net_dav 0.2.2 → 0.3.0

data/Rakefile

@@ -36,7 +36,11 @@ task :spec => :check_dependencies
 
 task :default => :spec
 
-task :dist => [:clean, :release]
+task "dist" => [:clean, :release]
+
+task "dist:patch" => [:clean, "version:bump:patch", :release]
+
+task "dist:minor" => [:clean, "version:bump:minor", :release]
 
 task :clean do
   Dir.glob("**/*~").each do |file|

data/VERSION

@@ -1 +1 @@
-0.2.2
+0.3.0

data/bin/dav

@@ -6,6 +6,9 @@ require 'net/dav'
 
 dav_user = ENV['DAVUSER']
 dav_pass = ENV['DAVPASS']
+disable_basic_auth = (ENV['DISABLE_BASIC_AUTH'] && ENV['DISABLE_BASIC_AUTH'] != "0")
+enable_curl = !(ENV['DISABLE_CURL'] && ENV['DISABLE_CURL'] != "0")
+
 cmd = $*[0]
 
 def print_usage
@@ -36,9 +39,8 @@ else
   url = URI.parse $*[1]
 end
 
-enable_curl = !(ENV['DISABLE_CURL'] && ENV['DISABLE_CURL'] != "0")
-
 dav = Net::DAV.new(url, :curl => enable_curl)
+dav.disable_basic_auth = disable_basic_auth
 
 if (url.scheme == 'https')
   dav.verify_callback = lambda do |preverify_ok, x509_store|

data/lib/net/dav.rb

@@ -3,6 +3,7 @@ require 'uri'
 require 'nokogiri'
 require 'net/dav/item'
 require 'base64'
+require 'digest/md5'
 begin
   require 'curb'
 rescue LoadError
@@ -15,6 +16,8 @@ module Net #:nodoc:
     class NetHttpHandler
       attr_writer :user, :pass
 
+      attr_accessor :disable_basic_auth
+
       def verify_callback=(callback)
 	@http.verify_callback = callback
       end
@@ -24,6 +27,7 @@ module Net #:nodoc:
       end
 
       def initialize(uri)
+	@disable_basic_auth = false
 	@uri = uri
 	case @uri.scheme
 	when "http"
@@ -69,9 +73,6 @@ module Net #:nodoc:
 	req.content_length = length
 	headers.each_pair { |key, value| req[key] = value } if headers
 	req.content_type = 'text/xml; charset="utf-8"'
-	if (@user)
-	  req.basic_auth @user, @pass
-	end
 	res = handle_request(req, headers)
 	res
       end
@@ -87,9 +88,6 @@ module Net #:nodoc:
 	req.body = body
 	headers.each_pair { |key, value| req[key] = value } if headers
 	req.content_type = 'text/xml; charset="utf-8"'
-	if (@user)
-	  req.basic_auth @user, @pass
-	end
 	res = handle_request(req, headers)
 	res
       end
@@ -103,9 +101,6 @@ module Net #:nodoc:
 	    raise "unkown returning_body verb #{verb}"
 	  end
 	headers.each_pair { |key, value| req[key] = value } if headers
-	if (@user)
-	  req.basic_auth @user, @pass
-	end
 	res = handle_request(req, headers, MAX_REDIRECTS, &block)
 	res.body
       end
@@ -123,9 +118,6 @@ module Net #:nodoc:
 	req.body = body
 	headers.each_pair { |key, value| req[key] = value } if headers
 	req.content_type = 'text/xml; charset="utf-8"'
-	if (@user)
-	  req.basic_auth @user, @pass
-	end
 	res = handle_request(req, headers)
 	res
       end
@@ -144,7 +136,21 @@ module Net #:nodoc:
 	  response = @http.request(req)
 	end
 	case response
-	when Net::HTTPSuccess     then response
+	when Net::HTTPSuccess     then
+	  return response
+	when Net::HTTPUnauthorized     then
+	  response.error! unless @user
+	  response.error! if req['authorization']
+	  new_req = clone_req(req.path, req, headers)
+	  if response['www-authenticate'] =~ /^Basic/
+	    if disable_basic_auth
+	      raise "server requested basic auth, but that is disabled"
+	    end
+	    new_req.basic_auth @user, @pass
+	  else
+	    digest_auth(new_req, @user, @pass, response)
+	  end
+	  return handle_request(new_req, headers, limit - 1, &block)
 	when Net::HTTPRedirection then
 	  location = URI.parse(response['location'])
 	  if (@uri.scheme != location.scheme ||
@@ -152,18 +158,56 @@ module Net #:nodoc:
 	      @uri.port != location.port)
 	    raise "cannot redirect to a different host #{@uri} => #{location}"
 	  end
-	  new_req = req.class.new(location.path)
-	  new_req.body = req.body
-	  new_req.body_stream = req.body_stream
-	  headers.each_pair { |key, value| new_req[key] = value } if headers
-	  if (@user)
-	    new_req.basic_auth @user, @pass
-	  end
-	  handle_request(new_req, limit - 1, &block)
+	  new_req = clone_req(location.path, req, headers)
+	  return handle_request(new_req, headers, limit - 1, &block)
 	else
 	  response.error!
 	end
       end
+      def clone_req(path, req, headers)
+	new_req = req.class.new(path)
+	new_req.body = req.body
+	new_req.body_stream = req.body_stream
+	headers.each_pair { |key, value| new_req[key] = value } if headers
+	return new_req
+      end
+
+      CNONCE = Digest::MD5.hexdigest("%x" % (Time.now.to_i + rand(65535))).slice(0, 8)
+
+      def digest_auth(request, user, password, response)
+	# based on http://segment7.net/projects/ruby/snippets/digest_auth.rb
+	@nonce_count = 0 if @nonce_count.nil?
+	@nonce_count += 1
+
+	raise "bad www-authenticate header" unless (response['www-authenticate'] =~ /^(\w+) (.*)/)
+
+	params = {}
+	$2.gsub(/(\w+)="(.*?)"/) { params[$1] = $2 }
+
+	a_1 = "#{user}:#{params['realm']}:#{password}"
+	a_2 = "#{request.method}:#{request.path}"
+	request_digest = ''
+	request_digest << Digest::MD5.hexdigest(a_1)
+	request_digest << ':' << params['nonce']
+	request_digest << ':' << ('%08x' % @nonce_count)
+	request_digest << ':' << CNONCE
+	request_digest << ':' << params['qop']
+	request_digest << ':' << Digest::MD5.hexdigest(a_2)
+
+	header = []
+	header << "Digest username=\"#{user}\""
+	header << "realm=\"#{params['realm']}\""
+	header << "nonce=\"#{params['nonce']}\""
+	header << "uri=\"#{request.path}\""
+	header << "cnonce=\"#{CNONCE}\""
+	header << "nc=#{'%08x' % @nonce_count}"
+	header << "qop=#{params['qop']}"
+	header << "response=\"#{Digest::MD5.hexdigest(request_digest)}\""
+	header << "algorithm=\"MD5\""
+
+	header = header.join(', ')
+	request['Authorization'] = header
+      end
     end
 
 
@@ -187,6 +231,9 @@ module Net #:nodoc:
 	  @curl.timeout = @http.read_timeout
 	  @curl.follow_location = true
 	  @curl.max_redirects = MAX_REDIRECTS
+	  if disable_basic_auth
+	    @curl.http_auth_types = Curl::CURLAUTH_DIGEST
+	  end
 	end
 	@curl
       end
@@ -210,11 +257,25 @@ module Net #:nodoc:
 	  end
 	end
 	curl.perform
+	unless curl.response_code >= 200 && curl.response_code < 300
+	  headers = curl.header_str.split(/\r?\n/)
+	  raise Exception.new("Curl response #{headers[0]}")
+	end
 	curl.body_str
       end
 
     end
 
+    # Disable basic auth - to protect passwords from going in the clear
+    # through a man-in-the-middle attack.
+    def disable_basic_auth?
+      @handler.disable_basic_auth
+    end
+
+    def disable_basic_auth=(value)
+      @handler.disable_basic_auth = value
+    end
+
     # Seconds to wait until reading one block (by one system call).
     # If the DAV object cannot read a block in this many seconds,
     # it raises a TimeoutError exception.

data/net_dav.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{net_dav}
-  s.version = "0.2.2"
+  s.version = "0.3.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Miron Cuperman"]
-  s.date = %q{2009-11-01}
+  s.date = %q{2009-11-02}
   s.default_executable = %q{dav}
   s.description = %q{WebDAV client library in the style of Net::HTTP}
   s.email = %q{c1.github@niftybox.net}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: net_dav
 version: !ruby/object:Gem::Version 
-  version: 0.2.2
+  version: 0.3.0
 platform: ruby
 authors: 
 - Miron Cuperman
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-11-01 00:00:00 -07:00
+date: 2009-11-02 00:00:00 -08:00
 default_executable: dav
 dependencies: 
 - !ruby/object:Gem::Dependency