@@ -69,6 +69,13 @@ abstract class AbstractAuthenticateMessageEncoder implements AuthenticateMessage
6969 */
7070 const LM_RESPONSE_LENGTH = 24 ;
7171
72+ /**
73+ * The separator used in usernames in the UPN (User Principal Name) format.
74+ *
75+ * @type string
76+ */
77+ const USER_PRINCIPAL_NAME_SEPARATOR = '@ ' ;
78+
7279
7380 /**
7481 * Properties
@@ -97,6 +104,35 @@ protected function __construct(EncodingConverterInterface $encoding_converter)
97104 $ this encoding_converter = $ encoding_converter
98105 }
99106
107+ /**
108+ * Identifies the "TargetName" of the intended authentication by inspecting
109+ * some of the authentication details.
110+ *
111+ * @param string $username The user's "username".
112+ * @param string $nt_domain The domain name of the NT user authenticating.
113+ * @param ServerChallenge $server_challenge The value of a decoded NTLM
114+ * server's "CHALLENGE_MESSAGE".
115+ * @return string The identified "TargetName" (domain/server name) of the
116+ * NT user authenticating.
117+ */
118+ public function identifyTargetName ($ username$ nt_domainServerChallenge $ server_challenge
119+ {
120+ // If a domain name wasn't supplied, fall back to the server challenge's supplied value
121+ $ target_name$ nt_domain$ server_challengegetTargetName ();
122+
123+ /**
124+ * If the username is in the "UPN" (Kerberos) format, the target name should be empty
125+ *
126+ * @link https://msdn.microsoft.com/en-us/library/windows/desktop/aa380525(v=vs.85).aspx
127+ * @link http://davenport.sourceforge.net/ntlm.html#nameVariations
128+ */
129+ if (strpos ($ usernamestatic ::USER_PRINCIPAL_NAME_SEPARATOR )) {
130+ $ target_name'' ;
131+ }
132+
133+ return $ target_name
134+ }
135+
100136 /**
101137 * Encodes the binary "AUTHENTICATE_MESSAGE" string from its provided parts.
102138 *
0 commit comments