generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

test2005: verify ntlm single-signon

Browse Source
This commit is contained in:
Mandy Wu 2011-07-18 23:39:52 +02:00 committed by Daniel Stenberg
parent a6d4807d02
commit aa26c2751a
5 changed files with 278 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/data/Makefile.am
View File

@ -73,7 +73,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \
test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
test1126 test1127 test1128 test1200 test1201 test1202 test1203 test1300 \
test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 \
test1309 test2000 test2001 test2002 test2003 test2004
test1309 test2000 test2001 test2002 test2003 test2004 test2005
EXTRA_DIST = $(TESTCASES) DISABLED

120
tests/data/test2005 Normal file
View File

@ -0,0 +1,120 @@
<testcase>
<info>
<keywords>
HTTP
HTTP GET
HTTP NTLM auth
</keywords>
</info>
# Server-side
<reply>
<!-- no <data> in this test since we have NTLM from the start
This is supposed to be returned when the server gets a first
Authorization: NTLM line passed-in from the client -->
<data1001>
HTTP/1.1 401 Now gimme that second request of crap
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 34
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
This is not the real page either!
</data1001>
# This is supposed to be returned when the server gets the second
# Authorization: NTLM line passed-in from the client
<data1002>
HTTP/1.1 200 Things are fine in server land swsclose
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32
Finally, this is the real page!
</data1002>
<datacheck>
HTTP/1.1 401 Now gimme that second request of crap
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 34
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
HTTP/1.1 200 Things are fine in server land swsclose
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32
Finally, this is the real page!
</datacheck>
</reply>
# Client-side
<client>
<features>
NTLM_SSO
</features>
<server>
http
</server>
<name>
HTTP with NTLM single-sign-on authorization
</name>
<setenv>
# we force our own host name, in order to make the test machine independent
CURL_GETHOSTNAME=curlhost
# we try to use the LD_PRELOAD hack, if not a debug build
LD_PRELOAD=%PWD/libtest/.libs/libhostname.so
# set path to fake_auth instead of real ntlm_auth to generate NTLM type1 and type 3 messages
NTLM_AUTH=server/fake_ntlm
</setenv>
<command>
http://%HOSTIP:%HTTPPORT/2005 -u testuser:anypasswd --ntlm-sso
</command>
<precheck>
chkhostname curlhost
</precheck>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET /2005 HTTP/1.1
Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
Host: %HOSTIP:%HTTPPORT
Accept: */*
GET /2005 HTTP/1.1
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ==
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
Host: %HOSTIP:%HTTPPORT
Accept: */*
</protocol>
</verify>
# Input and output (type 1 message) for fake_ntlm
<ntlm_auth_type1>
<input>
YR
</input>
<output>
YR TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA
</output>
</ntlm_auth_type1>
# Input and output (type 3 message) for fake_ntlm
<ntlm_auth_type3>
<input>
TT TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
</input>
<output>
KK TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ==
</output>
</ntlm_auth_type3>
</testcase>

10
tests/runtests.pl
View File

@ -203,6 +203,7 @@ my $has_ipv6; # set if libcurl is built with IPv6 support
my $has_libz; # set if libcurl is built with libz support
my $has_getrlimit; # set if system has getrlimit()
my $has_ntlm; # set if libcurl is built with NTLM support
my $has_ntlm_sso; # set if libcurl is built with NTLM single-sign-on support
my $has_charconv;# set if libcurl is built with CharConv support
my $has_tls_srp; # set if libcurl is built with TLS-SRP support
@ -2172,6 +2173,10 @@ sub checksystem {
# NTLM enabled
$has_ntlm=1;
}
if($feat =~ /NTLM_SSO/i) {
# NTLM single-sign-on enabled
$has_ntlm_sso=1;
}
if($feat =~ /CharConv/i) {
# CharConv enabled
$has_charconv=1;
@ -2515,6 +2520,11 @@ sub singletest {
next;
}
}
elsif($f eq "NTLM_SSO") {
if($has_ntlm_sso) {
next;
}
}
elsif($f eq "getrlimit") {
if($has_getrlimit) {
next;

7
tests/server/Makefile.inc
View File

@ -1,4 +1,4 @@
noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd
noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd fake_ntlm
CURLX_SRCS = \
$(top_srcdir)/lib/mprintf.c \
@ -63,3 +63,8 @@ tftpd_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \
tftp.h
tftpd_LDADD = @TEST_SERVER_LIBS@
tftpd_CFLAGS = $(AM_CFLAGS)
fake_ntlm_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \
fake_ntlm.c
fake_ntlm_LDADD = @TEST_SERVER_LIBS@
fake_ntlm_CFLAGS = $(AM_CFLAGS)

141
tests/server/fake_ntlm.c Normal file
View File

@ -0,0 +1,141 @@
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2010, Mandy Wu, <mandy.wu@intel.com>
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
/*
* This is a fake ntlm_auth, which is used for testing NTLM single-sign-on.
* When DEBUGBUILD is defined, libcurl invoke this tool instead of real winbind
* daemon helper /usr/bin/ntlm_auth. This tool will accept commands and
* responses with a pre-written string saved in test case test2005.
*/
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include "curlx.h" /* from the private lib dir */
#include "getpart.h"
#include "util.h"
#ifndef DEFAULT_LOGFILE
#define DEFAULT_LOGFILE "log/fake_ntlm.log"
#endif
const char *serverlogfile = DEFAULT_LOGFILE;
int main(void)
{
char buf[1024];
FILE *stream;
char *filename;
int error;
char *type1_input = NULL, *type3_input = NULL;
char *type1_output = NULL, *type3_output = NULL;
size_t size = 0;
filename = test2file(2005);
stream=fopen(filename, "rb");
if(!stream) {
error = ERRNO;
logmsg("fopen() failed with error: %d %s", error, strerror(error));
logmsg("Error opening file: %s", filename);
logmsg("Couldn't open test file %ld", 2005);
exit(1);
}
else {
/* get the ntlm_auth input/output */
error = getpart(&type1_input, &size, "ntlm_auth_type1", "input", stream);
fclose(stream);
if(error || size == 0) {
logmsg("getpart() type 1 input failed with error: %d", error);
exit(1);
}
}
stream=fopen(filename, "rb");
if(!stream) {
error = ERRNO;
logmsg("fopen() failed with error: %d %s", error, strerror(error));
logmsg("Error opening file: %s", filename);
logmsg("Couldn't open test file %ld", 2005);
exit(1);
}
else {
size = 0;
error = getpart(&type3_input, &size, "ntlm_auth_type3", "input", stream);
fclose(stream);
if(error || size == 0) {
logmsg("getpart() type 3 input failed with error: %d", error);
exit(1);
}
}
while(fgets(buf, 1024, stdin)) {
if(strcmp(buf, type1_input) == 0) {
stream=fopen(filename, "rb");
if(!stream) {
error = ERRNO;
logmsg("fopen() failed with error: %d %s", error, strerror(error));
logmsg("Error opening file: %s", filename);
logmsg("Couldn't open test file %ld", 2005);
exit(1);
}
else {
size = 0;
error = getpart(&type1_output, &size, "ntlm_auth_type1", "output", stream);
fclose(stream);
if(error || size == 0) {
logmsg("getpart() type 1 output failed with error: %d", error);
exit(1);
}
}
printf("%s", type1_output);
fflush(stdout);
}
else if(strncmp(buf, type3_input, strlen(type3_input)) == 0) {
stream=fopen(filename, "rb");
if(!stream) {
error = ERRNO;
logmsg("fopen() failed with error: %d %s", error, strerror(error));
logmsg("Error opening file: %s", filename);
logmsg("Couldn't open test file %ld", 2005);
exit(1);
}
else {
size = 0;
error = getpart(&type3_output, &size, "ntlm_auth_type3", "output", stream);
fclose(stream);
if(error || size == 0) {
logmsg("getpart() type 3 output failed with error: %d", error);
exit(1);
}
}
printf("%s", type3_output);
fflush(stdout);
}
else {
printf("Unknown request\n");
logmsg("invalid input: %s\n", buf);
exit(1);
}
}
return 1;
}