceAccessStateReason.ExternallyManaged;
bool result = true;
DeviceQueryStatus deviceQueryStatus;
if (!Enum.TryParse <DeviceQueryStatus>(evalPolicyStatus, out deviceQueryStatus))
{
deviceQueryStatus = DeviceQueryStatus.Unknown;
AirSyncDiagnostics.TraceDebug <string>(ExTraceGlobals.RequestsTracer, 0, "Invalid status returned by graph query {0} ", evalPolicyStatus);
}
switch (deviceQueryStatus)
{
case DeviceQueryStatus.Success:
accessState = DeviceAccessState.Allowed;
break;
case DeviceQueryStatus.DeviceNotFound:
case DeviceQueryStatus.DeviceNotManaged:
accessState = DeviceAccessState.Quarantined;
accessReason = DeviceAccessStateReason.ExternalEnrollment;
break;
case DeviceQueryStatus.DeviceNotCompliant:
accessState = DeviceAccessState.Quarantined;
accessReason = DeviceAccessStateReason.ExternalCompliance;
break;
case DeviceQueryStatus.DeviceNotEnabled:
result = false;
accessState = DeviceAccessState.Blocked;
break;
case DeviceQueryStatus.PolicyEvaluationFailure:
accessState = DeviceAccessState.Blocked;
break;
default:
throw new ArgumentException(string.Format("Invalid device status returned by AAD. {0}", evalPolicyStatus));
}
return(result);
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
bool flag = this.principal.RecipientTypeDetails == RecipientTypeDetails.MonitoringMailbox;
try
{
this.mailboxSession = MailboxSession.OpenAsAdmin(this.principal, CultureInfo.InvariantCulture, "Client=Management;Action=Get-MobileDeviceStatistics");
List <DeviceInfo> list = new List <DeviceInfo>();
if (base.Fields["ActiveSync"] == null && base.Fields["OWAforDevices"] == null)
{
base.Fields["ActiveSync"] = new SwitchParameter(true);
base.Fields["OWAforDevices"] = new SwitchParameter(true);
}
else if (base.Fields["ActiveSync"] == null)
{
if (this.OWAforDevices == false)
{
base.Fields["ActiveSync"] = new SwitchParameter(true);
}
}
else if (base.Fields["OWAforDevices"] == null && this.ActiveSync == false)
{
base.Fields["OWAforDevices"] = new SwitchParameter(true);
}
if (this.ActiveSync == true)
{
DeviceInfo[] allDeviceInfo = DeviceInfo.GetAllDeviceInfo(this.mailboxSession, MobileClientType.EAS);
if (allDeviceInfo != null)
{
list.AddRange(allDeviceInfo);
}
}
if (this.OWAforDevices == true)
{
DeviceInfo[] allDeviceInfo2 = DeviceInfo.GetAllDeviceInfo(this.mailboxSession, MobileClientType.MOWA);
if (allDeviceInfo2 != null)
{
list.AddRange(allDeviceInfo2);
}
}
if (list != null)
{
List <MobileDevice> allMobileDevices = this.GetAllMobileDevices();
int num = 0;
using (List <DeviceInfo> .Enumerator enumerator = list.GetEnumerator())
{
while (enumerator.MoveNext())
{
DeviceInfo deviceInfo = enumerator.Current;
if (deviceInfo.DeviceADObjectId != null && ADObjectId.Equals(deviceInfo.UserADObjectId, this.principal.ObjectId))
{
MobileDevice mobileDevice = allMobileDevices.Find((MobileDevice currentDevice) => currentDevice.DeviceId.Equals(deviceInfo.DeviceIdentity.DeviceId));
if (mobileDevice != null)
{
num++;
this.deviceConfiguration = this.CreateDeviceConfiguration(deviceInfo);
if (this.Identity != null)
{
TIdentity identity = this.Identity;
if (!identity.InternalADObjectId.Equals(this.deviceConfiguration.Identity))
{
continue;
}
}
if (mobileDevice != null && this.deviceConfiguration.DeviceAccessStateReason < DeviceAccessStateReason.UserAgentsChanges && mobileDevice.ClientType == MobileClientType.EAS)
{
if (!flag)
{
DeviceAccessState deviceAccessState = DeviceAccessState.Unknown;
DeviceAccessStateReason deviceAccessStateReason = DeviceAccessStateReason.Unknown;
ADObjectId deviceAccessControlRule = null;
bool flag2 = false;
if (mobileDevice.OrganizationId != OrganizationId.ForestWideOrgId && (mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Individual || mobileDevice.DeviceAccessState != DeviceAccessState.Blocked) && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Policy)
{
Command.DetermineDeviceAccessState(this.LoadAbq(OrganizationId.ForestWideOrgId), mobileDevice.DeviceType, mobileDevice.DeviceModel, mobileDevice.DeviceUserAgent, mobileDevice.DeviceOS, out deviceAccessState, out deviceAccessStateReason, out deviceAccessControlRule);
if (deviceAccessState == DeviceAccessState.Blocked)
{
mobileDevice.DeviceAccessState = deviceAccessState;
mobileDevice.DeviceAccessStateReason = deviceAccessStateReason;
mobileDevice.DeviceAccessControlRule = deviceAccessControlRule;
flag2 = true;
}
}
if (!flag2 && mobileDevice.DeviceAccessState != DeviceAccessState.DeviceDiscovery && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Individual && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Upgrade && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Policy)
{
Command.DetermineDeviceAccessState(this.LoadAbq(mobileDevice.OrganizationId), mobileDevice.DeviceType, mobileDevice.DeviceModel, mobileDevice.DeviceUserAgent, mobileDevice.DeviceOS, out deviceAccessState, out deviceAccessStateReason, out deviceAccessControlRule);
mobileDevice.DeviceAccessState = deviceAccessState;
mobileDevice.DeviceAccessStateReason = deviceAccessStateReason;
mobileDevice.DeviceAccessControlRule = deviceAccessControlRule;
}
}
this.deviceConfiguration.DeviceAccessState = mobileDevice.DeviceAccessState;
this.deviceConfiguration.DeviceAccessStateReason = mobileDevice.DeviceAccessStateReason;
this.deviceConfiguration.DeviceAccessControlRule = mobileDevice.DeviceAccessControlRule;
}
if (this.ShowRecoveryPassword == false)
{
this.deviceConfiguration.RecoveryPassword = "******";
}
if (this.GetMailboxLog)
{
this.deviceConfiguration.MailboxLogReport = deviceInfo.GetOrCreateMailboxLogReport(this.mailboxSession);
}
base.WriteObject(this.deviceConfiguration);
if (this.Identity != null)
{
this.ProcessMailboxLogger(new DeviceInfo[]
{
deviceInfo
});
}
}
}
}
}
if (this.Identity == null)
{
this.ProcessMailboxLogger(list.ToArray());
}
if (num > 0)
{
using (IBudget budget = StandardBudget.Acquire(this.mailboxSession.MailboxOwner.Sid, BudgetType.Eas, this.mailboxSession.GetADSessionSettings()))
{
if (budget != null)
{
IThrottlingPolicy throttlingPolicy = budget.ThrottlingPolicy;
if (throttlingPolicy != null && !throttlingPolicy.EasMaxDevices.IsUnlimited && (long)num >= (long)((ulong)throttlingPolicy.EasMaxDevices.Value))
{
this.WriteWarning((num == 1) ? Strings.MaxDevicesReachedSingular(throttlingPolicy.EasMaxDevices.Value) : Strings.MaxDevicesReached(num, throttlingPolicy.EasMaxDevices.Value));
}
}
}
}
}
}
catch (StorageTransientException ex)
{
TaskLogger.LogError(ex);
base.WriteError(ex, ErrorCategory.ReadError, this.principal);
}
catch (StoragePermanentException ex2)
{
TaskLogger.LogError(ex2);
base.WriteError(ex2, ErrorCategory.InvalidOperation, this.principal);
}
finally
{
if (this.mailboxSession != null)
{
this.mailboxSession.Dispose();
}
TaskLogger.LogExit();
}
}
internal static bool GetDeviceStatus(OrganizationId orgId, string deviceID, string externalUserObjectId, bool isSupportedDevice, out DeviceAccessState accessState, out DeviceAccessStateReason accessReason)
{
bool flag = false;
bool flag2 = true;
accessState = DeviceAccessState.Unknown;
accessReason = DeviceAccessStateReason.Unknown;
string text = string.Empty;
try
{
if (!GlobalSettings.DisableDeviceHealthStatusCache && GraphApiHelper.deviceComplianceStatusCache.Value.TryGetValue(GraphApiHelper.GetCacheKey(externalUserObjectId, deviceID), out text))
{
flag = true;
flag2 = GraphApiHelper.ParsePolicyEvaluationStatusToAccessState(text, out accessState, out accessReason);
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, 0, "Retrieved device status from Cache. AccessState:{1}, AccessReason:{2}, IsEnabled:{3}, DeviceStatus:{0}, ", new object[]
{
accessState,
accessReason,
flag2,
text
});
return(flag2);
}
IAadClient aadClient = null;
if (!GraphApiHelper.aadClients.ContainsKey(orgId))
{
lock (GraphApiHelper.lockObject)
{
if (!GraphApiHelper.aadClients.ContainsKey(orgId))
{
aadClient = GraphApiHelper.CreateAadClient(orgId, GraphProxyVersions.Version142);
if (!GlobalSettings.DisableAadClientCache && aadClient != null)
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, 0, "Added AADClient to cache.");
GraphApiHelper.aadClients.Add(orgId, aadClient);
}
}
}
}
if (aadClient == null)
{
if (!GraphApiHelper.aadClients.ContainsKey(orgId))
{
throw new InvalidOperationException(string.Format("Failed to create AAD client for Org {0}", orgId));
}
aadClient = GraphApiHelper.aadClients[orgId];
}
text = aadClient.EvaluateAuthPolicy(deviceID, externalUserObjectId, isSupportedDevice);
flag2 = GraphApiHelper.ParsePolicyEvaluationStatusToAccessState(text, out accessState, out accessReason);
TimeSpan expiration = (accessState == DeviceAccessState.Allowed) ? GlobalSettings.DeviceStatusCacheExpirationInterval : GlobalSettings.NegativeDeviceStatusCacheExpirationInterval;
if (!GlobalSettings.DisableDeviceHealthStatusCache && !GraphApiHelper.deviceComplianceStatusCache.Value.TryAddAbsolute(GraphApiHelper.GetCacheKey(externalUserObjectId, deviceID), text, expiration))
{
AirSyncDiagnostics.TraceDebug <OrganizationId, string, string>(ExTraceGlobals.RequestsTracer, 0, "Failed to Add deviceStatus {1} to Device Status Cache for user {2}. UserId:{0} ", orgId, text, externalUserObjectId);
}
if (Command.CurrentCommand != null)
{
Command.CurrentCommand.ProtocolLogger.AppendValue(ProtocolLoggerData.GraphApiCallData, string.Format("msg:{0}", text));
}
}
catch (AADException ex)
{
AADDataException ex2 = ex as AADDataException;
string text2 = (ex2 != null) ? ex2.Code.ToString() : "n/a";
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, "0", "Exception retrieving deviceStatus for device:{0}, user:{1},OrgId:{2},ErrorCode:{3},Message:{4} ", new object[]
{
deviceID,
externalUserObjectId,
orgId,
text2,
ex.Message
});
if (Command.CurrentCommand != null)
{
if (ex2 != null)
{
Command.CurrentCommand.ProtocolLogger.AppendValue(ProtocolLoggerData.Error, text2);
}
AirSyncUtility.LogCompressedStackTrace(ex, Command.CurrentCommand.Context);
}
throw new AirSyncPermanentException(HttpStatusCode.InternalServerError, StatusCode.ServerError, ex, false);
}
finally
{
if (Command.CurrentCommand != null)
{
Command.CurrentCommand.ProtocolLogger.AppendValue(ProtocolLoggerData.GraphApiCallData, string.Format("cu:{0}", flag ? "F" : "T"));
Command.CurrentCommand.ProtocolLogger.AppendValue(ProtocolLoggerData.GraphApiCallData, string.Format("deviceStatus", text));
}
}
return(flag2);
}
protected override void WriteResult(IConfigurable dataObject)
{
MobileDevice mobileDevice = dataObject as MobileDevice;
if (!this.ShouldShowMobileDevice(mobileDevice))
{
return;
}
ADObjectId orgContainerId = this.ConfigurationSession.GetOrgContainerId();
for (ADObjectId adobjectId = mobileDevice.Id; adobjectId != null; adobjectId = adobjectId.Parent)
{
if (ADObjectId.Equals(adobjectId, orgContainerId))
{
return;
}
}
bool flag = string.Equals("EASProbeDeviceType", mobileDevice.DeviceType, StringComparison.OrdinalIgnoreCase);
if (this.Monitoring)
{
if (!flag)
{
return;
}
}
else
{
if (flag)
{
return;
}
DeviceAccessState deviceAccessState = DeviceAccessState.Unknown;
DeviceAccessStateReason deviceAccessStateReason = DeviceAccessStateReason.Unknown;
ADObjectId deviceAccessControlRule = null;
bool flag2 = false;
if (mobileDevice != null && mobileDevice.OrganizationId != OrganizationId.ForestWideOrgId && (mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Individual || mobileDevice.DeviceAccessState != DeviceAccessState.Blocked) && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Policy && mobileDevice.DeviceAccessStateReason < DeviceAccessStateReason.UserAgentsChanges)
{
Command.DetermineDeviceAccessState(this.LoadAbq(OrganizationId.ForestWideOrgId), mobileDevice.DeviceType, mobileDevice.DeviceModel, mobileDevice.DeviceUserAgent, mobileDevice.DeviceOS, out deviceAccessState, out deviceAccessStateReason, out deviceAccessControlRule);
if (deviceAccessState == DeviceAccessState.Blocked)
{
mobileDevice.DeviceAccessState = deviceAccessState;
mobileDevice.DeviceAccessStateReason = deviceAccessStateReason;
mobileDevice.DeviceAccessControlRule = deviceAccessControlRule;
flag2 = true;
if (this.IsFilteringByDeviceAccess() && !this.IsInFilter(mobileDevice))
{
return;
}
}
}
if (!flag2 && mobileDevice != null && mobileDevice.DeviceAccessState != DeviceAccessState.DeviceDiscovery && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Individual && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Upgrade && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Policy && mobileDevice.DeviceAccessStateReason < DeviceAccessStateReason.UserAgentsChanges)
{
Command.DetermineDeviceAccessState(this.LoadAbq(mobileDevice.OrganizationId), mobileDevice.DeviceType, mobileDevice.DeviceModel, mobileDevice.DeviceUserAgent, mobileDevice.DeviceOS, out deviceAccessState, out deviceAccessStateReason, out deviceAccessControlRule);
mobileDevice.DeviceAccessState = deviceAccessState;
mobileDevice.DeviceAccessStateReason = deviceAccessStateReason;
mobileDevice.DeviceAccessControlRule = deviceAccessControlRule;
}
}
if (base.Fields["ActiveSync"] == null && base.Fields["OWAforDevices"] == null)
{
base.Fields["ActiveSync"] = new SwitchParameter(true);
base.Fields["OWAforDevices"] = new SwitchParameter(true);
}
else if (base.Fields["ActiveSync"] == null)
{
if (this.OWAforDevices == false)
{
base.Fields["ActiveSync"] = new SwitchParameter(true);
}
}
else if (base.Fields["OWAforDevices"] == null && this.ActiveSync == false)
{
base.Fields["OWAforDevices"] = new SwitchParameter(true);
}
if ((!this.ActiveSync || mobileDevice.ClientType != MobileClientType.EAS) && (!this.OWAforDevices || mobileDevice.ClientType != MobileClientType.MOWA))
{
return;
}
if (mobileDevice.ClientType == MobileClientType.MOWA)
{
MobileDevice mobileDevice2 = mobileDevice;
string format = Strings.MOWADeviceTypePrefix;
string arg;
if ((arg = mobileDevice.DeviceType) == null)
{
arg = (mobileDevice.DeviceModel ?? mobileDevice.DeviceOS);
}
mobileDevice2.DeviceType = string.Format(format, arg);
}
if (this.IsFilteringByDeviceAccess() && !this.IsInFilter(mobileDevice))
{
return;
}
base.WriteResult(dataObject);
}
