/usr/lib/ruby/1.8/mechanize/chain/auth_headers.rb is in libwww-mechanize-ruby1.8 1.0.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 | class Mechanize
class Chain
class AuthHeaders
include Mechanize::Handler
@@nonce_count = Hash.new(0)
CNONCE = Digest::MD5.hexdigest("%x" % (Time.now.to_i + rand(65535)))
def initialize(auth_hash, user, password, digest)
@auth_hash = auth_hash
@user = user
@password = password
@digest = digest
end
def handle(ctx, params)
uri = params[:uri]
request = params[:request]
if( @auth_hash[uri.host] )
case @auth_hash[uri.host]
when :basic
request.basic_auth(@user, @password)
when :iis_digest
digest_response = self.gen_auth_header(uri,request, @digest, true)
request['Authorization'] = digest_response
when :digest
if @digest
digest_response = self.gen_auth_header(uri,request, @digest)
request['Authorization'] = digest_response
end
end
end
super
end
def gen_auth_header(uri, request, auth_header, is_IIS = false)
auth_header =~ /^(\w+) (.*)/
params = {}
$2.gsub(/(\w+)=("[^"]*"|[^,]*)/) {
params[$1] = $2.gsub(/^"/, '').gsub(/"$/, '')
}
@@nonce_count[params['nonce']] += 1
a_1 = "#{@user}:#{params['realm']}:#{@password}"
a_2 = "#{request.method}:#{uri.path}"
request_digest = ''
request_digest << Digest::MD5.hexdigest(a_1)
request_digest << ':' << params['nonce']
request_digest << ':' << ('%08x' % @@nonce_count[params['nonce']])
request_digest << ':' << CNONCE
request_digest << ':' << params['qop']
request_digest << ':' << Digest::MD5.hexdigest(a_2)
header = ''
header << "Digest username=\"#{@user}\", "
if is_IIS then
header << "qop=\"#{params['qop']}\", "
else
header << "qop=#{params['qop']}, "
end
header << "uri=\"#{uri.path}\", "
header << %w{ algorithm opaque nonce realm }.map { |field|
next unless params[field]
"#{field}=\"#{params[field]}\""
}.compact.join(', ')
header << ", nc=#{'%08x' % @@nonce_count[params['nonce']]}, "
header << "cnonce=\"#{CNONCE}\", "
header << "response=\"#{Digest::MD5.hexdigest(request_digest)}\""
return header
end
end
end
end
|