diff options
author | Ivan Solovev <ivan.solovev@qt.io> | 2022-05-16 18:33:42 +0200 |
---|---|---|
committer | Ivan Solovev <ivan.solovev@qt.io> | 2022-05-24 03:10:10 +0200 |
commit | 576730f599a46320bbfbcee1a4c4978b39d8fd7e (patch) | |
tree | 8361c59748917b27ad4ddbf05a485bcd547c8167 /src/network/kernel | |
parent | f569acd6ae69532a71c7022105d765dbf222c122 (diff) |
QAuthenticator: allow to set custom SPN for Windows client
A new option is added for SPNEGO/Negotiate authentication with
SSPI backend to customize the SPN that is used during the procedure.
Fixes: QTBUG-88869
Change-Id: If034ef451a61593445d8e79e7f82b9d3610ed653
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/network/kernel')
-rw-r--r-- | src/network/kernel/qauthenticator.cpp | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/src/network/kernel/qauthenticator.cpp b/src/network/kernel/qauthenticator.cpp index 795ff9f5f0..3b8aacebeb 100644 --- a/src/network/kernel/qauthenticator.cpp +++ b/src/network/kernel/qauthenticator.cpp @@ -119,7 +119,28 @@ static QByteArray qGssapiContinue(QAuthenticatorPrivate *ctx, QByteArrayView cha \section2 SPNEGO/Negotiate - This authentication mechanism currently supports no incoming or outgoing options. + \table + \header + \li Option + \li Direction + \li Type + \li Description + \row + \li \tt{spn} + \li Outgoing + \li QString + \li Provides a custom SPN. + \endtable + + This authentication mechanism currently supports no incoming options. + + The \c{spn} property is used on Windows clients when an SSPI library is used. + If the property is not set, a default SPN will be used. The default SPN on + Windows is \c {HTTP/<hostname>}. + + Other operating systems use GSSAPI libraries. For that it is expected that + KDC is set up, and the credentials can be fetched from it. The backend always + uses \c {HTTPS@<hostname>} as an SPN. \sa QSslSocket */ @@ -1623,8 +1644,11 @@ static QByteArray qSspiContinue(QAuthenticatorPrivate *ctx, QAuthenticatorPrivat responseBuf.cbBuffer = 0; // Calculate target (SPN for Negotiate, empty for NTLM) - std::wstring targetNameW = (method == QAuthenticatorPrivate::Negotiate - ? "HTTP/"_L1 + host : QString()).toStdWString(); + QString targetName = ctx->options.value("spn"_L1).toString(); + if (targetName.isEmpty()) + targetName = "HTTP/"_L1 + host; + const std::wstring targetNameW = (method == QAuthenticatorPrivate::Negotiate + ? targetName : QString()).toStdWString(); // Generate our challenge-response message SECURITY_STATUS secStatus = pSecurityFunctionTable->InitializeSecurityContext( |