protected override void CreateOrUpdateRoles(RoleNameMapping mapping, List <RoleDefinition> roleDefinitions, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex) { ExTraceGlobals.AccessCheckTracer.TraceFunction <int>(20009L, "-->CreateOrUpdateRoles: roleDefinitions count = {0}", roleDefinitions.Count); RoleDefinition item = roleDefinitions.First((RoleDefinition x) => x.RoleName.Equals(mapping.OldName)); roleDefinitions.Remove(item); List <ExchangeRole> list = new List <ExchangeRole>(roleDefinitions.Count); foreach (RoleDefinition definition in roleDefinitions) { ExchangeRole exchangeRole = base.CreateOrUpdateRole(null, definition, enabledPermissionFeatures, suffix, mailboxPlanIndex); if (exchangeRole != null) { list.Add(exchangeRole); } } ExchangeRole exchangeRole2 = item.GenerateRole(enabledPermissionFeatures, this.settings.RolesContainerId, suffix, mailboxPlanIndex); string unescapedCommonName = (suffix == null) ? mapping.OldName : (mapping.OldName + suffix); ExchangeRole exchangeRole3 = this.settings.ConfigurationSession.Read <ExchangeRole>(this.settings.RolesContainerId.GetChildId(unescapedCommonName)); if (exchangeRole3 == null) { if (exchangeRole2.RoleEntries.Count > 0) { exchangeRole2.OrganizationId = this.settings.OrganizationId; base.SaveRoleAndSuggestCleanupOnFailure(exchangeRole2); ExTraceGlobals.AccessCheckTracer.TraceFunction(20009L, "<--CreateOrUpdateRole: New Role created"); } return; } this.settings.LogReadObject(exchangeRole3); this.UpdateCannedRole(exchangeRole3, exchangeRole2, list); ExTraceGlobals.AccessCheckTracer.TraceFunction(20009L, "<--CreateOrUpdateRoles"); }
private void InstallCustomRole(RoleDefinition customRoleDefinition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex) { if (this.RoleNameExists(customRoleDefinition.RoleName + suffix)) { return; } this.CreateCustomRole(customRoleDefinition, enabledPermissionFeatures, suffix, mailboxPlanIndex); }
private void CreateCustomRole(RoleDefinition customRoleDefinition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex) { ADObjectId childId = this.rolesContainerId.GetChildId(customRoleDefinition.ParentRoleName + suffix); ExchangeRole exchangeRole = customRoleDefinition.GenerateRole(enabledPermissionFeatures, childId, suffix, mailboxPlanIndex); exchangeRole.OrganizationId = base.CurrentOrganizationId; this.configurationSession.Save(exchangeRole); }
public override void UpdateRole(RoleDefinition definition) { foreach (ServicePlan.MailboxPlan mailboxPlan in this.settings.ServicePlanSettings.MailboxPlans) { string suffix = "_" + mailboxPlan.Name; base.CreateOrUpdateRole(this.roleNameMapping, definition, mailboxPlan.GetEnabledPermissionFeatures(), suffix, mailboxPlan.MailboxPlanIndex); } }
private ExchangeRole TryFindSafeDCRoleOrUseDefault(ExchangeRole cannedRole) { string dcsafeNameForRole = RoleDefinition.GetDCSafeNameForRole(cannedRole.Name); ExchangeRole[] array = this.configurationSession.Find <ExchangeRole>(cannedRole.Id, QueryScope.OneLevel, new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Name, dcsafeNameForRole), null, 1); if (array != null && array.Length == 1) { return(array[0]); } return(cannedRole); }
public override void UpdateRole(RoleDefinition definition) { List <string> enabledPermissionFeatures = null; if (this.settings.ServicePlanSettings != null) { if (definition.IsEndUserRole && !this.settings.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled) { enabledPermissionFeatures = this.settings.ServicePlanSettings.GetAggregatedMailboxPlanPermissions(); } else if (!definition.IsEndUserRole) { enabledPermissionFeatures = this.settings.ServicePlanSettings.Organization.GetEnabledPermissionFeatures(); } } base.CreateOrUpdateRole(this.roleNameMapping, definition, enabledPermissionFeatures); }
private void PurgeInvalidAssignmentsFromRoleGroup(RoleGroupRoleMapping rgMapping, ADGroup roleGroup, List <ExchangeRole> topCannedRoles) { TaskLogger.LogEnter(); if (!InstallCannedRbacRoleAssignments.MonitoredDCOnlyRoleGroups.Contains(rgMapping.RoleGroup)) { return; } List <string> list = new List <string>(rgMapping.Assignments.Length * 2); RoleAssignmentDefinition[] assignments = rgMapping.Assignments; for (int i = 0; i < assignments.Length; i++) { RoleAssignmentDefinition assignmentDefinition = assignments[i]; List <ExchangeRole> list2 = topCannedRoles.FindAll((ExchangeRole x) => x.RoleType.Equals(assignmentDefinition.RoleType)); if (list2 != null) { foreach (ExchangeRole exchangeRole in list2) { list.Add(exchangeRole.DistinguishedName); list.Add(exchangeRole.Id.GetChildId(RoleDefinition.GetDCSafeNameForRole(exchangeRole.Name)).DistinguishedName); } } } ADPagedReader <ExchangeRoleAssignment> adpagedReader = this.configurationSession.FindPaged <ExchangeRoleAssignment>(base.OrgContainerId.GetDescendantId(ExchangeRoleAssignment.RdnContainer), QueryScope.SubTree, new ComparisonFilter(ComparisonOperator.Equal, ExchangeRoleAssignmentSchema.User, roleGroup.Id), null, 0); using (IEnumerator <ExchangeRoleAssignment> enumerator2 = adpagedReader.GetEnumerator()) { while (enumerator2.MoveNext()) { ExchangeRoleAssignment roleAssignment = enumerator2.Current; if (!list.Contains(roleAssignment.Role.DistinguishedName, StringComparer.OrdinalIgnoreCase)) { if (topCannedRoles.Find((ExchangeRole x) => x.Name.Equals(roleAssignment.Role.Name, StringComparison.OrdinalIgnoreCase) && x.RoleType.Equals(RoleType.UnScoped)) == null) { ExchangeRole exchangeRole2 = this.configurationSession.Read <ExchangeRole>(roleAssignment.Role); if (exchangeRole2 != null && !exchangeRole2.RoleType.Equals(RoleType.UnScoped)) { this.RemoveRoleAssignment(roleAssignment); } } } } } TaskLogger.LogExit(); }
protected void FindAndUpdateDerivedRoles(ExchangeRole updatedParentRole, RoleEntry[] oldParentRoleEntries, RoleDefinition roleDefinition, ref int recursionCount) { ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->FindAndUpdateDerivedRoles: updatedParentRole.Name = {0}, updatedParentRole.RoleEntries.Count = {1}, oldParentRoleEntries.Length = {2}, recursionCount = {3}", new object[] { updatedParentRole.Name, updatedParentRole.RoleEntries.Count, oldParentRoleEntries.Length, recursionCount }); if (++recursionCount >= 1000) { return; } bool flag = false; bool flag2 = this.settings.Organization == null && (Datacenter.IsMicrosoftHostedOnly(false) || Datacenter.IsDatacenterDedicated(false)) && roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions); ADPagedReader <ExchangeRole> adpagedReader = this.settings.ConfigurationSession.FindPaged <ExchangeRole>(updatedParentRole.Id, QueryScope.OneLevel, null, null, 0); foreach (ExchangeRole exchangeRole in adpagedReader) { this.settings.LogReadObject(exchangeRole); RoleEntry[] array = this.PrepareRoleForUpgradeAndGetOldSortedEntries(exchangeRole, false); List <RoleEntry> value; if (1 == recursionCount && flag2 && exchangeRole.Name.Equals(RoleDefinition.GetDCSafeNameForRole(updatedParentRole.Name), StringComparison.OrdinalIgnoreCase)) { value = roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions); flag = true; } else { value = this.GetListOfRoleEntriesForChildRole(oldParentRoleEntries, array, updatedParentRole.RoleEntries.ToArray(), exchangeRole.IsChanged(ADObjectSchema.ExchangeVersion)); } exchangeRole.RoleEntries = new MultiValuedProperty <RoleEntry>(value); this.FindAndUpdateDerivedRoles(exchangeRole, array, roleDefinition, ref recursionCount); this.SaveDerivedRoleAndWarnOnValidationErrors(exchangeRole); ExTraceGlobals.AccessCheckTracer.TraceFunction <string, int>(20005L, "----FindAndUpdateDerivedRoles: role.Name = {0}, role.RoleEntries.Count = {1}", exchangeRole.Name, exchangeRole.RoleEntries.Count); } if (1 == recursionCount && !flag) { this.CreateDCSafeRoleIfNeeded(updatedParentRole, roleDefinition); } recursionCount--; ExTraceGlobals.AccessCheckTracer.TraceFunction <int>(20005L, "<--FindAndUpdateDerivedRoles: recursionCount = {0}", recursionCount); }
protected void CreateDCSafeRoleIfNeeded(ExchangeRole cannedRole, RoleDefinition roleDefinition) { if (this.settings.Organization != null || !Datacenter.IsMicrosoftHostedOnly(false)) { return; } if (!roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions)) { return; } ExchangeRole exchangeRole = roleDefinition.GenerateRole(null, cannedRole.Id, null, null); exchangeRole.Name = RoleDefinition.GetDCSafeNameForRole(cannedRole.Name); exchangeRole.RoleEntries = new MultiValuedProperty <RoleEntry>(roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions)); exchangeRole.OrganizationId = this.settings.OrganizationId; if (exchangeRole.RoleEntries.Count != 0) { this.SaveRoleAndWarnOnFailure(exchangeRole); } }
internal static RoleDefinition[] MergeRoleDefinitions(RoleDefinition[] cmdletRoleDefinitions, RoleDefinition[] webServiceRoleDefinitions) { List <RoleDefinition> list = cmdletRoleDefinitions.ToList <RoleDefinition>(); List <RoleDefinition> list2 = new List <RoleDefinition>(); for (int i = 0; i < webServiceRoleDefinitions.Length; i++) { RoleDefinition webServiceDef = webServiceRoleDefinitions[i]; int num = list.FindIndex(delegate(RoleDefinition x) { string roleName = x.RoleName; RoleDefinition webServiceDef2 = webServiceDef; if (roleName.Equals(webServiceDef2.RoleName, StringComparison.OrdinalIgnoreCase)) { RoleType roleType = x.RoleType; RoleDefinition webServiceDef3 = webServiceDef; return(roleType == webServiceDef3.RoleType); } return(false); }); if (num >= 0) { RoleDefinition roleDefinition = list[num]; List <RoleCmdlet> list3 = roleDefinition.Cmdlets.ToList <RoleCmdlet>(); List <RoleCmdlet> list4 = list3; RoleDefinition webServiceDef4 = webServiceDef; list4.AddRange(webServiceDef4.Cmdlets); RoleDefinition value = new RoleDefinition(roleDefinition.RoleName, roleDefinition.ParentRoleName, roleDefinition.RoleType, list3.ToArray()); list[num] = value; } else { list2.Add(webServiceDef); } } list.AddRange(list2); return(list.ToArray()); }
protected ExchangeRole CreateOrUpdateRole(RoleNameMapping mapping, RoleDefinition definition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex) { ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->CreateOrUpdateRole: RoleDefinition = {0}, enabledPermissionFeatures is Null = {1}, suffix = {2}, mailboxPlanIndex = {3}", new object[] { definition.RoleName, enabledPermissionFeatures == null, string.IsNullOrEmpty(suffix) ? string.Empty : suffix, string.IsNullOrEmpty(mailboxPlanIndex) ? string.Empty : mailboxPlanIndex }); this.RenameExistingRole(mapping, suffix); ExchangeRole exchangeRole = definition.GenerateRole(enabledPermissionFeatures, this.settings.RolesContainerId, suffix, mailboxPlanIndex); if (exchangeRole.RoleEntries.Count > 0) { ExchangeRole exchangeRole2 = this.settings.ConfigurationSession.Read <ExchangeRole>(exchangeRole.Id); if (exchangeRole2 != null) { this.settings.LogReadObject(exchangeRole2); this.UpdateCannedRole(exchangeRole2, exchangeRole, definition); exchangeRole = exchangeRole2; ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: Role Updated"); } else { exchangeRole.OrganizationId = this.settings.OrganizationId; this.SaveRoleAndSuggestCleanupOnFailure(exchangeRole); ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: New Role created"); this.CreateDCSafeRoleIfNeeded(exchangeRole, definition); } } else { ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: No Role created"); this.settings.RemoveRoleAndAssignments(exchangeRole.Id); exchangeRole = null; } return(exchangeRole); }
public RoleDefinition(string theRoleName, string theParentRoleName, RoleType theRoleType, RoleCmdlet[] theCmdlets) { this = new RoleDefinition(theRoleName, theRoleType, theCmdlets); this.parentRoleName = theParentRoleName; }
protected void UpdateCannedRole(ExchangeRole existingRole, ExchangeRole cannedRole, RoleDefinition roleDefinition) { ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->UpdateCannedRole: existingRole = {0}, existingRoleVersion = {1}, existingRole-RoleType = {2}, cannedRole = {3}, cannedRoleVersion = {4}, cannedRole-RoleType = {5}", new object[] { existingRole.Name, existingRole.ExchangeVersion.ToString(), existingRole.RoleType.ToString(), cannedRole.Name, cannedRole.ExchangeVersion.ToString(), cannedRole.RoleType.ToString() }); bool flag = existingRole.ExchangeVersion == ExchangeRoleSchema.Exchange2009_R3; RoleEntry[] array = this.PrepareRoleForUpgradeAndGetOldSortedEntries(existingRole, false); existingRole.RoleEntries = (flag ? cannedRole.RoleEntries : this.CalculateUpdatedRoleEntries(cannedRole, array)); int num = 0; this.FindAndUpdateDerivedRoles(existingRole, array, roleDefinition, ref num); existingRole.OrganizationId = this.settings.OrganizationId; this.SaveRoleAndSuggestCleanupOnFailure(existingRole); ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<---UpdateCannedRole"); }
public override void UpdateRole(RoleDefinition definition) { throw new NotImplementedException("DeprecateRoleUpgrader feature not implemented"); }
protected ExchangeRole CreateOrUpdateRole(RoleNameMapping mapping, RoleDefinition definition, List <string> enabledPermissionFeatures) { return(this.CreateOrUpdateRole(mapping, definition, enabledPermissionFeatures, null, null)); }
public static bool CanUpgrade(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition, out RoleUpgrader roleUpgrader) { ExTraceGlobals.AccessCheckTracer.TraceFunction <string>(20006L, "-->NonDeprecatedRoleUpgrader.CanUpgrade: roleName = {0}", roleDefinition.RoleName); bool flag = false; roleUpgrader = null; if (settings.Organization == null) { flag = true; } else if (!roleDefinition.IsEndUserRole || !settings.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled) { flag = true; } flag = (flag && (roleNameMapping == null || (!roleNameMapping.IsDeprecatedRole && !roleNameMapping.IsSplitting))); if (flag) { roleUpgrader = new NonDeprecatedRoleUpgrader(settings, roleNameMapping); } ExTraceGlobals.AccessCheckTracer.TraceFunction <bool>(20006L, "<--NonDeprecatedRoleUpgrader.CanUpgrade: canUpgrade = {0}", flag); return(flag); }
public abstract void UpdateRole(RoleDefinition definition);
public static RoleUpgrader GetRoleUpgrader(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition) { RoleUpgrader result = null; foreach (RoleUpgraderFactory.CanUpgradeRoleDelegate canUpgradeRoleDelegate in RoleUpgraderFactory.knownUpgrades) { if (canUpgradeRoleDelegate(settings, roleNameMapping, roleDefinition, out result)) { break; } } return(result); }
public new static bool CanUpgrade(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition, out RoleUpgrader roleUpgrader) { ExTraceGlobals.AccessCheckTracer.TraceFunction <string>(20009L, "-->SplitRoleUpgrader.CanUpgrade: roleName = {0}", roleDefinition.RoleName); bool flag = false; roleUpgrader = null; if (!roleDefinition.IsEndUserRole) { flag = true; } flag = (flag && roleNameMapping != null && roleNameMapping.IsSplitting); if (flag) { roleUpgrader = new SplitRoleUpgrader(settings, roleNameMapping); } ExTraceGlobals.AccessCheckTracer.TraceFunction <bool>(20009L, "<--SplitRoleUpgrader.CanUpgrade: canUpgrade = {0}", flag); return(flag); }
public new static bool CanUpgrade(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition, out RoleUpgrader roleUpgrader) { ExTraceGlobals.AccessCheckTracer.TraceFunction <string>(20009L, "-->MailboxPlanDeprecatedRoleUpgrader.CanUpgrade: roleName = {0}", roleDefinition.RoleName); bool flag = false; roleUpgrader = null; if (settings.Organization != null && roleDefinition.IsEndUserRole && roleNameMapping != null && roleNameMapping.IsDeprecatedRole && settings.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled) { flag = true; } if (flag) { roleUpgrader = new MailboxPlanDeprecatedRoleUpgrader(settings, roleNameMapping); } ExTraceGlobals.AccessCheckTracer.TraceFunction <bool>(20008L, "<--MailboxPlanDeprecatedRoleUpgrader.CanUpgrade: canUpgrade = {0}", flag); return(flag); }