Search in sources :

Example 16 with ZAuthToken

use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.

the class TestCookieReuse method testInvalidSearchRequest.

/**
     * Verify that we canNOT RE-use the cookie taken from a legitimate HTTP session for a SOAP request after
     * ending the original session
     */
@Test
public void testInvalidSearchRequest() throws ServiceException, IOException {
    //establish legitimate connection
    TestUtil.setAccountAttr(USER_NAME, Provisioning.A_zimbraForceClearCookies, "FALSE");
    ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
    URI uri = mbox.getRestURI("Inbox?fmt=rss");
    mbox.getHttpClient(uri);
    ZAuthToken authT = mbox.getAuthToken();
    //create evesdropper's SOAP client
    SoapHttpTransport transport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
    transport.setAuthToken(authT);
    //check that search returns something
    SearchRequest searchReq = new SearchRequest();
    searchReq.setSearchTypes(MailItem.Type.MESSAGE.toString());
    searchReq.setQuery("in:inbox");
    Element req = JaxbUtil.jaxbToElement(searchReq, SoapProtocol.SoapJS.getFactory());
    Element res = transport.invoke(req);
    SearchResponse searchResp = JaxbUtil.elementToJaxb(res);
    List<SearchHit> searchHits = searchResp.getSearchHits();
    Assert.assertFalse("this search request should return some conversations", searchHits.isEmpty());
    //explicitely end cookie session
    Account a = TestUtil.getAccount(USER_NAME);
    a.setForceClearCookies(false);
    EndSessionRequest esr = new EndSessionRequest();
    esr.setLogOff(true);
    mbox.invokeJaxb(esr);
    //check that search returns nothing
    transport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
    transport.setAuthToken(authT);
    searchReq = new SearchRequest();
    searchReq.setSearchTypes(MailItem.Type.MESSAGE.toString());
    searchReq.setQuery("in:inbox");
    try {
        req = JaxbUtil.jaxbToElement(searchReq, SoapProtocol.SoapJS.getFactory());
        res = transport.invoke(req);
        searchResp = JaxbUtil.elementToJaxb(res);
        searchHits = searchResp.getSearchHits();
        Assert.assertTrue("this search request should fail", searchHits.isEmpty());
    } catch (SoapFaultException ex) {
        Assert.assertEquals("Should be getting 'auth required' exception", ServiceException.AUTH_EXPIRED, ex.getCode());
    }
}
Also used : SearchRequest(com.zimbra.soap.mail.message.SearchRequest) Account(com.zimbra.cs.account.Account) SearchHit(com.zimbra.soap.type.SearchHit) Element(com.zimbra.common.soap.Element) XMLElement(com.zimbra.common.soap.Element.XMLElement) JSONElement(com.zimbra.common.soap.Element.JSONElement) URI(java.net.URI) ZAuthToken(com.zimbra.common.auth.ZAuthToken) SoapFaultException(com.zimbra.common.soap.SoapFaultException) SearchResponse(com.zimbra.soap.mail.message.SearchResponse) ZMailbox(com.zimbra.client.ZMailbox) EndSessionRequest(com.zimbra.soap.account.message.EndSessionRequest) SoapHttpTransport(com.zimbra.common.soap.SoapHttpTransport) Test(org.junit.Test)

Example 17 with ZAuthToken

use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.

the class SoapTestHarness method doRequest.

private void doRequest(Element request) throws IOException, ServiceException {
    mCurrent.mDocRequest = request.elementIterator().next();
    mCurrent.mDocRequest.detach();
    ZAuthToken zat = mAuthToken == null ? null : new ZAuthToken(null, mAuthToken, null);
    Element ctxt = SoapUtil.toCtxt(mSoapProto, zat, mSessionId, -1);
    if (mTargetUser != null)
        SoapUtil.addTargetAccountToCtxt(ctxt, null, mTargetUser);
    if (mResponseProto == SoapProtocol.SoapJS)
        SoapUtil.addResponseProtocolToCtxt(ctxt, mResponseProto);
    mCurrent.mSoapRequest = mSoapProto.soapEnvelope(mCurrent.mDocRequest, ctxt);
    long start = System.currentTimeMillis();
    mCurrent.mSoapResponse = mTransport.invokeRaw(mCurrent.mSoapRequest);
    long finish = System.currentTimeMillis();
    mCurrent.mTime = finish - start;
    mCurrent.mDocResponse = mResponseProto.getBodyElement(mCurrent.mSoapResponse);
}
Also used : ZAuthToken(com.zimbra.common.auth.ZAuthToken)

Example 18 with ZAuthToken

use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.

the class ProvUtil method main.

public static void main(String[] args) throws IOException, ServiceException {
    CliUtil.setCliSoapHttpTransportTimeout();
    // send all logs to stderr
    ZimbraLog.toolSetupLog4jConsole("INFO", true, false);
    SocketFactories.registerProtocols();
    SoapTransport.setDefaultUserAgent("zmprov", BuildInfo.VERSION);
    ProvUtil pu = new ProvUtil();
    CommandLineParser parser = new PosixParser();
    Options options = new Options();
    options.addOption("h", "help", false, "display usage");
    options.addOption("f", "file", true, "use file as input stream");
    options.addOption("s", "server", true, "host[:port] of server to connect to");
    options.addOption("l", "ldap", false, "provision via LDAP");
    options.addOption("L", "logpropertyfile", true, "log4j property file");
    options.addOption("a", "account", true, "account name (not used with --ldap)");
    options.addOption("p", "password", true, "password for account");
    options.addOption("P", "passfile", true, "filename with password in it");
    options.addOption("z", "zadmin", false, "use zimbra admin name/password from localconfig for account/password");
    options.addOption("v", "verbose", false, "verbose mode");
    options.addOption("d", "debug", false, "debug mode (SOAP request and response payload)");
    options.addOption("D", "debughigh", false, "debug mode (SOAP req/resp payload and http headers)");
    options.addOption("m", "master", false, "use LDAP master (has to be used with --ldap)");
    options.addOption("t", "temp", false, "write binary values to files in temporary directory specified in localconfig key zmprov_tmp_directory");
    options.addOption("r", "replace", false, "allow replacement of multi-valued attr value");
    options.addOption("fd", "forcedisplay", false, "force display attr value");
    options.addOption(SoapCLI.OPT_AUTHTOKEN);
    options.addOption(SoapCLI.OPT_AUTHTOKENFILE);
    CommandLine cl = null;
    boolean err = false;
    try {
        cl = parser.parse(options, args, true);
    } catch (ParseException pe) {
        printError("error: " + pe.getMessage());
        err = true;
    }
    if (err || cl.hasOption('h')) {
        pu.usage();
    }
    if (cl.hasOption('l') && cl.hasOption('s')) {
        printError("error: cannot specify both -l and -s at the same time");
        System.exit(2);
    }
    pu.setVerbose(cl.hasOption('v'));
    if (cl.hasOption('l')) {
        pu.setUseLdap(true, cl.hasOption('m'));
    }
    if (cl.hasOption('L')) {
        if (cl.hasOption('l')) {
            ZimbraLog.toolSetupLog4j("INFO", cl.getOptionValue('L'));
        } else {
            printError("error: cannot specify -L when -l is not specified");
            System.exit(2);
        }
    }
    if (cl.hasOption('z')) {
        pu.setAccount(LC.zimbra_ldap_user.value());
        pu.setPassword(LC.zimbra_ldap_password.value());
    }
    if (cl.hasOption(SoapCLI.O_AUTHTOKEN) && cl.hasOption(SoapCLI.O_AUTHTOKENFILE)) {
        printError("error: cannot specify " + SoapCLI.O_AUTHTOKEN + " when " + SoapCLI.O_AUTHTOKENFILE + " is specified");
        System.exit(2);
    }
    if (cl.hasOption(SoapCLI.O_AUTHTOKEN)) {
        ZAuthToken zat = ZAuthToken.fromJSONString(cl.getOptionValue(SoapCLI.O_AUTHTOKEN));
        pu.setAuthToken(zat);
    }
    if (cl.hasOption(SoapCLI.O_AUTHTOKENFILE)) {
        String authToken = StringUtil.readSingleLineFromFile(cl.getOptionValue(SoapCLI.O_AUTHTOKENFILE));
        ZAuthToken zat = ZAuthToken.fromJSONString(authToken);
        pu.setAuthToken(zat);
    }
    if (cl.hasOption('s')) {
        pu.setServer(cl.getOptionValue('s'));
    }
    if (cl.hasOption('a')) {
        pu.setAccount(cl.getOptionValue('a'));
    }
    if (cl.hasOption('p')) {
        pu.setPassword(cl.getOptionValue('p'));
    }
    if (cl.hasOption('P')) {
        pu.setPassword(StringUtil.readSingleLineFromFile(cl.getOptionValue('P')));
    }
    if (cl.hasOption('d') && cl.hasOption('D')) {
        printError("error: cannot specify both -d and -D at the same time");
        System.exit(2);
    }
    if (cl.hasOption('D')) {
        pu.setDebug(SoapDebugLevel.high);
    } else if (cl.hasOption('d')) {
        pu.setDebug(SoapDebugLevel.normal);
    }
    if (!pu.useLdap() && cl.hasOption('m')) {
        printError("error: cannot specify -m when -l is not specified");
        System.exit(2);
    }
    if (cl.hasOption('t')) {
        pu.setOutputBinaryToFile(true);
    }
    if (cl.hasOption('r')) {
        pu.setAllowMultiValuedAttrReplacement(true);
    }
    if (cl.hasOption("fd")) {
        pu.setForceDisplayAttrValue(true);
    }
    args = recombineDecapitatedAttrs(cl.getArgs(), options, args);
    try {
        if (args.length < 1) {
            pu.initProvisioning();
            InputStream is = null;
            if (cl.hasOption('f')) {
                pu.setBatchMode(true);
                is = new FileInputStream(cl.getOptionValue('f'));
            } else {
                if (LC.command_line_editing_enabled.booleanValue()) {
                    try {
                        CliUtil.enableCommandLineEditing(LC.zimbra_home.value() + "/.zmprov_history");
                    } catch (IOException e) {
                        errConsole.println("Command line editing will be disabled: " + e);
                        if (pu.verboseMode) {
                            e.printStackTrace(errConsole);
                        }
                    }
                }
                // This has to happen last because JLine modifies System.in.
                is = System.in;
            }
            pu.interactive(new BufferedReader(new InputStreamReader(is, "UTF-8")));
        } else {
            Command cmd = pu.lookupCommand(args[0]);
            if (cmd == null) {
                pu.usage();
            }
            if (cmd.isDeprecated()) {
                pu.deprecated();
            }
            if (pu.forceLdapButDontRequireUseLdapOption(cmd)) {
                pu.setUseLdap(true, false);
            }
            if (pu.needProvisioningInstance(cmd)) {
                pu.initProvisioning();
            }
            try {
                if (!pu.execute(args)) {
                    pu.usage();
                }
            } catch (ArgException e) {
                pu.usage();
            }
        }
    } catch (ServiceException e) {
        Throwable cause = e.getCause();
        String errText = "ERROR: " + e.getCode() + " (" + e.getMessage() + ")" + (cause == null ? "" : " (cause: " + cause.getClass().getName() + " " + cause.getMessage() + ")");
        printError(errText);
        if (pu.verboseMode) {
            e.printStackTrace(errConsole);
        }
        System.exit(2);
    }
}
Also used : Options(org.apache.commons.cli.Options) InputStreamReader(java.io.InputStreamReader) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) PosixParser(org.apache.commons.cli.PosixParser) IOException(java.io.IOException) ZAuthToken(com.zimbra.common.auth.ZAuthToken) FileInputStream(java.io.FileInputStream) CommandLine(org.apache.commons.cli.CommandLine) ServiceException(com.zimbra.common.service.ServiceException) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand) BufferedReader(java.io.BufferedReader) CommandLineParser(org.apache.commons.cli.CommandLineParser) ParseException(org.apache.commons.cli.ParseException)

Example 19 with ZAuthToken

use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.

the class ProvUtil method doUnlockMailbox.

private void doUnlockMailbox(String[] args) throws ServiceException {
    String accountVal = null;
    if (args.length > 1) {
        accountVal = args[1];
    } else {
        usage();
        return;
    }
    if (accountVal != null) {
        //will throw NO_SUCH_ACCOUNT if not found
        Account acct = lookupAccount(accountVal);
        if (!acct.getAccountStatus().isActive()) {
            throw ServiceException.FAILURE(String.format("Cannot unlock mailbox for account %s. Account status must be %s. Curent account status is %s. " + "You must change the value of zimbraAccountStatus to '%s' first", accountVal, AccountStatus.active, acct.getAccountStatus(), AccountStatus.active), null);
        }
        String accName = acct.getName();
        String server = acct.getMailHost();
        try {
            sendMailboxLockoutRequest(accName, server, AdminConstants.A_END);
        } catch (ServiceException e) {
            if (ServiceException.UNKNOWN_DOCUMENT.equals(e.getCode())) {
                throw ServiceException.FAILURE("source server version does not support " + AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, e);
            } else if (ServiceException.NOT_FOUND.equals(e.getCode())) {
                //if mailbox is not locked, move on
                printOutput("Warning: " + e.getMessage());
            } else {
                throw e;
            }
        } catch (IOException e) {
            throw ServiceException.FAILURE(String.format("Error sending %s (operation = %s) request for %s to %s", AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, AdminConstants.A_END, accountVal, server), e);
        }
        //unregister moveout if hostname is provided
        if (args.length > 2) {
            //set account status to maintenance and lock the mailbox to avoid race conditions
            acct.setAccountStatus(AccountStatus.maintenance);
            try {
                sendMailboxLockoutRequest(accName, server, AdminConstants.A_START);
            } catch (IOException e) {
                throw ServiceException.FAILURE(String.format("Error sending %s (opertion = %s) request for %s to %s.\n Warning: Account is left in maintenance state!", AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, AdminConstants.A_START, accountVal, server), e);
            }
            //unregister moveout via SOAP
            String targetServer = args[2];
            try {
                UnregisterMailboxMoveOutRequest unregisterReq = UnregisterMailboxMoveOutRequest.create(MailboxMoveSpec.createForNameAndTarget(accName, targetServer));
                String url = URLUtil.getAdminURL(server);
                ZAuthToken token = ((SoapProvisioning) prov).getAuthToken();
                SoapHttpTransport transport = new SoapHttpTransport(url);
                transport.setAuthToken(token);
                transport.invokeWithoutSession(JaxbUtil.jaxbToElement(unregisterReq));
            } catch (ServiceException e) {
                if (ServiceException.UNKNOWN_DOCUMENT.equals(e.getCode())) {
                    throw ServiceException.FAILURE(String.format("target server version does not support %s.", BackupConstants.E_UNREGISTER_MAILBOX_MOVE_OUT_REQUEST), e);
                } else {
                    throw ServiceException.FAILURE("Failed to unregister mailbox moveout", e);
                }
            } catch (IOException e) {
                throw ServiceException.FAILURE(String.format("Error sending %s request for %s to %s.", BackupConstants.E_UNREGISTER_MAILBOX_MOVE_OUT_REQUEST, accountVal, server), e);
            } finally {
                //unlock mailbox object and end account maintenance even if failed to unregister moveout
                try {
                    sendMailboxLockoutRequest(accName, server, AdminConstants.A_END);
                } catch (ServiceException e) {
                    //print error messages, but don't throw any more exceptions, because we have to set account status back to 'active'
                    if (ServiceException.UNKNOWN_DOCUMENT.equals(e.getCode())) {
                        printError("source server version does not support " + AdminConstants.E_LOCKOUT_MAILBOX_REQUEST);
                    } else {
                        printError(String.format("Error: failed to unregister mailbox moveout.\n Exception: %s.", e.getMessage()));
                    }
                } catch (IOException e) {
                    printError(String.format("Error sending %s (operation = %s) request for %s to %s after unregistering moveout. Exception: %s", AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, AdminConstants.A_END, accountVal, server, e.getMessage()));
                }
                //end account maintenance
                acct.setAccountStatus(AccountStatus.active);
            }
        }
    }
}
Also used : ServiceException(com.zimbra.common.service.ServiceException) SoapProvisioning(com.zimbra.cs.account.soap.SoapProvisioning) UnregisterMailboxMoveOutRequest(com.zimbra.soap.admin.message.UnregisterMailboxMoveOutRequest) IOException(java.io.IOException) SoapHttpTransport(com.zimbra.common.soap.SoapHttpTransport) ZAuthToken(com.zimbra.common.auth.ZAuthToken)

Example 20 with ZAuthToken

use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.

the class ProvUtil method sendMailboxLockoutRequest.

private void sendMailboxLockoutRequest(String acctName, String server, String operation) throws ServiceException, IOException {
    LockoutMailboxRequest req = LockoutMailboxRequest.create(AccountNameSelector.fromName(acctName));
    req.setOperation(operation);
    String url = URLUtil.getAdminURL(server);
    ZAuthToken token = ((SoapProvisioning) prov).getAuthToken();
    SoapHttpTransport transport = new SoapHttpTransport(url);
    transport.setAuthToken(token);
    transport.invokeWithoutSession(JaxbUtil.jaxbToElement(req));
}
Also used : SoapProvisioning(com.zimbra.cs.account.soap.SoapProvisioning) SoapHttpTransport(com.zimbra.common.soap.SoapHttpTransport) ZAuthToken(com.zimbra.common.auth.ZAuthToken) LockoutMailboxRequest(com.zimbra.soap.admin.message.LockoutMailboxRequest)

Aggregations

ZAuthToken (com.zimbra.common.auth.ZAuthToken)36 ZMailbox (com.zimbra.client.ZMailbox)14 Element (com.zimbra.common.soap.Element)11 AuthToken (com.zimbra.cs.account.AuthToken)7 ZFolder (com.zimbra.client.ZFolder)6 ServiceException (com.zimbra.common.service.ServiceException)6 XMLElement (com.zimbra.common.soap.Element.XMLElement)6 Account (com.zimbra.cs.account.Account)6 IOException (java.io.IOException)6 HttpClient (org.apache.commons.httpclient.HttpClient)6 HttpState (org.apache.commons.httpclient.HttpState)6 Test (org.junit.Test)6 SoapHttpTransport (com.zimbra.common.soap.SoapHttpTransport)5 ItemId (com.zimbra.cs.service.util.ItemId)5 URI (java.net.URI)5 GetMethod (org.apache.commons.httpclient.methods.GetMethod)5 Folder (com.zimbra.cs.mailbox.Folder)3 Mailbox (com.zimbra.cs.mailbox.Mailbox)3 Options (com.zimbra.client.ZMailbox.Options)2 ZMountpoint (com.zimbra.client.ZMountpoint)2