Class: HTTPClient::SSPINegotiateAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/winrm/http/auth.rb

Instance Method Summary collapse

Instance Method Details

#decrypt_payload(body) ⇒ Object 



166
167
168
169
 
# File 'lib/winrm/http/auth.rb', line 166

def decrypt_payload(body)
  body = @authenticator.decrypt_payload(body) if SSPIEnabled
  body
end

#encrypt_payload(req) ⇒ Object 



152
153
154
155
156
157
158
159
160
161
162
163
164
 
# File 'lib/winrm/http/auth.rb', line 152

def encrypt_payload(req)
  if SSPIEnabled
    body = @authenticator.encrypt_payload(req.body)
    req.http_body = HTTP::Message::Body.new
    req.http_body.init_request(body)
    req.http_header.body_size = body.length if body
    # if body is encrypted update the header
    if body.include? "HTTP-SPNEGO-session-encrypted"
      @encrypted_channel = true
      req.header.set('Content-Type', "multipart/encrypted;protocol=\"application/HTTP-SPNEGO-session-encrypted\";boundary=\"Encrypted Boundary\"")
    end
  end
end

#encrypted_channel?Boolean

Returns:

  • (Boolean) 


148
149
150
 
# File 'lib/winrm/http/auth.rb', line 148

def encrypted_channel?
  @encrypted_channel
end

#get(req) ⇒ Object

Response handler: returns credential. See win32/sspi for negotiation state transition.



113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
 
# File 'lib/winrm/http/auth.rb', line 113

def get(req)
  return nil unless SSPIEnabled || GSSAPIEnabled
  target_uri = req.header.request_uri
  domain_uri, param = @challenge.find { |uri, v|
    Util.uri_part_of(target_uri, uri)
  }

  return nil unless param
  state = param[:state]
  authenticator = param[:authenticator]
  authphrase = param[:authphrase]
  case state
  when :init
    if SSPIEnabled
      # Over-ride ruby win32 sspi to support encrypt/decrypt
      require 'winrm/win32/sspi'
      authenticator = param[:authenticator] = Win32::SSPI::NegotiateAuth.new(@user, @domain, @passwd)
      @authenticator = authenticator #  **** Hacky remember as we need this for encrypt/decrypt
      return authenticator.get_initial_token
    else # use GSSAPI
      authenticator = param[:authenticator] = GSSAPI::Simple.new(domain_uri.host, 'HTTP')
      # Base64 encode the context token
      return [authenticator.init_context].pack('m').gsub(/\n/,'')
    end
  when :response
    @challenge.delete(domain_uri)
    if SSPIEnabled
      return authenticator.complete_authentication(authphrase)
    else # use GSSAPI
      return authenticator.init_context(authphrase.unpack('m').pop)
    end
  end
  nil
end

#set(uri, user, passwd) ⇒ Object

Override to remember creds Set authentication credential.



102
103
104
105
106
107
108
109
 
# File 'lib/winrm/http/auth.rb', line 102

def set(uri, user, passwd)
  # Check if user has domain specified in it.
  if user
    creds = user.split("\\")
    creds.length.eql?(2) ? (@domain,@user = creds) : @user = creds[0]
  end
  @passwd = passwd
end