Add support for SPNEGO/Negotiate authentication

This commit adds support for single-sign-on SPNEGO/Negotiate authentication to QAuthenticator, using SSPI on Windows and GSSAPI on other platforms (if KRB5 GSSAPI is available). [ChangeLog][QtNetwork][QAuthenticator] Add support for SPNEGO/Negotiate Task-number: QTBUG-4117 Change-Id: Ie246b887db3fd6201b7ed30b023feca292cd6530 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Sandro Mani <manisandro@gmail.com> 2018-07-12 10:27:36 +0200
committer: Sandro Mani <manisandro@gmail.com> 2019-02-25 15:22:23 +0000
commit: 93b7b0ec76572427291d8e2eef9a10eb499417a9 (patch)
tree: b05f09acdf850b5e15dcd6da4de838bd806009ef /src/network/access/qhttpnetworkconnection.cpp
parent: 36c2ceca955940e306abb966d1c768895ccf1014 (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/src/network/access/qhttpnetworkconnection.cpp b/src/network/access/qhttpnetworkconnection.cpp
index 681d84fee8..ee1e3cfb8f 100644
--- a/src/network/access/qhttpnetworkconnection.cpp
+++ b/src/network/access/qhttpnetworkconnection.cpp
@@ -398,11 +398,12 @@ void QHttpNetworkConnectionPrivate::copyCredentials(int fromChannel, QAuthentica
 {
     Q_ASSERT(auth);
 
-    // NTLM is a multi phase authentication. Copying credentials between authenticators would mess things up.
+    // NTLM and Negotiate do multi-phase authentication.
+    // Copying credentialsbetween authenticators would mess things up.
     if (fromChannel >= 0) {
-        if (!isProxy && channels[fromChannel].authMethod == QAuthenticatorPrivate::Ntlm)
-            return;
-        if (isProxy && channels[fromChannel].proxyAuthMethod == QAuthenticatorPrivate::Ntlm)
+        const QHttpNetworkConnectionChannel &channel = channels[fromChannel];
+        const QAuthenticatorPrivate::Method method = isProxy ? channel.proxyAuthMethod : channel.authMethod;
+        if (method == QAuthenticatorPrivate::Ntlm || method == QAuthenticatorPrivate::Negotiate)
             return;
     }
 
@@ -592,7 +593,7 @@ void QHttpNetworkConnectionPrivate::createAuthorization(QAbstractSocket *socket,
         if ((channels[i].authMethod != QAuthenticatorPrivate::Ntlm && request.headerField("Authorization").isEmpty()) || channels[i].lastStatus == 401) {
             QAuthenticatorPrivate *priv = QAuthenticatorPrivate::getPrivate(channels[i].authenticator);
             if (priv && priv->method != QAuthenticatorPrivate::None) {
-                QByteArray response = priv->calculateResponse(request.methodName(), request.uri(false));
+                QByteArray response = priv->calculateResponse(request.methodName(), request.uri(false), request.url().host());
                 request.setHeaderField("Authorization", response);
                 channels[i].authenticationCredentialsSent = true;
             }
@@ -604,7 +605,7 @@ void QHttpNetworkConnectionPrivate::createAuthorization(QAbstractSocket *socket,
         if (!(channels[i].proxyAuthMethod == QAuthenticatorPrivate::Ntlm && channels[i].lastStatus != 407)) {
             QAuthenticatorPrivate *priv = QAuthenticatorPrivate::getPrivate(channels[i].proxyAuthenticator);
             if (priv && priv->method != QAuthenticatorPrivate::None) {
-                QByteArray response = priv->calculateResponse(request.methodName(), request.uri(false));
+                QByteArray response = priv->calculateResponse(request.methodName(), request.uri(false), networkProxy.hostName());
                 request.setHeaderField("Proxy-Authorization", response);
                 channels[i].proxyCredentialsSent = true;
             }
author	Sandro Mani <manisandro@gmail.com>	2018-07-12 10:27:36 +0200
committer	Sandro Mani <manisandro@gmail.com>	2019-02-25 15:22:23 +0000
commit	93b7b0ec76572427291d8e2eef9a10eb499417a9 (patch)
tree	b05f09acdf850b5e15dcd6da4de838bd806009ef /src/network/access/qhttpnetworkconnection.cpp
parent	36c2ceca955940e306abb966d1c768895ccf1014 (diff)