Class: WinRM::HTTP::HttpGSSAPI

Inherits:
HttpTransport show all
Defined in:
lib/winrm/http/transport.rb

Overview

Uses Kerberos/GSSAPI to authenticate and encrypt messages

Instance Attribute Summary

Attributes inherited from HttpTransport

#endpoint

Instance Method Summary collapse

Methods inherited from HttpTransport

#basic_auth_only!, #no_sspi_auth!

Constructor Details

#initialize(endpoint, realm, service = nil, keytab = nil, opts) ⇒ HttpGSSAPI

Returns a new instance of HttpGSSAPI.

Parameters:

  • endpoint (String, URI)

    the WinRM webservice endpoint

  • realm (String)

    the Kerberos realm we are authenticating to

  • service (String<optional>) (defaults to: nil)

    the service name, default is HTTP

  • keytab (String<optional>) (defaults to: nil)

    the path to a keytab file if you are using one



91
92
93
94
95
96
97
98
99
 
# File 'lib/winrm/http/transport.rb', line 91

def initialize(endpoint, realm, service = nil, keytab = nil, opts)
  super(endpoint)
  # Remove the GSSAPI auth from HTTPClient because we are doing our own thing
  auths = @httpcli.www_auth.instance_variable_get('@authenticator')
  auths.delete_if {|i| i.is_a?(HTTPClient::SSPINegotiateAuth)}
  service ||= 'HTTP'
  @service = "#{service}/#{@endpoint.host}@#{realm}"
  init_krb
end

Instance Method Details

#send_request(msg) ⇒ Object 



105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 
# File 'lib/winrm/http/transport.rb', line 105

def send_request(msg)
  original_length = msg.length
  pad_len, emsg = winrm_encrypt(msg)
  hdr = {
    "Connection" => "Keep-Alive",
    "Content-Type" => "multipart/encrypted;protocol=\"application/HTTP-Kerberos-session-encrypted\";boundary=\"Encrypted Boundary\""
  }

  body = <<-EOF
--Encrypted Boundary\r
Content-Type: application/HTTP-Kerberos-session-encrypted\r
OriginalContent: type=application/soap+xml;charset=UTF-8;Length=#{original_length + pad_len}\r
--Encrypted Boundary\r
Content-Type: application/octet-stream\r
#{emsg}--Encrypted Boundary\r
  EOF

  r = @httpcli.post(@endpoint, body, hdr)

  winrm_decrypt(r.http_body.content)
end

#set_auth(user, pass) ⇒ Object 



101
102
103
 
# File 'lib/winrm/http/transport.rb', line 101

def set_auth(user,pass)
  # raise Error
end