private static AclTableEntry BuildEveryoneDefaultEntry(MemberRights rights)
{
AclTableEntry aclTableEntry = new AclTableEntry(0L, Array <byte> .Empty, string.Empty, rights);
aclTableEntry.SetSecurityIdentifier(new SecurityIdentifier(WellKnownSidType.WorldSid, null), false);
return(aclTableEntry);
}
private Permission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, PermissionOrigin origin)
{
this.securityPrincipal = securityPrincipal;
this.initialMemberRights = memberRights;
this.memberRights = memberRights;
this.origin = origin;
}
internal override bool InternalProcessPermissions(Folder folder)
{
PermissionSet permissionSet = folder.GetPermissionSet();
Permission targetPermission = base.GetTargetPermission(permissionSet);
if (targetPermission == null)
{
throw new UserNotFoundInPermissionEntryException(base.MailboxFolderUserId.ToString());
}
MemberRights memberRights = (MemberRights)MailboxFolderAccessRight.CalculateMemberRights(this.AccessRights, folder.ClassName == "IPF.Appointment");
if (targetPermission.MemberRights == memberRights)
{
this.WriteWarning(Strings.WarningMailboxFolderPermissionUnchanged(this.DataObject.Identity.ToString()));
return(false);
}
try
{
targetPermission.MemberRights = memberRights;
}
catch (ArgumentOutOfRangeException exception)
{
base.WriteError(exception, (ErrorCategory)1003, this.Identity);
}
return(true);
}
public static string GetCalendarPermissionsLog(MailboxSession mailboxSession, Folder folder)
{
if (mailboxSession == null || folder == null)
{
return(string.Empty);
}
SecurityIdentifier arg = IdentityHelper.SidFromLogonIdentity(mailboxSession.Identity);
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(string.Format("Folder Name: {0} Security Descriptor: {1}\n", folder.DisplayName, arg));
PermissionSet permissionSet = folder.GetPermissionSet();
if (permissionSet.AnonymousPermission != null)
{
PermissionLevel permissionLevel = permissionSet.AnonymousPermission.PermissionLevel;
MemberRights memberRights = permissionSet.AnonymousPermission.MemberRights;
stringBuilder.Append(string.Format("Anonymous Permission:{0} Member Rights:{1}", permissionLevel, memberRights));
}
if (permissionSet.DefaultPermission != null)
{
PermissionLevel permissionLevel2 = permissionSet.DefaultPermission.PermissionLevel;
MemberRights memberRights2 = permissionSet.DefaultPermission.MemberRights;
stringBuilder.Append(string.Format("\nDefault Permission:{0} Member Rights:{1}", permissionLevel2, memberRights2));
}
foreach (Permission permission in permissionSet)
{
MemberRights memberRights3 = permission.MemberRights;
PermissionLevel permissionLevel3 = permission.PermissionLevel;
if (permission.Principal != null)
{
string text = permission.Principal.ToString();
string text2 = permission.Principal.Type.ToString();
if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ADRecipientPrincipal)
{
if (permission.Principal.ADRecipient != null)
{
SmtpAddress primarySmtpAddress = permission.Principal.ADRecipient.PrimarySmtpAddress;
text = permission.Principal.ADRecipient.PrimarySmtpAddress.ToString();
}
}
else if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.SpecialPrincipal)
{
text2 = permission.Principal.SpecialType.ToString();
}
stringBuilder.Append(string.Format("\nPermission:{0} UserType:{1} User:{2} Member Rights:{3}", new object[]
{
permissionLevel3,
text2,
text,
memberRights3
}));
}
else
{
stringBuilder.Append(string.Format("\nPermission:{0} UserType:'Unknown' User:'******' Member Rights:{1}", permissionLevel3, memberRights3));
}
}
return(stringBuilder.ToString());
}
internal void AddPermissionEntry(byte[] memberEntryId, MemberRights memberRights)
{
this.modifyTable.AddRow(new PropValue[]
{
new PropValue(PermissionSchema.MemberEntryId, memberEntryId),
new PropValue(PermissionSchema.MemberRights, memberRights)
});
}
internal void ModifyPermissionEntry(long memberId, MemberRights memberRights)
{
this.modifyTable.ModifyRow(new PropValue[]
{
new PropValue(PermissionSchema.MemberId, memberId),
new PropValue(PermissionSchema.MemberRights, memberRights)
});
}
private void SetMemberRight(MemberRights memberRight, bool value)
{
if (value)
{
this.memberRights |= memberRight;
return;
}
this.memberRights &= ~memberRight;
}
protected virtual void ValidateMemberRights(MemberRights memberRights)
{
MemberRights memberRights2 = memberRights & ~Permission.ValidRegularFolderMemberRights;
if (memberRights2 != MemberRights.None)
{
throw new EnumOutOfRangeException("memberRights");
}
}
// Token: 0x06000E4F RID: 3663 RVA: 0x00056108 File Offset: 0x00054308
private void ApplyPolicyToFolder(SharingPolicy policy, FolderData folderData)
{
StoreObjectType objectType = ObjectClass.GetObjectType(folderData.Folder.ClassName);
List <PermissionSecurityPrincipal> list = new List <PermissionSecurityPrincipal>();
PermissionSet permissionSet = folderData.Folder.GetPermissionSet();
foreach (Permission permission in permissionSet)
{
if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal)
{
SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0;
if (policy != null)
{
sharingPolicyAction = (permission.Principal.ExternalUser.IsReachUser ? policy.GetAllowedForAnonymousCalendarSharing() : policy.GetAllowed(permission.Principal.ExternalUser.SmtpAddress.Domain));
}
MemberRights memberRights = MemberRights.None;
if (sharingPolicyAction != (SharingPolicyAction)0)
{
memberRights = PolicyAllowedMemberRights.GetAllowed(sharingPolicyAction, objectType);
}
if (memberRights == MemberRights.None)
{
list.Add(permission.Principal);
}
else
{
MemberRights memberRights2 = ~memberRights & permission.MemberRights;
if (memberRights2 != MemberRights.None)
{
if (objectType == StoreObjectType.CalendarFolder)
{
if ((permission.MemberRights & MemberRights.ReadAny) != MemberRights.None)
{
permission.MemberRights |= MemberRights.FreeBusyDetailed;
}
if ((permission.MemberRights & MemberRights.FreeBusyDetailed) != MemberRights.None)
{
permission.MemberRights |= MemberRights.FreeBusySimple;
}
}
permission.MemberRights = (memberRights & permission.MemberRights);
folderData.IsChanged = true;
}
}
}
}
if (list.Count > 0)
{
foreach (PermissionSecurityPrincipal securityPrincipal in list)
{
permissionSet.RemoveEntry(securityPrincipal);
}
folderData.IsChanged = true;
}
}
public void SetAnonymousPermission(MemberRights memberRights)
{
EnumValidator <MemberRights> .ThrowIfInvalid(memberRights, "memberRights");
if (this.PermissionTable.AnonymousPermission != null)
{
this.PermissionTable.AnonymousPermission.MemberRights = memberRights;
return;
}
this.PermissionTable.AnonymousPermission = this.CreatePermission(new PermissionSecurityPrincipal(PermissionSecurityPrincipal.SpecialPrincipalType.Anonymous), memberRights, -1L);
this.PermissionTable.AnonymousPermission.MarkAsNew();
}
private void EnforceSharingPolicy(MailboxSession mailboxSession, ICollection <MapiAclTableRestriction.ExternalUserPermission> externalUserPermissions)
{
Util.ThrowOnNullArgument(mailboxSession, "mailboxSession");
if (externalUserPermissions == null || externalUserPermissions.Count == 0)
{
return;
}
List <RightsNotAllowedRecipient> list = new List <RightsNotAllowedRecipient>(externalUserPermissions.Count);
SharingPolicy sharingPolicy = null;
foreach (MapiAclTableRestriction.ExternalUserPermission externalUserPermission in externalUserPermissions)
{
if (sharingPolicy == null)
{
IMailboxInfo mailboxInfo = mailboxSession.MailboxOwner.MailboxInfo;
sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxInfo.MailboxGuid, mailboxInfo.IsArchive, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid));
if (sharingPolicy == null)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: No policy assigned means no external sharing is allowed for this user.", mailboxSession.MailboxOwner);
throw new NotAllowedExternalSharingByPolicyException();
}
}
if (!sharingPolicy.Enabled)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: A disabled policy means no external sharing is allowed for this user.", mailboxSession.MailboxOwner);
throw new NotAllowedExternalSharingByPolicyException();
}
SharingPolicyAction sharingPolicyAction = externalUserPermission.Principal.ExternalUser.IsReachUser ? sharingPolicy.GetAllowedForAnonymousCalendarSharing() : sharingPolicy.GetAllowed(externalUserPermission.Principal.ExternalUser.SmtpAddress.Domain);
if (sharingPolicyAction == (SharingPolicyAction)0)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: Policy does not allow granting permissions to {1}.", mailboxSession.MailboxOwner, externalUserPermission.Principal);
throw new PrincipalNotAllowedByPolicyException(externalUserPermission.Principal);
}
MemberRights allowed = PolicyAllowedMemberRights.GetAllowed(sharingPolicyAction, this.FolderInfo.StoreObjectType);
MemberRights memberRights = ~allowed & externalUserPermission.MemberRights;
if (memberRights != MemberRights.None)
{
ExTraceGlobals.StorageTracer.TraceDebug((long)this.GetHashCode(), "{0}: Policy does not allow granting permission {1} to {2} on {3} folder '{4}'.", new object[]
{
mailboxSession.MailboxOwner,
memberRights,
externalUserPermission.Principal,
this.FolderInfo.StoreObjectType,
this.FolderInfo.DisplayName
});
list.Add(new RightsNotAllowedRecipient(externalUserPermission.Principal, memberRights));
}
}
if (list.Count > 0)
{
throw new RightsNotAllowedByPolicyException(list.ToArray(), this.FolderInfo.StoreObjectType, this.FolderInfo.DisplayName);
}
}
private ItemPermissionScope GetPermissionScope(MemberRights anyScope, MemberRights ownerScope)
{
if ((this.memberRights & anyScope) == anyScope)
{
return(ItemPermissionScope.AllItems);
}
if ((this.memberRights & ownerScope) == ownerScope)
{
return(ItemPermissionScope.OwnedItems);
}
return(ItemPermissionScope.None);
}
public static MemberRights GetAllowed(SharingPolicyAction allowedActions, StoreObjectType storeObjectType)
{
EnumValidator.ThrowIfInvalid <StoreObjectType>(storeObjectType, "storeObjectType");
EnumValidator.ThrowIfInvalid <SharingPolicyAction>(allowedActions, "allowedActions");
MemberRights memberRights = MemberRights.None;
foreach (PolicyAllowedMemberRights policyAllowedMemberRights in PolicyAllowedMemberRights.Rights)
{
if (policyAllowedMemberRights.storeObjectType == storeObjectType && (allowedActions & policyAllowedMemberRights.action) == policyAllowedMemberRights.action)
{
memberRights |= policyAllowedMemberRights.allowedRights;
}
}
return(memberRights);
}
internal override bool InternalProcessPermissions(Folder folder)
{
MemberRights memberRights = (MemberRights)MailboxFolderAccessRight.CalculateMemberRights(this.AccessRights, folder.ClassName == "IPF.Appointment");
PermissionSet permissionSet = folder.GetPermissionSet();
Permission permission = null;
try
{
if (base.MailboxFolderUserId.UserType == MailboxFolderUserId.MailboxFolderUserType.Default)
{
if (permissionSet.DefaultPermission != null && permissionSet.DefaultPermission.MemberRights != MemberRights.None)
{
throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString());
}
permissionSet.SetDefaultPermission(memberRights);
permission = permissionSet.DefaultPermission;
}
else if (base.MailboxFolderUserId.UserType == MailboxFolderUserId.MailboxFolderUserType.Anonymous)
{
if (permissionSet.AnonymousPermission != null && permissionSet.AnonymousPermission.MemberRights != MemberRights.None)
{
throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString());
}
permissionSet.SetAnonymousPermission(memberRights);
permission = permissionSet.AnonymousPermission;
}
else
{
PermissionSecurityPrincipal securityPrincipal = base.MailboxFolderUserId.ToSecurityPrincipal();
Permission entry = permissionSet.GetEntry(securityPrincipal);
if (entry != null)
{
throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString());
}
permission = permissionSet.AddEntry(securityPrincipal, memberRights);
}
}
catch (ArgumentOutOfRangeException exception)
{
base.WriteError(exception, (ErrorCategory)1003, this.Identity);
return(false);
}
base.WriteObject(MailboxFolderPermission.FromXsoPermission(folder.DisplayName, permission, this.ResolvedObjectId));
return(true);
}
private MapiAclTableRestriction.ExternalUserPermission TryGetExternalUserPermission(AclTableEntry aclTableEntry, MapiAclTableAdapter mapiAclTableAdapter, ref ExternalUserCollection externalUsers)
{
Util.ThrowOnNullArgument(aclTableEntry, "aclTableEntry");
Util.ThrowOnNullArgument(mapiAclTableAdapter, "mapiAclTableAdapter");
MailboxSession mailboxSession = this.session as MailboxSession;
if (mailboxSession == null)
{
return(null);
}
byte[] memberEntryId = aclTableEntry.MemberEntryId;
MemberRights memberRights = aclTableEntry.MemberRights;
long memberId = aclTableEntry.MemberId;
if (memberEntryId == null || memberEntryId.Length == 0)
{
if (memberId <= 0L)
{
return(null);
}
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, long>((long)this.GetHashCode(), "{0}: Getting memberEntryId from current ACL table for MemberId {1}.", mailboxSession.MailboxOwner, memberId);
AclTableEntry byMemberId = mapiAclTableAdapter.GetByMemberId(memberId);
if (byMemberId == null || byMemberId.MemberEntryId == null)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, long>((long)this.GetHashCode(), "{0}: Not found memberEntryId from current ACL table for MemberId {1}. Skipped.", mailboxSession.MailboxOwner, memberId);
return(null);
}
memberEntryId = byMemberId.MemberEntryId;
}
if (mapiAclTableAdapter.TryGetParticipantEntryId(memberEntryId) != null)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: MemberEntryId indicates internal user. Skipped.", mailboxSession.MailboxOwner);
return(null);
}
ExternalUser externalUser = mapiAclTableAdapter.TryGetExternalUser(memberEntryId, ref externalUsers);
if (externalUser == null)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: MemberEntryId is not external user. Skipped.", mailboxSession.MailboxOwner);
return(null);
}
return(new MapiAclTableRestriction.ExternalUserPermission(externalUser, memberRights));
}
private void SetPermissionScope(MemberRights anyScope, MemberRights ownerScope, ItemPermissionScope value)
{
EnumValidator.ThrowIfInvalid <ItemPermissionScope>(value, "value");
switch (value)
{
case ItemPermissionScope.None:
this.memberRights &= ~(anyScope | ownerScope);
return;
case ItemPermissionScope.OwnedItems:
this.memberRights |= ownerScope;
this.memberRights &= ~anyScope;
return;
case ItemPermissionScope.AllItems:
this.memberRights |= (anyScope | ownerScope);
return;
default:
return;
}
}
internal Permission AddEntry(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights)
{
this.CheckValid();
EnumValidator.ThrowIfInvalid <MemberRights>(memberRights, "memberRights");
if (securityPrincipal == null)
{
throw new ArgumentNullException("securityPrincipal");
}
if (string.IsNullOrEmpty(securityPrincipal.IndexString))
{
throw new ArgumentException("SecurityPrincipal must at least have a valid index string.", "securityPrincipal");
}
if (securityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ADRecipientPrincipal && !PermissionTable.isCrossPremiseDelegateAllowedForMailboxOwner)
{
ADRecipient adrecipient = securityPrincipal.ADRecipient;
if (!ADRecipient.IsValidRecipient(adrecipient, !this.isPublicFolder))
{
throw new ArgumentException("Cannot use " + adrecipient.DisplayName + " as security principal", "securityPrincipal");
}
}
Permission permission = null;
if (!this.permissions.ContainsKey(securityPrincipal.IndexString))
{
if (this.removedPermissions.TryGetValue(securityPrincipal.IndexString, out permission))
{
this.removedPermissions.Remove(securityPrincipal.IndexString);
permission.MemberRights = memberRights;
}
else
{
permission = this.PermissionSet.CreatePermission(securityPrincipal, memberRights);
}
}
this.AddPermissionEntry(securityPrincipal, permission);
return(permission);
}
private void Load()
{
FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSecurityDescriptorProperty = AclModifyTable.ReadAclTableAndSecurityDescriptor(this.coreFolder.PropertyBag);
if (aclTableAndSecurityDescriptorProperty.SecurityDescriptor == null)
{
return;
}
this.securityDescriptor = aclTableAndSecurityDescriptorProperty.SecurityDescriptor.ToRawSecurityDescriptorThrow();
this.freeBusySecurityDescriptor = ((aclTableAndSecurityDescriptorProperty.FreeBusySecurityDescriptor != null) ? aclTableAndSecurityDescriptorProperty.FreeBusySecurityDescriptor.ToRawSecurityDescriptorThrow() : null);
List <AclTableEntry> list = null;
if (aclTableAndSecurityDescriptorProperty.SerializedAclTable.Count != 0 && !this.useSecurityDescriptorOnly)
{
list = this.ParseTableEntries(aclTableAndSecurityDescriptorProperty.SerializedAclTable);
}
if (list == null)
{
bool flag;
string canonicalErrorInformation;
this.tableEntries = this.BuildAclTableFromSecurityDescriptor(out flag, out canonicalErrorInformation);
if (!flag && (this.options & ModifyTableOptions.ExtendedPermissionInformation) == ModifyTableOptions.ExtendedPermissionInformation)
{
ExTraceGlobals.StorageTracer.TraceError(0L, "Cannot build blob ACL table blob with non-canonical SD");
throw new NonCanonicalACLException(canonicalErrorInformation);
}
}
else
{
this.tableEntries = list;
}
if (this.tableEntries.Count == 0 || this.tableEntries[0].MemberId != 0L)
{
MemberRights rights = (this.freeBusySecurityDescriptor == null) ? MemberRights.FreeBusySimple : MemberRights.None;
this.tableEntries.Insert(0, AclModifyTable.BuildEveryoneDefaultEntry(rights));
}
}
internal CalendarFolderPermission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, long memberId) : base(securityPrincipal, memberRights, memberId)
{
}
private void AddUnknownEntry(string memberName, long memberId, byte[] memberEntryId, MemberRights rights)
{
PermissionSecurityPrincipal securityPrincipal = new PermissionSecurityPrincipal(memberName, memberEntryId, memberId);
Permission permission = this.permissionSet.CreatePermission(securityPrincipal, rights, memberId);
this.AddPermissionEntry(securityPrincipal, permission);
}
protected override void ValidateMemberRights(MemberRights memberRights)
{
EnumValidator.ThrowIfInvalid <MemberRights>(memberRights, "memberRights");
}
private static List <AclTableEntry> BuildAclTableFromSecurityDescriptor(RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor, LazilyInitialized <ExternalUserCollection> lazilyInitializedExternalUserCollection, IRecipientSession recipientSession, AclTableIdMap aclTableIdMap, out bool isCanonical, out string canonicalErrorInformation)
{
FolderSecurity.AnnotatedAceList annotatedAceList = new FolderSecurity.AnnotatedAceList(securityDescriptor, freeBusySecurityDescriptor, (SecurityIdentifier securityIdentifier) => AclModifyTable.GetSecurityIdentifierType(recipientSession, securityIdentifier));
isCanonical = annotatedAceList.IsCanonical(out canonicalErrorInformation);
IList <FolderSecurity.SecurityIdentifierAndFolderRights> list;
if (isCanonical)
{
list = annotatedAceList.GetSecurityIdentifierAndRightsList();
}
else
{
ExTraceGlobals.StorageTracer.TraceWarning <string, string>(0L, "Got non canonical SD: {0}, ErrorInfo: ", securityDescriptor.GetSddlForm(AccessControlSections.All), canonicalErrorInformation);
list = Array <FolderSecurity.SecurityIdentifierAndFolderRights> .Empty;
}
List <AclTableEntry> list2 = new List <AclTableEntry>(list.Count + 1);
foreach (FolderSecurity.SecurityIdentifierAndFolderRights securityIdentifierAndFolderRights in list)
{
MemberRights memberRights = (MemberRights)(securityIdentifierAndFolderRights.AllowRights & ~(MemberRights)securityIdentifierAndFolderRights.DenyRights);
bool flag = false;
bool flag2 = false;
byte[] entryId;
string text;
List <SecurityIdentifier> list3;
SecurityIdentifier securityIdentifier;
if (securityIdentifierAndFolderRights.SecurityIdentifier.IsWellKnown(WellKnownSidType.WorldSid))
{
entryId = Array <byte> .Empty;
text = string.Empty;
string legacyDN = string.Empty;
securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
list3 = null;
flag2 = true;
}
else if (securityIdentifierAndFolderRights.SecurityIdentifier.IsWellKnown(WellKnownSidType.AnonymousSid))
{
entryId = Array <byte> .Empty;
text = "Anonymous";
securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
list3 = null;
}
else if (ExternalUser.IsExternalUserSid(securityIdentifierAndFolderRights.SecurityIdentifier))
{
ExternalUser externalUser = AclHelper.TryGetExternalUser(securityIdentifierAndFolderRights.SecurityIdentifier, lazilyInitializedExternalUserCollection);
if (externalUser == null)
{
ExTraceGlobals.StorageTracer.TraceWarning <SecurityIdentifier>(0L, "Cannot find external user with SID {0}, build entry from information we have", securityIdentifierAndFolderRights.SecurityIdentifier);
string text2 = AclHelper.CreateLocalUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
text = text2;
}
else
{
text = externalUser.Name;
string legacyDN = externalUser.LegacyDn;
}
entryId = AddressBookEntryId.MakeAddressBookEntryIDFromLocalDirectorySid(securityIdentifierAndFolderRights.SecurityIdentifier);
securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
list3 = null;
}
else
{
MiniRecipient miniRecipient = recipientSession.FindMiniRecipientBySid <MiniRecipient>(securityIdentifierAndFolderRights.SecurityIdentifier, Array <PropertyDefinition> .Empty);
string legacyDN;
if (miniRecipient == null)
{
ExTraceGlobals.StorageTracer.TraceWarning <SecurityIdentifier>(0L, "Cannot find recipient with SID {0}, build entry from the information we have", securityIdentifierAndFolderRights.SecurityIdentifier);
flag = (securityIdentifierAndFolderRights.SecurityIdentifierType == FolderSecurity.SecurityIdentifierType.Group);
string text3 = AclHelper.CreateNTUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
text = text3;
legacyDN = text3;
securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
list3 = null;
}
else
{
flag = AclHelper.IsGroupRecipientType(miniRecipient.RecipientType);
if (string.IsNullOrEmpty(miniRecipient.DisplayName))
{
text = AclHelper.CreateNTUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
}
else
{
text = miniRecipient.DisplayName;
}
if (string.IsNullOrEmpty(miniRecipient.LegacyExchangeDN))
{
legacyDN = text;
}
else
{
legacyDN = miniRecipient.LegacyExchangeDN;
}
SecurityIdentifier masterAccountSid = miniRecipient.MasterAccountSid;
if (masterAccountSid != null && !masterAccountSid.IsWellKnown(WellKnownSidType.SelfSid))
{
securityIdentifier = masterAccountSid;
list3 = null;
}
else
{
securityIdentifier = miniRecipient.Sid;
MultiValuedProperty <SecurityIdentifier> sidHistory = miniRecipient.SidHistory;
if (sidHistory != null && sidHistory.Count != 0)
{
list3 = new List <SecurityIdentifier>(sidHistory);
}
else
{
list3 = null;
}
}
}
entryId = AddressBookEntryId.MakeAddressBookEntryID(legacyDN, flag);
}
AclTableEntry aclTableEntry = list2.Find((AclTableEntry entry) => entry.SecurityIdentifier == securityIdentifier);
if (aclTableEntry == null && list3 != null)
{
using (List <SecurityIdentifier> .Enumerator enumerator2 = list3.GetEnumerator())
{
while (enumerator2.MoveNext())
{
SecurityIdentifier sid = enumerator2.Current;
aclTableEntry = list2.Find((AclTableEntry entry) => entry.SecurityIdentifier == sid);
if (aclTableEntry != null)
{
break;
}
}
}
}
if (aclTableEntry == null)
{
aclTableEntry = new AclTableEntry(AclModifyTable.GetIdForSecurityIdentifier(securityIdentifier, list3, aclTableIdMap), entryId, text, memberRights);
aclTableEntry.SetSecurityIdentifier(securityIdentifier, flag);
if (flag2)
{
list2.Insert(0, aclTableEntry);
}
else
{
list2.Add(aclTableEntry);
}
}
else
{
aclTableEntry.MemberRights &= memberRights;
if (aclTableEntry.IsGroup != flag)
{
throw new NonCanonicalACLException(annotatedAceList.CreateErrorInformation((LID)35788U, new int[0]));
}
aclTableEntry.SetSecurityIdentifier(securityIdentifier, flag);
}
}
return(list2);
}
internal virtual Permission CreatePermission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, long memberId)
{
return(new Permission(securityPrincipal, memberRights, memberId));
}
internal override Permission CreatePermission(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights, long memberId)
{
return(new CalendarFolderPermission(securityPrincipal, memberRights, memberId));
}
public Permission AddEntry(PermissionSecurityPrincipal securityPrincipal, MemberRights memberRights)
{
return(this.PermissionTable.AddEntry(securityPrincipal, memberRights));
}
public static bool ModifyPermission(PermissionSet permissionSet, PermissionSecurityPrincipal permissionSecurityPrincipal, MemberRights memberRights)
{
bool result = false;
if (permissionSecurityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.SpecialPrincipal && permissionSecurityPrincipal.SpecialType == PermissionSecurityPrincipal.SpecialPrincipalType.Default)
{
GroupMailboxPermissionHandler.Tracer.TraceDebug <PermissionSecurityPrincipal.SpecialPrincipalType, MemberRights>(0L, "Modifying permissions for permissionSecurityPrincipal {0} with rights {1}", PermissionSecurityPrincipal.SpecialPrincipalType.Default, memberRights);
Permission permission = permissionSet.DefaultPermission;
if (permission != null && permission.MemberRights != memberRights)
{
permissionSet.SetDefaultPermission(memberRights);
result = true;
}
}
else
{
GroupMailboxPermissionHandler.Tracer.TraceDebug <string, MemberRights>(0L, "Modifying permissions for permissionSecurityPrincipal {0} with rights {1}", (permissionSecurityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal) ? permissionSecurityPrincipal.ExternalUser.ExternalId : string.Empty, memberRights);
Permission permission = permissionSet.GetEntry(permissionSecurityPrincipal);
if (permission == null && memberRights != MemberRights.None)
{
permission = permissionSet.AddEntry(permissionSecurityPrincipal, PermissionLevel.None);
permission.MemberRights = memberRights;
result = true;
}
else if (permission != null && memberRights == MemberRights.None)
{
permissionSet.RemoveEntry(permissionSecurityPrincipal);
result = true;
}
else if (permission != null && permission.MemberRights != memberRights)
{
permission.MemberRights = memberRights;
result = true;
}
}
return(result);
}
internal RightsNotAllowedRecipient(PermissionSecurityPrincipal principal, MemberRights notAllowedRights)
{
Util.ThrowOnNullArgument(principal, "principal");
this.principal = principal;
this.notAllowedRights = notAllowedRights;
}
internal AclTableEntry(long id, byte[] entryId, string name, MemberRights rights) : base(id, entryId, name, (FolderSecurity.ExchangeFolderRights)rights)
{
}
private void ApplyBatchPermissions()
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Entering FolderPermissionContext::ApplyBatchPermissions()", this.mailboxSession.MailboxOwner);
if (this.permissionsToAddOrChange.Count == 0 && this.permissionsToRemove.Count == 0)
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Exiting FolderPermissionContext::ApplyBatchPermissions() due to no changes requested", this.mailboxSession.MailboxOwner);
return;
}
using (Folder folder = Folder.Bind(this.mailboxSession, this.folderId))
{
for (int i = 2; i >= 0; i--)
{
PermissionSet permissionSet = folder.GetPermissionSet();
foreach (KeyValuePair <PermissionSecurityPrincipal, MemberRights> keyValuePair in this.permissionsToAddOrChange)
{
PermissionSecurityPrincipal key = keyValuePair.Key;
MemberRights value = keyValuePair.Value;
Permission permission = permissionSet.GetEntry(key);
if (permission == null)
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal, MemberRights>((long)this.GetHashCode(), "{0}: {1} is NOT found in permission table. Adding a new entry: MemberRights = {2}.", this.mailboxSession.MailboxOwner, key, value);
permission = permissionSet.AddEntry(key, value);
}
else
{
ExTraceGlobals.SharingTracer.TraceDebug((long)this.GetHashCode(), "{0}: {1} is found in permission table: MemberRights = {2}. Modifying the entry: MemberRights = {3}.", new object[]
{
this.mailboxSession.MailboxOwner,
key,
permission.MemberRights,
value
});
permission.MemberRights = value;
}
}
foreach (PermissionSecurityPrincipal permissionSecurityPrincipal in this.permissionsToRemove)
{
if (permissionSet.GetEntry(permissionSecurityPrincipal) != null)
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: {1} is found in permission table, Removing the entry.", this.mailboxSession.MailboxOwner, permissionSecurityPrincipal);
permissionSet.RemoveEntry(permissionSecurityPrincipal);
}
else
{
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: {1} is NOT found in permission table, ignored.", this.mailboxSession.MailboxOwner, permissionSecurityPrincipal);
}
}
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Applying permission changes on the folder.", this.mailboxSession.MailboxOwner);
try
{
folder.Save();
break;
}
catch (RightsNotAllowedByPolicyException ex)
{
string[] invalidRecipients = Array.ConvertAll <RightsNotAllowedRecipient, string>(ex.RightsNotAllowedRecipients, delegate(RightsNotAllowedRecipient recipient)
{
ExTraceGlobals.StorageTracer.TraceError <IExchangePrincipal, PermissionSecurityPrincipal, MemberRights>((long)this.GetHashCode(), "{0}: Policy does not allow granting permission {2} to user {1}.", this.mailboxSession.MailboxOwner, recipient.Principal, recipient.NotAllowedRights);
return(recipient.Principal.ToString());
});
throw new InvalidSharingRecipientsException(invalidRecipients, ex);
}
catch (StoragePermanentException)
{
if (i == 0)
{
throw;
}
folder.Load();
}
}
}
ExTraceGlobals.SharingTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: Exiting FolderPermissionContext::ApplyBatchPermissions()", this.mailboxSession.MailboxOwner);
}
private PolicyAllowedMemberRights(StoreObjectType storeObjectType, SharingPolicyAction action, MemberRights allowedRights)
{
this.storeObjectType = storeObjectType;
this.action = action;
this.allowedRights = allowedRights;
}
