Results 1 to 6 of 6

Thread: Pre-auth failures

  1. #1
    DougWare is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Raleigh, NC
    Posts
    91
    Rep Power
    7

    Default Pre-auth failures

    I've created the following PHP code for use with pre-auth, but I always get the error noted below. Both servers (the Zimbra server and the server that runs the PHP code) are synced to an NTP server. I have also confirmed the times are correct on each server.

    My timestamps seem to be UTC based even though the timezone is set correctly. I've tried compensating by subtracting 5 hours from the UTC timestamp. With or without the subtraction, I still get the error.

    I am using 5.0 RC2 Network Edition. I plan on upgrading to the GA code this week.

    Does anyone see something obvious?

    Doug

    PHP Code-------------------------------------------------
    putenv("TZ=US/Eastern");
    $now= time() + (5 * 60 * 60);
    $preauth_string = "support@mydomain.com|name|0|" . $now;
    $preauth = hash_hmac("sha1", "$preauth_string", "DOMAIN KEY");
    $preauth_link="https://mail.mydomain.com/service/preauth?account=support@mydomain.com&expires=0&tim estamp=" . $now . "&preauth=" . $preauth


    ERROR MESSAGE-------------------------------------------
    HTTP ERROR: 400

    authentication failed for support@mydomain.com (preauth timestamp is too old)

    RequestURI=/service/preauth

    Powered by Jetty://

  2. #2
    Rich Graves is offline Outstanding Member
    Join Date
    Jan 2007
    Location
    Minnesota
    Posts
    719
    Rep Power
    9

    Default

    php time() is in seconds. Preauth - Zimbra :: Wiki says it should be in milliseconds. Multiply by 1000000.

    Untested. I'd be interested in working PHP preauth code, too.

  3. #3
    DougWare is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Raleigh, NC
    Posts
    91
    Rep Power
    7

    Default

    Yeah, that didn't fix it. I just returned a different error code...

    HTTP ERROR: 500

    For input string: "1.199306495E 14"

    RequestURI=/service/preauth
    Caused by:

    java.lang.NumberFormatException: For input string: "1.199306495E 14"
    at java.lang.NumberFormatException.forInputString(Num berFormatException.java:48)
    at java.lang.Long.parseLong(Long.java:412)
    at java.lang.Long.parseLong(Long.java:461)
    at com.zimbra.cs.service.PreAuthServlet.doGet(PreAuth Servlet.java:117)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:707)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:174)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
    at org.mortbay.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:487)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1093)
    at org.mortbay.servlet.UserAgentFilter.doFilter(UserA gentFilter.java:81)
    at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter .java:132)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1084)
    at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:360)
    at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:181)
    at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:712)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:405)
    at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:211)
    at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
    at org.mortbay.jetty.handler.RewriteHandler.handle(Re writeHandler.java:176)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
    at org.mortbay.jetty.Server.handle(Server.java:313)
    at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:506)
    at org.mortbay.jetty.HttpConnection$RequestHandler.he aderComplete(HttpConnection.java:830)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:514)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:211)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:381)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:396)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.ru n(BoundedThreadPool.java:442)

    Powered by Jetty://

  4. #4
    schemers is offline Zimbra Employee
    Join Date
    Aug 2005
    Posts
    228
    Rep Power
    9

    Default

    Multiply by 1000 (not 1000000) to get milliseconds and it should work.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  5. #5
    DougWare is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Raleigh, NC
    Posts
    91
    Rep Power
    7

    Default

    That works beautifully.

    For the record, here is my working PHP code....

    BEGIN PHP CODE-------------------------------
    $now = time() * 1000;
    $preauth_string = "USERNAME|name|0|" . $now;
    $preauth = hash_hmac("sha1", $preauth_string, "DOMAINKEY");
    echo "<CENTER><FONT FACE=ARIAL SIZE=+2><A HREF='https://WEBMAILHOSTNAME/service/preauth?account=USERNAME&expires=0&timestamp=" . $now . "&preauth=" . $preauth . "' target='_mail'>Launch Web Mail Client</A></FONT></CENTER>";
    END PHP CODE---------------------------------
    Thanks again!

    Doug
    Last edited by DougWare; 01-02-2008 at 03:00 PM.

  6. #6
    permicity is offline Starter Member
    Join Date
    Aug 2008
    Posts
    1
    Rep Power
    7

    Default Another PHP Script

    I tried the above script and was unable to get it to work using PHP v5.1.2. The reason was primarily due to the timestamp calculation not being accurate enough.

    If you get the following error:
    (preauth timestamp is too old)
    you can try the following script.

    <?php

    // to display debugging output, set the following to DEBUG=1
    $DEBUG=0;
    function debug($sOutput) {
    global $DEBUG;
    if ($DEBUG) {
    echo $sOutput . "<br>";
    }
    }

    // return the time in milliseconds
    ini_set("precision", 24);
    putenv("TZ=America/Los_Angeles");
    function millitime() {
    $utime = preg_match("/^(.*?) (.*?)$/", microtime(), $match);
    $utime = $match[2] + $match[1];
    $utime *= 1000;
    return $utime;
    }


    // preauth key generated from zmprov
    $preAuthKey="YOUR_KEY_HERE";

    // account identifier
    $account_id="YOUR_EMAIL_ADDRESS_HERE";

    // by value
    $by_value="name";

    // timestamp (in milliseconds)
    $timestamp = sprintf("%01.0f", millitime());
    debug("Timestamp: $timestamp");

    // expiration time defaults to expiration time of account
    $expires = 0;

    // computed-preauth
    // first concat account, by_value, expires, and timestamp separated by |
    $sToken = $account_id . "|" . $by_value . "|" . $expires . "|" . $timestamp;

    // compute the SHA-1 HMAC on the Token using the preauth key
    $computed_preauth=hash_hmac("sha1",$sToken,$preAut hKey);

    // now redirect user to their email
    header( "Location: https://YOUR_DOMAIN/service/preauth?account=$account_id&expires=$expires&times tamp=$timestamp&preauth=$computed_preauth");

    ?>

    Enjoy

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] NE Migration: SMTP AUTH Failure
    By markpr in forum Installation
    Replies: 14
    Last Post: 10-03-2007, 12:51 PM
  2. Replies: 5
    Last Post: 01-20-2007, 12:25 AM
  3. SMTP Auth error 535
    By FloydWilliams in forum Administrators
    Replies: 0
    Last Post: 01-04-2007, 02:33 PM
  4. SMTP Auth Failing?
    By mikea in forum Administrators
    Replies: 15
    Last Post: 01-03-2006, 10:39 AM
  5. tls auth only?
    By rmvg in forum Administrators
    Replies: 16
    Last Post: 10-23-2005, 08:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •