Search in sources :

Example 31 with ZAuthToken

use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.

the class ProvUtil method main.

public static void main(String[] args) throws IOException, ServiceException {
    CliUtil.setCliSoapHttpTransportTimeout();
    // send all logs to stderr
    ZimbraLog.toolSetupLog4jConsole("INFO", true, false);
    SocketFactories.registerProtocols();
    SoapTransport.setDefaultUserAgent("zmprov", BuildInfo.VERSION);
    ProvUtil pu = new ProvUtil();
    CommandLineParser parser = new PosixParser();
    Options options = new Options();
    options.addOption("h", "help", false, "display usage");
    options.addOption("f", "file", true, "use file as input stream");
    options.addOption("s", "server", true, "host[:port] of server to connect to");
    options.addOption("l", "ldap", false, "provision via LDAP");
    options.addOption("L", "logpropertyfile", true, "log4j property file");
    options.addOption("a", "account", true, "account name (not used with --ldap)");
    options.addOption("p", "password", true, "password for account");
    options.addOption("P", "passfile", true, "filename with password in it");
    options.addOption("z", "zadmin", false, "use zimbra admin name/password from localconfig for account/password");
    options.addOption("v", "verbose", false, "verbose mode");
    options.addOption("d", "debug", false, "debug mode (SOAP request and response payload)");
    options.addOption("D", "debughigh", false, "debug mode (SOAP req/resp payload and http headers)");
    options.addOption("m", "master", false, "use LDAP master (has to be used with --ldap)");
    options.addOption("t", "temp", false, "write binary values to files in temporary directory specified in localconfig key zmprov_tmp_directory");
    options.addOption("r", "replace", false, "allow replacement of multi-valued attr value");
    options.addOption("fd", "forcedisplay", false, "force display attr value");
    options.addOption(SoapCLI.OPT_AUTHTOKEN);
    options.addOption(SoapCLI.OPT_AUTHTOKENFILE);
    CommandLine cl = null;
    boolean err = false;
    try {
        cl = parser.parse(options, args, true);
    } catch (ParseException pe) {
        printError("error: " + pe.getMessage());
        err = true;
    }
    if (err || cl.hasOption('h')) {
        pu.usage();
    }
    if (cl.hasOption('l') && cl.hasOption('s')) {
        printError("error: cannot specify both -l and -s at the same time");
        System.exit(2);
    }
    pu.setVerbose(cl.hasOption('v'));
    if (cl.hasOption('l')) {
        pu.setUseLdap(true, cl.hasOption('m'));
    }
    if (cl.hasOption('L')) {
        if (cl.hasOption('l')) {
            ZimbraLog.toolSetupLog4j("INFO", cl.getOptionValue('L'));
        } else {
            printError("error: cannot specify -L when -l is not specified");
            System.exit(2);
        }
    }
    if (cl.hasOption('z')) {
        pu.setAccount(LC.zimbra_ldap_user.value());
        pu.setPassword(LC.zimbra_ldap_password.value());
    }
    if (cl.hasOption(SoapCLI.O_AUTHTOKEN) && cl.hasOption(SoapCLI.O_AUTHTOKENFILE)) {
        printError("error: cannot specify " + SoapCLI.O_AUTHTOKEN + " when " + SoapCLI.O_AUTHTOKENFILE + " is specified");
        System.exit(2);
    }
    if (cl.hasOption(SoapCLI.O_AUTHTOKEN)) {
        ZAuthToken zat = ZAuthToken.fromJSONString(cl.getOptionValue(SoapCLI.O_AUTHTOKEN));
        pu.setAuthToken(zat);
    }
    if (cl.hasOption(SoapCLI.O_AUTHTOKENFILE)) {
        String authToken = StringUtil.readSingleLineFromFile(cl.getOptionValue(SoapCLI.O_AUTHTOKENFILE));
        ZAuthToken zat = ZAuthToken.fromJSONString(authToken);
        pu.setAuthToken(zat);
    }
    if (cl.hasOption('s')) {
        pu.setServer(cl.getOptionValue('s'));
    }
    if (cl.hasOption('a')) {
        pu.setAccount(cl.getOptionValue('a'));
    }
    if (cl.hasOption('p')) {
        pu.setPassword(cl.getOptionValue('p'));
    }
    if (cl.hasOption('P')) {
        pu.setPassword(StringUtil.readSingleLineFromFile(cl.getOptionValue('P')));
    }
    if (cl.hasOption('d') && cl.hasOption('D')) {
        printError("error: cannot specify both -d and -D at the same time");
        System.exit(2);
    }
    if (cl.hasOption('D')) {
        pu.setDebug(SoapDebugLevel.high);
    } else if (cl.hasOption('d')) {
        pu.setDebug(SoapDebugLevel.normal);
    }
    if (!pu.useLdap() && cl.hasOption('m')) {
        printError("error: cannot specify -m when -l is not specified");
        System.exit(2);
    }
    if (cl.hasOption('t')) {
        pu.setOutputBinaryToFile(true);
    }
    if (cl.hasOption('r')) {
        pu.setAllowMultiValuedAttrReplacement(true);
    }
    if (cl.hasOption("fd")) {
        pu.setForceDisplayAttrValue(true);
    }
    args = recombineDecapitatedAttrs(cl.getArgs(), options, args);
    try {
        if (args.length < 1) {
            pu.initProvisioning();
            InputStream is = null;
            if (cl.hasOption('f')) {
                pu.setBatchMode(true);
                is = new FileInputStream(cl.getOptionValue('f'));
            } else {
                if (LC.command_line_editing_enabled.booleanValue()) {
                    try {
                        CliUtil.enableCommandLineEditing(LC.zimbra_home.value() + "/.zmprov_history");
                    } catch (IOException e) {
                        errConsole.println("Command line editing will be disabled: " + e);
                        if (pu.verboseMode) {
                            e.printStackTrace(errConsole);
                        }
                    }
                }
                // This has to happen last because JLine modifies System.in.
                is = System.in;
            }
            pu.interactive(new BufferedReader(new InputStreamReader(is, "UTF-8")));
        } else {
            Command cmd = pu.lookupCommand(args[0]);
            if (cmd == null) {
                pu.usage();
            }
            if (cmd.isDeprecated()) {
                pu.deprecated();
            }
            if (pu.forceLdapButDontRequireUseLdapOption(cmd)) {
                pu.setUseLdap(true, false);
            }
            if (pu.needProvisioningInstance(cmd)) {
                pu.initProvisioning();
            }
            try {
                if (!pu.execute(args)) {
                    pu.usage();
                }
            } catch (ArgException e) {
                pu.usage();
            }
        }
    } catch (ServiceException e) {
        Throwable cause = e.getCause();
        String errText = "ERROR: " + e.getCode() + " (" + e.getMessage() + ")" + (cause == null ? "" : " (cause: " + cause.getClass().getName() + " " + cause.getMessage() + ")");
        printError(errText);
        if (pu.verboseMode) {
            e.printStackTrace(errConsole);
        }
        System.exit(2);
    }
}
Also used : Options(org.apache.commons.cli.Options) InputStreamReader(java.io.InputStreamReader) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) PosixParser(org.apache.commons.cli.PosixParser) IOException(java.io.IOException) ZAuthToken(com.zimbra.common.auth.ZAuthToken) FileInputStream(java.io.FileInputStream) CommandLine(org.apache.commons.cli.CommandLine) ServiceException(com.zimbra.common.service.ServiceException) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand) BufferedReader(java.io.BufferedReader) CommandLineParser(org.apache.commons.cli.CommandLineParser) ParseException(org.apache.commons.cli.ParseException)

Example 32 with ZAuthToken

use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.

the class ProvUtil method doUnlockMailbox.

private void doUnlockMailbox(String[] args) throws ServiceException {
    String accountVal = null;
    if (args.length > 1) {
        accountVal = args[1];
    } else {
        usage();
        return;
    }
    if (accountVal != null) {
        //will throw NO_SUCH_ACCOUNT if not found
        Account acct = lookupAccount(accountVal);
        if (!acct.getAccountStatus().isActive()) {
            throw ServiceException.FAILURE(String.format("Cannot unlock mailbox for account %s. Account status must be %s. Curent account status is %s. " + "You must change the value of zimbraAccountStatus to '%s' first", accountVal, AccountStatus.active, acct.getAccountStatus(), AccountStatus.active), null);
        }
        String accName = acct.getName();
        String server = acct.getMailHost();
        try {
            sendMailboxLockoutRequest(accName, server, AdminConstants.A_END);
        } catch (ServiceException e) {
            if (ServiceException.UNKNOWN_DOCUMENT.equals(e.getCode())) {
                throw ServiceException.FAILURE("source server version does not support " + AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, e);
            } else if (ServiceException.NOT_FOUND.equals(e.getCode())) {
                //if mailbox is not locked, move on
                printOutput("Warning: " + e.getMessage());
            } else {
                throw e;
            }
        } catch (IOException e) {
            throw ServiceException.FAILURE(String.format("Error sending %s (operation = %s) request for %s to %s", AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, AdminConstants.A_END, accountVal, server), e);
        }
        //unregister moveout if hostname is provided
        if (args.length > 2) {
            //set account status to maintenance and lock the mailbox to avoid race conditions
            acct.setAccountStatus(AccountStatus.maintenance);
            try {
                sendMailboxLockoutRequest(accName, server, AdminConstants.A_START);
            } catch (IOException e) {
                throw ServiceException.FAILURE(String.format("Error sending %s (opertion = %s) request for %s to %s.\n Warning: Account is left in maintenance state!", AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, AdminConstants.A_START, accountVal, server), e);
            }
            //unregister moveout via SOAP
            String targetServer = args[2];
            try {
                UnregisterMailboxMoveOutRequest unregisterReq = UnregisterMailboxMoveOutRequest.create(MailboxMoveSpec.createForNameAndTarget(accName, targetServer));
                String url = URLUtil.getAdminURL(server);
                ZAuthToken token = ((SoapProvisioning) prov).getAuthToken();
                SoapHttpTransport transport = new SoapHttpTransport(url);
                transport.setAuthToken(token);
                transport.invokeWithoutSession(JaxbUtil.jaxbToElement(unregisterReq));
            } catch (ServiceException e) {
                if (ServiceException.UNKNOWN_DOCUMENT.equals(e.getCode())) {
                    throw ServiceException.FAILURE(String.format("target server version does not support %s.", BackupConstants.E_UNREGISTER_MAILBOX_MOVE_OUT_REQUEST), e);
                } else {
                    throw ServiceException.FAILURE("Failed to unregister mailbox moveout", e);
                }
            } catch (IOException e) {
                throw ServiceException.FAILURE(String.format("Error sending %s request for %s to %s.", BackupConstants.E_UNREGISTER_MAILBOX_MOVE_OUT_REQUEST, accountVal, server), e);
            } finally {
                //unlock mailbox object and end account maintenance even if failed to unregister moveout
                try {
                    sendMailboxLockoutRequest(accName, server, AdminConstants.A_END);
                } catch (ServiceException e) {
                    //print error messages, but don't throw any more exceptions, because we have to set account status back to 'active'
                    if (ServiceException.UNKNOWN_DOCUMENT.equals(e.getCode())) {
                        printError("source server version does not support " + AdminConstants.E_LOCKOUT_MAILBOX_REQUEST);
                    } else {
                        printError(String.format("Error: failed to unregister mailbox moveout.\n Exception: %s.", e.getMessage()));
                    }
                } catch (IOException e) {
                    printError(String.format("Error sending %s (operation = %s) request for %s to %s after unregistering moveout. Exception: %s", AdminConstants.E_LOCKOUT_MAILBOX_REQUEST, AdminConstants.A_END, accountVal, server, e.getMessage()));
                }
                //end account maintenance
                acct.setAccountStatus(AccountStatus.active);
            }
        }
    }
}
Also used : ServiceException(com.zimbra.common.service.ServiceException) SoapProvisioning(com.zimbra.cs.account.soap.SoapProvisioning) UnregisterMailboxMoveOutRequest(com.zimbra.soap.admin.message.UnregisterMailboxMoveOutRequest) IOException(java.io.IOException) SoapHttpTransport(com.zimbra.common.soap.SoapHttpTransport) ZAuthToken(com.zimbra.common.auth.ZAuthToken)

Example 33 with ZAuthToken

use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.

the class ProvUtil method sendMailboxLockoutRequest.

private void sendMailboxLockoutRequest(String acctName, String server, String operation) throws ServiceException, IOException {
    LockoutMailboxRequest req = LockoutMailboxRequest.create(AccountNameSelector.fromName(acctName));
    req.setOperation(operation);
    String url = URLUtil.getAdminURL(server);
    ZAuthToken token = ((SoapProvisioning) prov).getAuthToken();
    SoapHttpTransport transport = new SoapHttpTransport(url);
    transport.setAuthToken(token);
    transport.invokeWithoutSession(JaxbUtil.jaxbToElement(req));
}
Also used : SoapProvisioning(com.zimbra.cs.account.soap.SoapProvisioning) SoapHttpTransport(com.zimbra.common.soap.SoapHttpTransport) ZAuthToken(com.zimbra.common.auth.ZAuthToken) LockoutMailboxRequest(com.zimbra.soap.admin.message.LockoutMailboxRequest)

Example 34 with ZAuthToken

use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.

the class TestCookieReuse method testReuseUserCookieWithCsrf.

/**
     * Verify that we CAN make a GET request by reusing a valid CSRF-enabled cookie
     */
@Test
public void testReuseUserCookieWithCsrf() throws Exception {
    AuthToken at = AuthProvider.getAuthToken(TestUtil.getAccount(USER_NAME));
    ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
    URI uri = mbox.getRestURI("Inbox?fmt=rss&thief=true");
    at.setCsrfTokenEnabled(true);
    GetMethod get = new GetMethod(uri.toString());
    HttpClient eve = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
    HttpState state = HttpClientUtil.newHttpState(new ZAuthToken(at.getEncoded()), uri.getHost(), false);
    eve.setState(state);
    eve.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
    int statusCode = HttpClientUtil.executeMethod(eve, get);
    Assert.assertEquals("This request should succeed. Getting status code " + statusCode + " Response: " + get.getResponseBodyAsString(), HttpStatus.SC_OK, statusCode);
}
Also used : ZMailbox(com.zimbra.client.ZMailbox) HttpClient(org.apache.commons.httpclient.HttpClient) GetMethod(org.apache.commons.httpclient.methods.GetMethod) HttpState(org.apache.commons.httpclient.HttpState) AuthToken(com.zimbra.cs.account.AuthToken) ZAuthToken(com.zimbra.common.auth.ZAuthToken) ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken) URI(java.net.URI) ZAuthToken(com.zimbra.common.auth.ZAuthToken) Test(org.junit.Test)

Example 35 with ZAuthToken

use of com.zimbra.common.auth.ZAuthToken in project zm-mailbox by Zimbra.

the class TestCookieReuse method testReuseUserCookieWithoutCsrf.

/**
     * Verify that we CAN make a GET request by reusing a valid non-csrf-enabled cookie
     */
@Test
public void testReuseUserCookieWithoutCsrf() throws Exception {
    AuthToken at = AuthProvider.getAuthToken(TestUtil.getAccount(USER_NAME));
    ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
    URI uri = mbox.getRestURI("Inbox?fmt=rss&thief=false");
    at.setCsrfTokenEnabled(false);
    GetMethod get = new GetMethod(uri.toString());
    HttpClient eve = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
    HttpState state = HttpClientUtil.newHttpState(new ZAuthToken(at.getEncoded()), uri.getHost(), false);
    eve.setState(state);
    eve.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
    int statusCode = HttpClientUtil.executeMethod(eve, get);
    Assert.assertEquals("This request should succeed. Getting status code " + statusCode + " Response: " + get.getResponseBodyAsString(), HttpStatus.SC_OK, statusCode);
}
Also used : ZMailbox(com.zimbra.client.ZMailbox) HttpClient(org.apache.commons.httpclient.HttpClient) GetMethod(org.apache.commons.httpclient.methods.GetMethod) HttpState(org.apache.commons.httpclient.HttpState) AuthToken(com.zimbra.cs.account.AuthToken) ZAuthToken(com.zimbra.common.auth.ZAuthToken) ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken) URI(java.net.URI) ZAuthToken(com.zimbra.common.auth.ZAuthToken) Test(org.junit.Test)

Aggregations

ZAuthToken (com.zimbra.common.auth.ZAuthToken)36 ZMailbox (com.zimbra.client.ZMailbox)14 Element (com.zimbra.common.soap.Element)11 AuthToken (com.zimbra.cs.account.AuthToken)7 ZFolder (com.zimbra.client.ZFolder)6 ServiceException (com.zimbra.common.service.ServiceException)6 XMLElement (com.zimbra.common.soap.Element.XMLElement)6 Account (com.zimbra.cs.account.Account)6 IOException (java.io.IOException)6 HttpClient (org.apache.commons.httpclient.HttpClient)6 HttpState (org.apache.commons.httpclient.HttpState)6 Test (org.junit.Test)6 SoapHttpTransport (com.zimbra.common.soap.SoapHttpTransport)5 ItemId (com.zimbra.cs.service.util.ItemId)5 URI (java.net.URI)5 GetMethod (org.apache.commons.httpclient.methods.GetMethod)5 Folder (com.zimbra.cs.mailbox.Folder)3 Mailbox (com.zimbra.cs.mailbox.Mailbox)3 Options (com.zimbra.client.ZMailbox.Options)2 ZMountpoint (com.zimbra.client.ZMountpoint)2