Search in sources :

Example 6 with GuestAccount

use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.

the class TestACL method verify.

/*
     * verify expected result
     */
protected void verify(Account grantee, Entry target, Right right, AsAdmin asAdmin, AllowOrDeny expected, ViaGrant expectedVia) throws Exception {
    boolean result;
    // Account interface
    ViaGrant via = (expectedVia == null) ? null : new ViaGrant();
    result = mAM.canDo(grantee == null ? null : grantee, target, right, asAdmin.yes(), via);
    assertEquals(expected.allow(), result);
    assertEquals(expectedVia, via);
    // AuthToken interface
    via = (expectedVia == null) ? null : new ViaGrant();
    result = mAM.canDo(grantee == null ? null : AuthProvider.getAuthToken(grantee), target, right, asAdmin.yes(), via);
    assertEquals(expected.allow(), result);
    assertEquals(expectedVia, via);
    // String interface
    via = (expectedVia == null) ? null : new ViaGrant();
    result = mAM.canDo(grantee == null ? null : grantee.getName(), target, right, asAdmin.yes(), via);
    if (grantee instanceof GuestAccount && ((GuestAccount) grantee).getAccessKey() != null) {
        //      - if there is a pub grant: should expect the expected
        return;
    }
    assertEquals(expected.allow(), result);
    assertEquals(expectedVia, via);
}
Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) ViaGrant(com.zimbra.cs.account.AccessManager.ViaGrant)

Example 7 with GuestAccount

use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.

the class HtmlFormatter method dispatchJspRest.

static void dispatchJspRest(Servlet servlet, UserServletContext context) throws ServiceException, ServletException, IOException {
    AuthToken auth = null;
    long expiration = System.currentTimeMillis() + AUTH_EXPIRATION;
    if (context.basicAuthHappened) {
        Account acc = context.getAuthAccount();
        if (acc instanceof GuestAccount) {
            auth = AuthToken.getAuthToken(acc.getId(), acc.getName(), null, ((GuestAccount) acc).getDigest(), expiration);
        } else {
            auth = AuthProvider.getAuthToken(context.getAuthAccount(), expiration);
        }
    } else if (context.cookieAuthHappened) {
        auth = UserServlet.getAuthTokenFromCookie(context.req, context.resp, true);
    } else {
        auth = AuthToken.getAuthToken(GuestAccount.GUID_PUBLIC, null, null, null, expiration);
    }
    if (auth != null && context.targetAccount != null && context.targetAccount != context.getAuthAccount()) {
        auth.setProxyAuthToken(Provisioning.getInstance().getProxyAuthToken(context.targetAccount.getId(), null));
    }
    String authString = null;
    try {
        if (auth != null)
            authString = auth.getEncoded();
    } catch (AuthTokenException e) {
        throw new ServletException("error generating the authToken", e);
    }
    Account targetAccount = context.targetAccount;
    MailItem targetItem = context.target;
    String uri = (String) context.req.getAttribute("requestedPath");
    if (targetItem instanceof Mountpoint && ((Mountpoint) targetItem).getDefaultView() != MailItem.Type.APPOINTMENT) {
        Mountpoint mp = (Mountpoint) targetItem;
        Provisioning prov = Provisioning.getInstance();
        targetAccount = prov.getAccountById(mp.getOwnerId());
        Pair<Header[], HttpInputStream> remoteItem = UserServlet.getRemoteResourceAsStream((auth == null) ? null : auth.toZAuthToken(), mp.getTarget(), context.extraPath);
        remoteItem.getSecond().close();
        String remoteItemId = null;
        String remoteItemType = null;
        String remoteItemName = null;
        String remoteItemPath = null;
        for (Header h : remoteItem.getFirst()) if (h.getName().compareToIgnoreCase("X-Zimbra-ItemId") == 0)
            remoteItemId = h.getValue();
        else if (h.getName().compareToIgnoreCase("X-Zimbra-ItemType") == 0)
            remoteItemType = h.getValue();
        else if (h.getName().compareToIgnoreCase("X-Zimbra-ItemName") == 0)
            remoteItemName = h.getValue();
        else if (h.getName().compareToIgnoreCase("X-Zimbra-ItemPath") == 0)
            remoteItemPath = h.getValue();
        context.req.setAttribute(ATTR_TARGET_ITEM_ID, remoteItemId);
        context.req.setAttribute(ATTR_TARGET_ITEM_TYPE, remoteItemType);
        context.req.setAttribute(ATTR_TARGET_ITEM_NAME, remoteItemName);
        context.req.setAttribute(ATTR_TARGET_ITEM_PATH, remoteItemPath);
        context.req.setAttribute(ATTR_TARGET_ITEM_COLOR, mp.getColor());
        context.req.setAttribute(ATTR_TARGET_ITEM_VIEW, mp.getDefaultView().toByte());
        targetItem = null;
    }
    context.req.setAttribute(ATTR_INTERNAL_DISPATCH, "yes");
    context.req.setAttribute(ATTR_REQUEST_URI, uri != null ? uri : context.req.getRequestURI());
    context.req.setAttribute(ATTR_AUTH_TOKEN, authString);
    context.req.setAttribute(ATTR_CSRF_ENABLED, auth.isCsrfTokenEnabled());
    if (targetAccount != null) {
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_NAME, targetAccount.getName());
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_ID, targetAccount.getId());
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_TIME_ZONE, targetAccount.getAttr(Provisioning.A_zimbraPrefTimeZoneId));
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_SKIN, targetAccount.getAttr(Provisioning.A_zimbraPrefSkin));
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_LOCALE, targetAccount.getAttr(Provisioning.A_zimbraPrefLocale));
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_FIRST_DAY_OF_WEEK, targetAccount.getAttr(Provisioning.A_zimbraPrefCalendarFirstDayOfWeek));
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_DAY_HOUR_START, targetAccount.getAttr(Provisioning.A_zimbraPrefCalendarDayHourStart));
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_DAY_HOUR_END, targetAccount.getAttr(Provisioning.A_zimbraPrefCalendarDayHourEnd));
    } else {
        // Useful when faking results - e.g. FREEBUSY html view for non-existent account
        if (context.fakeTarget != null) {
            context.req.setAttribute(ATTR_TARGET_ACCOUNT_NAME, context.fakeTarget.getAccount());
        }
        com.zimbra.cs.account.Cos defaultCos = Provisioning.getInstance().get(com.zimbra.common.account.Key.CosBy.name, Provisioning.DEFAULT_COS_NAME);
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_TIME_ZONE, defaultCos.getAttr(Provisioning.A_zimbraPrefTimeZoneId));
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_SKIN, defaultCos.getAttr(Provisioning.A_zimbraPrefSkin));
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_LOCALE, defaultCos.getAttr(Provisioning.A_zimbraPrefLocale));
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_FIRST_DAY_OF_WEEK, defaultCos.getAttr(Provisioning.A_zimbraPrefCalendarFirstDayOfWeek));
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_DAY_HOUR_START, defaultCos.getAttr(Provisioning.A_zimbraPrefCalendarDayHourStart));
        context.req.setAttribute(ATTR_TARGET_ACCOUNT_PREF_CALENDAR_DAY_HOUR_END, defaultCos.getAttr(Provisioning.A_zimbraPrefCalendarDayHourEnd));
    }
    if (targetItem != null) {
        context.req.setAttribute(ATTR_TARGET_ITEM_ID, targetItem.getId());
        context.req.setAttribute(ATTR_TARGET_ITEM_PATH, targetItem.getPath());
        context.req.setAttribute(ATTR_TARGET_ITEM_NAME, targetItem.getName());
        context.req.setAttribute(ATTR_TARGET_ITEM_TYPE, targetItem.getType().toString());
        context.req.setAttribute(ATTR_TARGET_ITEM_COLOR, targetItem.getColor());
        if (targetItem instanceof Folder) {
            context.req.setAttribute(ATTR_TARGET_ITEM_VIEW, ((Folder) targetItem).getDefaultView().toString());
        }
    } else {
        context.req.setAttribute(ATTR_TARGET_ITEM_COLOR, Color.getMappedColor(null));
    }
    if (context.fakeTarget != null) {
        // Override to avoid address harvesting
        context.req.setAttribute(ATTR_TARGET_ITEM_PATH, context.fakeTarget.getPath());
        context.req.setAttribute(ATTR_TARGET_ITEM_NAME, context.fakeTarget.getName());
    }
    String mailUrl = PATH_MAIN_CONTEXT;
    if (WebSplitUtil.isZimbraServiceSplitEnabled()) {
        mailUrl = Provisioning.getInstance().getLocalServer().getWebClientURL() + PATH_JSP_REST_PAGE;
        HttpClient httpclient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().getDefaultHttpClient();
        /*
             * Retest the code with POST to check whether it works
            PostMethod postMethod = new PostMethod(mailUrl);
            Enumeration<String> attributeNames = context.req.getAttributeNames();
            List<Part> parts = new ArrayList<Part>();
            while(attributeNames.hasMoreElements())
            {
                String attrName = (String) attributeNames.nextElement();
                String attrValue = context.req.getAttribute(attrName).toString();
                Part part = new StringPart(attrName, attrValue);
                parts.add(part);
            }
            postMethod.setRequestEntity(new MultipartRequestEntity(parts.toArray(new Part[0]), new HttpMethodParams()));

            HttpClientUtil.executeMethod(httpclient, postMethod);
            ByteUtil.copy(postMethod.getResponseBodyAsStream(), true, context.resp.getOutputStream(), true);
            */
        Enumeration<String> attributeNames = context.req.getAttributeNames();
        StringBuilder sb = new StringBuilder(mailUrl);
        sb.append("?");
        while (attributeNames.hasMoreElements()) {
            String attrName = attributeNames.nextElement();
            String attrValue = context.req.getAttribute(attrName).toString();
            sb.append(attrName).append("=").append(HttpUtil.urlEscape(attrValue)).append("&");
        }
        GetMethod postMethod = new GetMethod(sb.toString());
        HttpClientUtil.executeMethod(httpclient, postMethod);
        ByteUtil.copy(postMethod.getResponseBodyAsStream(), true, context.resp.getOutputStream(), false);
    } else {
        try {
            mailUrl = Provisioning.getInstance().getLocalServer().getMailURL();
        } catch (Exception e) {
        }
        ServletContext targetContext = servlet.getServletConfig().getServletContext().getContext(mailUrl);
        RequestDispatcher dispatcher = targetContext.getRequestDispatcher(PATH_JSP_REST_PAGE);
        dispatcher.forward(context.req, context.resp);
    }
}
Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) GuestAccount(com.zimbra.cs.account.GuestAccount) Folder(com.zimbra.cs.mailbox.Folder) Provisioning(com.zimbra.cs.account.Provisioning) ServletException(javax.servlet.ServletException) ServiceException(com.zimbra.common.service.ServiceException) IOException(java.io.IOException) AuthTokenException(com.zimbra.cs.account.AuthTokenException) UserServletException(com.zimbra.cs.service.UserServletException) RequestDispatcher(javax.servlet.RequestDispatcher) ServletException(javax.servlet.ServletException) UserServletException(com.zimbra.cs.service.UserServletException) MailItem(com.zimbra.cs.mailbox.MailItem) Header(org.apache.commons.httpclient.Header) AuthTokenException(com.zimbra.cs.account.AuthTokenException) HttpClient(org.apache.commons.httpclient.HttpClient) GetMethod(org.apache.commons.httpclient.methods.GetMethod) AuthToken(com.zimbra.cs.account.AuthToken) UserServletContext(com.zimbra.cs.service.UserServletContext) ServletContext(javax.servlet.ServletContext) HttpInputStream(com.zimbra.cs.service.UserServlet.HttpInputStream) Mountpoint(com.zimbra.cs.mailbox.Mountpoint)

Example 8 with GuestAccount

use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.

the class TestLdapProvDynamicGroup method getGroupMembership.

/*
     * Test Provisioning.getGroupMembership
     */
@Test
public void getGroupMembership() throws Exception {
    Group group = createDynamicGroup(genGroupNameLocalPart());
    Group otherDynamicGroup = createDynamicGroup(genGroupNameLocalPart("other-dynamic"));
    Group otherStaticGroup = provUtil.createDistributionList(genGroupNameLocalPart("other-static"), domain);
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    String externalAddr = "user@external.com";
    GuestAccount guestAcct = new GuestAccount(externalAddr, null);
    prov.addGroupMembers(group, new String[] { acct.getName(), externalAddr });
    prov.addGroupMembers(otherDynamicGroup, new String[] { acct.getName(), externalAddr });
    prov.addGroupMembers(otherStaticGroup, new String[] { acct.getName(), externalAddr });
    Set<String> expectedMemberOf = Sets.newHashSet(Verify.makeResultStr(group.getId(), Boolean.FALSE), Verify.makeResultStr(otherDynamicGroup.getId(), Boolean.FALSE), Verify.makeResultStr(otherStaticGroup.getId(), Boolean.FALSE));
    Set<String> expectedIds = Sets.newHashSet(Verify.makeResultStr(group.getId()), Verify.makeResultStr(otherDynamicGroup.getId()), Verify.makeResultStr(otherStaticGroup.getId()));
    /*
         * verify membership for acct
         */
    GroupMembership membership = prov.getGroupMembership(acct, false);
    List<MemberOf> memberOfList = membership.memberOf();
    List<String> groupIdList = membership.groupIds();
    Set<String> actualMemberOf = Sets.newHashSet();
    for (MemberOf memberOf : memberOfList) {
        actualMemberOf.add(Verify.makeResultStr(memberOf.getId(), memberOf.isAdminGroup()));
    }
    Set<String> actualIds = Sets.newHashSet();
    for (String id : groupIdList) {
        actualIds.add(Verify.makeResultStr(id));
    }
    Verify.verifyEquals(expectedMemberOf, actualMemberOf);
    Verify.verifyEquals(expectedIds, actualIds);
    /*
         * verify membership for guest acct
         */
    membership = prov.getGroupMembership(guestAcct, false);
    memberOfList = membership.memberOf();
    groupIdList = membership.groupIds();
    actualMemberOf = Sets.newHashSet();
    for (MemberOf memberOf : memberOfList) {
        actualMemberOf.add(Verify.makeResultStr(memberOf.getId(), memberOf.isAdminGroup()));
    }
    actualIds = Sets.newHashSet();
    for (String id : groupIdList) {
        actualIds.add(Verify.makeResultStr(id));
    }
    Verify.verifyEquals(expectedMemberOf, actualMemberOf);
    Verify.verifyEquals(expectedIds, actualIds);
}
Also used : DynamicGroup(com.zimbra.cs.account.DynamicGroup) Group(com.zimbra.cs.account.Group) LdapDynamicGroup(com.zimbra.cs.account.ldap.entry.LdapDynamicGroup) LdapAccount(com.zimbra.cs.account.ldap.entry.LdapAccount) GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) GuestAccount(com.zimbra.cs.account.GuestAccount) MemberOf(com.zimbra.cs.account.Provisioning.MemberOf) GroupMembership(com.zimbra.cs.account.Provisioning.GroupMembership) Test(org.junit.Test)

Example 9 with GuestAccount

use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.

the class CheckRight method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Element eTarget = request.getElement(AdminConstants.E_TARGET);
    String targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
    TargetBy targetBy = null;
    String target = null;
    if (TargetType.fromCode(targetType).needsTargetIdentity()) {
        targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
        target = eTarget.getText();
    }
    Element eGrantee = request.getElement(AdminConstants.E_GRANTEE);
    GranteeType granteeType = GranteeType.fromCode(eGrantee.getAttribute(AdminConstants.A_TYPE, GranteeType.GT_EMAIL.getCode()));
    if ((granteeType != GranteeType.GT_USER) && (granteeType != GranteeType.GT_EMAIL)) {
        throw ServiceException.INVALID_REQUEST("invalid grantee type " + granteeType, null);
    }
    GranteeBy granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
    String granteeVal = eGrantee.getText();
    Element eRight = request.getElement(AdminConstants.E_RIGHT);
    String right = eRight.getText();
    Element eAttrs = request.getOptionalElement(AdminConstants.E_ATTRS);
    Map<String, Object> attrs = (eAttrs == null) ? null : AdminService.getAttrs(request);
    MailTarget grantee = null;
    NamedEntry ne = GranteeType.lookupGrantee(Provisioning.getInstance(), granteeType, granteeBy, granteeVal);
    if (ne instanceof MailTarget) {
        grantee = (MailTarget) ne;
    } else {
        grantee = new GuestAccount(granteeVal, null);
    }
    if (!granteeVal.equals(zsc.getAuthtokenAccountId())) {
        /* Make sure authenticated account has the right to check rights for this grantee.
             */
        checkCheckRightRight(zsc, (grantee instanceof Account) ? GranteeType.GT_USER : GranteeType.GT_GROUP, granteeBy, granteeVal, true);
    }
    ViaGrant via = new ViaGrant();
    boolean result = RightCommand.checkRight(Provisioning.getInstance(), targetType, targetBy, target, grantee, right, attrs, via);
    Element resp = zsc.createElement(AdminConstants.CHECK_RIGHT_RESPONSE);
    resp.addAttribute(AdminConstants.A_ALLOW, result);
    if (via.available()) {
        Element eVia = resp.addElement(AdminConstants.E_VIA);
        Element eViaTarget = eVia.addElement(AdminConstants.E_TARGET);
        eViaTarget.addAttribute(AdminConstants.A_TYPE, via.getTargetType());
        eViaTarget.setText(via.getTargetName());
        Element eViaGrantee = eVia.addElement(AdminConstants.E_GRANTEE);
        eViaGrantee.addAttribute(AdminConstants.A_TYPE, via.getGranteeType());
        eViaGrantee.setText(via.getGranteeName());
        Element eViaRight = eVia.addElement(AdminConstants.E_RIGHT);
        eViaRight.addAttribute(AdminConstants.A_DENY, via.isNegativeGrant());
        eViaRight.setText(via.getRight());
    }
    return resp;
}
Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) GranteeType(com.zimbra.cs.account.accesscontrol.GranteeType) GuestAccount(com.zimbra.cs.account.GuestAccount) Element(com.zimbra.common.soap.Element) TargetBy(com.zimbra.soap.type.TargetBy) MailTarget(com.zimbra.cs.account.MailTarget) NamedEntry(com.zimbra.cs.account.NamedEntry) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) ViaGrant(com.zimbra.cs.account.AccessManager.ViaGrant)

Example 10 with GuestAccount

use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.

the class TestACLNegativeGrant method verify.

protected void verify(Account grantee, Entry target, Right right, AsAdmin asAdmin, AllowOrDeny expected, TestViaGrant expectedVia) throws Exception {
    AccessManager accessMgr = AccessManager.getInstance();
    boolean result;
    // Account interface
    ViaGrant via = (expectedVia == null) ? null : new ViaGrant();
    result = accessMgr.canDo(grantee == null ? null : grantee, target, right, asAdmin.yes(), via);
    assertEquals(expected.allow(), result);
    TestViaGrant.verifyEquals(expectedVia, via);
    // AuthToken interface
    via = (expectedVia == null) ? null : new ViaGrant();
    result = accessMgr.canDo(grantee == null ? null : AuthProvider.getAuthToken(grantee), target, right, asAdmin.yes(), via);
    assertEquals(expected.allow(), result);
    TestViaGrant.verifyEquals(expectedVia, via);
    // String interface
    via = (expectedVia == null) ? null : new ViaGrant();
    result = accessMgr.canDo(grantee == null ? null : grantee.getName(), target, right, asAdmin.yes(), via);
    if (grantee instanceof GuestAccount && ((GuestAccount) grantee).getAccessKey() != null) {
        //      - if there is a pub grant: should expect the expected
        return;
    }
    assertEquals(expected.allow(), result);
    TestViaGrant.verifyEquals(expectedVia, via);
}
Also used : AccessManager(com.zimbra.cs.account.AccessManager) GuestAccount(com.zimbra.cs.account.GuestAccount) ViaGrant(com.zimbra.cs.account.AccessManager.ViaGrant) TestViaGrant(com.zimbra.qa.unittest.prov.ldap.ACLTestUtil.TestViaGrant)

Aggregations

GuestAccount (com.zimbra.cs.account.GuestAccount)12 Account (com.zimbra.cs.account.Account)9 ServiceException (com.zimbra.common.service.ServiceException)5 Provisioning (com.zimbra.cs.account.Provisioning)4 ViaGrant (com.zimbra.cs.account.AccessManager.ViaGrant)3 AuthToken (com.zimbra.cs.account.AuthToken)3 AuthTokenException (com.zimbra.cs.account.AuthTokenException)3 UserServletException (com.zimbra.cs.service.UserServletException)3 ServletException (javax.servlet.ServletException)3 AccessManager (com.zimbra.cs.account.AccessManager)2 Domain (com.zimbra.cs.account.Domain)2 NamedEntry (com.zimbra.cs.account.NamedEntry)2 ShareInfoData (com.zimbra.cs.account.ShareInfoData)2 MailItem (com.zimbra.cs.mailbox.MailItem)2 Mountpoint (com.zimbra.cs.mailbox.Mountpoint)2 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 ZMailbox (com.zimbra.client.ZMailbox)1 ZMountpoint (com.zimbra.client.ZMountpoint)1 Element (com.zimbra.common.soap.Element)1