1<testcase> 2<info> 3<keywords> 4HTTP 5HTTP GET 6HTTP Digest auth 7HTTP NTLM auth 8</keywords> 9</info> 10# Server-side 11<reply> 12 13<!-- Alternate the order that Digest and NTLM headers appear in responses to 14ensure that the order doesn't matter. --> 15 16<!-- 17 18 Explanation for the duplicate 400 requests: 19 20 libcurl doesn't detect that a given Digest password is wrong already on the 21 first 401 response (as the data400 gives). libcurl will instead consider the 22 new response just as a duplicate and it sends another and detects the auth 23 problem on the second 401 response! 24 25--> 26 27 28<!-- First request has NTLM auth, wrong password --> 29<data100> 30HTTP/1.1 401 Need Digest or NTLM auth 31Server: Microsoft-IIS/5.0 32Content-Type: text/html; charset=iso-8859-1 33Content-Length: 27 34WWW-Authenticate: NTLM 35WWW-Authenticate: Digest realm="testrealm", nonce="1" 36 37This is not the real page! 38</data100> 39 40<data1101> 41HTTP/1.1 401 NTLM intermediate 42Server: Microsoft-IIS/5.0 43Content-Type: text/html; charset=iso-8859-1 44Content-Length: 33 45WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 46 47This is still not the real page! 48</data1101> 49 50<data1102> 51HTTP/1.1 401 Sorry wrong password 52Server: Microsoft-IIS/5.0 53Content-Type: text/html; charset=iso-8859-1 54Content-Length: 29 55WWW-Authenticate: Digest realm="testrealm", nonce="2" 56WWW-Authenticate: NTLM 57 58This is a bad password page! 59</data1102> 60 61<!-- Second request has Digest auth, right password --> 62<data200> 63HTTP/1.1 401 Need Digest or NTLM auth (2) 64Server: Microsoft-IIS/5.0 65Content-Type: text/html; charset=iso-8859-1 66Content-Length: 27 67WWW-Authenticate: NTLM 68WWW-Authenticate: Digest realm="testrealm", nonce="3" 69 70This is not the real page! 71</data200> 72 73<data1200> 74HTTP/1.1 200 Things are fine in server land 75Server: Microsoft-IIS/5.0 76Content-Type: text/html; charset=iso-8859-1 77Content-Length: 32 78 79Finally, this is the real page! 80</data1200> 81 82<!-- Third request has NTLM auth, wrong password --> 83<data300> 84HTTP/1.1 401 Need Digest or NTLM auth (3) 85Server: Microsoft-IIS/5.0 86Content-Type: text/html; charset=iso-8859-1 87Content-Length: 27 88WWW-Authenticate: Digest realm="testrealm", nonce="4" 89WWW-Authenticate: NTLM 90 91This is not the real page! 92</data300> 93 94<data1301> 95HTTP/1.1 401 NTLM intermediate (2) 96Server: Microsoft-IIS/5.0 97Content-Type: text/html; charset=iso-8859-1 98Content-Length: 33 99WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 100 101This is still not the real page! 102</data1301> 103 104<data1302> 105HTTP/1.1 401 Sorry wrong password (2) 106Server: Microsoft-IIS/5.0 107Content-Type: text/html; charset=iso-8859-1 108Content-Length: 29 109WWW-Authenticate: NTLM 110WWW-Authenticate: Digest realm="testrealm", nonce="5" 111 112This is a bad password page! 113</data1302> 114 115<!-- Fourth request has Digest auth, wrong password --> 116<data400> 117HTTP/1.1 401 Need Digest or NTLM auth (4) 118Server: Microsoft-IIS/5.0 119Content-Type: text/html; charset=iso-8859-1 120Content-Length: 27 121WWW-Authenticate: Digest realm="testrealm", nonce="6" 122WWW-Authenticate: NTLM 123 124This is not the real page! 125</data400> 126 127<data1400> 128HTTP/1.1 401 Sorry wrong password (3) 129Server: Microsoft-IIS/5.0 130Content-Type: text/html; charset=iso-8859-1 131Content-Length: 29 132WWW-Authenticate: NTLM 133WWW-Authenticate: Digest realm="testrealm", nonce="7" 134 135This is a bad password page! 136</data1400> 137 138<!-- Fifth request has Digest auth, right password --> 139<data500> 140HTTP/1.1 401 Need Digest or NTLM auth (5) 141Server: Microsoft-IIS/5.0 142Content-Type: text/html; charset=iso-8859-1 143Content-Length: 27 144WWW-Authenticate: Digest realm="testrealm", nonce="8" 145WWW-Authenticate: NTLM 146 147This is not the real page! 148</data500> 149 150<data1500> 151HTTP/1.1 200 Things are fine in server land (2) 152Server: Microsoft-IIS/5.0 153Content-Type: text/html; charset=iso-8859-1 154Content-Length: 32 155 156Finally, this is the real page! 157</data1500> 158 159<datacheck> 160HTTP/1.1 401 NTLM intermediate 161Server: Microsoft-IIS/5.0 162Content-Type: text/html; charset=iso-8859-1 163Content-Length: 33 164WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 165 166HTTP/1.1 401 Sorry wrong password 167Server: Microsoft-IIS/5.0 168Content-Type: text/html; charset=iso-8859-1 169Content-Length: 29 170WWW-Authenticate: Digest realm="testrealm", nonce="2" 171WWW-Authenticate: NTLM 172 173This is a bad password page! 174HTTP/1.1 200 Things are fine in server land 175Server: Microsoft-IIS/5.0 176Content-Type: text/html; charset=iso-8859-1 177Content-Length: 32 178 179Finally, this is the real page! 180HTTP/1.1 401 NTLM intermediate (2) 181Server: Microsoft-IIS/5.0 182Content-Type: text/html; charset=iso-8859-1 183Content-Length: 33 184WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAACGgAEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 185 186HTTP/1.1 401 Sorry wrong password (2) 187Server: Microsoft-IIS/5.0 188Content-Type: text/html; charset=iso-8859-1 189Content-Length: 29 190WWW-Authenticate: NTLM 191WWW-Authenticate: Digest realm="testrealm", nonce="5" 192 193This is a bad password page! 194HTTP/1.1 401 Sorry wrong password (3) 195Server: Microsoft-IIS/5.0 196Content-Type: text/html; charset=iso-8859-1 197Content-Length: 29 198WWW-Authenticate: NTLM 199WWW-Authenticate: Digest realm="testrealm", nonce="7" 200 201HTTP/1.1 401 Sorry wrong password (3) 202Server: Microsoft-IIS/5.0 203Content-Type: text/html; charset=iso-8859-1 204Content-Length: 29 205WWW-Authenticate: NTLM 206WWW-Authenticate: Digest realm="testrealm", nonce="7" 207 208This is a bad password page! 209HTTP/1.1 200 Things are fine in server land (2) 210Server: Microsoft-IIS/5.0 211Content-Type: text/html; charset=iso-8859-1 212Content-Length: 32 213 214Finally, this is the real page! 215</datacheck> 216 217</reply> 218 219# Client-side 220<client> 221<features> 222NTLM 223SSL 224!SSPI 225</features> 226<server> 227http 228</server> 229<tool> 230libauthretry 231</tool> 232 233 <name> 234HTTP authorization retry (NTLM switching to Digest) 235 </name> 236 <setenv> 237# we force our own host name, in order to make the test machine independent 238CURL_GETHOSTNAME=curlhost 239# we try to use the LD_PRELOAD hack, if not a debug build 240LD_PRELOAD=%PWD/libtest/.libs/libhostname.so 241 </setenv> 242 <command> 243http://%HOSTIP:%HTTPPORT/2030 ntlm digest 244</command> 245<precheck> 246chkhostname curlhost 247</precheck> 248</client> 249 250# Verify data after the test has been "shot" 251<verify> 252<protocol> 253GET /20300100 HTTP/1.1 254Host: %HOSTIP:%HTTPPORT 255Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 256Accept: */* 257 258GET /20300100 HTTP/1.1 259Host: %HOSTIP:%HTTPPORT 260Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAAhoABANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q= 261Accept: */* 262 263GET /20300200 HTTP/1.1 264Host: %HOSTIP:%HTTPPORT 265Authorization: Digest username="testuser", realm="testrealm", nonce="2", uri="/20300200", response="2f2d784ba53a0a307758a90e98d25c27" 266Accept: */* 267 268GET /20300300 HTTP/1.1 269Host: %HOSTIP:%HTTPPORT 270Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 271Accept: */* 272 273GET /20300300 HTTP/1.1 274Host: %HOSTIP:%HTTPPORT 275Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAAhoABANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q= 276Accept: */* 277 278GET /20300400 HTTP/1.1 279Host: %HOSTIP:%HTTPPORT 280Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8" 281Accept: */* 282 283GET /20300400 HTTP/1.1 284Host: %HOSTIP:%HTTPPORT 285Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8" 286Accept: */* 287 288GET /20300500 HTTP/1.1 289Host: %HOSTIP:%HTTPPORT 290Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20300500", response="198757e61163a779cf24ed4c49c1ad7d" 291Accept: */* 292 293</protocol> 294</verify> 295</testcase> 296