Spacen Jasset reported a problem with doing POST (with data read with a

callback) over a proxy when NTLM is used as auth with the proxy. The bug
also concerned Digest and was limited to using callback only. Spacen worked
with us to provide a useful patch. I added the test case 547 and 548 to
verify two variations of POST over proxy with NTLM.

3 files changed, 170 insertions, 4 deletions

diff --git a/tests/data/test547 b/tests/data/test547
new file mode 100644
index 000000000..7b0c7324d
--- /dev/null
+++ b/tests/data/test547
@@ -0,0 +1,131 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+POST callback
+HTTP proxy NTLM auth
+</keywords>
+</info>
+# Server-side
+<reply>
+
+<data>
+HTTP/1.1 407 Authorization Required swsclose

+Server: Apache/1.3.27 (Darwin) PHP/4.1.2

+Proxy-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"

+Proxy-Authenticate: Basic realm="gimme all yer s3cr3ts"

+Proxy-Authenticate: NTLM

+Content-Type: text/html; charset=iso-8859-1

+Connection: close

+

+This is not the real page
+</data>
+
+# this is returned first since we get no proxy-auth
+<data1001>
+HTTP/1.1 407 Authorization Required to proxy me my dear

+Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==

+Content-Length: 34

+

+Hey you, authenticate or go away!
+</data1001>
+
+# This is supposed to be returned when the server gets the second
+# Authorization: NTLM line passed-in from the client
+<data1002>
+HTTP/1.1 200 Things are fine in proxy land swsclose

+Server: Microsoft-IIS/5.0

+Content-Type: text/html; charset=iso-8859-1

+Content-Length: 42

+

+Contents of that page you requested, sir.
+</data1002>
+
+<datacheck>
+HTTP/1.1 407 Authorization Required swsclose

+Server: Apache/1.3.27 (Darwin) PHP/4.1.2

+Proxy-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"

+Proxy-Authenticate: Basic realm="gimme all yer s3cr3ts"

+Proxy-Authenticate: NTLM

+Content-Type: text/html; charset=iso-8859-1

+Connection: close

+

+HTTP/1.1 407 Authorization Required to proxy me my dear

+Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==

+Content-Length: 34

+

+HTTP/1.1 200 Things are fine in proxy land swsclose

+Server: Microsoft-IIS/5.0

+Content-Type: text/html; charset=iso-8859-1

+Content-Length: 42

+

+Contents of that page you requested, sir.
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+# tool to use
+<tool>
+lib547
+</tool>
+<features>
+NTLM
+</features>
+ <name>
+HTTP proxy auth NTLM with POST data from read callback
+ </name>
+ <command>
+http://test.remote.server.com/path/547 http://%HOSTIP:%HTTPPORT s1lly:pers0n
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent: curl/.*
+</strip>
+# We strip off a large chunk of the type-2 NTLM message since it depends on
+# the local host name and thus differs on different machines!
+<strippart>
+s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQAFAHAAAAA).*/$1/
+</strippart>
+<protocol>
+POST http://test.remote.server.com/path/547 HTTP/1.1

+User-Agent: curl/7.13.2-CVS (i686-pc-linux-gnu) libcurl/7.13.2-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13

+Host: test.remote.server.com

+Pragma: no-cache

+Accept: */*

+Proxy-Connection: Keep-Alive

+Content-Length: 36

+Content-Type: application/x-www-form-urlencoded

+

+this is the blurb we want to upload
+POST http://test.remote.server.com/path/547 HTTP/1.1

+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=

+User-Agent: curl/7.13.2-CVS (i686-pc-linux-gnu) libcurl/7.13.2-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13

+Host: test.remote.server.com

+Pragma: no-cache

+Accept: */*

+Proxy-Connection: Keep-Alive

+Content-Length: 0

+Content-Type: application/x-www-form-urlencoded

+

+POST http://test.remote.server.com/path/547 HTTP/1.1

+Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQAFAHAAAAA
+User-Agent: curl/7.13.2-CVS (i686-pc-linux-gnu) libcurl/7.13.2-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13

+Host: test.remote.server.com

+Pragma: no-cache

+Accept: */*

+Proxy-Connection: Keep-Alive

+Content-Length: 36

+Content-Type: application/x-www-form-urlencoded

+

+this is the blurb we want to upload
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test548 b/tests/data/test548
index 04a1a6396..5db476386 100644
--- a/tests/data/test548
+++ b/tests/data/test548
@@ -3,7 +3,6 @@
 <keywords>
 HTTP
 HTTP POST
---proxy-anyauth
 HTTP proxy NTLM auth
 </keywords>
 </info>
diff --git a/tests/libtest/lib547.c b/tests/libtest/lib547.c
index 0513911d6..2d4011213 100644
--- a/tests/libtest/lib547.c
+++ b/tests/libtest/lib547.c
@@ -20,21 +20,49 @@
 static size_t readcallback(void  *ptr,
                            size_t size,
                            size_t nmemb,
-                           void *stream)
+                           void *clientp)
 {
-  (void)stream; /* unused */
+  int *counter = (int *)clientp;
+
+  if(*counter) {
+    /* only do this once and then require a clearing of this */
+    fprintf(stderr, "READ ALREADY DONE!\n");
+    return 0;
+  }
+  (*counter)++; /* bump */
+
   if(size * nmemb > strlen(UPLOADTHIS)) {
+    fprintf(stderr, "READ!\n");
     strcpy(ptr, UPLOADTHIS);
     return strlen(UPLOADTHIS);
   }
+  fprintf(stderr, "READ NOT FINE!\n");
   return 0;
 }
+static curlioerr ioctlcallback(CURL *handle,
+                               int cmd,
+                               void *clientp)
+{
+  int *counter = (int *)clientp;
+  (void)handle; /* unused */
+  if(cmd == CURLIOCMD_RESTARTREAD) {
+    fprintf(stderr, "REWIND!\n");
+    *counter = 0; /* clear counter to make the read callback restart */
+  }
+  return CURLIOE_OK;
+}
+
+
+
 #endif
 
 int test(char *URL)
 {
   CURLcode res;
   CURL *curl;
+#ifndef LIB548
+  int counter=0;
+#endif
 
   if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
     fprintf(stderr, "curl_global_init() failed\n");
@@ -51,10 +79,18 @@ int test(char *URL)
   curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
   curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);
 #ifdef LIB548
+  /* set the data to POST with a mere pointer to a zero-terminated string */
   curl_easy_setopt(curl, CURLOPT_POSTFIELDS, UPLOADTHIS);
 #else
-  /* 547 style */
+  /* 547 style, which means reading the POST data from a callback */
+  curl_easy_setopt(curl, CURLOPT_IOCTLFUNCTION, ioctlcallback);
+  curl_easy_setopt(curl, CURLOPT_IOCTLDATA, &counter);
   curl_easy_setopt(curl, CURLOPT_READFUNCTION, readcallback);
+  curl_easy_setopt(curl, CURLOPT_READDATA, &counter);
+  /* TODO: We should be able to do the POST fine without setting the size
+     and we should do a test to verify that but until we do that we set
+     the size of the request-body */
+  curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, strlen(UPLOADTHIS));
 #endif
   curl_easy_setopt(curl, CURLOPT_POST, 1);
   curl_easy_setopt(curl, CURLOPT_PROXY, libtest_arg2);