Bump version to 5.11.0

2025-07-19 05:09:42 +02:00 · 2024-01-10 14:47:40 -05:00 · 2024-01-10 14:47:40 -05:00 · 510e1bd0bd
commit 510e1bd0bd
parent a32510b8e6
370 changed files with 18825 additions and 5454 deletions
--- a/vendor/github.com/Azure/go-ntlmssp/negotiator.go
+++ b/vendor/github.com/Azure/go-ntlmssp/negotiator.go
@ -10,15 +10,22 @@ import (
 )

 // GetDomain : parse domain name from based on slashes in the input
-func GetDomain(user string) (string, string) {
+// Need to check for upn as well
+func GetDomain(user string) (string, string, bool) {
 	domain := ""
+	domainNeeded := false

 	if strings.Contains(user, "\\") {
 		ucomponents := strings.SplitN(user, "\\", 2)
 		domain = ucomponents[0]
 		user = ucomponents[1]
+		domainNeeded = true
+	} else if strings.Contains(user, "@") {
+		domainNeeded = false
+	} else {
+		domainNeeded = true
 	}
-	return user, domain
+	return user, domain, domainNeeded
 }

 //Negotiator is a http.Roundtripper decorator that automatically
@ -34,10 +41,11 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		rt = http.DefaultTransport
 	}
 	// If it is not basic auth, just round trip the request as usual
-	reqauth := authheader(req.Header.Get("Authorization"))
+	reqauth := authheader(req.Header.Values("Authorization"))
 	if !reqauth.IsBasic() {
 		return rt.RoundTrip(req)
 	}
+	reqauthBasic := reqauth.Basic()
 	// Save request body
 	body := bytes.Buffer{}
 	if req.Body != nil {
@ -59,11 +67,10 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 	if res.StatusCode != http.StatusUnauthorized {
 		return res, err
 	}
-
-	resauth := authheader(res.Header.Get("Www-Authenticate"))
+	resauth := authheader(res.Header.Values("Www-Authenticate"))
 	if !resauth.IsNegotiate() && !resauth.IsNTLM() {
 		// Unauthorized, Negotiate not requested, let's try with basic auth
-		req.Header.Set("Authorization", string(reqauth))
+		req.Header.Set("Authorization", string(reqauthBasic))
 		io.Copy(ioutil.Discard, res.Body)
 		res.Body.Close()
 		req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes()))
@ -75,7 +82,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		if res.StatusCode != http.StatusUnauthorized {
 			return res, err
 		}
-		resauth = authheader(res.Header.Get("Www-Authenticate"))
+		resauth = authheader(res.Header.Values("Www-Authenticate"))
 	}

 	if resauth.IsNegotiate() || resauth.IsNTLM() {
@ -91,7 +98,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)

 		// get domain from username
 		domain := ""
-		u, domain = GetDomain(u)
+		u, domain, domainNeeded := GetDomain(u)

 		// send negotiate
 		negotiateMessage, err := NewNegotiateMessage(domain, "")
@ -112,7 +119,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		}

 		// receive challenge?
-		resauth = authheader(res.Header.Get("Www-Authenticate"))
+		resauth = authheader(res.Header.Values("Www-Authenticate"))
 		challengeMessage, err := resauth.GetData()
 		if err != nil {
 			return nil, err
@ -125,7 +132,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		res.Body.Close()

 		// send authenticate
-		authenticateMessage, err := ProcessChallenge(challengeMessage, u, p)
+		authenticateMessage, err := ProcessChallenge(challengeMessage, u, p, domainNeeded)
 		if err != nil {
 			return nil, err
 		}