Class: HTTPClient::SSPINegotiateAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/winrm/http/auth.rb

Instance Method Summary collapse

Instance Method Details

#decrypt_payload(body) ⇒ Object 



191
192
193
194
 
# File 'lib/winrm/http/auth.rb', line 191

def decrypt_payload(body)
  body = @authenticator.decrypt_payload(body) if SSPIEnabled
  body
end

#encrypt_payload(req) ⇒ Object 



177
178
179
180
181
182
183
184
185
186
187
188
189
 
# File 'lib/winrm/http/auth.rb', line 177

def encrypt_payload(req)
  if SSPIEnabled
    body = @authenticator.encrypt_payload(req.body)
    req.http_body = HTTP::Message::Body.new
    req.http_body.init_request(body)
    req.http_header.body_size = body.length if body
    # if body is encrypted update the header
    if body.include? "HTTP-SPNEGO-session-encrypted"
      @encrypted_channel = true
      req.header.set('Content-Type', "multipart/encrypted;protocol=\"application/HTTP-SPNEGO-session-encrypted\";boundary=\"Encrypted Boundary\"")
    end
  end
end

#encrypted_channel?Boolean

Returns:

  • (Boolean) 


173
174
175
 
# File 'lib/winrm/http/auth.rb', line 173

def encrypted_channel?
  @encrypted_channel
end

#get(req) ⇒ Object

Response handler: returns credential. See win32/sspi for negotiation state transition.



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
 
# File 'lib/winrm/http/auth.rb', line 137

def get(req)
  return nil unless SSPIEnabled || GSSAPIEnabled
  target_uri = req.header.request_uri
  domain_uri, param = @challenge.find { |uri, v|
    Util.uri_part_of(target_uri, uri)
  }

  return nil unless param

  state = param[:state]
  authenticator = param[:authenticator]
  authphrase = param[:authphrase]
  case state
  when :init
    if SSPIEnabled
      # Over-ride ruby win32 sspi to support encrypt/decrypt
      require 'winrm/win32/sspi'
      authenticator = param[:authenticator] = Win32::SSPI::NegotiateAuth.new(@user, @domain, @passwd)
      @authenticator = authenticator #  **** Hacky remember as we need this for encrypt/decrypt
      return authenticator.get_initial_token
    else # use GSSAPI
      authenticator = param[:authenticator] = GSSAPI::Simple.new(domain_uri.host, 'HTTP')
      # Base64 encode the context token
      return [authenticator.init_context].pack('m').gsub(/\n/,'')
    end
  when :response
    @challenge.delete(domain_uri)
    if SSPIEnabled
      return authenticator.complete_authentication(authphrase)
    else # use GSSAPI
      return authenticator.init_context(authphrase.unpack('m').pop)
    end
  end
  nil
end

#set(uri, user, passwd) ⇒ Object

Override to remember creds Set authentication credential.



122
123
124
125
126
127
128
129
 
# File 'lib/winrm/http/auth.rb', line 122

def set(uri, user, passwd)
  # Check if user has domain specified in it.
  if user
    creds = user.split("\\")
    creds.length.eql?(2) ? (@domain,@user = creds) : @user = creds[0]
  end
  @passwd = passwd
end

#set?Boolean

Returns:

  • (Boolean) 


131
132
133
 
# File 'lib/winrm/http/auth.rb', line 131

def set?
  SSPIEnabled || GSSAPIEnabled
end