From 89738a42b36d87ee218ad6e5f737664a003cbb6b Mon Sep 17 00:00:00 2001
From: Luiz Costa <luizgustavo@luizgustavo.pro.br>
Date: Sun, 22 Oct 2023 15:14:09 +0100
Subject: [PATCH] add ntlm_auth and debug init

---
 ntlm/ntlmv2.go | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/ntlm/ntlmv2.go b/ntlm/ntlmv2.go
index a7511f9..5830a9b 100644
--- a/ntlm/ntlmv2.go
+++ b/ntlm/ntlmv2.go
@@ -8,6 +8,7 @@ import (
 	"encoding/binary"
 	"fmt"
 	"log"
+	"os/exec"
 	"strings"
 	"time"
 
@@ -231,10 +232,6 @@ func (n *V2ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (e
 	n.workstation = am.Workstation.String()
 	log.Printf("(ProcessAuthenticateMessage) NTLM v2 User %s Domain %s Workstation %s", n.user, n.userDomain, n.workstation)
 
-	log.Printf("DEBUG: Show user complete info (from auth message): %v", am)
-
-	log.Printf("DEBUG: Password is showed as %s", n.password)
-
 	err = n.fetchResponseKeys()
 	if err != nil {
 		return err
@@ -248,6 +245,18 @@ func (n *V2ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (e
 		return err
 	}
 
+	// Execute ntlm_auth to check user auth
+	cmd := exec.Command("ntlm_auth", "--domain="+n.userDomain, "--username="+n.user, "--challenge="+string(n.challengeMessage.ServerChallenge), "--nt-response="+string(n.ntChallengeResponse))
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		fmt.Printf("Failed to execute command: %s\n", err)
+		return
+	}
+
+	log.Printf("DEBUG: challenge: %s\n", string(n.challengeMessage.ServerChallenge))
+	log.Printf("DEBUG: ntChallengeResponse: %s\n", string(n.ntChallengeResponse))
+	log.Printf("ntlm_auth Output: %s\n", output)
+
 	// Check user auth using LDAP
 	if n.password != "" {
 		_, err = authLdap(n.user, n.password)