Пример #1
0
 internal SharingProvider GetTargetSharingProvider(ADRecipient mailboxOwner)
 {
     Util.ThrowOnNullArgument(mailboxOwner, "mailboxOwner");
     if (this.AvailableSharingProviders.Keys.Count == 1)
     {
         using (Dictionary <SharingProvider, CheckRecipientsResults> .KeyCollection.Enumerator enumerator = this.AvailableSharingProviders.Keys.GetEnumerator())
         {
             if (enumerator.MoveNext())
             {
                 SharingProvider sharingProvider = enumerator.Current;
                 ExTraceGlobals.SharingTracer.TraceDebug <ADRecipient, SharingProvider>((long)this.GetHashCode(), "{0}: Found target provider {1} for current user.", mailboxOwner, sharingProvider);
                 return(sharingProvider);
             }
         }
     }
     foreach (KeyValuePair <SharingProvider, CheckRecipientsResults> keyValuePair in this.AvailableSharingProviders)
     {
         SharingProvider        key   = keyValuePair.Key;
         CheckRecipientsResults value = keyValuePair.Value;
         if (value != null && mailboxOwner.IsAnyAddressMatched(ValidRecipient.ConvertToStringArray(value.ValidRecipients)))
         {
             ExTraceGlobals.SharingTracer.TraceDebug <ADRecipient, SharingProvider>((long)this.GetHashCode(), "{0}: Found target provider {1} for current user.", mailboxOwner, key);
             return(key);
         }
     }
     ExTraceGlobals.SharingTracer.TraceError <ADRecipient>((long)this.GetHashCode(), "{0}: No available provider is found for this user.", mailboxOwner);
     return(null);
 }
Пример #2
0
        protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator)
        {
            if (recipients.Length != 1)
            {
                throw new InvalidOperationException("Only single recipient is allowed.");
            }
            ValidRecipient    validRecipient     = recipients[0];
            string            folderId           = context.FolderId.ToBase64String();
            ExternalUser      externalUser       = this.ApplyPermission(mailboxSession, new SmtpAddress(validRecipient.SmtpAddress), context);
            IRecipientSession adrecipientSession = mailboxSession.GetADRecipientSession(false, ConsistencyMode.FullyConsistent);
            ADUser            aduser             = (ADUser)adrecipientSession.Read(mailboxSession.MailboxOwner.ObjectId);
            string            text         = aduser.SharingAnonymousIdentities.FindExistingUrlId(SharingDataType.ReachCalendar.PublishResourceName, folderId);
            Uri         owaVdirUrl         = OwaAnonymousVdirLocater.Instance.GetOwaVdirUrl(mailboxSession.MailboxOwner, frontEndLocator);
            SmtpAddress primarySmtpAddress = mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress;
            ObscureUrl  obscureUrl         = ObscureUrl.CreatePublishReachCalendarUrl(owaVdirUrl.ToString(), mailboxSession.MailboxGuid, primarySmtpAddress.Domain, text, externalUser.Sid);

            if (string.IsNullOrEmpty(text))
            {
                aduser.SharingAnonymousIdentities.AddOrUpdate(SharingDataType.ReachCalendar.PublishResourceName, obscureUrl.Identity, folderId);
                adrecipientSession.Save(aduser);
            }
            context.BrowseUrl = obscureUrl.ToString() + ".html";
            context.ICalUrl   = obscureUrl.ToString() + ".ics";
            return(new PerformInvitationResults(recipients));
        }
 protected override void InternalPerformRevocation(MailboxSession mailboxSession, SharingContext context)
 {
     using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context))
     {
         ValidRecipient recipient = new ValidRecipient(context.InitiatorSmtpAddress, null);
         PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(recipient, mailboxSession.MailboxOwner);
         current.RemovePermission(principal);
     }
 }
        private PermissionSecurityPrincipal CreatePermissionSecurityPrincipal(ValidRecipient recipient, IExchangePrincipal mailboxPrincipal)
        {
            ADRecipient adrecipient = recipient.ADRecipient;

            if (adrecipient == null)
            {
                IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, true, ConsistencyMode.FullyConsistent, null, mailboxPrincipal.MailboxInfo.OrganizationId.ToADSessionSettings(), 248, "CreatePermissionSecurityPrincipal", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Sharing\\SharingProviderHandlerInternal.cs");
                adrecipient = tenantOrRootOrgRecipientSession.FindByProxyAddress(new SmtpProxyAddress(recipient.SmtpAddress, false));
            }
            return(new PermissionSecurityPrincipal(adrecipient));
        }
Пример #5
0
        private CheckRecipientsResults CheckRecipients()
        {
            List <string> list  = new List <string>(base.Recipients.Count);
            List <string> list2 = new List <string>(base.Recipients.Count);

            foreach (Recipient recipient in base.Recipients)
            {
                string valueOrDefault = recipient.GetValueOrDefault <string>(ParticipantSchema.SmtpAddress, string.Empty);
                if (!string.IsNullOrEmpty(valueOrDefault))
                {
                    list2.Add(valueOrDefault);
                }
                else
                {
                    list.Add(recipient.Participant.EmailAddress);
                }
            }
            List <ValidRecipient> list3 = new List <ValidRecipient>(list2.Count);

            string[] array = list2.ToArray();
            List <SharingProvider> list4 = new List <SharingProvider>(this.SharingContext.AvailableSharingProviders.Keys);

            foreach (SharingProvider sharingProvider in list4)
            {
                if (array == null || array.Length == 0)
                {
                    break;
                }
                CheckRecipientsResults checkRecipientsResults;
                if (this.ForceSharingProvider != null)
                {
                    if (sharingProvider == this.ForceSharingProvider)
                    {
                        checkRecipientsResults = new CheckRecipientsResults(ValidRecipient.ConvertFromStringArray(array));
                    }
                    else
                    {
                        checkRecipientsResults = new CheckRecipientsResults(array);
                    }
                    this.SharingContext.AvailableSharingProviders[sharingProvider] = checkRecipientsResults;
                }
                else
                {
                    checkRecipientsResults = sharingProvider.CheckRecipients(this.MailboxOwner, this.SharingContext, array);
                }
                list3.AddRange(checkRecipientsResults.ValidRecipients);
                array = checkRecipientsResults.InvalidRecipients;
            }
            list.AddRange(array);
            return(new CheckRecipientsResults(list3.ToArray(), list.ToArray()));
        }
Пример #6
0
        internal CheckRecipientsResults CheckRecipients(ADRecipient mailboxOwner, string[] recipients)
        {
            Util.ThrowOnNullArgument(mailboxOwner, "mailboxOwner");
            Util.ThrowOnNullArgument(recipients, "recipients");
            IRecipientSession     tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, true, ConsistencyMode.FullyConsistent, mailboxOwner.Session.NetworkCredential, mailboxOwner.OrganizationId.ToADSessionSettings(), 127, "CheckRecipients", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Sharing\\SharingProviderHandler.cs");
            List <ValidRecipient> list  = new List <ValidRecipient>(recipients.Length);
            List <string>         list2 = new List <string>(recipients.Length);

            foreach (string text in recipients)
            {
                ValidRecipient validRecipient = this.InternalCheckOneRecipient(mailboxOwner, text, tenantOrRootOrgRecipientSession);
                if (validRecipient != null)
                {
                    ExTraceGlobals.SharingTracer.TraceDebug <ADRecipient, string, SharingProviderHandler>((long)this.GetHashCode(), "{0}: {1} is a valid recipient for sharing handler {2}.", mailboxOwner, text, this);
                    list.Add(validRecipient);
                }
                else
                {
                    ExTraceGlobals.SharingTracer.TraceDebug <ADRecipient, string, SharingProviderHandler>((long)this.GetHashCode(), "{0}: {1} is an invalid recipient for sharing handler {2}.", mailboxOwner, text, this);
                    list2.Add(text);
                }
            }
            return(new CheckRecipientsResults(list.ToArray(), list2.ToArray()));
        }
Пример #7
0
        public EncryptionResults Encrypt(IExchangePrincipal mailboxOwner, IRecipientSession recipientSession, ExternalUserCollection externalUserCollection, ValidRecipient[] recipients, string sender, string containerClass, string folderId, IFrontEndLocator frontEndLocator)
        {
            SharingDataType sharingDataType = SharingDataType.FromContainerClass(containerClass);

            if (sharingDataType == null || !sharingDataType.IsExternallySharable)
            {
                throw new ArgumentOutOfRangeException("containerClass");
            }
            ADUser aduser = DirectoryHelper.ReadADRecipient(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession) as ADUser;

            if (aduser == null)
            {
                SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The Active Directory user was not found. Sender={1}.", this, sender);
                throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
            }
            ProxyAddress item = new SmtpProxyAddress(sender, false);

            if (!aduser.EmailAddresses.Contains(item))
            {
                SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The SMTP address was not found in the user AD object for this mailbox. Sender={1}.", this, sender);
                throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
            }
            SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession);

            SharedFolderDataEncryption.Tracer.TraceDebug <SharedFolderDataEncryption, object>((long)this.GetHashCode(), "{0}: Sharing policy to be applied to this user: {1}", this, (sharingPolicy == null) ? "<null>" : sharingPolicy.Id);
            SharingPolicyAction sharingPolicyActions = SharedFolderDataEncryption.GetSharingPolicyActions(sharingDataType.StoreObjectType);

            SharedFolderDataRecipient[] externalIdentities = SharedFolderDataEncryption.GetExternalIdentities(externalUserCollection, recipients);
            List <InvalidRecipient>     list = new List <InvalidRecipient>();
            Dictionary <TokenTarget, List <SharedFolderDataRecipient> > dictionary = new Dictionary <TokenTarget, List <SharedFolderDataRecipient> >(externalIdentities.Length, SharedFolderDataEncryption.TokenTargetComparer);

            for (int i = 0; i < recipients.Length; i++)
            {
                SharedFolderDataRecipient item2          = externalIdentities[i];
                ValidRecipient            validRecipient = recipients[i];
                SmtpAddress smtpAddress = new SmtpAddress(validRecipient.SmtpAddress);
                string      domain      = smtpAddress.Domain;
                if (sharingPolicy == null || !sharingPolicy.IsAllowedForAnySharing(domain, sharingPolicyActions))
                {
                    SharedFolderDataEncryption.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Sharing policy does not allow user to share with domain {0}", domain);
                    list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.SystemPolicyBlocksSharingWithThisRecipient));
                }
                else
                {
                    SmtpAddress smtpAddress2 = new SmtpAddress(validRecipient.SmtpAddressForEncryption);
                    TokenTarget tokenTarget  = TargetUriResolver.Resolve(smtpAddress2.Domain, aduser.OrganizationId);
                    if (tokenTarget == null)
                    {
                        list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.RecipientOrganizationNotFederated));
                    }
                    else
                    {
                        List <SharedFolderDataRecipient> list2;
                        if (!dictionary.TryGetValue(tokenTarget, out list2))
                        {
                            list2 = new List <SharedFolderDataRecipient>(1);
                            dictionary.Add(tokenTarget, list2);
                        }
                        list2.Add(item2);
                    }
                }
            }
            List <EncryptedSharedFolderData> list3 = new List <EncryptedSharedFolderData>(dictionary.Count);
            SharedFolderData sharedFolderData      = new SharedFolderData();

            sharedFolderData.DataType          = sharingDataType.ExternalName;
            sharedFolderData.FolderId          = folderId;
            sharedFolderData.SharingUrl        = this.GetSharingUrl(aduser, frontEndLocator);
            sharedFolderData.FederationUri     = this.externalAuthentication.TokenValidator.TargetUri.ToString();
            sharedFolderData.SenderSmtpAddress = sender;
            DelegationTokenRequest delegationTokenRequest = new DelegationTokenRequest
            {
                FederatedIdentity = aduser.GetFederatedIdentity(),
                EmailAddress      = aduser.GetFederatedSmtpAddress(new SmtpAddress(sender)).ToString(),
                Offer             = Offer.SharingInviteMessage
            };
            SecurityTokenService securityTokenService = this.externalAuthentication.GetSecurityTokenService(aduser.OrganizationId);

            foreach (KeyValuePair <TokenTarget, List <SharedFolderDataRecipient> > keyValuePair in dictionary)
            {
                delegationTokenRequest.Target = keyValuePair.Key;
                sharedFolderData.Recipients   = keyValuePair.Value.ToArray();
                try
                {
                    RequestedToken requestedToken = securityTokenService.IssueToken(delegationTokenRequest);
                    list3.Add(this.Encrypt(requestedToken, sharedFolderData));
                }
                catch (WSTrustException ex)
                {
                    foreach (SharedFolderDataRecipient sharedFolderDataRecipient in sharedFolderData.Recipients)
                    {
                        list.Add(new InvalidRecipient(sharedFolderDataRecipient.SmtpAddress, SharedFolderDataEncryption.GetResponseCodeFromException(ex), ex.ToString()));
                    }
                }
            }
            return(new EncryptionResults(list3.ToArray(), list.ToArray()));
        }
Пример #8
0
        private static SharedFolderDataRecipient GetExternalIdentity(ExternalUserCollection externalUserCollection, ValidRecipient recipient)
        {
            if (!SmtpAddress.IsValidSmtpAddress(recipient.SmtpAddress))
            {
                throw new ArgumentOutOfRangeException(ServerStrings.InvalidSmtpAddress(recipient.SmtpAddress));
            }
            SmtpAddress  smtpAddress  = new SmtpAddress(recipient.SmtpAddress);
            ExternalUser externalUser = externalUserCollection.FindFederatedUserWithOriginalSmtpAddress(smtpAddress);

            if (externalUser == null)
            {
                externalUser = externalUserCollection.AddFederatedUser(smtpAddress);
            }
            return(new SharedFolderDataRecipient
            {
                SmtpAddress = recipient.SmtpAddressForEncryption,
                SharingKey = externalUser.ExternalId.ToString()
            });
        }
Пример #9
0
        protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator)
        {
            ExternalAuthentication current = ExternalAuthentication.GetCurrent();

            if (!current.Enabled)
            {
                ExTraceGlobals.SharingTracer.TraceError <string>((long)this.GetHashCode(), "{0}: The organization is not federated for external sharing.", context.InitiatorSmtpAddress);
                return(new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), new OrganizationNotFederatedException())));
            }
            SharedFolderDataEncryption sharedFolderDataEncryption = new SharedFolderDataEncryption(current);
            string text = StoreId.StoreIdToEwsId(mailboxSession.MailboxOwner.MailboxInfo.MailboxGuid, context.FolderId);
            PerformInvitationResults result;

            using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
            {
                PerformInvitationResults performInvitationResults = null;
                EncryptionResults        encryptionResults        = null;
                Exception ex = null;
                try
                {
                    encryptionResults = sharedFolderDataEncryption.Encrypt(mailboxSession.MailboxOwner, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid), externalUsers, recipients, context.InitiatorSmtpAddress, context.FolderClass, text, frontEndLocator);
                }
                catch (UserWithoutFederatedProxyAddressException ex2)
                {
                    ex = ex2;
                }
                catch (InvalidFederatedOrganizationIdException ex3)
                {
                    ex = ex3;
                }
                catch (StoragePermanentException ex4)
                {
                    ex = ex4;
                }
                if (ex != null)
                {
                    ExTraceGlobals.SharingTracer.TraceError <string, Exception>((long)this.GetHashCode(), "{0}: Error occurred when trying to encrypt. Exception = {1}", context.InitiatorSmtpAddress, ex);
                    result = new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), ex));
                }
                else
                {
                    if (encryptionResults.InvalidRecipients != null && encryptionResults.InvalidRecipients.Length > 0)
                    {
                        InvalidSharingRecipientsException exception = new InvalidSharingRecipientsException(encryptionResults.InvalidRecipients);
                        if (encryptionResults.InvalidRecipients.Length == recipients.Length)
                        {
                            return(new PerformInvitationResults(exception));
                        }
                        performInvitationResults = new PerformInvitationResults(recipients, exception);
                        recipients = performInvitationResults.SucceededRecipients;
                    }
                    else
                    {
                        performInvitationResults = new PerformInvitationResults(recipients);
                    }
                    PermissionLevel permissionLevel = this.GetPermissionLevel(context);
                    FreeBusyAccess? freeBusy        = this.GetFreeBusy(context);
                    using (FolderPermissionContext current2 = FolderPermissionContext.GetCurrent(mailboxSession, context))
                    {
                        foreach (ValidRecipient validRecipient in recipients)
                        {
                            PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(validRecipient.SmtpAddress, externalUsers);
                            current2.AddOrChangePermission(principal, permissionLevel, freeBusy);
                            ExternalUser externalUser = externalUsers.FindReachUserWithOriginalSmtpAddress(new SmtpAddress(validRecipient.SmtpAddress));
                            if (externalUser != null)
                            {
                                current2.RemovePermission(new PermissionSecurityPrincipal(externalUser));
                            }
                        }
                    }
                    context.FolderEwsId = text;
                    context.EncryptedSharedFolderDataCollection = encryptionResults.EncryptedSharedFolderDataCollection;
                    result = performInvitationResults;
                }
            }
            return(result);
        }
Пример #10
0
 private void ReadActionFromMetadataXml(SharingMessageAction action)
 {
     if (action != null)
     {
         this.context.IsPrimary = string.IsNullOrEmpty(action.Title);
         if (!this.context.IsPrimary)
         {
             this.context.FolderName = action.Title;
         }
         foreach (SharingMessageProvider sharingMessageProvider in action.Providers)
         {
             string[] recipients = sharingMessageProvider.TargetRecipients.Split(new char[]
             {
                 ';'
             });
             SharingProvider sharingProvider = SharingProvider.FromExternalName(sharingMessageProvider.Type);
             if (sharingProvider != null)
             {
                 sharingProvider.ParseSharingMessageProvider(this.context, sharingMessageProvider);
                 this.context.AvailableSharingProviders.Add(sharingProvider, new CheckRecipientsResults(ValidRecipient.ConvertFromStringArray(recipients)));
             }
         }
     }
 }