test2005: verify ntlm single-signon

2011-07-18 23:39:52 +02:00 · 2011-07-18 23:39:52 +02:00 · aa26c2751a
commit aa26c2751a
parent a6d4807d02
5 changed files with 278 additions and 2 deletions
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@ -73,7 +73,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117	\
 test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125	\
 test1126 test1127 test1128 test1200 test1201 test1202 test1203 test1300	\
 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308	\
-test1309 test2000 test2001 test2002 test2003 test2004
+test1309 test2000 test2001 test2002 test2003 test2004 test2005
 EXTRA_DIST = $(TESTCASES) DISABLED
--- a/tests/data/test2005
+++ b/tests/data/test2005
@ -0,0 +1,120 @@
 <testcase>
 <info>
 <keywords>
 HTTP
 HTTP GET
 HTTP NTLM auth
 </keywords>
 </info>
 # Server-side
 <reply>
 <!-- no <data> in this test since we have NTLM from the start
 This is supposed to be returned when the server gets a first
 Authorization: NTLM line passed-in from the client -->
 <data1001>
 HTTP/1.1 401 Now gimme that second request of crap
 Server: Microsoft-IIS/5.0
 Content-Type: text/html; charset=iso-8859-1
 Content-Length: 34
 WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
 This is not the real page either!
 </data1001>
 # This is supposed to be returned when the server gets the second
 # Authorization: NTLM line passed-in from the client
 <data1002>
 HTTP/1.1 200 Things are fine in server land swsclose
 Server: Microsoft-IIS/5.0
 Content-Type: text/html; charset=iso-8859-1
 Content-Length: 32
 Finally, this is the real page!
 </data1002>
 <datacheck>
 HTTP/1.1 401 Now gimme that second request of crap
 Server: Microsoft-IIS/5.0
 Content-Type: text/html; charset=iso-8859-1
 Content-Length: 34
 WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
 HTTP/1.1 200 Things are fine in server land swsclose
 Server: Microsoft-IIS/5.0
 Content-Type: text/html; charset=iso-8859-1
 Content-Length: 32
 Finally, this is the real page!
 </datacheck>
 </reply>
 # Client-side
 <client>
 <features>
 NTLM_SSO
 </features>
 <server>
 http
 </server>
 <name>
 HTTP with NTLM single-sign-on authorization
 </name>
 <setenv>
 # we force our own host name, in order to make the test machine independent
 CURL_GETHOSTNAME=curlhost
 # we try to use the LD_PRELOAD hack, if not a debug build
 LD_PRELOAD=%PWD/libtest/.libs/libhostname.so
 # set path to fake_auth instead of real ntlm_auth to generate NTLM type1 and type 3 messages
 NTLM_AUTH=server/fake_ntlm
 </setenv>
 <command>
 http://%HOSTIP:%HTTPPORT/2005 -u testuser:anypasswd --ntlm-sso
 </command>
 <precheck>
 chkhostname curlhost
 </precheck>
 </client>
 # Verify data after the test has been "shot"
 <verify>
 <strip>
 ^User-Agent:.*
 </strip>
 <protocol>
 GET /2005 HTTP/1.1
 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: %HOSTIP:%HTTPPORT
 Accept: */*
 GET /2005 HTTP/1.1
 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ==
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: %HOSTIP:%HTTPPORT
 Accept: */*
 </protocol>
 </verify>
 # Input and output (type 1 message) for fake_ntlm
 <ntlm_auth_type1>
 <input>
 YR
 </input>
 <output>
 YR TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA
 </output>
 </ntlm_auth_type1>
 # Input and output (type 3 message) for fake_ntlm
 <ntlm_auth_type3>
 <input>
 TT TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
 </input>
 <output>
 KK TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ==
 </output>
 </ntlm_auth_type3>
 </testcase>
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@ -203,6 +203,7 @@ my $has_ipv6;    # set if libcurl is built with IPv6 support
 my $has_libz;    # set if libcurl is built with libz support
 my $has_getrlimit;  # set if system has getrlimit()
 my $has_ntlm;    # set if libcurl is built with NTLM support
 my $has_ntlm_sso; # set if libcurl is built with NTLM single-sign-on support
 my $has_charconv;# set if libcurl is built with CharConv support
 my $has_tls_srp; # set if libcurl is built with TLS-SRP support
@ -2172,6 +2173,10 @@ sub checksystem {
                # NTLM enabled
                $has_ntlm=1;
            }
            if($feat =~ /NTLM_SSO/i) {
                # NTLM single-sign-on enabled
                $has_ntlm_sso=1;
            }
            if($feat =~ /CharConv/i) {
                # CharConv enabled
                $has_charconv=1;
@ -2515,6 +2520,11 @@ sub singletest {
                next;
            }
        }
        elsif($f eq "NTLM_SSO") {
            if($has_ntlm_sso) {
                next;
            }
        }
        elsif($f eq "getrlimit") {
            if($has_getrlimit) {
                next;
--- a/tests/server/Makefile.inc
+++ b/tests/server/Makefile.inc
@ -1,4 +1,4 @@
-noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd
+noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd fake_ntlm
 CURLX_SRCS = \
 $(top_srcdir)/lib/mprintf.c \
@ -63,3 +63,8 @@ tftpd_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \
 tftp.h
 tftpd_LDADD = @TEST_SERVER_LIBS@
 tftpd_CFLAGS = $(AM_CFLAGS)
 fake_ntlm_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \
 fake_ntlm.c
 fake_ntlm_LDADD = @TEST_SERVER_LIBS@
 fake_ntlm_CFLAGS = $(AM_CFLAGS)
--- a/tests/server/fake_ntlm.c
+++ b/tests/server/fake_ntlm.c
@ -0,0 +1,141 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2010, Mandy Wu, <mandy.wu@intel.com>
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /*
 * This is a fake ntlm_auth, which is used for testing NTLM single-sign-on.
 * When DEBUGBUILD is defined, libcurl invoke this tool instead of real winbind
 * daemon helper /usr/bin/ntlm_auth. This tool will accept commands and
 * responses with a pre-written string saved in test case test2005.
 */
 #include <stdio.h>
 #include <errno.h>
 #include <unistd.h>
 #include "curlx.h" /* from the private lib dir */
 #include "getpart.h"
 #include "util.h"
 #ifndef DEFAULT_LOGFILE
 #define DEFAULT_LOGFILE "log/fake_ntlm.log"
 #endif
 const char *serverlogfile = DEFAULT_LOGFILE;
 int main(void)
 {
  char buf[1024];
  FILE *stream;
  char *filename;
  int error;
  char *type1_input = NULL, *type3_input = NULL;
  char *type1_output = NULL, *type3_output = NULL;
  size_t size = 0;
  filename = test2file(2005);
  stream=fopen(filename, "rb");
  if(!stream) {
    error = ERRNO;
    logmsg("fopen() failed with error: %d %s", error, strerror(error));
    logmsg("Error opening file: %s", filename);
    logmsg("Couldn't open test file %ld", 2005);
    exit(1);
  }
  else {
    /* get the ntlm_auth input/output */
    error = getpart(&type1_input, &size, "ntlm_auth_type1", "input", stream);
    fclose(stream);
    if(error || size == 0) {
      logmsg("getpart() type 1 input failed with error: %d", error);
      exit(1);
    }
  }
  stream=fopen(filename, "rb");
  if(!stream) {
    error = ERRNO;
    logmsg("fopen() failed with error: %d %s", error, strerror(error));
    logmsg("Error opening file: %s", filename);
    logmsg("Couldn't open test file %ld", 2005);
    exit(1);
  }
  else {
    size = 0;
    error = getpart(&type3_input, &size, "ntlm_auth_type3", "input", stream);
    fclose(stream);
    if(error || size == 0) {
      logmsg("getpart() type 3 input failed with error: %d", error);
      exit(1);
    }
  }
  while(fgets(buf, 1024, stdin)) {
    if(strcmp(buf, type1_input) == 0) {
      stream=fopen(filename, "rb");
      if(!stream) {
        error = ERRNO;
        logmsg("fopen() failed with error: %d %s", error, strerror(error));
        logmsg("Error opening file: %s", filename);
        logmsg("Couldn't open test file %ld", 2005);
        exit(1);
      }
      else {
        size = 0;
        error = getpart(&type1_output, &size, "ntlm_auth_type1", "output", stream);
        fclose(stream);
        if(error || size == 0) {
          logmsg("getpart() type 1 output failed with error: %d", error);
          exit(1);
        }
      }
      printf("%s", type1_output);
      fflush(stdout);
    }
    else if(strncmp(buf, type3_input, strlen(type3_input)) == 0) {
      stream=fopen(filename, "rb");
      if(!stream) {
        error = ERRNO;
        logmsg("fopen() failed with error: %d %s", error, strerror(error));
        logmsg("Error opening file: %s", filename);
        logmsg("Couldn't open test file %ld", 2005);
        exit(1);
      }
      else {
        size = 0;
        error = getpart(&type3_output, &size, "ntlm_auth_type3", "output", stream);
        fclose(stream);
        if(error || size == 0) {
          logmsg("getpart() type 3 output failed with error: %d", error);
          exit(1);
        }
      }
      printf("%s", type3_output);
      fflush(stdout);
    }
    else {
      printf("Unknown request\n");
      logmsg("invalid input: %s\n", buf);
      exit(1);
    }
  }
  return 1;
 }