private static byte[] SerializeAclTableAndSecurityDecscriptor(FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD) { if (aclTableAndSD.SecurityDescriptor != null && aclTableAndSD.SecurityDescriptor.BinaryForm != null && aclTableAndSD.SecurityDescriptor.BinaryForm.Length > 31744) { ExTraceGlobals.StorageTracer.TraceError <int>(0L, "Folder SD exceeds allowed size: {0}", aclTableAndSD.SecurityDescriptor.BinaryForm.Length); throw new ACLTooBigException(); } if (aclTableAndSD.FreeBusySecurityDescriptor != null && aclTableAndSD.FreeBusySecurityDescriptor.BinaryForm != null && aclTableAndSD.FreeBusySecurityDescriptor.BinaryForm.Length > 31744) { ExTraceGlobals.StorageTracer.TraceError <int>(0L, "Folder F/B SD exceeds allowed size: {0}", aclTableAndSD.FreeBusySecurityDescriptor.BinaryForm.Length); throw new ACLTooBigException(); } return(aclTableAndSD.Serialize()); }
private void Save() { List <FolderSecurity.SecurityIdentifierAndFolderRights> list = new List <FolderSecurity.SecurityIdentifierAndFolderRights>(this.tableEntries.Count); foreach (AclTableEntry aclTableEntry in this.tableEntries) { list.Add(new FolderSecurity.SecurityIdentifierAndFolderRights(aclTableEntry.SecurityIdentifier, (FolderSecurity.ExchangeFolderRights)aclTableEntry.MemberRights, aclTableEntry.IsGroup ? FolderSecurity.SecurityIdentifierType.Group : FolderSecurity.SecurityIdentifierType.User)); aclTableEntry.MemberRights = (MemberRights)FolderSecurity.NormalizeFolderRights((FolderSecurity.ExchangeFolderRights)aclTableEntry.MemberRights); } byte[] array = AclModifyTable.SerializeTableEntries(this.tableEntries); RawAcl rawAcl = FolderSecurity.AnnotatedAceList.BuildFolderCanonicalAceList(list); if (this.securityDescriptor != null) { this.securityDescriptor.DiscretionaryAcl = rawAcl; } else { this.securityDescriptor = FolderSecurity.AclTableAndSecurityDescriptorProperty.CreateFolderSecurityDescriptor(rawAcl).ToRawSecurityDescriptorThrow(); } RawAcl rawAcl2 = FolderSecurity.AnnotatedAceList.BuildFreeBusyCanonicalAceList(list); if (this.freeBusySecurityDescriptor != null) { this.freeBusySecurityDescriptor.DiscretionaryAcl = rawAcl2; } else if ((this.options & ModifyTableOptions.FreeBusyAware) == ModifyTableOptions.FreeBusyAware) { this.freeBusySecurityDescriptor = FolderSecurity.AclTableAndSecurityDescriptorProperty.CreateFolderSecurityDescriptor(rawAcl2).ToRawSecurityDescriptorThrow(); } Dictionary <SecurityIdentifier, FolderSecurity.SecurityIdentifierType> dictionary = new Dictionary <SecurityIdentifier, FolderSecurity.SecurityIdentifierType>(list.Count); foreach (FolderSecurity.SecurityIdentifierAndFolderRights securityIdentifierAndFolderRights in list) { if (dictionary.ContainsKey(securityIdentifierAndFolderRights.SecurityIdentifier)) { throw new InvalidParamException(new LocalizedString(string.Format("SID {0} is not unique.", securityIdentifierAndFolderRights.SecurityIdentifier))); } dictionary.Add(securityIdentifierAndFolderRights.SecurityIdentifier, securityIdentifierAndFolderRights.SecurityIdentifierType); } FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD = new FolderSecurity.AclTableAndSecurityDescriptorProperty(new ArraySegment <byte>(array), dictionary, SecurityDescriptor.FromRawSecurityDescriptor(this.securityDescriptor), SecurityDescriptor.FromRawSecurityDescriptor(this.freeBusySecurityDescriptor)); this.coreFolder.OnBeforeFolderSave(); AclModifyTable.WriteFolderAclTable(this.coreFolder, AclModifyTable.SerializeAclTableAndSecurityDecscriptor(aclTableAndSD)); this.coreFolder.OnAfterFolderSave(); }
private void Load() { FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSecurityDescriptorProperty = AclModifyTable.ReadAclTableAndSecurityDescriptor(this.coreFolder.PropertyBag); if (aclTableAndSecurityDescriptorProperty.SecurityDescriptor == null) { return; } this.securityDescriptor = aclTableAndSecurityDescriptorProperty.SecurityDescriptor.ToRawSecurityDescriptorThrow(); this.freeBusySecurityDescriptor = ((aclTableAndSecurityDescriptorProperty.FreeBusySecurityDescriptor != null) ? aclTableAndSecurityDescriptorProperty.FreeBusySecurityDescriptor.ToRawSecurityDescriptorThrow() : null); List <AclTableEntry> list = null; if (aclTableAndSecurityDescriptorProperty.SerializedAclTable.Count != 0 && !this.useSecurityDescriptorOnly) { list = this.ParseTableEntries(aclTableAndSecurityDescriptorProperty.SerializedAclTable); } if (list == null) { bool flag; string canonicalErrorInformation; this.tableEntries = this.BuildAclTableFromSecurityDescriptor(out flag, out canonicalErrorInformation); if (!flag && (this.options & ModifyTableOptions.ExtendedPermissionInformation) == ModifyTableOptions.ExtendedPermissionInformation) { ExTraceGlobals.StorageTracer.TraceError(0L, "Cannot build blob ACL table blob with non-canonical SD"); throw new NonCanonicalACLException(canonicalErrorInformation); } } else { this.tableEntries = list; } if (this.tableEntries.Count == 0 || this.tableEntries[0].MemberId != 0L) { MemberRights rights = (this.freeBusySecurityDescriptor == null) ? MemberRights.FreeBusySimple : MemberRights.None; this.tableEntries.Insert(0, AclModifyTable.BuildEveryoneDefaultEntry(rights)); } }
public static byte[] BuildAclTableBlob(StoreSession session, RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor) { IRecipientSession adrecipientSession = session.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid); ExternalUserCollection externalUserCollectionToDispose = null; bool flag; string canonicalErrorInformation; List <AclTableEntry> source; try { source = AclModifyTable.BuildAclTableFromSecurityDescriptor(securityDescriptor, freeBusySecurityDescriptor, new LazilyInitialized <ExternalUserCollection>(delegate() { MailboxSession mailboxSession = session as MailboxSession; externalUserCollectionToDispose = ((mailboxSession != null) ? mailboxSession.GetExternalUsers() : null); return(externalUserCollectionToDispose); }), adrecipientSession, new AclTableIdMap(), out flag, out canonicalErrorInformation); } finally { Util.DisposeIfPresent(externalUserCollectionToDispose); } if (!flag) { ExTraceGlobals.StorageTracer.TraceError(0L, "Cannot build blob ACL table blob with non-canonical SD"); throw new NonCanonicalACLException(canonicalErrorInformation); } FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD = new FolderSecurity.AclTableAndSecurityDescriptorProperty(new ArraySegment <byte>(AclModifyTable.SerializeTableEntries(source)), source.ToDictionary((AclTableEntry tableEntry) => tableEntry.SecurityIdentifier, delegate(AclTableEntry tableEntry) { if (!tableEntry.IsGroup) { return(FolderSecurity.SecurityIdentifierType.User); } return(FolderSecurity.SecurityIdentifierType.Group); }), SecurityDescriptor.FromRawSecurityDescriptor(securityDescriptor), SecurityDescriptor.FromRawSecurityDescriptor(freeBusySecurityDescriptor)); return(AclModifyTable.SerializeAclTableAndSecurityDecscriptor(aclTableAndSD)); }
public static void SetFolderFreeBusySecurityDescriptor(CoreFolder folder, RawSecurityDescriptor freeBusySecurityDescriptor) { FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSecurityDescriptorProperty = AclModifyTable.ReadAclTableAndSecurityDescriptor(folder.PropertyBag); byte[] propertyToSet = AclModifyTable.BuildAclTableBlob(folder.Session, (aclTableAndSecurityDescriptorProperty.SecurityDescriptor != null) ? aclTableAndSecurityDescriptorProperty.SecurityDescriptor.ToRawSecurityDescriptorThrow() : null, freeBusySecurityDescriptor); AclModifyTable.WriteFolderAclTable(folder, propertyToSet); }