From f77dabefd80b05173e602de94865b5cdffb3495e Mon Sep 17 00:00:00 2001 From: Max Khon Date: Mon, 6 Feb 2017 23:40:51 +0600 Subject: digest_sspi: Fix nonce-count generation in HTTP digest - on the first invocation: keep security context returned by InitializeSecurityContext() - on subsequent invocations: use MakeSignature() instead of InitializeSecurityContext() to generate HTTP digest response Bug: https://github.com/curl/curl/issues/870 Reported-by: Andreas Roth Closes https://github.com/curl/curl/pull/1251 --- tests/data/test1286 | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 tests/data/test1286 (limited to 'tests/data/test1286') diff --git a/tests/data/test1286 b/tests/data/test1286 new file mode 100644 index 000000000..41782cb0f --- /dev/null +++ b/tests/data/test1286 @@ -0,0 +1,110 @@ + + + +HTTP +HTTP GET +HTTP Digest auth +followlocation + + + +# Server-side + + +HTTP/1.1 401 authentication please swsbounce +Server: Microsoft-IIS/6.0 +WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", qop="auth" +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 0 + + + +HTTP/1.1 302 Thanks for this, but we want to redir you! +Server: Microsoft-IIS/5.0 +Content-Type: text/html; charset=iso-8859-1 +Location: /12860001 +Content-Length: 0 + + + +HTTP/1.1 404 Not Found +Server: Microsoft-IIS/5.0 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 0 + + + + +HTTP/1.1 401 authentication please swsbounce +Server: Microsoft-IIS/6.0 +WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", qop="auth" +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 0 + +HTTP/1.1 302 Thanks for this, but we want to redir you! +Server: Microsoft-IIS/5.0 +Content-Type: text/html; charset=iso-8859-1 +Location: /12860001 +Content-Length: 0 + +HTTP/1.1 404 Not Found +Server: Microsoft-IIS/5.0 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 0 + + + + + +# Client-side + +# + +http + + +crypto + + +HTTP GET --digest increasing nonce-count + +# This test is to ensure the nonce-count (nc) increases +# https://github.com/curl/curl/pull/1251 + +-u auser:apasswd --location --digest http://%HOSTIP:%HTTPPORT/1286 + + + +# Verify data after the test has been "shot" + + +^User-Agent:.* + +# Reorder the fields in 'Authorization: Digest' header. +# Since regular and SSPI digest auth header fields may not have the same order +# or whitespace we homogenize so that both may be tested. Also: +# - Remove the unique value from cnonce if in RFC format +# - Remove the unique value from response if in RFC format +# - Remove quotes from qop="auth" used by SSPI +# The if statement is one line because runtests evaluates one line at a time. + +if(s/^(Authorization: Digest )([^\r\n]+)(\r?\n)$//) { $_ = $1 . join(', ', map { s/^(cnonce=)"[a-zA-Z0-9+\/=]+"$/$1REMOVED/; s/^(response=)"[a-f0-9]{32}"$/$1REMOVED/; s/^qop="auth"$/qop=auth/; $_ } sort split(/, */, $2)) . $3; } + + +GET /1286 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Accept: */* + +GET /1286 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Digest cnonce=REMOVED, nc=00000001, nonce="1053604144", qop=auth, realm="testrealm", response=REMOVED, uri="/1286", username="auser" +Accept: */* + +GET /12860001 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Digest cnonce=REMOVED, nc=00000002, nonce="1053604144", qop=auth, realm="testrealm", response=REMOVED, uri="/12860001", username="auser" +Accept: */* + + + + -- cgit v1.2.3