Parent

HTTPClient::NegotiateAuth

Authentication filter for handling Negotiate/NTLM negotiation. Used in WWWAuth and ProxyAuth.

NegotiateAuth depends on 'ruby/ntlm' module.

Attributes

ntlm_opt[R]

NTLM opt for ruby/ntlm. {:ntlmv2 => true} by default.

scheme[R]

Authentication scheme.

Public Class Methods

new(scheme = "Negotiate") click to toggle source

Creates new NegotiateAuth filter.

# File lib/httpclient/auth.rb, line 486
def initialize(scheme = "Negotiate")
  @auth = {}
  @auth_default = nil
  @challenge = {}
  @scheme = scheme
  @set = false
  @ntlm_opt = {
    :ntlmv2 => true
  }
end

Public Instance Methods

challenge(uri, param_str) click to toggle source

Challenge handler: remember URL and challenge token for response.

# File lib/httpclient/auth.rb, line 557
def challenge(uri, param_str)
  return false unless NTLMEnabled
  if param_str.nil? or @challenge[uri].nil?
    c = @challenge[uri] = {}
    c[:state] = :init
    c[:authphrase] = ""
  else
    c = @challenge[uri]
    c[:state] = :response
    c[:authphrase] = param_str
  end
  true
end
get(req) click to toggle source

Response handler: returns credential. See ruby/ntlm for negotiation state transition.

# File lib/httpclient/auth.rb, line 522
def get(req)
  return nil unless NTLMEnabled
  target_uri = req.header.request_uri
  domain_uri, param = @challenge.find { |uri, v|
    Util.uri_part_of(target_uri, uri)
  }
  return nil unless param
  user, passwd = Util.hash_find_value(@auth) { |uri, auth_data|
    Util.uri_part_of(target_uri, uri)
  }
  unless user
    user, passwd = @auth_default
  end
  return nil unless user
  domain = nil
  domain, user = user.split("\\") if user.index("\\")
  state = param[:state]
  authphrase = param[:authphrase]
  case state
  when :init
    t1 = Net::NTLM::Message::Type1.new
    t1.domain = domain if domain
    return t1.encode64
  when :response
    t2 = Net::NTLM::Message.decode64(authphrase)
    param = {:user => user, :password => passwd}
    param[:domain] = domain if domain
    t3 = t2.response(param, @ntlm_opt.dup)
    @challenge.delete(domain_uri)
    return t3.encode64
  end
  nil
end
reset_challenge() click to toggle source

Resets challenge state. Do not send '*Authorization' header until the server sends '*Authentication' again.

# File lib/httpclient/auth.rb, line 499
def reset_challenge
  @challenge.clear
end
set(uri, user, passwd) click to toggle source

Set authentication credential. uri == nil for generic purpose (allow to use user/password for any URL).

# File lib/httpclient/auth.rb, line 505
def set(uri, user, passwd)
  @set = true
  if uri
    uri = Util.uri_dirname(uri)
    @auth[uri] = [user, passwd]
  else
    @auth_default = [user, passwd]
  end
end
set?() click to toggle source

have we marked this as set - ie that it's valid to use in this context?

# File lib/httpclient/auth.rb, line 516
def set?
  @set == true
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.