add check over ldap

ntlm/ntlmv2.go

@@ -6,10 +6,12 @@ import (
 	"bytes"
 	rc4P "crypto/rc4"
 	"encoding/binary"
-	"errors"
+	"fmt"
 	"log"
 	"strings"
 	"time"
+
+	"github.com/go-ldap/ldap/v3"
 )
 
 /*******************************
@@ -195,6 +197,28 @@ func (n *V2ServerSession) GenerateChallengeMessage() (cm *ChallengeMessage, err
 	return cm, nil
 }
 
+func authLdap(username, password string) (bool, error) {
+	// Conecte-se ao servidor LDAP
+	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "192.168.1.80", 389))
+	if err != nil {
+		return false, err
+	}
+	defer l.Close()
+
+	// Bind como o usuário para verificar suas credenciais
+	err = l.Bind(username, password)
+	if err != nil {
+		if ldap.IsErrorWithCode(err, ldap.LDAPResultInvalidCredentials) {
+			// As credenciais fornecidas são inválidas
+			return false, nil
+		}
+		// Ocorreu um erro inesperado
+		return false, err
+	}
+	// As credenciais são válidas
+	return true, nil
+}
+
 func (n *V2ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (err error) {
 	n.authenticateMessage = am
 	n.NegotiateFlags = am.NegotiateFlags
@@ -222,13 +246,10 @@ func (n *V2ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (e
 		return err
 	}
 
-	log.Printf("DEBUG: NTLM v2 Expected NTLM Response:\n%s\n\n", n.ntChallengeResponse)
-	log.Printf("DEBUG: Local NTLM Chanllenge:\n%s\n\n", am.NtChallengeResponseFields.Payload)
-
-	if !bytes.Equal(am.NtChallengeResponseFields.Payload, n.ntChallengeResponse) {
-		if !bytes.Equal(am.LmChallengeResponse.Payload, n.lmChallengeResponse) {
-			return errors.New("could not authenticate")
-		}
+	// Check user auth using LDAP
+	_, err = authLdap(n.user, n.password)
+	if err != nil {
+		return err
 	}
 
 	err = n.computeKeyExchangeKey()