Пример #1
0
        protected override void CreateOrUpdateRoles(RoleNameMapping mapping, List <RoleDefinition> roleDefinitions, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
        {
            ExTraceGlobals.AccessCheckTracer.TraceFunction <int>(20009L, "-->CreateOrUpdateRoles: roleDefinitions count = {0}", roleDefinitions.Count);
            RoleDefinition item = roleDefinitions.First((RoleDefinition x) => x.RoleName.Equals(mapping.OldName));

            roleDefinitions.Remove(item);
            List <ExchangeRole> list = new List <ExchangeRole>(roleDefinitions.Count);

            foreach (RoleDefinition definition in roleDefinitions)
            {
                ExchangeRole exchangeRole = base.CreateOrUpdateRole(null, definition, enabledPermissionFeatures, suffix, mailboxPlanIndex);
                if (exchangeRole != null)
                {
                    list.Add(exchangeRole);
                }
            }
            ExchangeRole exchangeRole2       = item.GenerateRole(enabledPermissionFeatures, this.settings.RolesContainerId, suffix, mailboxPlanIndex);
            string       unescapedCommonName = (suffix == null) ? mapping.OldName : (mapping.OldName + suffix);
            ExchangeRole exchangeRole3       = this.settings.ConfigurationSession.Read <ExchangeRole>(this.settings.RolesContainerId.GetChildId(unescapedCommonName));

            if (exchangeRole3 == null)
            {
                if (exchangeRole2.RoleEntries.Count > 0)
                {
                    exchangeRole2.OrganizationId = this.settings.OrganizationId;
                    base.SaveRoleAndSuggestCleanupOnFailure(exchangeRole2);
                    ExTraceGlobals.AccessCheckTracer.TraceFunction(20009L, "<--CreateOrUpdateRole: New Role created");
                }
                return;
            }
            this.settings.LogReadObject(exchangeRole3);
            this.UpdateCannedRole(exchangeRole3, exchangeRole2, list);
            ExTraceGlobals.AccessCheckTracer.TraceFunction(20009L, "<--CreateOrUpdateRoles");
        }
Пример #2
0
 private void InstallCustomRole(RoleDefinition customRoleDefinition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
 {
     if (this.RoleNameExists(customRoleDefinition.RoleName + suffix))
     {
         return;
     }
     this.CreateCustomRole(customRoleDefinition, enabledPermissionFeatures, suffix, mailboxPlanIndex);
 }
Пример #3
0
        private void CreateCustomRole(RoleDefinition customRoleDefinition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
        {
            ADObjectId   childId      = this.rolesContainerId.GetChildId(customRoleDefinition.ParentRoleName + suffix);
            ExchangeRole exchangeRole = customRoleDefinition.GenerateRole(enabledPermissionFeatures, childId, suffix, mailboxPlanIndex);

            exchangeRole.OrganizationId = base.CurrentOrganizationId;
            this.configurationSession.Save(exchangeRole);
        }
Пример #4
0
 public override void UpdateRole(RoleDefinition definition)
 {
     foreach (ServicePlan.MailboxPlan mailboxPlan in this.settings.ServicePlanSettings.MailboxPlans)
     {
         string suffix = "_" + mailboxPlan.Name;
         base.CreateOrUpdateRole(this.roleNameMapping, definition, mailboxPlan.GetEnabledPermissionFeatures(), suffix, mailboxPlan.MailboxPlanIndex);
     }
 }
        private ExchangeRole TryFindSafeDCRoleOrUseDefault(ExchangeRole cannedRole)
        {
            string dcsafeNameForRole = RoleDefinition.GetDCSafeNameForRole(cannedRole.Name);

            ExchangeRole[] array = this.configurationSession.Find <ExchangeRole>(cannedRole.Id, QueryScope.OneLevel, new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Name, dcsafeNameForRole), null, 1);
            if (array != null && array.Length == 1)
            {
                return(array[0]);
            }
            return(cannedRole);
        }
Пример #6
0
        public override void UpdateRole(RoleDefinition definition)
        {
            List <string> enabledPermissionFeatures = null;

            if (this.settings.ServicePlanSettings != null)
            {
                if (definition.IsEndUserRole && !this.settings.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled)
                {
                    enabledPermissionFeatures = this.settings.ServicePlanSettings.GetAggregatedMailboxPlanPermissions();
                }
                else if (!definition.IsEndUserRole)
                {
                    enabledPermissionFeatures = this.settings.ServicePlanSettings.Organization.GetEnabledPermissionFeatures();
                }
            }
            base.CreateOrUpdateRole(this.roleNameMapping, definition, enabledPermissionFeatures);
        }
        private void PurgeInvalidAssignmentsFromRoleGroup(RoleGroupRoleMapping rgMapping, ADGroup roleGroup, List <ExchangeRole> topCannedRoles)
        {
            TaskLogger.LogEnter();
            if (!InstallCannedRbacRoleAssignments.MonitoredDCOnlyRoleGroups.Contains(rgMapping.RoleGroup))
            {
                return;
            }
            List <string> list = new List <string>(rgMapping.Assignments.Length * 2);

            RoleAssignmentDefinition[] assignments = rgMapping.Assignments;
            for (int i = 0; i < assignments.Length; i++)
            {
                RoleAssignmentDefinition assignmentDefinition = assignments[i];
                List <ExchangeRole>      list2 = topCannedRoles.FindAll((ExchangeRole x) => x.RoleType.Equals(assignmentDefinition.RoleType));
                if (list2 != null)
                {
                    foreach (ExchangeRole exchangeRole in list2)
                    {
                        list.Add(exchangeRole.DistinguishedName);
                        list.Add(exchangeRole.Id.GetChildId(RoleDefinition.GetDCSafeNameForRole(exchangeRole.Name)).DistinguishedName);
                    }
                }
            }
            ADPagedReader <ExchangeRoleAssignment> adpagedReader = this.configurationSession.FindPaged <ExchangeRoleAssignment>(base.OrgContainerId.GetDescendantId(ExchangeRoleAssignment.RdnContainer), QueryScope.SubTree, new ComparisonFilter(ComparisonOperator.Equal, ExchangeRoleAssignmentSchema.User, roleGroup.Id), null, 0);

            using (IEnumerator <ExchangeRoleAssignment> enumerator2 = adpagedReader.GetEnumerator())
            {
                while (enumerator2.MoveNext())
                {
                    ExchangeRoleAssignment roleAssignment = enumerator2.Current;
                    if (!list.Contains(roleAssignment.Role.DistinguishedName, StringComparer.OrdinalIgnoreCase))
                    {
                        if (topCannedRoles.Find((ExchangeRole x) => x.Name.Equals(roleAssignment.Role.Name, StringComparison.OrdinalIgnoreCase) && x.RoleType.Equals(RoleType.UnScoped)) == null)
                        {
                            ExchangeRole exchangeRole2 = this.configurationSession.Read <ExchangeRole>(roleAssignment.Role);
                            if (exchangeRole2 != null && !exchangeRole2.RoleType.Equals(RoleType.UnScoped))
                            {
                                this.RemoveRoleAssignment(roleAssignment);
                            }
                        }
                    }
                }
            }
            TaskLogger.LogExit();
        }
Пример #8
0
        protected void FindAndUpdateDerivedRoles(ExchangeRole updatedParentRole, RoleEntry[] oldParentRoleEntries, RoleDefinition roleDefinition, ref int recursionCount)
        {
            ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->FindAndUpdateDerivedRoles: updatedParentRole.Name = {0}, updatedParentRole.RoleEntries.Count = {1}, oldParentRoleEntries.Length = {2}, recursionCount = {3}", new object[]
            {
                updatedParentRole.Name,
                updatedParentRole.RoleEntries.Count,
                oldParentRoleEntries.Length,
                recursionCount
            });
            if (++recursionCount >= 1000)
            {
                return;
            }
            bool flag  = false;
            bool flag2 = this.settings.Organization == null && (Datacenter.IsMicrosoftHostedOnly(false) || Datacenter.IsDatacenterDedicated(false)) && roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions);
            ADPagedReader <ExchangeRole> adpagedReader = this.settings.ConfigurationSession.FindPaged <ExchangeRole>(updatedParentRole.Id, QueryScope.OneLevel, null, null, 0);

            foreach (ExchangeRole exchangeRole in adpagedReader)
            {
                this.settings.LogReadObject(exchangeRole);
                RoleEntry[]      array = this.PrepareRoleForUpgradeAndGetOldSortedEntries(exchangeRole, false);
                List <RoleEntry> value;
                if (1 == recursionCount && flag2 && exchangeRole.Name.Equals(RoleDefinition.GetDCSafeNameForRole(updatedParentRole.Name), StringComparison.OrdinalIgnoreCase))
                {
                    value = roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions);
                    flag  = true;
                }
                else
                {
                    value = this.GetListOfRoleEntriesForChildRole(oldParentRoleEntries, array, updatedParentRole.RoleEntries.ToArray(), exchangeRole.IsChanged(ADObjectSchema.ExchangeVersion));
                }
                exchangeRole.RoleEntries = new MultiValuedProperty <RoleEntry>(value);
                this.FindAndUpdateDerivedRoles(exchangeRole, array, roleDefinition, ref recursionCount);
                this.SaveDerivedRoleAndWarnOnValidationErrors(exchangeRole);
                ExTraceGlobals.AccessCheckTracer.TraceFunction <string, int>(20005L, "----FindAndUpdateDerivedRoles: role.Name = {0}, role.RoleEntries.Count = {1}", exchangeRole.Name, exchangeRole.RoleEntries.Count);
            }
            if (1 == recursionCount && !flag)
            {
                this.CreateDCSafeRoleIfNeeded(updatedParentRole, roleDefinition);
            }
            recursionCount--;
            ExTraceGlobals.AccessCheckTracer.TraceFunction <int>(20005L, "<--FindAndUpdateDerivedRoles: recursionCount = {0}", recursionCount);
        }
Пример #9
0
        protected void CreateDCSafeRoleIfNeeded(ExchangeRole cannedRole, RoleDefinition roleDefinition)
        {
            if (this.settings.Organization != null || !Datacenter.IsMicrosoftHostedOnly(false))
            {
                return;
            }
            if (!roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions))
            {
                return;
            }
            ExchangeRole exchangeRole = roleDefinition.GenerateRole(null, cannedRole.Id, null, null);

            exchangeRole.Name           = RoleDefinition.GetDCSafeNameForRole(cannedRole.Name);
            exchangeRole.RoleEntries    = new MultiValuedProperty <RoleEntry>(roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions));
            exchangeRole.OrganizationId = this.settings.OrganizationId;
            if (exchangeRole.RoleEntries.Count != 0)
            {
                this.SaveRoleAndWarnOnFailure(exchangeRole);
            }
        }
Пример #10
0
        internal static RoleDefinition[] MergeRoleDefinitions(RoleDefinition[] cmdletRoleDefinitions, RoleDefinition[] webServiceRoleDefinitions)
        {
            List <RoleDefinition> list  = cmdletRoleDefinitions.ToList <RoleDefinition>();
            List <RoleDefinition> list2 = new List <RoleDefinition>();

            for (int i = 0; i < webServiceRoleDefinitions.Length; i++)
            {
                RoleDefinition webServiceDef = webServiceRoleDefinitions[i];
                int            num           = list.FindIndex(delegate(RoleDefinition x)
                {
                    string roleName = x.RoleName;
                    RoleDefinition webServiceDef2 = webServiceDef;
                    if (roleName.Equals(webServiceDef2.RoleName, StringComparison.OrdinalIgnoreCase))
                    {
                        RoleType roleType             = x.RoleType;
                        RoleDefinition webServiceDef3 = webServiceDef;
                        return(roleType == webServiceDef3.RoleType);
                    }
                    return(false);
                });
                if (num >= 0)
                {
                    RoleDefinition    roleDefinition = list[num];
                    List <RoleCmdlet> list3          = roleDefinition.Cmdlets.ToList <RoleCmdlet>();
                    List <RoleCmdlet> list4          = list3;
                    RoleDefinition    webServiceDef4 = webServiceDef;
                    list4.AddRange(webServiceDef4.Cmdlets);
                    RoleDefinition value = new RoleDefinition(roleDefinition.RoleName, roleDefinition.ParentRoleName, roleDefinition.RoleType, list3.ToArray());
                    list[num] = value;
                }
                else
                {
                    list2.Add(webServiceDef);
                }
            }
            list.AddRange(list2);
            return(list.ToArray());
        }
Пример #11
0
        protected ExchangeRole CreateOrUpdateRole(RoleNameMapping mapping, RoleDefinition definition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
        {
            ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->CreateOrUpdateRole: RoleDefinition = {0}, enabledPermissionFeatures is Null = {1}, suffix = {2}, mailboxPlanIndex = {3}", new object[]
            {
                definition.RoleName,
                enabledPermissionFeatures == null,
                string.IsNullOrEmpty(suffix) ? string.Empty : suffix,
                string.IsNullOrEmpty(mailboxPlanIndex) ? string.Empty : mailboxPlanIndex
            });
            this.RenameExistingRole(mapping, suffix);
            ExchangeRole exchangeRole = definition.GenerateRole(enabledPermissionFeatures, this.settings.RolesContainerId, suffix, mailboxPlanIndex);

            if (exchangeRole.RoleEntries.Count > 0)
            {
                ExchangeRole exchangeRole2 = this.settings.ConfigurationSession.Read <ExchangeRole>(exchangeRole.Id);
                if (exchangeRole2 != null)
                {
                    this.settings.LogReadObject(exchangeRole2);
                    this.UpdateCannedRole(exchangeRole2, exchangeRole, definition);
                    exchangeRole = exchangeRole2;
                    ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: Role Updated");
                }
                else
                {
                    exchangeRole.OrganizationId = this.settings.OrganizationId;
                    this.SaveRoleAndSuggestCleanupOnFailure(exchangeRole);
                    ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: New Role created");
                    this.CreateDCSafeRoleIfNeeded(exchangeRole, definition);
                }
            }
            else
            {
                ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: No Role created");
                this.settings.RemoveRoleAndAssignments(exchangeRole.Id);
                exchangeRole = null;
            }
            return(exchangeRole);
        }
Пример #12
0
 public RoleDefinition(string theRoleName, string theParentRoleName, RoleType theRoleType, RoleCmdlet[] theCmdlets)
 {
     this = new RoleDefinition(theRoleName, theRoleType, theCmdlets);
     this.parentRoleName = theParentRoleName;
 }
Пример #13
0
        protected void UpdateCannedRole(ExchangeRole existingRole, ExchangeRole cannedRole, RoleDefinition roleDefinition)
        {
            ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->UpdateCannedRole: existingRole = {0}, existingRoleVersion = {1}, existingRole-RoleType = {2}, cannedRole = {3}, cannedRoleVersion = {4}, cannedRole-RoleType = {5}", new object[]
            {
                existingRole.Name,
                existingRole.ExchangeVersion.ToString(),
                existingRole.RoleType.ToString(),
                cannedRole.Name,
                cannedRole.ExchangeVersion.ToString(),
                cannedRole.RoleType.ToString()
            });
            bool flag = existingRole.ExchangeVersion == ExchangeRoleSchema.Exchange2009_R3;

            RoleEntry[] array = this.PrepareRoleForUpgradeAndGetOldSortedEntries(existingRole, false);
            existingRole.RoleEntries = (flag ? cannedRole.RoleEntries : this.CalculateUpdatedRoleEntries(cannedRole, array));
            int num = 0;

            this.FindAndUpdateDerivedRoles(existingRole, array, roleDefinition, ref num);
            existingRole.OrganizationId = this.settings.OrganizationId;
            this.SaveRoleAndSuggestCleanupOnFailure(existingRole);
            ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<---UpdateCannedRole");
        }
 public override void UpdateRole(RoleDefinition definition)
 {
     throw new NotImplementedException("DeprecateRoleUpgrader feature not implemented");
 }
Пример #15
0
 protected ExchangeRole CreateOrUpdateRole(RoleNameMapping mapping, RoleDefinition definition, List <string> enabledPermissionFeatures)
 {
     return(this.CreateOrUpdateRole(mapping, definition, enabledPermissionFeatures, null, null));
 }
Пример #16
0
        public static bool CanUpgrade(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition, out RoleUpgrader roleUpgrader)
        {
            ExTraceGlobals.AccessCheckTracer.TraceFunction <string>(20006L, "-->NonDeprecatedRoleUpgrader.CanUpgrade: roleName = {0}", roleDefinition.RoleName);
            bool flag = false;

            roleUpgrader = null;
            if (settings.Organization == null)
            {
                flag = true;
            }
            else if (!roleDefinition.IsEndUserRole || !settings.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled)
            {
                flag = true;
            }
            flag = (flag && (roleNameMapping == null || (!roleNameMapping.IsDeprecatedRole && !roleNameMapping.IsSplitting)));
            if (flag)
            {
                roleUpgrader = new NonDeprecatedRoleUpgrader(settings, roleNameMapping);
            }
            ExTraceGlobals.AccessCheckTracer.TraceFunction <bool>(20006L, "<--NonDeprecatedRoleUpgrader.CanUpgrade: canUpgrade = {0}", flag);
            return(flag);
        }
Пример #17
0
 public abstract void UpdateRole(RoleDefinition definition);
Пример #18
0
        public static RoleUpgrader GetRoleUpgrader(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition)
        {
            RoleUpgrader result = null;

            foreach (RoleUpgraderFactory.CanUpgradeRoleDelegate canUpgradeRoleDelegate in RoleUpgraderFactory.knownUpgrades)
            {
                if (canUpgradeRoleDelegate(settings, roleNameMapping, roleDefinition, out result))
                {
                    break;
                }
            }
            return(result);
        }
Пример #19
0
        public new static bool CanUpgrade(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition, out RoleUpgrader roleUpgrader)
        {
            ExTraceGlobals.AccessCheckTracer.TraceFunction <string>(20009L, "-->SplitRoleUpgrader.CanUpgrade: roleName = {0}", roleDefinition.RoleName);
            bool flag = false;

            roleUpgrader = null;
            if (!roleDefinition.IsEndUserRole)
            {
                flag = true;
            }
            flag = (flag && roleNameMapping != null && roleNameMapping.IsSplitting);
            if (flag)
            {
                roleUpgrader = new SplitRoleUpgrader(settings, roleNameMapping);
            }
            ExTraceGlobals.AccessCheckTracer.TraceFunction <bool>(20009L, "<--SplitRoleUpgrader.CanUpgrade: canUpgrade = {0}", flag);
            return(flag);
        }
        public new static bool CanUpgrade(RoleUpgradeConfigurationSettings settings, RoleNameMapping roleNameMapping, RoleDefinition roleDefinition, out RoleUpgrader roleUpgrader)
        {
            ExTraceGlobals.AccessCheckTracer.TraceFunction <string>(20009L, "-->MailboxPlanDeprecatedRoleUpgrader.CanUpgrade: roleName = {0}", roleDefinition.RoleName);
            bool flag = false;

            roleUpgrader = null;
            if (settings.Organization != null && roleDefinition.IsEndUserRole && roleNameMapping != null && roleNameMapping.IsDeprecatedRole && settings.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled)
            {
                flag = true;
            }
            if (flag)
            {
                roleUpgrader = new MailboxPlanDeprecatedRoleUpgrader(settings, roleNameMapping);
            }
            ExTraceGlobals.AccessCheckTracer.TraceFunction <bool>(20008L, "<--MailboxPlanDeprecatedRoleUpgrader.CanUpgrade: canUpgrade = {0}", flag);
            return(flag);
        }