Module: Watobo::HTTPSocket::NTLMAuth

Defined in:
lib/watobo/sockets/ntlm_auth.rb

Instance Method Summary collapse

Instance Method Details

#do_ntlm_authObject 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/watobo/sockets/ntlm_auth.rb', line 6

def do_ntlm_auth()
  response_header = nil

    auth_request = @request.copy

    ntlm_challenge = nil
    t1 = Watobo::NTLM::Message::Type1.new()
    msg = "NTLM " + t1.encode64

    auth_request.removeHeader("Connection")
    auth_request.removeHeader("Authorization")

    auth_request.addHeader("Authorization", msg)
    auth_request.addHeader("Connection", "Keep-Alive")

    if $DEBUG
      puts "============= T1 ======================="
      puts auth_request
    end
    
    data = auth_request.join + "\r\n"
    @connection.send data
    
    puts "-----------------" if $DEBUG

    response_header = []
    rcode = nil
    clen = nil
    ntlm_challenge = nil
    response_header = connection.read_header
    response_header.each do |line|
      if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
        rcode = $1.to_i
        rmsg = $2
      end
      if line =~ /^WWW-Authenticate: (NTLM) (.+)\r\n/
        ntlm_challenge = $2
      end
      if line =~ /^Content-Length: (\d{1,})\r\n/
        clen = $1.to_i
      end
      break if line.strip.empty?
    end
    #        puts "==================="

if $DEBUG
  puts "--- T1 RESPONSE HEADERS ---"
  puts response_header
  puts "---"
end

if rcode == 401 #Authentication Required
      puts "[NTLM] got ntlm challenge: #{ntlm_challenge}" if $DEBUG
      return socket, response_header if ntlm_challenge.nil?
    elsif rcode == 200 # Ok
      puts "[NTLM] seems request doesn't need authentication" if $DEBUG
      return socket, Watobo::Response.new(response_header)
    else
  if $DEBUG
        puts "[NTLM] ... !#*+.!*peep* ...."
        puts response_header
end
      return socket, Watobo::Response.new(response_header)
    end

    # reading rest of response
rest = ''
    Watobo::HTTPSocket.read_body(socket, :max_bytes => clen){ |d| 
   rest += d
}

if $DEBUG
puts "--- T1 RESPONSE BODY ---"
puts rest
puts "---"
end
    t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
    t3 = t2.response({:user => ntlm_credentials[:username],
      :password => ntlm_credentials[:password],
      :domain => ntlm_credentials[:domain]},
    {:workstation => ntlm_credentials[:workstation], :ntlmv2 => true})

    #     puts "* NTLM-Credentials: #{ntlm_credentials[:username]},#{ntlm_credentials[:password]}, #{ntlm_credentials[:domain]}, #{ntlm_credentials[:workstation]}"
    auth_request.removeHeader("Authorization")
    auth_request.removeHeader("Connection")

   # auth_request.addHeader("Connection", "Close")

    msg = "NTLM " + t3.encode64
    auth_request.addHeader("Authorization", msg)
    #      puts "============= T3 ======================="

    data = auth_request.join + "\r\n"

    if $DEBUG
      puts "= NTLM Type 3 ="
      puts data
    end
    @connection.send data

    response_header = []
    response_header = connection.header
    response_header.each do |line|

      if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
        rcode = $1.to_i
        rmsg = $2
      end
      break if line.strip.empty?
    end

    if rcode == 200 # Ok
       puts "[NTLM] Authentication Successfull" if $DEBUG
    elsif rcode == 401 # Authentication Required
       # TODO: authorization didn't work -> do some notification
      # ...
      puts "[NTLM] could not authenticate. Bad credentials?"
      puts ntlm_credentials.to_yaml
    end

    return socket, Watobo::Response.new(response_header)
  
end