Examples with NamedEntry com.zimbra.cs.account.NamedEntry used on opensource projects

Example 51 with NamedEntry

use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.

the class GrantPermission method lookupEmailAddress.

/*
     * lookupEmailAddress, lookupGranteeByName, lookupGranteeByZimbraId are borrowed from FolderAction
     * and transplanted to work with ACL in accesscontrol package for usr space account level rights.
     * 
     * The purpose is to match the existing folder grant SOAP interface, which is more flexible/liberal 
     * on identifying grantee and target.
     *   
     * These methods are *not* used for admin space ACL SOAPs. 
     */
// orig: FolderAction.lookupEmailAddress
private static NamedEntry lookupEmailAddress(String name) throws ServiceException {
    NamedEntry nentry = null;
    Provisioning prov = Provisioning.getInstance();
    nentry = prov.get(AccountBy.name, name);
    if (nentry == null)
        nentry = prov.get(Key.DistributionListBy.name, name);
    return nentry;
}

Example 52 with NamedEntry

use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.

the class TestProv method deleteAllEntries.

// delete all non-domained entries
// for domained entries, it is faster to go in LDAP and just delete the domain root
protected void deleteAllEntries() throws Exception {
    for (NamedEntry entry : mCreatedEntries) deleteEntry(entry);
    mCreatedEntries.clear();
    for (NamedEntry entry : mCreatedDomains) deleteEntry(entry);
    mCreatedDomains.clear();
}

Example 53 with NamedEntry

use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.

the class TestProvisioningUtil method verifyEntriesById.

// verify list of NamedEntry contains all the ids
// if checkCount == true, verify the count matches too
public static void verifyEntriesById(List<NamedEntry> list, String[] names, boolean checkCount) throws Exception {
    Set<String> idsInList = new HashSet<String>();
    for (NamedEntry entry : list) idsInList.add(entry.getId());
    verifyEntries(idsInList, names, checkCount);
}

Example 54 with NamedEntry

use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.

the class TestProvisioningUtil method verifyEntries.

// verify list contains all the entries
// if checkCount == true, verify the count matches too
public static void verifyEntries(List<NamedEntry> list, NamedEntry[] entries, boolean checkCount) throws Exception {
    try {
        if (checkCount)
            assertEquals(list.size(), entries.length);
        Set<String> ids = new HashSet<String>();
        for (NamedEntry entry : list) ids.add(entry.getId());
        for (NamedEntry entry : entries) {
            assertTrue(ids.contains(entry.getId()));
            ids.remove(entry.getId());
        }
        // make sure all ids in list is present is entries
        if (checkCount)
            assertEquals(ids.size(), 0);
    } catch (AssertionFailedError e) {
        System.out.println("\n===== verifyEntries failed =====");
        System.out.println("Message:" + e.getMessage());
        System.out.println("\nlist contains " + list.size() + " entries:");
        for (NamedEntry entry : list) System.out.println("    " + entry.getName());
        System.out.println("entries contains " + entries.length + " entries:");
        for (NamedEntry entry : entries) System.out.println("    " + entry.getName());
        System.out.println();
        throw e;
    }
}

Example 55 with NamedEntry

use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.

the class TestACLAll method execTest.

private void execTest(String note, TargetType grantedOnTargetType, TestGranteeType testGranteeType, Right right) throws Exception {
    System.out.println("testing (" + note + "): " + "grant target=" + grantedOnTargetType.getCode() + ", grantee type=" + testGranteeType.getCode() + ", right=" + right.getName());
    //
    // 1. some basic preparation
    //    create a domain
    //
    Domain domain = createDomain();
    boolean isUserRight = right.isUserRight();
    //
    // 2. setup grantee
    //
    List<Account> allowedAccts = new ArrayList<Account>();
    List<Account> deniedAccts = new ArrayList<Account>();
    NamedEntry grantee = null;
    String granteeName = null;
    String secret = null;
    Object gt = testGranteeType.getGranteeType();
    GranteeType granteeType = null;
    if (gt instanceof GranteeType) {
        granteeType = (GranteeType) gt;
        switch(granteeType) {
            case GT_USER:
                if (isUserRight) {
                    grantee = createUserAccount(domain);
                    allowedAccts.add((Account) grantee);
                    deniedAccts.add(createUserAccount(domain));
                } else {
                    grantee = createDelegatedAdminAccount(domain);
                    allowedAccts.add((Account) grantee);
                    deniedAccts.add(createDelegatedAdminAccount(domain));
                }
                granteeName = grantee.getName();
                break;
            case GT_GROUP:
                if (isUserRight) {
                    grantee = createUserDistributionList(domain);
                    Account allowedAcct = createUserAccount(domain);
                    allowedAccts.add(allowedAcct);
                    prov.addMembers((DistributionList) grantee, new String[] { allowedAcct.getName() });
                    // external members are also honored if the right is a user right
                    Account guestAcct = createGuestAccount("guest@guest.com", "test123");
                    allowedAccts.add(guestAcct);
                    prov.addMembers((DistributionList) grantee, new String[] { guestAcct.getName() });
                    deniedAccts.add(createUserAccount(domain));
                } else {
                    grantee = createAdminDistributionList(domain);
                    Account allowedAcct = createDelegatedAdminAccount(domain);
                    allowedAccts.add(allowedAcct);
                    prov.addMembers((DistributionList) grantee, new String[] { allowedAcct.getName() });
                    deniedAccts.add(createDelegatedAdminAccount(domain));
                }
                granteeName = grantee.getName();
                break;
            case GT_EXT_GROUP:
                // create a domain and use it for the external group
                Domain extDomain = createDomain();
                String extDomainDN = ((LdapDomain) extDomain).getDN();
                String acctLocalpart = "acct-ext";
                //
                // Configure the domain for external AD auth
                //
                Map<String, Object> domainAttrs = Maps.newHashMap();
                if (isUserRight) {
                    domain.setAuthMech(AuthMech.ad.name(), domainAttrs);
                } else {
                    domain.setAuthMechAdmin(AuthMech.ad.name(), domainAttrs);
                }
                /*  ==== mock test ====
                    // setup auth
                    domain.addAuthLdapURL("ldap://localhost:389", domainAttrs);
                    domain.setAuthLdapBindDn("uid=%u,ou=people," + extDomainDN, domainAttrs);
                    // setup external group search parameters
                    domain.setAuthLdapSearchBindDn(LC.zimbra_ldap_userdn.value(), domainAttrs);
                    domain.setAuthLdapSearchBindPassword(LC.zimbra_ldap_password.value(), domainAttrs);
                    domain.setExternalGroupLdapSearchBase(extDomainDN, domainAttrs);
                    domain.setExternalGroupLdapSearchFilter("(&(objectClass=zimbraGroup)(cn=%u))", domainAttrs);
                    domain.setExternalGroupHandlerClass("com.zimbra.qa.unittest.UnittestGroupHandler", domainAttrs);
                    mProv.modifyAttrs(domain, domainAttrs);

                    // create a group in the external directory and add a member
                    Group extGroup = createUserDynamicGroup(extDomain);  // doesn't matter if the group is user or admin
                    String extGroupName = extGroup.getName();
                    Account extAcct = createUserAccount(acctLocalpart, extDomain);
                    mProv.addGroupMembers(extGroup, new String[]{extAcct.getName()});

                    // create the admin account in Zimbra directory and map it to the external account
                    Account zimbraAcct = createDelegatedAdminAccount(acctLocalpart, domain);
                    allowedAccts.add(zimbraAcct);
                    */
                domain.addAuthLdapURL("***", domainAttrs);
                domain.setAuthLdapSearchBindDn("***", domainAttrs);
                domain.setAuthLdapSearchBindPassword("***", domainAttrs);
                domain.setExternalGroupLdapSearchBase("OU=Engineering,DC=vmware,DC=com", domainAttrs);
                domain.setExternalGroupLdapSearchFilter("(&(objectClass=group)(mail=%n))", domainAttrs);
                domain.setExternalGroupHandlerClass("com.zimbra.cs.account.grouphandler.ADGroupHandler", domainAttrs);
                prov.modifyAttrs(domain, domainAttrs);
                // "ESPPEnrollment-USA@vmware.com";
                String extGroupName = "ENG_pao_users_home4@vmware.com";
                // create the admin account in Zimbra directory and map it to the external account
                Account zimbraAcct = createDelegatedAdminAccount(acctLocalpart, domain);
                zimbraAcct.setAuthLdapExternalDn("CN=Phoebe Shao,OU=PAO_Users,OU=PaloAlto_California_USA,OU=NALA,OU=SITES,OU=Engineering,DC=vmware,DC=com");
                allowedAccts.add(zimbraAcct);
                // =======================
                granteeName = domain.getName() + ":" + extGroupName;
                break;
            case GT_AUTHUSER:
                if (isUserRight) {
                    allowedAccts.add(createUserAccount("allowed-user-acct", domain));
                    deniedAccts.add(createGuestAccount("not-my-guest@external.com", "test123"));
                } else {
                    deniedAccts.add(createDelegatedAdminAccount("denied-da-acct", domain));
                }
                break;
            case GT_DOMAIN:
                grantee = createDomain();
                if (isUserRight) {
                    allowedAccts.add(createUserAccount("allowed-user-acct", (Domain) grantee));
                    Domain notGrantee = createDomain();
                    deniedAccts.add(createUserAccount("denied-user-acct", notGrantee));
                } else {
                    deniedAccts.add(createDelegatedAdminAccount("denied-da-acct", (Domain) grantee));
                // TODO: TEST R_crossDomainAdmin
                }
                granteeName = grantee.getName();
                break;
            case GT_GUEST:
                // an email address
                granteeName = "be-my-guest@guest.com";
                // password
                secret = "test123";
                if (isUserRight) {
                    allowedAccts.add(createGuestAccount(granteeName, secret));
                    deniedAccts.add(createGuestAccount("not-my-guest@external.com", "bad"));
                } else {
                    deniedAccts.add(createDelegatedAdminAccount("denied-da-acct", domain));
                    deniedAccts.add(createGuestAccount(granteeName, secret));
                }
                break;
            case GT_KEY:
                // a display name
                granteeName = "be-my-guest";
                // access key
                secret = "test123";
                if (isUserRight) {
                    allowedAccts.add(createKeyAccount(granteeName, secret));
                    deniedAccts.add(createKeyAccount("not-my-guest", "bad"));
                } else {
                    deniedAccts.add(createDelegatedAdminAccount("denied-da-acct", domain));
                    deniedAccts.add(createKeyAccount(granteeName, secret));
                }
                break;
            case GT_PUBLIC:
                if (isUserRight) {
                    allowedAccts.add(anonAccount());
                } else {
                    deniedAccts.add(anonAccount());
                }
                break;
            default:
                fail();
        }
    } else {
        // dynamic group
        assertEquals(TestGranteeType.GRANTEE_DYNAMIC_GROUP, testGranteeType);
        granteeType = GranteeType.GT_GROUP;
        if (isUserRight) {
            grantee = createUserDynamicGroup(domain);
            Account allowedAcct = createUserAccount(domain);
            allowedAccts.add(allowedAcct);
            prov.addGroupMembers((DynamicGroup) grantee, new String[] { allowedAcct.getName() });
            // external members are also honored if the right is a user right
            Account guestAcct = createGuestAccount("guest@guest.com", "test123");
            allowedAccts.add(guestAcct);
            prov.addGroupMembers((DynamicGroup) grantee, new String[] { guestAcct.getName() });
            deniedAccts.add(createUserAccount(domain));
        } else {
            grantee = createAdminDynamicGroup(domain);
            Account allowedAcct = createDelegatedAdminAccount(domain);
            allowedAccts.add(allowedAcct);
            prov.addGroupMembers((DynamicGroup) grantee, new String[] { allowedAcct.getName() });
            deniedAccts.add(createDelegatedAdminAccount(domain));
        }
        granteeName = grantee.getName();
    }
    //
    // 3. setup expectations for the granting action
    //
    boolean expectInvalidRequest = false;
    if (isUserRight) {
        expectInvalidRequest = !expectedIsRightGrantableOnTargetType(right, grantedOnTargetType);
    } else {
        // is admin right
        if (!granteeType.allowedForAdminRights()) {
            expectInvalidRequest = true;
        }
        if (!expectInvalidRequest) {
            if (granteeType == GranteeType.GT_DOMAIN && right != Admin.R_crossDomainAdmin) {
                expectInvalidRequest = true;
            }
        }
        if (!expectInvalidRequest) {
            expectInvalidRequest = !expectedIsRightGrantableOnTargetType(right, grantedOnTargetType);
        }
    }
    //
    // 4. setup target on which the right is to be granted
    //
    Entry grantedOnTarget = null;
    String targetName = null;
    switch(grantedOnTargetType) {
        case account:
            grantedOnTarget = createUserAccount("target-acct", domain);
            targetName = ((Account) grantedOnTarget).getName();
            break;
        case calresource:
            grantedOnTarget = createCalendarResource("target-cr", domain);
            targetName = ((CalendarResource) grantedOnTarget).getName();
            break;
        case cos:
            grantedOnTarget = createCos();
            targetName = ((Cos) grantedOnTarget).getName();
            break;
        case dl:
            grantedOnTarget = createUserDistributionList("target-distributionlist", domain);
            targetName = ((DistributionList) grantedOnTarget).getName();
            break;
        case group:
            grantedOnTarget = createUserDynamicGroup("target-dynamicgroup", domain);
            targetName = ((DynamicGroup) grantedOnTarget).getName();
            break;
        case domain:
            grantedOnTarget = domain;
            targetName = domain.getName();
            break;
        case server:
            grantedOnTarget = createServer();
            targetName = ((Server) grantedOnTarget).getName();
            break;
        case alwaysoncluster:
            grantedOnTarget = createAlwaysOnCluster();
            targetName = ((AlwaysOnCluster) grantedOnTarget).getName();
            break;
        case ucservice:
            grantedOnTarget = createUCService();
            targetName = ((UCService) grantedOnTarget).getName();
            break;
        case xmppcomponent:
            // skip for now
            return;
        case zimlet:
            grantedOnTarget = createZimlet();
            targetName = ((Zimlet) grantedOnTarget).getName();
            break;
        case config:
            grantedOnTarget = getConfig();
            break;
        case global:
            grantedOnTarget = getGlobalGrant();
            break;
        default:
            fail();
    }
    //
    // grant right on the target
    //
    boolean gotInvalidRequestException = false;
    try {
        // TODO: in a different test, test granting by a different authed account:
        //       global admin, delegated admin, user
        //
        Account grantingAccount = globalAdmin;
        RightCommand.grantRight(prov, grantingAccount, grantedOnTargetType.getCode(), TargetBy.name, targetName, granteeType.getCode(), GranteeBy.name, granteeName, secret, right.getName(), null);
    } catch (ServiceException e) {
        if (ServiceException.INVALID_REQUEST.equals(e.getCode())) {
            gotInvalidRequestException = true;
        } else {
            e.printStackTrace();
            fail();
        }
    }
    //
    // 5. verify the grant
    //
    assertEquals(expectInvalidRequest, gotInvalidRequestException);
    // after group creation using the target object returned from the create call.
    if (grantedOnTarget instanceof Group) {
        grantedOnTarget = prov.getGroupBasic(Key.DistributionListBy.id, ((Group) grantedOnTarget).getId());
    }
    //
    if (right.isComboRight()) {
        for (Right rt : ((ComboRight) right).getAllRights()) {
            setupTargetAndVerify(domain, grantedOnTarget, grantedOnTargetType, rt, true, allowedAccts, deniedAccts, !gotInvalidRequestException);
        }
    } else {
        setupTargetAndVerify(domain, grantedOnTarget, grantedOnTargetType, right, false, allowedAccts, deniedAccts, !gotInvalidRequestException);
    }
}