1<testcase>
2<info>
3<keywords>
4HTTP
5HTTP GET
6HTTP Digest auth
7HTTP NTLM auth
8</keywords>
9</info>
10# Server-side
11<reply>
12
13<!-- Alternate the order that Digest and NTLM headers appear in responses to
14ensure that the order doesn't matter. -->
15
16<!--
17
18 Explanation for the duplicate 400 requests:
19
20 libcurl doesn't detect that a given Digest password is wrong already on the
21 first 401 response (as the data400 gives). libcurl will instead consider the
22 new response just as a duplicate and it sends another and detects the auth
23 problem on the second 401 response!
24
25-->
26
27
28<!-- First request has NTLM auth, wrong password -->
29<data100>
30HTTP/1.1 401 Need Digest or NTLM auth
31Server: Microsoft-IIS/5.0
32Content-Type: text/html; charset=iso-8859-1
33Content-Length: 27
34WWW-Authenticate: NTLM
35WWW-Authenticate: Digest realm="testrealm", nonce="1"
36
37This is not the real page!
38</data100>
39
40<data1101>
41HTTP/1.1 401 NTLM intermediate
42Server: Microsoft-IIS/5.0
43Content-Type: text/html; charset=iso-8859-1
44Content-Length: 33
45WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
46
47This is still not the real page!
48</data1101>
49
50<data1102>
51HTTP/1.1 401 Sorry wrong password
52Server: Microsoft-IIS/5.0
53Content-Type: text/html; charset=iso-8859-1
54Content-Length: 29
55WWW-Authenticate: Digest realm="testrealm", nonce="2"
56WWW-Authenticate: NTLM
57
58This is a bad password page!
59</data1102>
60
61<!-- Second request has Digest auth, right password -->
62<data200>
63HTTP/1.1 401 Need Digest or NTLM auth (2)
64Server: Microsoft-IIS/5.0
65Content-Type: text/html; charset=iso-8859-1
66Content-Length: 27
67WWW-Authenticate: NTLM
68WWW-Authenticate: Digest realm="testrealm", nonce="3"
69
70This is not the real page!
71</data200>
72
73<data1200>
74HTTP/1.1 200 Things are fine in server land
75Server: Microsoft-IIS/5.0
76Content-Type: text/html; charset=iso-8859-1
77Content-Length: 32
78
79Finally, this is the real page!
80</data1200>
81
82<!-- Third request has NTLM auth, wrong password -->
83<data300>
84HTTP/1.1 401 Need Digest or NTLM auth (3)
85Server: Microsoft-IIS/5.0
86Content-Type: text/html; charset=iso-8859-1
87Content-Length: 27
88WWW-Authenticate: Digest realm="testrealm", nonce="4"
89WWW-Authenticate: NTLM
90
91This is not the real page!
92</data300>
93
94<data1301>
95HTTP/1.1 401 NTLM intermediate (2)
96Server: Microsoft-IIS/5.0
97Content-Type: text/html; charset=iso-8859-1
98Content-Length: 33
99WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
100
101This is still not the real page!
102</data1301>
103
104<data1302>
105HTTP/1.1 401 Sorry wrong password (2)
106Server: Microsoft-IIS/5.0
107Content-Type: text/html; charset=iso-8859-1
108Content-Length: 29
109WWW-Authenticate: NTLM
110WWW-Authenticate: Digest realm="testrealm", nonce="5"
111
112This is a bad password page!
113</data1302>
114
115<!-- Fourth request has Digest auth, wrong password -->
116<data400>
117HTTP/1.1 401 Need Digest or NTLM auth (4)
118Server: Microsoft-IIS/5.0
119Content-Type: text/html; charset=iso-8859-1
120Content-Length: 27
121WWW-Authenticate: Digest realm="testrealm", nonce="6"
122WWW-Authenticate: NTLM
123
124This is not the real page!
125</data400>
126
127<data1400>
128HTTP/1.1 401 Sorry wrong password (3)
129Server: Microsoft-IIS/5.0
130Content-Type: text/html; charset=iso-8859-1
131Content-Length: 29
132WWW-Authenticate: NTLM
133WWW-Authenticate: Digest realm="testrealm", nonce="7"
134
135This is a bad password page!
136</data1400>
137
138<!-- Fifth request has Digest auth, right password -->
139<data500>
140HTTP/1.1 401 Need Digest or NTLM auth (5)
141Server: Microsoft-IIS/5.0
142Content-Type: text/html; charset=iso-8859-1
143Content-Length: 27
144WWW-Authenticate: Digest realm="testrealm", nonce="8"
145WWW-Authenticate: NTLM
146
147This is not the real page!
148</data500>
149
150<data1500>
151HTTP/1.1 200 Things are fine in server land (2)
152Server: Microsoft-IIS/5.0
153Content-Type: text/html; charset=iso-8859-1
154Content-Length: 32
155
156Finally, this is the real page!
157</data1500>
158
159<datacheck>
160HTTP/1.1 401 NTLM intermediate
161Server: Microsoft-IIS/5.0
162Content-Type: text/html; charset=iso-8859-1
163Content-Length: 33
164WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
165
166HTTP/1.1 401 Sorry wrong password
167Server: Microsoft-IIS/5.0
168Content-Type: text/html; charset=iso-8859-1
169Content-Length: 29
170WWW-Authenticate: Digest realm="testrealm", nonce="2"
171WWW-Authenticate: NTLM
172
173This is a bad password page!
174HTTP/1.1 200 Things are fine in server land
175Server: Microsoft-IIS/5.0
176Content-Type: text/html; charset=iso-8859-1
177Content-Length: 32
178
179Finally, this is the real page!
180HTTP/1.1 401 NTLM intermediate (2)
181Server: Microsoft-IIS/5.0
182Content-Type: text/html; charset=iso-8859-1
183Content-Length: 33
184WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
185
186HTTP/1.1 401 Sorry wrong password (2)
187Server: Microsoft-IIS/5.0
188Content-Type: text/html; charset=iso-8859-1
189Content-Length: 29
190WWW-Authenticate: NTLM
191WWW-Authenticate: Digest realm="testrealm", nonce="5"
192
193This is a bad password page!
194HTTP/1.1 401 Sorry wrong password (3)
195Server: Microsoft-IIS/5.0
196Content-Type: text/html; charset=iso-8859-1
197Content-Length: 29
198WWW-Authenticate: NTLM
199WWW-Authenticate: Digest realm="testrealm", nonce="7"
200
201HTTP/1.1 401 Sorry wrong password (3)
202Server: Microsoft-IIS/5.0
203Content-Type: text/html; charset=iso-8859-1
204Content-Length: 29
205WWW-Authenticate: NTLM
206WWW-Authenticate: Digest realm="testrealm", nonce="7"
207
208This is a bad password page!
209HTTP/1.1 200 Things are fine in server land (2)
210Server: Microsoft-IIS/5.0
211Content-Type: text/html; charset=iso-8859-1
212Content-Length: 32
213
214Finally, this is the real page!
215</datacheck>
216
217</reply>
218
219# Client-side
220<client>
221<features>
222NTLM
223SSL
224!SSPI
225</features>
226<server>
227http
228</server>
229<tool>
230libauthretry
231</tool>
232
233 <name>
234HTTP authorization retry (NTLM switching to Digest)
235 </name>
236 <setenv>
237# we force our own host name, in order to make the test machine independent
238CURL_GETHOSTNAME=curlhost
239# we try to use the LD_PRELOAD hack, if not a debug build
240LD_PRELOAD=%PWD/libtest/.libs/libhostname.so
241 </setenv>
242 <command>
243http://%HOSTIP:%HTTPPORT/2030 ntlm digest
244</command>
245<precheck>
246chkhostname curlhost
247</precheck>
248</client>
249
250# Verify data after the test has been "shot"
251<verify>
252<protocol>
253GET /20300100 HTTP/1.1
254Host: %HOSTIP:%HTTPPORT
255Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
256Accept: */*
257
258GET /20300100 HTTP/1.1
259Host: %HOSTIP:%HTTPPORT
260Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAAhoABANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q=
261Accept: */*
262
263GET /20300200 HTTP/1.1
264Host: %HOSTIP:%HTTPPORT
265Authorization: Digest username="testuser", realm="testrealm", nonce="2", uri="/20300200", response="2f2d784ba53a0a307758a90e98d25c27"
266Accept: */*
267
268GET /20300300 HTTP/1.1
269Host: %HOSTIP:%HTTPPORT
270Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
271Accept: */*
272
273GET /20300300 HTTP/1.1
274Host: %HOSTIP:%HTTPPORT
275Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAAhoABANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q=
276Accept: */*
277
278GET /20300400 HTTP/1.1
279Host: %HOSTIP:%HTTPPORT
280Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8"
281Accept: */*
282
283GET /20300400 HTTP/1.1
284Host: %HOSTIP:%HTTPPORT
285Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8"
286Accept: */*
287
288GET /20300500 HTTP/1.1
289Host: %HOSTIP:%HTTPPORT
290Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20300500", response="198757e61163a779cf24ed4c49c1ad7d"
291Accept: */*
292
293</protocol>
294</verify>
295</testcase>
296