use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.
the class TestCookieReuse method testInvalidSearchRequest.
/**
* Verify that we canNOT RE-use the cookie taken from a legitimate HTTP session for a SOAP request after
* ending the original session
*/
@Test
public void testInvalidSearchRequest() throws ServiceException, IOException {
//establish legitimate connection
TestUtil.setAccountAttr(USER_NAME, Provisioning.A_zimbraForceClearCookies, "FALSE");
ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
URI uri = mbox.getRestURI("Inbox?fmt=rss");
mbox.getHttpClient(uri);
ZAuthToken authT = mbox.getAuthToken();
//create evesdropper's SOAP client
SoapHttpTransport transport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
transport.setAuthToken(authT);
//check that search returns something
SearchRequest searchReq = new SearchRequest();
searchReq.setSearchTypes(MailItem.Type.MESSAGE.toString());
searchReq.setQuery("in:inbox");
Element req = JaxbUtil.jaxbToElement(searchReq, SoapProtocol.SoapJS.getFactory());
Element res = transport.invoke(req);
SearchResponse searchResp = JaxbUtil.elementToJaxb(res);
List<SearchHit> searchHits = searchResp.getSearchHits();
Assert.assertFalse("this search request should return some conversations", searchHits.isEmpty());
//explicitely end cookie session
Account a = TestUtil.getAccount(USER_NAME);
a.setForceClearCookies(false);
EndSessionRequest esr = new EndSessionRequest();
esr.setLogOff(true);
mbox.invokeJaxb(esr);
//check that search returns nothing
transport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
transport.setAuthToken(authT);
searchReq = new SearchRequest();
searchReq.setSearchTypes(MailItem.Type.MESSAGE.toString());
searchReq.setQuery("in:inbox");
try {
req = JaxbUtil.jaxbToElement(searchReq, SoapProtocol.SoapJS.getFactory());
res = transport.invoke(req);
searchResp = JaxbUtil.elementToJaxb(res);
searchHits = searchResp.getSearchHits();
Assert.assertTrue("this search request should fail", searchHits.isEmpty());
} catch (SoapFaultException ex) {
Assert.assertEquals("Should be getting 'auth required' exception", ServiceException.AUTH_EXPIRED, ex.getCode());
}
}
use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.
the class SoapTestHarness method doRequest.
private void doRequest(Element request) throws IOException, ServiceException {
mCurrent.mDocRequest = request.elementIterator().next();
mCurrent.mDocRequest.detach();
ZAuthToken zat = mAuthToken == null ? null : new ZAuthToken(null, mAuthToken, null);
Element ctxt = SoapUtil.toCtxt(mSoapProto, zat, mSessionId, -1);
if (mTargetUser != null)
SoapUtil.addTargetAccountToCtxt(ctxt, null, mTargetUser);
if (mResponseProto == SoapProtocol.SoapJS)
SoapUtil.addResponseProtocolToCtxt(ctxt, mResponseProto);
mCurrent.mSoapRequest = mSoapProto.soapEnvelope(mCurrent.mDocRequest, ctxt);
long start = System.currentTimeMillis();
mCurrent.mSoapResponse = mTransport.invokeRaw(mCurrent.mSoapRequest);
long finish = System.currentTimeMillis();
mCurrent.mTime = finish - start;
mCurrent.mDocResponse = mResponseProto.getBodyElement(mCurrent.mSoapResponse);
}
use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.
the class ProvUtil method main.
public static void main(String[] args) throws IOException, ServiceException {
CliUtil.setCliSoapHttpTransportTimeout();
// send all logs to stderr
ZimbraLog.toolSetupLog4jConsole("INFO", true, false);
SocketFactories.registerProtocols();
SoapTransport.setDefaultUserAgent("zmprov", BuildInfo.VERSION);
ProvUtil pu = new ProvUtil();
CommandLineParser parser = new PosixParser();
Options options = new Options();
options.addOption("h", "help", false, "display usage");
options.addOption("f", "file", true, "use file as input stream");
options.addOption("s", "server", true, "host[:port] of server to connect to");
options.addOption("l", "ldap", false, "provision via LDAP");
options.addOption("L", "logpropertyfile", true, "log4j property file");
options.addOption("a", "account", true, "account name (not used with --ldap)");
options.addOption("p", "password", true, "password for account");
options.addOption("P", "passfile", true, "filename with password in it");
options.addOption("z", "zadmin", false, "use zimbra admin name/password from localconfig for account/password");
options.addOption("v", "verbose", false, "verbose mode");
options.addOption("d", "debug", false, "debug mode (SOAP request and response payload)");
options.addOption("D", "debughigh", false, "debug mode (SOAP req/resp payload and http headers)");
options.addOption("m", "master", false, "use LDAP master (has to be used with --ldap)");
options.addOption("t", "temp", false, "write binary values to files in temporary directory specified in localconfig key zmprov_tmp_directory");
options.addOption("r", "replace", false, "allow replacement of multi-valued attr value");
options.addOption("fd", "forcedisplay", false, "force display attr value");
options.addOption(SoapCLI.OPT_AUTHTOKEN);
options.addOption(SoapCLI.OPT_AUTHTOKENFILE);
CommandLine cl = null;
boolean err = false;
try {
cl = parser.parse(options, args, true);
} catch (ParseException pe) {
printError("error: " + pe.getMessage());
err = true;
}
if (err || cl.hasOption('h')) {
pu.usage();
}
if (cl.hasOption('l') && cl.hasOption('s')) {
printError("error: cannot specify both -l and -s at the same time");
System.exit(2);
}
pu.setVerbose(cl.hasOption('v'));
if (cl.hasOption('l')) {
pu.setUseLdap(true, cl.hasOption('m'));
}
if (cl.hasOption('L')) {
if (cl.hasOption('l')) {
ZimbraLog.toolSetupLog4j("INFO", cl.getOptionValue('L'));
} else {
printError("error: cannot specify -L when -l is not specified");
System.exit(2);
}
}
if (cl.hasOption('z')) {
pu.setAccount(LC.zimbra_ldap_user.value());
pu.setPassword(LC.zimbra_ldap_password.value());
}
if (cl.hasOption(SoapCLI.O_AUTHTOKEN) && cl.hasOption(SoapCLI.O_AUTHTOKENFILE)) {
printError("error: cannot specify " + SoapCLI.O_AUTHTOKEN + " when " + SoapCLI.O_AUTHTOKENFILE + " is specified");
System.exit(2);
}
if (cl.hasOption(SoapCLI.O_AUTHTOKEN)) {
ZAuthToken zat = ZAuthToken.fromJSONString(cl.getOptionValue(SoapCLI.O_AUTHTOKEN));
pu.setAuthToken(zat);
}
if (cl.hasOption(SoapCLI.O_AUTHTOKENFILE)) {
String authToken = StringUtil.readSingleLineFromFile(cl.getOptionValue(SoapCLI.O_AUTHTOKENFILE));
ZAuthToken zat = ZAuthToken.fromJSONString(authToken);
pu.setAuthToken(zat);
}
if (cl.hasOption('s')) {
pu.setServer(cl.getOptionValue('s'));
}
if (cl.hasOption('a')) {
pu.setAccount(cl.getOptionValue('a'));
}
if (cl.hasOption('p')) {
pu.setPassword(cl.getOptionValue('p'));
}
if (cl.hasOption('P')) {
pu.setPassword(StringUtil.readSingleLineFromFile(cl.getOptionValue('P')));
}
if (cl.hasOption('d') && cl.hasOption('D')) {
printError("error: cannot specify both -d and -D at the same time");
System.exit(2);
}
if (cl.hasOption('D')) {
pu.setDebug(SoapDebugLevel.high);
} else if (cl.hasOption('d')) {
pu.setDebug(SoapDebugLevel.normal);
}
if (!pu.useLdap() && cl.hasOption('m')) {
printError("error: cannot specify -m when -l is not specified");
System.exit(2);
}
if (cl.hasOption('t')) {
pu.setOutputBinaryToFile(true);
}
if (cl.hasOption('r')) {
pu.setAllowMultiValuedAttrReplacement(true);
}
if (cl.hasOption("fd")) {
pu.setForceDisplayAttrValue(true);
}
args = recombineDecapitatedAttrs(cl.getArgs(), options, args);
try {
if (args.length < 1) {
pu.initProvisioning();
InputStream is = null;
if (cl.hasOption('f')) {
pu.setBatchMode(true);
is = new FileInputStream(cl.getOptionValue('f'));
} else {
if (LC.command_line_editing_enabled.booleanValue()) {
try {
CliUtil.enableCommandLineEditing(LC.zimbra_home.value() + "/.zmprov_history");
} catch (IOException e) {
errConsole.println("Command line editing will be disabled: " + e);
if (pu.verboseMode) {
e.printStackTrace(errConsole);
}
}
}
// This has to happen last because JLine modifies System.in.
is = System.in;
}
pu.interactive(new BufferedReader(new InputStreamReader(is, "UTF-8")));
} else {
Command cmd = pu.lookupCommand(args[0]);
if (cmd == null) {
pu.usage();
}
if (cmd.isDeprecated()) {
pu.deprecated();
}
if (pu.forceLdapButDontRequireUseLdapOption(cmd)) {
pu.setUseLdap(true, false);
}
if (pu.needProvisioningInstance(cmd)) {
pu.initProvisioning();
}
try {
if (!pu.execute(args)) {
pu.usage();
}
} catch (ArgException e) {
pu.usage();
}
}
} catch (ServiceException e) {
Throwable cause = e.getCause();
String errText = "ERROR: " + e.getCode() + " (" + e.getMessage() + ")" + (cause == null ? "" : " (cause: " + cause.getClass().getName() + " " + cause.getMessage() + ")");
printError(errText);
if (pu.verboseMode) {
e.printStackTrace(errConsole);
}
System.exit(2);
}
}
use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.
the class ProvUtil method doUnlockMailbox.
private void doUnlockMailbox(String[] args) throws ServiceException {
String accountVal = null;
if (args.length > 1) {
accountVal = args[1];
} else {
usage();
return;
}
if (accountVal != null) {
//will throw NO_SUCH_ACCOUNT if not found
Account acct = lookupAccount(accountVal);
if (!acct.getAccountStatus().isActive()) {
throw ServiceException.FAILURE(String.format("Cannot unlock mailbox for account %s. Account status must be %s. Curent account status is %s. " + "You must change the value of zimbraAccountStatus to '%s' first", accountVal, AccountStatus.active, acct.getAccountStatus(), AccountStatus.active), null);
}
String accName = acct.getName();
String server = acct.getMailHost();
try {
sendMailboxLockoutRequest(accName, server, AdminConstants.A_END);
} catch (ServiceException e) {
if (ServiceException.UNKNOWN_DOCUMENT.equals(e.getCode())) {
throw ServiceException.FAILURE("source server version does not support " + AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, e);
} else if (ServiceException.NOT_FOUND.equals(e.getCode())) {
//if mailbox is not locked, move on
printOutput("Warning: " + e.getMessage());
} else {
throw e;
}
} catch (IOException e) {
throw ServiceException.FAILURE(String.format("Error sending %s (operation = %s) request for %s to %s", AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, AdminConstants.A_END, accountVal, server), e);
}
//unregister moveout if hostname is provided
if (args.length > 2) {
//set account status to maintenance and lock the mailbox to avoid race conditions
acct.setAccountStatus(AccountStatus.maintenance);
try {
sendMailboxLockoutRequest(accName, server, AdminConstants.A_START);
} catch (IOException e) {
throw ServiceException.FAILURE(String.format("Error sending %s (opertion = %s) request for %s to %s.\n Warning: Account is left in maintenance state!", AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, AdminConstants.A_START, accountVal, server), e);
}
//unregister moveout via SOAP
String targetServer = args[2];
try {
UnregisterMailboxMoveOutRequest unregisterReq = UnregisterMailboxMoveOutRequest.create(MailboxMoveSpec.createForNameAndTarget(accName, targetServer));
String url = URLUtil.getAdminURL(server);
ZAuthToken token = ((SoapProvisioning) prov).getAuthToken();
SoapHttpTransport transport = new SoapHttpTransport(url);
transport.setAuthToken(token);
transport.invokeWithoutSession(JaxbUtil.jaxbToElement(unregisterReq));
} catch (ServiceException e) {
if (ServiceException.UNKNOWN_DOCUMENT.equals(e.getCode())) {
throw ServiceException.FAILURE(String.format("target server version does not support %s.", BackupConstants.E_UNREGISTER_MAILBOX_MOVE_OUT_REQUEST), e);
} else {
throw ServiceException.FAILURE("Failed to unregister mailbox moveout", e);
}
} catch (IOException e) {
throw ServiceException.FAILURE(String.format("Error sending %s request for %s to %s.", BackupConstants.E_UNREGISTER_MAILBOX_MOVE_OUT_REQUEST, accountVal, server), e);
} finally {
//unlock mailbox object and end account maintenance even if failed to unregister moveout
try {
sendMailboxLockoutRequest(accName, server, AdminConstants.A_END);
} catch (ServiceException e) {
//print error messages, but don't throw any more exceptions, because we have to set account status back to 'active'
if (ServiceException.UNKNOWN_DOCUMENT.equals(e.getCode())) {
printError("source server version does not support " + AdminConstants.E_LOCKOUT_MAILBOX_REQUEST);
} else {
printError(String.format("Error: failed to unregister mailbox moveout.\n Exception: %s.", e.getMessage()));
}
} catch (IOException e) {
printError(String.format("Error sending %s (operation = %s) request for %s to %s after unregistering moveout. Exception: %s", AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, AdminConstants.A_END, accountVal, server, e.getMessage()));
}
//end account maintenance
acct.setAccountStatus(AccountStatus.active);
}
}
}
}
use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.
the class ProvUtil method sendMailboxLockoutRequest.
private void sendMailboxLockoutRequest(String acctName, String server, String operation) throws ServiceException, IOException {
LockoutMailboxRequest req = LockoutMailboxRequest.create(AccountNameSelector.fromName(acctName));
req.setOperation(operation);
String url = URLUtil.getAdminURL(server);
ZAuthToken token = ((SoapProvisioning) prov).getAuthToken();
SoapHttpTransport transport = new SoapHttpTransport(url);
transport.setAuthToken(token);
transport.invokeWithoutSession(JaxbUtil.jaxbToElement(req));
}
Aggregations