pyu-ntlm-http 0.1.1.1 → 0.1.2.1

data/Rakefile

@@ -7,8 +7,10 @@ require 'rake/packagetask'
 require 'rake/gempackagetask'
 require File.join(File.dirname(__FILE__), 'lib', 'net', 'ntlm')
 
-PKG_NAME = 'rubyntlm'
-PKG_VERSION = Net::NTLM::VERSION::STRING
+#PKG_NAME = 'rubyntlm'
+PKG_NAME = 'ntlm-http'
+# add a .1 to the end of the version, to distinguish my branch
+PKG_VERSION = "#{Net::NTLM::VERSION::STRING}.2"
 
 task :default => [:test]
 
@@ -63,4 +65,4 @@ Rake::GemPackageTask.new(spec) do |p|
 end
 
   
-  
+  

data/lib/net/ntlm.rb

@@ -100,7 +100,8 @@ module Net  #:nodoc:
       end
 
       def encode_utf16le(str)
-        swap16(Kconv.kconv(str, Kconv::UTF16, Kconv::ASCII))
+        # Kconv on JRUBY outputs a BOM... so strip that
+        swap16(Kconv.kconv(str, Kconv::UTF16, Kconv::ASCII).gsub(/^\376\377/,''))
       end
     
       def pack_int64le(val)

data/lib/net/ntlm_http.rb

@@ -1,853 +1,87 @@
 #
-# = net/ntlm.rb
+# = net/ntlm_http.rb
 #
-# An NTLM Authentication Library for Ruby
+# extra stuff to make nltm auth usage as easy as basic for Net::HTTP
+# classes
 #
-# This code is a derivative of "dbf2.rb" written by yrock
-# and Minero Aoki. You can find original code here:
-# http://jp.rubyist.net/magazine/?0013-CodeReview
-# -------------------------------------------------------------
-# Copyright (c) 2005,2006 yrock
-# 
-# This program is free software.
-# You can distribute/modify this program under the terms of the
-# Ruby License.
-#
-# 2006-02-11 refactored by Minero Aoki
-# -------------------------------------------------------------
-#
-# All protocol information used to write this code stems from
-# "The NTLM Authentication Protocol" by Eric Glass. The author 
-# would thank to him for this tremendous work and making it 
-# available on the net.
-# http://davenport.sourceforge.net/ntlm.html
-# -------------------------------------------------------------
-# Copyright (c) 2003 Eric Glass
-#
-# Permission to use, copy, modify, and distribute this document
-# for any purpose and without any fee is hereby granted,
-# provided that the above copyright notice and this list of
-# conditions appear in all copies. 
-# -------------------------------------------------------------
-#
-# The author also looked Mozilla-Firefox-1.0.7 source code,
-# namely, security/manager/ssl/src/nsNTLMAuthModule.cpp and
-# Jonathan Bastien-Filiatrault's libntlm-ruby.
-# "http://x2a.org/websvn/filedetails.php?
-# repname=libntlm-ruby&path=%2Ftrunk%2Fntlm.rb&sc=1"
-# The latter has a minor bug in its separate_keys function.
-# The third key has to begin from the 14th character of the 
-# input string instead of 13th:)
-#--
-# $Id: ntlm.rb,v 1.1 2006/10/05 01:36:52 koheik Exp $
-#++
-
-require 'base64'
-require 'openssl'
-require 'openssl/digest'
+require 'net/ntlm'
+require 'net/http'
 
 module Net  #:nodoc:
-  module NTLM
-
-    module VERSION #:nodoc:
-      MAJOR = 0
-      MINOR = 1
-      TINY  = 1
-      STRING = [MAJOR, MINOR, TINY].join('.')
-    end
-
-    SSP_SIGN = "NTLMSSP\0"
-    BLOB_SIGN = 0x00000101
-    LM_MAGIC = "KGS!@\#$%"
-    TIME_OFFSET = 11644473600
-    MAX64 = 0xffffffffffffffff
-    
-    FLAGS = {
-      :UNICODE              => 0x00000001,
-      :OEM                  => 0x00000002,
-      :REQUEST_TARGET       => 0x00000004,
-  #   :UNKNOWN              => 0x00000008,
-      :SIGN                 => 0x00000010,
-      :SEAL                 => 0x00000020,
-  #   :UNKNOWN              => 0x00000040,
-      :NETWARE              => 0x00000100,
-      :NTLM                 => 0x00000200,
-  #   :UNKNOWN              => 0x00000400,
-  #   :UNKNOWN              => 0x00000800,
-      :DOMAIN_SUPPLIED      => 0x00001000,
-      :WORKSTATION_SUPPLIED => 0x00002000,
-      :LOCAL_CALL           => 0x00004000,
-      :ALWAYS_SIGN          => 0x00008000,
-      :TARGET_TYPE_DOMAIN   => 0x00010000,
-      :TARGET_INFO          => 0x00800000,
-      :NTLM2_KEY            => 0x00080000,
-      :KEY128               => 0x20000000,
-      :KEY56                => 0x80000000
-    }
-    
-    FLAG_KEYS = FLAGS.keys.sort{|a, b| FLAGS[a] <=> FLAGS[b] }
-
-    DEFAULT_FLAGS = {
-      :TYPE1 => FLAGS[:UNICODE] | FLAGS[:OEM] | FLAGS[:REQUEST_TARGET] | FLAGS[:NTLM] | FLAGS[:ALWAYS_SIGN] | FLAGS[:NTLM2_KEY],
-      :TYPE2 => FLAGS[:UNICODE],
-      :TYPE3 => FLAGS[:UNICODE] | FLAGS[:REQUEST_TARGET] | FLAGS[:NTLM] | FLAGS[:ALWAYS_SIGN] | FLAGS[:NTLM2_KEY]
-    }
-
-  # module functions
-    class << self
-      def decode_utf16le(str)
-        Kconv.kconv(swap16(str), Kconv::ASCII, Kconv::UTF16)
-      end
-
-      def encode_utf16le(str)
-        swap16(Kconv.kconv(str, Kconv::UTF16, Kconv::ASCII))
-      end
-    
-      def pack_int64le(val)
-          [val & 0x00000000ffffffff, val >> 32].pack("V2")
-      end
-      
-      def swap16(str)
-        str.unpack("v*").pack("n*")
-      end
-
-      def split7(str)
-        s = str.dup
-        until s.empty?
-          (ret ||= []).push s.slice!(0, 7)
-        end
-        ret
-      end
-    
-      def gen_keys(str)
-        split7(str).map{ |str7| 
-          bits = split7(str7.unpack("B*")[0]).inject('')\
-            {|ret, tkn| ret += tkn + (tkn.gsub('1', '').size % 2).to_s }
-          [bits].pack("B*")
-        }
-      end
-      
-      def apply_des(plain, keys)
-        dec = OpenSSL::Cipher::DES.new
-        keys.map {|k|
-          dec.key = k
-          dec.encrypt.update(plain)
-        }
-      end
-      
-      def lm_hash(password)
-        keys = gen_keys password.upcase.ljust(14, "\0")
-        apply_des(LM_MAGIC, keys).join
-      end   
-      
-      def ntlm_hash(password, opt = {})
-        pwd = password.dup
-        unless opt[:unicode]
-          pwd = encode_utf16le(pwd)
-        end
-        OpenSSL::Digest::MD4.digest pwd
-      end
-
-      def ntlmv2_hash(user, password, target, opt={})
-        ntlmhash = ntlm_hash(password, opt)
-        userdomain = (user + target).upcase
-        unless opt[:unicode]
-          userdomain = encode_utf16le(userdomain)
-        end
-        OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmhash, userdomain)
-      end
-
-      # responses
-      def lm_response(arg)
-        begin
-          hash = arg[:lm_hash]
-          chal = arg[:challenge]
-        rescue
-          raise ArgumentError
-        end
-        chal = NTL::pack_int64le(chal) if chal.is_a?(Integer)
-        keys = gen_keys hash.ljust(21, "\0")
-        apply_des(chal, keys).join
-      end
-      
-      def ntlm_response(arg)
-        hash = arg[:ntlm_hash]
-        chal = arg[:challenge]
-        chal = NTL::pack_int64le(chal) if chal.is_a?(Integer)
-        keys = gen_keys hash.ljust(21, "\0")
-        apply_des(chal, keys).join
-      end
-
-      def ntlmv2_response(arg, opt = {})
-        begin
-          key = arg[:ntlmv2_hash]
-          chal = arg[:challenge]
-          ti = arg[:target_info]
-        rescue
-          raise ArgumentError
-        end
-        chal = NTL::pack_int64le(chal) if chal.is_a?(Integer)
-        
-        if opt[:client_challenge]
-          cc  = opt[:client_challenge]
-        else
-          cc = rand(MAX64)
-        end
-        cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)
-
-        if opt[:timestamp]
-          ts = opt[:timestamp]
-        else
-          ts = Time.now.to_i
-        end
-        # epoch -> milsec from Jan 1, 1601
-        ts = 10000000 * (ts + TIME_OFFSET)
-
-        blob = Blob.new
-        blob.timestamp = ts
-        blob.challenge = cc
-        blob.target_info = ti
-        
-        bb = blob.serialize
-        OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + bb) + bb
-      end
-      
-      def lmv2_response(arg, opt = {})
-        key = arg[:ntlmv2_hash]
-        chal = arg[:challenge]
-        
-        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
-
-        if opt[:client_challenge]
-          cc  = opt[:client_challenge]
-        else
-          cc = rand(MAX64)
-        end
-        cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)
-
-        OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + cc) + cc
-      end
-      
-      def ntlm2_session(arg, opt = {})
-        begin
-          passwd_hash = arg[:ntlm_hash]
-          chal = arg[:challenge]
-        rescue
-          raise ArgumentError
-        end
-
-        if opt[:client_challenge]
-          cc  = opt[:client_challenge]
-        else
-          cc = rand(MAX64)
-        end
-        cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)
-
-        keys = gen_keys passwd_hash.ljust(21, "\0")
-        session_hash = OpenSSL::Digest::MD5.digest(chal + cc).slice(0, 8)
-        response = apply_des(session_hash, keys).join
-        [cc.ljust(24, "\0"), response]
-      end
-    end
-
-
-    # base classes for primitives
-    class Field
-      attr_accessor :active, :value
-
-      def initialize(opts)
-        @value  = opts[:value]
-        @active = opts[:active].nil? ? true : opts[:active]
-      end
-      
-      def size
-        @active ? @size : 0
-      end
-    end
-
-    class String < Field
-      def initialize(opts)
-        super(opts)
-        @size = opts[:size]
-      end
-      
-      def parse(str, offset=0)
-        if @active and str.size >= offset + @size
-          @value = str[offset, @size]
-          @size
-        else
-          0
-        end
-      end
-      
-      def serialize
-        if @active
-          @value
-        else
-          ""
-        end
-      end
-      
-      def value=(val)
-        @value = val
-        @size = @value.nil? ? 0 : @value.size
-        @active = (@size > 0)
-      end
-    end
 
+  module HTTPHeader
+    # could also try an automatic authentication. sends as basic first, then
+    # resends if required, or whatever.
+    # seems kind of messy exposing this stuff here.
 
-    class Int16LE < Field
-      def initialize(opt)
-        super(opt)
-        @size = 2
-      end
-      def parse(str, offset=0)
-        if @active and str.size >= offset + @size
-          @value = str[offset, @size].unpack("v")[0]
-          @size
-        else
-          0
-        end
-      end
-      
-      def serialize
-        [@value].pack("v")
-      end
+    def auth_data
+      @auth_data
     end
 
-    class Int32LE < Field
-      def initialize(opt)
-        super(opt)
-        @size = 4
-      end
-
-      def parse(str, offset=0)
-        if @active and str.size >= offset + @size
-          @value = str.slice(offset, @size).unpack("V")[0]
-          @size
-        else
-          0
-        end
-      end
-
-      def serialize
-        [@value].pack("V") if @active
-      end
+    # can set wait - don't authenticate unless challenged. useful when reusing
+    # the connection (otherwise you handshake for each request). wait should
+    # probably become the default, allowing the type of authentication to be
+    # driven by a server challenge.
+    def ntlm_auth user, password, wait=false
+      @auth_data = [:ntlm, user, password]
+      self['Authorization'] = 'NTLM ' + Net::NTLM::Message::Type1.new.encode64 unless wait
     end
+  end
 
-    class Int64LE < Field
-      def initialize(opt)
-        super(opt)
-        @size = 8
-      end
-
-      def parse(str, offset=0)
-        if @active and str.size >= offset + @size
-          d, u = str.slice(offset, @size).unpack("V2")
-          @value = (u * 0x100000000 + d)
-          @size
-        else
-          0
-        end
-      end
-      
-      def serialize
-        [@value & 0x00000000ffffffff, @value >> 32].pack("V2") if @active
-      end
-    end
-
-    # base class of data structure
-    class FieldSet
-      class << FieldSet
-        def define(&block)
-          c = Class.new(self)
-          def c.inherited(subclass)
-            proto = @proto
-            subclass.instance_eval {
-              @proto = proto
-            }
-          end
-          c.module_eval(&block)
-          c
-        end
-        
-        def string(name, opts)
-          add_field(name, String, opts)
-        end
-        
-        def int16LE(name, opts)
-          add_field(name, Int16LE, opts)
-        end
-
-        def int32LE(name, opts)
-          add_field(name, Int32LE, opts)
-        end
-
-        def int64LE(name, opts)
-          add_field(name, Int64LE, opts)
-        end
-        
-        def security_buffer(name, opts)
-          add_field(name, SecurityBuffer, opts)
-        end
-
-        def prototypes
-          @proto
-        end
-        
-        def names
-          @proto.map{|n, t, o| n}
-        end
-
-        def types
-          @proto.map{|n, t, o| t}
-        end
-        
-        def opts
-          @proto.map{|n, t, o| o}
-        end
-        
-        private
-        
-        def add_field(name, type, opts)
-          (@proto ||= []).push [name, type, opts]
-          define_accessor name
-        end
-        
-        def define_accessor(name)
-          module_eval(<<-End, __FILE__, __LINE__ + 1)
-          def #{name}
-            self['#{name}'].value
-          end
-            
-          def #{name}=(val)
-            self['#{name}'].value = val
-          end
-          End
-        end 
-      end
-      
-      def initialize
-        @alist = self.class.prototypes.map{ |n, t, o| [n, t.new(o)] }
-      end
-      
-      def serialize
-        @alist.map{|n, f| f.serialize }.join
-      end
-      
-      def parse(str, offset=0)
-        @alist.inject(offset){|cur, a|  cur += a[1].parse(str, cur)}
-      end
-
-      def size
-        @alist.inject(0){|sum, a| sum += a[1].size}
-      end
-
-      def [](name)
-        a = @alist.assoc(name.to_s.intern)
-        raise ArgumentError, "no such field: #{name}" unless a
-        a[1]
-      end
-      
-      def []=(name, val)
-        a = @alist.assoc(name.to_s.intern)
-        raise ArgumentError, "no such field: #{name}" unless a
-        a[1] = val
-      end
-      
-      def enable(name)
-        self[name].active = true
-      end
-      
-      def disable(name)
-        self[name].active = false
-      end
-    end
-
-
-    Blob = FieldSet.define {
-      int32LE    :blob_signature,   {:value => BLOB_SIGN}
-      int32LE    :reserved,         {:value => 0}
-      int64LE    :timestamp,      {:value => 0}
-      string     :challenge,      {:value => "", :size => 8}
-      int32LE    :unknown1,     {:value => 0}
-      string     :target_info,      {:value => "", :size => 0}
-      int32LE    :unknown2,         {:value => 0}
-    }
-
-    SecurityBuffer = FieldSet.define {
-      int16LE   :length,        {:value => 0}
-      int16LE   :allocated,     {:value => 0}
-      int32LE   :offset,        {:value => 0}
-    }
+  # here we override the default Net::HTTP#request method, in order to hide the
+  # necessary handshaking. maybe a more generic scheme for hooking into this
+  # could be useful, for other auth types
 
-    class SecurityBuffer
-      attr_accessor :active
-      def initialize(opts)
-        super()
-        @value  = opts[:value]
-        @active = opts[:active].nil? ? true : opts[:active]
-        @size = 8
-      end
-      
-      def parse(str, offset=0)
-        if @active and str.size >= offset + @size
-          super(str, offset)
-          @value = str[self.offset, self.length]
-          @size
-        else
-          0
+  # because of the handshaking i have to rewind body stream. maybe body stream
+  # shouldn't be sent when authenticating??
+  class HTTPRequest
+    def reuse
+      if body_stream
+        begin   body_stream.rewind
+        rescue; raise "error rewinding body stream for authentication"
         end
       end
-      
-      def serialize
-        super if @active
-      end
-      
-      def value
-        @value
-      end
-      
-      def value=(val)
-        @value = val
-        self.length = self.allocated = val.size
-      end
-      
-      def data_size
-        @active ? @value.size : 0
-      end
     end
-    
-    class Message < FieldSet
-      class << Message
-        def parse(str)
-          m = Type0.new
-          m.parse(str)
-          case m.type
-          when 1
-            t = Type1.parse(str)
-          when 2
-            t = Type2.parse(str)
-          when 3
-            t = Type3.parse(str)
-          else
-            raise ArgumentError, "unknown type: #{m.type}"
-          end
-          t
-        end
-        
-        def decode64(str)
-          parse(Base64.decode64(str))
-        end
-      end
-      
-      def has_flag?(flag)
-        (self[:flag].value & FLAGS[flag]) == FLAGS[flag]
-      end
-      
-      def set_flag(flag)
-        self[:flag].value  |= FLAGS[flag]
-      end
-      
-      def dump_flags
-        FLAG_KEYS.each{ |k| print(k, "=", flag?(k), "\n") }
-      end
-      
-      def serialize
-        deflag
-        super + security_buffers.map{|n, f| f.value}.join
-      end
-      
-      def encode64
-        Base64.encode64(serialize).gsub(/\n/, '')
-      end
-      
-      def decode64(str)
-        parse(Base64.decode64(str))
-      end
-      
-      alias head_size size
-
-      def data_size
-        security_buffers.inject(0){|sum, a| sum += a[1].data_size}
-      end
-
-      def size
-        head_size + data_size
-      end
-      
-
-      private
-
-      def security_buffers
-        @alist.find_all{|n, f| f.instance_of?(SecurityBuffer)}
-      end
-      
-      def deflag
-        security_buffers.inject(head_size){|cur, a|
-          a[1].offset = cur
-          cur += a[1].data_size
-        }
-      end
-      
-      def data_edge
-        security_buffers.map{ |n, f| f.active ? f.offset : size}.min
-      end
-
-      # sub class definitions
-      
-      Type0 = Message.define {
-        string        :sign,      {:size => 8, :value => SSP_SIGN}
-        int32LE       :type,      {:value => 0}
-      }
-      
-      Type1 = Message.define {
-        string          :sign,         {:size => 8, :value => SSP_SIGN}
-        int32LE         :type,         {:value => 1}
-        int32LE         :flag,         {:value => DEFAULT_FLAGS[:TYPE1] }
-        security_buffer :domain,       {:value => "", :active => false}
-        security_buffer :workstation,  {:value => "", :active => false}
-        string          :padding,      {:size => 0, :value => "", :active => false }
-      }
-
-      class Type1
-        class << Type1
-          def parse(str)
-            t = new
-            t.parse(str)
-            t
-          end
-        end
-        
-        def parse(str)
-          super(str)
-          enable(:domain) if has_flag?(:DOMAIN_SUPPLIED)
-          enable(:workstation) if has_flag?(:WORKSTATION_SUPPLIED)
-          super(str)
-          if ( (len = data_edge - head_size) > 0)
-            self.padding = "\0" * len
-            super(str)
-          end
-        end
-      end
-      
-      Type2 = Message.define{
-        string        :sign,         {:size => 8, :value => SSP_SIGN}
-        int32LE       :type,      {:value => 2}
-        security_buffer   :target_name,  {:size => 0, :value => ""}
-        int32LE       :flag,         {:value => DEFAULT_FLAGS[:TYPE2]}
-        int64LE           :challenge,    {:value => 0}
-        int64LE           :context,      {:value => 0, :active => false}
-        security_buffer   :target_info,  {:value => "", :active => false}
-        string        :padding,   {:size => 0, :value => "", :active => false }
-      }
-      
-      class Type2
-        class << Type2
-          def parse(str)
-            t = new
-            t.parse(str)
-            t
-          end
-        end
-        
-        def parse(str)
-          super(str)
-          if has_flag?(:TARGET_INFO)
-            enable(:context)
-            enable(:target_info)
-            super(str)
-          end
-          if ( (len = data_edge - head_size) > 0)
-            self.padding = "\0" * len
-            super(str)
-          end
-        end
-        
-        def response(arg, opt = {})
-          usr = arg[:user]
-          pwd = arg[:password]
-          if usr.nil? or pwd.nil?
-            raise ArgumentError, "user and password have to be supplied"
-          end
-          
-          if opt[:workstation]
-            ws = opt[:workstation]
-          else
-            ws = ""
-          end
-          
-          if opt[:client_challenge]
-            cc  = opt[:client_challenge]
-          else
-            cc = rand(MAX64)
-          end
-          cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)
-          opt[:client_challenge] = cc
-
-          if has_flag?(:OEM) and opt[:unicode]
-            usr = NTLM::decode_utf16le(usr)
-            pwd = NTLM::decode_utf16le(pwd)
-            ws  = NTLM::decode_utf16le(ws)
-            opt[:unicode] = false
-          end
-          if has_flag?(:UNICODE) and !opt[:unicode]
-            usr = NTLM::encode_utf16le(usr).gsub(/^\377\376/,'')
-            pwd = NTLM::encode_utf16le(pwd).gsub(/^\377\376/,'')
-            ws  = NTLM::encode_utf16le(ws).gsub(/^\377\376/,'')
-            opt[:unicode] = true
-          end
-          tgt = self.target_name
-          ti = self.target_info
+  end
 
-          chal = self[:challenge].serialize
-          
-          if opt[:ntlmv2]
-            ar = {:ntlmv2_hash => NTLM::ntlmv2_hash(usr, pwd, tgt, opt), :challenge => chal, :target_info => ti}
-            lm_res = NTLM::lmv2_response(ar, opt)
-            ntlm_res = NTLM::ntlmv2_response(ar, opt)
-          elsif has_flag?(:NTLM2_KEY)
-            ar = {:ntlm_hash => NTLM::ntlm_hash(pwd, opt), :challenge => chal}
-            lm_res, ntlm_res = NTLM::ntlm2_session(ar, opt)
-          else
-            lm_res = NTLM::lm_response(pwd, chal)
-            ntlm_res = NTLM::ntlm_response(pwd, chal)
-          end
-          
-          Type3.create({
-          	:lm_response => lm_res,
-          	:ntlm_response => ntlm_res,
-          	:domain => tgt,
-            :user => usr,
-            :workstation => ws,
-            :flag => self.flag
-          })
-        end
-      end
-      
-            
-      Type3 = Message.define{
-        string          :sign,          {:size => 8, :value => SSP_SIGN}
-        int32LE         :type,          {:value => 3}
-        security_buffer :lm_response,   {:value => ""}
-        security_buffer :ntlm_response, {:value => ""}
-        security_buffer :domain,        {:value => ""}
-        security_buffer :user,          {:value => ""}
-        security_buffer :workstation,   {:value => ""}
-        security_buffer :session_key,   {:value => "", :active => false }
-        int64LE         :flag,          {:value => 0, :active => false }
-      }
-      
-      class Type3
-        class << Type3
-          def parse(str)
-            t = new
-            t.parse(str)
-            t
-          end
-        
-          def create(arg, opt ={})
-            t = new
-            t.lm_response = arg[:lm_response]
-            t.ntlm_response = arg[:ntlm_response]
-            t.domain = arg[:domain]
-            t.user = arg[:user]
-            t.workstation = arg[:workstation]
-            
-            if arg[:session_key]
-              t.enable(:session_key)
-              t.session_key = arg[session_key]
-            end
-            if arg[:flag]
-              t.enable(:session_key)
-              t.enable(:flag)
-              t.flag = arg[:flag]
-            end
-            t
-          end
-        end
+  class HTTP
+    alias old_request :request
+    private :old_request
+
+    def request req, body=nil, &block
+      resp = data = auth_data = nil
+      old_request req, body do |resp|
+        wwwauth = resp.header['www-authenticate'].split(",").collect{|x| x.strip} rescue ""
+        unless Net::HTTPUnauthorized === resp and auth_data = req.auth_data and
+            auth_data[0] == :ntlm and (wwwauth == 'NTLM' || wwwauth.is_a?(Array) && wwwauth.include?('NTLM')) ||
+            data = resp['www-authenticate'][/^NTLM (.*)/, 1]
+          data = false
+          yield resp if block_given?
+        end
+      end
+      return resp if data == false
+      # not really sure if i'm supposed to just rewrite the request like this?
+      # and the body? what about redirects? the resp.content is just the text error message
+      # what about post data?
+      req.reuse
+      unless data
+        # first stage handshake. respond to challenge
+        #				puts "* authenticating (0) ..."
+        # this time wait is true.
+        req.ntlm_auth(*auth_data[1..2])
+        request req, body, &block
+      else
+        #				puts "* authenticating (1) ..."
+        challenge = Net::NTLM::Message.decode64 data
+        # challenge.target_name could be provided back as a prompt.
+        # maybe if password is unspecified, a callback can be used to provide
+        # a user prompt.
+        domain,dummy,userid = auth_data[1].rpartition('\\')
+        resp = challenge.response({:domain=>domain, :user => userid, :password => auth_data[2]}, {:ntlmv2 => true})
+        req['Authorization'] = 'NTLM ' + resp.encode64
+        old_request(req, body) { |resp| yield resp if block_given? }
+        resp
       end
     end
   end
-  
-  # extra stuff to make nltm auth usage as easy as basic for Net::HTTP
-	# classes
-
-	require 'net/http'
-
-	module HTTPHeader
-		# could also try an automatic authentication. sends as basic first, then
-		# resends if required, or whatever.
-		# seems kind of messy exposing this stuff here.
-
-		def auth_data
-			@auth_data
-		end
-
-		# can set wait - don't authenticate unless challenged. useful when reusing
-		# the connection (otherwise you handshake for each request). wait should
-		# probably become the default, allowing the type of authentication to be
-		# driven by a server challenge.
-		def ntlm_auth user, password, wait=false
-			@auth_data = [:ntlm, user, password]
-			self['Authorization'] = 'NTLM ' + Net::NTLM::Message::Type1.new.encode64 unless wait
-		end
-	end
-
-	# here we override the default Net::HTTP#request method, in order to hide the
-	# necessary handshaking. maybe a more generic scheme for hooking into this
-	# could be useful, for other auth types
-
-	# because of the handshaking i have to rewind body stream. maybe body stream
-	# shouldn't be sent when authenticating??
-	class HTTPRequest
-		def reuse
-			if body_stream
-				begin   body_stream.rewind
-				rescue; raise "error rewinding body stream for authentication"
-				end
-			end
-		end
-	end
-
-	class HTTP
-		alias old_request :request
-		private :old_request
-
-		def request req, body=nil, &block
-			resp = data = auth_data = nil
-			old_request req, body do |resp|
-				wwwauth = resp.header['www-authenticate'].split(",").collect{|x| x.strip} rescue ""
-				unless Net::HTTPUnauthorized === resp and auth_data = req.auth_data and
-					auth_data[0] == :ntlm and (wwwauth == 'NTLM' || wwwauth.is_a?(Array) && wwwauth.include?('NTLM')) ||
-					data = resp['www-authenticate'][/^NTLM (.*)/, 1]
-					data = false
-					yield resp if block_given?
-				end
-			end
-			return resp if data == false
-			# not really sure if i'm supposed to just rewrite the request like this?
-			# and the body? what about redirects? the resp.content is just the text error message
-			# what about post data?
-			req.reuse
-			unless data
-				# first stage handshake. respond to challenge
-#				puts "* authenticating (0) ..."
-				# this time wait is true.
-				req.ntlm_auth(*auth_data[1..2])
-				request req, body, &block
-			else
-#				puts "* authenticating (1) ..."
-				challenge = Net::NTLM::Message.decode64 data
-				# challenge.target_name could be provided back as a prompt.
-				# maybe if password is unspecified, a callback can be used to provide
-				# a user prompt.
-				resp = challenge.response({:user => auth_data[1], :password => auth_data[2]}, {:ntlmv2 => true})
-				req['Authorization'] = 'NTLM ' + resp.encode64
-				old_request(req, body) { |resp| yield resp if block_given? }
-				resp
-			end
-		end
-	end
-  
 end

data/ntlm-http.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = %q{pyu-ntlm-http}
-  s.version = "0.1.1.1"
+  s.version = "0.1.2.1"
   s.date = %q{20-05-2009}
   s.summary = %q{Ruby/NTLM HTTP library.}
   s.email = %q{kingsley@mindflowsolutions.com}

metadata

@@ -1,16 +1,17 @@
 --- !ruby/object:Gem::Specification 
 name: pyu-ntlm-http
 version: !ruby/object:Gem::Version 
+  hash: 77
   prerelease: false
   segments: 
-    - 0
-    - 1
-    - 1
-    - 1
-  version: 0.1.1.1
+  - 0
+  - 1
+  - 2
+  - 1
+  version: 0.1.2.1
 platform: ruby
 authors: 
-  - Kohei Kajimoto,Kingsley Hendrickse
+- Kohei Kajimoto,Kingsley Hendrickse
 autorequire: net/ntlm_http
 bindir: bin
 cert_chain: []
@@ -26,43 +27,45 @@ executables: []
 extensions: []
 
 extra_rdoc_files: 
-  - README
+- README
 files: 
-  - ntlm-http.gemspec
-  - Rakefile
-  - README
-  - lib/net/ntlm.rb
-  - lib/net/ntlm_http.rb
-  - test/function_test.rb
-  - examples/http.rb
-  - examples/imap.rb
-  - examples/smtp.rb
+- ntlm-http.gemspec
+- Rakefile
+- README
+- lib/net/ntlm.rb
+- lib/net/ntlm_http.rb
+- test/function_test.rb
+- examples/http.rb
+- examples/imap.rb
+- examples/smtp.rb
 has_rdoc: true
 homepage: http://www.mindflowsolutions.net
 licenses: []
 
 post_install_message: 
 rdoc_options: 
-  - --main
-  - README
+- --main
+- README
 require_paths: 
-  - lib
+- lib
 required_ruby_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-          - 0
-        version: "0"
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-          - 0
-        version: "0"
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
 requirements: []
 
 rubyforge_project: rubyntlm