test2005: verify ntlm single-signon

5 files changed, 278 insertions, 2 deletions

diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 363c40628..ccaa8a36b 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -73,7 +73,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117	\
 test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125	\
 test1126 test1127 test1128 test1200 test1201 test1202 test1203 test1300	\
 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308	\
-test1309 test2000 test2001 test2002 test2003 test2004
+test1309 test2000 test2001 test2002 test2003 test2004 test2005
 
 EXTRA_DIST = $(TESTCASES) DISABLED
 
diff --git a/tests/data/test2005 b/tests/data/test2005
new file mode 100644
index 000000000..36fb535b7
--- /dev/null
+++ b/tests/data/test2005
@@ -0,0 +1,120 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP NTLM auth
+</keywords>
+</info>
+# Server-side
+<reply>
+
+<!-- no <data> in this test since we have NTLM from the start
+
+This is supposed to be returned when the server gets a first
+Authorization: NTLM line passed-in from the client -->
+
+<data1001>
+HTTP/1.1 401 Now gimme that second request of crap
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 34
+WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+
+This is not the real page either!
+</data1001>
+
+# This is supposed to be returned when the server gets the second
+# Authorization: NTLM line passed-in from the client
+<data1002>
+HTTP/1.1 200 Things are fine in server land swsclose
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 32
+
+Finally, this is the real page!
+</data1002>
+
+<datacheck>
+HTTP/1.1 401 Now gimme that second request of crap
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 34
+WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+
+HTTP/1.1 200 Things are fine in server land swsclose
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 32
+
+Finally, this is the real page!
+</datacheck>
+
+</reply>
+
+# Client-side
+<client>
+<features>
+NTLM_SSO
+</features>
+<server>
+http
+</server>
+ <name>
+HTTP with NTLM single-sign-on authorization
+ </name>
+ <setenv>
+# we force our own host name, in order to make the test machine independent
+CURL_GETHOSTNAME=curlhost
+# we try to use the LD_PRELOAD hack, if not a debug build
+LD_PRELOAD=%PWD/libtest/.libs/libhostname.so
+# set path to fake_auth instead of real ntlm_auth to generate NTLM type1 and type 3 messages
+NTLM_AUTH=server/fake_ntlm
+ </setenv>
+ <command>
+http://%HOSTIP:%HTTPPORT/2005 -u testuser:anypasswd --ntlm-sso
+</command>
+<precheck>
+chkhostname curlhost
+</precheck>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /2005 HTTP/1.1

+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA

+User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3

+Host: %HOSTIP:%HTTPPORT

+Accept: */*

+

+GET /2005 HTTP/1.1

+Authorization: NTLM TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ==

+User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3

+Host: %HOSTIP:%HTTPPORT

+Accept: */*

+

+</protocol>
+</verify>
+# Input and output (type 1 message) for fake_ntlm
+<ntlm_auth_type1>
+<input>
+YR
+</input>
+<output>
+YR TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA
+</output>
+</ntlm_auth_type1>
+# Input and output (type 3 message) for fake_ntlm
+<ntlm_auth_type3>
+<input>
+TT TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+</input>
+<output>
+KK TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ==
+</output>
+</ntlm_auth_type3>
+</testcase>
diff --git a/tests/runtests.pl b/tests/runtests.pl
index 9a0c0714d..749840b51 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -203,6 +203,7 @@ my $has_ipv6;    # set if libcurl is built with IPv6 support
 my $has_libz;    # set if libcurl is built with libz support
 my $has_getrlimit;  # set if system has getrlimit()
 my $has_ntlm;    # set if libcurl is built with NTLM support
+my $has_ntlm_sso; # set if libcurl is built with NTLM single-sign-on support
 my $has_charconv;# set if libcurl is built with CharConv support
 my $has_tls_srp; # set if libcurl is built with TLS-SRP support
 
@@ -2172,6 +2173,10 @@ sub checksystem {
                 # NTLM enabled
                 $has_ntlm=1;
             }
+            if($feat =~ /NTLM_SSO/i) {
+                # NTLM single-sign-on enabled
+                $has_ntlm_sso=1;
+            }
             if($feat =~ /CharConv/i) {
                 # CharConv enabled
                 $has_charconv=1;
@@ -2515,6 +2520,11 @@ sub singletest {
                 next;
             }
         }
+        elsif($f eq "NTLM_SSO") {
+            if($has_ntlm_sso) {
+                next;
+            }
+        }
         elsif($f eq "getrlimit") {
             if($has_getrlimit) {
                 next;
diff --git a/tests/server/Makefile.inc b/tests/server/Makefile.inc
index be3f06808..6b0ee72f0 100644
--- a/tests/server/Makefile.inc
+++ b/tests/server/Makefile.inc
@@ -1,4 +1,4 @@
-noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd
+noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd fake_ntlm
 
 CURLX_SRCS = \
  $(top_srcdir)/lib/mprintf.c \
@@ -63,3 +63,8 @@ tftpd_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \
  tftp.h
 tftpd_LDADD = @TEST_SERVER_LIBS@
 tftpd_CFLAGS = $(AM_CFLAGS)
+
+fake_ntlm_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \
+ fake_ntlm.c
+fake_ntlm_LDADD = @TEST_SERVER_LIBS@
+fake_ntlm_CFLAGS = $(AM_CFLAGS)
diff --git a/tests/server/fake_ntlm.c b/tests/server/fake_ntlm.c
new file mode 100644
index 000000000..624ec6b1c
--- /dev/null
+++ b/tests/server/fake_ntlm.c
@@ -0,0 +1,141 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Mandy Wu, <mandy.wu@intel.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * This is a fake ntlm_auth, which is used for testing NTLM single-sign-on.
+ * When DEBUGBUILD is defined, libcurl invoke this tool instead of real winbind
+ * daemon helper /usr/bin/ntlm_auth. This tool will accept commands and
+ * responses with a pre-written string saved in test case test2005.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include "curlx.h" /* from the private lib dir */
+#include "getpart.h"
+#include "util.h"
+
+#ifndef DEFAULT_LOGFILE
+#define DEFAULT_LOGFILE "log/fake_ntlm.log"
+#endif
+
+const char *serverlogfile = DEFAULT_LOGFILE;
+
+int main(void)
+{
+  char buf[1024];
+  FILE *stream;
+  char *filename;
+  int error;
+  char *type1_input = NULL, *type3_input = NULL;
+  char *type1_output = NULL, *type3_output = NULL;
+  size_t size = 0;
+
+  filename = test2file(2005);
+  stream=fopen(filename, "rb");
+  if(!stream) {
+    error = ERRNO;
+    logmsg("fopen() failed with error: %d %s", error, strerror(error));
+    logmsg("Error opening file: %s", filename);
+    logmsg("Couldn't open test file %ld", 2005);
+    exit(1);
+  }
+  else {
+    /* get the ntlm_auth input/output */
+    error = getpart(&type1_input, &size, "ntlm_auth_type1", "input", stream);
+    fclose(stream);
+    if(error || size == 0) {
+      logmsg("getpart() type 1 input failed with error: %d", error);
+      exit(1);
+    }
+  }
+
+  stream=fopen(filename, "rb");
+  if(!stream) {
+    error = ERRNO;
+    logmsg("fopen() failed with error: %d %s", error, strerror(error));
+    logmsg("Error opening file: %s", filename);
+    logmsg("Couldn't open test file %ld", 2005);
+    exit(1);
+  }
+  else {
+    size = 0;
+    error = getpart(&type3_input, &size, "ntlm_auth_type3", "input", stream);
+    fclose(stream);
+    if(error || size == 0) {
+      logmsg("getpart() type 3 input failed with error: %d", error);
+      exit(1);
+    }
+  }
+
+  while(fgets(buf, 1024, stdin)) {
+    if(strcmp(buf, type1_input) == 0) {
+      stream=fopen(filename, "rb");
+      if(!stream) {
+        error = ERRNO;
+        logmsg("fopen() failed with error: %d %s", error, strerror(error));
+        logmsg("Error opening file: %s", filename);
+        logmsg("Couldn't open test file %ld", 2005);
+        exit(1);
+      }
+      else {
+        size = 0;
+        error = getpart(&type1_output, &size, "ntlm_auth_type1", "output", stream);
+        fclose(stream);
+        if(error || size == 0) {
+          logmsg("getpart() type 1 output failed with error: %d", error);
+          exit(1);
+        }
+      }
+      printf("%s", type1_output);
+      fflush(stdout);
+    }
+    else if(strncmp(buf, type3_input, strlen(type3_input)) == 0) {
+      stream=fopen(filename, "rb");
+      if(!stream) {
+        error = ERRNO;
+        logmsg("fopen() failed with error: %d %s", error, strerror(error));
+        logmsg("Error opening file: %s", filename);
+        logmsg("Couldn't open test file %ld", 2005);
+        exit(1);
+      }
+      else {
+        size = 0;
+        error = getpart(&type3_output, &size, "ntlm_auth_type3", "output", stream);
+        fclose(stream);
+        if(error || size == 0) {
+          logmsg("getpart() type 3 output failed with error: %d", error);
+          exit(1);
+        }
+      }
+      printf("%s", type3_output);
+      fflush(stdout);
+    }
+    else {
+      printf("Unknown request\n");
+      logmsg("invalid input: %s\n", buf);
+      exit(1);
+    }
+  }
+  return 1;
+}