be285cde3f
(http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash function in addition to the LM one and making some other adjustments in the order the different parts of the data block are sent in the Type-2 reply. Inspiration for this work was taken from the Firefox NTLM implementation. I edited the existing 21(!) NTLM test cases to run fine with these news. Due to the fact that we now properly include the host name in the Type-2 message the test cases now only compare parts of that chunk.
110 lines
3.9 KiB
Plaintext
110 lines
3.9 KiB
Plaintext
# Server-side
|
|
<reply>
|
|
|
|
# this is returned first since we get no proxy-auth
|
|
<data1001>
|
|
HTTP/1.0 407 Authorization Required to proxy me my dear
|
|
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
|
|
Content-Length: 1033
|
|
|
|
And you should ignore this data.
|
|
QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQz
|
|
</data1001>
|
|
|
|
# This is supposed to be returned when the server gets the second
|
|
# Authorization: NTLM line passed-in from the client
|
|
<data1002>
|
|
HTTP/1.1 200 Things are fine in proxy land
|
|
Server: Microsoft-IIS/5.0
|
|
Content-Type: text/html; charset=iso-8859-1
|
|
|
|
</data1002>
|
|
|
|
# this is returned when we get a GET!
|
|
<data2>
|
|
HTTP/1.1 200 OK
|
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
|
Content-Length: 7
|
|
Connection: close
|
|
Content-Type: text/html
|
|
Funny-head: yesyes
|
|
|
|
daniel
|
|
</data2>
|
|
|
|
# then this is returned when we get proxý-auth
|
|
<data1000>
|
|
HTTP/1.1 200 OK swsbounce
|
|
Server: no
|
|
|
|
Nice proxy auth sir!
|
|
</data1000>
|
|
|
|
<datacheck>
|
|
HTTP/1.0 407 Authorization Required to proxy me my dear
|
|
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
|
|
Content-Length: 1033
|
|
|
|
HTTP/1.1 200 Things are fine in proxy land
|
|
Server: Microsoft-IIS/5.0
|
|
Content-Type: text/html; charset=iso-8859-1
|
|
|
|
HTTP/1.1 200 OK
|
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
|
Content-Length: 7
|
|
Connection: close
|
|
Content-Type: text/html
|
|
Funny-head: yesyes
|
|
|
|
daniel
|
|
</datacheck>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
</server>
|
|
<features>
|
|
NTLM
|
|
</features>
|
|
<name>
|
|
HTTP proxy CONNECT auth NTLM and then POST, response-body in the 407
|
|
</name>
|
|
<command>
|
|
http://test.remote.server.com:265/path/2650002 --proxy http://%HOSTIP:%HTTPPORT --proxy-user silly:person --proxy-ntlm --proxytunnel -d "postit"
|
|
</command>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<strip>
|
|
^User-Agent: curl/.*
|
|
</strip>
|
|
# We strip off a large chunk of the type-2 NTLM message since it depends on
|
|
# the local host name and thus differs on different machines!
|
|
<strippart>
|
|
s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQAFAHAAAAA).*/$1/
|
|
</strippart)
|
|
<protocol nonewline=yes>
|
|
CONNECT test.remote.server.com:265 HTTP/1.0
|
|
Host: test.remote.server.com:265
|
|
Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
|
|
Proxy-Connection: Keep-Alive
|
|
|
|
CONNECT test.remote.server.com:265 HTTP/1.0
|
|
Host: test.remote.server.com:265
|
|
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQAFAHAAAAA
|
|
Proxy-Connection: Keep-Alive
|
|
|
|
POST /path/2650002 HTTP/1.1
|
|
User-Agent: curl/7.12.3-CVS (i686-pc-linux-gnu) libcurl/7.12.3-CVS OpenSSL/0.9.6b zlib/1.1.4
|
|
Host: test.remote.server.com:265
|
|
Accept: */*
|
|
Content-Length: 6
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
postit
|
|
</protocol>
|
|
</verify>
|