private ExternalUser ApplyPermission(MailboxSession mailboxSession, SmtpAddress smtpAddress, SharingContext context)
{
ExternalUser externalUser = null;
ExternalUser externalUser2;
using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
{
externalUser2 = externalUsers.FindReachUserWithOriginalSmtpAddress(smtpAddress);
externalUser = externalUsers.FindFederatedUserWithOriginalSmtpAddress(smtpAddress);
if (externalUser2 == null)
{
externalUser2 = externalUsers.AddReachUser(smtpAddress);
externalUsers.Save();
}
}
using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
FreeBusyAccess freeBusy = this.GetFreeBusy(context);
PermissionSecurityPrincipal principal = new PermissionSecurityPrincipal(externalUser2);
PermissionLevel permissionLevel = (context.SharingDetail == SharingContextDetailLevel.FullDetails) ? PermissionLevel.Reviewer : PermissionLevel.None;
current.AddOrChangePermission(principal, permissionLevel, new FreeBusyAccess?(freeBusy));
if (externalUser != null)
{
current.RemovePermission(new PermissionSecurityPrincipal(externalUser));
}
}
return(externalUser2);
}
public EncryptionResults Encrypt(IExchangePrincipal mailboxOwner, ExternalUserCollection externalUserCollection, string[] recipients, string sender, string containerClass, string folderId, IFrontEndLocator frontEndLocator, string domainController = null)
{
IRecipientSession session = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(domainController, true, ConsistencyMode.IgnoreInvalid, null, mailboxOwner.MailboxInfo.OrganizationId.ToADSessionSettings(), ConfigScopes.TenantSubTree, 121, "Encrypt", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Sharing\\SharedFolderDataEncryption.cs");
ValidRecipient[] recipients2 = Array.ConvertAll <string, ValidRecipient>(recipients, (string recipient) => new ValidRecipient(recipient, session.FindByProxyAddress(new SmtpProxyAddress(recipient, false))));
return(this.Encrypt(mailboxOwner, session, externalUserCollection, recipients2, sender, containerClass, folderId, frontEndLocator));
}
private ICollection <MapiAclTableRestriction.ExternalUserPermission> GetExternalUserPermissions(MapiAclTableAdapter mapiAclTableAdapter, IEnumerable <AclTableEntry.ModifyOperation> changingEntries)
{
List <MapiAclTableRestriction.ExternalUserPermission> list = null;
ExternalUserCollection disposable = null;
try
{
foreach (AclTableEntry.ModifyOperation modifyOperation in changingEntries)
{
if (modifyOperation.Operation == ModifyTableOperationType.Add || modifyOperation.Operation == ModifyTableOperationType.Modify)
{
MapiAclTableRestriction.ExternalUserPermission externalUserPermission = this.TryGetExternalUserPermission(modifyOperation.Entry, mapiAclTableAdapter, ref disposable);
if (externalUserPermission != null)
{
if (list == null)
{
list = new List <MapiAclTableRestriction.ExternalUserPermission>();
}
list.Add(externalUserPermission);
}
}
}
}
finally
{
Util.DisposeIfPresent(disposable);
}
return(list);
}
private static bool TryReadEntry(BinaryReader reader, out ExternalUser user)
{
if (reader.ReadUInt32() == ExternalUserCollection.ptagLocalDirectoryEntryId)
{
uint num = reader.ReadUInt32();
MemoryPropertyBag memoryPropertyBag = new MemoryPropertyBag();
int num2 = 0;
while ((long)num2 < (long)((ulong)num))
{
uint num3 = reader.ReadUInt32();
object obj = ExternalUserCollection.ReadPropValue(reader, ((PropTag)num3).ValueType(), reader.ReadUInt32());
if (obj != null)
{
PropertyTagPropertyDefinition prop = PropertyTagPropertyDefinition.CreateCustom(string.Empty, num3);
memoryPropertyBag.PreLoadStoreProperty(prop, obj, (int)num);
}
num2++;
}
memoryPropertyBag.SetAllPropertiesLoaded();
IDirectPropertyBag directPropertyBag = memoryPropertyBag;
if (directPropertyBag.IsLoaded(InternalSchema.MemberSIDLocalDirectory) && directPropertyBag.IsLoaded(InternalSchema.MemberExternalIdLocalDirectory) && directPropertyBag.IsLoaded(InternalSchema.MemberEmailLocalDirectory))
{
if (!directPropertyBag.IsLoaded(InternalSchema.MemberName))
{
memoryPropertyBag[InternalSchema.MemberName] = directPropertyBag.GetValue(InternalSchema.MemberEmailLocalDirectory);
}
user = new ExternalUser(memoryPropertyBag);
return(true);
}
}
user = null;
return(false);
}
private static object ReadPropValue(BinaryReader reader, PropType type, uint len)
{
if (type <= PropType.Binary)
{
if (type == PropType.Int)
{
return(ExternalUserCollection.ReadInt(reader, len));
}
if (type == PropType.String)
{
return(ExternalUserCollection.ReadString(reader, len));
}
if (type == PropType.Binary)
{
return(ExternalUserCollection.ReadBytes(reader, len));
}
}
else
{
if (type == PropType.IntArray)
{
return(ExternalUserCollection.ReadArrayValue <int>(reader, len, new ExternalUserCollection.ReadValue <int>(ExternalUserCollection.ReadInt)));
}
if (type == PropType.StringArray)
{
return(ExternalUserCollection.ReadArrayValue <string>(reader, len, new ExternalUserCollection.ReadValue <string>(ExternalUserCollection.ReadString)));
}
if (type == PropType.BinaryArray)
{
return(ExternalUserCollection.ReadArrayValue <byte[]>(reader, len, new ExternalUserCollection.ReadValue <byte[]>(ExternalUserCollection.ReadBytes)));
}
}
return(null);
}
private void LoadPublishedCalendarOptionsForReachUser()
{
this.publishedOptions = new MailboxCalendarFolder();
PermissionSecurityPrincipal targetPrincipal = null;
using (ExternalUserCollection externalUsers = base.MailboxSession.GetExternalUsers())
{
ExternalUser externalUser = externalUsers.FindExternalUser(this.reachUserSid);
if (externalUser == null || !externalUser.IsReachUser)
{
ExTraceGlobals.SharingTracer.TraceDebug <SecurityIdentifier, bool, bool>((long)this.GetHashCode(), "ReachAccessSid={0}, Found ExternalUser:{1}, IsReachUser:{2}", this.reachUserSid, externalUser != null, externalUser != null && externalUser.IsReachUser);
throw new PublishedFolderAccessDeniedException();
}
targetPrincipal = new PermissionSecurityPrincipal(externalUser);
}
DetailLevelEnumType?freeBusyAccessLevel = this.GetFreeBusyAccessLevel(targetPrincipal);
if (freeBusyAccessLevel == null)
{
throw new PublishedFolderAccessDeniedException();
}
this.publishedOptions.DetailLevel = freeBusyAccessLevel.Value;
this.publishedOptions.PublishEnabled = true;
this.publishedOptions.PublishDateRangeFrom = DateRangeEnumType.OneMonth;
this.publishedOptions.PublishDateRangeTo = DateRangeEnumType.SixMonths;
}
private static string ReadString(BinaryReader reader, uint len)
{
string text = new string(Encoding.Unicode.GetChars(ExternalUserCollection.ReadBytes(reader, len)));
string text2 = text;
char[] trimChars = new char[1];
return(text2.TrimEnd(trimChars));
}
private ExternalUser InternalAdd(SmtpAddress smtpAddress, bool isReachUser)
{
this.CheckDisposed("InternalAdd");
string externalId = ExternalUserCollection.CreateExternalIdentity(smtpAddress);
ExternalUser externalUser = new ExternalUser(externalId, smtpAddress, isReachUser);
this.Add(externalUser);
return(externalUser);
}
internal static ExternalUser TryGetExternalUser(SecurityIdentifier sid, ExternalUserCollection externalUsers)
{
ExternalUser result = null;
if (ExternalUser.IsExternalUserSid(sid) && externalUsers != null)
{
result = externalUsers.FindExternalUser(sid);
}
return(result);
}
private void AddNonADEntry(MapiAclTableAdapter mapiAclTableAdapter, ref ExternalUserCollection externalUsers, string memberName, long memberId, byte[] memberEntryId, MemberRights rights)
{
ExternalUser externalUser = mapiAclTableAdapter.TryGetExternalUser(memberEntryId, ref externalUsers);
if (externalUser != null)
{
PermissionSecurityPrincipal securityPrincipal = new PermissionSecurityPrincipal(externalUser);
Permission permission = this.permissionSet.CreatePermission(securityPrincipal, rights, memberId);
this.AddPermissionEntry(securityPrincipal, permission);
return;
}
ExTraceGlobals.StorageTracer.TraceDebug <string>(0L, "PermissionTable::PermissionTable. Member has invalid entry id, member name = {0}.", memberName);
this.AddUnknownEntry(memberName, memberId, memberEntryId, rights);
}
protected override void InternalPerformRevocation(MailboxSession mailboxSession, SharingContext context)
{
using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
{
PermissionSecurityPrincipal permissionSecurityPrincipal = this.CreatePermissionSecurityPrincipal(context.InitiatorSmtpAddress, externalUsers);
if (permissionSecurityPrincipal != null)
{
current.RemovePermission(permissionSecurityPrincipal);
}
}
}
}
private static void WritePropValue(BinaryWriter writer, PropertyDefinition prop, MemoryPropertyBag propertyBag)
{
PropertyTagPropertyDefinition propertyTagPropertyDefinition = (PropertyTagPropertyDefinition)prop;
writer.Write(propertyTagPropertyDefinition.PropertyTag);
object obj = propertyBag.TryGetProperty(propertyTagPropertyDefinition);
PropType propType = ((PropTag)propertyTagPropertyDefinition.PropertyTag).ValueType();
PropType propType2 = propType;
if (propType2 <= PropType.Binary)
{
if (propType2 == PropType.Int)
{
ExternalUserCollection.WriteIntValue(writer, (int)obj);
return;
}
if (propType2 == PropType.String)
{
ExternalUserCollection.WriteStringValue(writer, (string)obj);
return;
}
if (propType2 == PropType.Binary)
{
ExternalUserCollection.WriteByteValue(writer, (byte[])obj);
return;
}
}
else
{
if (propType2 == PropType.IntArray)
{
ExternalUserCollection.WriteArrayValue <int>(writer, (int[])obj, new ExternalUserCollection.WriteValue <int>(ExternalUserCollection.WriteIntValue));
return;
}
if (propType2 == PropType.StringArray)
{
ExternalUserCollection.WriteArrayValue <string>(writer, (string[])obj, new ExternalUserCollection.WriteValue <string>(ExternalUserCollection.WriteStringValue));
return;
}
if (propType2 == PropType.BinaryArray)
{
ExternalUserCollection.WriteArrayValue <byte[]>(writer, (byte[][])obj, new ExternalUserCollection.WriteValue <byte[]>(ExternalUserCollection.WriteByteValue));
return;
}
}
writer.Write(0U);
}
private static SharedFolderDataRecipient GetExternalIdentity(ExternalUserCollection externalUserCollection, ValidRecipient recipient)
{
if (!SmtpAddress.IsValidSmtpAddress(recipient.SmtpAddress))
{
throw new ArgumentOutOfRangeException(ServerStrings.InvalidSmtpAddress(recipient.SmtpAddress));
}
SmtpAddress smtpAddress = new SmtpAddress(recipient.SmtpAddress);
ExternalUser externalUser = externalUserCollection.FindFederatedUserWithOriginalSmtpAddress(smtpAddress);
if (externalUser == null)
{
externalUser = externalUserCollection.AddFederatedUser(smtpAddress);
}
return(new SharedFolderDataRecipient
{
SmtpAddress = recipient.SmtpAddressForEncryption,
SharingKey = externalUser.ExternalId.ToString()
});
}
public SaveResult Save()
{
this.CheckDisposed("Save");
if (!this.isDirty)
{
bool flag = false;
foreach (ExternalUser externalUser in this.data)
{
flag |= externalUser.PropertyBag.IsDirty;
}
if (!flag)
{
return(SaveResult.Success);
}
}
using (Stream stream = this.directoryMessage.OpenPropertyStream(InternalSchema.LocalDirectory, PropertyOpenMode.Create))
{
using (BinaryWriter binaryWriter = new BinaryWriter(stream))
{
foreach (ExternalUser externalUser2 in this.data)
{
binaryWriter.Write(ExternalUserCollection.ptagLocalDirectoryEntryId);
ICollection <PropertyDefinition> allFoundProperties = externalUser2.PropertyBag.AllFoundProperties;
binaryWriter.Write((uint)allFoundProperties.Count);
ExternalUserCollection.WritePropValue(binaryWriter, InternalSchema.MemberSIDLocalDirectory, externalUser2.PropertyBag);
foreach (PropertyDefinition propertyDefinition in allFoundProperties)
{
if (propertyDefinition != InternalSchema.MemberSIDLocalDirectory)
{
ExternalUserCollection.WritePropValue(binaryWriter, propertyDefinition, externalUser2.PropertyBag);
}
}
}
}
}
ConflictResolutionResult conflictResolutionResult = this.directoryMessage.Save(SaveMode.ResolveConflicts);
return(conflictResolutionResult.SaveStatus);
}
public static byte[] BuildAclTableBlob(StoreSession session, RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor)
{
IRecipientSession adrecipientSession = session.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid);
ExternalUserCollection externalUserCollectionToDispose = null;
bool flag;
string canonicalErrorInformation;
List <AclTableEntry> source;
try
{
source = AclModifyTable.BuildAclTableFromSecurityDescriptor(securityDescriptor, freeBusySecurityDescriptor, new LazilyInitialized <ExternalUserCollection>(delegate()
{
MailboxSession mailboxSession = session as MailboxSession;
externalUserCollectionToDispose = ((mailboxSession != null) ? mailboxSession.GetExternalUsers() : null);
return(externalUserCollectionToDispose);
}), adrecipientSession, new AclTableIdMap(), out flag, out canonicalErrorInformation);
}
finally
{
Util.DisposeIfPresent(externalUserCollectionToDispose);
}
if (!flag)
{
ExTraceGlobals.StorageTracer.TraceError(0L, "Cannot build blob ACL table blob with non-canonical SD");
throw new NonCanonicalACLException(canonicalErrorInformation);
}
FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD = new FolderSecurity.AclTableAndSecurityDescriptorProperty(new ArraySegment <byte>(AclModifyTable.SerializeTableEntries(source)), source.ToDictionary((AclTableEntry tableEntry) => tableEntry.SecurityIdentifier, delegate(AclTableEntry tableEntry)
{
if (!tableEntry.IsGroup)
{
return(FolderSecurity.SecurityIdentifierType.User);
}
return(FolderSecurity.SecurityIdentifierType.Group);
}), SecurityDescriptor.FromRawSecurityDescriptor(securityDescriptor), SecurityDescriptor.FromRawSecurityDescriptor(freeBusySecurityDescriptor));
return(AclModifyTable.SerializeAclTableAndSecurityDecscriptor(aclTableAndSD));
}
private MapiAclTableRestriction.ExternalUserPermission TryGetExternalUserPermission(AclTableEntry aclTableEntry, MapiAclTableAdapter mapiAclTableAdapter, ref ExternalUserCollection externalUsers)
{
Util.ThrowOnNullArgument(aclTableEntry, "aclTableEntry");
Util.ThrowOnNullArgument(mapiAclTableAdapter, "mapiAclTableAdapter");
MailboxSession mailboxSession = this.session as MailboxSession;
if (mailboxSession == null)
{
return(null);
}
byte[] memberEntryId = aclTableEntry.MemberEntryId;
MemberRights memberRights = aclTableEntry.MemberRights;
long memberId = aclTableEntry.MemberId;
if (memberEntryId == null || memberEntryId.Length == 0)
{
if (memberId <= 0L)
{
return(null);
}
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, long>((long)this.GetHashCode(), "{0}: Getting memberEntryId from current ACL table for MemberId {1}.", mailboxSession.MailboxOwner, memberId);
AclTableEntry byMemberId = mapiAclTableAdapter.GetByMemberId(memberId);
if (byMemberId == null || byMemberId.MemberEntryId == null)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, long>((long)this.GetHashCode(), "{0}: Not found memberEntryId from current ACL table for MemberId {1}. Skipped.", mailboxSession.MailboxOwner, memberId);
return(null);
}
memberEntryId = byMemberId.MemberEntryId;
}
if (mapiAclTableAdapter.TryGetParticipantEntryId(memberEntryId) != null)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: MemberEntryId indicates internal user. Skipped.", mailboxSession.MailboxOwner);
return(null);
}
ExternalUser externalUser = mapiAclTableAdapter.TryGetExternalUser(memberEntryId, ref externalUsers);
if (externalUser == null)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: MemberEntryId is not external user. Skipped.", mailboxSession.MailboxOwner);
return(null);
}
return(new MapiAclTableRestriction.ExternalUserPermission(externalUser, memberRights));
}
protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator)
{
ExternalAuthentication current = ExternalAuthentication.GetCurrent();
if (!current.Enabled)
{
ExTraceGlobals.SharingTracer.TraceError <string>((long)this.GetHashCode(), "{0}: The organization is not federated for external sharing.", context.InitiatorSmtpAddress);
return(new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), new OrganizationNotFederatedException())));
}
SharedFolderDataEncryption sharedFolderDataEncryption = new SharedFolderDataEncryption(current);
string text = StoreId.StoreIdToEwsId(mailboxSession.MailboxOwner.MailboxInfo.MailboxGuid, context.FolderId);
PerformInvitationResults result;
using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
{
PerformInvitationResults performInvitationResults = null;
EncryptionResults encryptionResults = null;
Exception ex = null;
try
{
encryptionResults = sharedFolderDataEncryption.Encrypt(mailboxSession.MailboxOwner, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid), externalUsers, recipients, context.InitiatorSmtpAddress, context.FolderClass, text, frontEndLocator);
}
catch (UserWithoutFederatedProxyAddressException ex2)
{
ex = ex2;
}
catch (InvalidFederatedOrganizationIdException ex3)
{
ex = ex3;
}
catch (StoragePermanentException ex4)
{
ex = ex4;
}
if (ex != null)
{
ExTraceGlobals.SharingTracer.TraceError <string, Exception>((long)this.GetHashCode(), "{0}: Error occurred when trying to encrypt. Exception = {1}", context.InitiatorSmtpAddress, ex);
result = new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), ex));
}
else
{
if (encryptionResults.InvalidRecipients != null && encryptionResults.InvalidRecipients.Length > 0)
{
InvalidSharingRecipientsException exception = new InvalidSharingRecipientsException(encryptionResults.InvalidRecipients);
if (encryptionResults.InvalidRecipients.Length == recipients.Length)
{
return(new PerformInvitationResults(exception));
}
performInvitationResults = new PerformInvitationResults(recipients, exception);
recipients = performInvitationResults.SucceededRecipients;
}
else
{
performInvitationResults = new PerformInvitationResults(recipients);
}
PermissionLevel permissionLevel = this.GetPermissionLevel(context);
FreeBusyAccess? freeBusy = this.GetFreeBusy(context);
using (FolderPermissionContext current2 = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
foreach (ValidRecipient validRecipient in recipients)
{
PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(validRecipient.SmtpAddress, externalUsers);
current2.AddOrChangePermission(principal, permissionLevel, freeBusy);
ExternalUser externalUser = externalUsers.FindReachUserWithOriginalSmtpAddress(new SmtpAddress(validRecipient.SmtpAddress));
if (externalUser != null)
{
current2.RemovePermission(new PermissionSecurityPrincipal(externalUser));
}
}
}
context.FolderEwsId = text;
context.EncryptedSharedFolderDataCollection = encryptionResults.EncryptedSharedFolderDataCollection;
result = performInvitationResults;
}
}
return(result);
}
public static bool TryGetUserFromEntryId(byte[] memberEntryId, StoreSession session, IRecipientSession recipientSession, ExternalUserCollection externalUsers, out string legacyDN, out SecurityIdentifier securityIdentifier, out List <SecurityIdentifier> sidHistory, out bool isGroup, out string displayName)
{
return(AclHelper.TryGetUserFromEntryId(memberEntryId, session, recipientSession, new LazilyInitialized <ExternalUserCollection>(() => externalUsers), out legacyDN, out securityIdentifier, out sidHistory, out isGroup, out displayName));
}
private void LoadFrom(MapiAclTableAdapter mapiAclTableAdapter)
{
IRecipientSession recipientSession = null;
ExternalUserCollection disposable = null;
AclTableEntry[] all = mapiAclTableAdapter.GetAll();
try
{
foreach (AclTableEntry aclTableEntry in all)
{
long memberId = aclTableEntry.MemberId;
byte[] memberEntryId = aclTableEntry.MemberEntryId;
string memberName = aclTableEntry.MemberName;
MemberRights memberRights = aclTableEntry.MemberRights;
if (memberId == 0L)
{
this.defaultMemberPermission = this.permissionSet.CreatePermission(new PermissionSecurityPrincipal(PermissionSecurityPrincipal.SpecialPrincipalType.Default), memberRights, memberId);
}
else if (memberId == -1L)
{
this.anonymousMemberPermission = this.permissionSet.CreatePermission(new PermissionSecurityPrincipal(PermissionSecurityPrincipal.SpecialPrincipalType.Anonymous), memberRights, memberId);
}
else if (memberEntryId != null)
{
ADParticipantEntryId adparticipantEntryId = mapiAclTableAdapter.TryGetParticipantEntryId(memberEntryId);
if (adparticipantEntryId != null)
{
if (recipientSession == null)
{
recipientSession = mapiAclTableAdapter.Session.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid);
}
ADRecipient adrecipient = null;
try
{
adrecipient = recipientSession.FindByLegacyExchangeDN(adparticipantEntryId.LegacyDN);
}
catch (DataValidationException)
{
ExTraceGlobals.StorageTracer.TraceDebug <string, string>(0L, "PermissionTable::PermissionTable. Caught exception from ADSesssion.FindByLegacyExchangeDN when trying to find a recipient from the ACL Table. Recipient name = {0}, LegDN = {1}.", memberName, adparticipantEntryId.LegacyDN);
this.AddUnknownEntry(memberName, memberId, memberEntryId, memberRights);
goto IL_17E;
}
if (adrecipient != null)
{
Permission permission = this.permissionSet.CreatePermission(new PermissionSecurityPrincipal(adrecipient), memberRights, memberId);
this.AddPermissionEntry(permission.Principal, permission);
}
else
{
ExTraceGlobals.StorageTracer.TraceDebug <string, string>(0L, "PermissionTable::PermissionTable. Did not find the recipient from the ACL table in the AD. Recipient name = {0}, LegDN = {1}.", memberName, adparticipantEntryId.LegacyDN);
this.AddUnknownEntry(memberName, memberId, memberEntryId, memberRights);
}
}
else
{
this.AddNonADEntry(mapiAclTableAdapter, ref disposable, memberName, memberId, memberEntryId, memberRights);
}
}
else
{
ExTraceGlobals.StorageTracer.TraceDebug <string>(0L, "PermissionTable::PermissionTable. Found a member in the ACL table (other than anonymous and default) without a member entry id. Recipient Name = {0}.", memberName);
this.AddUnknownEntry(memberName, memberId, memberEntryId, memberRights);
}
IL_17E :;
}
}
finally
{
Util.DisposeIfPresent(disposable);
}
}
internal ExternalUserCollection(MailboxSession session)
{
this.data = new List <ExternalUser>();
byte[] entryId = null;
StoreSession storeSession = null;
bool flag = false;
try
{
if (storeSession != null)
{
storeSession.BeginMapiCall();
storeSession.BeginServerHealthCall();
flag = true;
}
if (StorageGlobals.MapiTestHookBeforeCall != null)
{
StorageGlobals.MapiTestHookBeforeCall(MethodBase.GetCurrentMethod());
}
entryId = session.Mailbox.MapiStore.GetLocalDirectoryEntryId();
}
catch (MapiPermanentException ex)
{
throw StorageGlobals.TranslateMapiException(ServerStrings.MapiCannotLookupEntryId, ex, storeSession, this, "{0}. MapiException = {1}.", new object[]
{
string.Format("Unable to lookup Local Directory EntryID", new object[0]),
ex
});
}
catch (MapiRetryableException ex2)
{
throw StorageGlobals.TranslateMapiException(ServerStrings.MapiCannotLookupEntryId, ex2, storeSession, this, "{0}. MapiException = {1}.", new object[]
{
string.Format("Unable to lookup Local Directory EntryID", new object[0]),
ex2
});
}
finally
{
try
{
if (storeSession != null)
{
storeSession.EndMapiCall();
if (flag)
{
storeSession.EndServerHealthCall();
}
}
}
finally
{
if (StorageGlobals.MapiTestHookAfterCall != null)
{
StorageGlobals.MapiTestHookAfterCall(MethodBase.GetCurrentMethod());
}
}
}
StoreObjectId messageId = StoreObjectId.FromProviderSpecificId(entryId, StoreObjectType.Message);
this.directoryMessage = MessageItem.Bind(session, messageId, new PropertyDefinition[]
{
InternalSchema.LocalDirectory
});
try
{
this.directoryMessage.OpenAsReadWrite();
try
{
using (Stream stream = this.directoryMessage.OpenPropertyStream(InternalSchema.LocalDirectory, PropertyOpenMode.ReadOnly))
{
long length = stream.Length;
using (BinaryReader binaryReader = new BinaryReader(stream))
{
while (stream.Position < length)
{
ExternalUser item;
if (ExternalUserCollection.TryReadEntry(binaryReader, out item) && !this.Contains(item))
{
this.data.Add(item);
}
}
}
}
}
catch (ObjectNotFoundException)
{
}
catch (EndOfStreamException)
{
}
}
catch (StoragePermanentException)
{
if (this.directoryMessage != null)
{
this.directoryMessage.Dispose();
}
throw;
}
catch (StorageTransientException)
{
if (this.directoryMessage != null)
{
this.directoryMessage.Dispose();
}
throw;
}
StorageGlobals.TraceConstructIDisposable(this);
this.disposeTracker = this.GetDisposeTracker();
}
private static SharedFolderDataRecipient[] GetExternalIdentities(ExternalUserCollection externalUserCollection, ValidRecipient[] recipients)
{
SharedFolderDataRecipient[] result = Array.ConvertAll <ValidRecipient, SharedFolderDataRecipient>(recipients, (ValidRecipient recipient) => SharedFolderDataEncryption.GetExternalIdentity(externalUserCollection, recipient));
externalUserCollection.Save();
return(result);
}
private PermissionSecurityPrincipal CreatePermissionSecurityPrincipal(string recipient, ExternalUserCollection externalUserCollection)
{
ExternalUser externalUser = externalUserCollection.FindExternalUser(new SmtpAddress(recipient));
if (externalUser == null)
{
return(null);
}
return(new PermissionSecurityPrincipal(externalUser));
}
internal ExternalUser TryGetExternalUser(byte[] memberEntryId, ref ExternalUserCollection externalUsers)
{
if (memberEntryId != null)
{
MailboxSession mailboxSession = this.Session as MailboxSession;
if (externalUsers == null && mailboxSession != null)
{
externalUsers = mailboxSession.GetExternalUsers();
}
if (externalUsers != null)
{
try
{
byte[] binaryForm = null;
StoreSession session = this.Session;
bool flag = false;
try
{
if (session != null)
{
session.BeginMapiCall();
session.BeginServerHealthCall();
flag = true;
}
if (StorageGlobals.MapiTestHookBeforeCall != null)
{
StorageGlobals.MapiTestHookBeforeCall(MethodBase.GetCurrentMethod());
}
binaryForm = MapiStore.GetLocalDirectorySIDFromAddressBookEntryId(memberEntryId);
}
catch (MapiPermanentException ex)
{
throw StorageGlobals.TranslateMapiException(ServerStrings.InvalidPermissionsEntry, ex, session, this, "{0}. MapiException = {1}.", new object[]
{
string.Format("ACL table has invalid entry id.", new object[0]),
ex
});
}
catch (MapiRetryableException ex2)
{
throw StorageGlobals.TranslateMapiException(ServerStrings.InvalidPermissionsEntry, ex2, session, this, "{0}. MapiException = {1}.", new object[]
{
string.Format("ACL table has invalid entry id.", new object[0]),
ex2
});
}
finally
{
try
{
if (session != null)
{
session.EndMapiCall();
if (flag)
{
session.EndServerHealthCall();
}
}
}
finally
{
if (StorageGlobals.MapiTestHookAfterCall != null)
{
StorageGlobals.MapiTestHookAfterCall(MethodBase.GetCurrentMethod());
}
}
}
SecurityIdentifier sid = new SecurityIdentifier(binaryForm, 0);
return(externalUsers.FindExternalUser(sid));
}
catch (ObjectNotFoundException)
{
}
}
}
return(null);
}
public EncryptionResults Encrypt(IExchangePrincipal mailboxOwner, IRecipientSession recipientSession, ExternalUserCollection externalUserCollection, ValidRecipient[] recipients, string sender, string containerClass, string folderId, IFrontEndLocator frontEndLocator)
{
SharingDataType sharingDataType = SharingDataType.FromContainerClass(containerClass);
if (sharingDataType == null || !sharingDataType.IsExternallySharable)
{
throw new ArgumentOutOfRangeException("containerClass");
}
ADUser aduser = DirectoryHelper.ReadADRecipient(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession) as ADUser;
if (aduser == null)
{
SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The Active Directory user was not found. Sender={1}.", this, sender);
throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
}
ProxyAddress item = new SmtpProxyAddress(sender, false);
if (!aduser.EmailAddresses.Contains(item))
{
SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The SMTP address was not found in the user AD object for this mailbox. Sender={1}.", this, sender);
throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
}
SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession);
SharedFolderDataEncryption.Tracer.TraceDebug <SharedFolderDataEncryption, object>((long)this.GetHashCode(), "{0}: Sharing policy to be applied to this user: {1}", this, (sharingPolicy == null) ? "<null>" : sharingPolicy.Id);
SharingPolicyAction sharingPolicyActions = SharedFolderDataEncryption.GetSharingPolicyActions(sharingDataType.StoreObjectType);
SharedFolderDataRecipient[] externalIdentities = SharedFolderDataEncryption.GetExternalIdentities(externalUserCollection, recipients);
List <InvalidRecipient> list = new List <InvalidRecipient>();
Dictionary <TokenTarget, List <SharedFolderDataRecipient> > dictionary = new Dictionary <TokenTarget, List <SharedFolderDataRecipient> >(externalIdentities.Length, SharedFolderDataEncryption.TokenTargetComparer);
for (int i = 0; i < recipients.Length; i++)
{
SharedFolderDataRecipient item2 = externalIdentities[i];
ValidRecipient validRecipient = recipients[i];
SmtpAddress smtpAddress = new SmtpAddress(validRecipient.SmtpAddress);
string domain = smtpAddress.Domain;
if (sharingPolicy == null || !sharingPolicy.IsAllowedForAnySharing(domain, sharingPolicyActions))
{
SharedFolderDataEncryption.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Sharing policy does not allow user to share with domain {0}", domain);
list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.SystemPolicyBlocksSharingWithThisRecipient));
}
else
{
SmtpAddress smtpAddress2 = new SmtpAddress(validRecipient.SmtpAddressForEncryption);
TokenTarget tokenTarget = TargetUriResolver.Resolve(smtpAddress2.Domain, aduser.OrganizationId);
if (tokenTarget == null)
{
list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.RecipientOrganizationNotFederated));
}
else
{
List <SharedFolderDataRecipient> list2;
if (!dictionary.TryGetValue(tokenTarget, out list2))
{
list2 = new List <SharedFolderDataRecipient>(1);
dictionary.Add(tokenTarget, list2);
}
list2.Add(item2);
}
}
}
List <EncryptedSharedFolderData> list3 = new List <EncryptedSharedFolderData>(dictionary.Count);
SharedFolderData sharedFolderData = new SharedFolderData();
sharedFolderData.DataType = sharingDataType.ExternalName;
sharedFolderData.FolderId = folderId;
sharedFolderData.SharingUrl = this.GetSharingUrl(aduser, frontEndLocator);
sharedFolderData.FederationUri = this.externalAuthentication.TokenValidator.TargetUri.ToString();
sharedFolderData.SenderSmtpAddress = sender;
DelegationTokenRequest delegationTokenRequest = new DelegationTokenRequest
{
FederatedIdentity = aduser.GetFederatedIdentity(),
EmailAddress = aduser.GetFederatedSmtpAddress(new SmtpAddress(sender)).ToString(),
Offer = Offer.SharingInviteMessage
};
SecurityTokenService securityTokenService = this.externalAuthentication.GetSecurityTokenService(aduser.OrganizationId);
foreach (KeyValuePair <TokenTarget, List <SharedFolderDataRecipient> > keyValuePair in dictionary)
{
delegationTokenRequest.Target = keyValuePair.Key;
sharedFolderData.Recipients = keyValuePair.Value.ToArray();
try
{
RequestedToken requestedToken = securityTokenService.IssueToken(delegationTokenRequest);
list3.Add(this.Encrypt(requestedToken, sharedFolderData));
}
catch (WSTrustException ex)
{
foreach (SharedFolderDataRecipient sharedFolderDataRecipient in sharedFolderData.Recipients)
{
list.Add(new InvalidRecipient(sharedFolderDataRecipient.SmtpAddress, SharedFolderDataEncryption.GetResponseCodeFromException(ex), ex.ToString()));
}
}
}
return(new EncryptionResults(list3.ToArray(), list.ToArray()));
}
