Class: WinRM::HTTP::HttpNegotiate

Inherits:
HttpTransport show all
Defined in:
lib/winrm/http/transport.rb

Overview

NTLM/Negotiate, secure, HTTP transport

Instance Attribute Summary

Attributes inherited from HttpTransport

#endpoint

Instance Method Summary collapse

Methods inherited from HttpTransport

#basic_auth_only!, #no_ssl_peer_verification!, #no_sspi_auth!, #receive_timeout, #receive_timeout=, #ssl_peer_fingerprint_verification!, #verify_ssl_fingerprint, #with_untrusted_ssl_connection

Constructor Details

#initialize(endpoint, user, pass, opts) ⇒ HttpNegotiate

Returns a new instance of HttpNegotiate.



148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
 
# File 'lib/winrm/http/transport.rb', line 148

def initialize(endpoint, user, pass, opts)
  super(endpoint)
  require 'rubyntlm'
  no_sspi_auth!

  user_parts = user.split('\\')
  if(user_parts.length > 1)
    opts[:domain] = user_parts[0]
    user = user_parts[1]
  end

  @ntlmcli = Net::NTLM::Client.new(user, pass, opts)
  @retryable = true
  no_ssl_peer_verification! if opts[:no_ssl_peer_verification]
  @ssl_peer_fingerprint = opts[:ssl_peer_fingerprint]
  @httpcli.ssl_config.set_trust_ca(opts[:ca_trust_path]) if opts[:ca_trust_path]
end

Instance Method Details

#send_request(message, auth_header = nil) ⇒ Object 



166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
 
# File 'lib/winrm/http/transport.rb', line 166

def send_request(message, auth_header = nil)
  ssl_peer_fingerprint_verification!
  auth_header = init_auth if @ntlmcli.session.nil?

  original_length = message.bytesize

  emessage = @ntlmcli.session.seal_message message
  signature = @ntlmcli.session.sign_message message
  seal = "\x10\x00\x00\x00#{signature}#{emessage}"

  hdr = {
    "Content-Type" => "multipart/encrypted;protocol=\"application/HTTP-SPNEGO-session-encrypted\";boundary=\"Encrypted Boundary\""
  }
  hdr.merge!(auth_header) if auth_header

  body = [
    "--Encrypted Boundary",
    "Content-Type: application/HTTP-SPNEGO-session-encrypted",
    "OriginalContent: type=application/soap+xml;charset=UTF-8;Length=#{original_length}",
    "--Encrypted Boundary",
    "Content-Type: application/octet-stream",
    "#{seal}--Encrypted Boundary--",
    ""
  ].join("\r\n")

  resp = @httpcli.post(@endpoint, body, hdr)
  verify_ssl_fingerprint(resp.peer_cert)
  if resp.status == 401 && @retryable
    @retryable = false
    send_request(message, init_auth)
  else
    @retryable = true
    decrypted_body = resp.body.empty? ? '' : winrm_decrypt(resp.body)
    handler = WinRM::ResponseHandler.new(decrypted_body, resp.status)
    handler.parse_to_xml()
  end
end