rubysspi 0.0.1-i386-mswin32

data/README.txt

@@ -0,0 +1,93 @@
+= Introduction
+
+This library provides bindings to the Win32 SSPI libraries, which implement various security protocols for Windows. The library was primarily developed to give Negotiate/NTLM proxy authentication abilities to Net::HTTP, similar to support found in Internet Explorer or Firefox.
+
+The libary is NOT an implementation of the NTLM protocol, and does not give the ability to authenticate as any given user. It is able to authenticate with a proxy server as the current user.
+
+This project can be found on rubyforge at:
+
+http://rubyforge.org/projects/rubysspi
+
+= Using with open-uri
+
+To use the library with open-uri, make sure to set the environment variable +http_proxy+ to your proxy server. This must be a hostname and port in URL form. E.g.:
+
+  http://proxy.corp.com:8080
+  
+The library will grab your current username and domain from the environment variables +USERNAME+ and +USERDOMAIN+. This should be set for you by Windows already.
+
+The library implements a patch on top of Net::HTTP, which means open-uri gets it too. At the top of your script, make sure to require the patch after +open-uri+:
+
+  require +open-uri+
+  require +rubysspi/proxy_auth+
+  
+  open("http://www.google.com") { |f| puts(f.gets(nil)) }
+
+Note that this patch does NOT work with the +http_proxy_user+ and +http_proxy_password+ environment variables. The library will ONLY authenticate as the current user.
+
+= Using with Net::HTTP
+
+Net::HTTP will not use the proxy server supplied in the environment variable automatically, so you have to supply the proxy address yourself. Otherwise, it's exactly the same:
+
+  require 'net/http'
+  require 'rubysspi/proxy_auth+
+  
+  Net::HTTP::Proxy("proxy.corp.com", 8080).start("www.google.com") do |http|
+    resp = http.request_get "/"
+    puts resp.body
+  end
+  
+= Using rubysspi directly
+
+As stated, the library is geared primarily towards supporting Negotiate/NTLM authentication with proxy servers. In this vein, you can manually authenticate a given HTTP connection with a single call:
+
+  require 'rubysspi'
+
+  Net::HTTP.Proxy(proxy.host, proxy.port).start("www.google.com") do |http|
+    resp = SSPI::NegotiateAuth.proxy_auth_get http, "/"
+  end
+
+The +resp+ variable will contain the response from Google, with any proxy authorization necessary taken care of automatically. Note that if the +http+ connection is not closed, any subsequent requests will NOT require authentication. 
+
+If the above method is used, it is recommended that you do NOT require the 'rubysspi/proxy_auth' library, as the interaction between the two will fail.
+
+The library can be used directly to generate tokens appropriate for the current user, too.
+
+To get started, first create an instance of the SSPI::NegotiateAuth class:
+
+  require 'rubysspi'
+  
+  n = SSPI::NegotiateAuth.new
+  
+Next, get the first token by calling get_initial_token:
+
+  token = n.get_initial_token
+  
+This token returned will be Base64 encoded and can be directly placed in an HTTP header. This token can be easily decoded, however, and is usually an NTLM Type 1 message.
+
+After getting a response from the server (usually an NTLM Type 2 message), pass it into the complete_authentication:
+
+  token = n.complete_authentication(server_token)
+  
+Note that server_token can be Base64 encoded or not, and if it starts with "Negotiate", that phrase will be stripped off. This allows the response from a Proxy-Authentication header to be passed into the method directly. The token can be decoded externally and passed in, too.
+
+The token returned (usually an NTLM Type 3) message can then be sent to the server and the connection should be authenticated.
+
+= Thanks & References
+
+Many references were used in decoding both NTLM messages and integrating with the SSPI library. Among them are:
+
+* Managed SSPI Sample - A .NET implementation of a simple client/server using SSPI. A complex undertaking but provides a great resource for playing with the API.
+  * http://msdn.microsoft.com/library/?url=/library/en-us/dndotnet/html/remsspi.asp?frame=true
+* John Lam's RubyCLR - http://www.rubyclr.com
+  * Originally, I used RubyCLR to call into the Managed SSPI sample which really helped me decode what the SSPI interface did and how it worked. I did not end up using that implementation but it was great for research.
+* The NTLM Authentication Protocol - The definitive explanation for the NTLM protocol (outside MS internal documents, I presume).
+  * http://davenport.sourceforge.net/ntlm.html
+* Ruby/NTLM - A pure Ruby implementation of the NTLM protocol. Again, not used in this project but invaluable for decoding NTLM messages and figuring out what SSPI was returning.
+  * http://rubyforge.org/projects/rubyntlm/
+* Seamonkey/Mozilla NTLM implementation - The only source for an implementation in an actual browser. How they figured out how to use SSPI themselves is beyond me.
+  * http://lxr.mozilla.org/seamonkey/source/mailnews/base/util/nsMsgProtocol.cpp#899
+
+And of course, thanks to my Lord and Savior, Jesus Christ. In the name of the Father, the Son, and the Holy Spirit.
+
+

data/Rakefile

@@ -0,0 +1,39 @@
+require 'rubygems'
+Gem::manage_gems
+require 'rake/gempackagetask'
+
+spec = Gem::Specification.new do |s|
+	s.name = "rubysspi"
+	s.summary = "A library which adds implements Ruby bindings to the Win32 SSPI library. Also includes a module to add Negotate authentication support to Net::HTTP."
+	s.version = "0.0.1"
+	s.author = "Justin Bailey"
+	s.email = "jgbailey @nospan@ gmail.com"
+	s.homepage = "http://rubyforge.org/projects/rubysspi/"
+	s.rubyforge_project = "http://rubyforge.org/projects/rubysspi/"
+	s.description = <<EOS
+This gem provides bindings to the Win32 SSPI libraries, primarily to support Negotiate (i.e. SPNEGO, NTLM)
+authentication with a proxy server. Enough support is implemented to provide the necessary support for
+the authentication.
+
+A module is also provided which overrides Net::HTTP and adds support for Negotiate authentication to it.
+
+This implies that open-uri automatically gets support for it, as long as the http_proxy environment variable
+is set.
+EOS
+
+	s.platform = Gem::Platform::CURRENT
+	s.files = FileList["lib/**/*", "test/*", "*.txt", "Rakefile"].to_a
+
+	s.require_path = "lib"
+	s.autorequire = "rubysspi"
+
+	s.has_rdoc = true
+	s.extra_rdoc_files = ["README.txt"]
+	s.rdoc_options << '--title' << 'Ruby SSPI -- Win32 SSPI Bindings for Ruby' <<
+                       '--main' << 'README.txt' <<
+                       '--line-numbers'
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.need_tar = true
+end

data/lib/rubysspi.rb

@@ -0,0 +1,303 @@
+require 'dl/win32'
+require 'base64'
+
+# Implements bindings to Win32 SSPI functions, focused on authentication to a proxy server over HTTP.
+module SSPI
+  # Specifies how credential structure requested will be used. Only SECPKG_CRED_OUTBOUND is used
+  # here.
+  SECPKG_CRED_INBOUND = 0x00000001
+  SECPKG_CRED_OUTBOUND = 0x00000002
+  SECPKG_CRED_BOTH = 0x00000003
+
+  # Format of token. NETWORK format is used here.
+  SECURITY_NATIVE_DREP = 0x00000010
+  SECURITY_NETWORK_DREP = 0x00000000
+
+  # InitializeSecurityContext Requirement flags
+  ISC_REQ_REPLAY_DETECT = 0x00000004
+  ISC_REQ_SEQUENCE_DETECT = 0x00000008
+  ISC_REQ_CONFIDENTIALITY = 0x00000010
+  ISC_REQ_USE_SESSION_KEY = 0x00000020
+  ISC_REQ_PROMPT_FOR_CREDS = 0x00000040
+  ISC_REQ_CONNECTION = 0x00000800
+
+  # Win32 API Functions. Uses dl/win32 to bind methods to constants contained in class. 
+  module API
+    # Can be called with AcquireCredentialsHandle.call()
+    AcquireCredentialsHandle = Win32API.new("secur32", "AcquireCredentialsHandle", ['ppLpppppp'], 'L')
+    # Can be called with AcquireCredentialsHandle.call()
+    InitializeSecurityContext = Win32API.new("secur32", "InitializeSecurityContext", [ 'pppLLLpLpppp'], 'L')
+    # Can be called with AcquireCredentialsHandle.call()
+    DeleteSecurityContext = Win32API.new("secur32", "DeleteSecurityContext", ['P'], 'L')
+    # Can be called with AcquireCredentialsHandle.call()
+    FreeCredentialsHandle = Win32API.new("secur32", "FreeCredentialsHandle", ['P'], 'L')
+  end
+  
+  # SecHandle struct
+  class SecurityHandle
+    def upper
+      @struct.unpack("LL")[1]
+    end
+    
+    def lower
+      @struct.unpack("LL")[0]
+    end
+    
+    def to_p
+      @struct ||= "\0" * 8
+    end
+  end
+  
+  # Some familiar aliases for the SecHandle structure
+  CredHandle = CtxtHandle = SecurityHandle
+
+  # TimeStamp struct
+  class TimeStamp
+    attr_reader :struct
+
+    def to_p
+      @struct ||= "\0" * 8
+    end
+  end
+  
+  # Creates binary representaiton of a SecBufferDesc structure,
+  # including the SecBuffer contained inside.
+  class SecurityBuffer
+
+    SECBUFFER_TOKEN = 2   # Security token
+    
+    TOKENBUFSIZE = 12288
+    SECBUFFER_VERSION = 0
+
+    def initialize(buffer = nil)
+      @buffer = buffer || "\0" * TOKENBUFSIZE
+      @bufferSize = @buffer.length
+      @type = SECBUFFER_TOKEN
+    end
+    
+    def bufferSize
+      unpack
+      @bufferSize
+    end
+    
+    def bufferType
+      unpack
+      @type
+    end
+    
+    def token
+      unpack
+      @buffer
+    end
+    
+    def to_p
+      # Assumption is that when to_p is called we are going to get a packed structure. Therefore,
+      # set @unpacked back to nil so we know to unpack when accessors are next accessed.
+      @unpacked = nil
+      # Assignment of inner structure to variable is very important here. Without it,
+      # will not be able to unpack changes to the structure. Alternative, nested unpacks,
+      # does not work (i.e. @struct.unpack("LLP12")[2].unpack("LLP12") results in "no associated pointer")
+      @sec_buffer ||= [@bufferSize, @type, @buffer].pack("LLP")
+      @struct ||= [SECBUFFER_VERSION, 1, @sec_buffer].pack("LLP")    
+    end
+  
+  private
+  
+    # Unpacks the SecurityBufferDesc structure into member variables. We
+    # only want to do this once per struct, so the struct is deleted
+    # after unpacking. 
+    def unpack
+      if ! @unpacked && @sec_buffer && @struct
+        @bufferSize, @type = @sec_buffer.unpack("LL")
+        @buffer = @sec_buffer.unpack("LLP#{@bufferSize}")[2]
+        @struct = nil
+        @sec_buffer = nil
+        @unpacked = true
+      end
+    end
+  end
+  
+  # SEC_WINNT_AUTH_IDENTITY structure
+  class Identity
+    SEC_WINNT_AUTH_IDENTITY_ANSI = 0x1
+
+    attr_accessor :user, :domain, :password
+    
+    def initialize(user = nil, domain = nil, password = nil)
+      @user = user
+      @domain = domain
+      @password = password
+      @flags = SEC_WINNT_AUTH_IDENTITY_ANSI
+    end
+    
+    def to_p
+      [@user, @user ? @user.length : 0, 
+       @domain, @domain ? @domain.length : 0,
+       @password, @password ? @password.length : 0,
+       @flags].pack("PLPLPLL")
+    end    
+  end
+
+  # Takes a return result from an SSPI function and interprets the value.
+  class SSPIResult 
+    # Good results
+    SEC_E_OK = 0x00000000
+    SEC_I_CONTINUE_NEEDED = 0x00090312
+
+    # These are generally returned by InitializeSecurityContext
+    SEC_E_INSUFFICIENT_MEMORY = 0x80090300
+    SEC_E_INTERNAL_ERROR = 0x80090304
+    SEC_E_INVALID_HANDLE = 0x80090301
+    SEC_E_INVALID_TOKEN = 0x80090308
+    SEC_E_LOGON_DENIED = 0x8009030C
+    SEC_E_NO_AUTHENTICATING_AUTHORITY = 0x80090311
+    SEC_E_NO_CREDENTIALS = 0x8009030E
+    SEC_E_TARGET_UNKNOWN = 0x80090303
+    SEC_E_UNSUPPORTED_FUNCTION = 0x80090302
+    SEC_E_WRONG_PRINCIPAL = 0x80090322
+
+    # These are generally returned by AcquireCredentialsHandle
+    SEC_E_NOT_OWNER = 0x80090306
+    SEC_E_SECPKG_NOT_FOUND = 0x80090305
+    SEC_E_UNKNOWN_CREDENTIALS = 0x8009030D
+    
+    @@map = {}
+    constants.each { |v| @@map[self.const_get(v.to_s)] = v }
+
+    attr_reader :value
+    
+    def initialize(value)
+      # convert to unsigned long
+      value = [value].pack("L").unpack("L").first
+      raise "#{value.to_s(16)} is not a recognized result" unless @@map.has_key? value
+      @value = value
+    end
+    
+    def to_s
+      @@map[@value].to_s
+    end
+    
+    def ok?
+      @value == SEC_I_CONTINUE_NEEDED || @value == SEC_E_OK
+    end
+    
+    def ==(other)
+      if other.is_a?(SSPIResult)
+        @value == other.value
+      elsif other.is_a?(Fixnum)
+        @value == @@map[other]
+      else
+        false
+      end
+    end
+  end
+
+  # Handles "Negotiate" type authentication. Geared towards authenticating with a proxy server over HTTP
+  class NegotiateAuth  
+    attr_accessor :credentials, :context, :contextAttributes, :user, :domain
+    REQUEST_FLAGS = ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONNECTION
+
+    # Given a connection and a request path, performs authentication as the current user and returns
+    # the response from a GET request. The connnection should be a Net::HTTP object, and it should
+    # have been constructed using the Net::HTTP.Proxy method, but anything that responds to "get" will work.
+    # If a user and domain are given, will authenticate as the given user.
+    # Returns the response received from the get method (usually Net::HTTPResponse)
+    def NegotiateAuth.proxy_auth_get(http, path, user = nil, domain = nil)
+      raise "http must respond to :get" unless http.respond_to?(:get)
+      nego_auth = self.new user, domain
+      
+      resp = http.get path, { "Proxy-Authorization" => "Negotiate " + nego_auth.get_initial_token }
+      if resp["Proxy-Authenticate"]
+        resp = http.get path, { "Proxy-Authorization" => "Negotiate " + nego_auth.complete_authentication(resp["Proxy-Authenticate"].split(" ").last.strip) }
+      end
+
+      resp
+    end
+    
+    # Creates a new instance ready for authentication as the given user in the given domain.
+    # Defaults to current user and domain as defined by ENV["USERDOMAIN"] and ENV["USERNAME"] if
+    # no arguments are supplied.
+    def initialize(user = nil, domain = nil)
+      if user.nil? && domain.nil? && ENV["USERNAME"].nil? && ENV["USERDOMAIN"].nil?
+        raise "A username or domain must be supplied since they cannot be retrieved from the environment"
+      end
+      
+      @user = user || ENV["USERNAME"]
+      @domain = domain || ENV["USERDOMAIN"]
+    end
+
+    # Gets the initial Negotiate token. Returns it as a base64 encoded string suitable for use in HTTP. Can
+    # be easily decoded, however.
+    def get_initial_token
+      raise "This object is no longer usable because its resources have been freed." if @cleaned_up
+      get_credentials
+
+      outputBuffer = SecurityBuffer.new
+      @context = CtxtHandle.new
+      @contextAttributes = "\0" * 4
+
+      result = SSPIResult.new(API::InitializeSecurityContext.call(@credentials.to_p, nil, nil, 
+        REQUEST_FLAGS,0, SECURITY_NETWORK_DREP, nil, 0, @context.to_p, outputBuffer.to_p, @contextAttributes, TimeStamp.new.to_p))
+
+      if result.ok? then
+        return encode_token(outputBuffer.token)
+      else
+        raise "Error: #{result.to_s}"
+      end
+    end
+    
+    # Takes a Base64 encoded token and gets the next token in the 
+    # Negotiate authentication chain. The token can include the "Negotiate" header and it will be stripped.
+    # Does not indicate if SEC_I_CONTINUE or SEC_E_OK was returned.
+    # Token returned is Base64 encoded.
+    def complete_authentication(token)
+      raise "This object is no longer usable because its resources have been freed." if @cleaned_up
+      
+      # If the Negotiate prefix is passed in, assume we are seeing "Negotiate <token>" and get the token.
+      if token.include? "Negotiate"
+        token = token.split(" ").last.strip
+      end
+      outputBuffer = SecurityBuffer.new
+      
+      result = SSPIResult.new(API::InitializeSecurityContext.call(@credentials.to_p, @context.to_p, nil, 
+        REQUEST_FLAGS, 0, SECURITY_NETWORK_DREP, SecurityBuffer.new(Base64.decode64(token)).to_p, 0, 
+        @context.to_p,
+        outputBuffer.to_p, @contextAttributes, TimeStamp.new.to_p))
+       
+      if result.ok? then
+        return encode_token(outputBuffer.token)
+      else
+        raise "Error: #{result.to_s}"
+      end
+    ensure
+      # need to make sure we don't clean up if we've already cleaned up.
+      clean_up unless @cleaned_up
+    end
+
+   private
+
+    def clean_up
+      # free structures allocated
+      @cleaned_up = true
+      API::FreeCredentialsHandle.call(@credentials.to_p)
+      API::DeleteSecurityContext.call(@context.to_p)
+      @context = nil
+      @credentials = nil
+      @contextAttributes = nil
+    end
+
+    # Gets credentials based on user, domain or both. If both are nil, an error occurs
+    def get_credentials
+      @credentials = CredHandle.new
+      ts = TimeStamp.new
+      @identity = Identity.new @user, @domain
+      result = SSPIResult.new(API::AcquireCredentialsHandle.call(nil, "Negotiate", SECPKG_CRED_OUTBOUND, nil, @identity.to_p, nil, nil, @credentials.to_p, ts.to_p))
+      raise "Error acquire credentials: #{result}" unless result.ok?
+    end
+
+    def encode_token(t)
+      # encode64 will add newlines every 60 characters so we need to remove those.
+      Base64.encode64(t).gsub(/\n/, "")
+    end
+  end
+end

data/lib/rubysspi/proxy_auth.rb

@@ -0,0 +1,56 @@
+require 'net/http'
+require 'rubysspi'
+
+
+module Net 
+  # Replaces Net::HTTP.request to understand Negotate HTTP proxy authorization. Uses native Win32
+  # libraries to authentic as the current user (as defined by the ENV["USERNAME"] and ENV["USERDOMAIN"]
+  # environment variables.
+  class HTTP 
+    def request(req, body = nil, &block) # :yield: +response+
+      unless started?
+        start {
+          req['connection'] ||= 'close'
+          return request(req, body, &block)
+        }
+      end
+      if proxy_user()
+        unless use_ssl?
+          req.proxy_basic_auth proxy_user(), proxy_pass()
+        end
+      end
+
+      req.set_body_internal body
+      begin_transport req
+        req.exec @socket, @curr_http_version, edit_path(req.path)
+        begin
+          res = HTTPResponse.read_new(@socket)
+        end while res.kind_of?(HTTPContinue)
+        # If proxy was specified, and the server is demanding authentication, negotatiate with it
+        if proxy? && res.code.to_i == 407 && res["Proxy-Authenticate"].include?("Negotiate")
+          n = SSPI::NegotiateAuth.new
+          res.reading_body(@socket, req.response_body_permitted?) { }
+          req["Proxy-Authorization"] = "Negotiate #{n.get_initial_token}"
+          req.exec @socket, @curr_http_version, edit_path(req.path)
+          begin
+            res = HTTPResponse.read_new(@socket)
+          end while res.kind_of?(HTTPContinue)
+          
+          if res["Proxy-Authenticate"]
+            res.reading_body(@socket, req.response_body_permitted?) { }
+            req["Proxy-Authorization"] = "Negotiate #{n.complete_authentication res["Proxy-Authenticate"]}"
+            req.exec @socket, @curr_http_version, edit_path(req.path)
+            begin
+              res = HTTPResponse.read_new(@socket)
+            end while res.kind_of?(HTTPContinue)
+          end
+        end
+        res.reading_body(@socket, req.response_body_permitted?) {
+          yield res if block_given?
+        }
+      end_transport req, res
+
+      res
+    end
+  end
+end

data/test/ruby_sspi_test.rb

@@ -0,0 +1,54 @@
+require 'test/unit'
+require 'net/http'
+require 'pathname'
+$: << (File.dirname(__FILE__) << "/../lib")
+require 'rubysspi'
+
+class NTLMTest < Test::Unit::TestCase
+ 
+  def setup
+    assert ENV["http_proxy"], "http_proxy must be set before running tests."
+  end
+  
+  def test_auth
+    assert ENV["http_proxy"], "http_proxy environment variable must be set."
+    proxy = URI.parse(ENV["http_proxy"])
+    assert proxy.host && proxy.port, "Could not parse http_proxy (#{ENV["http_proxy"]}). http_proxy should be a URL with a port (e.g. http://proxy.corp.com:8080)."
+    
+    Net::HTTP.Proxy(proxy.host, proxy.port).start("www.google.com") do |http|
+      nego_auth = SSPI::NegotiateAuth.new 
+      sr = http.request_get "/", { "Proxy-Authorization" => "Negotiate " + nego_auth.get_initial_token }
+      resp = http.get "/", { "Proxy-Authorization" => "Negotiate " + nego_auth.complete_authentication(sr["Proxy-Authenticate"].split(" ").last.strip) }
+      assert resp.code.to_i == 200, "Resposne code not as expected: #{resp.inspect}"
+      resp = http.get "/foobar.html"
+      assert resp.code.to_i == 404, "Response code not as expected: #{resp.inspect}"
+    end
+  end
+  
+  def test_proxy_auth_get
+    assert ENV["http_proxy"], "http_proxy environment variable must be set."
+    proxy = URI.parse(ENV["http_proxy"])
+    assert proxy.host && proxy.port, "Could not parse http_proxy (#{ENV["http_proxy"]}). http_proxy should be a URL with a port (e.g. http://proxy.corp.com:8080)."
+    
+    Net::HTTP.Proxy(proxy.host, proxy.port).start("www.google.com") do |http|
+      resp = SSPI::NegotiateAuth.proxy_auth_get http, "/"
+      assert resp.code.to_i == 200, "Response code not as expected: #{resp.inspect}"
+    end
+  end
+  
+  def test_one_time_use_only
+    assert ENV["http_proxy"], "http_proxy environment variable must be set."
+    proxy = URI.parse(ENV["http_proxy"])
+    assert proxy.host && proxy.port, "Could not parse http_proxy (#{ENV["http_proxy"]}). http_proxy should be a URL with a port (e.g. http://proxy.corp.com:8080)."
+    
+    Net::HTTP.Proxy(proxy.host, proxy.port).start("www.google.com") do |http|
+      nego_auth = SSPI::NegotiateAuth.new 
+      sr = http.request_get "/", { "Proxy-Authorization" => "Negotiate " + nego_auth.get_initial_token }
+      resp = http.get "/", { "Proxy-Authorization" => "Negotiate " + nego_auth.complete_authentication(sr["Proxy-Authenticate"].split(" ").last.strip) }
+      assert resp.code.to_i == 200, "Response code not as expected: #{resp.inspect}"
+      assert_raises(RuntimeError, "Should not be able to call complete_authentication again") do
+        nego_auth.complete_authentication "foo"
+      end
+    end
+  end
+end

data/test/test_net_http.rb

@@ -0,0 +1,23 @@
+require 'test/unit'
+require 'net/http'
+require 'pathname'
+$: << (File.dirname(__FILE__) << "/../lib")
+require 'rubysspi/proxy_auth'
+
+class NTLMTest < Test::Unit::TestCase
+  def setup
+    assert ENV["http_proxy"], "http_proxy must be set before running tests."
+  end
+  
+  def test_net_http
+
+    assert ENV["http_proxy"], "http_proxy environment variable must be set."
+    proxy = URI.parse(ENV["http_proxy"])
+    assert proxy.host && proxy.port, "Could not parse http_proxy (#{ENV["http_proxy"]}). http_proxy should be a URL with a port (e.g. http://proxy.corp.com:8080)."
+    
+    Net::HTTP.Proxy(proxy.host, proxy.port).start("www.google.com") do |http|
+      resp = http.get("/")
+      assert resp.code.to_i == 200, "Did not get response from Google as expected."
+    end
+  end
+end

metadata

@@ -0,0 +1,56 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.9.0
+specification_version: 1
+name: rubysspi
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+date: 2006-07-14 00:00:00 -07:00
+summary: A library which adds implements Ruby bindings to the Win32 SSPI library. Also includes a module to add Negotate authentication support to Net::HTTP.
+require_paths: 
+- lib
+email: jgbailey @nospan@ gmail.com
+homepage: http://rubyforge.org/projects/rubysspi/
+rubyforge_project: http://rubyforge.org/projects/rubysspi/
+description: This gem provides bindings to the Win32 SSPI libraries, primarily to support Negotiate (i.e. SPNEGO, NTLM) authentication with a proxy server. Enough support is implemented to provide the necessary support for the authentication.  A module is also provided which overrides Net::HTTP and adds support for Negotiate authentication to it.  This implies that open-uri automatically gets support for it, as long as the http_proxy environment variable is set.
+autorequire: rubysspi
+default_executable: 
+bindir: bin
+has_rdoc: true
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
+  version: 
+platform: i386-mswin32
+signing_key: 
+cert_chain: 
+post_install_message: 
+authors: 
+- Justin Bailey
+files: 
+- lib/rubysspi
+- lib/rubysspi.rb
+- lib/rubysspi/proxy_auth.rb
+- test/ruby_sspi_test.rb
+- test/test_net_http.rb
+- README.txt
+- Rakefile
+test_files: []
+
+rdoc_options: 
+- --title
+- Ruby SSPI -- Win32 SSPI Bindings for Ruby
+- --main
+- README.txt
+- --line-numbers
+extra_rdoc_files: 
+- README.txt
+executables: []
+
+extensions: []
+
+requirements: []
+
+dependencies: []
+