Class: WinRM::HTTP::HttpGSSAPI

Inherits:
HttpTransport show all
Defined in:
lib/winrm/http/transport.rb

Overview

Uses Kerberos/GSSAPI to authenticate and encrypt messages

Instance Attribute Summary

Attributes inherited from HttpTransport

#endpoint

Instance Method Summary collapse

Methods inherited from HttpTransport

#basic_auth_only!, #no_ssl_peer_verification!, #no_sspi_auth!, #ssl_peer_fingerprint_verification!, #verify_ssl_fingerprint, #with_untrusted_ssl_connection

Constructor Details

#initialize(endpoint, realm, opts, service = nil) ⇒ HttpGSSAPI

Returns a new instance of HttpGSSAPI.

Parameters:

  • endpoint (String, URI)

    the WinRM webservice endpoint

  • realm (String)

    the Kerberos realm we are authenticating to

  • service (String<optional>) (defaults to: nil)

    the service name, default is HTTP



291
292
293
294
295
296
297
298
299
300
301
302
# File 'lib/winrm/http/transport.rb', line 291

def initialize(endpoint, realm, opts, service = nil)
  require 'gssapi'
  require 'gssapi/extensions'

  super(endpoint, opts)
  # Remove the GSSAPI auth from HTTPClient because we are doing our own thing
  no_sspi_auth!
  service ||= 'HTTP'
  @service = "#{service}/#{@endpoint.host}@#{realm}"
  no_ssl_peer_verification! if opts[:no_ssl_peer_verification]
  init_krb
end

Instance Method Details

#send_request(message) ⇒ Object

Sends the SOAP payload to the WinRM service and returns the service’s SOAP response. If an error occurrs an appropriate error is raised.

Parameters:

  • The (String)

    XML SOAP message



309
310
311
312
313
314
315
316
317
318
319
320
# File 'lib/winrm/http/transport.rb', line 309

def send_request(message)
  resp = send_kerberos_request(message)

  if resp.status == 401
    @logger.debug 'Got 401 - reinitializing Kerberos and retrying one more time'
    init_krb
    resp = send_kerberos_request(message)
  end

  handler = WinRM::ResponseHandler.new(winrm_decrypt(resp.http_body.content), resp.status)
  handler.parse_to_xml
end