public SharingPolicyDomain(string domain, SharingPolicyAction actions)
{
domain = (StringComparer.OrdinalIgnoreCase.Equals(domain, "Anonymous") ? "Anonymous" : domain);
SharingPolicyDomain.Validate(domain, actions);
this.Domain = domain;
this.Actions = actions;
}
internal SharingPolicyAction GetAllowedForAnonymousMeetingSharing()
{
SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0;
if (this.Enabled)
{
foreach (SharingPolicyDomain sharingPolicyDomain in this.Domains)
{
if (sharingPolicyDomain.Domain == "Anonymous")
{
if ((sharingPolicyDomain.Actions & SharingPolicyAction.MeetingFullDetails) == SharingPolicyAction.MeetingFullDetails)
{
sharingPolicyAction |= SharingPolicyAction.MeetingFullDetails;
}
if ((sharingPolicyDomain.Actions & SharingPolicyAction.MeetingFullDetailsWithAttendees) == SharingPolicyAction.MeetingFullDetailsWithAttendees)
{
sharingPolicyAction |= SharingPolicyAction.MeetingFullDetailsWithAttendees;
}
if ((sharingPolicyDomain.Actions & SharingPolicyAction.MeetingLimitedDetails) == SharingPolicyAction.MeetingLimitedDetails)
{
sharingPolicyAction |= SharingPolicyAction.MeetingLimitedDetails;
break;
}
break;
}
}
}
return(sharingPolicyAction);
}
internal SharingPolicyAction GetAllowedForAnonymousCalendarSharing()
{
SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0;
if (this.Enabled)
{
foreach (SharingPolicyDomain sharingPolicyDomain in this.Domains)
{
if (sharingPolicyDomain.Domain == "Anonymous")
{
if ((sharingPolicyDomain.Actions & SharingPolicyAction.CalendarSharingFreeBusyDetail) == SharingPolicyAction.CalendarSharingFreeBusyDetail)
{
sharingPolicyAction |= SharingPolicyAction.CalendarSharingFreeBusyDetail;
}
if ((sharingPolicyDomain.Actions & SharingPolicyAction.CalendarSharingFreeBusySimple) == SharingPolicyAction.CalendarSharingFreeBusySimple)
{
sharingPolicyAction |= SharingPolicyAction.CalendarSharingFreeBusySimple;
}
if ((sharingPolicyDomain.Actions & SharingPolicyAction.CalendarSharingFreeBusyReviewer) == SharingPolicyAction.CalendarSharingFreeBusyReviewer)
{
sharingPolicyAction |= SharingPolicyAction.CalendarSharingFreeBusyReviewer;
break;
}
break;
}
}
}
return(sharingPolicyAction);
}
// Token: 0x06000E4F RID: 3663 RVA: 0x00056108 File Offset: 0x00054308
private void ApplyPolicyToFolder(SharingPolicy policy, FolderData folderData)
{
StoreObjectType objectType = ObjectClass.GetObjectType(folderData.Folder.ClassName);
List <PermissionSecurityPrincipal> list = new List <PermissionSecurityPrincipal>();
PermissionSet permissionSet = folderData.Folder.GetPermissionSet();
foreach (Permission permission in permissionSet)
{
if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal)
{
SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0;
if (policy != null)
{
sharingPolicyAction = (permission.Principal.ExternalUser.IsReachUser ? policy.GetAllowedForAnonymousCalendarSharing() : policy.GetAllowed(permission.Principal.ExternalUser.SmtpAddress.Domain));
}
MemberRights memberRights = MemberRights.None;
if (sharingPolicyAction != (SharingPolicyAction)0)
{
memberRights = PolicyAllowedMemberRights.GetAllowed(sharingPolicyAction, objectType);
}
if (memberRights == MemberRights.None)
{
list.Add(permission.Principal);
}
else
{
MemberRights memberRights2 = ~memberRights & permission.MemberRights;
if (memberRights2 != MemberRights.None)
{
if (objectType == StoreObjectType.CalendarFolder)
{
if ((permission.MemberRights & MemberRights.ReadAny) != MemberRights.None)
{
permission.MemberRights |= MemberRights.FreeBusyDetailed;
}
if ((permission.MemberRights & MemberRights.FreeBusyDetailed) != MemberRights.None)
{
permission.MemberRights |= MemberRights.FreeBusySimple;
}
}
permission.MemberRights = (memberRights & permission.MemberRights);
folderData.IsChanged = true;
}
}
}
}
if (list.Count > 0)
{
foreach (PermissionSecurityPrincipal securityPrincipal in list)
{
permissionSet.RemoveEntry(securityPrincipal);
}
folderData.IsChanged = true;
}
}
protected override void InternalSave(ConfigurableObject instance)
{
if (instance == null)
{
throw new ArgumentNullException("instance");
}
MailboxCalendarFolder mailboxCalendarFolder = instance as MailboxCalendarFolder;
if (mailboxCalendarFolder == null)
{
throw new NotSupportedException("Save: " + instance.GetType().FullName);
}
if (mailboxCalendarFolder.PublishEnabled)
{
SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(base.MailboxSession.MailboxOwner.MailboxInfo.MailboxGuid, base.MailboxSession.MailboxOwner.MailboxInfo.IsArchive, base.MailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid));
if (sharingPolicy == null || !sharingPolicy.Enabled || !sharingPolicy.IsAllowedForAnonymousCalendarSharing())
{
throw new NotAllowedPublishingByPolicyException();
}
SharingPolicyAction allowedForAnonymousCalendarSharing = sharingPolicy.GetAllowedForAnonymousCalendarSharing();
int maxAllowed = PolicyAllowedDetailLevel.GetMaxAllowed(allowedForAnonymousCalendarSharing);
if (mailboxCalendarFolder.DetailLevel > (DetailLevelEnumType)maxAllowed)
{
throw new NotAllowedPublishingByPolicyException(mailboxCalendarFolder.DetailLevel, (DetailLevelEnumType)maxAllowed);
}
}
MailboxFolderId mailboxFolderId = mailboxCalendarFolder.MailboxFolderId;
StoreObjectId folderId = mailboxFolderId.StoreObjectIdValue ?? base.ResolveStoreObjectIdFromFolderPath(mailboxFolderId.MailboxFolderPath);
if (folderId == null || folderId.ObjectType != StoreObjectType.CalendarFolder)
{
throw new CantFindCalendarFolderException(mailboxFolderId);
}
using (CalendarFolder calendarFolder = CalendarFolder.Bind(base.MailboxSession, folderId))
{
ExtendedFolderFlags?valueAsNullable = calendarFolder.GetValueAsNullable <ExtendedFolderFlags>(FolderSchema.ExtendedFolderFlags);
if (valueAsNullable != null && (valueAsNullable.Value & ExtendedFolderFlags.PersonalShare) != (ExtendedFolderFlags)0)
{
throw new CannotShareFolderException(ServerStrings.CannotShareOtherPersonalFolder);
}
this.SaveSharingAnonymous(mailboxCalendarFolder, folderId);
if (!mailboxCalendarFolder.PublishEnabled)
{
mailboxCalendarFolder.PublishedCalendarUrl = null;
mailboxCalendarFolder.PublishedICalUrl = null;
}
UserConfigurationDictionaryHelper.Save(mailboxCalendarFolder, MailboxCalendarFolder.CalendarFolderConfigurationProperties, (bool createIfNonexisting) => UserConfigurationHelper.GetPublishingConfiguration(this.MailboxSession, folderId, createIfNonexisting));
if (MailboxCalendarFolderDataProvider.UpdateExtendedFolderFlags(mailboxCalendarFolder, calendarFolder))
{
calendarFolder.Save();
}
}
}
private void EnforceSharingPolicy(MailboxSession mailboxSession, ICollection <MapiAclTableRestriction.ExternalUserPermission> externalUserPermissions)
{
Util.ThrowOnNullArgument(mailboxSession, "mailboxSession");
if (externalUserPermissions == null || externalUserPermissions.Count == 0)
{
return;
}
List <RightsNotAllowedRecipient> list = new List <RightsNotAllowedRecipient>(externalUserPermissions.Count);
SharingPolicy sharingPolicy = null;
foreach (MapiAclTableRestriction.ExternalUserPermission externalUserPermission in externalUserPermissions)
{
if (sharingPolicy == null)
{
IMailboxInfo mailboxInfo = mailboxSession.MailboxOwner.MailboxInfo;
sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxInfo.MailboxGuid, mailboxInfo.IsArchive, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid));
if (sharingPolicy == null)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: No policy assigned means no external sharing is allowed for this user.", mailboxSession.MailboxOwner);
throw new NotAllowedExternalSharingByPolicyException();
}
}
if (!sharingPolicy.Enabled)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: A disabled policy means no external sharing is allowed for this user.", mailboxSession.MailboxOwner);
throw new NotAllowedExternalSharingByPolicyException();
}
SharingPolicyAction sharingPolicyAction = externalUserPermission.Principal.ExternalUser.IsReachUser ? sharingPolicy.GetAllowedForAnonymousCalendarSharing() : sharingPolicy.GetAllowed(externalUserPermission.Principal.ExternalUser.SmtpAddress.Domain);
if (sharingPolicyAction == (SharingPolicyAction)0)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: Policy does not allow granting permissions to {1}.", mailboxSession.MailboxOwner, externalUserPermission.Principal);
throw new PrincipalNotAllowedByPolicyException(externalUserPermission.Principal);
}
MemberRights allowed = PolicyAllowedMemberRights.GetAllowed(sharingPolicyAction, this.FolderInfo.StoreObjectType);
MemberRights memberRights = ~allowed & externalUserPermission.MemberRights;
if (memberRights != MemberRights.None)
{
ExTraceGlobals.StorageTracer.TraceDebug((long)this.GetHashCode(), "{0}: Policy does not allow granting permission {1} to {2} on {3} folder '{4}'.", new object[]
{
mailboxSession.MailboxOwner,
memberRights,
externalUserPermission.Principal,
this.FolderInfo.StoreObjectType,
this.FolderInfo.DisplayName
});
list.Add(new RightsNotAllowedRecipient(externalUserPermission.Principal, memberRights));
}
}
if (list.Count > 0)
{
throw new RightsNotAllowedByPolicyException(list.ToArray(), this.FolderInfo.StoreObjectType, this.FolderInfo.DisplayName);
}
}
public static int GetMaxAllowed(SharingPolicyAction allowedActions)
{
EnumValidator.ThrowIfInvalid <SharingPolicyAction>(allowedActions, "allowedActions");
int num = 0;
foreach (PolicyAllowedDetailLevel policyAllowedDetailLevel in PolicyAllowedDetailLevel.Rules)
{
if ((allowedActions & policyAllowedDetailLevel.action) == policyAllowedDetailLevel.action && num < (int)policyAllowedDetailLevel.maxAllowedDetailLevel)
{
num = (int)policyAllowedDetailLevel.maxAllowedDetailLevel;
}
}
return(num);
}
private static void Validate(string domain, SharingPolicyAction actions)
{
if (!SmtpAddress.IsValidDomain(domain) && domain != "*" && domain != "Anonymous")
{
throw new StrongTypeFormatException(DataStrings.SharingPolicyDomainInvalidDomain(domain), "Domain");
}
if (domain == "Anonymous" && (actions & SharingPolicyAction.ContactsSharing) != (SharingPolicyAction)0)
{
throw new StrongTypeFormatException(DataStrings.SharingPolicyDomainInvalidActionForAnonymous(actions.ToString()), "Actions");
}
if (domain != "Anonymous" && ((actions & SharingPolicyAction.MeetingFullDetails) == SharingPolicyAction.MeetingFullDetails || (actions & SharingPolicyAction.MeetingLimitedDetails) == SharingPolicyAction.MeetingLimitedDetails || (actions & SharingPolicyAction.MeetingFullDetailsWithAttendees) == SharingPolicyAction.MeetingFullDetailsWithAttendees))
{
throw new StrongTypeFormatException(DataStrings.SharingPolicyDomainInvalidActionForDomain(actions.ToString()), "Actions");
}
}
public static MemberRights GetAllowed(SharingPolicyAction allowedActions, StoreObjectType storeObjectType)
{
EnumValidator.ThrowIfInvalid <StoreObjectType>(storeObjectType, "storeObjectType");
EnumValidator.ThrowIfInvalid <SharingPolicyAction>(allowedActions, "allowedActions");
MemberRights memberRights = MemberRights.None;
foreach (PolicyAllowedMemberRights policyAllowedMemberRights in PolicyAllowedMemberRights.Rights)
{
if (policyAllowedMemberRights.storeObjectType == storeObjectType && (allowedActions & policyAllowedMemberRights.action) == policyAllowedMemberRights.action)
{
memberRights |= policyAllowedMemberRights.allowedRights;
}
}
return(memberRights);
}
internal bool IsAllowedForAnySharing(string domain, SharingPolicyAction actions)
{
if (this.Enabled)
{
foreach (SharingPolicyDomain sharingPolicyDomain in this.Domains)
{
if ((sharingPolicyDomain.Actions & actions) != (SharingPolicyAction)0 && SharingPolicy.IsDomainMatch(sharingPolicyDomain.Domain, domain))
{
return(true);
}
}
return(false);
}
return(false);
}
internal SharingPolicyAction GetAllowed(string domain)
{
SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0;
if (this.Enabled)
{
foreach (SharingPolicyDomain sharingPolicyDomain in this.Domains)
{
if (SharingPolicy.IsDomainMatch(sharingPolicyDomain.Domain, domain))
{
sharingPolicyAction |= sharingPolicyDomain.Actions;
}
}
}
return(sharingPolicyAction);
}
private PolicyAllowedMemberRights(StoreObjectType storeObjectType, SharingPolicyAction action, MemberRights allowedRights)
{
this.storeObjectType = storeObjectType;
this.action = action;
this.allowedRights = allowedRights;
}
public EncryptionResults Encrypt(IExchangePrincipal mailboxOwner, IRecipientSession recipientSession, ExternalUserCollection externalUserCollection, ValidRecipient[] recipients, string sender, string containerClass, string folderId, IFrontEndLocator frontEndLocator)
{
SharingDataType sharingDataType = SharingDataType.FromContainerClass(containerClass);
if (sharingDataType == null || !sharingDataType.IsExternallySharable)
{
throw new ArgumentOutOfRangeException("containerClass");
}
ADUser aduser = DirectoryHelper.ReadADRecipient(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession) as ADUser;
if (aduser == null)
{
SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The Active Directory user was not found. Sender={1}.", this, sender);
throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
}
ProxyAddress item = new SmtpProxyAddress(sender, false);
if (!aduser.EmailAddresses.Contains(item))
{
SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The SMTP address was not found in the user AD object for this mailbox. Sender={1}.", this, sender);
throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
}
SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession);
SharedFolderDataEncryption.Tracer.TraceDebug <SharedFolderDataEncryption, object>((long)this.GetHashCode(), "{0}: Sharing policy to be applied to this user: {1}", this, (sharingPolicy == null) ? "<null>" : sharingPolicy.Id);
SharingPolicyAction sharingPolicyActions = SharedFolderDataEncryption.GetSharingPolicyActions(sharingDataType.StoreObjectType);
SharedFolderDataRecipient[] externalIdentities = SharedFolderDataEncryption.GetExternalIdentities(externalUserCollection, recipients);
List <InvalidRecipient> list = new List <InvalidRecipient>();
Dictionary <TokenTarget, List <SharedFolderDataRecipient> > dictionary = new Dictionary <TokenTarget, List <SharedFolderDataRecipient> >(externalIdentities.Length, SharedFolderDataEncryption.TokenTargetComparer);
for (int i = 0; i < recipients.Length; i++)
{
SharedFolderDataRecipient item2 = externalIdentities[i];
ValidRecipient validRecipient = recipients[i];
SmtpAddress smtpAddress = new SmtpAddress(validRecipient.SmtpAddress);
string domain = smtpAddress.Domain;
if (sharingPolicy == null || !sharingPolicy.IsAllowedForAnySharing(domain, sharingPolicyActions))
{
SharedFolderDataEncryption.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Sharing policy does not allow user to share with domain {0}", domain);
list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.SystemPolicyBlocksSharingWithThisRecipient));
}
else
{
SmtpAddress smtpAddress2 = new SmtpAddress(validRecipient.SmtpAddressForEncryption);
TokenTarget tokenTarget = TargetUriResolver.Resolve(smtpAddress2.Domain, aduser.OrganizationId);
if (tokenTarget == null)
{
list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.RecipientOrganizationNotFederated));
}
else
{
List <SharedFolderDataRecipient> list2;
if (!dictionary.TryGetValue(tokenTarget, out list2))
{
list2 = new List <SharedFolderDataRecipient>(1);
dictionary.Add(tokenTarget, list2);
}
list2.Add(item2);
}
}
}
List <EncryptedSharedFolderData> list3 = new List <EncryptedSharedFolderData>(dictionary.Count);
SharedFolderData sharedFolderData = new SharedFolderData();
sharedFolderData.DataType = sharingDataType.ExternalName;
sharedFolderData.FolderId = folderId;
sharedFolderData.SharingUrl = this.GetSharingUrl(aduser, frontEndLocator);
sharedFolderData.FederationUri = this.externalAuthentication.TokenValidator.TargetUri.ToString();
sharedFolderData.SenderSmtpAddress = sender;
DelegationTokenRequest delegationTokenRequest = new DelegationTokenRequest
{
FederatedIdentity = aduser.GetFederatedIdentity(),
EmailAddress = aduser.GetFederatedSmtpAddress(new SmtpAddress(sender)).ToString(),
Offer = Offer.SharingInviteMessage
};
SecurityTokenService securityTokenService = this.externalAuthentication.GetSecurityTokenService(aduser.OrganizationId);
foreach (KeyValuePair <TokenTarget, List <SharedFolderDataRecipient> > keyValuePair in dictionary)
{
delegationTokenRequest.Target = keyValuePair.Key;
sharedFolderData.Recipients = keyValuePair.Value.ToArray();
try
{
RequestedToken requestedToken = securityTokenService.IssueToken(delegationTokenRequest);
list3.Add(this.Encrypt(requestedToken, sharedFolderData));
}
catch (WSTrustException ex)
{
foreach (SharedFolderDataRecipient sharedFolderDataRecipient in sharedFolderData.Recipients)
{
list.Add(new InvalidRecipient(sharedFolderDataRecipient.SmtpAddress, SharedFolderDataEncryption.GetResponseCodeFromException(ex), ex.ToString()));
}
}
}
return(new EncryptionResults(list3.ToArray(), list.ToArray()));
}
private PolicyAllowedDetailLevel(SharingPolicyAction action, DetailLevelEnumType maxAllowedDetailLevel)
{
this.action = action;
this.maxAllowedDetailLevel = maxAllowedDetailLevel;
}