aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMandy Wu <mandy.wu@intel.com>2011-07-18 23:39:52 +0200
committerDaniel Stenberg <daniel@haxx.se>2011-07-18 23:48:53 +0200
commitaa26c2751a9edc8129ae2cff1c82ddfd0e5b1446 (patch)
treec2230508553e32bf9b6c7dba76e3f78309afddaa
parenta6d4807d028eb82f4a99587b0a8851727ca88566 (diff)
test2005: verify ntlm single-signon
-rw-r--r--tests/data/Makefile.am2
-rw-r--r--tests/data/test2005120
-rwxr-xr-xtests/runtests.pl10
-rw-r--r--tests/server/Makefile.inc7
-rw-r--r--tests/server/fake_ntlm.c141
5 files changed, 278 insertions, 2 deletions
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 363c40628..ccaa8a36b 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -73,7 +73,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \
test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
test1126 test1127 test1128 test1200 test1201 test1202 test1203 test1300 \
test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 \
-test1309 test2000 test2001 test2002 test2003 test2004
+test1309 test2000 test2001 test2002 test2003 test2004 test2005
EXTRA_DIST = $(TESTCASES) DISABLED
diff --git a/tests/data/test2005 b/tests/data/test2005
new file mode 100644
index 000000000..36fb535b7
--- /dev/null
+++ b/tests/data/test2005
@@ -0,0 +1,120 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP NTLM auth
+</keywords>
+</info>
+# Server-side
+<reply>
+
+<!-- no <data> in this test since we have NTLM from the start
+
+This is supposed to be returned when the server gets a first
+Authorization: NTLM line passed-in from the client -->
+
+<data1001>
+HTTP/1.1 401 Now gimme that second request of crap
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 34
+WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+
+This is not the real page either!
+</data1001>
+
+# This is supposed to be returned when the server gets the second
+# Authorization: NTLM line passed-in from the client
+<data1002>
+HTTP/1.1 200 Things are fine in server land swsclose
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 32
+
+Finally, this is the real page!
+</data1002>
+
+<datacheck>
+HTTP/1.1 401 Now gimme that second request of crap
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 34
+WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+
+HTTP/1.1 200 Things are fine in server land swsclose
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 32
+
+Finally, this is the real page!
+</datacheck>
+
+</reply>
+
+# Client-side
+<client>
+<features>
+NTLM_SSO
+</features>
+<server>
+http
+</server>
+ <name>
+HTTP with NTLM single-sign-on authorization
+ </name>
+ <setenv>
+# we force our own host name, in order to make the test machine independent
+CURL_GETHOSTNAME=curlhost
+# we try to use the LD_PRELOAD hack, if not a debug build
+LD_PRELOAD=%PWD/libtest/.libs/libhostname.so
+# set path to fake_auth instead of real ntlm_auth to generate NTLM type1 and type 3 messages
+NTLM_AUTH=server/fake_ntlm
+ </setenv>
+ <command>
+http://%HOSTIP:%HTTPPORT/2005 -u testuser:anypasswd --ntlm-sso
+</command>
+<precheck>
+chkhostname curlhost
+</precheck>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /2005 HTTP/1.1
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA
+User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+GET /2005 HTTP/1.1
+Authorization: NTLM TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ==
+User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+# Input and output (type 1 message) for fake_ntlm
+<ntlm_auth_type1>
+<input>
+YR
+</input>
+<output>
+YR TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA
+</output>
+</ntlm_auth_type1>
+# Input and output (type 3 message) for fake_ntlm
+<ntlm_auth_type3>
+<input>
+TT TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+</input>
+<output>
+KK TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ==
+</output>
+</ntlm_auth_type3>
+</testcase>
diff --git a/tests/runtests.pl b/tests/runtests.pl
index 9a0c0714d..749840b51 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -203,6 +203,7 @@ my $has_ipv6; # set if libcurl is built with IPv6 support
my $has_libz; # set if libcurl is built with libz support
my $has_getrlimit; # set if system has getrlimit()
my $has_ntlm; # set if libcurl is built with NTLM support
+my $has_ntlm_sso; # set if libcurl is built with NTLM single-sign-on support
my $has_charconv;# set if libcurl is built with CharConv support
my $has_tls_srp; # set if libcurl is built with TLS-SRP support
@@ -2172,6 +2173,10 @@ sub checksystem {
# NTLM enabled
$has_ntlm=1;
}
+ if($feat =~ /NTLM_SSO/i) {
+ # NTLM single-sign-on enabled
+ $has_ntlm_sso=1;
+ }
if($feat =~ /CharConv/i) {
# CharConv enabled
$has_charconv=1;
@@ -2515,6 +2520,11 @@ sub singletest {
next;
}
}
+ elsif($f eq "NTLM_SSO") {
+ if($has_ntlm_sso) {
+ next;
+ }
+ }
elsif($f eq "getrlimit") {
if($has_getrlimit) {
next;
diff --git a/tests/server/Makefile.inc b/tests/server/Makefile.inc
index be3f06808..6b0ee72f0 100644
--- a/tests/server/Makefile.inc
+++ b/tests/server/Makefile.inc
@@ -1,4 +1,4 @@
-noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd
+noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd fake_ntlm
CURLX_SRCS = \
$(top_srcdir)/lib/mprintf.c \
@@ -63,3 +63,8 @@ tftpd_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \
tftp.h
tftpd_LDADD = @TEST_SERVER_LIBS@
tftpd_CFLAGS = $(AM_CFLAGS)
+
+fake_ntlm_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \
+ fake_ntlm.c
+fake_ntlm_LDADD = @TEST_SERVER_LIBS@
+fake_ntlm_CFLAGS = $(AM_CFLAGS)
diff --git a/tests/server/fake_ntlm.c b/tests/server/fake_ntlm.c
new file mode 100644
index 000000000..624ec6b1c
--- /dev/null
+++ b/tests/server/fake_ntlm.c
@@ -0,0 +1,141 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Mandy Wu, <mandy.wu@intel.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * This is a fake ntlm_auth, which is used for testing NTLM single-sign-on.
+ * When DEBUGBUILD is defined, libcurl invoke this tool instead of real winbind
+ * daemon helper /usr/bin/ntlm_auth. This tool will accept commands and
+ * responses with a pre-written string saved in test case test2005.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include "curlx.h" /* from the private lib dir */
+#include "getpart.h"
+#include "util.h"
+
+#ifndef DEFAULT_LOGFILE
+#define DEFAULT_LOGFILE "log/fake_ntlm.log"
+#endif
+
+const char *serverlogfile = DEFAULT_LOGFILE;
+
+int main(void)
+{
+ char buf[1024];
+ FILE *stream;
+ char *filename;
+ int error;
+ char *type1_input = NULL, *type3_input = NULL;
+ char *type1_output = NULL, *type3_output = NULL;
+ size_t size = 0;
+
+ filename = test2file(2005);
+ stream=fopen(filename, "rb");
+ if(!stream) {
+ error = ERRNO;
+ logmsg("fopen() failed with error: %d %s", error, strerror(error));
+ logmsg("Error opening file: %s", filename);
+ logmsg("Couldn't open test file %ld", 2005);
+ exit(1);
+ }
+ else {
+ /* get the ntlm_auth input/output */
+ error = getpart(&type1_input, &size, "ntlm_auth_type1", "input", stream);
+ fclose(stream);
+ if(error || size == 0) {
+ logmsg("getpart() type 1 input failed with error: %d", error);
+ exit(1);
+ }
+ }
+
+ stream=fopen(filename, "rb");
+ if(!stream) {
+ error = ERRNO;
+ logmsg("fopen() failed with error: %d %s", error, strerror(error));
+ logmsg("Error opening file: %s", filename);
+ logmsg("Couldn't open test file %ld", 2005);
+ exit(1);
+ }
+ else {
+ size = 0;
+ error = getpart(&type3_input, &size, "ntlm_auth_type3", "input", stream);
+ fclose(stream);
+ if(error || size == 0) {
+ logmsg("getpart() type 3 input failed with error: %d", error);
+ exit(1);
+ }
+ }
+
+ while(fgets(buf, 1024, stdin)) {
+ if(strcmp(buf, type1_input) == 0) {
+ stream=fopen(filename, "rb");
+ if(!stream) {
+ error = ERRNO;
+ logmsg("fopen() failed with error: %d %s", error, strerror(error));
+ logmsg("Error opening file: %s", filename);
+ logmsg("Couldn't open test file %ld", 2005);
+ exit(1);
+ }
+ else {
+ size = 0;
+ error = getpart(&type1_output, &size, "ntlm_auth_type1", "output", stream);
+ fclose(stream);
+ if(error || size == 0) {
+ logmsg("getpart() type 1 output failed with error: %d", error);
+ exit(1);
+ }
+ }
+ printf("%s", type1_output);
+ fflush(stdout);
+ }
+ else if(strncmp(buf, type3_input, strlen(type3_input)) == 0) {
+ stream=fopen(filename, "rb");
+ if(!stream) {
+ error = ERRNO;
+ logmsg("fopen() failed with error: %d %s", error, strerror(error));
+ logmsg("Error opening file: %s", filename);
+ logmsg("Couldn't open test file %ld", 2005);
+ exit(1);
+ }
+ else {
+ size = 0;
+ error = getpart(&type3_output, &size, "ntlm_auth_type3", "output", stream);
+ fclose(stream);
+ if(error || size == 0) {
+ logmsg("getpart() type 3 output failed with error: %d", error);
+ exit(1);
+ }
+ }
+ printf("%s", type3_output);
+ fflush(stdout);
+ }
+ else {
+ printf("Unknown request\n");
+ logmsg("invalid input: %s\n", buf);
+ exit(1);
+ }
+ }
+ return 1;
+}