Skip to content

Commit

Permalink
Merge pull request #32 from tirupatibg/support_upn
Browse files Browse the repository at this point in the history 
Support for UPN
  • Loading branch information
@paulmey
paulmey authored Jun 21, 2022
2 parents 48547f2 + 6d48db3 commit cb9428e
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 5 deletions.
6 changes: 5 additions & 1 deletion authenticate_message.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func (m authenicateMessage) MarshalBinary() ([]byte, error) {

//ProcessChallenge crafts an AUTHENTICATE message in response to the CHALLENGE message
//that was received from the server
func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byte, error) {
func ProcessChallenge(challengeMessageData []byte, user, password string, domainNeeded bool) ([]byte, error) {
if user == "" && password == "" {
return nil, errors.New("Anonymous authentication not supported")
}
Expand All @@ -98,6 +98,10 @@ func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byt
if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEKEYEXCH) {
return nil, errors.New("Key exchange requested but not supported (NTLMSSP_NEGOTIATE_KEY_EXCH)")
}

if !domainNeeded {
cm.TargetName = ""
}

am := authenicateMessage{
UserName: user,
Expand Down
15 changes: 11 additions & 4 deletions negotiator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,22 @@ import (
)

// GetDomain : parse domain name from based on slashes in the input
func GetDomain(user string) (string, string) {
// Need to check for upn as well
func GetDomain(user string) (string, string, bool) {
domain := ""
domainNeeded := false

if strings.Contains(user, "\\") {
ucomponents := strings.SplitN(user, "\\", 2)
domain = ucomponents[0]
user = ucomponents[1]
domainNeeded = true
} else if strings.Contains(user, "@") {
domainNeeded = false
} else {
domainNeeded = true
}
return user, domain
return user, domain, domainNeeded
}

//Negotiator is a http.Roundtripper decorator that automatically
Expand Down Expand Up @@ -91,7 +98,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)

// get domain from username
domain := ""
u, domain = GetDomain(u)
u, domain, domainNeeded := GetDomain(u)

// send negotiate
negotiateMessage, err := NewNegotiateMessage(domain, "")
Expand Down Expand Up @@ -125,7 +132,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
res.Body.Close()

// send authenticate
authenticateMessage, err := ProcessChallenge(challengeMessage, u, p)
authenticateMessage, err := ProcessChallenge(challengeMessage, u, p, domainNeeded)
if err != nil {
return nil, err
}
Expand Down

0 comments on commit cb9428e

Please sign in to comment.