protected override void InternalProcessRecord() { TaskLogger.LogEnter(); base.InternalProcessRecord(); ExtendedProtection.CommitToMetabase(this.DataObject, this); TaskLogger.LogExit(); }
public static void LoadFromMetabase(string metabasePath, ObjectId identity, Task task, out ExtendedProtectionTokenCheckingMode extendedProtectionTokenChecking, out MultiValuedProperty <ExtendedProtectionFlag> extendedProtectionFlags, out MultiValuedProperty <string> extendedProtectionSPNList) { extendedProtectionTokenChecking = ExtendedProtectionTokenCheckingMode.None; extendedProtectionFlags = new MultiValuedProperty <ExtendedProtectionFlag>(); extendedProtectionSPNList = new MultiValuedProperty <string>(); using (DirectoryEntry directoryEntry = IisUtility.CreateIISDirectoryEntry(metabasePath, (task != null) ? new Task.TaskErrorLoggingReThrowDelegate(task.WriteError) : null, identity, false)) { if (directoryEntry != null) { string text; string str; string str2; if (ExtendedProtection.GetServerWebSiteAndPath(metabasePath, out text, out str, out str2)) { using (ServerManager serverManager = ServerManager.OpenRemote(text)) { Configuration applicationHostConfiguration = serverManager.GetApplicationHostConfiguration(); if (applicationHostConfiguration != null) { ConfigurationSection section = applicationHostConfiguration.GetSection("system.webServer/security/authentication/windowsAuthentication", "/" + str + str2); if (section != null) { ConfigurationElement configurationElement = section.ChildElements["extendedProtection"]; if (configurationElement != null) { object attributeValue = configurationElement.GetAttributeValue("tokenChecking"); if (attributeValue != null && attributeValue is int) { extendedProtectionTokenChecking = (ExtendedProtectionTokenCheckingMode)attributeValue; } object attributeValue2 = configurationElement.GetAttributeValue("flags"); if (attributeValue2 != null && attributeValue2 is int) { extendedProtectionFlags.Add((ExtendedProtectionFlag)attributeValue2); } ConfigurationElementCollection collection = configurationElement.GetCollection(); if (collection != null) { foreach (ConfigurationElement configurationElement2 in collection) { if (configurationElement2.Schema.Name == "spn") { string item = configurationElement2.GetAttributeValue("name").ToString(); extendedProtectionSPNList.Add(item); } } } } } } } } } } }
public static void LoadFromMetabase(ExchangeVirtualDirectory exchangeVirtualDirectory, Task task) { if (exchangeVirtualDirectory.ExchangeVersion.IsOlderThan(ExchangeObjectVersion.Exchange2010)) { return; } string metabasePath = exchangeVirtualDirectory.MetabasePath; ExtendedProtectionTokenCheckingMode extendedProtectionTokenCheckingMode; MultiValuedProperty <ExtendedProtectionFlag> extendedProtectionFlags; MultiValuedProperty <string> extendedProtectionSPNList; ExtendedProtection.LoadFromMetabase(metabasePath, exchangeVirtualDirectory.Identity, task, out extendedProtectionTokenCheckingMode, out extendedProtectionFlags, out extendedProtectionSPNList); exchangeVirtualDirectory[ExchangeVirtualDirectorySchema.ExtendedProtectionTokenChecking] = extendedProtectionTokenCheckingMode; exchangeVirtualDirectory.ExtendedProtectionFlags = extendedProtectionFlags; exchangeVirtualDirectory.ExtendedProtectionSPNList = extendedProtectionSPNList; }
private static void UpdateSubDirectory(ADMobileVirtualDirectory dataObject, string vdirPath, Task task) { if (IisUtility.Exists(vdirPath)) { using (DirectoryEntry directoryEntry = IisUtility.CreateIISDirectoryEntry(vdirPath)) { IisUtility.SetAuthenticationMethod(directoryEntry, AuthenticationMethodFlags.None, false); IisUtility.SetAuthenticationMethod(directoryEntry, AuthenticationMethodFlags.WindowsIntegrated, true); IisUtility.SetProperty(directoryEntry, "AccessFlags", MetabasePropertyTypes.AccessFlags.Script, true); directoryEntry.CommitChanges(); } } if (dataObject.ProxyVirtualDirectoryObject != null) { MobileSyncVirtualDirectoryHelper.CopyProxyExtendedParameters(dataObject); ExtendedProtection.CommitToMetabase(dataObject.ProxyVirtualDirectoryObject, task); } }
protected override void InternalValidate() { base.InternalValidate(); if (base.HasErrors) { return; } T dataObject = this.DataObject; string hostName = IisUtility.GetHostName(dataObject.MetabasePath); try { if (!new IisVersionValidCondition(hostName).Verify()) { Exception exception = new ArgumentException(Strings.ErrorIisVersionIsInvalid(hostName), "Server"); ErrorCategory category = ErrorCategory.InvalidArgument; T dataObject2 = this.DataObject; base.WriteError(exception, category, dataObject2.Identity); return; } } catch (IOException innerException) { Exception exception2 = new ArgumentException(Strings.ErrorCannotDetermineIisVersion(hostName), "Server", innerException); ErrorCategory category2 = ErrorCategory.InvalidArgument; T dataObject3 = this.DataObject; base.WriteError(exception2, category2, dataObject3.Identity); } catch (InvalidOperationException innerException2) { Exception exception3 = new ArgumentException(Strings.ErrorCannotDetermineIisVersion(hostName), "Server", innerException2); ErrorCategory category3 = ErrorCategory.InvalidArgument; T dataObject4 = this.DataObject; base.WriteError(exception3, category3, dataObject4.Identity); } ExtendedProtection.Validate(this, this.DataObject); base.VerifyIsWithinScopes((IConfigurationSession)base.DataSession, this.DataObject, true, new DataAccessTask <T> .ADObjectOutOfScopeString(Strings.ErrorCannotSetVirtualDirectoryOutOfWriteScope)); TaskLogger.LogExit(); }
public static void CommitToMetabase(ExchangeVirtualDirectory exchangeVirtualDirectory, Task task) { if (exchangeVirtualDirectory.ExchangeVersion.IsOlderThan(ExchangeObjectVersion.Exchange2010)) { return; } bool flag = task.Fields.IsModified("ExtendedProtectionTokenChecking"); bool flag2 = task.Fields.IsModified("ExtendedProtectionFlags"); bool flag3 = task.Fields.IsModified("ExtendedProtectionSPNList"); if (flag || flag2 || flag3) { string metabasePath = exchangeVirtualDirectory.MetabasePath; using (DirectoryEntry directoryEntry = IisUtility.CreateIISDirectoryEntry(metabasePath, new Task.TaskErrorLoggingReThrowDelegate(task.WriteError), exchangeVirtualDirectory.Identity)) { if (directoryEntry != null) { string text; string text2; string text3; if (ExtendedProtection.GetServerWebSiteAndPath(metabasePath, out text, out text2, out text3)) { if (!ExtendedProtection.WebConfigReflectionHelper.IsExtendedProtectionSupported(task)) { TaskLogger.Trace("Warning: ExtendedProtectionPolicy has not been added to HttpTransportElement of web.config. Install the operating system update(s) specified in KB {0} onto server {1} and try again.", new object[] { "981205", text }); task.WriteWarning(Strings.WarnExtendedProtectionIsNotEnabled(text, "981205")); } else { string text4 = "/" + text2 + text3; using (ServerManager serverManager = ServerManager.OpenRemote(text)) { Configuration applicationHostConfiguration = serverManager.GetApplicationHostConfiguration(); if (applicationHostConfiguration != null) { ConfigurationSection section = applicationHostConfiguration.GetSection("system.webServer/security/authentication/windowsAuthentication", text4); if (section != null) { ConfigurationElement configurationElement = section.ChildElements["extendedProtection"]; if (configurationElement != null) { if (flag) { int num = (int)exchangeVirtualDirectory[ExchangeVirtualDirectorySchema.ExtendedProtectionTokenChecking]; configurationElement.SetAttributeValue("tokenChecking", num); } if (flag2) { int num2 = (int)exchangeVirtualDirectory[ExchangeVirtualDirectorySchema.ExtendedProtectionFlags]; configurationElement.SetAttributeValue("flags", num2); } if (flag3) { ConfigurationElementCollection collection = configurationElement.GetCollection(); collection.Clear(); foreach (string text5 in exchangeVirtualDirectory.ExtendedProtectionSPNList) { ConfigurationElement configurationElement2 = collection.CreateElement("spn"); configurationElement2.SetAttributeValue("name", text5); collection.Add(configurationElement2); } } ExtendedProtection.WebConfigReflectionHelper.CommitToWebConfigMWA(exchangeVirtualDirectory, task, text3, text2, text, flag, flag3); serverManager.CommitChanges(); return; } TaskLogger.Trace("Warning: Extended protection has not been enabled. Install the operating system update specified in KB {0} onto server {1} and try again.", new object[] { "973917", text }); task.WriteWarning(Strings.WarnExtendedProtectionIsNotEnabled(text, "973917")); return; } } TaskLogger.Trace("Error:ApplicationHost.config or {0} is not found for virtual directory with metabase path '{1}' and local path '{2}'.", new object[] { "system.webServer/security/authentication/windowsAuthentication", metabasePath, text4 }); task.WriteError(new ArgumentException(Strings.ErrorAppHostOrWindowsAuthenticationNotFound("system.webServer/security/authentication/windowsAuthentication", metabasePath, text4)), ErrorCategory.ObjectNotFound, exchangeVirtualDirectory.Identity); } } } } } } }
protected virtual void InternalProcessMetabase() { ExtendedProtection.CommitToMetabase(this.DataObject, this); }
protected override void InternalValidate() { object[] array = new object[1]; object[] array2 = array; int num = 0; T dataObject = this.DataObject; array2[num] = dataObject.Identity; TaskLogger.LogEnter(array); base.InternalValidate(); if (base.HasErrors) { return; } string fqdn = base.OwningServer.Fqdn; string text = base.Name.ToString(); if (string.IsNullOrEmpty(this.WebSiteName)) { if (this.Role == VirtualDirectoryRole.ClientAccess) { this.WebSiteName = IisUtility.GetWebSiteName(IisUtility.CreateAbsolutePath(IisUtility.AbsolutePathType.WebSiteRoot, fqdn, "/W3SVC/1/ROOT", null)); this.ApplicationRoot = "/W3SVC/1/ROOT"; } else { this.WebSiteName = "Exchange Back End"; } } if (string.Empty.Equals(this.AppPoolId)) { Exception exception = new ArgumentException(Strings.ErrorAppPoolIdCannotBeEmpty, "AppPoolId"); ErrorCategory category = ErrorCategory.InvalidArgument; T dataObject2 = this.DataObject; base.WriteError(exception, category, dataObject2.Identity); } try { if (!new IisVersionValidCondition(fqdn).Verify()) { Exception exception2 = new ArgumentException(Strings.ErrorIisVersionIsInvalid(fqdn), "Server"); ErrorCategory category2 = ErrorCategory.InvalidArgument; T dataObject3 = this.DataObject; base.WriteError(exception2, category2, dataObject3.Identity); } } catch (IOException innerException) { Exception exception3 = new ArgumentException(Strings.ErrorCannotDetermineIisVersion(fqdn), "Server", innerException); ErrorCategory category3 = ErrorCategory.InvalidArgument; T dataObject4 = this.DataObject; base.WriteError(exception3, category3, dataObject4.Identity); } catch (InvalidOperationException innerException2) { Exception exception4 = new ArgumentException(Strings.ErrorCannotDetermineIisVersion(fqdn), "Server", innerException2); ErrorCategory category4 = ErrorCategory.InvalidArgument; T dataObject5 = this.DataObject; base.WriteError(exception4, category4, dataObject5.Identity); } try { if (!new WebSiteExistsCondition(fqdn, this.WebSiteName).Verify()) { Exception exception5 = new ArgumentException(Strings.ErrorWebSiteNotExists(this.WebSiteName, fqdn), "WebSiteName"); ErrorCategory category5 = ErrorCategory.InvalidArgument; T dataObject6 = this.DataObject; base.WriteError(exception5, category5, dataObject6.Identity); } if (string.IsNullOrEmpty(this.ApplicationRoot)) { this.ApplicationRoot = IisUtility.FindWebSiteRootPath(this.WebSiteName, fqdn); } } catch (IisUtilityCannotDisambiguateWebSiteException innerException3) { Exception exception6 = new ArgumentException(Strings.ErrorWebsiteAmbiguousInIIS(this.WebSiteName, fqdn), "WebSiteName", innerException3); ErrorCategory category6 = ErrorCategory.InvalidArgument; T dataObject7 = this.DataObject; base.WriteError(exception6, category6, dataObject7.Identity); } T dataObject8 = this.DataObject; T dataObject9 = this.DataObject; dataObject8.SetId(new ADObjectId(dataObject9.Server.DistinguishedName).GetDescendantId("Protocols", "HTTP", new string[] { string.Format("{0} ({1})", base.Name, this.WebSiteName) })); if (this.FailOnVirtualDirectoryADObjectAlreadyExists()) { IConfigDataProvider dataSession = base.DataSession; T dataObject10 = this.DataObject; if (dataSession.Read <T>(dataObject10.Identity) != null) { string virtualDirectoryName = text; T dataObject11 = this.DataObject; Exception exception7 = new ArgumentException(Strings.ErrorVirtualDirectoryADObjectAlreadyExists(virtualDirectoryName, dataObject11.DistinguishedName), "VirtualDirectoryName"); ErrorCategory category7 = ErrorCategory.InvalidArgument; T dataObject12 = this.DataObject; base.WriteError(exception7, category7, dataObject12.Identity); } } if (this.FailOnVirtualDirectoryAlreadyExists() && new VirtualDirectoryExistsCondition(fqdn, this.WebSiteName, text).Verify()) { Exception exception8 = new ArgumentException(Strings.ErrorVirtualDirectoryAlreadyExists(text, this.WebSiteName, fqdn), "VirtualDirectoryName"); ErrorCategory category8 = ErrorCategory.InvalidArgument; T dataObject13 = this.DataObject; base.WriteError(exception8, category8, dataObject13.Identity); } T dataObject14 = this.DataObject; dataObject14.MetabasePath = string.Format("IIS://{0}{1}/{2}", fqdn, IisUtility.FindWebSiteRootPath(this.WebSiteName, fqdn), text); ExtendedProtection.Validate(this, this.DataObject); TaskLogger.LogExit(); }
protected virtual void ProcessMetabaseProperties(ExchangeVirtualDirectory dataObject) { dataObject.Path = (string)IisUtility.GetIisPropertyValue("Path", this.MetabaseProperties); ExtendedProtection.LoadFromMetabase(dataObject, this); }
public static void ReadFromMetabase(ADMobileVirtualDirectory vdirObject, Task task) { MetabasePropertyTypes.AccessSSLFlags accessSSLFlags = MetabasePropertyTypes.AccessSSLFlags.AccessSSL | MetabasePropertyTypes.AccessSSLFlags.AccessSSLNegotiateCert | MetabasePropertyTypes.AccessSSLFlags.AccessSSLRequireCert; string metabasePath = vdirObject.MetabasePath; if (string.IsNullOrEmpty(metabasePath)) { return; } MetabaseProperty[] array = null; using (DirectoryEntry directoryEntry = IisUtility.CreateIISDirectoryEntry(metabasePath)) { array = IisUtility.GetProperties(directoryEntry); } uint num = 0U; bool flag = false; foreach (MetabaseProperty metabaseProperty in array) { if (string.Equals(metabaseProperty.Name, "AuthFlags", StringComparison.OrdinalIgnoreCase)) { object value = metabaseProperty.Value; if (value != null) { MetabasePropertyTypes.AuthFlags authFlags = (MetabasePropertyTypes.AuthFlags)((int)value); vdirObject.BasicAuthEnabled = ((authFlags & MetabasePropertyTypes.AuthFlags.Basic) == MetabasePropertyTypes.AuthFlags.Basic); vdirObject.WindowsAuthEnabled = ((authFlags & MetabasePropertyTypes.AuthFlags.Ntlm) == MetabasePropertyTypes.AuthFlags.Ntlm); } num += 1U; } else if (string.Equals(metabaseProperty.Name, "DoDynamicCompression", StringComparison.OrdinalIgnoreCase)) { object value2 = metabaseProperty.Value; if (value2 != null) { vdirObject.CompressionEnabled = (bool)value2; } num += 1U; } else if (string.Equals(metabaseProperty.Name, "AccessSSLFlags", StringComparison.OrdinalIgnoreCase)) { int?num2 = (int?)metabaseProperty.Value; if (num2 != null) { if ((num2.Value & (int)accessSSLFlags) == (int)accessSSLFlags) { vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Required); } else if ((num2.Value & 32) == 32) { vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Accepted); } else { vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Ignore); } if ((num2.Value & 8) == 8) { vdirObject.WebSiteSSLEnabled = true; } else { vdirObject.WebSiteSSLEnabled = false; } } else { vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Ignore); vdirObject.WebSiteSSLEnabled = false; } flag = true; num += 1U; } else if (string.Equals(metabaseProperty.Name, "AppFriendlyName", StringComparison.OrdinalIgnoreCase)) { object value3 = metabaseProperty.Value; if (value3 != null) { vdirObject.VirtualDirectoryName = (string)value3; } num += 1U; } else if (num == 4U) { break; } } if (!flag) { int startIndex = metabasePath.LastIndexOf('/'); string iisDirectoryEntryPath = metabasePath.Remove(startIndex); using (DirectoryEntry directoryEntry2 = IisUtility.CreateIISDirectoryEntry(iisDirectoryEntryPath)) { int?num3 = (int?)directoryEntry2.Properties["AccessSSLFlags"].Value; if (num3 != null) { if ((num3.Value & (int)accessSSLFlags) == (int)accessSSLFlags) { vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Required); } else if ((num3.Value & 32) == 32) { vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Accepted); } else { vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Ignore); } if ((num3.Value & 8) == 8) { vdirObject.WebSiteSSLEnabled = true; } else { vdirObject.WebSiteSSLEnabled = false; } } else { vdirObject.ClientCertAuth = new ClientCertAuthTypes?(ClientCertAuthTypes.Ignore); vdirObject.WebSiteSSLEnabled = false; } } } char[] separator = new char[] { '/' }; string[] array3 = metabasePath.Split(separator); int num4 = array3.Length - 2; if (num4 <= 0) { return; } StringBuilder stringBuilder = new StringBuilder(47); for (int j = 0; j < num4; j++) { stringBuilder.Append(array3[j]); if (j < num4 - 1) { stringBuilder.Append('/'); } } using (DirectoryEntry directoryEntry3 = IisUtility.CreateIISDirectoryEntry(stringBuilder.ToString())) { array = IisUtility.GetProperties(directoryEntry3); } MetabaseProperty[] array4 = array; int k = 0; while (k < array4.Length) { MetabaseProperty metabaseProperty2 = array4[k]; if (string.Compare(metabaseProperty2.Name, "ServerComment", true) == 0) { object value4 = metabaseProperty2.Value; if (value4 != null) { vdirObject.WebsiteName = (string)value4; break; } break; } else { k++; } } vdirObject.InitProxyVDirDataObject(); ExtendedProtection.LoadFromMetabase(vdirObject, task); }