// Token: 0x06000D6E RID: 3438 RVA: 0x00049944 File Offset: 0x00047B44 public OofSetting(XmlNode request, XmlNode response, MailboxSession mailboxSession, DeviceAccessState currentAccessState, ProtocolLogger protocolLogger) : base(request, response, protocolLogger) { this.mailboxSession = mailboxSession; this.verbResponseNodes = new List <XmlNode>(); this.currentAccessState = currentAccessState; }
private static bool ParsePolicyEvaluationStatusToAccessState(string evalPolicyStatus, out DeviceAccessState accessState, out DeviceAccessStateReason accessReason) { accessState = DeviceAccessState.Unknown; accessReason = DeviceAccessStateReason.ExternallyManaged; bool result = true; DeviceQueryStatus deviceQueryStatus; if (!Enum.TryParse <DeviceQueryStatus>(evalPolicyStatus, out deviceQueryStatus)) { deviceQueryStatus = DeviceQueryStatus.Unknown; AirSyncDiagnostics.TraceDebug <string>(ExTraceGlobals.RequestsTracer, 0, "Invalid status returned by graph query {0} ", evalPolicyStatus); } switch (deviceQueryStatus) { case DeviceQueryStatus.Success: accessState = DeviceAccessState.Allowed; break; case DeviceQueryStatus.DeviceNotFound: case DeviceQueryStatus.DeviceNotManaged: accessState = DeviceAccessState.Quarantined; accessReason = DeviceAccessStateReason.ExternalEnrollment; break; case DeviceQueryStatus.DeviceNotCompliant: accessState = DeviceAccessState.Quarantined; accessReason = DeviceAccessStateReason.ExternalCompliance; break; case DeviceQueryStatus.DeviceNotEnabled: result = false; accessState = DeviceAccessState.Blocked; break; case DeviceQueryStatus.PolicyEvaluationFailure: accessState = DeviceAccessState.Blocked; break; default: throw new ArgumentException(string.Format("Invalid device status returned by AAD. {0}", evalPolicyStatus)); } return(result); }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); bool flag = this.principal.RecipientTypeDetails == RecipientTypeDetails.MonitoringMailbox; try { this.mailboxSession = MailboxSession.OpenAsAdmin(this.principal, CultureInfo.InvariantCulture, "Client=Management;Action=Get-MobileDeviceStatistics"); List <DeviceInfo> list = new List <DeviceInfo>(); if (base.Fields["ActiveSync"] == null && base.Fields["OWAforDevices"] == null) { base.Fields["ActiveSync"] = new SwitchParameter(true); base.Fields["OWAforDevices"] = new SwitchParameter(true); } else if (base.Fields["ActiveSync"] == null) { if (this.OWAforDevices == false) { base.Fields["ActiveSync"] = new SwitchParameter(true); } } else if (base.Fields["OWAforDevices"] == null && this.ActiveSync == false) { base.Fields["OWAforDevices"] = new SwitchParameter(true); } if (this.ActiveSync == true) { DeviceInfo[] allDeviceInfo = DeviceInfo.GetAllDeviceInfo(this.mailboxSession, MobileClientType.EAS); if (allDeviceInfo != null) { list.AddRange(allDeviceInfo); } } if (this.OWAforDevices == true) { DeviceInfo[] allDeviceInfo2 = DeviceInfo.GetAllDeviceInfo(this.mailboxSession, MobileClientType.MOWA); if (allDeviceInfo2 != null) { list.AddRange(allDeviceInfo2); } } if (list != null) { List <MobileDevice> allMobileDevices = this.GetAllMobileDevices(); int num = 0; using (List <DeviceInfo> .Enumerator enumerator = list.GetEnumerator()) { while (enumerator.MoveNext()) { DeviceInfo deviceInfo = enumerator.Current; if (deviceInfo.DeviceADObjectId != null && ADObjectId.Equals(deviceInfo.UserADObjectId, this.principal.ObjectId)) { MobileDevice mobileDevice = allMobileDevices.Find((MobileDevice currentDevice) => currentDevice.DeviceId.Equals(deviceInfo.DeviceIdentity.DeviceId)); if (mobileDevice != null) { num++; this.deviceConfiguration = this.CreateDeviceConfiguration(deviceInfo); if (this.Identity != null) { TIdentity identity = this.Identity; if (!identity.InternalADObjectId.Equals(this.deviceConfiguration.Identity)) { continue; } } if (mobileDevice != null && this.deviceConfiguration.DeviceAccessStateReason < DeviceAccessStateReason.UserAgentsChanges && mobileDevice.ClientType == MobileClientType.EAS) { if (!flag) { DeviceAccessState deviceAccessState = DeviceAccessState.Unknown; DeviceAccessStateReason deviceAccessStateReason = DeviceAccessStateReason.Unknown; ADObjectId deviceAccessControlRule = null; bool flag2 = false; if (mobileDevice.OrganizationId != OrganizationId.ForestWideOrgId && (mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Individual || mobileDevice.DeviceAccessState != DeviceAccessState.Blocked) && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Policy) { Command.DetermineDeviceAccessState(this.LoadAbq(OrganizationId.ForestWideOrgId), mobileDevice.DeviceType, mobileDevice.DeviceModel, mobileDevice.DeviceUserAgent, mobileDevice.DeviceOS, out deviceAccessState, out deviceAccessStateReason, out deviceAccessControlRule); if (deviceAccessState == DeviceAccessState.Blocked) { mobileDevice.DeviceAccessState = deviceAccessState; mobileDevice.DeviceAccessStateReason = deviceAccessStateReason; mobileDevice.DeviceAccessControlRule = deviceAccessControlRule; flag2 = true; } } if (!flag2 && mobileDevice.DeviceAccessState != DeviceAccessState.DeviceDiscovery && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Individual && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Upgrade && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Policy) { Command.DetermineDeviceAccessState(this.LoadAbq(mobileDevice.OrganizationId), mobileDevice.DeviceType, mobileDevice.DeviceModel, mobileDevice.DeviceUserAgent, mobileDevice.DeviceOS, out deviceAccessState, out deviceAccessStateReason, out deviceAccessControlRule); mobileDevice.DeviceAccessState = deviceAccessState; mobileDevice.DeviceAccessStateReason = deviceAccessStateReason; mobileDevice.DeviceAccessControlRule = deviceAccessControlRule; } } this.deviceConfiguration.DeviceAccessState = mobileDevice.DeviceAccessState; this.deviceConfiguration.DeviceAccessStateReason = mobileDevice.DeviceAccessStateReason; this.deviceConfiguration.DeviceAccessControlRule = mobileDevice.DeviceAccessControlRule; } if (this.ShowRecoveryPassword == false) { this.deviceConfiguration.RecoveryPassword = "******"; } if (this.GetMailboxLog) { this.deviceConfiguration.MailboxLogReport = deviceInfo.GetOrCreateMailboxLogReport(this.mailboxSession); } base.WriteObject(this.deviceConfiguration); if (this.Identity != null) { this.ProcessMailboxLogger(new DeviceInfo[] { deviceInfo }); } } } } } if (this.Identity == null) { this.ProcessMailboxLogger(list.ToArray()); } if (num > 0) { using (IBudget budget = StandardBudget.Acquire(this.mailboxSession.MailboxOwner.Sid, BudgetType.Eas, this.mailboxSession.GetADSessionSettings())) { if (budget != null) { IThrottlingPolicy throttlingPolicy = budget.ThrottlingPolicy; if (throttlingPolicy != null && !throttlingPolicy.EasMaxDevices.IsUnlimited && (long)num >= (long)((ulong)throttlingPolicy.EasMaxDevices.Value)) { this.WriteWarning((num == 1) ? Strings.MaxDevicesReachedSingular(throttlingPolicy.EasMaxDevices.Value) : Strings.MaxDevicesReached(num, throttlingPolicy.EasMaxDevices.Value)); } } } } } } catch (StorageTransientException ex) { TaskLogger.LogError(ex); base.WriteError(ex, ErrorCategory.ReadError, this.principal); } catch (StoragePermanentException ex2) { TaskLogger.LogError(ex2); base.WriteError(ex2, ErrorCategory.InvalidOperation, this.principal); } finally { if (this.mailboxSession != null) { this.mailboxSession.Dispose(); } TaskLogger.LogExit(); } }
internal static bool GetDeviceStatus(OrganizationId orgId, string deviceID, string externalUserObjectId, bool isSupportedDevice, out DeviceAccessState accessState, out DeviceAccessStateReason accessReason) { bool flag = false; bool flag2 = true; accessState = DeviceAccessState.Unknown; accessReason = DeviceAccessStateReason.Unknown; string text = string.Empty; try { if (!GlobalSettings.DisableDeviceHealthStatusCache && GraphApiHelper.deviceComplianceStatusCache.Value.TryGetValue(GraphApiHelper.GetCacheKey(externalUserObjectId, deviceID), out text)) { flag = true; flag2 = GraphApiHelper.ParsePolicyEvaluationStatusToAccessState(text, out accessState, out accessReason); AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, 0, "Retrieved device status from Cache. AccessState:{1}, AccessReason:{2}, IsEnabled:{3}, DeviceStatus:{0}, ", new object[] { accessState, accessReason, flag2, text }); return(flag2); } IAadClient aadClient = null; if (!GraphApiHelper.aadClients.ContainsKey(orgId)) { lock (GraphApiHelper.lockObject) { if (!GraphApiHelper.aadClients.ContainsKey(orgId)) { aadClient = GraphApiHelper.CreateAadClient(orgId, GraphProxyVersions.Version142); if (!GlobalSettings.DisableAadClientCache && aadClient != null) { AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, 0, "Added AADClient to cache."); GraphApiHelper.aadClients.Add(orgId, aadClient); } } } } if (aadClient == null) { if (!GraphApiHelper.aadClients.ContainsKey(orgId)) { throw new InvalidOperationException(string.Format("Failed to create AAD client for Org {0}", orgId)); } aadClient = GraphApiHelper.aadClients[orgId]; } text = aadClient.EvaluateAuthPolicy(deviceID, externalUserObjectId, isSupportedDevice); flag2 = GraphApiHelper.ParsePolicyEvaluationStatusToAccessState(text, out accessState, out accessReason); TimeSpan expiration = (accessState == DeviceAccessState.Allowed) ? GlobalSettings.DeviceStatusCacheExpirationInterval : GlobalSettings.NegativeDeviceStatusCacheExpirationInterval; if (!GlobalSettings.DisableDeviceHealthStatusCache && !GraphApiHelper.deviceComplianceStatusCache.Value.TryAddAbsolute(GraphApiHelper.GetCacheKey(externalUserObjectId, deviceID), text, expiration)) { AirSyncDiagnostics.TraceDebug <OrganizationId, string, string>(ExTraceGlobals.RequestsTracer, 0, "Failed to Add deviceStatus {1} to Device Status Cache for user {2}. UserId:{0} ", orgId, text, externalUserObjectId); } if (Command.CurrentCommand != null) { Command.CurrentCommand.ProtocolLogger.AppendValue(ProtocolLoggerData.GraphApiCallData, string.Format("msg:{0}", text)); } } catch (AADException ex) { AADDataException ex2 = ex as AADDataException; string text2 = (ex2 != null) ? ex2.Code.ToString() : "n/a"; AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, "0", "Exception retrieving deviceStatus for device:{0}, user:{1},OrgId:{2},ErrorCode:{3},Message:{4} ", new object[] { deviceID, externalUserObjectId, orgId, text2, ex.Message }); if (Command.CurrentCommand != null) { if (ex2 != null) { Command.CurrentCommand.ProtocolLogger.AppendValue(ProtocolLoggerData.Error, text2); } AirSyncUtility.LogCompressedStackTrace(ex, Command.CurrentCommand.Context); } throw new AirSyncPermanentException(HttpStatusCode.InternalServerError, StatusCode.ServerError, ex, false); } finally { if (Command.CurrentCommand != null) { Command.CurrentCommand.ProtocolLogger.AppendValue(ProtocolLoggerData.GraphApiCallData, string.Format("cu:{0}", flag ? "F" : "T")); Command.CurrentCommand.ProtocolLogger.AppendValue(ProtocolLoggerData.GraphApiCallData, string.Format("deviceStatus", text)); } } return(flag2); }
protected override void WriteResult(IConfigurable dataObject) { MobileDevice mobileDevice = dataObject as MobileDevice; if (!this.ShouldShowMobileDevice(mobileDevice)) { return; } ADObjectId orgContainerId = this.ConfigurationSession.GetOrgContainerId(); for (ADObjectId adobjectId = mobileDevice.Id; adobjectId != null; adobjectId = adobjectId.Parent) { if (ADObjectId.Equals(adobjectId, orgContainerId)) { return; } } bool flag = string.Equals("EASProbeDeviceType", mobileDevice.DeviceType, StringComparison.OrdinalIgnoreCase); if (this.Monitoring) { if (!flag) { return; } } else { if (flag) { return; } DeviceAccessState deviceAccessState = DeviceAccessState.Unknown; DeviceAccessStateReason deviceAccessStateReason = DeviceAccessStateReason.Unknown; ADObjectId deviceAccessControlRule = null; bool flag2 = false; if (mobileDevice != null && mobileDevice.OrganizationId != OrganizationId.ForestWideOrgId && (mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Individual || mobileDevice.DeviceAccessState != DeviceAccessState.Blocked) && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Policy && mobileDevice.DeviceAccessStateReason < DeviceAccessStateReason.UserAgentsChanges) { Command.DetermineDeviceAccessState(this.LoadAbq(OrganizationId.ForestWideOrgId), mobileDevice.DeviceType, mobileDevice.DeviceModel, mobileDevice.DeviceUserAgent, mobileDevice.DeviceOS, out deviceAccessState, out deviceAccessStateReason, out deviceAccessControlRule); if (deviceAccessState == DeviceAccessState.Blocked) { mobileDevice.DeviceAccessState = deviceAccessState; mobileDevice.DeviceAccessStateReason = deviceAccessStateReason; mobileDevice.DeviceAccessControlRule = deviceAccessControlRule; flag2 = true; if (this.IsFilteringByDeviceAccess() && !this.IsInFilter(mobileDevice)) { return; } } } if (!flag2 && mobileDevice != null && mobileDevice.DeviceAccessState != DeviceAccessState.DeviceDiscovery && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Individual && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Upgrade && mobileDevice.DeviceAccessStateReason != DeviceAccessStateReason.Policy && mobileDevice.DeviceAccessStateReason < DeviceAccessStateReason.UserAgentsChanges) { Command.DetermineDeviceAccessState(this.LoadAbq(mobileDevice.OrganizationId), mobileDevice.DeviceType, mobileDevice.DeviceModel, mobileDevice.DeviceUserAgent, mobileDevice.DeviceOS, out deviceAccessState, out deviceAccessStateReason, out deviceAccessControlRule); mobileDevice.DeviceAccessState = deviceAccessState; mobileDevice.DeviceAccessStateReason = deviceAccessStateReason; mobileDevice.DeviceAccessControlRule = deviceAccessControlRule; } } if (base.Fields["ActiveSync"] == null && base.Fields["OWAforDevices"] == null) { base.Fields["ActiveSync"] = new SwitchParameter(true); base.Fields["OWAforDevices"] = new SwitchParameter(true); } else if (base.Fields["ActiveSync"] == null) { if (this.OWAforDevices == false) { base.Fields["ActiveSync"] = new SwitchParameter(true); } } else if (base.Fields["OWAforDevices"] == null && this.ActiveSync == false) { base.Fields["OWAforDevices"] = new SwitchParameter(true); } if ((!this.ActiveSync || mobileDevice.ClientType != MobileClientType.EAS) && (!this.OWAforDevices || mobileDevice.ClientType != MobileClientType.MOWA)) { return; } if (mobileDevice.ClientType == MobileClientType.MOWA) { MobileDevice mobileDevice2 = mobileDevice; string format = Strings.MOWADeviceTypePrefix; string arg; if ((arg = mobileDevice.DeviceType) == null) { arg = (mobileDevice.DeviceModel ?? mobileDevice.DeviceOS); } mobileDevice2.DeviceType = string.Format(format, arg); } if (this.IsFilteringByDeviceAccess() && !this.IsInFilter(mobileDevice)) { return; } base.WriteResult(dataObject); }