private static void ValidateQueryString(string httpURL, ADRawEntry userEntry)
{
string text;
string tenantOrganization = ExchangeRunspaceConfigurationSettings.FromUriConnectionString(httpURL, out text).TenantOrganization;
string value = tenantOrganization;
if (string.IsNullOrEmpty(tenantOrganization))
{
return;
}
AuthZLogger.SafeSetLogger(ConfigurationCoreMetadata.ManagedOrganization, value);
OrganizationId organizationId = userEntry[ADObjectSchema.OrganizationId] as OrganizationId;
if (organizationId != null && !ExchangeRunspaceConfiguration.IsAllowedOrganizationForPartnerAccounts(organizationId))
{
AuthZLogger.SafeAppendGenericError("ValidateQueryString", string.Format("Organization {0} not allowed for partner account.", organizationId.ToString()), false);
ExTraceGlobals.AccessDeniedTracer.TraceError <ADObjectId>(0L, "EAP.ValidateQueryString returns AccessDenied because user {0} does not belong to the appropriate organization", userEntry.Id);
throw new NotAllowedForPartnerAccessException(Strings.ErrorNotAllowedForPartnerAccess);
}
Uri uri;
if (!Uri.TryCreate(httpURL, UriKind.Absolute, out uri))
{
AuthZLogger.SafeAppendGenericError("ValidateQueryString", string.Format("Url {0} Incorrect.", httpURL), false);
ExTraceGlobals.AccessDeniedTracer.TraceError <ADObjectId, string, string>(0L, "EAP.ValidateQueryString returns AccessDenied because tenant user {0} requested partner access to {1} which is not found in the local forest and URL {2} is invalid", userEntry.Id, tenantOrganization, httpURL);
throw new UrlInValidException(Strings.ErrorUrlInValid);
}
ExTraceGlobals.ADConfigTracer.TraceDebug(0L, "EAP.ValidateQueryString returns Success.");
}
protected virtual ExchangeRunspaceConfigurationSettings BuildRunspaceConfigurationSettings(string connectionString, IIdentity identity)
{
string text;
ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = ExchangeRunspaceConfigurationSettings.FromUriConnectionString(connectionString, ExchangeRunspaceConfigurationSettings.ExchangeApplication.PowerShell, out text);
exchangeRunspaceConfigurationSettings.LanguageMode = AppSettings.Current.PSLanguageMode;
return(exchangeRunspaceConfigurationSettings);
}
// Token: 0x06001475 RID: 5237 RVA: 0x0004C170 File Offset: 0x0004A370
internal RwsExchangeRunspaceConfiguration(IIdentity logonIdentity, ExchangeRunspaceConfigurationSettings settings, List <RoleEntry> sortedRoleEntryFilter, SnapinSet snapinSet) : base(logonIdentity, null, settings, null, sortedRoleEntryFilter, null, false, false, true, snapinSet)
{
this.allRoleAssignments = null;
foreach (RoleType key in this.allRoleTypes.Keys.ToList <RoleType>())
{
this.allRoleTypes[key] = null;
}
base.RestrictToFilteredCmdlet = true;
}
// Token: 0x06001275 RID: 4725 RVA: 0x0003B7B4 File Offset: 0x000399B4
internal static ExchangeRunspaceConfigurationSettings BuildRunspaceConfigurationSettings(string connectionString, UserToken userToken, NameValueCollection collection)
{
Uri uri = new Uri(connectionString, UriKind.Absolute);
ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = ExchangeRunspaceConfigurationSettings.CreateConfigurationSettingsFromNameValueCollection(uri, collection, ExchangeRunspaceConfigurationSettings.ExchangeApplication.PswsClient);
if (string.IsNullOrEmpty(exchangeRunspaceConfigurationSettings.TenantOrganization))
{
exchangeRunspaceConfigurationSettings.TenantOrganization = userToken.ManagedOrganization;
}
return(exchangeRunspaceConfigurationSettings);
}
// Token: 0x060013F0 RID: 5104 RVA: 0x00046318 File Offset: 0x00044518
internal static ExchangeRunspaceConfigurationSettings FromUriConnectionString(string connectionString, ExchangeRunspaceConfigurationSettings.ExchangeApplication defaultApplication, out string vdirPath)
{
Uri uri = new Uri(connectionString, UriKind.Absolute);
vdirPath = ExchangeRunspaceConfigurationSettings.GetVDirPathFromUriLocalPath(uri);
if (string.IsNullOrEmpty(uri.Query))
{
return(ExchangeRunspaceConfigurationSettings.GetDefaultInstance());
}
NameValueCollection nameValueCollectionFromUri = LiveIdBasicAuthModule.GetNameValueCollectionFromUri(uri);
return(ExchangeRunspaceConfigurationSettings.CreateConfigurationSettingsFromNameValueCollection(uri, nameValueCollectionFromUri, defaultApplication));
}
// Token: 0x060013F2 RID: 5106 RVA: 0x00046384 File Offset: 0x00044584
internal static ExchangeRunspaceConfigurationSettings CreateConfigurationSettingsFromNameValueCollection(Uri uri, NameValueCollection collection, ExchangeRunspaceConfigurationSettings.ExchangeApplication defaultApplication)
{
string text = collection.Get("organization");
ExchangeRunspaceConfigurationSettings.SerializationLevel serializationLevel = ExchangeRunspaceConfigurationSettings.SerializationLevel.Partial;
if (collection.Get("serializationLevel") != null)
{
Enum.TryParse <ExchangeRunspaceConfigurationSettings.SerializationLevel>(collection.Get("serializationLevel"), true, out serializationLevel);
}
string text2 = collection.Get("clientApplication");
ExchangeRunspaceConfigurationSettings.ExchangeApplication exchangeApplication = defaultApplication;
if (text2 != null)
{
Enum.TryParse <ExchangeRunspaceConfigurationSettings.ExchangeApplication>(text2, true, out exchangeApplication);
}
PSLanguageMode pslanguageMode = PSLanguageMode.NoLanguage;
if (exchangeApplication == ExchangeRunspaceConfigurationSettings.ExchangeApplication.EMC)
{
pslanguageMode = PSLanguageMode.NoLanguage;
}
ExchangeRunspaceConfigurationSettings.ProxyMethod proxyMethod = ExchangeRunspaceConfigurationSettings.ProxyMethod.None;
if (collection.Get("proxyMethod") != null)
{
Enum.TryParse <ExchangeRunspaceConfigurationSettings.ProxyMethod>(collection.Get("proxyMethod"), true, out proxyMethod);
}
bool flag = false;
if (collection.Get("proxyFullSerialization") != null)
{
bool.TryParse(collection.Get("proxyFullSerialization"), out flag);
}
bool encodeDecodeKey = true;
if (collection.Get("X-EncodeDecode-Key") != null)
{
bool.TryParse(collection.Get("X-EncodeDecode-Key"), out encodeDecodeKey);
}
bool isProxy = ExchangeRunspaceConfigurationSettings.IsCalledFromProxy(collection);
return(new ExchangeRunspaceConfigurationSettings(uri, exchangeApplication, text, serializationLevel, pslanguageMode, proxyMethod, flag, encodeDecodeKey, isProxy));
}
public ExchangeRunspaceConfiguration CreateExchangeRunspaceConfiguration()
{
IIdentity identity = this.GetExecutingUserIdentity();
IIdentity identity2 = null;
if (!string.IsNullOrEmpty(this.impersonatedUserSddl))
{
identity2 = new GenericSidIdentity(this.impersonatedUserSddl, this.impersonatedAuthenticationType, new SecurityIdentifier(this.impersonatedUserSddl));
}
ExchangeRunspaceConfiguration result;
if (identity2 == null)
{
result = new ExchangeRunspaceConfiguration(identity);
}
else
{
result = new ExchangeRunspaceConfiguration(identity, identity2, ExchangeRunspaceConfigurationSettings.GetDefaultInstance(), this.roleTypeFilter, this.sortedRoleEntryFilter, this.logonUserRequiredRoleTypes, this.callerCheckedAccess);
}
return(result);
}
// Token: 0x06001276 RID: 4726 RVA: 0x0003B7F0 File Offset: 0x000399F0
internal static string GetPswsMembershipId(UserToken userToken, NameValueCollection collection)
{
ExAssert.RetailAssert(userToken != null, "[PswsAuthorization.GetPswsMembershipId] userToken can't be null.");
string friendlyName = userToken.Organization.GetFriendlyName();
ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = PswsAuthZHelper.BuildRunspaceConfigurationSettings("https://www.outlook.com/Psws/Service.svc", userToken, collection);
CultureInfo cultureInfo;
PswsAuthZHelper.TryParseCultureInfo(collection, out cultureInfo);
string text = userToken.ManagedOrganization;
if (string.IsNullOrWhiteSpace(text))
{
text = exchangeRunspaceConfigurationSettings.TenantOrganization;
}
string result = string.Format("Name:{0};AT:{1};UserOrg:{2};ManOrg:{3};SL:{4};FSL:{5};CA:{6};EDK:{7};Cul:{8};Proxy:{9}", new object[]
{
PswsAuthZHelper.GetUserNameForCache(userToken),
userToken.AuthenticationType,
friendlyName,
text,
exchangeRunspaceConfigurationSettings.CurrentSerializationLevel,
exchangeRunspaceConfigurationSettings.ProxyFullSerialization,
exchangeRunspaceConfigurationSettings.ClientApplication,
exchangeRunspaceConfigurationSettings.EncodeDecodeKey,
(cultureInfo == null) ? "null" : cultureInfo.Name,
exchangeRunspaceConfigurationSettings.IsProxy
});
AuthZLogger.SafeSetLogger(PswsMetadata.IsProxy, exchangeRunspaceConfigurationSettings.IsProxy);
AuthZLogger.SafeSetLogger(PswsMetadata.ClientApplication, exchangeRunspaceConfigurationSettings.ClientApplication);
AuthZLogger.SafeSetLogger(PswsMetadata.ProxyFullSerialzation, exchangeRunspaceConfigurationSettings.ProxyFullSerialization);
AuthZLogger.SafeSetLogger(PswsMetadata.SerializationLevel, exchangeRunspaceConfigurationSettings.CurrentSerializationLevel);
AuthZLogger.SafeSetLogger(PswsMetadata.CultureInfo, (cultureInfo == null) ? "null" : cultureInfo.Name);
AuthZLogger.SafeSetLogger(PswsMetadata.TenantOrganization, text);
return(result);
}
// Token: 0x06001418 RID: 5144 RVA: 0x000489E9 File Offset: 0x00046BE9
public WebServiceRunspaceConfiguration(IIdentity identity) : base(identity, ExchangeRunspaceConfigurationSettings.GetDefaultInstance())
{
}
public ExchangeExpiringRunspaceConfiguration(IIdentity identity, ExchangeRunspaceConfigurationSettings settings, bool isPowerShellWebService) : base(identity, null, settings, null, null, null, false, isPowerShellWebService, false, SnapinSet.Default)
{
this.SetMaxAgeLimit(ExpirationLimit.RunspaceRefresh);
this.SetMaxAgeLimit(ExpirationLimit.ExternalAccountRunspaceTermination);
}
public ExchangeExpiringRunspaceConfiguration(IIdentity identity, ExchangeRunspaceConfigurationSettings settings) : this(identity, settings, false)
{
}
// Token: 0x06001248 RID: 4680 RVA: 0x00039D2B File Offset: 0x00037F2B
private bool IsBlockedPswsDirectInvocation()
{
return(this.IsPswsDirectInvocation() && !ExchangeRunspaceConfigurationSettings.IsCalledFromProxy(HttpContext.Current.Request.Headers));
}
private InitialSessionState GetInitialSessionStateCore(PSSenderInfo senderInfo)
{
InitialSessionState result;
using (new MonitoredScope("GetInitialSessionStateCore", "GetInitialSessionStateCore", AuthZLogHelper.AuthZPerfMonitors))
{
if (senderInfo == null || senderInfo.UserInfo == null || senderInfo.UserInfo.Identity == null || senderInfo.UserInfo.Identity.Name == null)
{
throw new ArgumentException("senderInfo");
}
PSPrincipal userInfo = senderInfo.UserInfo;
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "Entering EAP.GetInitialSessionState({0})", userInfo.Identity.Name);
UserToken userToken = null;
Microsoft.Exchange.Configuration.Core.AuthenticationType authenticatedType;
IIdentity executingUserIdentity = this.GetExecutingUserIdentity(userInfo, senderInfo.ConnectionString, out userToken, out authenticatedType);
ExchangeRunspaceConfigurationSettings exchangeRunspaceConfigurationSettings = this.BuildRunspaceConfigurationSettings(senderInfo.ConnectionString, executingUserIdentity);
if (userToken != null)
{
exchangeRunspaceConfigurationSettings.UserToken = userToken;
}
if (AppSettings.Current.SiteRedirectTemplate != null)
{
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, string, string>((long)this.GetHashCode(), "EAP.GetInitialSessionState({0}) site redirection template used is {1}, pod redirection template used is {2}", userInfo.Identity.Name, AppSettings.Current.SiteRedirectTemplate, AppSettings.Current.PodRedirectTemplate);
exchangeRunspaceConfigurationSettings.SiteRedirectionTemplate = AppSettings.Current.SiteRedirectTemplate;
exchangeRunspaceConfigurationSettings.PodRedirectionTemplate = AppSettings.Current.PodRedirectTemplate;
}
ExchangeExpiringRunspaceConfiguration exchangeExpiringRunspaceConfiguration;
using (new MonitoredScope("GetInitialSessionStateCore", "ExchangeExpiringRunspaceConfiguration", AuthZLogHelper.AuthZPerfMonitors))
{
if (DatacenterRegistry.IsForefrontForOffice())
{
try
{
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(string.Format("SOFTWARE\\Microsoft\\ExchangeServer\\{0}\\Setup", "v15")))
{
string name = "Microsoft.Exchange.Hygiene.Security.Authorization.ForefrontExpiringDatacenterRunspaceConfiguration";
string path = (string)registryKey.GetValue("MsiInstallPath");
string assemblyFile = Path.Combine(path, "Bin", "Microsoft.Exchange.Hygiene.Security.Authorization.dll");
Assembly assembly = Assembly.LoadFrom(assemblyFile);
Type type = assembly.GetType(name);
exchangeExpiringRunspaceConfiguration = (ExchangeExpiringRunspaceConfiguration)type.InvokeMember("Instance", BindingFlags.InvokeMethod, Type.DefaultBinder, null, new object[]
{
executingUserIdentity,
exchangeRunspaceConfigurationSettings,
senderInfo.ConnectionString,
Constants.IsPowerShellWebService
});
}
goto IL_1FA;
}
catch (TargetInvocationException ex)
{
throw ex.InnerException ?? ex;
}
}
exchangeExpiringRunspaceConfiguration = new ExchangeExpiringRunspaceConfiguration(executingUserIdentity, exchangeRunspaceConfigurationSettings, Constants.IsPowerShellWebService);
IL_1FA :;
}
this.currentAuthZUserToken = new AuthZPluginUserToken(exchangeExpiringRunspaceConfiguration.DelegatedPrincipal, exchangeExpiringRunspaceConfiguration.LogonUser, authenticatedType, exchangeExpiringRunspaceConfiguration.IdentityName);
ADRawEntry logonUser = exchangeExpiringRunspaceConfiguration.LogonUser;
if (logonUser[ADRecipientSchema.RemotePowerShellEnabled] != null && !(bool)logonUser[ADRecipientSchema.RemotePowerShellEnabled])
{
AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", "RemotePowerShellEnabled false", false);
ExTraceGlobals.AccessDeniedTracer.TraceError <string>(0L, "EAP.GetInitialSessionStateCore user {0} is not allowed to use remote Powershell, access denied", executingUserIdentity.Name);
AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
throw new RemotePowerShellNotEnabledException(Strings.ErrorRemotePowerShellNotEnabled);
}
if (exchangeExpiringRunspaceConfiguration.DelegatedPrincipal == null)
{
ExchangeAuthorizationPlugin.ValidateQueryString(senderInfo.ConnectionString, logonUser);
}
else if (exchangeExpiringRunspaceConfiguration.DelegatedPrincipal.UserOrganizationId == null)
{
AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", "User Token is delegated user, but user.OrgId is null.", false);
ExTraceGlobals.AccessDeniedTracer.TraceError(0L, "EAP.GetInitialSessionStateCore delegated user is not in organization.");
AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
throw new DelegatedUserNotInOrgException(Strings.ErrorDelegatedUserNotInOrg);
}
string friendlyName = exchangeExpiringRunspaceConfiguration.OrganizationId.GetFriendlyName();
if (exchangeExpiringRunspaceConfiguration.HasAdminRoles && exchangeExpiringRunspaceConfiguration.IsAppPasswordUsed)
{
AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", string.Format("User {0} of Domain {1} is not allowed to create session using app password.", userInfo.Identity.Name, friendlyName), false);
AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
throw new AppPasswordLoginException(Strings.ErrorAdminLoginUsingAppPassword);
}
if (string.Equals(executingUserIdentity.AuthenticationType, "LiveIdBasic", StringComparison.OrdinalIgnoreCase) || DelegatedPrincipal.DelegatedAuthenticationType.Equals(executingUserIdentity.AuthenticationType, StringComparison.OrdinalIgnoreCase))
{
using (new MonitoredScope("GetInitialSessionStateCore", "ValidateFilteringOnlyUser", AuthZLogHelper.AuthZPerfMonitors))
{
if (UserValidationHelper.ValidateFilteringOnlyUser(friendlyName, this.currentAuthZUserToken.WindowsLiveId))
{
AuthZLogger.SafeAppendGenericError("GetInitialSessionStateCore", string.Format("User {0} of Domain {1} doesn't have valid subscriptions for Exchange Hosted.", userInfo.Identity.Name, friendlyName), false);
AuthZPluginHelper.TriggerFailFastForAuthZFailure(this.currentAuthZUserToken.WindowsLiveId);
throw new FilteringOnlyUserLoginException(Strings.ErrorFilteringOnlyUserLogin);
}
}
}
InitialSessionState initialSessionState;
using (new MonitoredScope("GetInitialSessionStateCore", "exchangeRunspaceConfig.CreateInitialSessionState", AuthZLogHelper.AuthZPerfMonitors))
{
initialSessionState = exchangeExpiringRunspaceConfiguration.CreateInitialSessionState();
}
ExTraceGlobals.PublicPluginAPITracer.TraceDebug <int>((long)this.GetHashCode(), "EAP.GetInitialSessionState(PSSenderInfo) returns ISS with {0} commands", initialSessionState.Commands.Count);
result = initialSessionState;
}
return(result);
}
// Token: 0x06001477 RID: 5239 RVA: 0x0004C308 File Offset: 0x0004A508
internal static RwsExchangeRunspaceConfiguration NewInstance(IIdentity logonIdentity, ExchangeRunspaceConfigurationSettings settings, List <RoleEntry> sortedRoleEntryFilter, SnapinSet snapinSet)
{
RwsExchangeRunspaceConfiguration configuration = null;
if (RwsExchangeRunspaceConfiguration.RunspaceConfigurationTimeoutEnabled.Value)
{
ExTraceGlobals.RunspaceConfigTracer.TraceDebug <int, int>(0L, "[RwsExchangeRunspaceConfiguration::NewInstance] Asynchronizely Creating RwsExchangeRunspaceConfiguration. Timeout = {0} MaxRetry = {1}", RwsExchangeRunspaceConfiguration.RunspaceConfigurationTimeoutMilliseconds.Value, RwsExchangeRunspaceConfiguration.RunspaceConfigurationRetryCount.Value);
int num = 0;
for (;;)
{
ExTraceGlobals.RunspaceConfigTracer.TraceDebug <int>(0L, "[RwsExchangeRunspaceConfiguration::NewInstance] RetryCount = {0}", num);
RwsExchangeRunspaceConfiguration.RunActionWithTimeout(new TimeSpan(0, 0, 0, 0, RwsExchangeRunspaceConfiguration.RunspaceConfigurationTimeoutMilliseconds.Value), delegate
{
configuration = new RwsExchangeRunspaceConfiguration(logonIdentity, settings, sortedRoleEntryFilter, snapinSet);
});
if (configuration != null)
{
break;
}
if (num++ >= RwsExchangeRunspaceConfiguration.RunspaceConfigurationRetryCount.Value)
{
goto Block_4;
}
}
ExTraceGlobals.RunspaceConfigTracer.TraceDebug(0L, "[RwsExchangeRunspaceConfiguration::NewInstance] Got Configuration.");
return(configuration);
Block_4:
throw new TimeoutException(string.Format("Timeout while creating RwsExchangeRunspaceConfiguration. Timeout={0}, MaxRetryCount={1}, CurrentRetryCount={2}.", RwsExchangeRunspaceConfiguration.RunspaceConfigurationTimeoutMilliseconds.Value, RwsExchangeRunspaceConfiguration.RunspaceConfigurationRetryCount.Value, num));
}
ExTraceGlobals.RunspaceConfigTracer.TraceDebug(0L, "[RwsExchangeRunspaceConfiguration::NewInstance] Synchronizely Creating RwsExchangeRunspaceConfiguration.");
configuration = new RwsExchangeRunspaceConfiguration(logonIdentity, settings, sortedRoleEntryFilter, snapinSet);
return(configuration);
}
// Token: 0x060013F1 RID: 5105 RVA: 0x00046358 File Offset: 0x00044558
internal static ExchangeRunspaceConfigurationSettings FromRequestHeaders(string connectionString, ExchangeRunspaceConfigurationSettings.ExchangeApplication defaultApplication)
{
Uri uri = new Uri(connectionString, UriKind.Absolute);
return(ExchangeRunspaceConfigurationSettings.CreateConfigurationSettingsFromNameValueCollection(uri, HttpContext.Current.Request.Headers, defaultApplication));
}
// Token: 0x060013EF RID: 5103 RVA: 0x0004630D File Offset: 0x0004450D
internal static ExchangeRunspaceConfigurationSettings FromUriConnectionString(string connectionString, out string vdirPath)
{
return(ExchangeRunspaceConfigurationSettings.FromUriConnectionString(connectionString, ExchangeRunspaceConfigurationSettings.ExchangeApplication.Unknown, out vdirPath));
}