Exemplo n.º 1
0
 public SharingPolicyDomain(string domain, SharingPolicyAction actions)
 {
     domain = (StringComparer.OrdinalIgnoreCase.Equals(domain, "Anonymous") ? "Anonymous" : domain);
     SharingPolicyDomain.Validate(domain, actions);
     this.Domain  = domain;
     this.Actions = actions;
 }
Exemplo n.º 2
0
        internal SharingPolicyAction GetAllowedForAnonymousMeetingSharing()
        {
            SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0;

            if (this.Enabled)
            {
                foreach (SharingPolicyDomain sharingPolicyDomain in this.Domains)
                {
                    if (sharingPolicyDomain.Domain == "Anonymous")
                    {
                        if ((sharingPolicyDomain.Actions & SharingPolicyAction.MeetingFullDetails) == SharingPolicyAction.MeetingFullDetails)
                        {
                            sharingPolicyAction |= SharingPolicyAction.MeetingFullDetails;
                        }
                        if ((sharingPolicyDomain.Actions & SharingPolicyAction.MeetingFullDetailsWithAttendees) == SharingPolicyAction.MeetingFullDetailsWithAttendees)
                        {
                            sharingPolicyAction |= SharingPolicyAction.MeetingFullDetailsWithAttendees;
                        }
                        if ((sharingPolicyDomain.Actions & SharingPolicyAction.MeetingLimitedDetails) == SharingPolicyAction.MeetingLimitedDetails)
                        {
                            sharingPolicyAction |= SharingPolicyAction.MeetingLimitedDetails;
                            break;
                        }
                        break;
                    }
                }
            }
            return(sharingPolicyAction);
        }
Exemplo n.º 3
0
        internal SharingPolicyAction GetAllowedForAnonymousCalendarSharing()
        {
            SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0;

            if (this.Enabled)
            {
                foreach (SharingPolicyDomain sharingPolicyDomain in this.Domains)
                {
                    if (sharingPolicyDomain.Domain == "Anonymous")
                    {
                        if ((sharingPolicyDomain.Actions & SharingPolicyAction.CalendarSharingFreeBusyDetail) == SharingPolicyAction.CalendarSharingFreeBusyDetail)
                        {
                            sharingPolicyAction |= SharingPolicyAction.CalendarSharingFreeBusyDetail;
                        }
                        if ((sharingPolicyDomain.Actions & SharingPolicyAction.CalendarSharingFreeBusySimple) == SharingPolicyAction.CalendarSharingFreeBusySimple)
                        {
                            sharingPolicyAction |= SharingPolicyAction.CalendarSharingFreeBusySimple;
                        }
                        if ((sharingPolicyDomain.Actions & SharingPolicyAction.CalendarSharingFreeBusyReviewer) == SharingPolicyAction.CalendarSharingFreeBusyReviewer)
                        {
                            sharingPolicyAction |= SharingPolicyAction.CalendarSharingFreeBusyReviewer;
                            break;
                        }
                        break;
                    }
                }
            }
            return(sharingPolicyAction);
        }
        // Token: 0x06000E4F RID: 3663 RVA: 0x00056108 File Offset: 0x00054308
        private void ApplyPolicyToFolder(SharingPolicy policy, FolderData folderData)
        {
            StoreObjectType objectType = ObjectClass.GetObjectType(folderData.Folder.ClassName);
            List <PermissionSecurityPrincipal> list = new List <PermissionSecurityPrincipal>();
            PermissionSet permissionSet             = folderData.Folder.GetPermissionSet();

            foreach (Permission permission in permissionSet)
            {
                if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal)
                {
                    SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0;
                    if (policy != null)
                    {
                        sharingPolicyAction = (permission.Principal.ExternalUser.IsReachUser ? policy.GetAllowedForAnonymousCalendarSharing() : policy.GetAllowed(permission.Principal.ExternalUser.SmtpAddress.Domain));
                    }
                    MemberRights memberRights = MemberRights.None;
                    if (sharingPolicyAction != (SharingPolicyAction)0)
                    {
                        memberRights = PolicyAllowedMemberRights.GetAllowed(sharingPolicyAction, objectType);
                    }
                    if (memberRights == MemberRights.None)
                    {
                        list.Add(permission.Principal);
                    }
                    else
                    {
                        MemberRights memberRights2 = ~memberRights & permission.MemberRights;
                        if (memberRights2 != MemberRights.None)
                        {
                            if (objectType == StoreObjectType.CalendarFolder)
                            {
                                if ((permission.MemberRights & MemberRights.ReadAny) != MemberRights.None)
                                {
                                    permission.MemberRights |= MemberRights.FreeBusyDetailed;
                                }
                                if ((permission.MemberRights & MemberRights.FreeBusyDetailed) != MemberRights.None)
                                {
                                    permission.MemberRights |= MemberRights.FreeBusySimple;
                                }
                            }
                            permission.MemberRights = (memberRights & permission.MemberRights);
                            folderData.IsChanged    = true;
                        }
                    }
                }
            }
            if (list.Count > 0)
            {
                foreach (PermissionSecurityPrincipal securityPrincipal in list)
                {
                    permissionSet.RemoveEntry(securityPrincipal);
                }
                folderData.IsChanged = true;
            }
        }
        protected override void InternalSave(ConfigurableObject instance)
        {
            if (instance == null)
            {
                throw new ArgumentNullException("instance");
            }
            MailboxCalendarFolder mailboxCalendarFolder = instance as MailboxCalendarFolder;

            if (mailboxCalendarFolder == null)
            {
                throw new NotSupportedException("Save: " + instance.GetType().FullName);
            }
            if (mailboxCalendarFolder.PublishEnabled)
            {
                SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(base.MailboxSession.MailboxOwner.MailboxInfo.MailboxGuid, base.MailboxSession.MailboxOwner.MailboxInfo.IsArchive, base.MailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid));
                if (sharingPolicy == null || !sharingPolicy.Enabled || !sharingPolicy.IsAllowedForAnonymousCalendarSharing())
                {
                    throw new NotAllowedPublishingByPolicyException();
                }
                SharingPolicyAction allowedForAnonymousCalendarSharing = sharingPolicy.GetAllowedForAnonymousCalendarSharing();
                int maxAllowed = PolicyAllowedDetailLevel.GetMaxAllowed(allowedForAnonymousCalendarSharing);
                if (mailboxCalendarFolder.DetailLevel > (DetailLevelEnumType)maxAllowed)
                {
                    throw new NotAllowedPublishingByPolicyException(mailboxCalendarFolder.DetailLevel, (DetailLevelEnumType)maxAllowed);
                }
            }
            MailboxFolderId mailboxFolderId = mailboxCalendarFolder.MailboxFolderId;
            StoreObjectId   folderId        = mailboxFolderId.StoreObjectIdValue ?? base.ResolveStoreObjectIdFromFolderPath(mailboxFolderId.MailboxFolderPath);

            if (folderId == null || folderId.ObjectType != StoreObjectType.CalendarFolder)
            {
                throw new CantFindCalendarFolderException(mailboxFolderId);
            }
            using (CalendarFolder calendarFolder = CalendarFolder.Bind(base.MailboxSession, folderId))
            {
                ExtendedFolderFlags?valueAsNullable = calendarFolder.GetValueAsNullable <ExtendedFolderFlags>(FolderSchema.ExtendedFolderFlags);
                if (valueAsNullable != null && (valueAsNullable.Value & ExtendedFolderFlags.PersonalShare) != (ExtendedFolderFlags)0)
                {
                    throw new CannotShareFolderException(ServerStrings.CannotShareOtherPersonalFolder);
                }
                this.SaveSharingAnonymous(mailboxCalendarFolder, folderId);
                if (!mailboxCalendarFolder.PublishEnabled)
                {
                    mailboxCalendarFolder.PublishedCalendarUrl = null;
                    mailboxCalendarFolder.PublishedICalUrl     = null;
                }
                UserConfigurationDictionaryHelper.Save(mailboxCalendarFolder, MailboxCalendarFolder.CalendarFolderConfigurationProperties, (bool createIfNonexisting) => UserConfigurationHelper.GetPublishingConfiguration(this.MailboxSession, folderId, createIfNonexisting));
                if (MailboxCalendarFolderDataProvider.UpdateExtendedFolderFlags(mailboxCalendarFolder, calendarFolder))
                {
                    calendarFolder.Save();
                }
            }
        }
        private void EnforceSharingPolicy(MailboxSession mailboxSession, ICollection <MapiAclTableRestriction.ExternalUserPermission> externalUserPermissions)
        {
            Util.ThrowOnNullArgument(mailboxSession, "mailboxSession");
            if (externalUserPermissions == null || externalUserPermissions.Count == 0)
            {
                return;
            }
            List <RightsNotAllowedRecipient> list = new List <RightsNotAllowedRecipient>(externalUserPermissions.Count);
            SharingPolicy sharingPolicy           = null;

            foreach (MapiAclTableRestriction.ExternalUserPermission externalUserPermission in externalUserPermissions)
            {
                if (sharingPolicy == null)
                {
                    IMailboxInfo mailboxInfo = mailboxSession.MailboxOwner.MailboxInfo;
                    sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxInfo.MailboxGuid, mailboxInfo.IsArchive, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid));
                    if (sharingPolicy == null)
                    {
                        ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: No policy assigned means no external sharing is allowed for this user.", mailboxSession.MailboxOwner);
                        throw new NotAllowedExternalSharingByPolicyException();
                    }
                }
                if (!sharingPolicy.Enabled)
                {
                    ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: A disabled policy means no external sharing is allowed for this user.", mailboxSession.MailboxOwner);
                    throw new NotAllowedExternalSharingByPolicyException();
                }
                SharingPolicyAction sharingPolicyAction = externalUserPermission.Principal.ExternalUser.IsReachUser ? sharingPolicy.GetAllowedForAnonymousCalendarSharing() : sharingPolicy.GetAllowed(externalUserPermission.Principal.ExternalUser.SmtpAddress.Domain);
                if (sharingPolicyAction == (SharingPolicyAction)0)
                {
                    ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: Policy does not allow granting permissions to {1}.", mailboxSession.MailboxOwner, externalUserPermission.Principal);
                    throw new PrincipalNotAllowedByPolicyException(externalUserPermission.Principal);
                }
                MemberRights allowed      = PolicyAllowedMemberRights.GetAllowed(sharingPolicyAction, this.FolderInfo.StoreObjectType);
                MemberRights memberRights = ~allowed & externalUserPermission.MemberRights;
                if (memberRights != MemberRights.None)
                {
                    ExTraceGlobals.StorageTracer.TraceDebug((long)this.GetHashCode(), "{0}: Policy does not allow granting permission {1} to {2} on {3} folder '{4}'.", new object[]
                    {
                        mailboxSession.MailboxOwner,
                        memberRights,
                        externalUserPermission.Principal,
                        this.FolderInfo.StoreObjectType,
                        this.FolderInfo.DisplayName
                    });
                    list.Add(new RightsNotAllowedRecipient(externalUserPermission.Principal, memberRights));
                }
            }
            if (list.Count > 0)
            {
                throw new RightsNotAllowedByPolicyException(list.ToArray(), this.FolderInfo.StoreObjectType, this.FolderInfo.DisplayName);
            }
        }
Exemplo n.º 7
0
        public static int GetMaxAllowed(SharingPolicyAction allowedActions)
        {
            EnumValidator.ThrowIfInvalid <SharingPolicyAction>(allowedActions, "allowedActions");
            int num = 0;

            foreach (PolicyAllowedDetailLevel policyAllowedDetailLevel in PolicyAllowedDetailLevel.Rules)
            {
                if ((allowedActions & policyAllowedDetailLevel.action) == policyAllowedDetailLevel.action && num < (int)policyAllowedDetailLevel.maxAllowedDetailLevel)
                {
                    num = (int)policyAllowedDetailLevel.maxAllowedDetailLevel;
                }
            }
            return(num);
        }
Exemplo n.º 8
0
 private static void Validate(string domain, SharingPolicyAction actions)
 {
     if (!SmtpAddress.IsValidDomain(domain) && domain != "*" && domain != "Anonymous")
     {
         throw new StrongTypeFormatException(DataStrings.SharingPolicyDomainInvalidDomain(domain), "Domain");
     }
     if (domain == "Anonymous" && (actions & SharingPolicyAction.ContactsSharing) != (SharingPolicyAction)0)
     {
         throw new StrongTypeFormatException(DataStrings.SharingPolicyDomainInvalidActionForAnonymous(actions.ToString()), "Actions");
     }
     if (domain != "Anonymous" && ((actions & SharingPolicyAction.MeetingFullDetails) == SharingPolicyAction.MeetingFullDetails || (actions & SharingPolicyAction.MeetingLimitedDetails) == SharingPolicyAction.MeetingLimitedDetails || (actions & SharingPolicyAction.MeetingFullDetailsWithAttendees) == SharingPolicyAction.MeetingFullDetailsWithAttendees))
     {
         throw new StrongTypeFormatException(DataStrings.SharingPolicyDomainInvalidActionForDomain(actions.ToString()), "Actions");
     }
 }
Exemplo n.º 9
0
        public static MemberRights GetAllowed(SharingPolicyAction allowedActions, StoreObjectType storeObjectType)
        {
            EnumValidator.ThrowIfInvalid <StoreObjectType>(storeObjectType, "storeObjectType");
            EnumValidator.ThrowIfInvalid <SharingPolicyAction>(allowedActions, "allowedActions");
            MemberRights memberRights = MemberRights.None;

            foreach (PolicyAllowedMemberRights policyAllowedMemberRights in PolicyAllowedMemberRights.Rights)
            {
                if (policyAllowedMemberRights.storeObjectType == storeObjectType && (allowedActions & policyAllowedMemberRights.action) == policyAllowedMemberRights.action)
                {
                    memberRights |= policyAllowedMemberRights.allowedRights;
                }
            }
            return(memberRights);
        }
Exemplo n.º 10
0
 internal bool IsAllowedForAnySharing(string domain, SharingPolicyAction actions)
 {
     if (this.Enabled)
     {
         foreach (SharingPolicyDomain sharingPolicyDomain in this.Domains)
         {
             if ((sharingPolicyDomain.Actions & actions) != (SharingPolicyAction)0 && SharingPolicy.IsDomainMatch(sharingPolicyDomain.Domain, domain))
             {
                 return(true);
             }
         }
         return(false);
     }
     return(false);
 }
Exemplo n.º 11
0
        internal SharingPolicyAction GetAllowed(string domain)
        {
            SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0;

            if (this.Enabled)
            {
                foreach (SharingPolicyDomain sharingPolicyDomain in this.Domains)
                {
                    if (SharingPolicy.IsDomainMatch(sharingPolicyDomain.Domain, domain))
                    {
                        sharingPolicyAction |= sharingPolicyDomain.Actions;
                    }
                }
            }
            return(sharingPolicyAction);
        }
Exemplo n.º 12
0
 private PolicyAllowedMemberRights(StoreObjectType storeObjectType, SharingPolicyAction action, MemberRights allowedRights)
 {
     this.storeObjectType = storeObjectType;
     this.action          = action;
     this.allowedRights   = allowedRights;
 }
Exemplo n.º 13
0
        public EncryptionResults Encrypt(IExchangePrincipal mailboxOwner, IRecipientSession recipientSession, ExternalUserCollection externalUserCollection, ValidRecipient[] recipients, string sender, string containerClass, string folderId, IFrontEndLocator frontEndLocator)
        {
            SharingDataType sharingDataType = SharingDataType.FromContainerClass(containerClass);

            if (sharingDataType == null || !sharingDataType.IsExternallySharable)
            {
                throw new ArgumentOutOfRangeException("containerClass");
            }
            ADUser aduser = DirectoryHelper.ReadADRecipient(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession) as ADUser;

            if (aduser == null)
            {
                SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The Active Directory user was not found. Sender={1}.", this, sender);
                throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
            }
            ProxyAddress item = new SmtpProxyAddress(sender, false);

            if (!aduser.EmailAddresses.Contains(item))
            {
                SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The SMTP address was not found in the user AD object for this mailbox. Sender={1}.", this, sender);
                throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
            }
            SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession);

            SharedFolderDataEncryption.Tracer.TraceDebug <SharedFolderDataEncryption, object>((long)this.GetHashCode(), "{0}: Sharing policy to be applied to this user: {1}", this, (sharingPolicy == null) ? "<null>" : sharingPolicy.Id);
            SharingPolicyAction sharingPolicyActions = SharedFolderDataEncryption.GetSharingPolicyActions(sharingDataType.StoreObjectType);

            SharedFolderDataRecipient[] externalIdentities = SharedFolderDataEncryption.GetExternalIdentities(externalUserCollection, recipients);
            List <InvalidRecipient>     list = new List <InvalidRecipient>();
            Dictionary <TokenTarget, List <SharedFolderDataRecipient> > dictionary = new Dictionary <TokenTarget, List <SharedFolderDataRecipient> >(externalIdentities.Length, SharedFolderDataEncryption.TokenTargetComparer);

            for (int i = 0; i < recipients.Length; i++)
            {
                SharedFolderDataRecipient item2          = externalIdentities[i];
                ValidRecipient            validRecipient = recipients[i];
                SmtpAddress smtpAddress = new SmtpAddress(validRecipient.SmtpAddress);
                string      domain      = smtpAddress.Domain;
                if (sharingPolicy == null || !sharingPolicy.IsAllowedForAnySharing(domain, sharingPolicyActions))
                {
                    SharedFolderDataEncryption.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Sharing policy does not allow user to share with domain {0}", domain);
                    list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.SystemPolicyBlocksSharingWithThisRecipient));
                }
                else
                {
                    SmtpAddress smtpAddress2 = new SmtpAddress(validRecipient.SmtpAddressForEncryption);
                    TokenTarget tokenTarget  = TargetUriResolver.Resolve(smtpAddress2.Domain, aduser.OrganizationId);
                    if (tokenTarget == null)
                    {
                        list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.RecipientOrganizationNotFederated));
                    }
                    else
                    {
                        List <SharedFolderDataRecipient> list2;
                        if (!dictionary.TryGetValue(tokenTarget, out list2))
                        {
                            list2 = new List <SharedFolderDataRecipient>(1);
                            dictionary.Add(tokenTarget, list2);
                        }
                        list2.Add(item2);
                    }
                }
            }
            List <EncryptedSharedFolderData> list3 = new List <EncryptedSharedFolderData>(dictionary.Count);
            SharedFolderData sharedFolderData      = new SharedFolderData();

            sharedFolderData.DataType          = sharingDataType.ExternalName;
            sharedFolderData.FolderId          = folderId;
            sharedFolderData.SharingUrl        = this.GetSharingUrl(aduser, frontEndLocator);
            sharedFolderData.FederationUri     = this.externalAuthentication.TokenValidator.TargetUri.ToString();
            sharedFolderData.SenderSmtpAddress = sender;
            DelegationTokenRequest delegationTokenRequest = new DelegationTokenRequest
            {
                FederatedIdentity = aduser.GetFederatedIdentity(),
                EmailAddress      = aduser.GetFederatedSmtpAddress(new SmtpAddress(sender)).ToString(),
                Offer             = Offer.SharingInviteMessage
            };
            SecurityTokenService securityTokenService = this.externalAuthentication.GetSecurityTokenService(aduser.OrganizationId);

            foreach (KeyValuePair <TokenTarget, List <SharedFolderDataRecipient> > keyValuePair in dictionary)
            {
                delegationTokenRequest.Target = keyValuePair.Key;
                sharedFolderData.Recipients   = keyValuePair.Value.ToArray();
                try
                {
                    RequestedToken requestedToken = securityTokenService.IssueToken(delegationTokenRequest);
                    list3.Add(this.Encrypt(requestedToken, sharedFolderData));
                }
                catch (WSTrustException ex)
                {
                    foreach (SharedFolderDataRecipient sharedFolderDataRecipient in sharedFolderData.Recipients)
                    {
                        list.Add(new InvalidRecipient(sharedFolderDataRecipient.SmtpAddress, SharedFolderDataEncryption.GetResponseCodeFromException(ex), ex.ToString()));
                    }
                }
            }
            return(new EncryptionResults(list3.ToArray(), list.ToArray()));
        }
Exemplo n.º 14
0
 private PolicyAllowedDetailLevel(SharingPolicyAction action, DetailLevelEnumType maxAllowedDetailLevel)
 {
     this.action = action;
     this.maxAllowedDetailLevel = maxAllowedDetailLevel;
 }