static CertificateAuthenticationModule()
{
if (!int.TryParse(ConfigurationManager.AppSettings["CertificateAuthentication.MaxRetryForADTransient"], out CertificateAuthenticationModule.maxRetryForADTransient))
{
CertificateAuthenticationModule.maxRetryForADTransient = 2;
}
int num;
if (!int.TryParse(ConfigurationManager.AppSettings["CertificateAuthentication.UserCacheMappingMaximumSize"], out num) || num < 0)
{
num = 300;
}
if (num != 0)
{
int num2;
if (!int.TryParse(ConfigurationManager.AppSettings["CertificateAuthentication.UserCacheMappingExpirationInHours"], out num2) || num2 < 0)
{
num2 = 4;
}
CertificateAuthenticationModule.certCache = new CertificateADUserCache(num2, num);
}
bool.TryParse(ConfigurationManager.AppSettings["CertificateAuthenticationModule.CafeProxy"], out CertificateAuthenticationModule.cafeProxy);
if (DatacenterRegistry.IsForefrontForOffice())
{
AppDomain.CurrentDomain.AssemblyResolve += CertificateAuthenticationModule.CurrentDomain_AssemblyResolve;
}
}
public static void SetRecipientFilterPreAction(DataRow inputRow, DataTable dataTable, DataObjectStore store)
{
if (DatacenterRegistry.IsForefrontForOffice())
{
inputRow["RecipientTypeFilter"] = inputRow["FFORecipientTypeFilter"].ToString();
}
}
public static void SaveToFfo <T>(Task task, T adObject, TenantSettingSyncLogType logType, string oldName = null) where T : ADObject, new()
{
bool flag = false;
try
{
if (!DatacenterRegistry.IsForefrontForOffice() && !task.CurrentOrganizationId.Equals(OrganizationId.ForestWideOrgId) && DatacenterRegistry.IsDualWriteAllowed() && adObject != null)
{
flag = true;
if (adObject.m_Session != null)
{
ComparisonFilter filter = new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Name, adObject.Name);
T t = adObject.m_Session.Find <T>(null, QueryScope.SubTree, filter, null, 0).FirstOrDefault <T>();
if (t != null)
{
adObject = t;
}
}
FfoDualWriter.FixTenantId(adObject);
FfoDualWriter.HandleRenaming(adObject, oldName);
FfoDualWriter.FfoDataProvider.Save(adObject);
}
}
catch (Exception ex)
{
if (flag)
{
FfoDualWriter.LogToFile <T>(adObject, logType, oldName);
}
FfoDualWriter.LogException(ex);
}
}
internal static object InstantiateFfoOrExoClass(string ffoTypeName, Type exoType)
{
if (DatacenterRegistry.IsForefrontForOffice() && !DatacenterRegistry.IsForefrontForOfficeDeployment())
{
Assembly assembly = Assembly.Load("Microsoft.Exchange.Hygiene.Data");
Type type = assembly.GetType(ffoTypeName);
return(Activator.CreateInstance(type));
}
return(Activator.CreateInstance(exoType));
}
public void StartLogging()
{
if (!Directory.Exists(SetupLoggerImpl.setupLogDirectory))
{
Directory.CreateDirectory(SetupLoggerImpl.setupLogDirectory);
}
string filename = Path.Combine(SetupLoggerImpl.setupLogDirectory, SetupLoggerImpl.setupLogFileNameForWatson);
string filename2 = Path.Combine(SetupLoggerImpl.setupLogDirectory, "ExchangeSetup.msilog");
string dataMiningPath = null;
if (DatacenterRegistry.IsMicrosoftHostedOnly())
{
string text = "d:\\ExchangeSetupLogs";
if (!Directory.Exists(text))
{
Directory.CreateDirectory(text);
}
dataMiningPath = Path.Combine(text, SetupLoggerImpl.setupLogFileName);
}
ExWatson.TryAddExtraFile(filename);
ExWatson.TryAddExtraFile(filename2);
try
{
TaskLogger.IsSetupLogging = true;
TaskLogger.StartFileLogging(SetupLoggerImpl.setupLogFilePath, dataMiningPath);
this.isLoggingStarted = true;
}
catch (IOException ex)
{
throw new SetupLogInitializeException(ex.Message, ex);
}
catch (UnauthorizedAccessException ex2)
{
throw new SetupLogInitializeException(ex2.Message, ex2);
}
this.Log(SetupLoggerImpl.AsterixLine);
this.Log(Strings.SetupLogStarted);
this.Log(SetupLoggerImpl.AsterixLine);
this.Log(Strings.LocalTimeZone(TimeZoneInfo.Local.DisplayName));
this.Log(Strings.OSVersion(Environment.OSVersion.ToString()));
try
{
this.LogAssemblyVersion();
}
catch (FileVersionNotFoundException ex3)
{
throw new SetupLogInitializeException(ex3.Message, ex3);
}
this.LogUserName();
this.TaskStartTime = DateTime.UtcNow;
}
private string GetUserUniqueKey()
{
DelegatedPrincipal delegatedPrincipal = this.OriginalUser as DelegatedPrincipal;
if (delegatedPrincipal != null)
{
return(delegatedPrincipal.UserId);
}
if (DatacenterRegistry.IsForefrontForOffice())
{
return(this.OriginalLogonUserIdentity.Name);
}
return(this.OriginalLogonUserIdentity.GetSecurityIdentifier().Value);
}
public static ArbitrationMailboxStatus CheckArbitrationMailboxStatus(OrganizationId organizationId, out ADUser user, out ExchangePrincipal principal, out Exception exception)
{
user = null;
principal = null;
exception = null;
try
{
if (DatacenterRegistry.IsForefrontForOffice())
{
return(ArbitrationMailboxStatus.FFO);
}
user = AdminAuditLogHelper.GetTenantArbitrationMailbox(organizationId);
principal = ExchangePrincipal.FromADUser(ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId), user, RemotingOptions.AllowCrossSite);
AdminAuditLogHelper.Tracer.TraceDebug <int>(0L, "AdminAuditLogHelper: Tenant arbitration mailbox server version is {0}", principal.MailboxInfo.Location.ServerVersion);
if (principal.MailboxInfo.Location.ServerVersion < Server.E14SP1MinVersion)
{
return(ArbitrationMailboxStatus.R4);
}
if (principal.MailboxInfo.Location.ServerVersion < Server.E15MinVersion)
{
return(ArbitrationMailboxStatus.R5);
}
return(ArbitrationMailboxStatus.E15);
}
catch (ObjectNotFoundException ex)
{
exception = ex;
AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, ObjectNotFoundException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex);
}
catch (MailboxInfoStaleException ex2)
{
exception = ex2;
AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, MailboxInfoStaleException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex2);
}
catch (SuitabilityDirectoryException ex3)
{
exception = ex3;
AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, SuitabilityDirectoryException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex3);
}
catch (DatabaseLocationUnavailableException ex4)
{
exception = ex4;
AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, DatabaseLocationUnavailableException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex4);
}
return(ArbitrationMailboxStatus.UnableToKnow);
}
internal void ValidateDlpPolicy(PropertyInfo property, object task, IConfigDataProvider configSession)
{
IList <string> list;
if (!DatacenterRegistry.IsForefrontForOffice() && this.TryGetValues <string>(property, task, out list) && list.Count > 0)
{
if (configSession == null)
{
throw new NullReferenceException("ValidateDlpPolicy requires an IConfigDataProvider");
}
HashSet <string> installedDlp = new HashSet <string>(from dlp in DlpUtils.GetInstalledTenantDlpPolicies(configSession)
select dlp.Name.ToLower());
if (!list.All((string dlp) => installedDlp.Contains(dlp.ToLower())))
{
this.ThrowError(property);
}
}
}
private static GlsLookupMode InitializeLookupMode()
{
string value = null;
try
{
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(GlsMServDirectorySession.RegistryKey))
{
value = ((registryKey != null) ? ((string)registryKey.GetValue(GlsMServDirectorySession.GlobalDirectoryLookupTypeValue, null)) : null);
}
}
catch (SecurityException ex)
{
ExTraceGlobals.GLSTracer.TraceError <string>(0L, "SecurityException: {0}", ex.Message);
}
catch (UnauthorizedAccessException ex2)
{
ExTraceGlobals.GLSTracer.TraceError <string>(0L, "UnauthorizedAccessException: {0}", ex2.Message);
}
GlsLookupMode result;
if (Enum.TryParse <GlsLookupMode>(value, true, out result))
{
return(result);
}
if (DatacenterRegistry.IsForefrontForOffice())
{
return(GlsLookupMode.GlsOnly);
}
ITopologyConfigurationSession topologyConfigurationSession = DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromRootOrgScopeSet(), 694, "InitializeLookupMode", "f:\\15.00.1497\\sources\\dev\\data\\src\\directory\\GlsMServDirectorySession.cs");
ADSite localSite = topologyConfigurationSession.GetLocalSite();
if (localSite.DistinguishedName.EndsWith("DC=extest,DC=microsoft,DC=com"))
{
return(GlsLookupMode.MServOnly);
}
return(GlsLookupMode.BothGLSAndMServ);
}
public static void DeleteFromFfo <T>(Task task, T adObject, TenantSettingSyncLogType logType) where T : ADObject, new()
{
bool flag = false;
try
{
if (!DatacenterRegistry.IsForefrontForOffice() && !task.CurrentOrganizationId.Equals(OrganizationId.ForestWideOrgId) && DatacenterRegistry.IsDualWriteAllowed())
{
flag = true;
FfoDualWriter.FixTenantId(adObject);
TenantSettingSyncLogGenerator.Instance.LogChangesForDelete(adObject, logType, new Guid?(adObject.OrganizationalUnitRoot.ObjectGuid));
FfoDualWriter.FfoDataProvider.Delete(adObject);
}
}
catch (Exception ex)
{
if (flag)
{
FfoDualWriter.LogToFile <T>(adObject, logType, null);
}
FfoDualWriter.LogException(ex);
}
}
public RbacContext(RbacSettings settings)
{
RbacContext < > 4__this = this;
ExTraceGlobals.RBACTracer.TraceInformation <string>(0, 0L, "Creating RBAC context for {0}", settings.UserName);
this.Settings = settings;
this.roles = new LazilyInitialized <ExchangeRunspaceConfiguration>(delegate()
{
ExchangeRunspaceConfiguration exchangeRunspaceConfiguration;
if (DatacenterRegistry.IsForefrontForOffice())
{
Assembly assembly = Assembly.Load("Microsoft.Exchange.Hygiene.Security.Authorization");
string siteName = HostingEnvironment.ApplicationHost.GetSiteName();
try
{
string name = (RbacContext.PullHostedTenantRbac && (bool)HttpContext.Current.Items["IsHostedTenant"]) ? "Microsoft.Exchange.Hygiene.Security.Authorization.ForefrontRunspaceConfigurationForHostedTenant" : "Microsoft.Exchange.Hygiene.Security.Authorization.ForefrontRunspaceConfiguration";
Type type = assembly.GetType(name);
exchangeRunspaceConfiguration = (ExchangeRunspaceConfiguration)Activator.CreateInstance(type, new object[]
{
< > 4__this.Settings.OriginalLogonUserIdentity,
siteName
});
goto IL_222;
}
public virtual bool IsForefrontForOffice()
{
return(DatacenterRegistry.IsForefrontForOffice());
}
private static bool IsLatencyEventLoggingEnabled()
{
return(DatacenterRegistry.IsMicrosoftHostedOnly() || DatacenterRegistry.IsDatacenterDedicated());
}
internal static bool HasDlpRole(Task task)
{
return(!DatacenterRegistry.IsForefrontForOffice() && (task.ExchangeRunspaceConfig == null || task.ExchangeRunspaceConfig.HasRoleOfType(RoleType.DataLossPrevention) || task.ExchangeRunspaceConfig.HasRoleOfType(RoleType.PersonallyIdentifiableInformation)));
}
internal static bool IsForefrontObject(PartitionId id)
{
return(DatacenterRegistry.IsForefrontForOffice() && id.ForestFQDN == "FFO.extest.microsoft.com");
}
public override bool?TryIsInRole(ExchangeRunspaceConfiguration rbacConfiguration)
{
return(new bool?(DatacenterRegistry.IsForefrontForOffice() || RbacQuery.OrganizationConfigurationQueryProcessor.IsEOPStandardCapability.TryIsInRole(rbacConfiguration).Value));
}
protected override void InternalBeginProcessing()
{
bool flag = false;
TaskLogger.LogEnter();
base.InternalBeginProcessing();
if (this.ValidationOrganization != null && !string.Equals(this.ValidationOrganization, base.CurrentOrganizationId.ToString(), StringComparison.OrdinalIgnoreCase))
{
base.ThrowTerminatingError(new ValidationOrgCurrentOrgNotMatchException(this.ValidationOrganization, base.CurrentOrganizationId.ToString()), ExchangeErrorCategory.Client, null);
}
if ("crossforest" == base.ParameterSetName)
{
try
{
NetworkCredential userForestCredential = (this.LinkedCredential == null) ? null : this.LinkedCredential.GetNetworkCredential();
this.linkedGroupSid = MailboxTaskHelper.GetSidFromAnotherForest <ADGroup>(this.LinkedForeignGroup, this.LinkedDomainController, userForestCredential, base.GlobalConfigSession, new MailboxTaskHelper.GetUniqueObject(base.GetDataObject <ADGroup>), new Task.ErrorLoggerDelegate(base.ThrowTerminatingError), new MailboxTaskHelper.OneStringErrorDelegate(Strings.ErrorLinkedGroupInTheCurrentForest), new MailboxTaskHelper.TwoStringErrorDelegate(Strings.ErrorGroupNotFoundOnGlobalCatalog), new MailboxTaskHelper.TwoStringErrorDelegate(Strings.ErrorGroupNotFoundOnDomainController), new MailboxTaskHelper.TwoStringErrorDelegate(Strings.ErrorGroupNotUniqueOnGlobalCatalog), new MailboxTaskHelper.TwoStringErrorDelegate(Strings.ErrorGroupNotUniqueOnDomainController), new MailboxTaskHelper.OneStringErrorDelegate(Strings.ErrorVerifyLinkedGroupForest));
}
catch (PSArgumentException exception)
{
base.ThrowTerminatingError(exception, ErrorCategory.InvalidArgument, this.LinkedCredential);
}
}
if (!base.Fields.IsModified(ADGroupSchema.ManagedBy) && base.CurrentOrganizationId.Equals(base.ExecutingUserOrganizationId))
{
List <SecurityPrincipalIdParameter> list = new List <SecurityPrincipalIdParameter>(2);
flag = true;
bool useGlobalCatalog = base.TenantGlobalCatalogSession.UseGlobalCatalog;
bool useConfigNC = base.TenantGlobalCatalogSession.UseConfigNC;
bool skipRangedAttributes = base.TenantGlobalCatalogSession.SkipRangedAttributes;
try
{
base.TenantGlobalCatalogSession.UseGlobalCatalog = true;
base.TenantGlobalCatalogSession.UseConfigNC = false;
base.TenantGlobalCatalogSession.SkipRangedAttributes = true;
ADGroup adgroup = base.TenantGlobalCatalogSession.ResolveWellKnownGuid <ADGroup>(RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid, OrganizationId.ForestWideOrgId.Equals(base.CurrentOrganizationId) ? this.ConfigurationSession.ConfigurationNamingContext : base.TenantGlobalCatalogSession.SessionSettings.CurrentOrganizationId.ConfigurationUnit);
if (adgroup == null)
{
base.ThrowTerminatingError(new ManagementObjectNotFoundException(DirectoryStrings.ExceptionADTopologyCannotFindWellKnownExchangeGroup), (ErrorCategory)1001, RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid);
}
list.Add(new SecurityPrincipalIdParameter(adgroup.DistinguishedName));
}
finally
{
base.TenantGlobalCatalogSession.UseGlobalCatalog = useGlobalCatalog;
base.TenantGlobalCatalogSession.UseConfigNC = useConfigNC;
base.TenantGlobalCatalogSession.SkipRangedAttributes = skipRangedAttributes;
}
ADObjectId adObjectId;
if (base.TryGetExecutingUserId(out adObjectId))
{
list.Add(new SecurityPrincipalIdParameter(adObjectId));
}
this.ManagedBy = new MultiValuedProperty <SecurityPrincipalIdParameter>(list);
}
if (this.ManagedBy == null)
{
base.WriteError(new RecipientTaskException(Strings.ErrorManagedByCannotBeEmpty), (ErrorCategory)1000, null);
}
if (!flag || !DatacenterRegistry.IsForefrontForOffice())
{
MailboxTaskHelper.CheckAndResolveManagedBy <ADGroup>(this, new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>), ExchangeErrorCategory.Client, this.ManagedBy.ToArray(), out this.managedByRecipients);
}
TaskLogger.LogExit();
}
public override bool?TryIsInRole(ExchangeRunspaceConfiguration rbacConfiguration)
{
return(new bool?(DatacenterRegistry.IsForefrontForOffice() ? DatacenterRegistry.IsFFOGallatinDatacenter() : DatacenterRegistry.IsGallatinDatacenter()));
}
public static bool IsForefrontForOfficeDatacenter()
{
return(DatacenterRegistry.IsForefrontForOffice());
}
private InitialSessionState GetInitialSessionStateCore(PSSenderInfo senderInfo)
{
InitialSessionState result;
using (new MonitoredScope("GetInitialSessionStateCore", "GetInitialSessionStateCore", AuthZLogHelper.AuthZPerfMonitors))
{
if (senderInfo == null || senderInfo.UserInfo == null || senderInfo.UserInfo.Identity == null || senderInfo.UserInfo.Identity.Name == null)
{
throw new ArgumentException("senderInfo");
}
PSPrincipal userInfo = senderInfo.UserInfo;
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "Entering EAP.GetInitialSessionState({0})", userInfo.Identity.Name);
UserToken userToken = null;
Microsoft.Exchange.Configuration.Core.AuthenticationType authenticatedType;
IIdentity executingUserIdentity = this.GetExecutingUserIdentity(userInfo, senderInfo.ConnectionString, out userToken, out authenticatedType);
ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = this.BuildRunspaceConfigurationSettings(senderInfo.ConnectionString, executingUserIdentity);
if (userToken != null)
{
exchangeRunspaceConfigurationSettings.UserToken = userToken;
}
if (AppSettings.Current.SiteRedirectTemplate != null)
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "EAP.GetInitialSessionState({0}) site redirection template used is {1}, pod redirection template used is {2}", userInfo.Identity.Name, AppSettings.Current.SiteRedirectTemplate, AppSettings.Current.PodRedirectTemplate);
exchangeRunspaceConfigurationSettings.SiteRedirectionTemplate = AppSettings.Current.SiteRedirectTemplate;
exchangeRunspaceConfigurationSettings.PodRedirectionTemplate = AppSettings.Current.PodRedirectTemplate;
}
ExchangeExpiringRunspaceConfiguration exchangeExpiringRunspaceConfiguration;
using (new MonitoredScope("GetInitialSessionStateCore", "ExchangeExpiringRunspaceConfiguration", AuthZLogHelper.AuthZPerfMonitors))
{
if (DatacenterRegistry.IsForefrontForOffice())
{
try
{
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(string.Format("SOFTWARE\\Microsoft\\ExchangeServer\\{0}\\Setup", "v15")))
{
string name = "Microsoft.Exchange.Hygiene.Security.Authorization.ForefrontExpiringDatacenterRunspaceConfiguration";
string path = (string)registryKey.GetValue("MsiInstallPath");
string assemblyFile = Path.Combine(path, "Bin", "Microsoft.Exchange.Hygiene.Security.Authorization.dll");
Assembly assembly = Assembly.LoadFrom(assemblyFile);
Type type = assembly.GetType(name);
exchangeExpiringRunspaceConfiguration = (ExchangeExpiringRunspaceConfiguration)type.InvokeMember("Instance", BindingFlags.InvokeMethod, Type.DefaultBinder, null, new object[]
{
executingUserIdentity,
exchangeRunspaceConfigurationSettings,
senderInfo.ConnectionString,
Constants.IsPowerShellWebService
});
}
goto IL_1FA;
}
catch (TargetInvocationException ex)
{
throw ex.InnerException ?? ex;
}
}
exchangeExpiringRunspaceConfiguration = new ExchangeExpiringRunspaceConfiguration(executingUserIdentity, exchangeRunspaceConfigurationSettings, Constants.IsPowerShellWebService);
IL_1FA :;
}
this.currentAuthZUserToken = new AuthZPluginUserToken(exchangeExpiringRunspaceConfiguration.DelegatedPrincipal, exchangeExpiringRunspaceConfiguration.LogonUser, authenticatedType, exchangeExpiringRunspaceConfiguration.IdentityName);
ADRawEntry logonUser = exchangeExpiringRunspaceConfiguration.LogonUser;
if (logonUser[ADRecipientSchema.RemotePowerShellEnabled] != null && !(bool)logonUser[ADRecipientSchema.RemotePowerShellEnabled])
{
AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", "RemotePowerShellEnabled false", false);
ExTraceGlobals.AccessDeniedTracer.TraceError <string>(0L, "EAP.GetInitialSessionStateCore user {0} is not allowed to use remote Powershell, access denied", executingUserIdentity.Name);
AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
throw new RemotePowerShellNotEnabledException(Strings.ErrorRemotePowerShellNotEnabled);
}
if (exchangeExpiringRunspaceConfiguration.DelegatedPrincipal == null)
{
ExchangeAuthorizationPlugin.ValidateQueryString(senderInfo.ConnectionString, logonUser);
}
else if (exchangeExpiringRunspaceConfiguration.DelegatedPrincipal.UserOrganizationId == null)
{
AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", "User Token is delegated user, but user.OrgId is null.", false);
ExTraceGlobals.AccessDeniedTracer.TraceError(0L, "EAP.GetInitialSessionStateCore delegated user is not in organization.");
AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
throw new DelegatedUserNotInOrgException(Strings.ErrorDelegatedUserNotInOrg);
}
string friendlyName = exchangeExpiringRunspaceConfiguration.OrganizationId.GetFriendlyName();
if (exchangeExpiringRunspaceConfiguration.HasAdminRoles && exchangeExpiringRunspaceConfiguration.IsAppPasswordUsed)
{
AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", string.Format("User {0} of Domain {1} is not allowed to create session using app password.", userInfo.Identity.Name, friendlyName), false);
AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
throw new AppPasswordLoginException(Strings.ErrorAdminLoginUsingAppPassword);
}
if (string.Equals(executingUserIdentity.AuthenticationType, "LiveIdBasic", StringComparison.OrdinalIgnoreCase) || DelegatedPrincipal.DelegatedAuthenticationType.Equals(executingUserIdentity.AuthenticationType, StringComparison.OrdinalIgnoreCase))
{
using (new MonitoredScope("GetInitialSessionStateCore", "ValidateFilteringOnlyUser", AuthZLogHelper.AuthZPerfMonitors))
{
if (UserValidationHelper.ValidateFilteringOnlyUser(friendlyName, this.currentAuthZUserToken.WindowsLiveId))
{
AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", string.Format("User {0} of Domain {1} doesn't have valid subscriptions for Exchange Hosted.", userInfo.Identity.Name, friendlyName), false);
AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
throw new FilteringOnlyUserLoginException(Strings.ErrorFilteringOnlyUserLogin);
}
}
}
InitialSessionState initialSessionState;
using (new MonitoredScope("GetInitialSessionStateCore", "exchangeRunspaceConfig.CreateInitialSessionState", AuthZLogHelper.AuthZPerfMonitors))
{
initialSessionState = exchangeExpiringRunspaceConfiguration.CreateInitialSessionState();
}
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <int>((long)this.GetHashCode(), "EAP.GetInitialSessionState(PSSenderInfo) returns ISS with {0} commands", initialSessionState.Commands.Count);
result = initialSessionState;
}
return(result);
}
public static bool IsFFOGallatinDatacenter()
{
return(DatacenterRegistry.IsFFOGallatinDatacenter());
}
private bool ShouldBufferBatches()
{
return(DatacenterRegistry.IsForefrontForOffice() && (this.logPrefix.StartsWith("MSGTRKSPLIT", StringComparison.OrdinalIgnoreCase) || this.logPrefix.StartsWith("MSGTRACECOMBOSPLIT", StringComparison.OrdinalIgnoreCase)) && this.messageBatchFlushInterval > 0);
}
public static bool IsDatacenterDedicated()
{
return(DatacenterRegistry.IsDatacenterDedicated());
}
// Token: 0x06001171 RID: 4465 RVA: 0x00054010 File Offset: 0x00052210
public static bool IsDehydratedConfiguration(OrganizationId orgId)
{
return(Globals.IsDatacenter && !(orgId == null) && !OrganizationId.ForestWideOrgId.Equals(orgId) && !DatacenterRegistry.IsForefrontForOffice() && ProvisioningCache.Instance.TryAddAndGetOrganizationData <bool>(CannedProvisioningCacheKeys.IsDehydratedConfigurationCacheKey, orgId, delegate()
{
IConfigurationSession tenantOrTopologyConfigurationSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(ConsistencyMode.FullyConsistent, ADSessionSettings.FromAllTenantsPartitionId(orgId.PartitionId), 310, "IsDehydratedConfiguration", "f:\\15.00.1497\\sources\\dev\\data\\src\\directory\\SharedConfiguration.cs");
ExchangeConfigurationUnit[] array = tenantOrTopologyConfigurationSession.Find <ExchangeConfigurationUnit>(orgId.ConfigurationUnit, QueryScope.Base, new ExistsFilter(OrganizationSchema.SupportedSharedConfigurations), null, 1);
return array != null && array.Length == 1 && array[0].IsDehydrated;
}));
}
public AdminAuditLogEvent[] Search()
{
TaskLogger.LogEnter();
TaskLogger.Trace("Search criteria:\\r\\n{0}", new object[]
{
this.searchCriteria.ToString()
});
if (DatacenterRegistry.IsForefrontForOffice())
{
return(this.SearchInFFO());
}
ADUser tenantArbitrationMailbox;
try
{
tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(this.searchCriteria.OrganizationId);
}
catch (ObjectNotFoundException innerException)
{
TaskLogger.Trace("ObjectNotFoundException occurred when getting Exchange principal from the discovery mailbox user.", new object[0]);
throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException);
}
catch (NonUniqueRecipientException innerException2)
{
TaskLogger.Trace("More than one tenant arbitration mailbox found for the current organization.", new object[0]);
throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException2);
}
Exception ex = null;
ExchangePrincipal principal = ExchangePrincipal.FromADUser(this.searchCriteria.OrganizationId.ToADSessionSettings(), tenantArbitrationMailbox, RemotingOptions.AllowCrossSite);
AdminAuditLogEvent[] result;
try
{
TaskLogger.Trace("Opening EWS connection for the tenant arbitration mailbox", new object[0]);
EwsAuditClient ewsAuditClient = new EwsAuditClient(new EwsConnectionManager(principal, OpenAsAdminOrSystemServiceBudgetTypeType.Default, AdminAuditLogSearchWorker.Tracer), TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), AdminAuditLogSearchWorker.Tracer);
FolderIdType folderIdType = null;
ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.root, DistinguishedFolderIdNameType.recoverableitemsroot, out folderIdType);
ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.recoverableitemsroot, DistinguishedFolderIdNameType.adminauditlogs, out folderIdType);
if (folderIdType == null)
{
result = Array <AdminAuditLogEvent> .Empty;
}
else
{
EwsAuditLogCollection logCollection = new EwsAuditLogCollection(ewsAuditClient, folderIdType);
AuditLogSearchId auditLogSearchId = this.searchCriteria.Identity as AuditLogSearchId;
IEnumerable <AdminAuditLogEvent> source;
if (this.UseFASTQuery())
{
QueryStringType queryFilter = this.GenerateFASTSearchQueryString();
source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, QueryStringType>(logCollection, queryFilter, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer);
}
else
{
RestrictionType queryFilter2 = this.GenerateSearchQueryFilterForEWS();
source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, RestrictionType>(logCollection, queryFilter2, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer);
}
if (this.searchStatistics != null)
{
this.searchStatistics.QueryComplexity = this.searchCriteria.QueryComplexity;
this.searchStatistics.CorrelationID = ((auditLogSearchId != null) ? auditLogSearchId.Guid.ToString() : string.Empty);
}
AdminAuditLogEvent[] array = source.Take(this.searchCriteria.ResultSize).ToArray <AdminAuditLogEvent>();
this.RedactCallerField(array);
if (this.searchStatistics != null)
{
this.searchStatistics.ResultsReturned += array.LongLength;
this.searchStatistics.CallResult = true;
}
result = array;
}
}
catch (StorageTransientException ex2)
{
ex = ex2;
TaskLogger.Trace("Search admin audit log failed with transient storage exception. {0}", new object[]
{
ex2
});
throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex2, this.searchCriteria);
}
catch (StoragePermanentException ex3)
{
ex = ex3;
TaskLogger.Trace("Search admin audit log failed with permanent storage exception. {0}", new object[]
{
ex3
});
throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex3, this.searchCriteria);
}
catch (AuditLogException ex4)
{
ex = ex4;
TaskLogger.Trace("Search admin audit log failed with storage exception. {0}", new object[]
{
ex4
});
throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex4, this.searchCriteria);
}
finally
{
if (this.searchStatistics != null && ex != null)
{
this.searchStatistics.ErrorType = ex;
this.searchStatistics.ErrorCount++;
}
TaskLogger.LogExit();
}
return(result);
}
internal static bool IsForefrontObject(ADObjectId id)
{
return(DatacenterRegistry.IsForefrontForOffice() && id.Depth >= 3 && string.Equals(id.AncestorDN(id.Depth - 3).Name, "FFO", StringComparison.OrdinalIgnoreCase) && string.Equals(id.AncestorDN(id.Depth - 2).Name, "EXTEST", StringComparison.OrdinalIgnoreCase) && string.Equals(id.AncestorDN(id.Depth - 1).Name, "MICROSOFT", StringComparison.OrdinalIgnoreCase) && string.Equals(id.AncestorDN(id.Depth).Name, "COM", StringComparison.OrdinalIgnoreCase));
}
private EcpIdentity(IIdentity logonUserIdentity, string cacheKeySuffix, bool isExplicitSignon)
{
this.IsExplicitSignon = isExplicitSignon;
this.identityResolved = !isExplicitSignon;
this.cacheKeySuffix = cacheKeySuffix;
this.LogonUserIdentity = logonUserIdentity;
if (logonUserIdentity.AuthenticationType != DelegatedPrincipal.DelegatedAuthenticationType && !DatacenterRegistry.IsForefrontForOffice())
{
this.logonUserSid = logonUserIdentity.GetSecurityIdentifier();
}
}
