use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.
the class TestACL method verify.
/*
* verify expected result
*/
protected void verify(Account grantee, Entry target, Right right, AsAdmin asAdmin, AllowOrDeny expected, ViaGrant expectedVia) throws Exception {
boolean result;
// Account interface
ViaGrant via = (expectedVia == null) ? null : new ViaGrant();
result = mAM.canDo(grantee == null ? null : grantee, target, right, asAdmin.yes(), via);
assertEquals(expected.allow(), result);
assertEquals(expectedVia, via);
// AuthToken interface
via = (expectedVia == null) ? null : new ViaGrant();
result = mAM.canDo(grantee == null ? null : AuthProvider.getAuthToken(grantee), target, right, asAdmin.yes(), via);
assertEquals(expected.allow(), result);
assertEquals(expectedVia, via);
// String interface
via = (expectedVia == null) ? null : new ViaGrant();
result = mAM.canDo(grantee == null ? null : grantee.getName(), target, right, asAdmin.yes(), via);
if (grantee instanceof GuestAccount && ((GuestAccount) grantee).getAccessKey() != null) {
// - if there is a pub grant: should expect the expected
return;
}
assertEquals(expected.allow(), result);
assertEquals(expectedVia, via);
}
use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.
the class HtmlFormatter method dispatchJspRest.
static void dispatchJspRest(Servlet servlet, UserServletContext context) throws ServiceException, ServletException, IOException {
AuthToken auth = null;
long expiration = System.currentTimeMillis() + AUTH_EXPIRATION;
if (context.basicAuthHappened) {
Account acc = context.getAuthAccount();
if (acc instanceof GuestAccount) {
auth = AuthToken.getAuthToken(acc.getId(), acc.getName(), null, ((GuestAccount) acc).getDigest(), expiration);
} else {
auth = AuthProvider.getAuthToken(context.getAuthAccount(), expiration);
}
} else if (context.cookieAuthHappened) {
auth = UserServlet.getAuthTokenFromCookie(context.req, context.resp, true);
} else {
auth = AuthToken.getAuthToken(GuestAccount.GUID_PUBLIC, null, null, null, expiration);
}
if (auth != null && context.targetAccount != null && context.targetAccount != context.getAuthAccount()) {
auth.setProxyAuthToken(Provisioning.getInstance().getProxyAuthToken(context.targetAccount.getId(), null));
}
String authString = null;
try {
if (auth != null)
authString = auth.getEncoded();
} catch (AuthTokenException e) {
throw new ServletException("error generating the authToken", e);
}
Account targetAccount = context.targetAccount;
MailItem targetItem = context.target;
String uri = (String) context.req.getAttribute("requestedPath");
if (targetItem instanceof Mountpoint && ((Mountpoint) targetItem).getDefaultView() != MailItem.Type.APPOINTMENT) {
Mountpoint mp = (Mountpoint) targetItem;
Provisioning prov = Provisioning.getInstance();
targetAccount = prov.getAccountById(mp.getOwnerId());
Pair<Header[], HttpInputStream> remoteItem = UserServlet.getRemoteResourceAsStream((auth == null) ? null : auth.toZAuthToken(), mp.getTarget(), context.extraPath);
remoteItem.getSecond().close();
String remoteItemId = null;
String remoteItemType = null;
String remoteItemName = null;
String remoteItemPath = null;
for (Header h : remoteItem.getFirst()) if (h.getName().compareToIgnoreCase("X-Zimbra-ItemId") == 0)
remoteItemId = h.getValue();
else if (h.getName().compareToIgnoreCase("X-Zimbra-ItemType") == 0)
remoteItemType = h.getValue();
else if (h.getName().compareToIgnoreCase("X-Zimbra-ItemName") == 0)
remoteItemName = h.getValue();
else if (h.getName().compareToIgnoreCase("X-Zimbra-ItemPath") == 0)
remoteItemPath = h.getValue();
context.req.setAttribute(ATTR_TARGET_ITEM_ID, remoteItemId);
context.req.setAttribute(ATTR_TARGET_ITEM_TYPE, remoteItemType);
context.req.setAttribute(ATTR_TARGET_ITEM_NAME, remoteItemName);
context.req.setAttribute(ATTR_TARGET_ITEM_PATH, remoteItemPath);
context.req.setAttribute(ATTR_TARGET_ITEM_COLOR, mp.getColor());
context.req.setAttribute(ATTR_TARGET_ITEM_VIEW, mp.getDefaultView().toByte());
targetItem = null;
}
context.req.setAttribute(ATTR_INTERNAL_DISPATCH, "yes");
context.req.setAttribute(ATTR_REQUEST_URI, uri != null ? uri : context.req.getRequestURI());
context.req.setAttribute(ATTR_AUTH_TOKEN, authString);
context.req.setAttribute(ATTR_CSRF_ENABLED, auth.isCsrfTokenEnabled());
if (targetAccount != null) {
context.req.setAttribute(ATTR_TARGET_ACCOUNT_NAME, targetAccount.getName());
context.req.setAttribute(ATTR_TARGET_ACCOUNT_ID, targetAccount.getId());
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_TIME_ZONE, targetAccount.getAttr(Provisioning.A_zimbraPrefTimeZoneId));
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_SKIN, targetAccount.getAttr(Provisioning.A_zimbraPrefSkin));
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_LOCALE, targetAccount.getAttr(Provisioning.A_zimbraPrefLocale));
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_FIRST_DAY_OF_WEEK, targetAccount.getAttr(Provisioning.A_zimbraPrefCalendarFirstDayOfWeek));
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_DAY_HOUR_START, targetAccount.getAttr(Provisioning.A_zimbraPrefCalendarDayHourStart));
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_DAY_HOUR_END, targetAccount.getAttr(Provisioning.A_zimbraPrefCalendarDayHourEnd));
} else {
// Useful when faking results - e.g. FREEBUSY html view for non-existent account
if (context.fakeTarget != null) {
context.req.setAttribute(ATTR_TARGET_ACCOUNT_NAME, context.fakeTarget.getAccount());
}
com.zimbra.cs.account.Cos defaultCos = Provisioning.getInstance().get(com.zimbra.common.account.Key.CosBy.name, Provisioning.DEFAULT_COS_NAME);
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_TIME_ZONE, defaultCos.getAttr(Provisioning.A_zimbraPrefTimeZoneId));
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_SKIN, defaultCos.getAttr(Provisioning.A_zimbraPrefSkin));
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_LOCALE, defaultCos.getAttr(Provisioning.A_zimbraPrefLocale));
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_FIRST_DAY_OF_WEEK, defaultCos.getAttr(Provisioning.A_zimbraPrefCalendarFirstDayOfWeek));
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_DAY_HOUR_START, defaultCos.getAttr(Provisioning.A_zimbraPrefCalendarDayHourStart));
context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_DAY_HOUR_END, defaultCos.getAttr(Provisioning.A_zimbraPrefCalendarDayHourEnd));
}
if (targetItem != null) {
context.req.setAttribute(ATTR_TARGET_ITEM_ID, targetItem.getId());
context.req.setAttribute(ATTR_TARGET_ITEM_PATH, targetItem.getPath());
context.req.setAttribute(ATTR_TARGET_ITEM_NAME, targetItem.getName());
context.req.setAttribute(ATTR_TARGET_ITEM_TYPE, targetItem.getType().toString());
context.req.setAttribute(ATTR_TARGET_ITEM_COLOR, targetItem.getColor());
if (targetItem instanceof Folder) {
context.req.setAttribute(ATTR_TARGET_ITEM_VIEW, ((Folder) targetItem).getDefaultView().toString());
}
} else {
context.req.setAttribute(ATTR_TARGET_ITEM_COLOR, Color.getMappedColor(null));
}
if (context.fakeTarget != null) {
// Override to avoid address harvesting
context.req.setAttribute(ATTR_TARGET_ITEM_PATH, context.fakeTarget.getPath());
context.req.setAttribute(ATTR_TARGET_ITEM_NAME, context.fakeTarget.getName());
}
String mailUrl = PATH_MAIN_CONTEXT;
if (WebSplitUtil.isZimbraServiceSplitEnabled()) {
mailUrl = Provisioning.getInstance().getLocalServer().getWebClientURL() + PATH_JSP_REST_PAGE;
HttpClient httpclient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().getDefaultHttpClient();
/*
* Retest the code with POST to check whether it works
PostMethod postMethod = new PostMethod(mailUrl);
Enumeration<String> attributeNames = context.req.getAttributeNames();
List<Part> parts = new ArrayList<Part>();
while(attributeNames.hasMoreElements())
{
String attrName = (String) attributeNames.nextElement();
String attrValue = context.req.getAttribute(attrName).toString();
Part part = new StringPart(attrName, attrValue);
parts.add(part);
}
postMethod.setRequestEntity(new MultipartRequestEntity(parts.toArray(new Part[0]), new HttpMethodParams()));
HttpClientUtil.executeMethod(httpclient, postMethod);
ByteUtil.copy(postMethod.getResponseBodyAsStream(), true, context.resp.getOutputStream(), true);
*/
Enumeration<String> attributeNames = context.req.getAttributeNames();
StringBuilder sb = new StringBuilder(mailUrl);
sb.append("?");
while (attributeNames.hasMoreElements()) {
String attrName = attributeNames.nextElement();
String attrValue = context.req.getAttribute(attrName).toString();
sb.append(attrName).append("=").append(HttpUtil.urlEscape(attrValue)).append("&");
}
GetMethod postMethod = new GetMethod(sb.toString());
HttpClientUtil.executeMethod(httpclient, postMethod);
ByteUtil.copy(postMethod.getResponseBodyAsStream(), true, context.resp.getOutputStream(), false);
} else {
try {
mailUrl = Provisioning.getInstance().getLocalServer().getMailURL();
} catch (Exception e) {
}
ServletContext targetContext = servlet.getServletConfig().getServletContext().getContext(mailUrl);
RequestDispatcher dispatcher = targetContext.getRequestDispatcher(PATH_JSP_REST_PAGE);
dispatcher.forward(context.req, context.resp);
}
}
use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.
the class TestLdapProvDynamicGroup method getGroupMembership.
/*
* Test Provisioning.getGroupMembership
*/
@Test
public void getGroupMembership() throws Exception {
Group group = createDynamicGroup(genGroupNameLocalPart());
Group otherDynamicGroup = createDynamicGroup(genGroupNameLocalPart("other-dynamic"));
Group otherStaticGroup = provUtil.createDistributionList(genGroupNameLocalPart("other-static"), domain);
Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
String externalAddr = "user@external.com";
GuestAccount guestAcct = new GuestAccount(externalAddr, null);
prov.addGroupMembers(group, new String[] { acct.getName(), externalAddr });
prov.addGroupMembers(otherDynamicGroup, new String[] { acct.getName(), externalAddr });
prov.addGroupMembers(otherStaticGroup, new String[] { acct.getName(), externalAddr });
Set<String> expectedMemberOf = Sets.newHashSet(Verify.makeResultStr(group.getId(), Boolean.FALSE), Verify.makeResultStr(otherDynamicGroup.getId(), Boolean.FALSE), Verify.makeResultStr(otherStaticGroup.getId(), Boolean.FALSE));
Set<String> expectedIds = Sets.newHashSet(Verify.makeResultStr(group.getId()), Verify.makeResultStr(otherDynamicGroup.getId()), Verify.makeResultStr(otherStaticGroup.getId()));
/*
* verify membership for acct
*/
GroupMembership membership = prov.getGroupMembership(acct, false);
List<MemberOf> memberOfList = membership.memberOf();
List<String> groupIdList = membership.groupIds();
Set<String> actualMemberOf = Sets.newHashSet();
for (MemberOf memberOf : memberOfList) {
actualMemberOf.add(Verify.makeResultStr(memberOf.getId(), memberOf.isAdminGroup()));
}
Set<String> actualIds = Sets.newHashSet();
for (String id : groupIdList) {
actualIds.add(Verify.makeResultStr(id));
}
Verify.verifyEquals(expectedMemberOf, actualMemberOf);
Verify.verifyEquals(expectedIds, actualIds);
/*
* verify membership for guest acct
*/
membership = prov.getGroupMembership(guestAcct, false);
memberOfList = membership.memberOf();
groupIdList = membership.groupIds();
actualMemberOf = Sets.newHashSet();
for (MemberOf memberOf : memberOfList) {
actualMemberOf.add(Verify.makeResultStr(memberOf.getId(), memberOf.isAdminGroup()));
}
actualIds = Sets.newHashSet();
for (String id : groupIdList) {
actualIds.add(Verify.makeResultStr(id));
}
Verify.verifyEquals(expectedMemberOf, actualMemberOf);
Verify.verifyEquals(expectedIds, actualIds);
}
use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.
the class CheckRight method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Element eTarget = request.getElement(AdminConstants.E_TARGET);
String targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
TargetBy targetBy = null;
String target = null;
if (TargetType.fromCode(targetType).needsTargetIdentity()) {
targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
target = eTarget.getText();
}
Element eGrantee = request.getElement(AdminConstants.E_GRANTEE);
GranteeType granteeType = GranteeType.fromCode(eGrantee.getAttribute(AdminConstants.A_TYPE, GranteeType.GT_EMAIL.getCode()));
if ((granteeType != GranteeType.GT_USER) && (granteeType != GranteeType.GT_EMAIL)) {
throw ServiceException.INVALID_REQUEST("invalid grantee type " + granteeType, null);
}
GranteeBy granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
String granteeVal = eGrantee.getText();
Element eRight = request.getElement(AdminConstants.E_RIGHT);
String right = eRight.getText();
Element eAttrs = request.getOptionalElement(AdminConstants.E_ATTRS);
Map<String, Object> attrs = (eAttrs == null) ? null : AdminService.getAttrs(request);
MailTarget grantee = null;
NamedEntry ne = GranteeType.lookupGrantee(Provisioning.getInstance(), granteeType, granteeBy, granteeVal);
if (ne instanceof MailTarget) {
grantee = (MailTarget) ne;
} else {
grantee = new GuestAccount(granteeVal, null);
}
if (!granteeVal.equals(zsc.getAuthtokenAccountId())) {
/* Make sure authenticated account has the right to check rights for this grantee.
*/
checkCheckRightRight(zsc, (grantee instanceof Account) ? GranteeType.GT_USER : GranteeType.GT_GROUP, granteeBy, granteeVal, true);
}
ViaGrant via = new ViaGrant();
boolean result = RightCommand.checkRight(Provisioning.getInstance(), targetType, targetBy, target, grantee, right, attrs, via);
Element resp = zsc.createElement(AdminConstants.CHECK_RIGHT_RESPONSE);
resp.addAttribute(AdminConstants.A_ALLOW, result);
if (via.available()) {
Element eVia = resp.addElement(AdminConstants.E_VIA);
Element eViaTarget = eVia.addElement(AdminConstants.E_TARGET);
eViaTarget.addAttribute(AdminConstants.A_TYPE, via.getTargetType());
eViaTarget.setText(via.getTargetName());
Element eViaGrantee = eVia.addElement(AdminConstants.E_GRANTEE);
eViaGrantee.addAttribute(AdminConstants.A_TYPE, via.getGranteeType());
eViaGrantee.setText(via.getGranteeName());
Element eViaRight = eVia.addElement(AdminConstants.E_RIGHT);
eViaRight.addAttribute(AdminConstants.A_DENY, via.isNegativeGrant());
eViaRight.setText(via.getRight());
}
return resp;
}
use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.
the class TestACLNegativeGrant method verify.
protected void verify(Account grantee, Entry target, Right right, AsAdmin asAdmin, AllowOrDeny expected, TestViaGrant expectedVia) throws Exception {
AccessManager accessMgr = AccessManager.getInstance();
boolean result;
// Account interface
ViaGrant via = (expectedVia == null) ? null : new ViaGrant();
result = accessMgr.canDo(grantee == null ? null : grantee, target, right, asAdmin.yes(), via);
assertEquals(expected.allow(), result);
TestViaGrant.verifyEquals(expectedVia, via);
// AuthToken interface
via = (expectedVia == null) ? null : new ViaGrant();
result = accessMgr.canDo(grantee == null ? null : AuthProvider.getAuthToken(grantee), target, right, asAdmin.yes(), via);
assertEquals(expected.allow(), result);
TestViaGrant.verifyEquals(expectedVia, via);
// String interface
via = (expectedVia == null) ? null : new ViaGrant();
result = accessMgr.canDo(grantee == null ? null : grantee.getName(), target, right, asAdmin.yes(), via);
if (grantee instanceof GuestAccount && ((GuestAccount) grantee).getAccessKey() != null) {
// - if there is a pub grant: should expect the expected
return;
}
assertEquals(expected.allow(), result);
TestViaGrant.verifyEquals(expectedVia, via);
}
Aggregations