示例#1
0
        private void LoadPublishedCalendarOptionsForReachUser()
        {
            this.publishedOptions = new MailboxCalendarFolder();
            PermissionSecurityPrincipal targetPrincipal = null;

            using (ExternalUserCollection externalUsers = base.MailboxSession.GetExternalUsers())
            {
                ExternalUser externalUser = externalUsers.FindExternalUser(this.reachUserSid);
                if (externalUser == null || !externalUser.IsReachUser)
                {
                    ExTraceGlobals.SharingTracer.TraceDebug <SecurityIdentifier, bool, bool>((long)this.GetHashCode(), "ReachAccessSid={0}, Found ExternalUser:{1}, IsReachUser:{2}", this.reachUserSid, externalUser != null, externalUser != null && externalUser.IsReachUser);
                    throw new PublishedFolderAccessDeniedException();
                }
                targetPrincipal = new PermissionSecurityPrincipal(externalUser);
            }
            DetailLevelEnumType?freeBusyAccessLevel = this.GetFreeBusyAccessLevel(targetPrincipal);

            if (freeBusyAccessLevel == null)
            {
                throw new PublishedFolderAccessDeniedException();
            }
            this.publishedOptions.DetailLevel          = freeBusyAccessLevel.Value;
            this.publishedOptions.PublishEnabled       = true;
            this.publishedOptions.PublishDateRangeFrom = DateRangeEnumType.OneMonth;
            this.publishedOptions.PublishDateRangeTo   = DateRangeEnumType.SixMonths;
        }
示例#2
0
        protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator)
        {
            if (recipients.Length != 1)
            {
                throw new InvalidOperationException("Only single recipient is allowed.");
            }
            ValidRecipient    validRecipient     = recipients[0];
            string            folderId           = context.FolderId.ToBase64String();
            ExternalUser      externalUser       = this.ApplyPermission(mailboxSession, new SmtpAddress(validRecipient.SmtpAddress), context);
            IRecipientSession adrecipientSession = mailboxSession.GetADRecipientSession(false, ConsistencyMode.FullyConsistent);
            ADUser            aduser             = (ADUser)adrecipientSession.Read(mailboxSession.MailboxOwner.ObjectId);
            string            text         = aduser.SharingAnonymousIdentities.FindExistingUrlId(SharingDataType.ReachCalendar.PublishResourceName, folderId);
            Uri         owaVdirUrl         = OwaAnonymousVdirLocater.Instance.GetOwaVdirUrl(mailboxSession.MailboxOwner, frontEndLocator);
            SmtpAddress primarySmtpAddress = mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress;
            ObscureUrl  obscureUrl         = ObscureUrl.CreatePublishReachCalendarUrl(owaVdirUrl.ToString(), mailboxSession.MailboxGuid, primarySmtpAddress.Domain, text, externalUser.Sid);

            if (string.IsNullOrEmpty(text))
            {
                aduser.SharingAnonymousIdentities.AddOrUpdate(SharingDataType.ReachCalendar.PublishResourceName, obscureUrl.Identity, folderId);
                adrecipientSession.Save(aduser);
            }
            context.BrowseUrl = obscureUrl.ToString() + ".html";
            context.ICalUrl   = obscureUrl.ToString() + ".ics";
            return(new PerformInvitationResults(recipients));
        }
示例#3
0
        public static ObscureUrl CreatePublishReachCalendarUrl(string externalUrl, Guid mailboxGuid, string domain, string existingIdentity, SecurityIdentifier reachUserSid)
        {
            Util.ThrowOnNullOrEmptyArgument(externalUrl, "externalUrl");
            Util.ThrowOnNullOrEmptyArgument(domain, "domain");
            Util.ThrowOnNullArgument(reachUserSid, "reachUserSid");
            if (!ExternalUser.IsValidReachSid(reachUserSid))
            {
                throw new ArgumentException("Not an valid reach user sid.", "reachUserSid");
            }
            SharingDataType reachCalendar = SharingDataType.ReachCalendar;
            string          text          = string.IsNullOrEmpty(existingIdentity) ? Guid.NewGuid().ToString("N") : ObscureUrl.ParseGuidIdentity(reachCalendar, existingIdentity).ToString("N");
            string          text2         = ObscureUrl.CalculateHashString(ObscureKind.Normal, text);
            string          uriString     = string.Format("{0}/{1}/{2}@{3}/{4}{5}/{6}/{7}", new object[]
            {
                externalUrl.TrimEnd(new char[]
                {
                    '/'
                }),
                reachCalendar.ExternalName,
                mailboxGuid.ToString("N"),
                domain,
                text,
                text2,
                reachUserSid.ToString(),
                reachCalendar.PublishResourceName
            });
            ObscureUrl obscureUrl = new ObscureUrl(new Uri(uriString, UriKind.Absolute), reachCalendar, mailboxGuid, domain, text, ObscureKind.Normal, reachUserSid);

            ExTraceGlobals.SharingTracer.TraceDebug <ObscureUrl, string>(0L, "ObscureUrl.CreatePublishReachCalendarUrl(): Created an instance of ObscureUrl: {0} - {1}.", obscureUrl, obscureUrl.TraceInfo);
            return(obscureUrl);
        }
示例#4
0
        private ExternalUser ApplyPermission(MailboxSession mailboxSession, SmtpAddress smtpAddress, SharingContext context)
        {
            ExternalUser externalUser = null;
            ExternalUser externalUser2;

            using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
            {
                externalUser2 = externalUsers.FindReachUserWithOriginalSmtpAddress(smtpAddress);
                externalUser  = externalUsers.FindFederatedUserWithOriginalSmtpAddress(smtpAddress);
                if (externalUser2 == null)
                {
                    externalUser2 = externalUsers.AddReachUser(smtpAddress);
                    externalUsers.Save();
                }
            }
            using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context))
            {
                FreeBusyAccess freeBusy = this.GetFreeBusy(context);
                PermissionSecurityPrincipal principal       = new PermissionSecurityPrincipal(externalUser2);
                PermissionLevel             permissionLevel = (context.SharingDetail == SharingContextDetailLevel.FullDetails) ? PermissionLevel.Reviewer : PermissionLevel.None;
                current.AddOrChangePermission(principal, permissionLevel, new FreeBusyAccess?(freeBusy));
                if (externalUser != null)
                {
                    current.RemovePermission(new PermissionSecurityPrincipal(externalUser));
                }
            }
            return(externalUser2);
        }
示例#5
0
        internal static ExternalUser TryGetExternalUser(SecurityIdentifier sid, ExternalUserCollection externalUsers)
        {
            ExternalUser result = null;

            if (ExternalUser.IsExternalUserSid(sid) && externalUsers != null)
            {
                result = externalUsers.FindExternalUser(sid);
            }
            return(result);
        }
示例#6
0
        private PermissionSecurityPrincipal CreatePermissionSecurityPrincipal(string recipient, ExternalUserCollection externalUserCollection)
        {
            ExternalUser externalUser = externalUserCollection.FindExternalUser(new SmtpAddress(recipient));

            if (externalUser == null)
            {
                return(null);
            }
            return(new PermissionSecurityPrincipal(externalUser));
        }
示例#7
0
        private void AddNonADEntry(MapiAclTableAdapter mapiAclTableAdapter, ref ExternalUserCollection externalUsers, string memberName, long memberId, byte[] memberEntryId, MemberRights rights)
        {
            ExternalUser externalUser = mapiAclTableAdapter.TryGetExternalUser(memberEntryId, ref externalUsers);

            if (externalUser != null)
            {
                PermissionSecurityPrincipal securityPrincipal = new PermissionSecurityPrincipal(externalUser);
                Permission permission = this.permissionSet.CreatePermission(securityPrincipal, rights, memberId);
                this.AddPermissionEntry(securityPrincipal, permission);
                return;
            }
            ExTraceGlobals.StorageTracer.TraceDebug <string>(0L, "PermissionTable::PermissionTable. Member has invalid entry id, member name = {0}.", memberName);
            this.AddUnknownEntry(memberName, memberId, memberEntryId, rights);
        }
示例#8
0
        internal static bool IsValidReachSid(SecurityIdentifier sid)
        {
            if (!ExternalUser.IsExternalUserSid(sid))
            {
                return(false);
            }
            string text  = sid.ToString();
            int    num   = text.LastIndexOf('-');
            string a     = text.Substring(num + 1);
            string input = text.Substring(0, num + 1);
            string b     = ExternalUser.ComputeHash(input);

            return(string.Equals(a, b, StringComparison.Ordinal));
        }
示例#9
0
        private static bool ResolveLocalDirectoryUserFromAddressBookEntryId(byte[] entryId, LazilyInitialized <ExternalUserCollection> externalUsers, out SecurityIdentifier securityIdentifier, out bool isGroup, out string displayName)
        {
            securityIdentifier = null;
            isGroup            = false;
            displayName        = string.Empty;
            securityIdentifier = AddressBookEntryId.MakeSidFromLocalDirctoryAddressBookEntryId(entryId);
            ExternalUser externalUser = AclHelper.TryGetExternalUser(securityIdentifier, externalUsers);

            if (externalUser == null)
            {
                throw new ExternalUserNotFoundException(securityIdentifier);
            }
            displayName = externalUser.Name;
            return(true);
        }
示例#10
0
        private static SecurityIdentifier GenerateSid(string source, bool forReachUser)
        {
            if (forReachUser)
            {
                source = Guid.NewGuid() + source;
            }
            byte[] sha1Hash = CryptoUtil.GetSha1Hash(Encoding.Unicode.GetBytes(source));
            for (int i = 0; i < 4; i++)
            {
                byte[] array = sha1Hash;
                int    num   = i;
                array[num] ^= sha1Hash[i + 16];
            }
            BinaryReader       binaryReader = null;
            SecurityIdentifier result;

            try
            {
                binaryReader = new BinaryReader(new MemoryStream(sha1Hash));
                StringBuilder stringBuilder = new StringBuilder("S-1-8-");
                for (int j = 0; j < 4; j++)
                {
                    if (j == 3 && forReachUser)
                    {
                        stringBuilder.Append(ExternalUser.ComputeHash(stringBuilder.ToString()));
                    }
                    else
                    {
                        stringBuilder.Append(binaryReader.ReadUInt32().ToString(NumberFormatInfo.InvariantInfo));
                    }
                    if (j < 3)
                    {
                        stringBuilder.Append('-');
                    }
                }
                result = new SecurityIdentifier(stringBuilder.ToString());
            }
            finally
            {
                if (binaryReader != null)
                {
                    binaryReader.Dispose();
                    binaryReader = null;
                }
            }
            return(result);
        }
示例#11
0
		public static byte[] MakeAddressBookEntryIDFromLocalDirectorySid(SecurityIdentifier sid)
		{
			if (!ExternalUser.IsExternalUserSid(sid))
			{
				throw new InvalidParamException(ServerStrings.InvalidLocalDirectorySecurityIdentifier(sid.ToString()));
			}
			byte[] array = new byte[AddressBookEntryId.AddressBookEntryIdSize + sid.BinaryLength];
			Eidt dw = Eidt.User;
			int num = 0;
			AddressBookEntryId.BinaryHelper.SetDword(array, ref num, 0U);
			Buffer.BlockCopy(AddressBookEntryId.MuidLocalDirectoryUser, 0, array, num, AddressBookEntryId.MuidLocalDirectoryUser.Length);
			num += AddressBookEntryId.ExchAddrGuid.Length;
			AddressBookEntryId.BinaryHelper.SetDword(array, ref num, AddressBookEntryId.AddressBookEntryIdVersion);
			AddressBookEntryId.BinaryHelper.SetDword(array, ref num, (uint)dw);
			sid.GetBinaryForm(array, num);
			return array;
		}
示例#12
0
        private static FolderSecurity.SecurityIdentifierType GetSecurityIdentifierType(IRecipientSession recipientSession, SecurityIdentifier securityIdentifier)
        {
            if (ExternalUser.IsExternalUserSid(securityIdentifier))
            {
                return(FolderSecurity.SecurityIdentifierType.User);
            }
            ADRecipient adrecipient = recipientSession.FindBySid(securityIdentifier);

            if (adrecipient == null)
            {
                return(FolderSecurity.SecurityIdentifierType.Unknown);
            }
            if (!AclHelper.IsGroupRecipientType(adrecipient.RecipientType))
            {
                return(FolderSecurity.SecurityIdentifierType.User);
            }
            return(FolderSecurity.SecurityIdentifierType.Group);
        }
        private MapiAclTableRestriction.ExternalUserPermission TryGetExternalUserPermission(AclTableEntry aclTableEntry, MapiAclTableAdapter mapiAclTableAdapter, ref ExternalUserCollection externalUsers)
        {
            Util.ThrowOnNullArgument(aclTableEntry, "aclTableEntry");
            Util.ThrowOnNullArgument(mapiAclTableAdapter, "mapiAclTableAdapter");
            MailboxSession mailboxSession = this.session as MailboxSession;

            if (mailboxSession == null)
            {
                return(null);
            }
            byte[]       memberEntryId = aclTableEntry.MemberEntryId;
            MemberRights memberRights  = aclTableEntry.MemberRights;
            long         memberId      = aclTableEntry.MemberId;

            if (memberEntryId == null || memberEntryId.Length == 0)
            {
                if (memberId <= 0L)
                {
                    return(null);
                }
                ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, long>((long)this.GetHashCode(), "{0}: Getting memberEntryId from current ACL table for MemberId {1}.", mailboxSession.MailboxOwner, memberId);
                AclTableEntry byMemberId = mapiAclTableAdapter.GetByMemberId(memberId);
                if (byMemberId == null || byMemberId.MemberEntryId == null)
                {
                    ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, long>((long)this.GetHashCode(), "{0}: Not found memberEntryId from current ACL table for MemberId {1}. Skipped.", mailboxSession.MailboxOwner, memberId);
                    return(null);
                }
                memberEntryId = byMemberId.MemberEntryId;
            }
            if (mapiAclTableAdapter.TryGetParticipantEntryId(memberEntryId) != null)
            {
                ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: MemberEntryId indicates internal user. Skipped.", mailboxSession.MailboxOwner);
                return(null);
            }
            ExternalUser externalUser = mapiAclTableAdapter.TryGetExternalUser(memberEntryId, ref externalUsers);

            if (externalUser == null)
            {
                ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: MemberEntryId is not external user. Skipped.", mailboxSession.MailboxOwner);
                return(null);
            }
            return(new MapiAclTableRestriction.ExternalUserPermission(externalUser, memberRights));
        }
示例#14
0
        private static SharedFolderDataRecipient GetExternalIdentity(ExternalUserCollection externalUserCollection, ValidRecipient recipient)
        {
            if (!SmtpAddress.IsValidSmtpAddress(recipient.SmtpAddress))
            {
                throw new ArgumentOutOfRangeException(ServerStrings.InvalidSmtpAddress(recipient.SmtpAddress));
            }
            SmtpAddress  smtpAddress  = new SmtpAddress(recipient.SmtpAddress);
            ExternalUser externalUser = externalUserCollection.FindFederatedUserWithOriginalSmtpAddress(smtpAddress);

            if (externalUser == null)
            {
                externalUser = externalUserCollection.AddFederatedUser(smtpAddress);
            }
            return(new SharedFolderDataRecipient
            {
                SmtpAddress = recipient.SmtpAddressForEncryption,
                SharingKey = externalUser.ExternalId.ToString()
            });
        }
示例#15
0
 public ExternalUser(string externalId, SmtpAddress address, bool isReachUser) : this(new MemoryPropertyBag())
 {
     if (address.Local.StartsWith("ExchangePublishedUser."))
     {
         throw new ArgumentException(string.Format("Cannot add external user with prefix {0}", "ExchangePublishedUser."), "address");
     }
     this.IsReachUser         = isReachUser;
     this.OriginalSmtpAddress = address;
     if (this.IsReachUser)
     {
         this.ExternalId  = "ReachUser_" + externalId;
         this.Name        = address.ToString() + " (Published)";
         this.SmtpAddress = ExternalUser.ConvertToReachSmtpAddress(address);
         this.Sid         = ExternalUser.GenerateSid(this.SmtpAddress.ToString(), true);
         return;
     }
     this.ExternalId  = externalId;
     this.Name        = address.ToString();
     this.SmtpAddress = address;
     this.Sid         = ExternalUser.GenerateSid(this.SmtpAddress.ToString(), false);
 }
示例#16
0
 private void AddPermissionEntriesForAddOrModify(MapiAclTableAdapter mapiAclTableAdapter)
 {
     foreach (Permission permission in this.permissions.Values)
     {
         byte[] array = null;
         if (permission.Origin == PermissionOrigin.New)
         {
             if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ADRecipientPrincipal)
             {
                 ParticipantEntryId participantEntryId = ParticipantEntryId.FromParticipant(new Participant(permission.Principal.ADRecipient), ParticipantEntryIdConsumer.SupportsADParticipantEntryId);
                 array = participantEntryId.ToByteArray();
             }
             else if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal)
             {
                 ExternalUser externalUser = permission.Principal.ExternalUser;
                 byte[]       array2       = new byte[externalUser.Sid.BinaryLength];
                 externalUser.Sid.GetBinaryForm(array2, 0);
                 array = MapiStore.GetAddressBookEntryIdFromLocalDirectorySID(array2);
             }
             if (array != null)
             {
                 mapiAclTableAdapter.AddPermissionEntry(array, permission.MemberRights);
             }
         }
         else if (permission.IsDirty)
         {
             mapiAclTableAdapter.ModifyPermissionEntry(permission.MemberId, permission.MemberRights);
         }
     }
     if (this.anonymousMemberPermission != null && this.anonymousMemberPermission.IsDirty)
     {
         mapiAclTableAdapter.ModifyPermissionEntry(this.anonymousMemberPermission.MemberId, this.anonymousMemberPermission.MemberRights);
     }
     if (this.defaultMemberPermission != null && this.defaultMemberPermission.IsDirty)
     {
         mapiAclTableAdapter.ModifyPermissionEntry(this.defaultMemberPermission.MemberId, this.defaultMemberPermission.MemberRights);
     }
 }
示例#17
0
        private static List <AclTableEntry> BuildAclTableFromSecurityDescriptor(RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor, LazilyInitialized <ExternalUserCollection> lazilyInitializedExternalUserCollection, IRecipientSession recipientSession, AclTableIdMap aclTableIdMap, out bool isCanonical, out string canonicalErrorInformation)
        {
            FolderSecurity.AnnotatedAceList annotatedAceList = new FolderSecurity.AnnotatedAceList(securityDescriptor, freeBusySecurityDescriptor, (SecurityIdentifier securityIdentifier) => AclModifyTable.GetSecurityIdentifierType(recipientSession, securityIdentifier));
            isCanonical = annotatedAceList.IsCanonical(out canonicalErrorInformation);
            IList <FolderSecurity.SecurityIdentifierAndFolderRights> list;

            if (isCanonical)
            {
                list = annotatedAceList.GetSecurityIdentifierAndRightsList();
            }
            else
            {
                ExTraceGlobals.StorageTracer.TraceWarning <string, string>(0L, "Got non canonical SD: {0}, ErrorInfo: ", securityDescriptor.GetSddlForm(AccessControlSections.All), canonicalErrorInformation);
                list = Array <FolderSecurity.SecurityIdentifierAndFolderRights> .Empty;
            }
            List <AclTableEntry> list2 = new List <AclTableEntry>(list.Count + 1);

            foreach (FolderSecurity.SecurityIdentifierAndFolderRights securityIdentifierAndFolderRights in list)
            {
                MemberRights memberRights = (MemberRights)(securityIdentifierAndFolderRights.AllowRights & ~(MemberRights)securityIdentifierAndFolderRights.DenyRights);
                bool         flag         = false;
                bool         flag2        = false;
                byte[]       entryId;
                string       text;
                List <SecurityIdentifier> list3;
                SecurityIdentifier        securityIdentifier;
                if (securityIdentifierAndFolderRights.SecurityIdentifier.IsWellKnown(WellKnownSidType.WorldSid))
                {
                    entryId = Array <byte> .Empty;
                    text    = string.Empty;
                    string legacyDN = string.Empty;
                    securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
                    list3 = null;
                    flag2 = true;
                }
                else if (securityIdentifierAndFolderRights.SecurityIdentifier.IsWellKnown(WellKnownSidType.AnonymousSid))
                {
                    entryId            = Array <byte> .Empty;
                    text               = "Anonymous";
                    securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
                    list3              = null;
                }
                else if (ExternalUser.IsExternalUserSid(securityIdentifierAndFolderRights.SecurityIdentifier))
                {
                    ExternalUser externalUser = AclHelper.TryGetExternalUser(securityIdentifierAndFolderRights.SecurityIdentifier, lazilyInitializedExternalUserCollection);
                    if (externalUser == null)
                    {
                        ExTraceGlobals.StorageTracer.TraceWarning <SecurityIdentifier>(0L, "Cannot find external user with SID {0}, build entry from information we have", securityIdentifierAndFolderRights.SecurityIdentifier);
                        string text2 = AclHelper.CreateLocalUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
                        text = text2;
                    }
                    else
                    {
                        text = externalUser.Name;
                        string legacyDN = externalUser.LegacyDn;
                    }
                    entryId            = AddressBookEntryId.MakeAddressBookEntryIDFromLocalDirectorySid(securityIdentifierAndFolderRights.SecurityIdentifier);
                    securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
                    list3 = null;
                }
                else
                {
                    MiniRecipient miniRecipient = recipientSession.FindMiniRecipientBySid <MiniRecipient>(securityIdentifierAndFolderRights.SecurityIdentifier, Array <PropertyDefinition> .Empty);
                    string        legacyDN;
                    if (miniRecipient == null)
                    {
                        ExTraceGlobals.StorageTracer.TraceWarning <SecurityIdentifier>(0L, "Cannot find recipient with SID {0}, build entry from the information we have", securityIdentifierAndFolderRights.SecurityIdentifier);
                        flag = (securityIdentifierAndFolderRights.SecurityIdentifierType == FolderSecurity.SecurityIdentifierType.Group);
                        string text3 = AclHelper.CreateNTUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
                        text               = text3;
                        legacyDN           = text3;
                        securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
                        list3              = null;
                    }
                    else
                    {
                        flag = AclHelper.IsGroupRecipientType(miniRecipient.RecipientType);
                        if (string.IsNullOrEmpty(miniRecipient.DisplayName))
                        {
                            text = AclHelper.CreateNTUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
                        }
                        else
                        {
                            text = miniRecipient.DisplayName;
                        }
                        if (string.IsNullOrEmpty(miniRecipient.LegacyExchangeDN))
                        {
                            legacyDN = text;
                        }
                        else
                        {
                            legacyDN = miniRecipient.LegacyExchangeDN;
                        }
                        SecurityIdentifier masterAccountSid = miniRecipient.MasterAccountSid;
                        if (masterAccountSid != null && !masterAccountSid.IsWellKnown(WellKnownSidType.SelfSid))
                        {
                            securityIdentifier = masterAccountSid;
                            list3 = null;
                        }
                        else
                        {
                            securityIdentifier = miniRecipient.Sid;
                            MultiValuedProperty <SecurityIdentifier> sidHistory = miniRecipient.SidHistory;
                            if (sidHistory != null && sidHistory.Count != 0)
                            {
                                list3 = new List <SecurityIdentifier>(sidHistory);
                            }
                            else
                            {
                                list3 = null;
                            }
                        }
                    }
                    entryId = AddressBookEntryId.MakeAddressBookEntryID(legacyDN, flag);
                }
                AclTableEntry aclTableEntry = list2.Find((AclTableEntry entry) => entry.SecurityIdentifier == securityIdentifier);
                if (aclTableEntry == null && list3 != null)
                {
                    using (List <SecurityIdentifier> .Enumerator enumerator2 = list3.GetEnumerator())
                    {
                        while (enumerator2.MoveNext())
                        {
                            SecurityIdentifier sid = enumerator2.Current;
                            aclTableEntry = list2.Find((AclTableEntry entry) => entry.SecurityIdentifier == sid);
                            if (aclTableEntry != null)
                            {
                                break;
                            }
                        }
                    }
                }
                if (aclTableEntry == null)
                {
                    aclTableEntry = new AclTableEntry(AclModifyTable.GetIdForSecurityIdentifier(securityIdentifier, list3, aclTableIdMap), entryId, text, memberRights);
                    aclTableEntry.SetSecurityIdentifier(securityIdentifier, flag);
                    if (flag2)
                    {
                        list2.Insert(0, aclTableEntry);
                    }
                    else
                    {
                        list2.Add(aclTableEntry);
                    }
                }
                else
                {
                    aclTableEntry.MemberRights &= memberRights;
                    if (aclTableEntry.IsGroup != flag)
                    {
                        throw new NonCanonicalACLException(annotatedAceList.CreateErrorInformation((LID)35788U, new int[0]));
                    }
                    aclTableEntry.SetSecurityIdentifier(securityIdentifier, flag);
                }
            }
            return(list2);
        }
示例#18
0
        internal static bool TryParse(string url, out ObscureUrl obscureUrl)
        {
            obscureUrl = null;
            if (!Uri.IsWellFormedUriString(url, UriKind.Absolute))
            {
                ExTraceGlobals.SharingTracer.TraceError <string>(0L, "ObscureUrl.TryParse(): The string '{0}' is not an Absolute Uri.", url);
                return(false);
            }
            Uri    uri       = new Uri(url, UriKind.Absolute);
            string localPath = uri.LocalPath;

            ExTraceGlobals.SharingTracer.TraceDebug <string>(0L, "ObscureUrl.TryParse(): Get path of url: {0}", localPath);
            Match match = ObscureUrl.ObscureUrlRegex.Match(localPath);

            if (!match.Success)
            {
                ExTraceGlobals.SharingTracer.TraceDebug <string>(0L, "ObscureUrl.TryParse(): The string '{0}' is not desired ObscureUrl. ", url);
                return(false);
            }
            SharingDataType sharingDataType = SharingDataType.FromPublishResourceName(match.Result("${datatype}"));
            Guid            guid            = Guid.Empty;
            Exception       ex = null;

            try
            {
                guid = new Guid(match.Result("${mailboxguid}"));
            }
            catch (FormatException ex2)
            {
                ex = ex2;
            }
            catch (OverflowException ex3)
            {
                ex = ex3;
            }
            if (ex != null)
            {
                ExTraceGlobals.SharingTracer.TraceDebug <string, Exception>(0L, "ObscureUrl.TryParse(): The string '{0}' is not desired ObscureUrl. Exception = {1}.", url, ex);
                return(false);
            }
            string             text = match.Result("${guid}");
            string             x    = match.Result("${hash}");
            SecurityIdentifier securityIdentifier = null;
            string             text2 = match.Result("${sid}");

            if (sharingDataType == SharingDataType.ReachCalendar)
            {
                if (!StringComparer.Ordinal.Equals(x, ObscureUrl.CalculateHashString(ObscureKind.Normal, text)))
                {
                    ExTraceGlobals.SharingTracer.TraceDebug <string>(0L, "ObscureUrl.TryParse(): Incorrect hash value for reachUrl:'{0}'", url);
                    return(false);
                }
                if (string.IsNullOrEmpty(text2))
                {
                    ExTraceGlobals.SharingTracer.TraceDebug <string>(0L, "ObscureUrl.TryParse(): sid value missing for reachUrl:'{0}'", url);
                    return(false);
                }
                securityIdentifier = new SecurityIdentifier(text2);
                if (!ExternalUser.IsValidReachSid(securityIdentifier))
                {
                    ExTraceGlobals.SharingTracer.TraceDebug <string>(0L, "ObscureUrl.TryParse(): Not a valid reach sid:'{0}'", url);
                    return(false);
                }
                obscureUrl = new ObscureUrl(uri, sharingDataType, guid, match.Result("${domain}"), text, ObscureKind.Normal, securityIdentifier);
                ExTraceGlobals.SharingTracer.TraceDebug <string, string>(0L, "ObscureUrl.TryParse(): The url {0} is parsed as ReachCalendar ObscureUrl {1}.", url, obscureUrl.TraceInfo);
                return(true);
            }
            else
            {
                if (sharingDataType != SharingDataType.Calendar)
                {
                    ExTraceGlobals.SharingTracer.TraceDebug <SharingDataType>(0L, "ObscureUrl.TryParse(): Sharing Datatype:{0} is not supported ", sharingDataType);
                    return(false);
                }
                if (!string.IsNullOrEmpty(text2))
                {
                    ExTraceGlobals.SharingTracer.TraceDebug <string>(0L, "ObscureUrl.TryParse(): SID is not applicable for published calendar url:'{0}'", url);
                    return(false);
                }
                foreach (object obj in Enum.GetValues(typeof(ObscureKind)))
                {
                    ObscureKind obscureKind = (ObscureKind)obj;
                    if (StringComparer.Ordinal.Equals(x, ObscureUrl.CalculateHashString(obscureKind, text)))
                    {
                        obscureUrl = new ObscureUrl(uri, sharingDataType, guid, match.Result("${domain}"), text, obscureKind, securityIdentifier);
                        ExTraceGlobals.SharingTracer.TraceDebug <string, string>(0L, "ObscureUrl.TryParse(): The url {0} is parsed as Calendar ObscureUrl {1}.", url, obscureUrl.TraceInfo);
                        return(true);
                    }
                }
                ExTraceGlobals.SharingTracer.TraceDebug <string>(0L, "ObscureUrl.TryParse(): Incorrect hash value for Calendar url:{0}", url);
                return(false);
            }
        }
 internal ExternalUserPermission(ExternalUser externalUser, MemberRights memberRights)
 {
     this.Principal    = new PermissionSecurityPrincipal(externalUser);
     this.MemberRights = memberRights;
 }
示例#20
0
 public PermissionSecurityPrincipal(ExternalUser externalUser)
 {
     this.type         = PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal;
     this.externalUser = externalUser;
 }
示例#21
0
        protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator)
        {
            ExternalAuthentication current = ExternalAuthentication.GetCurrent();

            if (!current.Enabled)
            {
                ExTraceGlobals.SharingTracer.TraceError <string>((long)this.GetHashCode(), "{0}: The organization is not federated for external sharing.", context.InitiatorSmtpAddress);
                return(new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), new OrganizationNotFederatedException())));
            }
            SharedFolderDataEncryption sharedFolderDataEncryption = new SharedFolderDataEncryption(current);
            string text = StoreId.StoreIdToEwsId(mailboxSession.MailboxOwner.MailboxInfo.MailboxGuid, context.FolderId);
            PerformInvitationResults result;

            using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
            {
                PerformInvitationResults performInvitationResults = null;
                EncryptionResults        encryptionResults        = null;
                Exception ex = null;
                try
                {
                    encryptionResults = sharedFolderDataEncryption.Encrypt(mailboxSession.MailboxOwner, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid), externalUsers, recipients, context.InitiatorSmtpAddress, context.FolderClass, text, frontEndLocator);
                }
                catch (UserWithoutFederatedProxyAddressException ex2)
                {
                    ex = ex2;
                }
                catch (InvalidFederatedOrganizationIdException ex3)
                {
                    ex = ex3;
                }
                catch (StoragePermanentException ex4)
                {
                    ex = ex4;
                }
                if (ex != null)
                {
                    ExTraceGlobals.SharingTracer.TraceError <string, Exception>((long)this.GetHashCode(), "{0}: Error occurred when trying to encrypt. Exception = {1}", context.InitiatorSmtpAddress, ex);
                    result = new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), ex));
                }
                else
                {
                    if (encryptionResults.InvalidRecipients != null && encryptionResults.InvalidRecipients.Length > 0)
                    {
                        InvalidSharingRecipientsException exception = new InvalidSharingRecipientsException(encryptionResults.InvalidRecipients);
                        if (encryptionResults.InvalidRecipients.Length == recipients.Length)
                        {
                            return(new PerformInvitationResults(exception));
                        }
                        performInvitationResults = new PerformInvitationResults(recipients, exception);
                        recipients = performInvitationResults.SucceededRecipients;
                    }
                    else
                    {
                        performInvitationResults = new PerformInvitationResults(recipients);
                    }
                    PermissionLevel permissionLevel = this.GetPermissionLevel(context);
                    FreeBusyAccess? freeBusy        = this.GetFreeBusy(context);
                    using (FolderPermissionContext current2 = FolderPermissionContext.GetCurrent(mailboxSession, context))
                    {
                        foreach (ValidRecipient validRecipient in recipients)
                        {
                            PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(validRecipient.SmtpAddress, externalUsers);
                            current2.AddOrChangePermission(principal, permissionLevel, freeBusy);
                            ExternalUser externalUser = externalUsers.FindReachUserWithOriginalSmtpAddress(new SmtpAddress(validRecipient.SmtpAddress));
                            if (externalUser != null)
                            {
                                current2.RemovePermission(new PermissionSecurityPrincipal(externalUser));
                            }
                        }
                    }
                    context.FolderEwsId = text;
                    context.EncryptedSharedFolderDataCollection = encryptionResults.EncryptedSharedFolderDataCollection;
                    result = performInvitationResults;
                }
            }
            return(result);
        }