private ExternalUser ApplyPermission(MailboxSession mailboxSession, SmtpAddress smtpAddress, SharingContext context) { ExternalUser externalUser = null; ExternalUser externalUser2; using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers()) { externalUser2 = externalUsers.FindReachUserWithOriginalSmtpAddress(smtpAddress); externalUser = externalUsers.FindFederatedUserWithOriginalSmtpAddress(smtpAddress); if (externalUser2 == null) { externalUser2 = externalUsers.AddReachUser(smtpAddress); externalUsers.Save(); } } using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context)) { FreeBusyAccess freeBusy = this.GetFreeBusy(context); PermissionSecurityPrincipal principal = new PermissionSecurityPrincipal(externalUser2); PermissionLevel permissionLevel = (context.SharingDetail == SharingContextDetailLevel.FullDetails) ? PermissionLevel.Reviewer : PermissionLevel.None; current.AddOrChangePermission(principal, permissionLevel, new FreeBusyAccess?(freeBusy)); if (externalUser != null) { current.RemovePermission(new PermissionSecurityPrincipal(externalUser)); } } return(externalUser2); }
private static string GetExternalIdentity(ExternalClientContext externalClientContext, MailboxSession session) { FreeBusyPermission.SecurityTracer.TraceDebug <object, ExternalClientContext, IExchangePrincipal>(0L, "{0}: searching for external identity for caller {1} in mailbox {2}", TraceContext.Get(), externalClientContext, session.MailboxOwner); Stopwatch stopwatch = Stopwatch.StartNew(); try { PersonalClientContext personalClientContext = externalClientContext as PersonalClientContext; if (personalClientContext != null) { using (ExternalUserCollection externalUsers = session.GetExternalUsers()) { ExternalUser externalUser = externalUsers.FindExternalUser(personalClientContext.ExternalId.ToString()); if (externalUser != null) { string text = externalUser.Sid.ToString(); FreeBusyPermission.SecurityTracer.TraceDebug <object, string>(0L, "{0}: found personal client context from external identity: {1}", TraceContext.Get(), text); return(text); } } } } finally { stopwatch.Stop(); PerformanceCounters.AverageExternalAuthenticationIdentityMappingTime.IncrementBy(stopwatch.ElapsedTicks); PerformanceCounters.AverageExternalAuthenticationIdentityMappingTimeBase.Increment(); } return(null); }
private ExternalUserCollection GetExternalUsers(StoreSession session) { MailboxSession mailboxSession = session as MailboxSession; if (this.externalUsers == null && mailboxSession != null) { this.externalUsers = mailboxSession.GetExternalUsers(); } return(this.externalUsers); }
protected override void InternalPerformRevocation(MailboxSession mailboxSession, SharingContext context) { using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context)) { using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers()) { PermissionSecurityPrincipal permissionSecurityPrincipal = this.CreatePermissionSecurityPrincipal(context.InitiatorSmtpAddress, externalUsers); if (permissionSecurityPrincipal != null) { current.RemovePermission(permissionSecurityPrincipal); } } } }
internal static ExternalIdentityToken GetExternalIdentityToken(MailboxSession session, SmtpAddress externalId) { if (session != null && session.Capabilities.CanHaveExternalUsers) { using (ExternalUserCollection externalUsers = session.GetExternalUsers()) { ExternalUser externalUser = externalUsers.FindExternalUser(externalId.ToString()); if (externalUser != null) { return(new ExternalIdentityToken(externalUser.Sid)); } ExternalIdentityToken.Tracer.TraceError <SmtpAddress, IExchangePrincipal>(0L, "{0}: Unable to find the requester in the external user collection in mailbox {1}.", externalId, session.MailboxOwner); } } return(null); }
internal void EnsureExternalUser(MailboxSession mailboxSession) { if (this.UserType != MailboxFolderUserId.MailboxFolderUserType.External) { throw new InvalidOperationException("Only support External user type."); } if (this.externalUser != null) { return; } using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers()) { ExternalUser externalUser = externalUsers.FindExternalUser(this.smtpAddress); if (externalUser == null) { throw new InvalidExternalUserIdException(this.smtpAddress.ToString()); } this.externalUser = externalUser; } }
public static byte[] BuildAclTableBlob(StoreSession session, RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor) { IRecipientSession adrecipientSession = session.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid); ExternalUserCollection externalUserCollectionToDispose = null; bool flag; string canonicalErrorInformation; List <AclTableEntry> source; try { source = AclModifyTable.BuildAclTableFromSecurityDescriptor(securityDescriptor, freeBusySecurityDescriptor, new LazilyInitialized <ExternalUserCollection>(delegate() { MailboxSession mailboxSession = session as MailboxSession; externalUserCollectionToDispose = ((mailboxSession != null) ? mailboxSession.GetExternalUsers() : null); return(externalUserCollectionToDispose); }), adrecipientSession, new AclTableIdMap(), out flag, out canonicalErrorInformation); } finally { Util.DisposeIfPresent(externalUserCollectionToDispose); } if (!flag) { ExTraceGlobals.StorageTracer.TraceError(0L, "Cannot build blob ACL table blob with non-canonical SD"); throw new NonCanonicalACLException(canonicalErrorInformation); } FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD = new FolderSecurity.AclTableAndSecurityDescriptorProperty(new ArraySegment <byte>(AclModifyTable.SerializeTableEntries(source)), source.ToDictionary((AclTableEntry tableEntry) => tableEntry.SecurityIdentifier, delegate(AclTableEntry tableEntry) { if (!tableEntry.IsGroup) { return(FolderSecurity.SecurityIdentifierType.User); } return(FolderSecurity.SecurityIdentifierType.Group); }), SecurityDescriptor.FromRawSecurityDescriptor(securityDescriptor), SecurityDescriptor.FromRawSecurityDescriptor(freeBusySecurityDescriptor)); return(AclModifyTable.SerializeAclTableAndSecurityDecscriptor(aclTableAndSD)); }
internal ExternalUser TryGetExternalUser(byte[] memberEntryId, ref ExternalUserCollection externalUsers) { if (memberEntryId != null) { MailboxSession mailboxSession = this.Session as MailboxSession; if (externalUsers == null && mailboxSession != null) { externalUsers = mailboxSession.GetExternalUsers(); } if (externalUsers != null) { try { byte[] binaryForm = null; StoreSession session = this.Session; bool flag = false; try { if (session != null) { session.BeginMapiCall(); session.BeginServerHealthCall(); flag = true; } if (StorageGlobals.MapiTestHookBeforeCall != null) { StorageGlobals.MapiTestHookBeforeCall(MethodBase.GetCurrentMethod()); } binaryForm = MapiStore.GetLocalDirectorySIDFromAddressBookEntryId(memberEntryId); } catch (MapiPermanentException ex) { throw StorageGlobals.TranslateMapiException(ServerStrings.InvalidPermissionsEntry, ex, session, this, "{0}. MapiException = {1}.", new object[] { string.Format("ACL table has invalid entry id.", new object[0]), ex }); } catch (MapiRetryableException ex2) { throw StorageGlobals.TranslateMapiException(ServerStrings.InvalidPermissionsEntry, ex2, session, this, "{0}. MapiException = {1}.", new object[] { string.Format("ACL table has invalid entry id.", new object[0]), ex2 }); } finally { try { if (session != null) { session.EndMapiCall(); if (flag) { session.EndServerHealthCall(); } } } finally { if (StorageGlobals.MapiTestHookAfterCall != null) { StorageGlobals.MapiTestHookAfterCall(MethodBase.GetCurrentMethod()); } } } SecurityIdentifier sid = new SecurityIdentifier(binaryForm, 0); return(externalUsers.FindExternalUser(sid)); } catch (ObjectNotFoundException) { } } } return(null); }
protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator) { ExternalAuthentication current = ExternalAuthentication.GetCurrent(); if (!current.Enabled) { ExTraceGlobals.SharingTracer.TraceError <string>((long)this.GetHashCode(), "{0}: The organization is not federated for external sharing.", context.InitiatorSmtpAddress); return(new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), new OrganizationNotFederatedException()))); } SharedFolderDataEncryption sharedFolderDataEncryption = new SharedFolderDataEncryption(current); string text = StoreId.StoreIdToEwsId(mailboxSession.MailboxOwner.MailboxInfo.MailboxGuid, context.FolderId); PerformInvitationResults result; using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers()) { PerformInvitationResults performInvitationResults = null; EncryptionResults encryptionResults = null; Exception ex = null; try { encryptionResults = sharedFolderDataEncryption.Encrypt(mailboxSession.MailboxOwner, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid), externalUsers, recipients, context.InitiatorSmtpAddress, context.FolderClass, text, frontEndLocator); } catch (UserWithoutFederatedProxyAddressException ex2) { ex = ex2; } catch (InvalidFederatedOrganizationIdException ex3) { ex = ex3; } catch (StoragePermanentException ex4) { ex = ex4; } if (ex != null) { ExTraceGlobals.SharingTracer.TraceError <string, Exception>((long)this.GetHashCode(), "{0}: Error occurred when trying to encrypt. Exception = {1}", context.InitiatorSmtpAddress, ex); result = new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), ex)); } else { if (encryptionResults.InvalidRecipients != null && encryptionResults.InvalidRecipients.Length > 0) { InvalidSharingRecipientsException exception = new InvalidSharingRecipientsException(encryptionResults.InvalidRecipients); if (encryptionResults.InvalidRecipients.Length == recipients.Length) { return(new PerformInvitationResults(exception)); } performInvitationResults = new PerformInvitationResults(recipients, exception); recipients = performInvitationResults.SucceededRecipients; } else { performInvitationResults = new PerformInvitationResults(recipients); } PermissionLevel permissionLevel = this.GetPermissionLevel(context); FreeBusyAccess? freeBusy = this.GetFreeBusy(context); using (FolderPermissionContext current2 = FolderPermissionContext.GetCurrent(mailboxSession, context)) { foreach (ValidRecipient validRecipient in recipients) { PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(validRecipient.SmtpAddress, externalUsers); current2.AddOrChangePermission(principal, permissionLevel, freeBusy); ExternalUser externalUser = externalUsers.FindReachUserWithOriginalSmtpAddress(new SmtpAddress(validRecipient.SmtpAddress)); if (externalUser != null) { current2.RemovePermission(new PermissionSecurityPrincipal(externalUser)); } } } context.FolderEwsId = text; context.EncryptedSharedFolderDataCollection = encryptionResults.EncryptedSharedFolderDataCollection; result = performInvitationResults; } } return(result); }