Example 86 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class GalSearchControl method proxyGalAccountSearch.
private boolean proxyGalAccountSearch(Account galSyncAcct, boolean sync) throws IOException, ServiceException {
try {
Provisioning prov = Provisioning.getInstance();
String serverUrl = URLUtil.getAdminURL(prov.getServerByName(galSyncAcct.getMailHost()));
SoapHttpTransport transport = new SoapHttpTransport(serverUrl);
AuthToken auth = mParams.getAuthToken();
transport.setAuthToken((auth == null) ? AuthProvider.getAdminAuthToken().toZAuthToken() : auth.toZAuthToken());
ZimbraSoapContext zsc = mParams.getSoapContext();
if (zsc != null) {
transport.setResponseProtocol(zsc.getResponseProtocol());
String requestedAcctId = zsc.getRequestedAccountId();
String authTokenAcctId = zsc.getAuthtokenAccountId();
if (requestedAcctId != null && !requestedAcctId.equalsIgnoreCase(authTokenAcctId))
transport.setTargetAcctId(requestedAcctId);
}
Element req = mParams.getRequest();
if (req == null) {
req = Element.create(mParams.getProxyProtocol(), AccountConstants.SEARCH_GAL_REQUEST);
req.addAttribute(AccountConstants.A_TYPE, mParams.getType().toString());
req.addAttribute(AccountConstants.A_LIMIT, mParams.getLimit());
req.addAttribute(AccountConstants.A_NAME, mParams.getQuery());
req.addAttribute(AccountConstants.A_REF, mParams.getSearchEntryByDn());
}
req.addAttribute(AccountConstants.A_GAL_ACCOUNT_ID, galSyncAcct.getId());
req.addAttribute(AccountConstants.A_GAL_ACCOUNT_PROXIED, true);
if (sync && mParams.getGalSyncToken() != null) {
req.addAttribute(MailConstants.A_TOKEN, mParams.getGalSyncToken().toString());
ZimbraLog.gal.debug("setting token for proxied request %s", mParams.getGalSyncToken().toString());
}
Element resp = transport.invokeWithoutSession(req.detach());
GalSearchResultCallback callback = mParams.getResultCallback();
if (callback.passThruProxiedGalAcctResponse()) {
callback.handleProxiedResponse(resp);
return true;
}
Iterator<Element> iter = resp.elementIterator(MailConstants.E_CONTACT);
while (iter.hasNext()) callback.handleElement(iter.next());
iter = resp.elementIterator(MailConstants.E_DELETED);
while (iter.hasNext()) callback.handleElement(iter.next());
String newTokenStr = resp.getAttribute(MailConstants.A_TOKEN, null);
if (newTokenStr != null) {
GalSyncToken newToken = new GalSyncToken(newTokenStr);
ZimbraLog.gal.debug("computing new sync token for proxied account " + galSyncAcct.getId() + ": " + newToken);
callback.setNewToken(newToken);
}
boolean hasMore = resp.getAttributeBool(MailConstants.A_QUERY_MORE, false);
callback.setHasMoreResult(hasMore);
if (hasMore && !sync) {
callback.setSortBy(resp.getAttribute(MailConstants.A_SORTBY));
callback.setQueryOffset((int) resp.getAttributeLong(MailConstants.A_QUERY_OFFSET));
}
} catch (SoapFaultException e) {
GalSearchResultCallback callback = mParams.getResultCallback();
if (callback.passThruProxiedGalAcctResponse()) {
Element fault = e.getFault();
callback.handleProxiedResponse(fault);
// return true so we do *not* fallback to do the ldap search.
return true;
} else {
ZimbraLog.gal.warn("remote search on GalSync account failed for " + galSyncAcct.getName(), e);
return false;
}
}
return true;
}
Also used :
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
Element(com.zimbra.common.soap.Element)
AuthToken(com.zimbra.cs.account.AuthToken)
SoapHttpTransport(com.zimbra.common.soap.SoapHttpTransport)
Provisioning(com.zimbra.cs.account.Provisioning)
SoapFaultException(com.zimbra.common.soap.SoapFaultException)
Example 87 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class GalSearchControl method checkFeatureEnabled.
private void checkFeatureEnabled(String extraFeatAttr) throws ServiceException {
AuthToken authToken = mParams.getAuthToken();
boolean isAdmin = authToken == null ? false : AuthToken.isAnyAdmin(authToken);
// admin is always allowed.
if (isAdmin)
return;
// check feature enabling attrs
Account acct = mParams.getAccount();
if (acct == null) {
if (authToken != null)
acct = Provisioning.getInstance().get(AccountBy.id, authToken.getAccountId());
if (acct == null)
throw ServiceException.PERM_DENIED("unable to get account for GAL feature checking");
}
if (!acct.getBooleanAttr(Provisioning.A_zimbraFeatureGalEnabled, false))
throw ServiceException.PERM_DENIED("GAL feature (" + Provisioning.A_zimbraFeatureGalEnabled + ") is not enabled");
if (extraFeatAttr != null) {
if (!acct.getBooleanAttr(extraFeatAttr, false))
throw ServiceException.PERM_DENIED("GAL feature (" + extraFeatAttr + ") is not enabled");
}
}Example 88 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class GalGroupMembers method getGroupMembers.
/**
* return all members of a GAL group
*
* @param groupName
* @param account The requested account. It is needed for getting the GAL configuration.
* @return
* @throws ServiceException
*/
public static Set<String> getGroupMembers(String groupName, Account account) throws ServiceException {
// create a ZimbraSoapContext and request for GAL sync account proxy (in case it has to do so)
// use the global admin's credentials to bypass any permission check
//
AuthToken adminAuthToken = AuthProvider.getAdminAuthToken();
ZimbraSoapContext zsc = new ZimbraSoapContext(adminAuthToken, account.getId(), SoapProtocol.Soap12, SoapProtocol.Soap12);
Element request = Element.create(SoapProtocol.Soap12, AccountConstants.GET_DISTRIBUTION_LIST_MEMBERS_REQUEST);
Element eDL = request.addElement(AdminConstants.E_DL).setText(groupName);
DLMembersResult dlMembersResult = searchGal(zsc, account, groupName, request);
if (dlMembersResult == null) {
throw AccountServiceException.NO_SUCH_DISTRIBUTION_LIST(groupName);
}
return dlMembersResult.getAllMembers();
}
Also used :
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
Element(com.zimbra.common.soap.Element)
AuthToken(com.zimbra.cs.account.AuthToken)
Example 89 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class MailSender method getTargetMailbox.
private Object getTargetMailbox(OperationContext octxt, Account authuser, boolean isAdminRequest, Account targetUser) {
if (targetUser == null)
return null;
try {
if (Provisioning.onLocalServer(targetUser)) {
return MailboxManager.getInstance().getMailboxByAccount(targetUser);
} else {
String uri = AccountUtil.getSoapUri(targetUser);
if (uri == null)
return null;
AuthToken authToken = null;
if (octxt != null) {
authToken = AuthToken.getCsrfUnsecuredAuthToken(octxt.getAuthToken(false));
}
if (authToken == null) {
authToken = AuthProvider.getAuthToken(authuser, isAdminRequest);
}
ZMailbox.Options options = new ZMailbox.Options(authToken.toZAuthToken(), uri);
options.setNoSession(true);
if (!targetUser.getId().equalsIgnoreCase(authuser.getId())) {
options.setTargetAccount(targetUser.getId());
options.setTargetAccountBy(AccountBy.id);
}
return ZMailbox.getMailbox(options);
}
} catch (Exception e) {
ZimbraLog.smtp.info("could not fetch home mailbox for delegated send", e);
return null;
}
}
Also used :
ZMailbox(com.zimbra.client.ZMailbox)
AuthToken(com.zimbra.cs.account.AuthToken)
MessagingException(javax.mail.MessagingException)
NoSuchItemException(com.zimbra.cs.mailbox.MailServiceException.NoSuchItemException)
SendFailedException(javax.mail.SendFailedException)
ServiceException(com.zimbra.common.service.ServiceException)
SocketException(java.net.SocketException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
Example 90 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class ZimbraAuthenticator method authenticate.
@Override
public Account authenticate(String username, String authenticateId, String authtoken, AuthContext.Protocol protocol, String origRemoteIp, String remoteIp, String userAgent) throws ServiceException {
if (authenticateId == null || authenticateId.equals(""))
return null;
// validate the auth token
Provisioning prov = Provisioning.getInstance();
AuthToken at;
try {
at = ZimbraAuthToken.getAuthToken(authtoken);
} catch (AuthTokenException e) {
return null;
}
try {
AuthProvider.validateAuthToken(prov, at, false);
} catch (ServiceException e) {
return null;
}
// make sure that the authentication account is valid
Account authAccount = prov.get(Key.AccountBy.name, authenticateId, at);
if (authAccount == null)
return null;
// make sure the auth token belongs to authenticatedId
if (!at.getAccountId().equalsIgnoreCase(authAccount.getId()))
return null;
// make sure the protocol is enabled for the user
if (!isProtocolEnabled(authAccount, protocol)) {
ZimbraLog.account.info("Authentication failed - %s not enabled for %s", protocol, authAccount.getName());
return null;
}
// if necessary, check that the authenticated user can authorize as the target user
Account targetAcct = authorize(authAccount, username, AuthToken.isAnyAdmin(at));
if (targetAcct != null)
prov.accountAuthed(authAccount);
return targetAcct;
}
Also used :
Account(com.zimbra.cs.account.Account)
ServiceException(com.zimbra.common.service.ServiceException)
AuthTokenException(com.zimbra.cs.account.AuthTokenException)
ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken)
AuthToken(com.zimbra.cs.account.AuthToken)
Provisioning(com.zimbra.cs.account.Provisioning)
Aggregations
AuthToken (com.zimbra.cs.account.AuthToken)98
ServiceException (com.zimbra.common.service.ServiceException)46
Account (com.zimbra.cs.account.Account)44
ZimbraAuthToken (com.zimbra.cs.account.ZimbraAuthToken)27
AuthTokenException (com.zimbra.cs.account.AuthTokenException)26
Element (com.zimbra.common.soap.Element)24
Provisioning (com.zimbra.cs.account.Provisioning)23
ZMailbox (com.zimbra.client.ZMailbox)19
ZAuthToken (com.zimbra.common.auth.ZAuthToken)18
IOException (java.io.IOException)14
Server (com.zimbra.cs.account.Server)12
ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)12
HttpClient (org.apache.commons.httpclient.HttpClient)12
HashMap (java.util.HashMap)11
GetMethod (org.apache.commons.httpclient.methods.GetMethod)11
Test (org.junit.Test)11
SoapHttpTransport (com.zimbra.common.soap.SoapHttpTransport)10
ServletException (javax.servlet.ServletException)10
AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)8
MailServiceException (com.zimbra.cs.mailbox.MailServiceException)8
