// Token: 0x06001274 RID: 4724 RVA: 0x0003B65C File Offset: 0x0003985C internal static PswsAuthZUserToken GetAuthZPluginUserToken(UserToken userToken) { ExAssert.RetailAssert(userToken != null, "[PswsAuthorization.GetAuthZPluginUserToken] userToken can't be null."); Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType = userToken.AuthenticationType; SecurityIdentifier userSid = userToken.UserSid; DelegatedPrincipal delegatedPrincipal = userToken.DelegatedPrincipal; ExAssert.RetailAssert(userSid != null, "The user sid is invalid (null)."); PartitionId partitionId = userToken.PartitionId; string text = AuthenticatedUserCache.CreateKeyForPsws(userSid, userToken.AuthenticationType, partitionId); ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>(0L, "[PswsAuthZHelper.GetAuthZPluginUserToken] User cache key = \"{0}\".", text); AuthZPluginUserToken authZPluginUserToken; if (!AuthenticatedUserCache.Instance.TryGetValue(text, out authZPluginUserToken)) { ExTraceGlobals.PublicPluginAPITracer.TraceDebug(0L, "[PswsAuthZHelper.GetAuthZPluginUserToken] User not found in cache."); IIdentity identity = HttpContext.Current.Items["X-Psws-CurrentLogonUser"] as IIdentity; SerializedIdentity serializedIdentity = null; if (identity is WindowsTokenIdentity) { serializedIdentity = ((WindowsTokenIdentity)identity).ToSerializedIdentity(); } ADRawEntry adrawEntry = ExchangeAuthorizationPlugin.FindUserEntry(userSid, null, serializedIdentity, partitionId); ExAssert.RetailAssert(adrawEntry != null, "UnAuthorized. Unable to find the user."); bool condition = (adrawEntry is MiniRecipient || adrawEntry is ADUser) && (bool)adrawEntry[ADRecipientSchema.RemotePowerShellEnabled]; ExAssert.RetailAssert(condition, "UnAuthorized. PSWS not enabled user."); authZPluginUserToken = new AuthZPluginUserToken(delegatedPrincipal, adrawEntry, authenticationType, userSid.Value); AuthenticatedUserCache.Instance.AddUserToCache(text, authZPluginUserToken); } return(new PswsAuthZUserToken(authZPluginUserToken.DelegatedPrincipal, authZPluginUserToken.UserEntry, authenticationType, authZPluginUserToken.DefaultUserName, userToken.UserName)); }
// Token: 0x060012F9 RID: 4857 RVA: 0x0003E2D0 File Offset: 0x0003C4D0 internal static IIdentity ConstructAuthZUser(UserToken userToken, Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType) { SecurityIdentifier userSid = userToken.UserSid; string partitionId = null; if (userToken.PartitionId != null) { partitionId = userToken.PartitionId.ToString(); } return(new GenericSidIdentity(userSid.ToString(), authenticationType.ToString(), userSid, partitionId)); }
// Token: 0x06001273 RID: 4723 RVA: 0x0003B5D8 File Offset: 0x000397D8 internal static IIdentity GetExecutingAuthZUser(UserToken userToken) { Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType = userToken.AuthenticationType; ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Microsoft.Exchange.Configuration.Core.AuthenticationType>(0L, "[PswsAuthZHelper.GetExecutingAuthZUser] authenticationType = \"{0}\".", authenticationType); IIdentity identity = HttpContext.Current.Items["X-Psws-CurrentLogonUser"] as IIdentity; if (identity is SidOAuthIdentity) { AuthZLogger.SafeAppendGenericInfo("PswsLogonUser", "SidOAuthIdentity"); return(identity); } if (identity is WindowsTokenIdentity) { AuthZLogger.SafeAppendGenericInfo("PswsLogonUser", "WindowsTokenIdentity"); return(((WindowsTokenIdentity)identity).ToSerializedIdentity()); } return(AuthZPluginHelper.ConstructAuthZUser(userToken, authenticationType)); }
// Token: 0x060012D4 RID: 4820 RVA: 0x0003D290 File Offset: 0x0003B490 internal static string CreateKeyForPsws(SecurityIdentifier userSid, Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType, PartitionId partitionId) { ExAssert.RetailAssert(userSid != null, "The user sid is invalid (null)."); return(string.Format("{0}:{1}:{2}", authenticationType, partitionId, userSid.Value)); }
// Token: 0x0600126C RID: 4716 RVA: 0x0003B42B File Offset: 0x0003962B protected override IIdentity GetExecutingUserIdentity(PSPrincipal psPrincipal, string connectionUrl, out UserToken userToken, out Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType) { userToken = HttpContext.Current.CurrentUserToken(); authenticationType = userToken.AuthenticationType; return(PswsAuthZHelper.GetExecutingAuthZUser(userToken)); }
internal AuthZPluginUserToken(DelegatedPrincipal delegatedPrincipal, ADRawEntry userEntry, Microsoft.Exchange.Configuration.Core.AuthenticationType authenticatedType, string defaultUserName) { this.DelegatedPrincipal = delegatedPrincipal; this.UserEntry = userEntry; this.AuthenticationType = authenticatedType; this.DefaultUserName = defaultUserName; }
private static IIdentity InternalGetExecutingUserIdentity(PSPrincipal psPrincipal, string connectionUrl, out UserToken userToken, out Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType, out string sessionId, out string firstRequestId) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Unknown; userToken = null; sessionId = null; firstRequestId = null; if (psPrincipal.Identity.AuthenticationType.StartsWith("Cafe-", StringComparison.OrdinalIgnoreCase)) { using (WinRMDataReceiver winRMDataReceiver = new WinRMDataReceiver(connectionUrl, psPrincipal.Identity.Name, psPrincipal.Identity.AuthenticationType, AuthZLogHelper.LantencyTracker)) { userToken = winRMDataReceiver.UserToken; sessionId = winRMDataReceiver.SessionId; firstRequestId = winRMDataReceiver.RequestId; string text = winRMDataReceiver.AuthenticationType.Substring("Cafe-".Length); if (text.Equals("GenericIdentity", StringComparison.OrdinalIgnoreCase)) { return(AuthZPluginHelper.ConstructGenericIdentityFromUserToken(userToken)); } if (userToken.CommonAccessToken != null) { return(new WindowsTokenIdentity(userToken.CommonAccessToken.WindowsAccessToken).ToSerializedIdentity()); } } } if (DelegatedPrincipal.DelegatedAuthenticationType.Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase)) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.RemotePowerShellDelegated; return(DelegatedPrincipal.GetDelegatedIdentity(psPrincipal.Identity.Name)); } if (psPrincipal.WindowsIdentity != null) { string authenticationType2 = psPrincipal.Identity.AuthenticationType; if (authenticationType2 != null && authenticationType2.StartsWith("Converted-", StringComparison.OrdinalIgnoreCase)) { if (authenticationType2.StartsWith("Converted-Kerberos", StringComparison.OrdinalIgnoreCase)) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Kerberos; } else { AuthZLogger.SafeAppendGenericError("InternalGetExecutingUserIdentity", "Unexpected AuthenticationType " + authenticationType2, true); } using (WinRMDataReceiver winRMDataReceiver2 = new WinRMDataReceiver(connectionUrl, psPrincipal.Identity.Name, psPrincipal.Identity.AuthenticationType, AuthZLogHelper.LantencyTracker)) { userToken = winRMDataReceiver2.UserToken; sessionId = winRMDataReceiver2.SessionId; firstRequestId = winRMDataReceiver2.RequestId; if (userToken.CommonAccessToken == null) { throw new AuthzException("DEV BUG, the CommonAccessToken should not be NULL when passing from Locally Kerberos logon."); } return(new WindowsTokenIdentity(userToken.CommonAccessToken.WindowsAccessToken).ToSerializedIdentity()); } } if ("CertificateLinkedUser".Equals(authenticationType2, StringComparison.OrdinalIgnoreCase)) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.CertificateLinkedUser; return(new GenericIdentity(psPrincipal.Identity.Name)); } try { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Certificate; new SecurityIdentifier(psPrincipal.Identity.Name); return(new GenericIdentity(psPrincipal.Identity.Name)); } catch (ArgumentException) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Unknown; return(psPrincipal.WindowsIdentity); } } if ("RPS".Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase) || "Kerberos".Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase) || "Basic".Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase)) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Kerberos; SecurityIdentifier securityIdentifier = (SecurityIdentifier) new NTAccount(psPrincipal.Identity.Name).Translate(typeof(SecurityIdentifier)); return(new GenericIdentity(securityIdentifier.ToString())); } authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Unknown; return(new GenericIdentity(psPrincipal.Identity.Name)); }
protected virtual IIdentity GetExecutingUserIdentity(PSPrincipal psPrincipal, string connectionUrl, out UserToken userToken, out Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType) { return(ExchangeAuthorizationPlugin.InternalGetExecutingUserIdentity(psPrincipal, connectionUrl, out userToken, out authenticationType, out this.sessionId, out this.firstRequestId)); }
// Token: 0x0600128C RID: 4748 RVA: 0x0003BF11 File Offset: 0x0003A111 internal PswsAuthZUserToken(DelegatedPrincipal delegatedPrincipal, ADRawEntry userEntry, Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType, string defaultUserName, string executingUserName) : base(delegatedPrincipal, userEntry, authenticationType, defaultUserName) { ExAssert.RetailAssert(!string.IsNullOrWhiteSpace(executingUserName), "The executingUserName should not be null or white space."); this.ExecutingUserName = executingUserName; }