private static AclTableEntry BuildEveryoneDefaultEntry(MemberRights rights) { AclTableEntry aclTableEntry = new AclTableEntry(0L, Array <byte> .Empty, string.Empty, rights); aclTableEntry.SetSecurityIdentifier(new SecurityIdentifier(WellKnownSidType.WorldSid, null), false); return(aclTableEntry); }
private Permission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, PermissionOrigin origin) { this.securityPrincipal = securityPrincipal; this.initialMemberRights = memberRights; this.memberRights = memberRights; this.origin = origin; }
internal override bool InternalProcessPermissions(Folder folder) { PermissionSet permissionSet = folder.GetPermissionSet(); Permission targetPermission = base.GetTargetPermission(permissionSet); if (targetPermission == null) { throw new UserNotFoundInPermissionEntryException(base.MailboxFolderUserId.ToString()); } MemberRights memberRights = (MemberRights)MailboxFolderAccessRight.CalculateMemberRights(this.AccessRights, folder.ClassName == "IPF.Appointment"); if (targetPermission.MemberRights == memberRights) { this.WriteWarning(Strings.WarningMailboxFolderPermissionUnchanged(this.DataObject.Identity.ToString())); return(false); } try { targetPermission.MemberRights = memberRights; } catch (ArgumentOutOfRangeException exception) { base.WriteError(exception, (ErrorCategory)1003, this.Identity); } return(true); }
public static string GetCalendarPermissionsLog(MailboxSession mailboxSession, Folder folder) { if (mailboxSession == null || folder == null) { return(string.Empty); } SecurityIdentifier arg = IdentityHelper.SidFromLogonIdentity(mailboxSession.Identity); StringBuilder stringBuilder = new StringBuilder(); stringBuilder.Append(string.Format("Folder Name: {0} Security Descriptor: {1}\n", folder.DisplayName, arg)); PermissionSet permissionSet = folder.GetPermissionSet(); if (permissionSet.AnonymousPermission != null) { PermissionLevel permissionLevel = permissionSet.AnonymousPermission.PermissionLevel; MemberRights memberRights = permissionSet.AnonymousPermission.MemberRights; stringBuilder.Append(string.Format("Anonymous Permission:{0} Member Rights:{1}", permissionLevel, memberRights)); } if (permissionSet.DefaultPermission != null) { PermissionLevel permissionLevel2 = permissionSet.DefaultPermission.PermissionLevel; MemberRights memberRights2 = permissionSet.DefaultPermission.MemberRights; stringBuilder.Append(string.Format("\nDefault Permission:{0} Member Rights:{1}", permissionLevel2, memberRights2)); } foreach (Permission permission in permissionSet) { MemberRights memberRights3 = permission.MemberRights; PermissionLevel permissionLevel3 = permission.PermissionLevel; if (permission.Principal != null) { string text = permission.Principal.ToString(); string text2 = permission.Principal.Type.ToString(); if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ADRecipientPrincipal) { if (permission.Principal.ADRecipient != null) { SmtpAddress primarySmtpAddress = permission.Principal.ADRecipient.PrimarySmtpAddress; text = permission.Principal.ADRecipient.PrimarySmtpAddress.ToString(); } } else if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.SpecialPrincipal) { text2 = permission.Principal.SpecialType.ToString(); } stringBuilder.Append(string.Format("\nPermission:{0} UserType:{1} User:{2} Member Rights:{3}", new object[] { permissionLevel3, text2, text, memberRights3 })); } else { stringBuilder.Append(string.Format("\nPermission:{0} UserType:'Unknown' User:'******' Member Rights:{1}", permissionLevel3, memberRights3)); } } return(stringBuilder.ToString()); }
internal void AddPermissionEntry(byte[] memberEntryId, MemberRights memberRights) { this.modifyTable.AddRow(new PropValue[] { new PropValue(PermissionSchema.MemberEntryId, memberEntryId), new PropValue(PermissionSchema.MemberRights, memberRights) }); }
internal void ModifyPermissionEntry(long memberId, MemberRights memberRights) { this.modifyTable.ModifyRow(new PropValue[] { new PropValue(PermissionSchema.MemberId, memberId), new PropValue(PermissionSchema.MemberRights, memberRights) }); }
private void SetMemberRight(MemberRights memberRight, bool value) { if (value) { this.memberRights |= memberRight; return; } this.memberRights &= ~memberRight; }
protected virtual void ValidateMemberRights(MemberRights memberRights) { MemberRights memberRights2 = memberRights & ~Permission.ValidRegularFolderMemberRights; if (memberRights2 != MemberRights.None) { throw new EnumOutOfRangeException("memberRights"); } }
// Token: 0x06000E4F RID: 3663 RVA: 0x00056108 File Offset: 0x00054308 private void ApplyPolicyToFolder(SharingPolicy policy, FolderData folderData) { StoreObjectType objectType = ObjectClass.GetObjectType(folderData.Folder.ClassName); List <PermissionSecurityPrincipal> list = new List <PermissionSecurityPrincipal>(); PermissionSet permissionSet = folderData.Folder.GetPermissionSet(); foreach (Permission permission in permissionSet) { if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal) { SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0; if (policy != null) { sharingPolicyAction = (permission.Principal.ExternalUser.IsReachUser ? policy.GetAllowedForAnonymousCalendarSharing() : policy.GetAllowed(permission.Principal.ExternalUser.SmtpAddress.Domain)); } MemberRights memberRights = MemberRights.None; if (sharingPolicyAction != (SharingPolicyAction)0) { memberRights = PolicyAllowedMemberRights.GetAllowed(sharingPolicyAction, objectType); } if (memberRights == MemberRights.None) { list.Add(permission.Principal); } else { MemberRights memberRights2 = ~memberRights & permission.MemberRights; if (memberRights2 != MemberRights.None) { if (objectType == StoreObjectType.CalendarFolder) { if ((permission.MemberRights & MemberRights.ReadAny) != MemberRights.None) { permission.MemberRights |= MemberRights.FreeBusyDetailed; } if ((permission.MemberRights & MemberRights.FreeBusyDetailed) != MemberRights.None) { permission.MemberRights |= MemberRights.FreeBusySimple; } } permission.MemberRights = (memberRights & permission.MemberRights); folderData.IsChanged = true; } } } } if (list.Count > 0) { foreach (PermissionSecurityPrincipal securityPrincipal in list) { permissionSet.RemoveEntry(securityPrincipal); } folderData.IsChanged = true; } }
public void SetAnonymousPermission(MemberRights memberRights) { EnumValidator <MemberRights> .ThrowIfInvalid(memberRights, "memberRights"); if (this.PermissionTable.AnonymousPermission != null) { this.PermissionTable.AnonymousPermission.MemberRights = memberRights; return; } this.PermissionTable.AnonymousPermission = this.CreatePermission(new PermissionSecurityPrincipal(PermissionSecurityPrincipal.SpecialPrincipalType.Anonymous), memberRights, -1L); this.PermissionTable.AnonymousPermission.MarkAsNew(); }
private void EnforceSharingPolicy(MailboxSession mailboxSession, ICollection <MapiAclTableRestriction.ExternalUserPermission> externalUserPermissions) { Util.ThrowOnNullArgument(mailboxSession, "mailboxSession"); if (externalUserPermissions == null || externalUserPermissions.Count == 0) { return; } List <RightsNotAllowedRecipient> list = new List <RightsNotAllowedRecipient>(externalUserPermissions.Count); SharingPolicy sharingPolicy = null; foreach (MapiAclTableRestriction.ExternalUserPermission externalUserPermission in externalUserPermissions) { if (sharingPolicy == null) { IMailboxInfo mailboxInfo = mailboxSession.MailboxOwner.MailboxInfo; sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxInfo.MailboxGuid, mailboxInfo.IsArchive, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid)); if (sharingPolicy == null) { ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: No policy assigned means no external sharing is allowed for this user.", mailboxSession.MailboxOwner); throw new NotAllowedExternalSharingByPolicyException(); } } if (!sharingPolicy.Enabled) { ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: A disabled policy means no external sharing is allowed for this user.", mailboxSession.MailboxOwner); throw new NotAllowedExternalSharingByPolicyException(); } SharingPolicyAction sharingPolicyAction = externalUserPermission.Principal.ExternalUser.IsReachUser ? sharingPolicy.GetAllowedForAnonymousCalendarSharing() : sharingPolicy.GetAllowed(externalUserPermission.Principal.ExternalUser.SmtpAddress.Domain); if (sharingPolicyAction == (SharingPolicyAction)0) { ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: Policy does not allow granting permissions to {1}.", mailboxSession.MailboxOwner, externalUserPermission.Principal); throw new PrincipalNotAllowedByPolicyException(externalUserPermission.Principal); } MemberRights allowed = PolicyAllowedMemberRights.GetAllowed(sharingPolicyAction, this.FolderInfo.StoreObjectType); MemberRights memberRights = ~allowed & externalUserPermission.MemberRights; if (memberRights != MemberRights.None) { ExTraceGlobals.StorageTracer.TraceDebug((long)this.GetHashCode(), "{0}: Policy does not allow granting permission {1} to {2} on {3} folder '{4}'.", new object[] { mailboxSession.MailboxOwner, memberRights, externalUserPermission.Principal, this.FolderInfo.StoreObjectType, this.FolderInfo.DisplayName }); list.Add(new RightsNotAllowedRecipient(externalUserPermission.Principal, memberRights)); } } if (list.Count > 0) { throw new RightsNotAllowedByPolicyException(list.ToArray(), this.FolderInfo.StoreObjectType, this.FolderInfo.DisplayName); } }
private ItemPermissionScope GetPermissionScope(MemberRights anyScope, MemberRights ownerScope) { if ((this.memberRights & anyScope) == anyScope) { return(ItemPermissionScope.AllItems); } if ((this.memberRights & ownerScope) == ownerScope) { return(ItemPermissionScope.OwnedItems); } return(ItemPermissionScope.None); }
public static MemberRights GetAllowed(SharingPolicyAction allowedActions, StoreObjectType storeObjectType) { EnumValidator.ThrowIfInvalid <StoreObjectType>(storeObjectType, "storeObjectType"); EnumValidator.ThrowIfInvalid <SharingPolicyAction>(allowedActions, "allowedActions"); MemberRights memberRights = MemberRights.None; foreach (PolicyAllowedMemberRights policyAllowedMemberRights in PolicyAllowedMemberRights.Rights) { if (policyAllowedMemberRights.storeObjectType == storeObjectType && (allowedActions & policyAllowedMemberRights.action) == policyAllowedMemberRights.action) { memberRights |= policyAllowedMemberRights.allowedRights; } } return(memberRights); }
internal override bool InternalProcessPermissions(Folder folder) { MemberRights memberRights = (MemberRights)MailboxFolderAccessRight.CalculateMemberRights(this.AccessRights, folder.ClassName == "IPF.Appointment"); PermissionSet permissionSet = folder.GetPermissionSet(); Permission permission = null; try { if (base.MailboxFolderUserId.UserType == MailboxFolderUserId.MailboxFolderUserType.Default) { if (permissionSet.DefaultPermission != null && permissionSet.DefaultPermission.MemberRights != MemberRights.None) { throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString()); } permissionSet.SetDefaultPermission(memberRights); permission = permissionSet.DefaultPermission; } else if (base.MailboxFolderUserId.UserType == MailboxFolderUserId.MailboxFolderUserType.Anonymous) { if (permissionSet.AnonymousPermission != null && permissionSet.AnonymousPermission.MemberRights != MemberRights.None) { throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString()); } permissionSet.SetAnonymousPermission(memberRights); permission = permissionSet.AnonymousPermission; } else { PermissionSecurityPrincipal securityPrincipal = base.MailboxFolderUserId.ToSecurityPrincipal(); Permission entry = permissionSet.GetEntry(securityPrincipal); if (entry != null) { throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString()); } permission = permissionSet.AddEntry(securityPrincipal, memberRights); } } catch (ArgumentOutOfRangeException exception) { base.WriteError(exception, (ErrorCategory)1003, this.Identity); return(false); } base.WriteObject(MailboxFolderPermission.FromXsoPermission(folder.DisplayName, permission, this.ResolvedObjectId)); return(true); }
private MapiAclTableRestriction.ExternalUserPermission TryGetExternalUserPermission(AclTableEntry aclTableEntry, MapiAclTableAdapter mapiAclTableAdapter, ref ExternalUserCollection externalUsers) { Util.ThrowOnNullArgument(aclTableEntry, "aclTableEntry"); Util.ThrowOnNullArgument(mapiAclTableAdapter, "mapiAclTableAdapter"); MailboxSession mailboxSession = this.session as MailboxSession; if (mailboxSession == null) { return(null); } byte[] memberEntryId = aclTableEntry.MemberEntryId; MemberRights memberRights = aclTableEntry.MemberRights; long memberId = aclTableEntry.MemberId; if (memberEntryId == null || memberEntryId.Length == 0) { if (memberId <= 0L) { return(null); } ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, long>((long)this.GetHashCode(), "{0}: Getting memberEntryId from current ACL table for MemberId {1}.", mailboxSession.MailboxOwner, memberId); AclTableEntry byMemberId = mapiAclTableAdapter.GetByMemberId(memberId); if (byMemberId == null || byMemberId.MemberEntryId == null) { ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, long>((long)this.GetHashCode(), "{0}: Not found memberEntryId from current ACL table for MemberId {1}. Skipped.", mailboxSession.MailboxOwner, memberId); return(null); } memberEntryId = byMemberId.MemberEntryId; } if (mapiAclTableAdapter.TryGetParticipantEntryId(memberEntryId) != null) { ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: MemberEntryId indicates internal user. Skipped.", mailboxSession.MailboxOwner); return(null); } ExternalUser externalUser = mapiAclTableAdapter.TryGetExternalUser(memberEntryId, ref externalUsers); if (externalUser == null) { ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: MemberEntryId is not external user. Skipped.", mailboxSession.MailboxOwner); return(null); } return(new MapiAclTableRestriction.ExternalUserPermission(externalUser, memberRights)); }
private void SetPermissionScope(MemberRights anyScope, MemberRights ownerScope, ItemPermissionScope value) { EnumValidator.ThrowIfInvalid <ItemPermissionScope>(value, "value"); switch (value) { case ItemPermissionScope.None: this.memberRights &= ~(anyScope | ownerScope); return; case ItemPermissionScope.OwnedItems: this.memberRights |= ownerScope; this.memberRights &= ~anyScope; return; case ItemPermissionScope.AllItems: this.memberRights |= (anyScope | ownerScope); return; default: return; } }
internal Permission AddEntry(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights) { this.CheckValid(); EnumValidator.ThrowIfInvalid <MemberRights>(memberRights, "memberRights"); if (securityPrincipal == null) { throw new ArgumentNullException("securityPrincipal"); } if (string.IsNullOrEmpty(securityPrincipal.IndexString)) { throw new ArgumentException("SecurityPrincipal must at least have a valid index string.", "securityPrincipal"); } if (securityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ADRecipientPrincipal && !PermissionTable.isCrossPremiseDelegateAllowedForMailboxOwner) { ADRecipient adrecipient = securityPrincipal.ADRecipient; if (!ADRecipient.IsValidRecipient(adrecipient, !this.isPublicFolder)) { throw new ArgumentException("Cannot use " + adrecipient.DisplayName + " as security principal", "securityPrincipal"); } } Permission permission = null; if (!this.permissions.ContainsKey(securityPrincipal.IndexString)) { if (this.removedPermissions.TryGetValue(securityPrincipal.IndexString, out permission)) { this.removedPermissions.Remove(securityPrincipal.IndexString); permission.MemberRights = memberRights; } else { permission = this.PermissionSet.CreatePermission(securityPrincipal, memberRights); } } this.AddPermissionEntry(securityPrincipal, permission); return(permission); }
private void Load() { FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSecurityDescriptorProperty = AclModifyTable.ReadAclTableAndSecurityDescriptor(this.coreFolder.PropertyBag); if (aclTableAndSecurityDescriptorProperty.SecurityDescriptor == null) { return; } this.securityDescriptor = aclTableAndSecurityDescriptorProperty.SecurityDescriptor.ToRawSecurityDescriptorThrow(); this.freeBusySecurityDescriptor = ((aclTableAndSecurityDescriptorProperty.FreeBusySecurityDescriptor != null) ? aclTableAndSecurityDescriptorProperty.FreeBusySecurityDescriptor.ToRawSecurityDescriptorThrow() : null); List <AclTableEntry> list = null; if (aclTableAndSecurityDescriptorProperty.SerializedAclTable.Count != 0 && !this.useSecurityDescriptorOnly) { list = this.ParseTableEntries(aclTableAndSecurityDescriptorProperty.SerializedAclTable); } if (list == null) { bool flag; string canonicalErrorInformation; this.tableEntries = this.BuildAclTableFromSecurityDescriptor(out flag, out canonicalErrorInformation); if (!flag && (this.options & ModifyTableOptions.ExtendedPermissionInformation) == ModifyTableOptions.ExtendedPermissionInformation) { ExTraceGlobals.StorageTracer.TraceError(0L, "Cannot build blob ACL table blob with non-canonical SD"); throw new NonCanonicalACLException(canonicalErrorInformation); } } else { this.tableEntries = list; } if (this.tableEntries.Count == 0 || this.tableEntries[0].MemberId != 0L) { MemberRights rights = (this.freeBusySecurityDescriptor == null) ? MemberRights.FreeBusySimple : MemberRights.None; this.tableEntries.Insert(0, AclModifyTable.BuildEveryoneDefaultEntry(rights)); } }
internal CalendarFolderPermission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, long memberId) : base(securityPrincipal, memberRights, memberId) { }
private void AddUnknownEntry(string memberName, long memberId, byte[] memberEntryId, MemberRights rights) { PermissionSecurityPrincipal securityPrincipal = new PermissionSecurityPrincipal(memberName, memberEntryId, memberId); Permission permission = this.permissionSet.CreatePermission(securityPrincipal, rights, memberId); this.AddPermissionEntry(securityPrincipal, permission); }
protected override void ValidateMemberRights(MemberRights memberRights) { EnumValidator.ThrowIfInvalid <MemberRights>(memberRights, "memberRights"); }
private static List <AclTableEntry> BuildAclTableFromSecurityDescriptor(RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor, LazilyInitialized <ExternalUserCollection> lazilyInitializedExternalUserCollection, IRecipientSession recipientSession, AclTableIdMap aclTableIdMap, out bool isCanonical, out string canonicalErrorInformation) { FolderSecurity.AnnotatedAceList annotatedAceList = new FolderSecurity.AnnotatedAceList(securityDescriptor, freeBusySecurityDescriptor, (SecurityIdentifier securityIdentifier) => AclModifyTable.GetSecurityIdentifierType(recipientSession, securityIdentifier)); isCanonical = annotatedAceList.IsCanonical(out canonicalErrorInformation); IList <FolderSecurity.SecurityIdentifierAndFolderRights> list; if (isCanonical) { list = annotatedAceList.GetSecurityIdentifierAndRightsList(); } else { ExTraceGlobals.StorageTracer.TraceWarning <string, string>(0L, "Got non canonical SD: {0}, ErrorInfo: ", securityDescriptor.GetSddlForm(AccessControlSections.All), canonicalErrorInformation); list = Array <FolderSecurity.SecurityIdentifierAndFolderRights> .Empty; } List <AclTableEntry> list2 = new List <AclTableEntry>(list.Count + 1); foreach (FolderSecurity.SecurityIdentifierAndFolderRights securityIdentifierAndFolderRights in list) { MemberRights memberRights = (MemberRights)(securityIdentifierAndFolderRights.AllowRights & ~(MemberRights)securityIdentifierAndFolderRights.DenyRights); bool flag = false; bool flag2 = false; byte[] entryId; string text; List <SecurityIdentifier> list3; SecurityIdentifier securityIdentifier; if (securityIdentifierAndFolderRights.SecurityIdentifier.IsWellKnown(WellKnownSidType.WorldSid)) { entryId = Array <byte> .Empty; text = string.Empty; string legacyDN = string.Empty; securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier; list3 = null; flag2 = true; } else if (securityIdentifierAndFolderRights.SecurityIdentifier.IsWellKnown(WellKnownSidType.AnonymousSid)) { entryId = Array <byte> .Empty; text = "Anonymous"; securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier; list3 = null; } else if (ExternalUser.IsExternalUserSid(securityIdentifierAndFolderRights.SecurityIdentifier)) { ExternalUser externalUser = AclHelper.TryGetExternalUser(securityIdentifierAndFolderRights.SecurityIdentifier, lazilyInitializedExternalUserCollection); if (externalUser == null) { ExTraceGlobals.StorageTracer.TraceWarning <SecurityIdentifier>(0L, "Cannot find external user with SID {0}, build entry from information we have", securityIdentifierAndFolderRights.SecurityIdentifier); string text2 = AclHelper.CreateLocalUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier); text = text2; } else { text = externalUser.Name; string legacyDN = externalUser.LegacyDn; } entryId = AddressBookEntryId.MakeAddressBookEntryIDFromLocalDirectorySid(securityIdentifierAndFolderRights.SecurityIdentifier); securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier; list3 = null; } else { MiniRecipient miniRecipient = recipientSession.FindMiniRecipientBySid <MiniRecipient>(securityIdentifierAndFolderRights.SecurityIdentifier, Array <PropertyDefinition> .Empty); string legacyDN; if (miniRecipient == null) { ExTraceGlobals.StorageTracer.TraceWarning <SecurityIdentifier>(0L, "Cannot find recipient with SID {0}, build entry from the information we have", securityIdentifierAndFolderRights.SecurityIdentifier); flag = (securityIdentifierAndFolderRights.SecurityIdentifierType == FolderSecurity.SecurityIdentifierType.Group); string text3 = AclHelper.CreateNTUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier); text = text3; legacyDN = text3; securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier; list3 = null; } else { flag = AclHelper.IsGroupRecipientType(miniRecipient.RecipientType); if (string.IsNullOrEmpty(miniRecipient.DisplayName)) { text = AclHelper.CreateNTUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier); } else { text = miniRecipient.DisplayName; } if (string.IsNullOrEmpty(miniRecipient.LegacyExchangeDN)) { legacyDN = text; } else { legacyDN = miniRecipient.LegacyExchangeDN; } SecurityIdentifier masterAccountSid = miniRecipient.MasterAccountSid; if (masterAccountSid != null && !masterAccountSid.IsWellKnown(WellKnownSidType.SelfSid)) { securityIdentifier = masterAccountSid; list3 = null; } else { securityIdentifier = miniRecipient.Sid; MultiValuedProperty <SecurityIdentifier> sidHistory = miniRecipient.SidHistory; if (sidHistory != null && sidHistory.Count != 0) { list3 = new List <SecurityIdentifier>(sidHistory); } else { list3 = null; } } } entryId = AddressBookEntryId.MakeAddressBookEntryID(legacyDN, flag); } AclTableEntry aclTableEntry = list2.Find((AclTableEntry entry) => entry.SecurityIdentifier == securityIdentifier); if (aclTableEntry == null && list3 != null) { using (List <SecurityIdentifier> .Enumerator enumerator2 = list3.GetEnumerator()) { while (enumerator2.MoveNext()) { SecurityIdentifier sid = enumerator2.Current; aclTableEntry = list2.Find((AclTableEntry entry) => entry.SecurityIdentifier == sid); if (aclTableEntry != null) { break; } } } } if (aclTableEntry == null) { aclTableEntry = new AclTableEntry(AclModifyTable.GetIdForSecurityIdentifier(securityIdentifier, list3, aclTableIdMap), entryId, text, memberRights); aclTableEntry.SetSecurityIdentifier(securityIdentifier, flag); if (flag2) { list2.Insert(0, aclTableEntry); } else { list2.Add(aclTableEntry); } } else { aclTableEntry.MemberRights &= memberRights; if (aclTableEntry.IsGroup != flag) { throw new NonCanonicalACLException(annotatedAceList.CreateErrorInformation((LID)35788U, new int[0])); } aclTableEntry.SetSecurityIdentifier(securityIdentifier, flag); } } return(list2); }
internal virtual Permission CreatePermission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, long memberId) { return(new Permission(securityPrincipal, memberRights, memberId)); }
internal override Permission CreatePermission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, long memberId) { return(new CalendarFolderPermission(securityPrincipal, memberRights, memberId)); }
public Permission AddEntry(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights) { return(this.PermissionTable.AddEntry(securityPrincipal, memberRights)); }
public static bool ModifyPermission(PermissionSet permissionSet, PermissionSecurityPrincipal permissionSecurityPrincipal, MemberRights memberRights) { bool result = false; if (permissionSecurityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.SpecialPrincipal && permissionSecurityPrincipal.SpecialType == PermissionSecurityPrincipal.SpecialPrincipalType.Default) { GroupMailboxPermissionHandler.Tracer.TraceDebug <PermissionSecurityPrincipal.SpecialPrincipalType, MemberRights>(0L, "Modifying permissions for permissionSecurityPrincipal {0} with rights {1}", PermissionSecurityPrincipal.SpecialPrincipalType.Default, memberRights); Permission permission = permissionSet.DefaultPermission; if (permission != null && permission.MemberRights != memberRights) { permissionSet.SetDefaultPermission(memberRights); result = true; } } else { GroupMailboxPermissionHandler.Tracer.TraceDebug <string, MemberRights>(0L, "Modifying permissions for permissionSecurityPrincipal {0} with rights {1}", (permissionSecurityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal) ? permissionSecurityPrincipal.ExternalUser.ExternalId : string.Empty, memberRights); Permission permission = permissionSet.GetEntry(permissionSecurityPrincipal); if (permission == null && memberRights != MemberRights.None) { permission = permissionSet.AddEntry(permissionSecurityPrincipal, PermissionLevel.None); permission.MemberRights = memberRights; result = true; } else if (permission != null && memberRights == MemberRights.None) { permissionSet.RemoveEntry(permissionSecurityPrincipal); result = true; } else if (permission != null && permission.MemberRights != memberRights) { permission.MemberRights = memberRights; result = true; } } return(result); }
internal RightsNotAllowedRecipient(PermissionSecurityPrincipal principal, MemberRights notAllowedRights) { Util.ThrowOnNullArgument(principal, "principal"); this.principal = principal; this.notAllowedRights = notAllowedRights; }
internal AclTableEntry(long id, byte[] entryId, string name, MemberRights rights) : base(id, entryId, name, (FolderSecurity.ExchangeFolderRights)rights) { }
private void ApplyBatchPermissions() { ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Entering FolderPermissionContext::ApplyBatchPermissions()", this.mailboxSession.MailboxOwner); if (this.permissionsToAddOrChange.Count == 0 && this.permissionsToRemove.Count == 0) { ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Exiting FolderPermissionContext::ApplyBatchPermissions() due to no changes requested", this.mailboxSession.MailboxOwner); return; } using (Folder folder = Folder.Bind(this.mailboxSession, this.folderId)) { for (int i = 2; i >= 0; i--) { PermissionSet permissionSet = folder.GetPermissionSet(); foreach (KeyValuePair <PermissionSecurityPrincipal, MemberRights> keyValuePair in this.permissionsToAddOrChange) { PermissionSecurityPrincipal key = keyValuePair.Key; MemberRights value = keyValuePair.Value; Permission permission = permissionSet.GetEntry(key); if (permission == null) { ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal, MemberRights>((long)this.GetHashCode(), "{0}: {1} is NOT found in permission table. Adding a new entry: MemberRights = {2}.", this.mailboxSession.MailboxOwner, key, value); permission = permissionSet.AddEntry(key, value); } else { ExTraceGlobals.SharingTracer.TraceDebug((long)this.GetHashCode(), "{0}: {1} is found in permission table: MemberRights = {2}. Modifying the entry: MemberRights = {3}.", new object[] { this.mailboxSession.MailboxOwner, key, permission.MemberRights, value }); permission.MemberRights = value; } } foreach (PermissionSecurityPrincipal permissionSecurityPrincipal in this.permissionsToRemove) { if (permissionSet.GetEntry(permissionSecurityPrincipal) != null) { ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: {1} is found in permission table, Removing the entry.", this.mailboxSession.MailboxOwner, permissionSecurityPrincipal); permissionSet.RemoveEntry(permissionSecurityPrincipal); } else { ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: {1} is NOT found in permission table, ignored.", this.mailboxSession.MailboxOwner, permissionSecurityPrincipal); } } ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Applying permission changes on the folder.", this.mailboxSession.MailboxOwner); try { folder.Save(); break; } catch (RightsNotAllowedByPolicyException ex) { string[] invalidRecipients = Array.ConvertAll <RightsNotAllowedRecipient, string>(ex.RightsNotAllowedRecipients, delegate(RightsNotAllowedRecipient recipient) { ExTraceGlobals.StorageTracer.TraceError <IExchangePrincipal, PermissionSecurityPrincipal, MemberRights>((long)this.GetHashCode(), "{0}: Policy does not allow granting permission {2} to user {1}.", this.mailboxSession.MailboxOwner, recipient.Principal, recipient.NotAllowedRights); return(recipient.Principal.ToString()); }); throw new InvalidSharingRecipientsException(invalidRecipients, ex); } catch (StoragePermanentException) { if (i == 0) { throw; } folder.Load(); } } } ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Exiting FolderPermissionContext::ApplyBatchPermissions()", this.mailboxSession.MailboxOwner); }
private PolicyAllowedMemberRights(StoreObjectType storeObjectType, SharingPolicyAction action, MemberRights allowedRights) { this.storeObjectType = storeObjectType; this.action = action; this.allowedRights = allowedRights; }