private ADObjectId GetPolicyIdFromAD(OrganizationId key)
{
ExTraceGlobals.MobileDevicePolicyTracer.Information <OrganizationId>((long)this.GetHashCode(), "MobileDevicePolicyIdCacheByOrganization.GetPolicyFromAD({0})", key);
ADSessionSettings settings = ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(key);
IConfigurationSession session = this.GetConfigSession(settings);
ADObjectId rootId = session.GetOrgContainerId();
QueryFilter filter = new BitMaskAndFilter(MobileMailboxPolicySchema.MobileFlags, 4096UL);
SortBy sortBy = new SortBy(ADObjectSchema.WhenChanged, SortOrder.Descending);
ADObjectId policyId = null;
try
{
ADNotificationAdapter.RunADOperation(delegate()
{
MobileMailboxPolicy[] array = session.Find <MobileMailboxPolicy>(rootId, QueryScope.SubTree, filter, sortBy, 1);
if (array != null && array.Length > 0)
{
policyId = array[0].Id;
OrgIdADObjectWrapper key2 = new OrgIdADObjectWrapper(policyId, key);
if (!MobileDevicePolicyCache.Instance.Contains(key2))
{
MobileDevicePolicyData mobileDevicePolicyDataFromMobileMailboxPolicy = MobileDevicePolicyDataFactory.GetMobileDevicePolicyDataFromMobileMailboxPolicy(array[0]);
MobileDevicePolicyCache.Instance.TryAdd(key2, ref mobileDevicePolicyDataFromMobileMailboxPolicy);
}
}
});
}
catch (LocalizedException arg)
{
ExTraceGlobals.MobileDevicePolicyTracer.TraceError <OrganizationId, LocalizedException>((long)this.GetHashCode(), "MobileDevicePolicyIdCacheByOrganization.GetPolicyIdFromAD({0}) threw exception: {1}", key, arg);
throw;
}
ExTraceGlobals.MobileDevicePolicyTracer.Information <OrganizationId, ADObjectId>((long)this.GetHashCode(), "MobileDevicePolicyIdCacheByOrganization.GetPolicyFromAD({0}) returned: {1}", key, policyId);
return(policyId);
}
internal static MobileDevicePolicyData GetMobileDevicePolicyDataFromMobileMailboxPolicy(MobileMailboxPolicy mobileMailboxPolicy)
{
MobileDevicePolicyData result = null;
if (mobileMailboxPolicy != null)
{
result = new MobileDevicePolicyData
{
AlphanumericDevicePasswordRequired = mobileMailboxPolicy.AlphanumericPasswordRequired,
DeviceEncryptionRequired = mobileMailboxPolicy.RequireDeviceEncryption,
DevicePasswordRequired = mobileMailboxPolicy.PasswordEnabled,
MaxDevicePasswordExpiration = mobileMailboxPolicy.PasswordExpiration,
MaxDevicePasswordFailedAttempts = mobileMailboxPolicy.MaxPasswordFailedAttempts,
MaxInactivityTimeDeviceLock = mobileMailboxPolicy.MaxInactivityTimeLock,
MinDevicePasswordComplexCharacters = mobileMailboxPolicy.MinPasswordComplexCharacters,
MinDevicePasswordHistory = mobileMailboxPolicy.PasswordHistory,
MinDevicePasswordLength = mobileMailboxPolicy.MinPasswordLength,
SimpleDevicePasswordAllowed = mobileMailboxPolicy.AllowSimplePassword,
AllowApplePushNotifications = mobileMailboxPolicy.AllowApplePushNotifications,
AllowMicrosoftPushNotifications = mobileMailboxPolicy.AllowMicrosoftPushNotifications,
AllowGooglePushNotifications = mobileMailboxPolicy.AllowGooglePushNotifications
};
}
return(result);
}
internal static MobileDevicePolicyData GetPolicyData(ExchangePrincipal principal, out ADObjectId policyId)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
policyId = principal.MailboxInfo.Configuration.MobileDeviceMailboxPolicy;
MobileDevicePolicyData mobileDevicePolicyData = null;
if (policyId != null)
{
mobileDevicePolicyData = MobileDevicePolicyCache.Instance.Get(new OrgIdADObjectWrapper(policyId, principal.MailboxInfo.OrganizationId));
}
if (mobileDevicePolicyData == null)
{
ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug <ADObjectId, ADObjectId>(0L, "No policy returned for user '{0}' with policy '{1}'. Using org default policy.", principal.ObjectId, policyId);
ADObjectId adobjectId = MobileDevicePolicyIdCacheByOrganization.Instance.Get(principal.MailboxInfo.OrganizationId);
if (adobjectId != null)
{
policyId = adobjectId;
mobileDevicePolicyData = MobileDevicePolicyCache.Instance.Get(new OrgIdADObjectWrapper(adobjectId, principal.MailboxInfo.OrganizationId));
}
if (mobileDevicePolicyData == null)
{
ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug <ADObjectId, OrganizationId>(0L, "No default policy returned for user '{0}' with organization '{1}'. Using NO policy.", principal.ObjectId, principal.MailboxInfo.OrganizationId);
}
}
return(mobileDevicePolicyData);
}
public static void CheckMobileDevicePolicyIsCorrect(string methodName, CallContext callContext)
{
if (!callContext.IsMowa)
{
Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Request is not coming from a MOWA session. Skipping policy check.");
return;
}
if (string.IsNullOrEmpty(callContext.MobileDevicePolicyId))
{
Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Client isn't passing policy information (old client). Skipping policy check.");
return;
}
if (methodName.Equals("GetOwaUserConfiguration", StringComparison.OrdinalIgnoreCase))
{
Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Executing GetOwaUserConfiguration method. Skipping policy check.");
callContext.UpdateLastPolicyTime();
return;
}
if (methodName.Equals("PingOwa", StringComparison.OrdinalIgnoreCase))
{
Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceDebug(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Executing PingOwa method. Skipping policy check.");
return;
}
ADObjectId policy = null;
MobileDevicePolicyData policyData = MobileDevicePolicyDataFactory.GetPolicyData(callContext.AccessingPrincipal, out policy);
callContext.UpdatePolicyApplied(policy);
string mobileDevicePolicyId = callContext.MobileDevicePolicyId;
if (policyData != null && !string.Equals(policyData.PolicyIdentifier, mobileDevicePolicyId, StringComparison.Ordinal))
{
callContext.MarkDeviceAsBlockedByPolicy();
string effectiveAccessingSmtpAddress = callContext.GetEffectiveAccessingSmtpAddress();
Microsoft.Exchange.Diagnostics.Components.Clients.ExTraceGlobals.MobileDevicePolicyTracer.TraceWarning(0L, "[OWAMessageInspector::CheckMobileDevicePolicyIsCorrect] Policy Identifier does not match expected value. Expected: '{0}'. Actual: '{1}'. Method: '{2}'. User: '******'.", new object[]
{
policyData.PolicyIdentifier,
mobileDevicePolicyId,
methodName,
effectiveAccessingSmtpAddress
});
throw new OwaInvalidMobileDevicePolicyException(string.Format("The presented mobile device policy id '{0}' is not valid. Method '{1}' is being rejected.", mobileDevicePolicyId, methodName), effectiveAccessingSmtpAddress, policyData.PolicyIdentifier);
}
callContext.MarkDeviceAsAllowed();
}
internal static MobileDevicePolicySettingsType GetPolicySettings(MobileDevicePolicyData mobilePolicyData)
{
MobileDevicePolicySettingsType mobileDevicePolicySettingsType = new MobileDevicePolicySettingsType();
if (mobilePolicyData != null)
{
mobileDevicePolicySettingsType.AlphanumericDevicePasswordRequired = mobilePolicyData.AlphanumericDevicePasswordRequired;
mobileDevicePolicySettingsType.DeviceEncryptionRequired = mobilePolicyData.DeviceEncryptionRequired;
mobileDevicePolicySettingsType.DevicePasswordRequired = mobilePolicyData.DevicePasswordRequired;
mobileDevicePolicySettingsType.MaxDevicePasswordExpirationString = mobilePolicyData.MaxDevicePasswordExpirationString;
mobileDevicePolicySettingsType.MaxDevicePasswordFailedAttemptsString = mobilePolicyData.MaxDevicePasswordFailedAttemptsString;
mobileDevicePolicySettingsType.MaxInactivityTimeDeviceLockString = mobilePolicyData.MaxInactivityTimeDeviceLockString;
mobileDevicePolicySettingsType.MinDevicePasswordComplexCharacters = mobilePolicyData.MinDevicePasswordComplexCharacters;
mobileDevicePolicySettingsType.MinDevicePasswordHistory = mobilePolicyData.MinDevicePasswordHistory;
mobileDevicePolicySettingsType.MinDevicePasswordLength = mobilePolicyData.MinDevicePasswordLength;
mobileDevicePolicySettingsType.PolicyIdentifier = mobilePolicyData.PolicyIdentifier;
mobileDevicePolicySettingsType.SimpleDevicePasswordAllowed = mobilePolicyData.SimpleDevicePasswordAllowed;
mobileDevicePolicySettingsType.AllowApplePushNotifications = mobilePolicyData.AllowApplePushNotifications;
mobileDevicePolicySettingsType.AllowMicrosoftPushNotifications = mobilePolicyData.AllowMicrosoftPushNotifications;
mobileDevicePolicySettingsType.AllowGooglePushNotifications = mobilePolicyData.AllowGooglePushNotifications;
}
return(mobileDevicePolicySettingsType);
}
internal static MobileDevicePolicySettingsType GetPolicySettings(ExchangePrincipal principal)
{
MobileDevicePolicyData policyData = MobileDevicePolicyDataFactory.GetPolicyData(principal);
return(MobileDevicePolicyDataFactory.GetPolicySettings(policyData));
}
