From befb8267403ceb7c88a3f0008358b832c369ce53 Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Mon, 17 Mar 2025 09:30:04 +1100
Subject: [PATCH] more logging

---
 authenticate_message.go | 12 +++++++-----
 negotiator.go           |  6 ++++++
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/authenticate_message.go b/authenticate_message.go
index 2c9507c..e9a6d67 100644
--- a/authenticate_message.go
+++ b/authenticate_message.go
@@ -3,7 +3,6 @@ package ntlmssp
 import (
 	"bytes"
 	"crypto/rand"
-	"encoding/base64"
 	"encoding/binary"
 	"errors"
 	"time"
@@ -83,22 +82,22 @@ func (m authenicateMessage) MarshalBinary() ([]byte, error) {
 // that was received from the server
 func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byte, error) {
 	if user == "" && password == "" {
+		PrintDebug("User %s, Pass Length %d", user, len(password))
 		return nil, errors.New("Anonymous authentication not supported")
 	}
 
-	// debugging
-	PrintDebug("Received NTLM Type 2 Challenge: %s", base64.StdEncoding.EncodeToString(challengeMessageData))
-	DecodeNTLMMessage(challengeMessageData)
-
 	var cm challengeMessage
 	if err := cm.UnmarshalBinary(challengeMessageData); err != nil {
+		PrintDebug("Failed to unmarshal challenge data")
 		return nil, err
 	}
 
 	if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATELMKEY) {
+		PrintDebug("server requested NTLM v1")
 		return nil, errors.New("Only NTLM v2 is supported, but server requested v1 (NTLMSSP_NEGOTIATE_LM_KEY)")
 	}
 	if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEKEYEXCH) {
+		PrintDebug("Key exchange requested but not supported")
 		return nil, errors.New("Key exchange requested but not supported (NTLMSSP_NEGOTIATE_KEY_EXCH)")
 	}
 
@@ -120,6 +119,7 @@ func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byt
 	rand.Reader.Read(clientChallenge)
 
 	ntlmV2Hash := getNtlmV2Hash(password, user, cm.TargetName)
+	PrintDebug("NTLM V2 hash '%s'", ntlmV2Hash)
 
 	am.NtChallengeResponse = computeNtlmV2Response(ntlmV2Hash,
 		cm.ServerChallenge[:], clientChallenge, timestamp, cm.TargetInfoRaw)
@@ -129,5 +129,7 @@ func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byt
 			cm.ServerChallenge[:], clientChallenge)
 	}
 
+	PrintDebug("Challenge response: NT %s; LM %s", am.NtChallengeResponse, am.LmChallengeResponse)
+
 	return am.MarshalBinary()
 }
diff --git a/negotiator.go b/negotiator.go
index e3acede..f1353b6 100644
--- a/negotiator.go
+++ b/negotiator.go
@@ -121,8 +121,14 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		if err != nil {
 			return nil, err
 		}
+
+		// debugging
+		PrintDebug("Received NTLM Type 2 Challenge: %s", base64.StdEncoding.EncodeToString(challengeMessage))
+		DecodeNTLMMessage(challengeMessage)
+
 		if !(resauth.IsNegotiate() || resauth.IsNTLM()) || len(challengeMessage) == 0 {
 			// Negotiation failed, let client deal with response
+			PrintDebug("Negotiation failed")
 			return res, nil
 		}
 		io.Copy(io.Discard, res.Body)