Hello,
I have been working for some time now on a set of PHP/SOAP functions with the intent of creating a web-portal administration tool for Zimbra. The current Zimbra Administration panel (while great), do not allow the granularity that our enterprise requires. The main features are quite modest - User by user, function by function access control. We have a support department for instance, that should be able to view a users mail without using a password - and a billing department that would need to be able to suspend users.
Anyways, the application is coming along nicly, and I will certainly publish it here when it is finished (styled after Zimbra, using jQuery for UI).
My question relates to a smallish feature called "PREAUTH". [
doc].
I have generated my domain key as such:
# zmprov gdpak zimbra.domain.com
And recieved a key something (obviously not exactly) like:
#061d547b1049fdcfd3dbba76d9cf5b2e7393cedcc927d3dc1 7fbec32a6af9a9d
So my code uses the following SOAP:
PHP Code:
<AuthRequest xmlns="urn:zimbraAccount">
<account by="name">' . $zimbrauser . '</account>
<preauth timestamp="' . $now . '" expires="15">' . $preauth . '</preauth>
</AuthRequest>;
Where:
$zimbrauser is "testuser@zimbra.domain.com" (a valid account)
$now is php's time()*1000. "
$now = time() * 1000;"
$preauth is the recommenced hash of
$zimbrauser, and expire time, and
$now:
PHP Code:
$preauth_string = $zimbrauser . "|name|" . $expire . "|" . $now;
$preauth = hash_hmac("sha1", $preauth_string, $zimbrakey);
The response I get from the server is something like this:
(Header: snipped to show important sections)
Code:
[SOAP:HEADER] => Array
(
[CONTEXT] => Array
(
[...]
[REFRESH] => Array
(
[...]
[FOLDER] => Array
(Folders in the users account - The data im after) The body of the SOAP is something like this:
Code:
[SOAP:BODY] => Array
(
[SOAP:FAULT] => Array
(
[SOAP:CODE] => Array
(
[SOAP:VALUE] => Array
(
[DATA] => soap:Sender
)
)
[SOAP:REASON] => Array
(
[SOAP:TEXT] => Array
(
[DATA] => authentication failed for test@zimbra.domain.com
)
)
[SOAP:DETAIL] => Array
(
[ERROR] => Array
(
[XMLNS] => urn:zimbra
[\C\O\D\E] => Array
(
[DATA] => account.AUTH_FAILED
)
[TRACE] => Array
(
[DATA] => btpool0-7:1221255785095:c3e11b613b04d4c4
)
)
)
)
)
)
)
My question is, why is it sending back "auth failed", and yet also sending me more or less sensitive information (zimbra version, mailboxs, size and msg count)?
My Zimbra class interprets this error correctly as an AUTH failed, but clearly its semi-working.
From here I have two options:
I can hack-up the error parser and allow this error to be ignored, or I can figure out whats going on and get a proper response (shouldn't the data I want be in the body anyways?)
Anyways, I can pastebin the entire envelope if anyone wants it.
Thanks a million!!!
Bugzilla
Wiki
Source
[SOLVED] Trouble with PREAUTH... 
Linear Mode
