Class: HTTPClient::NegotiateAuth

Inherits:
Object
  • Object
show all
Includes:
Mutex_m
Defined in:
lib/httpclient/auth.rb

Overview

Authentication filter for handling Negotiate/NTLM negotiation. Used in WWWAuth and ProxyAuth.

NegotiateAuth depends on ‘ruby/ntlm’ module.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(scheme = "Negotiate") ⇒ NegotiateAuth

Creates new NegotiateAuth filter.



528
529
530
531
532
533
534
535
536
537
538
 
# File 'lib/httpclient/auth.rb', line 528

def initialize(scheme = "Negotiate")
  super()
  @auth = {}
  @auth_default = nil
  @challenge = {}
  @scheme = scheme
  @set = false
  @ntlm_opt = {
    :ntlmv2 => true
  }
end

Instance Attribute Details

#ntlm_optObject (readonly)

NTLM opt for ruby/ntlm. => true by default.



525
526
527
 
# File 'lib/httpclient/auth.rb', line 525

def ntlm_opt
  @ntlm_opt
end

#schemeObject (readonly)

Authentication scheme.



523
524
525
 
# File 'lib/httpclient/auth.rb', line 523

def scheme
  @scheme
end

Instance Method Details

#challenge(uri, param_str) ⇒ Object

Challenge handler: remember URL and challenge token for response.



608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
 
# File 'lib/httpclient/auth.rb', line 608

def challenge(uri, param_str)
  return false unless NTLMEnabled
  synchronize {
    if param_str.nil? or @challenge[uri].nil?
      c = @challenge[uri] = {}
      c[:state] = :init
      c[:authphrase] = ""
    else
      c = @challenge[uri]
      c[:state] = :response
      c[:authphrase] = param_str
    end
    true
  }
end

#get(req) ⇒ Object

Response handler: returns credential. See ruby/ntlm for negotiation state transition.



571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
 
# File 'lib/httpclient/auth.rb', line 571

def get(req)
  return nil unless NTLMEnabled
  target_uri = req.header.request_uri
  synchronize {
    domain_uri, param = @challenge.find { |uri, v|
      Util.uri_part_of(target_uri, uri)
    }
    return nil unless param
    user, passwd = Util.hash_find_value(@auth) { |uri, auth_data|
      Util.uri_part_of(target_uri, uri)
    }
    unless user
      user, passwd = @auth_default
    end
    return nil unless user
    domain = nil
    domain, user = user.split("\\") if user.index("\\")
    state = param[:state]
    authphrase = param[:authphrase]
    case state
    when :init
      t1 = Net::NTLM::Message::Type1.new
      t1.domain = domain if domain
      return t1.encode64
    when :response
      t2 = Net::NTLM::Message.decode64(authphrase)
      param = {:user => user, :password => passwd}
      param[:domain] = domain if domain
      t3 = t2.response(param, @ntlm_opt.dup)
      @challenge.delete(domain_uri)
      return t3.encode64
    end
    nil
  }
end

#reset_challengeObject

Resets challenge state. Do not send ‘*Authorization’ header until the server sends ‘*Authentication’ again.



542
543
544
545
546
 
# File 'lib/httpclient/auth.rb', line 542

def reset_challenge
  synchronize do
    @challenge.clear
  end
end

#set(uri, user, passwd) ⇒ Object

Set authentication credential. uri == nil for generic purpose (allow to use user/password for any URL).



550
551
552
553
554
555
556
557
558
559
560
 
# File 'lib/httpclient/auth.rb', line 550

def set(uri, user, passwd)
  synchronize do
    if uri
      uri = Util.uri_dirname(uri)
      @auth[uri] = [user, passwd]
    else
      @auth_default = [user, passwd]
    end
    @set = true
  end
end

#set?Boolean

have we marked this as set - ie that it’s valid to use in this context?

Returns:

  • (Boolean) 


563
564
565
566
567
 
# File 'lib/httpclient/auth.rb', line 563

def set?
  synchronize {
    @set == true
  }
end