class RubySMB::Gss::Provider::NTLM
A GSS provider that authenticates clients via the NT LAN Manager (NTLM
) Security Support Provider
(NTLMSSP) protocol.
Constants
- Account
An account representing an identity for which this provider will accept authentication attempts.
Attributes
The default domain value to use for accounts which do not have one specified or use the special '.' value.
Public Class Methods
@param [Boolean] allow_anonymous whether or not to allow anonymous authentication attempts @param [String] default_domain
the default domain to use for authentication, unless specified 'WORKGROUP' will
be used
# File lib/ruby_smb/gss/provider/ntlm.rb, line 237 def initialize(allow_anonymous: false, default_domain: 'WORKGROUP') raise ArgumentError, 'Must specify a default domain' unless default_domain @allow_anonymous = allow_anonymous @default_domain = default_domain @accounts = [] @generate_server_challenge = -> { SecureRandom.bytes(8) } @dns_domain = @netbios_domain = 'LOCALDOMAIN' @dns_hostname = @netbios_hostname = 'LOCALHOST' end
Public Instance Methods
Generate the 8-byte server challenge. If a block is specified, it's used as the challenge generation routine and should return an 8-byte value.
@return [String] an 8-byte challenge value
# File lib/ruby_smb/gss/provider/ntlm.rb, line 254 def generate_server_challenge(&block) if block.nil? @generate_server_challenge.call else @generate_server_challenge = block end end
Lookup and return an account based on the username and optionally, the domain. If no domain is specified or or it is the special value '.', the default domain will be used. The username and domain values are case insensitive.
@param [String] username the username of the account to fetch. @param [String, nil] domain the domain in which the account to fetch exists. @return [Account, nil] the account if it was found
# File lib/ruby_smb/gss/provider/ntlm.rb, line 276 def get_account(username, domain: nil) # the username and password values should use the native encoding for the comparison in the #find operation username = username.downcase domain = @default_domain if domain.nil? || domain == '.'.encode(domain.encoding) domain = domain.downcase @accounts.find { |account| account.username.encode(username.encoding).downcase == username && account.domain.encode(domain.encoding).downcase == domain } end
# File lib/ruby_smb/gss/provider/ntlm.rb, line 262 def new_authenticator(server_client) # build and return an instance that can process and track stateful information for a particular connection but # that's backed by this particular provider Authenticator.new(self, server_client) end
Add an account to the database.
@param [String] username the username of the account to add @param [String] password either the plaintext password or the NTLM
hash of the account to add @param [String] domain the domain of the account to add, if not specified, the @default_domain will be used
# File lib/ruby_smb/gss/provider/ntlm.rb, line 290 def put_account(username, password, domain: nil) domain = @default_domain if domain.nil? || domain == '.'.encode(domain.encoding) @accounts << Account.new(username, password, domain) end