1<testcase> 2<info> 3<keywords> 4HTTP 5HTTP GET 6HTTP Basic auth 7HTTP NTLM auth 8</keywords> 9</info> 10# Server-side 11<reply> 12 13<!-- Alternate the order that Basic and NTLM headers appear in responses to 14ensure that the order doesn't matter. --> 15 16<!-- First request has NTLM auth, wrong password --> 17<data100> 18HTTP/1.1 401 Need Basic or NTLM auth 19Server: Microsoft-IIS/5.0 20Content-Type: text/html; charset=iso-8859-1 21Content-Length: 27 22WWW-Authenticate: NTLM 23WWW-Authenticate: Basic realm="testrealm" 24 25This is not the real page! 26</data100> 27 28<data1101> 29HTTP/1.1 401 NTLM intermediate 30Server: Microsoft-IIS/5.0 31Content-Type: text/html; charset=iso-8859-1 32Content-Length: 33 33WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 34 35This is still not the real page! 36</data1101> 37 38<data1102> 39HTTP/1.1 401 Sorry wrong password 40Server: Microsoft-IIS/5.0 41Content-Type: text/html; charset=iso-8859-1 42Content-Length: 29 43WWW-Authenticate: Basic realm="testrealm" 44WWW-Authenticate: NTLM 45 46This is a bad password page! 47</data1102> 48 49<!-- Second request has Basic auth, right password --> 50<data200> 51HTTP/1.1 200 Things are fine in server land 52Server: Microsoft-IIS/5.0 53Content-Type: text/html; charset=iso-8859-1 54Content-Length: 32 55 56Finally, this is the real page! 57</data200> 58 59<!-- Third request has NTLM auth, wrong password --> 60<data300> 61HTTP/1.1 401 Need Basic or NTLM auth (2) 62Server: Microsoft-IIS/5.0 63Content-Type: text/html; charset=iso-8859-1 64Content-Length: 27 65WWW-Authenticate: NTLM 66WWW-Authenticate: Basic realm="testrealm" 67 68This is not the real page! 69</data300> 70 71<data1301> 72HTTP/1.1 401 NTLM intermediate (2) 73Server: Microsoft-IIS/5.0 74Content-Type: text/html; charset=iso-8859-1 75Content-Length: 33 76WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 77 78This is still not the real page! 79</data1301> 80 81<data1302> 82HTTP/1.1 401 Sorry wrong password (2) 83Server: Microsoft-IIS/5.0 84Content-Type: text/html; charset=iso-8859-1 85Content-Length: 29 86WWW-Authenticate: Basic realm="testrealm" 87WWW-Authenticate: NTLM 88 89This is a bad password page! 90</data1302> 91 92<!-- Fourth request has Basic auth, wrong password --> 93<data400> 94HTTP/1.1 401 Sorry wrong password (3) 95Server: Microsoft-IIS/5.0 96Content-Type: text/html; charset=iso-8859-1 97Content-Length: 29 98WWW-Authenticate: NTLM 99WWW-Authenticate: Basic realm="testrealm" 100 101This is a bad password page! 102</data400> 103 104<!-- Fifth request has Basic auth, right password --> 105<data500> 106HTTP/1.1 200 Things are fine in server land (2) 107Server: Microsoft-IIS/5.0 108Content-Type: text/html; charset=iso-8859-1 109Content-Length: 32 110 111Finally, this is the real page! 112</data500> 113 114<datacheck> 115HTTP/1.1 401 NTLM intermediate 116Server: Microsoft-IIS/5.0 117Content-Type: text/html; charset=iso-8859-1 118Content-Length: 33 119WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 120 121HTTP/1.1 401 Sorry wrong password 122Server: Microsoft-IIS/5.0 123Content-Type: text/html; charset=iso-8859-1 124Content-Length: 29 125WWW-Authenticate: Basic realm="testrealm" 126WWW-Authenticate: NTLM 127 128This is a bad password page! 129HTTP/1.1 200 Things are fine in server land 130Server: Microsoft-IIS/5.0 131Content-Type: text/html; charset=iso-8859-1 132Content-Length: 32 133 134Finally, this is the real page! 135HTTP/1.1 401 NTLM intermediate (2) 136Server: Microsoft-IIS/5.0 137Content-Type: text/html; charset=iso-8859-1 138Content-Length: 33 139WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 140 141HTTP/1.1 401 Sorry wrong password (2) 142Server: Microsoft-IIS/5.0 143Content-Type: text/html; charset=iso-8859-1 144Content-Length: 29 145WWW-Authenticate: Basic realm="testrealm" 146WWW-Authenticate: NTLM 147 148This is a bad password page! 149HTTP/1.1 401 Sorry wrong password (3) 150Server: Microsoft-IIS/5.0 151Content-Type: text/html; charset=iso-8859-1 152Content-Length: 29 153WWW-Authenticate: NTLM 154WWW-Authenticate: Basic realm="testrealm" 155 156This is a bad password page! 157HTTP/1.1 200 Things are fine in server land (2) 158Server: Microsoft-IIS/5.0 159Content-Type: text/html; charset=iso-8859-1 160Content-Length: 32 161 162Finally, this is the real page! 163</datacheck> 164 165</reply> 166 167# Client-side 168<client> 169<features> 170NTLM 171!SSPI 172</features> 173<server> 174http 175</server> 176<tool> 177libauthretry 178</tool> 179 180 <name> 181HTTP authorization retry (NTLM switching to Basic) 182 </name> 183 <setenv> 184# we force our own host name, in order to make the test machine independent 185CURL_GETHOSTNAME=curlhost 186# we try to use the LD_PRELOAD hack, if not a debug build 187LD_PRELOAD=%PWD/libtest/.libs/libhostname.so 188 </setenv> 189 <command> 190http://%HOSTIP:%HTTPPORT/2029 ntlm basic 191</command> 192<precheck> 193chkhostname curlhost 194</precheck> 195</client> 196 197# Verify data after the test has been "shot" 198<verify> 199<strip> 200^User-Agent:.* 201</strip> 202<protocol> 203GET /20290100 HTTP/1.1 204Host: %HOSTIP:%HTTPPORT 205Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 206Accept: */* 207 208GET /20290100 HTTP/1.1 209Host: %HOSTIP:%HTTPPORT 210Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAABoIBANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q= 211Accept: */* 212 213GET /20290200 HTTP/1.1 214Host: %HOSTIP:%HTTPPORT 215Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M= 216Accept: */* 217 218GET /20290300 HTTP/1.1 219Host: %HOSTIP:%HTTPPORT 220Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 221Accept: */* 222 223GET /20290300 HTTP/1.1 224Host: %HOSTIP:%HTTPPORT 225Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAABoIBANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q= 226Accept: */* 227 228GET /20290400 HTTP/1.1 229Host: %HOSTIP:%HTTPPORT 230Authorization: Basic dGVzdHVzZXI6d3JvbmdwYXNz 231Accept: */* 232 233GET /20290500 HTTP/1.1 234Host: %HOSTIP:%HTTPPORT 235Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M= 236Accept: */* 237 238</protocol> 239</verify> 240</testcase> 241