From 8f40565efdf66ea0366c1860748831cd6991d1ce Mon Sep 17 00:00:00 2001
From: tirupatibg <tirupati.bonam@gmail.com>
Date: Mon, 13 Jun 2022 13:08:32 +0000
Subject: [PATCH 1/5] Added comment

---
 negotiator.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/negotiator.go b/negotiator.go
index a5a5f5b..c67b597 100644
--- a/negotiator.go
+++ b/negotiator.go
@@ -10,6 +10,7 @@ import (
 )
 
 // GetDomain : parse domain name from based on slashes in the input
+// Need to check for upn as well
 func GetDomain(user string) (string, string) {
 	domain := ""
 

From e74ac06fd1c036868de9247b149180cdc950171f Mon Sep 17 00:00:00 2001
From: tirupatibg <tirupati.bonam@gmail.com>
Date: Mon, 13 Jun 2022 13:15:25 +0000
Subject: [PATCH 2/5] Support UPN

---
 authenticate_message.go |  6 +++++-
 negotiator.go           | 15 ++++++++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/authenticate_message.go b/authenticate_message.go
index 1b0fe7d..ab183db 100644
--- a/authenticate_message.go
+++ b/authenticate_message.go
@@ -82,7 +82,7 @@ func (m authenicateMessage) MarshalBinary() ([]byte, error) {
 
 //ProcessChallenge crafts an AUTHENTICATE message in response to the CHALLENGE message
 //that was received from the server
-func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byte, error) {
+func ProcessChallenge(challengeMessageData []byte, user, password string, domainNeeded bool) ([]byte, error) {
 	if user == "" && password == "" {
 		return nil, errors.New("Anonymous authentication not supported")
 	}
@@ -98,6 +98,10 @@ func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byt
 	if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEKEYEXCH) {
 		return nil, errors.New("Key exchange requested but not supported (NTLMSSP_NEGOTIATE_KEY_EXCH)")
 	}
+	
+	if !domainNeeded {
+		cm.TargetName = ""
+	}
 
 	am := authenicateMessage{
 		UserName:       user,
diff --git a/negotiator.go b/negotiator.go
index c67b597..285bfe7 100644
--- a/negotiator.go
+++ b/negotiator.go
@@ -11,15 +11,20 @@ import (
 
 // GetDomain : parse domain name from based on slashes in the input
 // Need to check for upn as well
-func GetDomain(user string) (string, string) {
+func GetDomain(user string) (string, string, bool) {
 	domain := ""
+	domainNeeded := false
 
 	if strings.Contains(user, "\\") {
 		ucomponents := strings.SplitN(user, "\\", 2)
 		domain = ucomponents[0]
-		user = ucomponents[1]
+		domainNeeded = false
+	} else if strings.Contains(user, "@") {
+		domainNeeded = false
+	} else {
+		domainNeeded = true
 	}
-	return user, domain
+	return user, domain, domainNeeded
 }
 
 //Negotiator is a http.Roundtripper decorator that automatically
@@ -92,10 +97,10 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 
 		// get domain from username
 		domain := ""
-		u, domain = GetDomain(u)
+		u, domain, domainNeeded := GetDomain(u)
 
 		// send negotiate
-		negotiateMessage, err := NewNegotiateMessage(domain, "")
+		authenticateMessage, err := ProcessChallenge(challengeMessage, u, p, domainNeeded)
 		if err != nil {
 			return nil, err
 		}

From 0998ae72786d3552675f6b50ec5ad4c166e17816 Mon Sep 17 00:00:00 2001
From: tirupatibg <tirupati.bonam@gmail.com>
Date: Mon, 13 Jun 2022 13:32:19 +0000
Subject: [PATCH 3/5] Minor fix

---
 negotiator.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/negotiator.go b/negotiator.go
index 285bfe7..8d1b529 100644
--- a/negotiator.go
+++ b/negotiator.go
@@ -100,7 +100,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		u, domain, domainNeeded := GetDomain(u)
 
 		// send negotiate
-		authenticateMessage, err := ProcessChallenge(challengeMessage, u, p, domainNeeded)
+		negotiateMessage, err := NewNegotiateMessage(domain, "")
 		if err != nil {
 			return nil, err
 		}
@@ -131,7 +131,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		res.Body.Close()
 
 		// send authenticate
-		authenticateMessage, err := ProcessChallenge(challengeMessage, u, p)
+		authenticateMessage, err := ProcessChallenge(challengeMessage, u, p, domainNeeded)
 		if err != nil {
 			return nil, err
 		}

From f1d0756dc896f94356240095174ea9100f55545f Mon Sep 17 00:00:00 2001
From: tirupatibg <tirupati.bonam@gmail.com>
Date: Mon, 13 Jun 2022 14:17:23 +0000
Subject: [PATCH 4/5] Making domain true for SAM case

---
 negotiator.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/negotiator.go b/negotiator.go
index 8d1b529..eabf50a 100644
--- a/negotiator.go
+++ b/negotiator.go
@@ -18,7 +18,7 @@ func GetDomain(user string) (string, string, bool) {
 	if strings.Contains(user, "\\") {
 		ucomponents := strings.SplitN(user, "\\", 2)
 		domain = ucomponents[0]
-		domainNeeded = false
+		domainNeeded = true
 	} else if strings.Contains(user, "@") {
 		domainNeeded = false
 	} else {

From 6d48db3d3b6dd474ba639e87f4f4c527d70f1adf Mon Sep 17 00:00:00 2001
From: tirupatibg <tirupati.bonam@gmail.com>
Date: Mon, 13 Jun 2022 14:24:43 +0000
Subject: [PATCH 5/5] Fix SAM case

---
 negotiator.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/negotiator.go b/negotiator.go
index eabf50a..cce4955 100644
--- a/negotiator.go
+++ b/negotiator.go
@@ -18,6 +18,7 @@ func GetDomain(user string) (string, string, bool) {
 	if strings.Contains(user, "\\") {
 		ucomponents := strings.SplitN(user, "\\", 2)
 		domain = ucomponents[0]
+		user = ucomponents[1]
 		domainNeeded = true
 	} else if strings.Contains(user, "@") {
 		domainNeeded = false