winrm 1.3.0.dev.3 → 1.3.0

data/lib/winrm/http/response_handler.rb

@@ -1,11 +1,13 @@
+# encoding: UTF-8
+#
 # Copyright 2014 Shawn Neal <sneal@sneal.net>
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -18,7 +20,6 @@ module WinRM
   # Handles the raw WinRM HTTP response. Returns the body as an XML doc
   # or raises the appropriate WinRM error if the response is an error.
   class ResponseHandler
-
     # @param [String] The raw unparsed response body, if any
     # @param [Integer] The HTTP response status code
     def initialize(response_body, status_code)
@@ -30,53 +31,52 @@ module WinRM
     # doc or raises an appropriate error.
     #
     # @returns [REXML::Document] The parsed response body
-    def parse_to_xml()
-      raise_if_error()
+    def parse_to_xml
+      raise_if_error
       response_xml
     end
 
     private
 
-    def response_xml()
+    def response_xml
       @response_xml ||= REXML::Document.new(@response_body)
     rescue REXML::ParseException => e
-      raise WinRMHTTPTransportError.new("Unable to parse WinRM response: #{e.message}", @status_code)
+      raise WinRMHTTPTransportError.new(
+        "Unable to parse WinRM response: #{e.message}", @status_code)
     end
 
-    def raise_if_error()
-      return if @status_code == 200 
-      raise_if_auth_error()
-      raise_if_wsman_fault()
-      raise_if_wmi_error()
-      raise_transport_error()
+    def raise_if_error
+      return if @status_code == 200
+      raise_if_auth_error
+      raise_if_wsman_fault
+      raise_if_wmi_error
+      raise_transport_error
     end
 
-    def raise_if_auth_error()
-      raise WinRMAuthorizationError.new if @status_code == 401 
+    def raise_if_auth_error
+      fail WinRMAuthorizationError if @status_code == 401
     end
 
-    def raise_if_wsman_fault()
+    def raise_if_wsman_fault
       soap_errors = REXML::XPath.match(response_xml, "//#{NS_SOAP_ENV}:Body/#{NS_SOAP_ENV}:Fault/*")
-      if !soap_errors.empty?
-        fault = REXML::XPath.first(soap_errors, "//#{NS_WSMAN_FAULT}:WSManFault")
-        raise WinRMWSManFault.new(fault.to_s, fault.attributes['Code']) unless fault.nil?
-      end
+      return if soap_errors.empty?
+      fault = REXML::XPath.first(soap_errors, "//#{NS_WSMAN_FAULT}:WSManFault")
+      fail WinRMWSManFault.new(fault.to_s, fault.attributes['Code']) unless fault.nil?
     end
 
-    def raise_if_wmi_error()
+    def raise_if_wmi_error
       soap_errors = REXML::XPath.match(response_xml, "//#{NS_SOAP_ENV}:Body/#{NS_SOAP_ENV}:Fault/*")
-      if !soap_errors.empty?
-        error = REXML::XPath.first(soap_errors, "//#{NS_WSMAN_MSFT}:MSFT_WmiError")
-        if !error.nil?
-          error_code = REXML::XPath.first(error, "//#{NS_WSMAN_MSFT}:error_Code").text
-          raise WinRMWMIError.new(error.to_s, error_code)
-        end
-      end
-    end
+      return if soap_errors.empty?
 
-    def raise_transport_error()
-      raise WinRMHTTPTransportError.new('Bad HTTP response returned from server', @status_code)
+      error = REXML::XPath.first(soap_errors, "//#{NS_WSMAN_MSFT}:MSFT_WmiError")
+      return if error.nil?
+
+      error_code = REXML::XPath.first(error, "//#{NS_WSMAN_MSFT}:error_Code").text
+      fail WinRMWMIError.new(error.to_s, error_code)
     end
 
+    def raise_transport_error
+      fail WinRMHTTPTransportError.new('Bad HTTP response returned from server', @status_code)
+    end
   end
 end

data/lib/winrm/http/transport.rb

@@ -1,11 +1,13 @@
+# encoding: UTF-8
+#
 # Copyright 2010 Dan Wanek <dan.wanek@gmail.com>
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -16,20 +18,18 @@ require_relative 'response_handler'
 
 module WinRM
   module HTTP
-
     # A generic HTTP transport that utilized HTTPClient to send messages back and forth.
     # This backend will maintain state for every WinRMWebService instance that is instantiated so it
     # is possible to use GSSAPI with Keep-Alive.
     class HttpTransport
-
       # Set this to an unreasonable amount because WinRM has its own timeouts
-      DEFAULT_RECEIVE_TIMEOUT = 3600 
+      DEFAULT_RECEIVE_TIMEOUT = 3600
 
       attr_reader :endpoint
 
       def initialize(endpoint)
         @endpoint = endpoint.is_a?(String) ? URI.parse(endpoint) : endpoint
-        @httpcli = HTTPClient.new(:agent_name => 'Ruby WinRM Client')
+        @httpcli = HTTPClient.new(agent_name: 'Ruby WinRM Client')
         @httpcli.receive_timeout = DEFAULT_RECEIVE_TIMEOUT
         @logger = Logging.logger[self]
       end
@@ -41,23 +41,25 @@ module WinRM
       # @returns [REXML::Document] The parsed response body
       def send_request(message)
         log_soap_message(message)
-        hdr = {'Content-Type' => 'application/soap+xml;charset=UTF-8', 'Content-Length' => message.length}
+        hdr = {
+          'Content-Type' => 'application/soap+xml;charset=UTF-8',
+          'Content-Length' => message.length }
         resp = @httpcli.post(@endpoint, message, hdr)
         log_soap_message(resp.http_body.content)
         handler = WinRM::ResponseHandler.new(resp.http_body.content, resp.status)
-        handler.parse_to_xml()
+        handler.parse_to_xml
       end
 
       # We'll need this to force basic authentication if desired
       def basic_auth_only!
         auths = @httpcli.www_auth.instance_variable_get('@authenticator')
-        auths.delete_if {|i| i.scheme !~ /basic/i}
+        auths.delete_if { |i| i.scheme !~ /basic/i }
       end
 
       # Disable SSPI Auth
       def no_sspi_auth!
         auths = @httpcli.www_auth.instance_variable_get('@authenticator')
-        auths.delete_if {|i| i.is_a? HTTPClient::SSPINegotiateAuth }
+        auths.delete_if { |i| i.is_a? HTTPClient::SSPINegotiateAuth }
       end
 
       # Disable SSL Peer Verification
@@ -71,7 +73,7 @@ module WinRM
         @httpcli.receive_timeout = sec
       end
 
-      def receive_timeout()
+      def receive_timeout
         @httpcli.receive_timeout
       end
 
@@ -79,7 +81,7 @@ module WinRM
 
       def log_soap_message(message)
         return unless @logger.debug?
-        
+
         xml_msg = REXML::Document.new(message)
         formatter = REXML::Formatters::Pretty.new(2)
         formatter.compact = true
@@ -90,7 +92,7 @@ module WinRM
       end
     end
 
-
+    # Plain text, insecure, HTTP transport
     class HttpPlaintext < HttpTransport
       def initialize(endpoint, user, pass, opts)
         super(endpoint)
@@ -114,12 +116,15 @@ module WinRM
     end
 
     # Uses Kerberos/GSSAPI to authenticate and encrypt messages
+    # rubocop:disable Metrics/ClassLength
     class HttpGSSAPI < HttpTransport
       # @param [String,URI] endpoint the WinRM webservice endpoint
       # @param [String] realm the Kerberos realm we are authenticating to
       # @param [String<optional>] service the service name, default is HTTP
       # @param [String<optional>] keytab the path to a keytab file if you are using one
+      # rubocop:disable Lint/UnusedMethodArgument
       def initialize(endpoint, realm, service = nil, keytab = nil, opts)
+        # rubocop:enable Lint/UnusedMethodArgument
         super(endpoint)
         # Remove the GSSAPI auth from HTTPClient because we are doing our own thing
         no_sspi_auth!
@@ -137,18 +142,20 @@ module WinRM
         resp = send_kerberos_request(message)
 
         if resp.status == 401
-          @logger.debug "Got 401 - reinitializing Kerberos and retrying one more time"
+          @logger.debug 'Got 401 - reinitializing Kerberos and retrying one more time'
           init_krb
           resp = send_kerberos_request(message)
         end
 
         handler = WinRM::ResponseHandler.new(winrm_decrypt(resp.http_body.content), resp.status)
-        handler.parse_to_xml()
+        handler.parse_to_xml
       end
 
-
       private
 
+      # rubocop:disable Metrics/MethodLength
+      # rubocop:disable Metrics/AbcSize
+
       # Sends the SOAP payload to the WinRM service and returns the service's
       # HTTP response.
       #
@@ -159,8 +166,11 @@ module WinRM
         original_length = message.length
         pad_len, emsg = winrm_encrypt(message)
         hdr = {
-          "Connection" => "Keep-Alive",
-          "Content-Type" => "multipart/encrypted;protocol=\"application/HTTP-Kerberos-session-encrypted\";boundary=\"Encrypted Boundary\""
+          'Connection' => 'Keep-Alive',
+          'Content-Type' =>
+            'multipart/encrypted;' \
+            'protocol="application/HTTP-Kerberos-session-encrypted";' \
+            'boundary="Encrypted Boundary"'
         }
 
         body = <<-EOF
@@ -183,13 +193,14 @@ Content-Type: application/octet-stream\r
         token = @gsscli.init_context
         auth = Base64.strict_encode64 token
 
-        hdr = {"Authorization" => "Kerberos #{auth}",
-          "Connection" => "Keep-Alive",
-          "Content-Type" => "application/soap+xml;charset=UTF-8"
+        hdr = {
+          'Authorization' => "Kerberos #{auth}",
+          'Connection' => 'Keep-Alive',
+          'Content-Type' => 'application/soap+xml;charset=UTF-8'
         }
-        @logger.debug "Sending HTTP POST for Kerberos Authentication"
+        @logger.debug 'Sending HTTP POST for Kerberos Authentication'
         r = @httpcli.post(@endpoint, '', hdr)
-        itok = r.header["WWW-Authenticate"].pop
+        itok = r.header['WWW-Authenticate'].pop
         itok = itok.split.last
         itok = Base64.strict_decode64(itok)
         @gsscli.init_context(itok)
@@ -202,19 +213,30 @@ Content-Type: application/octet-stream\r
         iov = FFI::MemoryPointer.new(GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * iov_cnt)
 
         iov0 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address))
-        iov0[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
+        iov0[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | \
+          GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
 
-        iov1 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 1)))
+        iov1 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(
+          FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 1)))
         iov1[:type] =  (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA)
         iov1[:buffer].value = str
 
-        iov2 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 2)))
-        iov2[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_PADDING | GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
+        iov2 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(
+          FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 2)))
+        iov2[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_PADDING | \
+          GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
 
         conf_state = FFI::MemoryPointer.new :uint32
         min_stat = FFI::MemoryPointer.new :uint32
 
-        maj_stat = GSSAPI::LibGSSAPI.gss_wrap_iov(min_stat, @gsscli.context, 1, GSSAPI::LibGSSAPI::GSS_C_QOP_DEFAULT, conf_state, iov, iov_cnt)
+        GSSAPI::LibGSSAPI.gss_wrap_iov(
+          min_stat,
+          @gsscli.context,
+          1,
+          GSSAPI::LibGSSAPI::GSS_C_QOP_DEFAULT,
+          conf_state,
+          iov,
+          iov_cnt)
 
         token = [iov0[:buffer].length].pack('L')
         token += iov0[:buffer].value
@@ -224,7 +246,6 @@ Content-Type: application/octet-stream\r
         [pad_len, token]
       end
 
-
       # @return [String] the unencrypted response string
       def winrm_decrypt(str)
         @logger.debug "Decrypting SOAP message:\n#{str}"
@@ -232,18 +253,21 @@ Content-Type: application/octet-stream\r
         iov = FFI::MemoryPointer.new(GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * iov_cnt)
 
         iov0 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address))
-        iov0[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
+        iov0[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | \
+          GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
 
-        iov1 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 1)))
+        iov1 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(
+          FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 1)))
         iov1[:type] =  (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA)
 
-        iov2 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 2)))
+        iov2 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(
+          FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 2)))
         iov2[:type] =  (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA)
 
         str.force_encoding('BINARY')
         str.sub!(/^.*Content-Type: application\/octet-stream\r\n(.*)--Encrypted.*$/m, '\1')
 
-        len = str.unpack("L").first
+        len = str.unpack('L').first
         iov_data = str.unpack("LA#{len}A*")
         iov0[:buffer].value = iov_data[1]
         iov1[:buffer].value = iov_data[2]
@@ -254,13 +278,17 @@ Content-Type: application/octet-stream\r
         qop_state = FFI::MemoryPointer.new :uint32
         qop_state.write_int(0)
 
-        maj_stat = GSSAPI::LibGSSAPI.gss_unwrap_iov(min_stat, @gsscli.context, conf_state, qop_state, iov, iov_cnt)
+        maj_stat = GSSAPI::LibGSSAPI.gss_unwrap_iov(
+          min_stat, @gsscli.context, conf_state, qop_state, iov, iov_cnt)
 
-        @logger.debug "SOAP message decrypted (MAJ: #{maj_stat}, MIN: #{min_stat.read_int}):\n#{iov1[:buffer].value}"
+        @logger.debug "SOAP message decrypted (MAJ: #{maj_stat}, " \
+          "MIN: #{min_stat.read_int}):\n#{iov1[:buffer].value}"
 
         iov1[:buffer].value
       end
-
+      # rubocop:enable Metrics/MethodLength
+      # rubocop:enable Metrics/AbcSize
     end
+    # rubocop:enable Metrics/ClassLength
   end
 end # WinRM

data/lib/winrm/output.rb

@@ -1,3 +1,19 @@
+# encoding: UTF-8
+#
+# Copyright 2014 Max Lincoln <max@devopsy.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 module WinRM
   # This class holds raw output as a hash, and has convenience methods to parse.
   class Output < Hash

data/lib/winrm/soap_provider.rb

@@ -1,11 +1,13 @@
+# encoding: UTF-8
+#
 # Copyright 2010 Dan Wanek <dan.wanek@gmail.com>
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -18,18 +20,19 @@ require 'gyoku'
 require 'uuidtools'
 require 'base64'
 
+# SOAP constants for WinRM
 module WinRM
-  NS_SOAP_ENV    ='s'   # http://www.w3.org/2003/05/soap-envelope
-  NS_ADDRESSING  ='a'   # http://schemas.xmlsoap.org/ws/2004/08/addressing
-  NS_CIMBINDING  ='b'   # http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd
-  NS_ENUM        ='n'   # http://schemas.xmlsoap.org/ws/2004/09/enumeration
-  NS_TRANSFER    ='x'   # http://schemas.xmlsoap.org/ws/2004/09/transfer
-  NS_WSMAN_DMTF  ='w'   # http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
-  NS_WSMAN_MSFT  ='p'   # http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd
-  NS_SCHEMA_INST ='xsi' # http://www.w3.org/2001/XMLSchema-instance
-  NS_WIN_SHELL   ='rsp' # http://schemas.microsoft.com/wbem/wsman/1/windows/shell
-  NS_WSMAN_FAULT = 'f'  # http://schemas.microsoft.com/wbem/wsman/1/wsmanfault
-  NS_WSMAN_CONF  = 'cfg'# http://schemas.microsoft.com/wbem/wsman/1/config
+  NS_SOAP_ENV    = 's'   # http://www.w3.org/2003/05/soap-envelope
+  NS_ADDRESSING  = 'a'   # http://schemas.xmlsoap.org/ws/2004/08/addressing
+  NS_CIMBINDING  = 'b'   # http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd
+  NS_ENUM        = 'n'   # http://schemas.xmlsoap.org/ws/2004/09/enumeration
+  NS_TRANSFER    = 'x'   # http://schemas.xmlsoap.org/ws/2004/09/transfer
+  NS_WSMAN_DMTF  = 'w'   # http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
+  NS_WSMAN_MSFT  = 'p'   # http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd
+  NS_SCHEMA_INST = 'xsi' # http://www.w3.org/2001/XMLSchema-instance
+  NS_WIN_SHELL   = 'rsp' # http://schemas.microsoft.com/wbem/wsman/1/windows/shell
+  NS_WSMAN_FAULT = 'f'   # http://schemas.microsoft.com/wbem/wsman/1/wsmanfault
+  NS_WSMAN_CONF  = 'cfg' # http://schemas.microsoft.com/wbem/wsman/1/config
 end
 
 require 'winrm/exceptions/exceptions'

data/lib/winrm/winrm_service.rb

@@ -1,11 +1,13 @@
+# encoding: UTF-8
+#
 # Copyright 2010 Dan Wanek <dan.wanek@gmail.com>
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,10 +19,9 @@ require 'rexml/document'
 require_relative 'helpers/powershell_script'
 
 module WinRM
-  # This is the main class that does the SOAP request/response logic. There are a few helper classes, but pretty
-  #   much everything comes through here first.
+  # This is the main class that does the SOAP request/response logic. There are a few helper
+  # classes, but pretty much everything comes through here first.
   class WinRMWebService
-
     DEFAULT_TIMEOUT = 'PT60S'
     DEFAULT_MAX_ENV_SIZE = 153600
     DEFAULT_LOCALE = 'en-US'
@@ -249,6 +250,13 @@ module WinRM
         output[:exitcode] = REXML::XPath.first(resp_doc, "//#{NS_WIN_SHELL}:ExitCode").text.to_i
       end
       output
+    rescue WinRMWSManFault => e
+      # If no output is available before the wsman:OperationTimeout expires,
+      # the server MUST return a WSManFault with the Code attribute equal to
+      # 2150858793. When the client receives this fault, it SHOULD issue 
+      # another Receive request.
+      # http://msdn.microsoft.com/en-us/library/cc251676.aspx
+      retry if e.fault_code == '2150858793'
     end
 
     # Clean-up after a command.