be285cde3f
(http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash function in addition to the LM one and making some other adjustments in the order the different parts of the data block are sent in the Type-2 reply. Inspiration for this work was taken from the Firefox NTLM implementation. I edited the existing 21(!) NTLM test cases to run fine with these news. Due to the fact that we now properly include the host name in the Type-2 message the test cases now only compare parts of that chunk.
50 lines
1.1 KiB
Plaintext
50 lines
1.1 KiB
Plaintext
# Server-side
|
|
<reply>
|
|
<data1001 nocheck=1>
|
|
HTTP/1.0 407 BAD BOY
|
|
Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
|
|
Server: swsclose
|
|
Content-Type: text/html
|
|
|
|
Even though it's the response code that triggers authentication, we're
|
|
using NTLM and the server isn't, so we should fail. We know the server
|
|
isn't because there's no Proxy-Authorization: NTLM header
|
|
</data1001>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<features>
|
|
NTLM
|
|
</features>
|
|
<server>
|
|
http
|
|
</server>
|
|
<name>
|
|
HTTP GET asking for --proxy-ntlm when some other authentication is required
|
|
</name>
|
|
<command>
|
|
http://%HOSTIP:%HTTPPORT/162 --proxy http://%HOSTIP:%HTTPPORT --proxy-user foo:bar --proxy-ntlm --fail
|
|
</command>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<strip>
|
|
^User-Agent: curl/.*
|
|
</strip>
|
|
<protocol>
|
|
GET http://127.0.0.1:%HTTPPORT/162 HTTP/1.1
|
|
Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
|
|
User-Agent: curl/7.8.1-pre3 (sparc-sun-solaris2.7) libcurl 7.8.1-pre3 (OpenSSL 0.9.6a) (krb4 enabled)
|
|
Host: 127.0.0.1:%HTTPPORT
|
|
Pragma: no-cache
|
|
Accept: */*
|
|
Proxy-Connection: Keep-Alive
|
|
|
|
</protocol>
|
|
<errorcode>
|
|
22
|
|
</errorcode>
|
|
</verify>
|