private static byte[] SerializeAclTableAndSecurityDecscriptor(FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD)
{
if (aclTableAndSD.SecurityDescriptor != null && aclTableAndSD.SecurityDescriptor.BinaryForm != null && aclTableAndSD.SecurityDescriptor.BinaryForm.Length > 31744)
{
ExTraceGlobals.StorageTracer.TraceError <int>(0L, "Folder SD exceeds allowed size: {0}", aclTableAndSD.SecurityDescriptor.BinaryForm.Length);
throw new ACLTooBigException();
}
if (aclTableAndSD.FreeBusySecurityDescriptor != null && aclTableAndSD.FreeBusySecurityDescriptor.BinaryForm != null && aclTableAndSD.FreeBusySecurityDescriptor.BinaryForm.Length > 31744)
{
ExTraceGlobals.StorageTracer.TraceError <int>(0L, "Folder F/B SD exceeds allowed size: {0}", aclTableAndSD.FreeBusySecurityDescriptor.BinaryForm.Length);
throw new ACLTooBigException();
}
return(aclTableAndSD.Serialize());
}
private void Save()
{
List <FolderSecurity.SecurityIdentifierAndFolderRights> list = new List <FolderSecurity.SecurityIdentifierAndFolderRights>(this.tableEntries.Count);
foreach (AclTableEntry aclTableEntry in this.tableEntries)
{
list.Add(new FolderSecurity.SecurityIdentifierAndFolderRights(aclTableEntry.SecurityIdentifier, (FolderSecurity.ExchangeFolderRights)aclTableEntry.MemberRights, aclTableEntry.IsGroup ? FolderSecurity.SecurityIdentifierType.Group : FolderSecurity.SecurityIdentifierType.User));
aclTableEntry.MemberRights = (MemberRights)FolderSecurity.NormalizeFolderRights((FolderSecurity.ExchangeFolderRights)aclTableEntry.MemberRights);
}
byte[] array = AclModifyTable.SerializeTableEntries(this.tableEntries);
RawAcl rawAcl = FolderSecurity.AnnotatedAceList.BuildFolderCanonicalAceList(list);
if (this.securityDescriptor != null)
{
this.securityDescriptor.DiscretionaryAcl = rawAcl;
}
else
{
this.securityDescriptor = FolderSecurity.AclTableAndSecurityDescriptorProperty.CreateFolderSecurityDescriptor(rawAcl).ToRawSecurityDescriptorThrow();
}
RawAcl rawAcl2 = FolderSecurity.AnnotatedAceList.BuildFreeBusyCanonicalAceList(list);
if (this.freeBusySecurityDescriptor != null)
{
this.freeBusySecurityDescriptor.DiscretionaryAcl = rawAcl2;
}
else if ((this.options & ModifyTableOptions.FreeBusyAware) == ModifyTableOptions.FreeBusyAware)
{
this.freeBusySecurityDescriptor = FolderSecurity.AclTableAndSecurityDescriptorProperty.CreateFolderSecurityDescriptor(rawAcl2).ToRawSecurityDescriptorThrow();
}
Dictionary <SecurityIdentifier, FolderSecurity.SecurityIdentifierType> dictionary = new Dictionary <SecurityIdentifier, FolderSecurity.SecurityIdentifierType>(list.Count);
foreach (FolderSecurity.SecurityIdentifierAndFolderRights securityIdentifierAndFolderRights in list)
{
if (dictionary.ContainsKey(securityIdentifierAndFolderRights.SecurityIdentifier))
{
throw new InvalidParamException(new LocalizedString(string.Format("SID {0} is not unique.", securityIdentifierAndFolderRights.SecurityIdentifier)));
}
dictionary.Add(securityIdentifierAndFolderRights.SecurityIdentifier, securityIdentifierAndFolderRights.SecurityIdentifierType);
}
FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD = new FolderSecurity.AclTableAndSecurityDescriptorProperty(new ArraySegment <byte>(array), dictionary, SecurityDescriptor.FromRawSecurityDescriptor(this.securityDescriptor), SecurityDescriptor.FromRawSecurityDescriptor(this.freeBusySecurityDescriptor));
this.coreFolder.OnBeforeFolderSave();
AclModifyTable.WriteFolderAclTable(this.coreFolder, AclModifyTable.SerializeAclTableAndSecurityDecscriptor(aclTableAndSD));
this.coreFolder.OnAfterFolderSave();
}
private void Load()
{
FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSecurityDescriptorProperty = AclModifyTable.ReadAclTableAndSecurityDescriptor(this.coreFolder.PropertyBag);
if (aclTableAndSecurityDescriptorProperty.SecurityDescriptor == null)
{
return;
}
this.securityDescriptor = aclTableAndSecurityDescriptorProperty.SecurityDescriptor.ToRawSecurityDescriptorThrow();
this.freeBusySecurityDescriptor = ((aclTableAndSecurityDescriptorProperty.FreeBusySecurityDescriptor != null) ? aclTableAndSecurityDescriptorProperty.FreeBusySecurityDescriptor.ToRawSecurityDescriptorThrow() : null);
List <AclTableEntry> list = null;
if (aclTableAndSecurityDescriptorProperty.SerializedAclTable.Count != 0 && !this.useSecurityDescriptorOnly)
{
list = this.ParseTableEntries(aclTableAndSecurityDescriptorProperty.SerializedAclTable);
}
if (list == null)
{
bool flag;
string canonicalErrorInformation;
this.tableEntries = this.BuildAclTableFromSecurityDescriptor(out flag, out canonicalErrorInformation);
if (!flag && (this.options & ModifyTableOptions.ExtendedPermissionInformation) == ModifyTableOptions.ExtendedPermissionInformation)
{
ExTraceGlobals.StorageTracer.TraceError(0L, "Cannot build blob ACL table blob with non-canonical SD");
throw new NonCanonicalACLException(canonicalErrorInformation);
}
}
else
{
this.tableEntries = list;
}
if (this.tableEntries.Count == 0 || this.tableEntries[0].MemberId != 0L)
{
MemberRights rights = (this.freeBusySecurityDescriptor == null) ? MemberRights.FreeBusySimple : MemberRights.None;
this.tableEntries.Insert(0, AclModifyTable.BuildEveryoneDefaultEntry(rights));
}
}
public static byte[] BuildAclTableBlob(StoreSession session, RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor)
{
IRecipientSession adrecipientSession = session.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid);
ExternalUserCollection externalUserCollectionToDispose = null;
bool flag;
string canonicalErrorInformation;
List <AclTableEntry> source;
try
{
source = AclModifyTable.BuildAclTableFromSecurityDescriptor(securityDescriptor, freeBusySecurityDescriptor, new LazilyInitialized <ExternalUserCollection>(delegate()
{
MailboxSession mailboxSession = session as MailboxSession;
externalUserCollectionToDispose = ((mailboxSession != null) ? mailboxSession.GetExternalUsers() : null);
return(externalUserCollectionToDispose);
}), adrecipientSession, new AclTableIdMap(), out flag, out canonicalErrorInformation);
}
finally
{
Util.DisposeIfPresent(externalUserCollectionToDispose);
}
if (!flag)
{
ExTraceGlobals.StorageTracer.TraceError(0L, "Cannot build blob ACL table blob with non-canonical SD");
throw new NonCanonicalACLException(canonicalErrorInformation);
}
FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD = new FolderSecurity.AclTableAndSecurityDescriptorProperty(new ArraySegment <byte>(AclModifyTable.SerializeTableEntries(source)), source.ToDictionary((AclTableEntry tableEntry) => tableEntry.SecurityIdentifier, delegate(AclTableEntry tableEntry)
{
if (!tableEntry.IsGroup)
{
return(FolderSecurity.SecurityIdentifierType.User);
}
return(FolderSecurity.SecurityIdentifierType.Group);
}), SecurityDescriptor.FromRawSecurityDescriptor(securityDescriptor), SecurityDescriptor.FromRawSecurityDescriptor(freeBusySecurityDescriptor));
return(AclModifyTable.SerializeAclTableAndSecurityDecscriptor(aclTableAndSD));
}
public static void SetFolderFreeBusySecurityDescriptor(CoreFolder folder, RawSecurityDescriptor freeBusySecurityDescriptor)
{
FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSecurityDescriptorProperty = AclModifyTable.ReadAclTableAndSecurityDescriptor(folder.PropertyBag);
byte[] propertyToSet = AclModifyTable.BuildAclTableBlob(folder.Session, (aclTableAndSecurityDescriptorProperty.SecurityDescriptor != null) ? aclTableAndSecurityDescriptorProperty.SecurityDescriptor.ToRawSecurityDescriptorThrow() : null, freeBusySecurityDescriptor);
AclModifyTable.WriteFolderAclTable(folder, propertyToSet);
}
