Results 1 to 3 of 3

Thread: [SOLVED] Trouble with PREAUTH...

  1. #1
    Join Date
    Jun 2008
    Posts
    15
    Rep Power
    7

    Default [SOLVED] Trouble with PREAUTH...

    Hello,

    I have been working for some time now on a set of PHP/SOAP functions with the intent of creating a web-portal administration tool for Zimbra. The current Zimbra Administration panel (while great), do not allow the granularity that our enterprise requires. The main features are quite modest - User by user, function by function access control. We have a support department for instance, that should be able to view a users mail without using a password - and a billing department that would need to be able to suspend users.

    Anyways, the application is coming along nicly, and I will certainly publish it here when it is finished (styled after Zimbra, using jQuery for UI).

    My question relates to a smallish feature called "PREAUTH". [doc].

    I have generated my domain key as such:

    # zmprov gdpak zimbra.domain.com

    And recieved a key something (obviously not exactly) like:

    #061d547b1049fdcfd3dbba76d9cf5b2e7393cedcc927d3dc1 7fbec32a6af9a9d


    So my code uses the following SOAP:

    PHP Code:

    <AuthRequest xmlns="urn:zimbraAccount">
      <
    account by="name">' . $zimbrauser . '</account>
      <
    preauth timestamp="' . $now . '" expires="15">' . $preauth . '</preauth>
    </
    AuthRequest>'; 
    Where:
    $zimbrauser is "testuser@zimbra.domain.com" (a valid account)
    $now is php's time()*1000. "$now = time() * 1000;"
    $preauth is the recommenced hash of $zimbrauser, and expire time, and $now:

    PHP Code:

    $preauth_string 
    $zimbrauser "|name|" $expire "|" $now;
    $preauth hash_hmac("sha1"$preauth_string$zimbrakey); 

    The response I get from the server is something like this:

    (Header: snipped to show important sections)
    Code:
    [SOAP:HEADER] => Array
                    (
                        [CONTEXT] => Array
                            (
                               [...]
                                [REFRESH] => Array
                                    (
                                   [...]
                                        [FOLDER] => Array
                                         (Folders in the users account - The data im after)
    The body of the SOAP is something like this:

    Code:
    [SOAP:BODY] => Array
                    (
                        [SOAP:FAULT] => Array
                            (
                                [SOAP:CODE] => Array
                                    (
                                        [SOAP:VALUE] => Array
                                            (
                                                [DATA] => soap:Sender
                                            )
                                    )
                                [SOAP:REASON] => Array
                                    (
                                        [SOAP:TEXT] => Array
                                            (
                                                [DATA] => authentication failed for test@zimbra.domain.com
                                            )
                                    )
                                [SOAP:DETAIL] => Array
                                    (
                                        [ERROR] => Array
                                            (
                                                [XMLNS] => urn:zimbra
                                                [\C\O\D\E] => Array
                                                    (
                                                        [DATA] => account.AUTH_FAILED
                                                    )
    
                                                [TRACE] => Array
                                                    (
                                                        [DATA] => btpool0-7:1221255785095:c3e11b613b04d4c4
                                                    )
                                            )
                                    )
                            )
                    )
            )
    )

    My question is, why is it sending back "auth failed", and yet also sending me more or less sensitive information (zimbra version, mailboxs, size and msg count)?

    My Zimbra class interprets this error correctly as an AUTH failed, but clearly its semi-working.

    From here I have two options:

    I can hack-up the error parser and allow this error to be ignored, or I can figure out whats going on and get a proper response (shouldn't the data I want be in the body anyways?)


    Anyways, I can pastebin the entire envelope if anyone wants it.

    Thanks a million!!!

  2. #2
    Join Date
    Jun 2008
    Posts
    15
    Rep Power
    7

    Default

    Perhaps my solution here should be DelegateAuth rather than PREAUTH?

    I will look into it, and post here if I solve my own problem.

  3. #3
    Join Date
    Jun 2008
    Posts
    15
    Rep Power
    7

    Default

    Delegate auth is the proper way of doing what I was trying to get done.

    Thank you!

Similar Threads

  1. Preauth and REST in one request?
    By brharp in forum Developers
    Replies: 1
    Last Post: 12-09-2009, 07:06 AM
  2. [SOLVED] Another PHP Preauth example
    By riogd in forum Developers
    Replies: 0
    Last Post: 02-22-2008, 05:48 PM
  3. Preauth documentation improvements
    By riogd in forum Developers
    Replies: 0
    Last Post: 02-22-2008, 05:10 PM
  4. Trouble Ticket System ?
    By cyberkoa in forum Developers
    Replies: 3
    Last Post: 04-09-2007, 10:57 PM
  5. Osx zmamavisdctl trouble
    By bunam in forum Installation
    Replies: 2
    Last Post: 11-18-2006, 02:01 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •