Class: HTTPClient::SSPINegotiateAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/httpclient/auth.rb

Overview

Authentication filter for handling Negotiate/NTLM negotiation. Used in ProxyAuth.

SSPINegotiateAuth depends on 'win32/sspi' module.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeSSPINegotiateAuth

Creates new SSPINegotiateAuth filter.


463
464
465
466
# File 'lib/httpclient/auth.rb', line 463

def initialize
  @challenge = {}
  @scheme = "Negotiate"
end

Instance Attribute Details

#schemeObject (readonly)

Authentication scheme.


460
461
462
# File 'lib/httpclient/auth.rb', line 460

def scheme
  @scheme
end

Instance Method Details

#challenge(uri, param_str) ⇒ Object

Challenge handler: remember URL and challenge token for response.


505
506
507
508
509
510
511
512
513
514
515
516
517
518
# File 'lib/httpclient/auth.rb', line 505

def challenge(uri, param_str)
  return false unless SSPIEnabled
  if param_str.nil? or @challenge[uri].nil?
    c = @challenge[uri] = {}
    c[:state] = :init
    c[:authenticator] = nil
    c[:authphrase] = ""
  else
    c = @challenge[uri]
    c[:state] = :response
    c[:authphrase] = param_str
  end
  true
end

#get(req) ⇒ Object

Response handler: returns credential. See win32/sspi for negotiation state transition.


483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
# File 'lib/httpclient/auth.rb', line 483

def get(req)
  return nil unless SSPIEnabled
  target_uri = req.header.request_uri
  domain_uri, param = @challenge.find { |uri, v|
    Util.uri_part_of(target_uri, uri)
  }
  return nil unless param
  state = param[:state]
  authenticator = param[:authenticator]
  authphrase = param[:authphrase]
  case state
  when :init
    authenticator = param[:authenticator] = Win32::SSPI::NegotiateAuth.new
    return authenticator.get_initial_token(@scheme)
  when :response
    @challenge.delete(domain_uri)
    return authenticator.complete_authentication(authphrase)
  end
  nil
end

#reset_challengeObject

Resets challenge state. Do not send '*Authorization' header until the server sends '*Authentication' again.


470
471
472
# File 'lib/httpclient/auth.rb', line 470

def reset_challenge
  @challenge.clear
end

#set(uri, user, passwd) ⇒ Object

Set authentication credential. NOT SUPPORTED: username and necessary data is retrieved by win32/sspi. See win32/sspi for more details.


477
478
479
# File 'lib/httpclient/auth.rb', line 477

def set(uri, user, passwd)
  # not supported
end