mirror of
https://github.com/curl/curl.git
synced 2024-12-15 06:40:09 +08:00
67e9e3cb1e
In order to get Negotiate (SPNEGO) authentication to work in HTTP you used to be required to provide a (fake) user name (this concerned both curl and the lib) because the code wrongly only considered authentication if there was a user name provided, as in: curl -u : --negotiate https://example.com/ This commit leverages the `struct auth` want member to figure out if the user enabled CURLAUTH_NEGOTIATE, effectively removing the requirement of setting a user name both in curl and the lib. Signed-off-by: Marin Hannache <git@mareo.fr> Reported-by: Enrico Scholz Fixes https://sourceforge.net/p/curl/bugs/440/ Fixes #1161 Closes #9047
88 lines
2.1 KiB
Plaintext
88 lines
2.1 KiB
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTP
|
|
HTTP GET
|
|
HTTP Negotiate auth (stub ntlm)
|
|
</keywords>
|
|
</info>
|
|
# Server-side
|
|
<reply>
|
|
<!-- First request, expect 401 (ntlm challenge) -->
|
|
<data1>
|
|
HTTP/1.1 401 Authorization Required
|
|
Server: Microsoft-IIS/7.0
|
|
Content-Type: text/html; charset=iso-8859-1
|
|
WWW-Authenticate: Negotiate Qw==
|
|
Content-Length: 19
|
|
|
|
Still not yet sir!
|
|
</data1>
|
|
<!-- Second request, expect success -->
|
|
<data2>
|
|
HTTP/1.1 200 Things are fine in server land
|
|
Server: Microsoft-IIS/7.0
|
|
Content-Type: text/html; charset=iso-8859-1
|
|
WWW-Authenticate: Negotiate RA==
|
|
Content-Length: 15
|
|
|
|
Nice auth sir!
|
|
</data2>
|
|
<datacheck>
|
|
HTTP/1.1 401 Authorization Required
|
|
Server: Microsoft-IIS/7.0
|
|
Content-Type: text/html; charset=iso-8859-1
|
|
WWW-Authenticate: Negotiate Qw==
|
|
Content-Length: 19
|
|
|
|
HTTP/1.1 200 Things are fine in server land
|
|
Server: Microsoft-IIS/7.0
|
|
Content-Type: text/html; charset=iso-8859-1
|
|
WWW-Authenticate: Negotiate RA==
|
|
Content-Length: 15
|
|
|
|
Nice auth sir!
|
|
</datacheck>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
</server>
|
|
<name>
|
|
HTTP Negotiate authentication (stub ntlm)
|
|
</name>
|
|
<features>
|
|
GSS-API
|
|
ld_preload
|
|
!debug
|
|
</features>
|
|
<setenv>
|
|
LD_PRELOAD=%PWD/libtest/.libs/libstubgss.so
|
|
CURL_STUB_GSS_CREDS="NTLM_Alice"
|
|
</setenv>
|
|
<command>
|
|
--negotiate http://%HOSTIP:%HTTPPORT/%TESTNUMBER
|
|
</command>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<protocol>
|
|
GET /%TESTNUMBER HTTP/1.1
|
|
Host: %HOSTIP:%HTTPPORT
|
|
Authorization: Negotiate Ik5UTE1fQWxpY2UiOkhUVFBAMTI3LjAuMC4xOjI6QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ==
|
|
User-Agent: curl/%VERSION
|
|
Accept: */*
|
|
|
|
GET /%TESTNUMBER HTTP/1.1
|
|
Host: %HOSTIP:%HTTPPORT
|
|
Authorization: Negotiate Ik5UTE1fQWxpY2UiOkhUVFBAMTI3LjAuMC4xOjM6QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ==
|
|
User-Agent: curl/%VERSION
|
|
Accept: */*
|
|
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|