// Token: 0x06001245 RID: 4677 RVA: 0x00039AC8 File Offset: 0x00037CC8
public override string GetMembershipId(SenderInfo senderInfo)
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.GetMembershipId] Enter.");
string result;
try
{
string name = senderInfo.Principal.Identity.Name;
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsAuthorization.GetMembershipId] membershipId = \"{0}\".", name);
result = name;
}
catch (Exception ex)
{
ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>((long)this.GetHashCode(), "[PswsAuthorization.GetMembershipId] Exception: {0}", ex);
AuthZLogger.SafeAppendGenericError("PswsAuthorization.GetMembershipId", ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsPublicAPIFailed, null, new object[]
{
"PswsAuthorization.GetMembershipId",
ex.ToString()
});
PswsErrorHandling.SendErrorToClient(PswsErrorCode.MemberShipIdError, ex, null);
throw;
}
finally
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.GetMembershipId] Exit.");
}
return(result);
}
private void CheckSessionOverBudget()
{
OverBudgetException exception;
if (WSManBudgetManager.Instance.CheckOverBudget(this.currentAuthZUserToken, CostType.ActiveRunspace, out exception))
{
LocalizedString message = AuthZPluginHelper.HandleUserOverBudgetException(exception, this.currentAuthZUserToken);
throw new AuthorizationException(message);
}
if (this.currentAuthZUserToken.OrgId != null && WSManTenantBudgetManager.Instance.CheckOverBudget(this.currentAuthZUserToken, CostType.ActiveRunspace, out exception))
{
LocalizedString message2 = AuthZPluginHelper.HandleTenantOverBudgetException(exception, this.currentAuthZUserToken);
throw new AuthorizationException(message2);
}
if (AppSettings.Current.MaxPowershellAppPoolConnections > 0 && WSManBudgetManager.Instance.TotalActiveRunspaces >= AppSettings.Current.MaxPowershellAppPoolConnections)
{
string windowsLiveId = this.currentAuthZUserToken.WindowsLiveId;
if (!string.IsNullOrEmpty(windowsLiveId))
{
FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, TimeSpan.Zero);
}
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-Machine", LoggerHelper.GetContributeToFailFastValue("AllUsers", "-1", "NewSesion", -1.0));
FailFastUserCache.Instance.AddAllUsersToCache(BlockedType.NewSession, TimeSpan.Zero);
LocalizedString localizedString = Strings.ErrorMaxConnectionLimit(AppSettings.Current.VDirName);
ExTraceGlobals.RunspaceConfigTracer.TraceError(0L, localizedString);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPSConnectionLimit, null, new object[]
{
AppSettings.Current.VDirName,
AppSettings.Current.MaxPowershellAppPoolConnections
});
throw new AuthorizationException(localizedString);
}
}
private static void ValidateQueryString(string httpURL, ADRawEntry userEntry)
{
string text;
string tenantOrganization = ExchangeRunspaceConfigurationSettings.FromUriConnectionString(httpURL, out text).TenantOrganization;
string value = tenantOrganization;
if (string.IsNullOrEmpty(tenantOrganization))
{
return;
}
AuthZLogger.SafeSetLogger(ConfigurationCoreMetadata.ManagedOrganization, value);
OrganizationId organizationId = userEntry[ADObjectSchema.OrganizationId] as OrganizationId;
if (organizationId != null && !ExchangeRunspaceConfiguration.IsAllowedOrganizationForPartnerAccounts(organizationId))
{
AuthZLogger.SafeAppendGenericError("ValidateQueryString", string.Format("Organization {0} not allowed for partner account.", organizationId.ToString()), false);
ExTraceGlobals.AccessDeniedTracer.TraceError <ADObjectId>(0L, "EAP.ValidateQueryString returns AccessDenied because user {0} does not belong to the appropriate organization", userEntry.Id);
throw new NotAllowedForPartnerAccessException(Strings.ErrorNotAllowedForPartnerAccess);
}
Uri uri;
if (!Uri.TryCreate(httpURL, UriKind.Absolute, out uri))
{
AuthZLogger.SafeAppendGenericError("ValidateQueryString", string.Format("Url {0} Incorrect.", httpURL), false);
ExTraceGlobals.AccessDeniedTracer.TraceError <ADObjectId, string, string>(0L, "EAP.ValidateQueryString returns AccessDenied because tenant user {0} requested partner access to {1} which is not found in the local forest and URL {2} is invalid", userEntry.Id, tenantOrganization, httpURL);
throw new UrlInValidException(Strings.ErrorUrlInValid);
}
ExTraceGlobals.ADConfigTracer.TraceDebug(0L, "EAP.ValidateQueryString returns Success.");
}
private void RunspacesLeakDetected(string key, string relatedBudgetKey)
{
int num = 0;
IPowerShellBudget powerShellBudget = null;
if (this.budgets.TryGetValue(key, out powerShellBudget))
{
num = powerShellBudget.TotalActiveRunspacesCount;
}
if (powerShellBudget != null)
{
ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string, int>(0L, "Connection leak detected for Key {0} in class {1}. Leaked value {2}.", key, base.GetType().ToString(), num);
if (num > 0)
{
AuthZLogger.SafeAppendGenericError("WSManBudgetManagerBase.RunspacesLeakDetected", string.Format("Connection leak detected for Key {0} in class {1}. Leaked value {2}.", key, base.GetType(), num), false);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PSConnectionLeakDetected, null, new object[]
{
key,
base.GetType().ToString(),
num
});
this.UpdateConnectionLeakPerfCounter(num);
}
powerShellBudget.Dispose();
}
if (num > 0 && relatedBudgetKey != null)
{
this.CorrectRelatedBudgetWhenLeak(relatedBudgetKey, num);
}
}
private static void RemoveCmdletParams(RoleEntryInfo entry, IList <string> paramList, IList <RoleEntryInfo> cmdletTobeRemoved, IList <RoleEntryInfo> cmdletTobeAdded, bool fNewCmdlet)
{
if (paramList == null || paramList.Count == 0)
{
return;
}
if (cmdletTobeRemoved == null)
{
return;
}
if (cmdletTobeAdded == null)
{
return;
}
cmdletTobeRemoved.Add(entry);
IEnumerable <string> source = entry.RoleEntry.Parameters.Except(paramList);
RoleEntryInfo roleEntryInfo;
if (entry.RoleAssignment == null)
{
roleEntryInfo = new RoleEntryInfo(entry.RoleEntry.Clone(source.ToList <string>()));
}
else
{
roleEntryInfo = new RoleEntryInfo(entry.RoleEntry.Clone(source.ToList <string>()), entry.RoleAssignment);
}
roleEntryInfo.ScopeSet = entry.ScopeSet;
cmdletTobeAdded.Add(roleEntryInfo);
if (fNewCmdlet)
{
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.CmdletFlightDisabled, entry.RoleEntry.Name, string.Join(" ", paramList));
}
}
// Token: 0x060012B2 RID: 4786 RVA: 0x0003C778 File Offset: 0x0003A978
internal void StartRunspace(AuthZPluginUserToken userToken)
{
string runspaceCacheKey = this.GetRunspaceCacheKey(userToken);
if (string.IsNullOrEmpty(runspaceCacheKey))
{
AuthZLogger.SafeAppendGenericError("NullOrEmptyRunspaceCacheKey", "User token have an empty ExecutingUserName", false);
return;
}
lock (base.InstanceLock)
{
RunspaceCacheValue runspaceCacheValue;
if (this.runspaceCache.TryGetValue(runspaceCacheKey, out runspaceCacheValue))
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsBudgetManager.StartRunspace] item {0} is removed explicitly", runspaceCacheKey);
if (runspaceCacheValue != null && runspaceCacheValue.CostHandle != null)
{
runspaceCacheValue.CostHandle.Dispose();
}
this.runspaceCache.Remove(runspaceCacheKey);
}
CostHandle costHandle = this.StartRunspaceImpl(userToken);
RunspaceCacheValue value2 = new RunspaceCacheValue
{
CostHandle = costHandle,
UserToken = (PswsAuthZUserToken)userToken
};
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, TimeSpan>((long)this.GetHashCode(), "[PswsBudgetManager.StartRunspace] Add value {0} to runspace cache. Expired time = {1}.", runspaceCacheKey, this.pswsRunspaceCacheTimeout);
this.runspaceCache.InsertAbsolute(runspaceCacheKey, value2, this.pswsRunspaceCacheTimeout, new RemoveItemDelegate <string, RunspaceCacheValue>(this.OnRunspaceCacheItemExpired));
}
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsBudgetManager.StartRunspace] Add/Update value {0} to connectedUser cache.", runspaceCacheKey);
this.connectedUsers.AddOrUpdate(runspaceCacheKey, ExDateTime.Now, (string key, ExDateTime value) => ExDateTime.Now);
AuthZPluginHelper.UpdateAuthZPluginPerfCounters(this);
}
// Token: 0x06001277 RID: 4727 RVA: 0x0003B964 File Offset: 0x00039B64
internal static bool TryParseCultureInfo(NameValueCollection headers, out CultureInfo cultureInfo)
{
cultureInfo = null;
string text = headers.Get("X-CultureInfo");
if (!string.IsNullOrWhiteSpace(text))
{
try
{
cultureInfo = new CultureInfo(text);
return(true);
}
catch (CultureNotFoundException ex)
{
ExTraceGlobals.RunspaceConfigTracer.TraceError <string, CultureNotFoundException>(0L, "[PswsAuthZHelper.TryParseCultureInfo] Invalid culture info \"{0}\". Exception: {1}", text, ex);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_InvalidCultureInfo, text, new object[]
{
text,
ex.ToString()
});
AuthZLogger.SafeAppendGenericError("InvalidCultureInfo", text, false);
}
return(false);
}
return(false);
}
private static void RemoveCmdlet(RoleEntryInfo entry, IList <RoleEntryInfo> cmdletTobeRemoved, bool fNewCmdlet)
{
cmdletTobeRemoved.Add(entry);
if (fNewCmdlet)
{
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.CmdletFlightDisabled, entry.RoleEntry.Name, "*");
}
}
// Token: 0x060012E8 RID: 4840 RVA: 0x0003D98F File Offset: 0x0003BB8F
private static void LogException(Exception ex, string funcName, bool throwException)
{
if (throwException)
{
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, false);
}
AuthZLogger.SafeAppendGenericError(funcName, ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
}
internal static bool ValidateFilteringOnlyUser(string domain, string username)
{
if (string.IsNullOrEmpty(domain) || !VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).CmdletInfra.ValidateFilteringOnlyUser.Enabled)
{
return(false);
}
if (username.EndsWith(".exchangemon.net", StringComparison.InvariantCultureIgnoreCase))
{
AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("Bypass monitoring account {0} check.", username));
return(false);
}
bool result;
try
{
bool flag = false;
domain = domain.ToLower();
if (!UserValidationHelper.filteringOnlyCache.TryGetValue(domain, out flag))
{
CustomerType customerType = CustomerType.None;
Guid guid;
string text;
string text2;
UserValidationHelper.GlsSession.GetFfoTenantSettingsByDomain(domain, out guid, out text, out text2, out customerType);
flag = (customerType == CustomerType.FilteringOnly);
UserValidationHelper.filteringOnlyCache.TryInsertAbsolute(domain, flag, UserValidationHelper.DefaultAbsoluteTimeout);
ExTraceGlobals.PublicPluginAPITracer.TraceDebug(0L, "[UserValidationHelper.ValidateFilteringOnlyUser] Domain:{0} belongs to TenantId:{1}, Region:{2}, Version: {3}, CustomerType: {4}.", new object[]
{
domain,
guid,
text,
text2,
customerType
});
AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("Domain:{0} belongs to TenantId:{1}, Region:{2}, Version: {3}, CustomerType: {4}.", new object[]
{
domain,
guid,
text,
text2,
customerType
}));
}
else
{
AuthZLogger.SafeAppendGenericInfo("ValidateFilteringOnlyUser", string.Format("HitCache Domain: {0} is filteringOnly: {1}.", domain, flag));
}
result = flag;
}
catch (Exception ex)
{
ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>(0L, "[UserValidationHelper.ValidateFilteringOnlyUser] Exception:{0}", ex);
AuthZLogger.SafeAppendGenericError("ValidateFilteringOnlyUser", ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
result = false;
}
return(result);
}
// Token: 0x060012F4 RID: 4852 RVA: 0x0003E08C File Offset: 0x0003C28C
internal static void TriggerFailFastForAuthZFailure(string windowsLiveId)
{
if (string.IsNullOrEmpty(windowsLiveId))
{
return;
}
FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, TimeSpan.Zero);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserSelf", LoggerHelper.GetContributeToFailFastValue("User", windowsLiveId, "NewSession", -1.0));
}
// Token: 0x060012F3 RID: 4851 RVA: 0x0003DE30 File Offset: 0x0003C030
internal static LocalizedString HandleTenantOverBudgetException(OverBudgetException exception, AuthZPluginUserToken userToken)
{
string policyPart = exception.PolicyPart;
string orgIdInString = userToken.OrgIdInString;
string userName = userToken.UserName;
string windowsLiveId = userToken.WindowsLiveId;
ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string, string>(0L, "Get Tenant OverBudgetException for user {0}, Organization {1}. Message: {2}", userName, orgIdInString, exception.ToString());
AuthZLogger.SafeAppendGenericError("Tenant_OverBudgetException", exception.ToString(), false);
TimeSpan blockedTime = TimeSpan.FromMilliseconds((double)exception.BackoffTime);
if (windowsLiveId != null)
{
FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, blockedTime);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserOrg", LoggerHelper.GetContributeToFailFastValue("User", windowsLiveId, "NewSession", blockedTime.TotalMilliseconds));
}
if (!string.IsNullOrEmpty(orgIdInString))
{
FailFastUserCache.Instance.AddTenantToCache(orgIdInString, BlockedType.NewSession, blockedTime);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-Org", LoggerHelper.GetContributeToFailFastValue("Tenant", orgIdInString, "NewSession", blockedTime.TotalMilliseconds));
foreach (string text in userToken.DomainsToBlockTogether)
{
FailFastUserCache.Instance.AddTenantToCache(text, BlockedType.NewSession, blockedTime);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-AcceptedDomain-" + text, LoggerHelper.GetContributeToFailFastValue("Tenant", text, "NewSession", blockedTime.TotalMilliseconds));
}
}
IThrottlingPolicy throttlingPolicy = userToken.GetThrottlingPolicy();
LocalizedString value;
if (policyPart == "MaxTenantConcurrency")
{
value = Strings.ErrorMaxTenantPSConnectionLimit(orgIdInString);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxTenantPSConnectionLimit, null, new object[]
{
userName,
orgIdInString,
throttlingPolicy.PowerShellMaxTenantConcurrency
});
}
else
{
if (!(policyPart == "MaxTenantRunspaces"))
{
throw new NotSupportedException(string.Format("DEV bug. The exception policy part {0} is not expected.", policyPart));
}
value = Strings.ErrorTenantMaxRunspacesTarpitting(orgIdInString, exception.BackoffTime / 1000);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxTenantPSRunspaceInTimePeriodLimit, null, new object[]
{
userName,
orgIdInString,
throttlingPolicy.PowerShellMaxTenantRunspaces,
throttlingPolicy.PowerShellMaxRunspacesTimePeriod,
exception.BackoffTime
});
}
return(new LocalizedString(value + string.Format("{2}Policy: {0}; {2}Snapshot: {1}", exception.ThrottlingPolicyDN, exception.Snapshot, Environment.NewLine)));
}
// Token: 0x060012EA RID: 4842 RVA: 0x0003D9DC File Offset: 0x0003BBDC
private static T HandleExceptionAndRetry <T>(string methodName, Func <T> func, bool throwException, T defaultReturnValue)
{
for (int i = 0; i < 2; i++)
{
try
{
Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, int>(0L, "Retry function {0} the {1} times.", methodName, i);
return(func());
}
catch (Exception ex)
{
bool flag = ex is TransientException;
bool flag2 = AuthZPluginHelper.IsFatalException(ex);
bool flag3 = flag2 || AuthZLogHelper.ExceptionNoNeedToRetry(ex);
Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceDebug(0L, "{0} caught Exception {1}. IsTransientException = {2}. IsFatalException = {3}. NoNeedToRetry = {4}.", new object[]
{
methodName,
ex,
flag,
flag2,
flag3
});
ExEventLog.EventTuple eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_UnknownError;
if (flag)
{
eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_TransientError;
}
else if (flag2)
{
eventInfo = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RBACUnavailable_FatalError;
}
TaskLogger.LogRbacEvent(eventInfo, null, new object[]
{
methodName,
ex
});
if (flag3 || i == 1)
{
if (!(ex is ADTransientException) && (flag2 || throwException))
{
throw;
}
AuthZLogHelper.LogException(ex, methodName, false);
break;
}
else
{
AuthZLogger.SafeAppendGenericInfo(methodName + "-" + ex.GetType().Name + "-Retried", ex.Message);
}
}
}
Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer.TraceError <string, T>(0L, "{0} returns default value {1}.", methodName, defaultReturnValue);
return(defaultReturnValue);
}
// Token: 0x060012F2 RID: 4850 RVA: 0x0003DC08 File Offset: 0x0003BE08
internal static LocalizedString HandleUserOverBudgetException(OverBudgetException exception, AuthZPluginUserToken userToken)
{
string policyPart = exception.PolicyPart;
string userName = userToken.UserName;
string windowsLiveId = userToken.WindowsLiveId;
ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string>(0L, "Get User OverBudgetException for user {0}. Message: {1}", userName, exception.ToString());
AuthZLogger.SafeAppendGenericError("User_OverBudgetException", exception.ToString(), false);
if (!string.IsNullOrEmpty(windowsLiveId))
{
BlockedType blockedType = (policyPart == "PowerShellMaxCmdlets") ? BlockedType.NewRequest : BlockedType.NewSession;
FailFastUserCache.Instance.AddUserToCache(userToken.WindowsLiveId, blockedType, TimeSpan.Zero);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserSelf", LoggerHelper.GetContributeToFailFastValue("User", userToken.WindowsLiveId, blockedType.ToString(), -1.0));
}
IThrottlingPolicy throttlingPolicy = userToken.GetThrottlingPolicy();
LocalizedString value;
if (policyPart == "MaxConcurrency")
{
value = Strings.ErrorMaxRunspacesLimit(throttlingPolicy.PowerShellMaxConcurrency.ToString(), policyPart);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxUserPSConnectionLimit, null, new object[]
{
userName,
throttlingPolicy.PowerShellMaxConcurrency
});
}
else if (policyPart == "MaxRunspacesTimePeriod")
{
value = Strings.ErrorMaxRunspacesTarpitting(exception.BackoffTime / 1000);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPSRunspaceInTimePeriodLimit, null, new object[]
{
userName,
throttlingPolicy.PowerShellMaxRunspaces,
throttlingPolicy.PowerShellMaxRunspacesTimePeriod,
exception.BackoffTime
});
}
else
{
if (!(policyPart == "PowerShellMaxCmdlets"))
{
throw new NotSupportedException(string.Format("DEV bug. The exception policy part {0} is not expected.", policyPart));
}
value = Strings.ErrorOperationTarpitting(exception.BackoffTime / 1000);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPowershellCmdletLimit, null, new object[]
{
userName,
throttlingPolicy.PowerShellMaxCmdlets,
throttlingPolicy.PowerShellMaxCmdletsTimePeriod,
exception.BackoffTime
});
}
return(new LocalizedString(value + string.Format("{2}Policy: {0}; {2}Snapshot: {1}", exception.ThrottlingPolicyDN, exception.Snapshot, Environment.NewLine)));
}
// Token: 0x060012E7 RID: 4839 RVA: 0x0003D8FC File Offset: 0x0003BAFC
internal static void LogAuthZUserToken(AuthZPluginUserToken userToken)
{
if (userToken == null)
{
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, false);
return;
}
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, true);
AuthZLogger.SafeSetLogger(ServiceCommonMetadata.AuthenticatedUser, userToken.UserNameForLogging);
AuthZLogger.SafeSetLogger(ActivityStandardMetadata.AuthenticationType, userToken.AuthenticationType);
AuthZLogger.SafeSetLogger(ActivityStandardMetadata.TenantId, userToken.OrgIdInString);
if (userToken.DelegatedPrincipal != null)
{
AuthZLogger.SafeSetLogger(ConfigurationCoreMetadata.ManagedOrganization, "Delegate:" + userToken.DelegatedPrincipal.DelegatedOrganization);
}
}
internal static VariantConfigurationSnapshot GetSnapshot(ADRawEntry executingUser, IEnumerable <KeyValuePair <string, string> > additionalConstraints)
{
if (executingUser == null)
{
return(null);
}
VariantConfigurationSnapshot variantConfigurationSnapshot = null;
MiniRecipient miniRecipient = new MiniRecipient();
try
{
try
{
miniRecipient[MiniRecipientSchema.UserPrincipalName] = executingUser[ADUserSchema.UserPrincipalName];
miniRecipient[ADObjectSchema.OrganizationId] = executingUser[ADObjectSchema.OrganizationId];
miniRecipient[MiniRecipientSchema.ExternalDirectoryObjectId] = executingUser[ADRecipientSchema.ExternalDirectoryObjectId];
miniRecipient[MiniRecipientSchema.Languages] = executingUser[ADOrgPersonSchema.Languages];
}
catch (DataValidationException ex)
{
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "DataValidationException", ex.Message);
}
ConstraintCollection constraintCollection = null;
if (additionalConstraints != null)
{
constraintCollection = ConstraintCollection.CreateEmpty();
foreach (KeyValuePair <string, string> keyValuePair in additionalConstraints)
{
constraintCollection.Add(keyValuePair.Key, keyValuePair.Value);
}
}
variantConfigurationSnapshot = VariantConfiguration.GetSnapshot(miniRecipient.GetContext(null), constraintCollection, null);
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "Flights", string.Join(" ", variantConfigurationSnapshot.Flights));
}
catch (Exception ex2)
{
AuthZLogger.SafeAppendGenericError("VariantConfigurationSnapshot.Exception", ex2.Message, false);
}
finally
{
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "User", executingUser[ADUserSchema.UserPrincipalName].ToString());
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.VariantConfigurationSnapshot, "Org", executingUser[ADObjectSchema.OrganizationId].ToString());
}
return(variantConfigurationSnapshot);
}
private static void BuildParamFlightingList(RoleEntryInfo entry, ICmdletSettings cmdletSettings, ref IList <string> paramFlightingList)
{
IEnumerable <string> enumerable = cmdletSettings.Params0.Union(cmdletSettings.Params1);
enumerable = enumerable.Union(cmdletSettings.Params2);
enumerable = enumerable.Union(cmdletSettings.Params3);
enumerable = enumerable.Union(cmdletSettings.Params4);
enumerable = enumerable.Union(cmdletSettings.Params5);
enumerable = enumerable.Union(cmdletSettings.Params6);
enumerable = enumerable.Union(cmdletSettings.Params7);
enumerable = enumerable.Union(cmdletSettings.Params8);
enumerable = enumerable.Union(cmdletSettings.Params9);
if (enumerable != null)
{
paramFlightingList = enumerable.ToList <string>();
AuthZLogger.SafeAppendColumn(RpsAuthZMetadata.CmdletFlightEnabled, entry.RoleEntry.Name, string.Join(" ", paramFlightingList));
}
}
// Token: 0x06001273 RID: 4723 RVA: 0x0003B5D8 File Offset: 0x000397D8
internal static IIdentity GetExecutingAuthZUser(UserToken userToken)
{
Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType = userToken.AuthenticationType;
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Microsoft.Exchange.Configuration.Core.AuthenticationType>(0L, "[PswsAuthZHelper.GetExecutingAuthZUser] authenticationType = \"{0}\".", authenticationType);
IIdentity identity = HttpContext.Current.Items["X-Psws-CurrentLogonUser"] as IIdentity;
if (identity is SidOAuthIdentity)
{
AuthZLogger.SafeAppendGenericInfo("PswsLogonUser", "SidOAuthIdentity");
return(identity);
}
if (identity is WindowsTokenIdentity)
{
AuthZLogger.SafeAppendGenericInfo("PswsLogonUser", "WindowsTokenIdentity");
return(((WindowsTokenIdentity)identity).ToSerializedIdentity());
}
return(AuthZPluginHelper.ConstructAuthZUser(userToken, authenticationType));
}
// Token: 0x06000080 RID: 128 RVA: 0x00004400 File Offset: 0x00002600
public WinRMDataReceiver(string connectionUrl, string userName, string authenticationType, LatencyTracker latencyTracker)
{
WinRMDataReceiver < > 4__this = this;
if (!WinRMDataExchangeHelper.IsExchangeDataUseAuthenticationType() && !WinRMDataExchangeHelper.IsExchangeDataUseNamedPipe())
{
throw new InvalidFlightingException();
}
CoreLogger.ExecuteAndLog("WinRMDataReceiver.Ctor", true, latencyTracker, delegate(Exception ex)
{
AuthZLogger.SafeAppendGenericError("WinRMDataReceiver.Ctor", ex.ToString(), false);
}, delegate()
{
< > 4__this.latencyTracker = latencyTracker;
if (WinRMDataExchangeHelper.IsExchangeDataUseAuthenticationType())
{
WinRMDataExchangeHelper.DehydrateAuthenticationType(authenticationType, out < > 4__this.authenticationType, out < > 4__this.serializedData);
}
else
{
private void IncreasePowershellConnections()
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>(0L, "Increase PowershellConnections for {0}.", this.currentAuthZUserToken.UserName);
if (this.connCounterStatus != ExchangeAuthorizationPlugin.ConnCounterStatus.WaitingIncreasement)
{
ExTraceGlobals.PublicPluginAPITracer.TraceError <ExchangeAuthorizationPlugin.ConnCounterStatus>(0L, "Try to increase the powershell connection counter, but connCounterStatus is NOT WaitingIncreasement, instead it is {0}.", this.connCounterStatus);
this.connCounterStatus = ExchangeAuthorizationPlugin.ConnCounterStatus.Error;
return;
}
this.activeRunSpaceCostHandle = WSManBudgetManager.Instance.StartRunspace(this.currentAuthZUserToken);
if (this.currentAuthZUserToken.OrgId != null)
{
this.tenantActiveRunspaceCostHandle = WSManTenantBudgetManager.Instance.StartRunspace(this.currentAuthZUserToken);
}
this.connCounterStatus = ExchangeAuthorizationPlugin.ConnCounterStatus.Increased;
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveRunspaces, WSManBudgetManager.Instance.TotalActiveRunspaces);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveUsers, WSManBudgetManager.Instance.TotalActiveUsers);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.UserBudgetOnStart, WSManBudgetManager.Instance.GetWSManBudgetUsage(this.currentAuthZUserToken));
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.TenantBudgetOnStart, WSManTenantBudgetManager.Instance.GetWSManBudgetUsage(this.currentAuthZUserToken));
AuthZPluginHelper.UpdateAuthZPluginPerfCounters(WSManBudgetManager.Instance);
}
// Token: 0x0600126E RID: 4718 RVA: 0x0003B46C File Offset: 0x0003966C
protected override void PreGetInitialSessionState(PSSenderInfo senderInfo)
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PreGetInitialSessionState] Enter.");
UserToken userToken = HttpContext.Current.CurrentUserToken();
PswsAuthZUserToken authZPluginUserToken = PswsAuthZHelper.GetAuthZPluginUserToken(userToken);
OverBudgetException ex;
if (PswsBudgetManager.Instance.CheckOverBudget(authZPluginUserToken, CostType.ActiveRunspace, out ex))
{
ExTraceGlobals.PublicPluginAPITracer.TraceError <OverBudgetException>((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PreGetInitialSessionState] OverBudgetException: {0}.", ex);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsOverBudgetException, null, new object[]
{
HttpContext.Current.User.Identity.Name,
ex.ToString(),
PswsBudgetManager.Instance.GetConnectedUsers()
});
PswsErrorHandling.SendErrorToClient(PswsErrorCode.OverBudgetException, ex, ex.Snapshot);
AuthZLogger.SafeAppendGenericError("OverBudgetException", ex.ToString(), false);
throw ex;
}
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorizationPlugin.PreGetInitialSessionState] Exit.");
}
internal static bool TryFindOrganizationIdForDelegatedPrincipal(DelegatedPrincipal principal, out OrganizationId orgId)
{
orgId = null;
ExchangeConfigurationUnit exchangeConfigurationUnit = null;
Exception ex = null;
try
{
exchangeConfigurationUnit = ExchangeAuthorizationPlugin.GetExchangeConfigurationUnitByNameOrAcceptedDomain(principal.DelegatedOrganization);
}
catch (CannotResolveTenantNameException ex2)
{
ex = ex2;
}
catch (DataSourceOperationException ex3)
{
ex = ex3;
}
catch (TransientException ex4)
{
ex = ex4;
}
catch (DataValidationException ex5)
{
ex = ex5;
}
if (ex != null)
{
AuthZLogger.SafeAppendGenericError("TryFindOrganizationIdForDelegatedPrincipal", ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_FailedToResolveOrganizationIdForDelegatedPrincipal, null, new object[]
{
principal.DelegatedOrganization,
ex
});
return(false);
}
orgId = exchangeConfigurationUnit.OrganizationId;
return(true);
}
// Token: 0x060012E1 RID: 4833 RVA: 0x0003D75C File Offset: 0x0003B95C
internal static void EndLogging(bool shouldCommit)
{
Microsoft.Exchange.Diagnostics.Components.Configuration.Core.ExTraceGlobals.InstrumentationTracer.TraceDebug(0L, "[AuthZLogHelper.EndLogging] End logging.");
try
{
if (AuthZLogHelper.latencyTracker != null)
{
long num = Diagnostics.ExecuteAndLog <long>("AuthZLogHelper.StopLatencyTracker", false, null, Constants.CoreEventLogger, Microsoft.Exchange.Configuration.Core.EventLog.TaskEventLogConstants.Tuple_NonCrashingException, Microsoft.Exchange.Diagnostics.Components.Configuration.Core.ExTraceGlobals.InstrumentationTracer, null, delegate(Exception ex)
{
AuthZLogHelper.LogException(ex, "AuthZLogHelper.StopLatencyTracker", false);
}, -1L, new Func <long>(AuthZLogHelper.StopLatencyTracker));
AuthZLogger.SafeSetLogger(ConfigurationCoreMetadata.TotalTime, num);
AuthZLogHelper.latencyTracker.PushLatencyDetailsToLog(AuthZLogHelper.funcNameToLogMetadataDic, new Action <Enum, double>(AuthZLogger.UpdateLatency), delegate(string funcName, string totalLatency)
{
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, funcName, totalLatency);
});
}
else
{
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, "LatencyMissed", "AuthZLogHelper.latencyTracker is null");
}
}
finally
{
try
{
if (shouldCommit)
{
AuthZLogger.AsyncCommit(true);
}
}
finally
{
AuthZLogHelper.latencyTracker = null;
}
}
}
internal void CorrectRunspacesLeakPassively(string key, int leakedValue)
{
lock (this.instanceLock)
{
IPowerShellBudget powerShellBudget;
if (this.budgets.TryGetValue(key, out powerShellBudget))
{
int totalActiveRunspacesCount = powerShellBudget.TotalActiveRunspacesCount;
if (totalActiveRunspacesCount > 0)
{
ExTraceGlobals.PublicPluginAPITracer.TraceError(0L, "Correct runspaces leak passively for Key {0} in class {1}. Current Value {2}, Leaked value {3}.", new object[]
{
key,
base.GetType().ToString(),
totalActiveRunspacesCount,
leakedValue
});
AuthZLogger.SafeAppendGenericError("WSManBudgetManagerBase.CorrectRunspacesLeakPassively", string.Format("Correct runspaces leak passively for Key {0} in class {1}. Current Value {2}, Leaked value {3}.", new object[]
{
key,
base.GetType(),
totalActiveRunspacesCount,
leakedValue
}), false);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PSConnectionLeakPassivelyCorrected, null, new object[]
{
key,
base.GetType().ToString(),
totalActiveRunspacesCount,
leakedValue
});
powerShellBudget.CorrectRunspacesLeak(leakedValue);
}
}
}
}
// Token: 0x06001276 RID: 4726 RVA: 0x0003B7F0 File Offset: 0x000399F0
internal static string GetPswsMembershipId(UserToken userToken, NameValueCollection collection)
{
ExAssert.RetailAssert(userToken != null, "[PswsAuthorization.GetPswsMembershipId] userToken can't be null.");
string friendlyName = userToken.Organization.GetFriendlyName();
ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = PswsAuthZHelper.BuildRunspaceConfigurationSettings("https://www.outlook.com/Psws/Service.svc", userToken, collection);
CultureInfo cultureInfo;
PswsAuthZHelper.TryParseCultureInfo(collection, out cultureInfo);
string text = userToken.ManagedOrganization;
if (string.IsNullOrWhiteSpace(text))
{
text = exchangeRunspaceConfigurationSettings.TenantOrganization;
}
string result = string.Format("Name:{0};AT:{1};UserOrg:{2};ManOrg:{3};SL:{4};FSL:{5};CA:{6};EDK:{7};Cul:{8};Proxy:{9}", new object[]
{
PswsAuthZHelper.GetUserNameForCache(userToken),
userToken.AuthenticationType,
friendlyName,
text,
exchangeRunspaceConfigurationSettings.CurrentSerializationLevel,
exchangeRunspaceConfigurationSettings.ProxyFullSerialization,
exchangeRunspaceConfigurationSettings.ClientApplication,
exchangeRunspaceConfigurationSettings.EncodeDecodeKey,
(cultureInfo == null) ? "null" : cultureInfo.Name,
exchangeRunspaceConfigurationSettings.IsProxy
});
AuthZLogger.SafeSetLogger(PswsMetadata.IsProxy, exchangeRunspaceConfigurationSettings.IsProxy);
AuthZLogger.SafeSetLogger(PswsMetadata.ClientApplication, exchangeRunspaceConfigurationSettings.ClientApplication);
AuthZLogger.SafeSetLogger(PswsMetadata.ProxyFullSerialzation, exchangeRunspaceConfigurationSettings.ProxyFullSerialization);
AuthZLogger.SafeSetLogger(PswsMetadata.SerializationLevel, exchangeRunspaceConfigurationSettings.CurrentSerializationLevel);
AuthZLogger.SafeSetLogger(PswsMetadata.CultureInfo, (cultureInfo == null) ? "null" : cultureInfo.Name);
AuthZLogger.SafeSetLogger(PswsMetadata.TenantOrganization, text);
return(result);
}
// Token: 0x060012DF RID: 4831 RVA: 0x0003D670 File Offset: 0x0003B870
internal static bool StartLogging(string funcName, out bool latencyTrackerStartedByMe)
{
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, funcName, DateTime.UtcNow.ToString());
latencyTrackerStartedByMe = false;
if (AuthZLogHelper.latencyTracker == null)
{
Diagnostics.ExecuteAndLog("AuthZLogHelper.StartLatencyTracker", false, null, Constants.CoreEventLogger, Microsoft.Exchange.Configuration.Core.EventLog.TaskEventLogConstants.Tuple_NonCrashingException, Microsoft.Exchange.Diagnostics.Components.Configuration.Core.ExTraceGlobals.InstrumentationTracer, null, delegate(Exception ex)
{
AuthZLogHelper.LogException(ex, "AuthZLogHelper.StartLatencyTracker", false);
}, delegate()
{
AuthZLogHelper.StartLatencyTracker(funcName);
});
latencyTrackerStartedByMe = (AuthZLogHelper.latencyTracker != null);
}
if (AuthZLogger.LoggerNotDisposed)
{
return(false);
}
InitializeLoggerSettingsHelper.InitLoggerSettings();
AuthZLogger.InitializeRequestLogger();
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.Function, funcName);
return(true);
}
// Token: 0x060012DD RID: 4829 RVA: 0x0003D4C8 File Offset: 0x0003B6C8
internal static T ExecuteWSManPluginAPI <T>(string funcName, bool throwException, bool trackLatency, T defaultReturnValue, Func <T> func)
{
ExWatson.IsExceptionInteresting isExceptionInteresting = null;
T result;
try
{
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.GenericLatency, funcName, DateTime.UtcNow.ToString());
string funcName2 = funcName;
bool throwException2 = throwException;
LatencyTracker latencyTracker = trackLatency ? AuthZLogHelper.latencyTracker : null;
ExEventLog rbacEventLogger = AuthZLogHelper.RbacEventLogger;
ExEventLog.EventTuple tuple_RemotePSPublicAPIFailed = Microsoft.Exchange.Configuration.ObjectModel.EventLog.TaskEventLogConstants.Tuple_RemotePSPublicAPIFailed;
Trace publicPluginAPITracer = Microsoft.Exchange.Diagnostics.Components.Authorization.ExTraceGlobals.PublicPluginAPITracer;
if (isExceptionInteresting == null)
{
isExceptionInteresting = ((object ex) => AuthZPluginHelper.IsFatalException(ex as Exception));
}
result = Diagnostics.ExecuteAndLog <T>(funcName2, throwException2, latencyTracker, rbacEventLogger, tuple_RemotePSPublicAPIFailed, publicPluginAPITracer, isExceptionInteresting, delegate(Exception ex)
{
AuthZLogHelper.LogException(ex, funcName, throwException);
}, defaultReturnValue, () => AuthZLogHelper.HandleExceptionAndRetry <T>(funcName, func, throwException, defaultReturnValue));
}
catch (Exception ex)
{
string arg = (AuthZLogger.ActivityScope != null) ? AuthZLogger.ActivityScope.ActivityId.ToString() : null;
AuthZLogHelper.EndLogging(true);
Exception ex3;
string str = string.Format("[FailureCategory={0}] ", FailureCategory.AuthZ + "-" + ex3.GetType().Name);
string str2 = string.Format("[AuthZRequestId={0}]", arg);
LocalizedString message = new LocalizedString(str2 + str + ex3.Message);
AuthorizationException ex2 = new AuthorizationException(message, ex3);
throw ex2;
}
return(result);
}
// Token: 0x06001246 RID: 4678 RVA: 0x00039C60 File Offset: 0x00037E60
private bool ConnectionBlockedByClientAccessRules(PswsAuthZUserToken userToken, out string blockingRuleName)
{
blockingRuleName = null;
if (userToken.OrgId != null && VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).CmdletInfra.PswsClientAccessRulesEnabled.Enabled)
{
string blockRuleName = null;
bool result = ClientAccessRulesUtils.ShouldBlockConnection(userToken.OrgId, ClientAccessRulesUtils.GetUsernameFromADRawEntry(userToken.UserEntry), ClientAccessProtocol.PowerShellWebServices, ClientAccessRulesUtils.GetRemoteEndPointFromContext(HttpContext.Current), ClientAccessAuthenticationMethod.BasicAuthentication, userToken.UserEntry, delegate(ClientAccessRulesEvaluationContext context)
{
blockRuleName = context.CurrentRule.Name;
AuthZLogger.SafeAppendGenericError(ClientAccessRulesConstants.ClientAccessRuleName, context.CurrentRule.Name, false);
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Blocked by Client Access Rules ({0}={1})", ClientAccessRulesConstants.ClientAccessRuleName, context.CurrentRule.Name);
}, delegate(double latency)
{
if (latency > 50.0)
{
AuthZLogger.SafeAppendGenericInfo(ClientAccessRulesConstants.ClientAccessRulesLatency, latency.ToString());
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Client Access Rules latency logger ({0}={1})", ClientAccessRulesConstants.ClientAccessRulesLatency, latency.ToString());
}
});
blockingRuleName = blockRuleName;
return(result);
}
return(false);
}
// Token: 0x06001270 RID: 4720 RVA: 0x0003B59A File Offset: 0x0003979A
protected override void OnGetInitialSessionStateError(PSSenderInfo senderInfo, Exception exception)
{
base.OnGetInitialSessionStateError(senderInfo, exception);
PswsErrorHandling.SendErrorToClient(PswsErrorCode.GetISSError, exception, null);
AuthZLogger.SafeAppendGenericError(exception.GetType().FullName, exception, new Func <Exception, bool>(KnownException.IsUnhandledException));
}
// Token: 0x06001244 RID: 4676 RVA: 0x00039740 File Offset: 0x00037940
public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota userQuota)
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Enter.");
WindowsIdentity current;
try
{
if (this.IsBlockedPswsDirectInvocation())
{
AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", "UnAuthorized. Blocked Psws direct invocation", false);
throw new InvalidOperationException(Strings.InvalidPswsDirectInvocationBlocked);
}
CultureInfo cultureInfo = null;
if (PswsAuthZHelper.TryParseCultureInfo(HttpContext.Current.Request.Headers, out cultureInfo))
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Set thread culture to be {0}", cultureInfo.Name);
Thread.CurrentThread.CurrentCulture = cultureInfo;
Thread.CurrentThread.CurrentUICulture = cultureInfo;
}
IThrottlingPolicy throttlingPolicy = null;
PswsAuthZUserToken authZUserToken = null;
AuthZLogHelper.ExecuteWSManPluginAPI("PswsAuthorization.AuthorizeUser", false, true, delegate()
{
UserToken userToken = HttpContext.Current.CurrentUserToken();
authZUserToken = PswsAuthZHelper.GetAuthZPluginUserToken(userToken);
if (authZUserToken != null)
{
throttlingPolicy = authZUserToken.GetThrottlingPolicy();
}
});
ExAssert.RetailAssert(authZUserToken != null, "UnAuthorized. The user token is invalid (null).");
ExAssert.RetailAssert(throttlingPolicy != null, "UnAuthorized. Unable to get the user quota.");
PswsBudgetManager.Instance.HeartBeat(authZUserToken);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveRunspaces, PswsBudgetManager.Instance.TotalActiveRunspaces);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveUsers, PswsBudgetManager.Instance.TotalActiveUsers);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.UserBudgetOnStart, PswsBudgetManager.Instance.GetWSManBudgetUsage(authZUserToken));
userQuota = new UserQuota((int)(throttlingPolicy.PswsMaxConcurrency.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxConcurrency.Value), (int)(throttlingPolicy.PswsMaxRequest.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequest.Value), (int)(throttlingPolicy.PswsMaxRequestTimePeriod.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequestTimePeriod.Value));
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Unlimited <uint>, Unlimited <uint>, Unlimited <uint> >((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] User quota: PswsMaxConcurrenty={0}, PswsMaxRequest={1}, PswsMaxRequestTimePeriod={2}.", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, true);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.AuthorizeUser, authZUserToken.UserNameForLogging);
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.GetQuota, string.Format("PswsMaxConcurrenty={0};PswsMaxRequest={1};PswsMaxRequestTimePeriod={2}", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod));
string ruleName = null;
if (this.ConnectionBlockedByClientAccessRules(authZUserToken, out ruleName))
{
throw new ClientAccessRulesBlockedConnectionException(ruleName);
}
current = WindowsIdentity.GetCurrent();
}
catch (Exception ex)
{
ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exception: {0}", ex);
AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", ex, new Func <Exception, bool>(KnownException.IsUnhandledException));
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsPublicAPIFailed, null, new object[]
{
"PswsAuthorization.AuthorizeUser",
ex.ToString()
});
AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, false);
PswsErrorHandling.SendErrorToClient((ex is ClientAccessRulesBlockedConnectionException) ? PswsErrorCode.ClientAccessRuleBlock : PswsErrorCode.AuthZUserError, ex, null);
throw;
}
finally
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exit.");
}
return(current);
}
