Class: WinRM::HTTP::HttpNegotiate

Inherits:
HttpTransport show all
Defined in:
lib/winrm/http/transport.rb

Overview

NTLM/Negotiate, secure, HTTP transport

Constant Summary

Constants inherited from HttpTransport

WinRM::HTTP::HttpTransport::DEFAULT_RECEIVE_TIMEOUT

Instance Attribute Summary

Attributes inherited from HttpTransport

#endpoint

Instance Method Summary collapse

Methods inherited from HttpTransport

#basic_auth_only!, #no_ssl_peer_verification!, #no_sspi_auth!, #receive_timeout, #receive_timeout=, #ssl_peer_fingerprint_verification!, #verify_ssl_fingerprint, #with_untrusted_ssl_connection

Constructor Details

#initialize(endpoint, user, pass, opts) ⇒ HttpNegotiate

Returns a new instance of HttpNegotiate.



146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
 
# File 'lib/winrm/http/transport.rb', line 146

def initialize(endpoint, user, pass, opts)
  super(endpoint)
  require 'rubyntlm'
  no_sspi_auth!

  user_parts = user.split('\\')
  if(user_parts.length > 1)
    opts[:domain] = user_parts[0]
    user = user_parts[1]
  end

  @ntlmcli = Net::NTLM::Client.new(user, pass, opts)
  @retryable = true
  no_ssl_peer_verification! if opts[:no_ssl_peer_verification]
  @ssl_peer_fingerprint = opts[:ssl_peer_fingerprint]
  @httpcli.ssl_config.set_trust_ca(opts[:ca_trust_path]) if opts[:ca_trust_path]
end

Instance Method Details

#send_request(message, auth_header = nil) ⇒ Object 



164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
 
# File 'lib/winrm/http/transport.rb', line 164

def send_request(message, auth_header = nil)
  ssl_peer_fingerprint_verification!
  auth_header = init_auth if @ntlmcli.session.nil?

  original_length = message.length

  emessage = @ntlmcli.session.seal_message message
  signature = @ntlmcli.session.sign_message message
  seal = "\x10\x00\x00\x00#{signature}#{emessage}"

  hdr = {
    "Content-Type" => "multipart/encrypted;protocol=\"application/HTTP-SPNEGO-session-encrypted\";boundary=\"Encrypted Boundary\""
  }
  hdr.merge!(auth_header) if auth_header

  body = [
    "--Encrypted Boundary",
    "Content-Type: application/HTTP-SPNEGO-session-encrypted",
    "OriginalContent: type=application/soap+xml;charset=UTF-8;Length=#{original_length}",
    "--Encrypted Boundary",
    "Content-Type: application/octet-stream",
    "#{seal}--Encrypted Boundary--",
    ""
  ].join("\r\n")

  resp = @httpcli.post(@endpoint, body, hdr)
  verify_ssl_fingerprint(resp.peer_cert)
  if resp.status == 401 && @retryable
    @retryable = false
    send_request(message, init_auth)
  else
    @retryable = true
    decrypted_body = resp.body.empty? ? '' : winrm_decrypt(resp.body)
    handler = WinRM::ResponseHandler.new(decrypted_body, resp.status)
    handler.parse_to_xml()
  end
end