From aa26c2751a9edc8129ae2cff1c82ddfd0e5b1446 Mon Sep 17 00:00:00 2001 From: Mandy Wu Date: Mon, 18 Jul 2011 23:39:52 +0200 Subject: [PATCH] test2005: verify ntlm single-signon --- tests/data/Makefile.am | 2 +- tests/data/test2005 | 120 ++++++++++++++++++++++++++++++++ tests/runtests.pl | 10 +++ tests/server/Makefile.inc | 7 +- tests/server/fake_ntlm.c | 141 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 278 insertions(+), 2 deletions(-) create mode 100644 tests/data/test2005 create mode 100644 tests/server/fake_ntlm.c diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index 363c40628..ccaa8a36b 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -73,7 +73,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \ test1126 test1127 test1128 test1200 test1201 test1202 test1203 test1300 \ test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 \ -test1309 test2000 test2001 test2002 test2003 test2004 +test1309 test2000 test2001 test2002 test2003 test2004 test2005 EXTRA_DIST = $(TESTCASES) DISABLED diff --git a/tests/data/test2005 b/tests/data/test2005 new file mode 100644 index 000000000..36fb535b7 --- /dev/null +++ b/tests/data/test2005 @@ -0,0 +1,120 @@ + + + +HTTP +HTTP GET +HTTP NTLM auth + + +# Server-side + + + + + +HTTP/1.1 401 Now gimme that second request of crap +Server: Microsoft-IIS/5.0 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 34 +WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== + +This is not the real page either! + + +# This is supposed to be returned when the server gets the second +# Authorization: NTLM line passed-in from the client + +HTTP/1.1 200 Things are fine in server land swsclose +Server: Microsoft-IIS/5.0 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 32 + +Finally, this is the real page! + + + +HTTP/1.1 401 Now gimme that second request of crap +Server: Microsoft-IIS/5.0 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 34 +WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== + +HTTP/1.1 200 Things are fine in server land swsclose +Server: Microsoft-IIS/5.0 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 32 + +Finally, this is the real page! + + + + +# Client-side + + +NTLM_SSO + + +http + + +HTTP with NTLM single-sign-on authorization + + +# we force our own host name, in order to make the test machine independent +CURL_GETHOSTNAME=curlhost +# we try to use the LD_PRELOAD hack, if not a debug build +LD_PRELOAD=%PWD/libtest/.libs/libhostname.so +# set path to fake_auth instead of real ntlm_auth to generate NTLM type1 and type 3 messages +NTLM_AUTH=server/fake_ntlm + + +http://%HOSTIP:%HTTPPORT/2005 -u testuser:anypasswd --ntlm-sso + + +chkhostname curlhost + + + +# Verify data after the test has been "shot" + + +^User-Agent:.* + + +GET /2005 HTTP/1.1 +Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA +User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 +Host: %HOSTIP:%HTTPPORT +Accept: */* + +GET /2005 HTTP/1.1 +Authorization: NTLM TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ== +User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 +Host: %HOSTIP:%HTTPPORT +Accept: */* + + + +# Input and output (type 1 message) for fake_ntlm + + +YR + + +YR TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA + + +# Input and output (type 3 message) for fake_ntlm + + +TT TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== + + +KK TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ== + + + diff --git a/tests/runtests.pl b/tests/runtests.pl index 9a0c0714d..749840b51 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -203,6 +203,7 @@ my $has_ipv6; # set if libcurl is built with IPv6 support my $has_libz; # set if libcurl is built with libz support my $has_getrlimit; # set if system has getrlimit() my $has_ntlm; # set if libcurl is built with NTLM support +my $has_ntlm_sso; # set if libcurl is built with NTLM single-sign-on support my $has_charconv;# set if libcurl is built with CharConv support my $has_tls_srp; # set if libcurl is built with TLS-SRP support @@ -2172,6 +2173,10 @@ sub checksystem { # NTLM enabled $has_ntlm=1; } + if($feat =~ /NTLM_SSO/i) { + # NTLM single-sign-on enabled + $has_ntlm_sso=1; + } if($feat =~ /CharConv/i) { # CharConv enabled $has_charconv=1; @@ -2515,6 +2520,11 @@ sub singletest { next; } } + elsif($f eq "NTLM_SSO") { + if($has_ntlm_sso) { + next; + } + } elsif($f eq "getrlimit") { if($has_getrlimit) { next; diff --git a/tests/server/Makefile.inc b/tests/server/Makefile.inc index be3f06808..6b0ee72f0 100644 --- a/tests/server/Makefile.inc +++ b/tests/server/Makefile.inc @@ -1,4 +1,4 @@ -noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd +noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd fake_ntlm CURLX_SRCS = \ $(top_srcdir)/lib/mprintf.c \ @@ -63,3 +63,8 @@ tftpd_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \ tftp.h tftpd_LDADD = @TEST_SERVER_LIBS@ tftpd_CFLAGS = $(AM_CFLAGS) + +fake_ntlm_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \ + fake_ntlm.c +fake_ntlm_LDADD = @TEST_SERVER_LIBS@ +fake_ntlm_CFLAGS = $(AM_CFLAGS) diff --git a/tests/server/fake_ntlm.c b/tests/server/fake_ntlm.c new file mode 100644 index 000000000..624ec6b1c --- /dev/null +++ b/tests/server/fake_ntlm.c @@ -0,0 +1,141 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2010, Mandy Wu, + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* + * This is a fake ntlm_auth, which is used for testing NTLM single-sign-on. + * When DEBUGBUILD is defined, libcurl invoke this tool instead of real winbind + * daemon helper /usr/bin/ntlm_auth. This tool will accept commands and + * responses with a pre-written string saved in test case test2005. + */ + +#include +#include +#include + +#include "curlx.h" /* from the private lib dir */ +#include "getpart.h" +#include "util.h" + +#ifndef DEFAULT_LOGFILE +#define DEFAULT_LOGFILE "log/fake_ntlm.log" +#endif + +const char *serverlogfile = DEFAULT_LOGFILE; + +int main(void) +{ + char buf[1024]; + FILE *stream; + char *filename; + int error; + char *type1_input = NULL, *type3_input = NULL; + char *type1_output = NULL, *type3_output = NULL; + size_t size = 0; + + filename = test2file(2005); + stream=fopen(filename, "rb"); + if(!stream) { + error = ERRNO; + logmsg("fopen() failed with error: %d %s", error, strerror(error)); + logmsg("Error opening file: %s", filename); + logmsg("Couldn't open test file %ld", 2005); + exit(1); + } + else { + /* get the ntlm_auth input/output */ + error = getpart(&type1_input, &size, "ntlm_auth_type1", "input", stream); + fclose(stream); + if(error || size == 0) { + logmsg("getpart() type 1 input failed with error: %d", error); + exit(1); + } + } + + stream=fopen(filename, "rb"); + if(!stream) { + error = ERRNO; + logmsg("fopen() failed with error: %d %s", error, strerror(error)); + logmsg("Error opening file: %s", filename); + logmsg("Couldn't open test file %ld", 2005); + exit(1); + } + else { + size = 0; + error = getpart(&type3_input, &size, "ntlm_auth_type3", "input", stream); + fclose(stream); + if(error || size == 0) { + logmsg("getpart() type 3 input failed with error: %d", error); + exit(1); + } + } + + while(fgets(buf, 1024, stdin)) { + if(strcmp(buf, type1_input) == 0) { + stream=fopen(filename, "rb"); + if(!stream) { + error = ERRNO; + logmsg("fopen() failed with error: %d %s", error, strerror(error)); + logmsg("Error opening file: %s", filename); + logmsg("Couldn't open test file %ld", 2005); + exit(1); + } + else { + size = 0; + error = getpart(&type1_output, &size, "ntlm_auth_type1", "output", stream); + fclose(stream); + if(error || size == 0) { + logmsg("getpart() type 1 output failed with error: %d", error); + exit(1); + } + } + printf("%s", type1_output); + fflush(stdout); + } + else if(strncmp(buf, type3_input, strlen(type3_input)) == 0) { + stream=fopen(filename, "rb"); + if(!stream) { + error = ERRNO; + logmsg("fopen() failed with error: %d %s", error, strerror(error)); + logmsg("Error opening file: %s", filename); + logmsg("Couldn't open test file %ld", 2005); + exit(1); + } + else { + size = 0; + error = getpart(&type3_output, &size, "ntlm_auth_type3", "output", stream); + fclose(stream); + if(error || size == 0) { + logmsg("getpart() type 3 output failed with error: %d", error); + exit(1); + } + } + printf("%s", type3_output); + fflush(stdout); + } + else { + printf("Unknown request\n"); + logmsg("invalid input: %s\n", buf); + exit(1); + } + } + return 1; +}