13 <!-- Alternate the order that Digest and NTLM headers appear in responses to
14 ensure that the order doesn't matter. -->
18 Explanation for the duplicate 400 requests:
20 libcurl doesn't detect that a given Digest password is wrong already on the
21 first 401 response (as the data400 gives). libcurl will instead consider the
22 new response just as a duplicate and it sends another and detects the auth
23 problem on the second 401 response!
28 <!-- First request has NTLM auth, wrong password -->
30 HTTP/1.1 401 Need Digest or NTLM auth
\r
31 Server: Microsoft-IIS/5.0
\r
32 Content-Type: text/html; charset=iso-8859-1
\r
34 WWW-Authenticate: NTLM
\r
35 WWW-Authenticate: Digest realm="testrealm", nonce="1"
\r
37 This is not the real page!
41 HTTP/1.1 401 NTLM intermediate
\r
42 Server: Microsoft-IIS/5.0
\r
43 Content-Type: text/html; charset=iso-8859-1
\r
45 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
\r
47 This is still not the real page!
51 HTTP/1.1 401 Sorry wrong password
\r
52 Server: Microsoft-IIS/5.0
\r
53 Content-Type: text/html; charset=iso-8859-1
\r
55 WWW-Authenticate: Digest realm="testrealm", nonce="2"
\r
56 WWW-Authenticate: NTLM
\r
58 This is a bad password page!
61 <!-- Second request has Digest auth, right password -->
63 HTTP/1.1 401 Need Digest or NTLM auth (2)
\r
64 Server: Microsoft-IIS/5.0
\r
65 Content-Type: text/html; charset=iso-8859-1
\r
67 WWW-Authenticate: NTLM
\r
68 WWW-Authenticate: Digest realm="testrealm", nonce="3"
\r
70 This is not the real page!
74 HTTP/1.1 200 Things are fine in server land
\r
75 Server: Microsoft-IIS/5.0
\r
76 Content-Type: text/html; charset=iso-8859-1
\r
79 Finally, this is the real page!
82 <!-- Third request has NTLM auth, wrong password -->
84 HTTP/1.1 401 Need Digest or NTLM auth (3)
\r
85 Server: Microsoft-IIS/5.0
\r
86 Content-Type: text/html; charset=iso-8859-1
\r
88 WWW-Authenticate: Digest realm="testrealm", nonce="4"
\r
89 WWW-Authenticate: NTLM
\r
91 This is not the real page!
95 HTTP/1.1 401 NTLM intermediate (2)
\r
96 Server: Microsoft-IIS/5.0
\r
97 Content-Type: text/html; charset=iso-8859-1
\r
99 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
\r
101 This is still not the real page!
105 HTTP/1.1 401 Sorry wrong password (2)
\r
106 Server: Microsoft-IIS/5.0
\r
107 Content-Type: text/html; charset=iso-8859-1
\r
109 WWW-Authenticate: NTLM
\r
110 WWW-Authenticate: Digest realm="testrealm", nonce="5"
\r
112 This is a bad password page!
115 <!-- Fourth request has Digest auth, wrong password -->
117 HTTP/1.1 401 Need Digest or NTLM auth (4)
\r
118 Server: Microsoft-IIS/5.0
\r
119 Content-Type: text/html; charset=iso-8859-1
\r
121 WWW-Authenticate: Digest realm="testrealm", nonce="6"
\r
122 WWW-Authenticate: NTLM
\r
124 This is not the real page!
128 HTTP/1.1 401 Sorry wrong password (3)
\r
129 Server: Microsoft-IIS/5.0
\r
130 Content-Type: text/html; charset=iso-8859-1
\r
132 WWW-Authenticate: NTLM
\r
133 WWW-Authenticate: Digest realm="testrealm", nonce="7"
\r
135 This is a bad password page!
138 <!-- Fifth request has Digest auth, right password -->
140 HTTP/1.1 401 Need Digest or NTLM auth (5)
\r
141 Server: Microsoft-IIS/5.0
\r
142 Content-Type: text/html; charset=iso-8859-1
\r
144 WWW-Authenticate: Digest realm="testrealm", nonce="8"
\r
145 WWW-Authenticate: NTLM
\r
147 This is not the real page!
151 HTTP/1.1 200 Things are fine in server land (2)
\r
152 Server: Microsoft-IIS/5.0
\r
153 Content-Type: text/html; charset=iso-8859-1
\r
156 Finally, this is the real page!
160 HTTP/1.1 401 NTLM intermediate
\r
161 Server: Microsoft-IIS/5.0
\r
162 Content-Type: text/html; charset=iso-8859-1
\r
164 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
\r
166 HTTP/1.1 401 Sorry wrong password
\r
167 Server: Microsoft-IIS/5.0
\r
168 Content-Type: text/html; charset=iso-8859-1
\r
170 WWW-Authenticate: Digest realm="testrealm", nonce="2"
\r
171 WWW-Authenticate: NTLM
\r
173 This is a bad password page!
174 HTTP/1.1 200 Things are fine in server land
\r
175 Server: Microsoft-IIS/5.0
\r
176 Content-Type: text/html; charset=iso-8859-1
\r
179 Finally, this is the real page!
180 HTTP/1.1 401 NTLM intermediate (2)
\r
181 Server: Microsoft-IIS/5.0
\r
182 Content-Type: text/html; charset=iso-8859-1
\r
184 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
\r
186 HTTP/1.1 401 Sorry wrong password (2)
\r
187 Server: Microsoft-IIS/5.0
\r
188 Content-Type: text/html; charset=iso-8859-1
\r
190 WWW-Authenticate: NTLM
\r
191 WWW-Authenticate: Digest realm="testrealm", nonce="5"
\r
193 This is a bad password page!
194 HTTP/1.1 401 Sorry wrong password (3)
\r
195 Server: Microsoft-IIS/5.0
\r
196 Content-Type: text/html; charset=iso-8859-1
\r
198 WWW-Authenticate: NTLM
\r
199 WWW-Authenticate: Digest realm="testrealm", nonce="7"
\r
201 HTTP/1.1 401 Sorry wrong password (3)
\r
202 Server: Microsoft-IIS/5.0
\r
203 Content-Type: text/html; charset=iso-8859-1
\r
205 WWW-Authenticate: NTLM
\r
206 WWW-Authenticate: Digest realm="testrealm", nonce="7"
\r
208 This is a bad password page!
209 HTTP/1.1 200 Things are fine in server land (2)
\r
210 Server: Microsoft-IIS/5.0
\r
211 Content-Type: text/html; charset=iso-8859-1
\r
214 Finally, this is the real page!
232 HTTP authorization retry (NTLM switching to Digest)
235 # we force our own host name, in order to make the test machine independent
236 CURL_GETHOSTNAME=curlhost
237 # we try to use the LD_PRELOAD hack, if not a debug build
238 LD_PRELOAD=%PWD/libtest/.libs/libhostname.so
241 http://%HOSTIP:%HTTPPORT/2030 ntlm digest
248 # Verify data after the test has been "shot"
254 GET /20300100 HTTP/1.1
\r
255 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
\r
256 Host: %HOSTIP:%HTTPPORT
\r
259 GET /20300100 HTTP/1.1
\r
260 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAABoIBANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q=
\r
261 Host: %HOSTIP:%HTTPPORT
\r
264 GET /20300200 HTTP/1.1
\r
265 Authorization: Digest username="testuser", realm="testrealm", nonce="2", uri="/20300200", response="2f2d784ba53a0a307758a90e98d25c27"
\r
266 Host: %HOSTIP:%HTTPPORT
\r
269 GET /20300300 HTTP/1.1
\r
270 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
\r
271 Host: %HOSTIP:%HTTPPORT
\r
274 GET /20300300 HTTP/1.1
\r
275 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAABoIBANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q=
\r
276 Host: %HOSTIP:%HTTPPORT
\r
279 GET /20300400 HTTP/1.1
\r
280 Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8"
\r
281 Host: %HOSTIP:%HTTPPORT
\r
284 GET /20300400 HTTP/1.1
\r
285 Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8"
\r
286 Host: %HOSTIP:%HTTPPORT
\r
289 GET /20300500 HTTP/1.1
\r
290 Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20300500", response="198757e61163a779cf24ed4c49c1ad7d"
\r
291 Host: %HOSTIP:%HTTPPORT
\r