1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-13 13:05:03 -05:00

test 2027/2030: take duplicate Digest requests into account

With the reversion of ce8311c7e4 and the new clear logic, this flaw
is present and we allow it.
This commit is contained in:
Daniel Stenberg 2012-11-05 23:58:31 +01:00
parent 13ce9031cc
commit 8d97bed806
2 changed files with 46 additions and 10 deletions

View File

@ -9,6 +9,17 @@ HTTP Digest auth
# Server-side # Server-side
<reply> <reply>
<!--
Explanation for the duplicate 400 requests:
libcurl doesn't detect that a given Digest password is wrong already on the
first 401 response (as the data400 gives). libcurl will instead consider the
new response just as a duplicate and it sends another and detects the auth
problem on the second 401 response!
-->
<!-- First request has Digest auth, wrong password --> <!-- First request has Digest auth, wrong password -->
<data100> <data100>
HTTP/1.1 401 Need Digest auth HTTP/1.1 401 Need Digest auth
@ -93,16 +104,6 @@ This is a bad password page!
</data1400> </data1400>
<!-- Fifth request has Digest auth, right password --> <!-- Fifth request has Digest auth, right password -->
<data500>
HTTP/1.1 401 Need Digest auth (5)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 27
WWW-Authenticate: Digest realm="testrealm", nonce="8"
This is not the real page!
</data500>
<data1500> <data1500>
HTTP/1.1 200 Things are fine in server land (2) HTTP/1.1 200 Things are fine in server land (2)
Server: Microsoft-IIS/5.0 Server: Microsoft-IIS/5.0
@ -151,6 +152,12 @@ Content-Type: text/html; charset=iso-8859-1
Content-Length: 29 Content-Length: 29
WWW-Authenticate: Digest realm="testrealm", nonce="7" WWW-Authenticate: Digest realm="testrealm", nonce="7"
HTTP/1.1 401 Sorry wrong password (3)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Digest realm="testrealm", nonce="7"
This is a bad password page! This is a bad password page!
HTTP/1.1 200 Things are fine in server land (2) HTTP/1.1 200 Things are fine in server land (2)
Server: Microsoft-IIS/5.0 Server: Microsoft-IIS/5.0
@ -222,6 +229,11 @@ Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/2
Host: %HOSTIP:%HTTPPORT Host: %HOSTIP:%HTTPPORT
Accept: */* Accept: */*
GET /20270400 HTTP/1.1
Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20270400", response="f5906785511fb60a2af8b1cd53008ead"
Host: %HOSTIP:%HTTPPORT
Accept: */*
GET /20270500 HTTP/1.1 GET /20270500 HTTP/1.1
Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20270500", response="8ef4d935fd964a46c3965c0863b52cf1" Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20270500", response="8ef4d935fd964a46c3965c0863b52cf1"
Host: %HOSTIP:%HTTPPORT Host: %HOSTIP:%HTTPPORT

View File

@ -13,6 +13,18 @@ HTTP NTLM auth
<!-- Alternate the order that Digest and NTLM headers appear in responses to <!-- Alternate the order that Digest and NTLM headers appear in responses to
ensure that the order doesn't matter. --> ensure that the order doesn't matter. -->
<!--
Explanation for the duplicate 400 requests:
libcurl doesn't detect that a given Digest password is wrong already on the
first 401 response (as the data400 gives). libcurl will instead consider the
new response just as a duplicate and it sends another and detects the auth
problem on the second 401 response!
-->
<!-- First request has NTLM auth, wrong password --> <!-- First request has NTLM auth, wrong password -->
<data100> <data100>
HTTP/1.1 401 Need Digest or NTLM auth HTTP/1.1 401 Need Digest or NTLM auth
@ -186,6 +198,13 @@ Content-Length: 29
WWW-Authenticate: NTLM WWW-Authenticate: NTLM
WWW-Authenticate: Digest realm="testrealm", nonce="7" WWW-Authenticate: Digest realm="testrealm", nonce="7"
HTTP/1.1 401 Sorry wrong password (3)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: NTLM
WWW-Authenticate: Digest realm="testrealm", nonce="7"
This is a bad password page! This is a bad password page!
HTTP/1.1 200 Things are fine in server land (2) HTTP/1.1 200 Things are fine in server land (2)
Server: Microsoft-IIS/5.0 Server: Microsoft-IIS/5.0
@ -259,6 +278,11 @@ Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/2
Host: %HOSTIP:%HTTPPORT Host: %HOSTIP:%HTTPPORT
Accept: */* Accept: */*
GET /20300400 HTTP/1.1
Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8"
Host: %HOSTIP:%HTTPPORT
Accept: */*
GET /20300500 HTTP/1.1 GET /20300500 HTTP/1.1
Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20300500", response="198757e61163a779cf24ed4c49c1ad7d" Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20300500", response="198757e61163a779cf24ed4c49c1ad7d"
Host: %HOSTIP:%HTTPPORT Host: %HOSTIP:%HTTPPORT