ntlm: copy NTLM_HOSTNAME to host buffer

Commit 709ae2454f43 added a fake hostname to avoid leaking the local
hostname, but omitted copying it to the host buffer. Fix by copying
and

ntlm: copy NTLM_HOSTNAME to host buffer

Commit 709ae2454f43 added a fake hostname to avoid leaking the local
hostname, but omitted copying it to the host buffer. Fix by copying
and adjust the test fallout.

Closes: #8895
Fixes: #8893
Reported-by: Patrick Monnerat <patrick@monnerat.net>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

tests: update NTLM tests to use new host name

Also drop the debug requirement, remove the setenv sections, remove
prechecks and add NTLM to the top keywords.

Closes #8889

ntlm: fix negotiated flags usage

According to Microsoft document MS-NLMP, current flags usage is not
accurate: flag NTLMFLAG_NEGOTIATE_NTLM2_KEY controls the use of
extended security

ntlm: fix negotiated flags usage

According to Microsoft document MS-NLMP, current flags usage is not
accurate: flag NTLMFLAG_NEGOTIATE_NTLM2_KEY controls the use of
extended security in an NTLM authentication message and NTLM version 2
cannot be negotiated within the protocol.

The solution implemented here is: if the extended security flag is set,
prefer using NTLM version 2 (as a server featuring extended security
should also support version 2). If version 2 has been disabled at
compile time, use extended security.

Tests involving NTLM are adjusted to this new behavior.

Fixes #6813
Closes #6849

show more ...

tests: use %TESTNUMBER instead of fixed number

This makes the tests easier to copy and relocate to other test numbers
without having to update content.

Closes #6738

tests: fixup several tests

missing CRs and modified %hostip

lib556/test556: use a real HTTP version to make test reuse more convenient

make sure the weekday in Date headers

tests: fixup several tests

missing CRs and modified %hostip

lib556/test556: use a real HTTP version to make test reuse more convenient

make sure the weekday in Date headers matches the date

test61: replace stray "^M" (5e 4d) at the end of a cookie with a '^M' (0d)

Gets the test working with external proxies like Privoxy again.

Closes #6463

show more ...

runtests: provide curl's version string as %VERSION for tests

... so that we can check HTTP requests for User-Agent: curl/%VERSION

Update 600+ test cases accordingly.

Close

runtests: provide curl's version string as %VERSION for tests

... so that we can check HTTP requests for User-Agent: curl/%VERSION

Update 600+ test cases accordingly.

Closes #6037

show more ...

tests: Change NTLM tests to require SSL

Prior to this change tests that required NTLM feature did not require
SSL feature.

There are pending changes to cmake builds that will al

tests: Change NTLM tests to require SSL

Prior to this change tests that required NTLM feature did not require
SSL feature.

There are pending changes to cmake builds that will allow enabling NTLM
in non-SSL builds in Windows. In that case the NTLM auth strings created
are different from what is expected by the NTLM tests and they fail:

"The issue with NTLM is that previous non-SSL builds would not enable
NTLM and so the NTLM tests would be skipped."

Assisted-by: marc-groundctl@users.noreply.github.com

Ref: https://github.com/curl/curl/pull/4717#issuecomment-566218729

Closes https://github.com/curl/curl/pull/4768

show more ...

tests: use proxy feature

This makes the tests succeed when using --disable-proxy.

Closes https://github.com/curl/curl/pull/4488

ntlm: update selection of type 3 response

NTLM2 did not work i.e. no NTLMv2 response was created. Changing the
check seems to work.

Ref: https://winprotocoldoc.blob.core.windows

ntlm: update selection of type 3 response

NTLM2 did not work i.e. no NTLMv2 response was created. Changing the
check seems to work.

Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf

Fixes https://github.com/curl/curl/issues/3286
Closes https://github.com/curl/curl/pull/3287
Closes https://github.com/curl/curl/pull/3415

show more ...

tests: added missing keywords "chunked Transfer-Encoding"

tests: updated for modified fake random

Revert "Proxy-Connection: stop sending this header by default"

This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.

Proxy-Connection: stop sending this header by default

RFC 7230 says we should stop. Firefox already stopped.

Bug: https://github.com/curl/curl/issues/633
Reported-By: Brad Fitzp

Proxy-Connection: stop sending this header by default

RFC 7230 says we should stop. Firefox already stopped.

Bug: https://github.com/curl/curl/issues/633
Reported-By: Brad Fitzpatrick

Closes #633

show more ...

NTLM: set a fake entropy for debug builds with CURL_ENTROPY set

Curl_rand() will return a dummy and repatable random value for this
case. Makes it possible to write test cases that verif

NTLM: set a fake entropy for debug builds with CURL_ENTROPY set

Curl_rand() will return a dummy and repatable random value for this
case. Makes it possible to write test cases that verify output.

Also, fake timestamp with CURL_FORCETIME set.

Only when built debug enabled of course.

Curl_ssl_random() was not used anymore so it has been
removed. Curl_rand() is enough.

create_digest_md5_message: generate base64 instead of hex string

curl_sasl: also fix memory leaks in some OOM situations

show more ...

tests: Disabled NTLM tests for non-debug builds

Added required "debug" feature, missed in commit 1c9aaa0bac, as NTLMv2
calls Curl_rand() which can only be fixed to a specific entropy in

tests: Disabled NTLM tests for non-debug builds

Added required "debug" feature, missed in commit 1c9aaa0bac, as NTLMv2
calls Curl_rand() which can only be fixed to a specific entropy in
debug builds.

show more ...

tests: Updated NTLM tests for NTLMv2 type-3 message

tests: Disabled NTLM tests when running with SSPI enabled

test1509: verify proxy header response headers count

Modified sws to support and use custom CONNECT responses instead of the
previously naive hard-coded version. Made the HTTP test serve

test1509: verify proxy header response headers count

Modified sws to support and use custom CONNECT responses instead of the
previously naive hard-coded version. Made the HTTP test server able to
extract test case number from the host name in a CONNECT request by
finding the number after the last dot. It makes 'machine.moo.123' use
test case 123.

Adapted a larger amount of tests to the new <connect> style.

Bug: http://curl.haxx.se/bug/view.cgi?id=1204
Reported by: Martin Jansen

show more ...

connection-monitor: always log disconnect when enabled

This makes verifying easier and makes us more sure curl closes the
connection only at the correct point in time. Adjusted test 206

connection-monitor: always log disconnect when enabled

This makes verifying easier and makes us more sure curl closes the
connection only at the correct point in time. Adjusted test 206 and 1008
accordingly and updated the docs for it.

show more ...

tests: use connection-monitor and verify results

Test 1008 and 206 don't show the disconnect since it happens when SWS
awaits a new request, but 503 does and so the verify section needs

tests: use connection-monitor and verify results

Test 1008 and 206 don't show the disconnect since it happens when SWS
awaits a new request, but 503 does and so the verify section needs that
string added.

show more ...

tests: phase out haxx.se

Instead of using haxx.se as a fixed magic host name in lots of tests,
this is a first step to move toward the generic example.com host
instead.

Make the LD_PRELOAD path absolute in the tests that use it

In some situations, libtool will change directories and perform
a link step before executing the libtest test app. Since
LD

Make the LD_PRELOAD path absolute in the tests that use it

In some situations, libtool will change directories and perform
a link step before executing the libtest test app. Since
LD_PRELOAD is in effect for this entire process, the path to the
binary must be absolute so it will be valid no matter in which
directory the app is running.

show more ...

NTLM tests: boost coverage by forcing the hostname

A shared library tests/libtest/.libs/lihostname.so is preloaded in NTLM
test-cases to override the system implementation of gethostname

NTLM tests: boost coverage by forcing the hostname

A shared library tests/libtest/.libs/lihostname.so is preloaded in NTLM
test-cases to override the system implementation of gethostname(). It
makes it possible to test the NTLM authentication for exact match, and
this way test the implementation of MD4 and DES.

If LD_PRELOAD doesn't work, a debug build willl also workk as debug
builds are now made to prefer a specific environment variable and will
then return that content as host name instead of the actual one.

Kamil wrote the bulk of this, Daniel Stenberg polished it.

show more ...

Changed host name to be under the haxx.se domain

- Craig A West brought us: libcurl now defaults to do CONNECT with HTTP
version 1.1 instead of 1.0 like before. This change also introduces the new
proxy type for libcurl called 'CURLPROX

- Craig A West brought us: libcurl now defaults to do CONNECT with HTTP
version 1.1 instead of 1.0 like before. This change also introduces the new
proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to
switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0
option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0.

I updated all test cases cases that use CONNECT and I tried to do some using
--proxy1.0 and some updated to do CONNECT 1.1 to get both versions run.

show more ...