Class: Net::HTTP

Inherits:
Object
  • Object
show all
Defined in:
lib/win32/sspi/http_proxy_patch.rb

Overview

Replaces Net::HTTP.request to understand Negotiate HTTP proxy authorization. Uses native Win32 libraries to authentic as the current user (as defined by the ENV and ENV environment variables.

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.sspi?Boolean

Indicates that net/http has been patched by SSPI.

Returns:

  • (Boolean) 


26
27
28
 
# File 'lib/win32/sspi/http_proxy_patch.rb', line 26

def self.sspi?
	true
end

Instance Method Details

#request(req, body = nil, &block) ⇒ Object

:yield: response



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# File 'lib/win32/sspi/http_proxy_patch.rb', line 55

def request(req, body = nil, &block) # :yield: +response+
  unless started?
    start {
      req['connection'] ||= 'close'
      return request(req, body, &block)
    }
  end
  if proxy_user()
    unless use_ssl?
      req.proxy_basic_auth proxy_user(), proxy_pass()
    end
  end

  req.set_body_internal body
  begin_transport req
    req.exec @socket, @curr_http_version, edit_path(req.path)
    begin
      res = HTTPResponse.read_new(@socket)
    end while res.kind_of?(HTTPContinue)
    if tok = sspi_auth_required?(res)
      begin
        n = Win32::SSPI::NegotiateAuth.new
        res.reading_body(@socket, req.response_body_permitted?) { }
        end_transport req, res
        begin_transport req
        if proxy?
          req["Proxy-Authorization"] = "#{tok} #{n.get_initial_token(tok)}"
          req["Proxy-Connection"] = "Keep-Alive"
        else
          req["Authorization"] = "#{tok} #{n.get_initial_token(tok)}"
        end
        # Some versions of ISA will close the connection if this isn't present.
        req["Connection"] = "Keep-Alive"
        req.exec @socket, @curr_http_version, edit_path(req.path)
        begin
          res = HTTPResponse.read_new(@socket)
        end while res.kind_of?(HTTPContinue)
        if (proxy? && res["Proxy-Authenticate"]) || (! proxy? && res["WWW-Authenticate"])
          res.reading_body(@socket, req.response_body_permitted?) { }
          if proxy?
            req["Proxy-Authorization"] = "#{tok} #{n.complete_authentication res["Proxy-Authenticate"]}"
            req["Proxy-Connection"] = "Keep-Alive"
          else
            token = res["WWW-Authenticate"].split(" ").last
            req["Authorization"] = "#{tok} #{n.complete_authentication token}"
          end
          req["Connection"] = "Keep-Alive"
          req.exec @socket, @curr_http_version, edit_path(req.path)
          begin
            res = HTTPResponse.read_new(@socket)
          end while res.kind_of?(HTTPContinue)
        end
      rescue
        exc = $!.exception("Error occurred during proxy negotiation. req: #{req["Proxy-Authorization"].inspect}; res: #{res.inspect}; Original message: #{$!.message}")
        exc.set_backtrace $!.backtrace
        raise exc
      end
    end

    res.reading_body(@socket, req.response_body_permitted?) {
      yield res if block_given?
    }
  end_transport req, res

  res
end

#sspi_auth_required?(res) ⇒ Boolean

Determines if authorization is required and returns the expected type (“NTLM” or “Negotiate”). Otherwise, returns nil.

Returns:

  • (Boolean) 


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/win32/sspi/http_proxy_patch.rb', line 37

def sspi_auth_required?(res)
    header = 
      if proxy? && res.kind_of?(HTTPProxyAuthenticationRequired)
        "Proxy-Authenticate"
      elsif res.kind_of?(HTTPUnauthorized)
        "WWW-Authenticate"
      else
        nil
      end
      
    if header
      # Critical to start with Negotiate. NTLM is fallback.
      ["Negotiate", "NTLM"].find { |tok| res[header].include? tok }
    else
      nil
    end
end