Azure · paulmey · Jun 21, 2022 · Jun 13, 2022 · Jun 13, 2022 · Jun 13, 2022
diff --git a/authenticate_message.go b/authenticate_message.go
@@ -82,7 +82,7 @@ func (m authenicateMessage) MarshalBinary() ([]byte, error) {
 
 //ProcessChallenge crafts an AUTHENTICATE message in response to the CHALLENGE message
 //that was received from the server
-func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byte, error) {
+func ProcessChallenge(challengeMessageData []byte, user, password string, domainNeeded bool) ([]byte, error) {
 	if user == "" && password == "" {
 		return nil, errors.New("Anonymous authentication not supported")
 	}
@@ -98,6 +98,10 @@ func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byt
 	if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEKEYEXCH) {
 		return nil, errors.New("Key exchange requested but not supported (NTLMSSP_NEGOTIATE_KEY_EXCH)")
 	}
+
+	if !domainNeeded {
+		cm.TargetName = ""
+	}
 
 	am := authenicateMessage{
 		UserName:       user,

diff --git a/negotiator.go b/negotiator.go
@@ -10,15 +10,22 @@ import (
 )
 
 // GetDomain : parse domain name from based on slashes in the input
-func GetDomain(user string) (string, string) {
+// Need to check for upn as well
+func GetDomain(user string) (string, string, bool) {
 	domain := ""
+	domainNeeded := false
 
 	if strings.Contains(user, "\\") {
 		ucomponents := strings.SplitN(user, "\\", 2)
 		domain = ucomponents[0]
 		user = ucomponents[1]
+		domainNeeded = true
+	} else if strings.Contains(user, "@") {
+		domainNeeded = false
+	} else {
+		domainNeeded = true
 	}
-	return user, domain
+	return user, domain, domainNeeded
 }
 
 //Negotiator is a http.Roundtripper decorator that automatically
@@ -91,7 +98,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 
 		// get domain from username
 		domain := ""
-		u, domain = GetDomain(u)
+		u, domain, domainNeeded := GetDomain(u)
 
 		// send negotiate
 		negotiateMessage, err := NewNegotiateMessage(domain, "")
@@ -125,7 +132,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		res.Body.Close()
 
 		// send authenticate
-		authenticateMessage, err := ProcessChallenge(challengeMessage, u, p)
+		authenticateMessage, err := ProcessChallenge(challengeMessage, u, p, domainNeeded)
 		if err != nil {
 			return nil, err
 		}