private static void RefreshLimitsFromRegistryIfNeeded() { if (DateTime.UtcNow >= ExchangeExpiringRunspaceConfiguration.ExpiryRefreshTime) { lock (ExchangeExpiringRunspaceConfiguration.syncRoot) { if (DateTime.UtcNow >= ExchangeExpiringRunspaceConfiguration.ExpiryRefreshTime) { ExchangeExpiringRunspaceConfiguration.ExpiryPeriods[0] = ExchangeExpiringRunspaceConfiguration.GetMaximumAgeLimitFromRegistry(ExpirationLimit.RunspaceRefresh); ExchangeExpiringRunspaceConfiguration.ExpiryPeriods[1] = ExchangeExpiringRunspaceConfiguration.GetMaximumAgeLimitFromRegistry(ExpirationLimit.ExternalAccountRunspaceTermination); ExchangeExpiringRunspaceConfiguration.ExpiryRefreshTime = DateTime.UtcNow.AddMinutes(5.0); } } } }
private void SetMaxAgeLimit(ExpirationLimit limit) { this.maxAgeLimits[(int)limit] = DateTime.UtcNow.Add(ExchangeExpiringRunspaceConfiguration.GetMaximumAgeLimit(limit)); }
public static TimeSpan GetMaximumAgeLimit(ExpirationLimit limit) { ExchangeExpiringRunspaceConfiguration.RefreshLimitsFromRegistryIfNeeded(); return(ExchangeExpiringRunspaceConfiguration.ExpiryPeriods[(int)limit]); }
private InitialSessionState GetInitialSessionStateCore(PSSenderInfo senderInfo) { InitialSessionState result; using (new MonitoredScope("GetInitialSessionStateCore", "GetInitialSessionStateCore", AuthZLogHelper.AuthZPerfMonitors)) { if (senderInfo == null || senderInfo.UserInfo == null || senderInfo.UserInfo.Identity == null || senderInfo.UserInfo.Identity.Name == null) { throw new ArgumentException("senderInfo"); } PSPrincipal userInfo = senderInfo.UserInfo; ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "Entering EAP.GetInitialSessionState({0})", userInfo.Identity.Name); UserToken userToken = null; Microsoft.Exchange.Configuration.Core.AuthenticationType authenticatedType; IIdentity executingUserIdentity = this.GetExecutingUserIdentity(userInfo, senderInfo.ConnectionString, out userToken, out authenticatedType); ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = this.BuildRunspaceConfigurationSettings(senderInfo.ConnectionString, executingUserIdentity); if (userToken != null) { exchangeRunspaceConfigurationSettings.UserToken = userToken; } if (AppSettings.Current.SiteRedirectTemplate != null) { ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "EAP.GetInitialSessionState({0}) site redirection template used is {1}, pod redirection template used is {2}", userInfo.Identity.Name, AppSettings.Current.SiteRedirectTemplate, AppSettings.Current.PodRedirectTemplate); exchangeRunspaceConfigurationSettings.SiteRedirectionTemplate = AppSettings.Current.SiteRedirectTemplate; exchangeRunspaceConfigurationSettings.PodRedirectionTemplate = AppSettings.Current.PodRedirectTemplate; } ExchangeExpiringRunspaceConfiguration exchangeExpiringRunspaceConfiguration; using (new MonitoredScope("GetInitialSessionStateCore", "ExchangeExpiringRunspaceConfiguration", AuthZLogHelper.AuthZPerfMonitors)) { if (DatacenterRegistry.IsForefrontForOffice()) { try { using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(string.Format("SOFTWARE\\Microsoft\\ExchangeServer\\{0}\\Setup", "v15"))) { string name = "Microsoft.Exchange.Hygiene.Security.Authorization.ForefrontExpiringDatacenterRunspaceConfiguration"; string path = (string)registryKey.GetValue("MsiInstallPath"); string assemblyFile = Path.Combine(path, "Bin", "Microsoft.Exchange.Hygiene.Security.Authorization.dll"); Assembly assembly = Assembly.LoadFrom(assemblyFile); Type type = assembly.GetType(name); exchangeExpiringRunspaceConfiguration = (ExchangeExpiringRunspaceConfiguration)type.InvokeMember("Instance", BindingFlags.InvokeMethod, Type.DefaultBinder, null, new object[] { executingUserIdentity, exchangeRunspaceConfigurationSettings, senderInfo.ConnectionString, Constants.IsPowerShellWebService }); } goto IL_1FA; } catch (TargetInvocationException ex) { throw ex.InnerException ?? ex; } } exchangeExpiringRunspaceConfiguration = new ExchangeExpiringRunspaceConfiguration(executingUserIdentity, exchangeRunspaceConfigurationSettings, Constants.IsPowerShellWebService); IL_1FA :; } this.currentAuthZUserToken = new AuthZPluginUserToken(exchangeExpiringRunspaceConfiguration.DelegatedPrincipal, exchangeExpiringRunspaceConfiguration.LogonUser, authenticatedType, exchangeExpiringRunspaceConfiguration.IdentityName); ADRawEntry logonUser = exchangeExpiringRunspaceConfiguration.LogonUser; if (logonUser[ADRecipientSchema.RemotePowerShellEnabled] != null && !(bool)logonUser[ADRecipientSchema.RemotePowerShellEnabled]) { AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", "RemotePowerShellEnabled false", false); ExTraceGlobals.AccessDeniedTracer.TraceError <string>(0L, "EAP.GetInitialSessionStateCore user {0} is not allowed to use remote Powershell, access denied", executingUserIdentity.Name); AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId); throw new RemotePowerShellNotEnabledException(Strings.ErrorRemotePowerShellNotEnabled); } if (exchangeExpiringRunspaceConfiguration.DelegatedPrincipal == null) { ExchangeAuthorizationPlugin.ValidateQueryString(senderInfo.ConnectionString, logonUser); } else if (exchangeExpiringRunspaceConfiguration.DelegatedPrincipal.UserOrganizationId == null) { AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", "User Token is delegated user, but user.OrgId is null.", false); ExTraceGlobals.AccessDeniedTracer.TraceError(0L, "EAP.GetInitialSessionStateCore delegated user is not in organization."); AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId); throw new DelegatedUserNotInOrgException(Strings.ErrorDelegatedUserNotInOrg); } string friendlyName = exchangeExpiringRunspaceConfiguration.OrganizationId.GetFriendlyName(); if (exchangeExpiringRunspaceConfiguration.HasAdminRoles && exchangeExpiringRunspaceConfiguration.IsAppPasswordUsed) { AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", string.Format("User {0} of Domain {1} is not allowed to create session using app password.", userInfo.Identity.Name, friendlyName), false); AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId); throw new AppPasswordLoginException(Strings.ErrorAdminLoginUsingAppPassword); } if (string.Equals(executingUserIdentity.AuthenticationType, "LiveIdBasic", StringComparison.OrdinalIgnoreCase) || DelegatedPrincipal.DelegatedAuthenticationType.Equals(executingUserIdentity.AuthenticationType, StringComparison.OrdinalIgnoreCase)) { using (new MonitoredScope("GetInitialSessionStateCore", "ValidateFilteringOnlyUser", AuthZLogHelper.AuthZPerfMonitors)) { if (UserValidationHelper.ValidateFilteringOnlyUser(friendlyName, this.currentAuthZUserToken.WindowsLiveId)) { AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", string.Format("User {0} of Domain {1} doesn't have valid subscriptions for Exchange Hosted.", userInfo.Identity.Name, friendlyName), false); AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId); throw new FilteringOnlyUserLoginException(Strings.ErrorFilteringOnlyUserLogin); } } } InitialSessionState initialSessionState; using (new MonitoredScope("GetInitialSessionStateCore", "exchangeRunspaceConfig.CreateInitialSessionState", AuthZLogHelper.AuthZPerfMonitors)) { initialSessionState = exchangeExpiringRunspaceConfiguration.CreateInitialSessionState(); } ExTraceGlobals.PublicPluginAPITracer.TraceDebug <int>((long)this.GetHashCode(), "EAP.GetInitialSessionState(PSSenderInfo) returns ISS with {0} commands", initialSessionState.Commands.Count); result = initialSessionState; } return(result); }