1 <testcase> 2 <info> 3 <keywords> 4 HTTP 5 HTTP GET 6 HTTP Basic auth 7 HTTP NTLM auth 8 </keywords> 9 </info> 10 # Server-side 11 <reply> 12 13 <!-- Alternate the order that Basic and NTLM headers appear in responses to 14 ensure that the order doesn't matter. --> 15 16 <!-- First request has Basic auth, wrong password --> 17 <data100> 18 HTTP/1.1 401 Sorry wrong password 19 Server: Microsoft-IIS/5.0 20 Content-Type: text/html; charset=iso-8859-1 21 Content-Length: 29 22 WWW-Authenticate: NTLM 23 WWW-Authenticate: Basic realm="testrealm" 24 25 This is a bad password page! 26 </data100> 27 28 <!-- Second request has NTLM auth, right password --> 29 <data200> 30 HTTP/1.1 401 Need Basic or NTLM auth 31 Server: Microsoft-IIS/5.0 32 Content-Type: text/html; charset=iso-8859-1 33 Content-Length: 27 34 WWW-Authenticate: Basic realm="testrealm" 35 WWW-Authenticate: NTLM 36 37 This is not the real page! 38 </data200> 39 40 <data1201> 41 HTTP/1.1 401 NTLM intermediate 42 Server: Microsoft-IIS/5.0 43 Content-Type: text/html; charset=iso-8859-1 44 Content-Length: 33 45 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 46 47 This is still not the real page! 48 </data1201> 49 50 <data1202> 51 HTTP/1.1 200 Things are fine in server land 52 Server: Microsoft-IIS/5.0 53 Content-Type: text/html; charset=iso-8859-1 54 Content-Length: 32 55 56 Finally, this is the real page! 57 </data1202> 58 59 <!-- Third request has Basic auth, wrong password --> 60 <data300> 61 HTTP/1.1 401 Sorry wrong password (2) 62 Server: Microsoft-IIS/5.0 63 Content-Type: text/html; charset=iso-8859-1 64 Content-Length: 29 65 WWW-Authenticate: NTLM 66 WWW-Authenticate: Basic realm="testrealm" 67 68 This is a bad password page! 69 </data300> 70 71 <!-- Fourth request has NTLM auth, wrong password --> 72 <data400> 73 HTTP/1.1 401 Need Basic or NTLM auth (2) 74 Server: Microsoft-IIS/5.0 75 Content-Type: text/html; charset=iso-8859-1 76 Content-Length: 27 77 WWW-Authenticate: Basic realm="testrealm" 78 WWW-Authenticate: NTLM 79 80 This is not the real page! 81 </data400> 82 83 <data1401> 84 HTTP/1.1 401 NTLM intermediate (2) 85 Server: Microsoft-IIS/5.0 86 Content-Type: text/html; charset=iso-8859-1 87 Content-Length: 33 88 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 89 90 This is still not the real page! 91 </data1401> 92 93 <data1402> 94 HTTP/1.1 401 Sorry wrong password (3) 95 Server: Microsoft-IIS/5.0 96 Content-Type: text/html; charset=iso-8859-1 97 Content-Length: 29 98 WWW-Authenticate: NTLM 99 WWW-Authenticate: Basic realm="testrealm" 100 101 This is a bad password page! 102 </data1402> 103 104 <!-- Fifth request has NTLM auth, right password --> 105 <data500> 106 HTTP/1.1 401 Need Basic or NTLM auth (3) 107 Server: Microsoft-IIS/5.0 108 Content-Type: text/html; charset=iso-8859-1 109 Content-Length: 27 110 WWW-Authenticate: Basic realm="testrealm" 111 WWW-Authenticate: NTLM 112 113 This is not the real page! 114 </data500> 115 116 <data1501> 117 HTTP/1.1 401 NTLM intermediate (3) 118 Server: Microsoft-IIS/5.0 119 Content-Type: text/html; charset=iso-8859-1 120 Content-Length: 33 121 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 122 123 This is still not the real page! 124 </data1501> 125 126 <data1502> 127 HTTP/1.1 200 Things are fine in server land (2) 128 Server: Microsoft-IIS/5.0 129 Content-Type: text/html; charset=iso-8859-1 130 Content-Length: 32 131 132 Finally, this is the real page! 133 </data1502> 134 135 <datacheck> 136 HTTP/1.1 401 Sorry wrong password 137 Server: Microsoft-IIS/5.0 138 Content-Type: text/html; charset=iso-8859-1 139 Content-Length: 29 140 WWW-Authenticate: NTLM 141 WWW-Authenticate: Basic realm="testrealm" 142 143 This is a bad password page! 144 HTTP/1.1 401 NTLM intermediate 145 Server: Microsoft-IIS/5.0 146 Content-Type: text/html; charset=iso-8859-1 147 Content-Length: 33 148 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 149 150 HTTP/1.1 200 Things are fine in server land 151 Server: Microsoft-IIS/5.0 152 Content-Type: text/html; charset=iso-8859-1 153 Content-Length: 32 154 155 Finally, this is the real page! 156 HTTP/1.1 401 Sorry wrong password (2) 157 Server: Microsoft-IIS/5.0 158 Content-Type: text/html; charset=iso-8859-1 159 Content-Length: 29 160 WWW-Authenticate: NTLM 161 WWW-Authenticate: Basic realm="testrealm" 162 163 This is a bad password page! 164 HTTP/1.1 401 NTLM intermediate (2) 165 Server: Microsoft-IIS/5.0 166 Content-Type: text/html; charset=iso-8859-1 167 Content-Length: 33 168 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 169 170 HTTP/1.1 401 Sorry wrong password (3) 171 Server: Microsoft-IIS/5.0 172 Content-Type: text/html; charset=iso-8859-1 173 Content-Length: 29 174 WWW-Authenticate: NTLM 175 WWW-Authenticate: Basic realm="testrealm" 176 177 This is a bad password page! 178 HTTP/1.1 401 NTLM intermediate (3) 179 Server: Microsoft-IIS/5.0 180 Content-Type: text/html; charset=iso-8859-1 181 Content-Length: 33 182 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg= 183 184 HTTP/1.1 200 Things are fine in server land (2) 185 Server: Microsoft-IIS/5.0 186 Content-Type: text/html; charset=iso-8859-1 187 Content-Length: 32 188 189 Finally, this is the real page! 190 </datacheck> 191 192 </reply> 193 194 # Client-side 195 <client> 196 <features> 197 NTLM 198 !SSPI 199 </features> 200 <server> 201 http 202 </server> 203 <tool> 204 libauthretry 205 </tool> 206 207 <name> 208 HTTP authorization retry (Basic switching to NTLM) 209 </name> 210 <setenv> 211 # we force our own host name, in order to make the test machine independent 212 CURL_GETHOSTNAME=curlhost 213 # we try to use the LD_PRELOAD hack, if not a debug build 214 LD_PRELOAD=%PWD/libtest/.libs/libhostname.so 215 </setenv> 216 <command> 217 http://%HOSTIP:%HTTPPORT/2025 basic ntlm 218 </command> 219 <precheck> 220 chkhostname curlhost 221 </precheck> 222 </client> 223 224 # Verify data after the test has been "shot" 225 <verify> 226 <strip> 227 ^User-Agent:.* 228 </strip> 229 <protocol> 230 GET /20250100 HTTP/1.1 231 Host: %HOSTIP:%HTTPPORT 232 Authorization: Basic dGVzdHVzZXI6d3JvbmdwYXNz 233 Accept: */* 234 235 GET /20250200 HTTP/1.1 236 Host: %HOSTIP:%HTTPPORT 237 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 238 Accept: */* 239 240 GET /20250200 HTTP/1.1 241 Host: %HOSTIP:%HTTPPORT 242 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAABoIBAI+/Fp9IERAQ74OsdNPbBpg7o8CVwLSO4DtFyIcZHUMKVktWIu92s2892OVpd2JzqnRlc3R1c2VyY3VybGhvc3Q= 243 Accept: */* 244 245 GET /20250300 HTTP/1.1 246 Host: %HOSTIP:%HTTPPORT 247 Authorization: Basic dGVzdHVzZXI6d3JvbmdwYXNz 248 Accept: */* 249 250 GET /20250400 HTTP/1.1 251 Host: %HOSTIP:%HTTPPORT 252 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 253 Accept: */* 254 255 GET /20250400 HTTP/1.1 256 Host: %HOSTIP:%HTTPPORT 257 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAABoIBANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q= 258 Accept: */* 259 260 GET /20250500 HTTP/1.1 261 Host: %HOSTIP:%HTTPPORT 262 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 263 Accept: */* 264 265 GET /20250500 HTTP/1.1 266 Host: %HOSTIP:%HTTPPORT 267 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAABoIBAI+/Fp9IERAQ74OsdNPbBpg7o8CVwLSO4DtFyIcZHUMKVktWIu92s2892OVpd2JzqnRlc3R1c2VyY3VybGhvc3Q= 268 Accept: */* 269 270 </protocol> 271 </verify> 272 </testcase> 273
