13 <!-- Alternate the order that Digest and NTLM headers appear in responses to
14 ensure that the order doesn't matter. -->
18 Explanation for the duplicate 400 requests:
20 libcurl doesn't detect that a given Digest password is wrong already on the
21 first 401 response (as the data400 gives). libcurl will instead consider the
22 new response just as a duplicate and it sends another and detects the auth
23 problem on the second 401 response!
28 <!-- First request has NTLM auth, wrong password -->
30 HTTP/1.1 401 Need Digest or NTLM auth
31 Server: Microsoft-IIS/5.0
32 Content-Type: text/html; charset=iso-8859-1
34 WWW-Authenticate: NTLM
35 WWW-Authenticate: Digest realm="testrealm", nonce="1"
37 This is not the real page!
41 HTTP/1.1 401 NTLM intermediate
42 Server: Microsoft-IIS/5.0
43 Content-Type: text/html; charset=iso-8859-1
45 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
47 This is still not the real page!
51 HTTP/1.1 401 Sorry wrong password
52 Server: Microsoft-IIS/5.0
53 Content-Type: text/html; charset=iso-8859-1
55 WWW-Authenticate: Digest realm="testrealm", nonce="2"
56 WWW-Authenticate: NTLM
58 This is a bad password page!
61 <!-- Second request has Digest auth, right password -->
63 HTTP/1.1 401 Need Digest or NTLM auth (2)
64 Server: Microsoft-IIS/5.0
65 Content-Type: text/html; charset=iso-8859-1
67 WWW-Authenticate: NTLM
68 WWW-Authenticate: Digest realm="testrealm", nonce="3"
70 This is not the real page!
74 HTTP/1.1 200 Things are fine in server land
75 Server: Microsoft-IIS/5.0
76 Content-Type: text/html; charset=iso-8859-1
79 Finally, this is the real page!
82 <!-- Third request has NTLM auth, wrong password -->
84 HTTP/1.1 401 Need Digest or NTLM auth (3)
85 Server: Microsoft-IIS/5.0
86 Content-Type: text/html; charset=iso-8859-1
88 WWW-Authenticate: Digest realm="testrealm", nonce="4"
89 WWW-Authenticate: NTLM
91 This is not the real page!
95 HTTP/1.1 401 NTLM intermediate (2)
96 Server: Microsoft-IIS/5.0
97 Content-Type: text/html; charset=iso-8859-1
99 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
101 This is still not the real page!
105 HTTP/1.1 401 Sorry wrong password (2)
106 Server: Microsoft-IIS/5.0
107 Content-Type: text/html; charset=iso-8859-1
109 WWW-Authenticate: NTLM
110 WWW-Authenticate: Digest realm="testrealm", nonce="5"
112 This is a bad password page!
115 <!-- Fourth request has Digest auth, wrong password -->
117 HTTP/1.1 401 Need Digest or NTLM auth (4)
118 Server: Microsoft-IIS/5.0
119 Content-Type: text/html; charset=iso-8859-1
121 WWW-Authenticate: Digest realm="testrealm", nonce="6"
122 WWW-Authenticate: NTLM
124 This is not the real page!
128 HTTP/1.1 401 Sorry wrong password (3)
129 Server: Microsoft-IIS/5.0
130 Content-Type: text/html; charset=iso-8859-1
132 WWW-Authenticate: NTLM
133 WWW-Authenticate: Digest realm="testrealm", nonce="7"
135 This is a bad password page!
138 <!-- Fifth request has Digest auth, right password -->
140 HTTP/1.1 401 Need Digest or NTLM auth (5)
141 Server: Microsoft-IIS/5.0
142 Content-Type: text/html; charset=iso-8859-1
144 WWW-Authenticate: Digest realm="testrealm", nonce="8"
145 WWW-Authenticate: NTLM
147 This is not the real page!
151 HTTP/1.1 200 Things are fine in server land (2)
152 Server: Microsoft-IIS/5.0
153 Content-Type: text/html; charset=iso-8859-1
156 Finally, this is the real page!
160 HTTP/1.1 401 NTLM intermediate
161 Server: Microsoft-IIS/5.0
162 Content-Type: text/html; charset=iso-8859-1
164 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
166 HTTP/1.1 401 Sorry wrong password
167 Server: Microsoft-IIS/5.0
168 Content-Type: text/html; charset=iso-8859-1
170 WWW-Authenticate: Digest realm="testrealm", nonce="2"
171 WWW-Authenticate: NTLM
173 This is a bad password page!
174 HTTP/1.1 200 Things are fine in server land
175 Server: Microsoft-IIS/5.0
176 Content-Type: text/html; charset=iso-8859-1
179 Finally, this is the real page!
180 HTTP/1.1 401 NTLM intermediate (2)
181 Server: Microsoft-IIS/5.0
182 Content-Type: text/html; charset=iso-8859-1
184 WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADAAAAAGggEAq6U1NAWaJCIAAAAAAAAAAAAAAAA4AAAATlRMTUF1dGg=
186 HTTP/1.1 401 Sorry wrong password (2)
187 Server: Microsoft-IIS/5.0
188 Content-Type: text/html; charset=iso-8859-1
190 WWW-Authenticate: NTLM
191 WWW-Authenticate: Digest realm="testrealm", nonce="5"
193 This is a bad password page!
194 HTTP/1.1 401 Sorry wrong password (3)
195 Server: Microsoft-IIS/5.0
196 Content-Type: text/html; charset=iso-8859-1
198 WWW-Authenticate: NTLM
199 WWW-Authenticate: Digest realm="testrealm", nonce="7"
201 HTTP/1.1 401 Sorry wrong password (3)
202 Server: Microsoft-IIS/5.0
203 Content-Type: text/html; charset=iso-8859-1
205 WWW-Authenticate: NTLM
206 WWW-Authenticate: Digest realm="testrealm", nonce="7"
208 This is a bad password page!
209 HTTP/1.1 200 Things are fine in server land (2)
210 Server: Microsoft-IIS/5.0
211 Content-Type: text/html; charset=iso-8859-1
214 Finally, this is the real page!
233 HTTP authorization retry (NTLM switching to Digest)
236 # we force our own host name, in order to make the test machine independent
237 CURL_GETHOSTNAME=curlhost
238 # we try to use the LD_PRELOAD hack, if not a debug build
239 LD_PRELOAD=%PWD/libtest/.libs/libhostname.so
242 http://%HOSTIP:%HTTPPORT/2030 ntlm digest
249 # Verify data after the test has been "shot"
255 GET /20300100 HTTP/1.1
256 Host: %HOSTIP:%HTTPPORT
257 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
260 GET /20300100 HTTP/1.1
261 Host: %HOSTIP:%HTTPPORT
262 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAABoIBANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q=
265 GET /20300200 HTTP/1.1
266 Host: %HOSTIP:%HTTPPORT
267 Authorization: Digest username="testuser", realm="testrealm", nonce="2", uri="/20300200", response="2f2d784ba53a0a307758a90e98d25c27"
270 GET /20300300 HTTP/1.1
271 Host: %HOSTIP:%HTTPPORT
272 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
275 GET /20300300 HTTP/1.1
276 Host: %HOSTIP:%HTTPPORT
277 Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAABoIBANgKEcT5xUUBHw5+0m4FjWTGNzg6PeHJHbaPwNwCt/tXcnIeTQCTMAg12SPDyNXMf3Rlc3R1c2VyY3VybGhvc3Q=
280 GET /20300400 HTTP/1.1
281 Host: %HOSTIP:%HTTPPORT
282 Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8"
285 GET /20300400 HTTP/1.1
286 Host: %HOSTIP:%HTTPPORT
287 Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8"
290 GET /20300500 HTTP/1.1
291 Host: %HOSTIP:%HTTPPORT
292 Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20300500", response="198757e61163a779cf24ed4c49c1ad7d"