class HTTPClient::SSPINegotiateAuth

Authentication filter for handling Negotiate/NTLM negotiation. Used in ProxyAuth.

SSPINegotiateAuth depends on ‘win32/sspi’ module.

Public Class Methods

new() click to toggle source

Creates new SSPINegotiateAuth filter.

Calls superclass method HTTPClient::AuthBase::new
# File lib/httpclient/auth.rb, line 600
def initialize
  super('Negotiate')
end

Public Instance Methods

challenge(uri, param_str) click to toggle source

Challenge handler: remember URL and challenge token for response.

# File lib/httpclient/auth.rb, line 655
def challenge(uri, param_str)
  synchronize {
    if param_str.nil? or @challenge[uri].nil?
      c = @challenge[uri] = {}
      c[:state] = :init
      c[:authenticator] = nil
      c[:authphrase] = ""
    else
      c = @challenge[uri]
      c[:state] = :response
      c[:authphrase] = param_str
    end
    true
  }
end
get(req) click to toggle source

Response handler: returns credential. See win32/sspi for negotiation state transition.

# File lib/httpclient/auth.rb, line 618
def get(req)
  target_uri = req.header.request_uri
  synchronize {
    domain_uri, param = @challenge.find { |uri, v|
      Util.uri_part_of(target_uri, uri)
    }
    return nil unless param
    Util.try_require('win32/sspi') || Util.try_require('gssapi') || return
    state = param[:state]
    authenticator = param[:authenticator]
    authphrase = param[:authphrase]
    case state
    when :init
      if defined?(Win32::SSPI)
        authenticator = param[:authenticator] = Win32::SSPI::NegotiateAuth.new
        authenticator.get_initial_token(@scheme)
      else # use GSSAPI
        authenticator = param[:authenticator] = GSSAPI::Simple.new(domain_uri.host, 'HTTP')
        # Base64 encode the context token
        [authenticator.init_context].pack('m').gsub(/\n/,'')
      end
    when :response
      @challenge[target_uri][:state] = :done
      if defined?(Win32::SSPI)
        authenticator.complete_authentication(authphrase)
      else # use GSSAPI
        authenticator.init_context(authphrase.unpack('m').pop)
      end
    when :done
      :skip
    else
      nil
    end
  }
end
set(*args) click to toggle source

Set authentication credential. NOT SUPPORTED: username and necessary data is retrieved by win32/sspi. See win32/sspi for more details.

# File lib/httpclient/auth.rb, line 607
def set(*args)
  # not supported
end
set?() click to toggle source

Check always (not effective but it works)

# File lib/httpclient/auth.rb, line 612
def set?
  !@challenge.empty?
end