diff options
Diffstat (limited to 'src/network/kernel')
-rw-r--r-- | src/network/kernel/qauthenticator.cpp | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/src/network/kernel/qauthenticator.cpp b/src/network/kernel/qauthenticator.cpp index 795ff9f5f0..3b8aacebeb 100644 --- a/src/network/kernel/qauthenticator.cpp +++ b/src/network/kernel/qauthenticator.cpp @@ -119,7 +119,28 @@ static QByteArray qGssapiContinue(QAuthenticatorPrivate *ctx, QByteArrayView cha \section2 SPNEGO/Negotiate - This authentication mechanism currently supports no incoming or outgoing options. + \table + \header + \li Option + \li Direction + \li Type + \li Description + \row + \li \tt{spn} + \li Outgoing + \li QString + \li Provides a custom SPN. + \endtable + + This authentication mechanism currently supports no incoming options. + + The \c{spn} property is used on Windows clients when an SSPI library is used. + If the property is not set, a default SPN will be used. The default SPN on + Windows is \c {HTTP/<hostname>}. + + Other operating systems use GSSAPI libraries. For that it is expected that + KDC is set up, and the credentials can be fetched from it. The backend always + uses \c {HTTPS@<hostname>} as an SPN. \sa QSslSocket */ @@ -1623,8 +1644,11 @@ static QByteArray qSspiContinue(QAuthenticatorPrivate *ctx, QAuthenticatorPrivat responseBuf.cbBuffer = 0; // Calculate target (SPN for Negotiate, empty for NTLM) - std::wstring targetNameW = (method == QAuthenticatorPrivate::Negotiate - ? "HTTP/"_L1 + host : QString()).toStdWString(); + QString targetName = ctx->options.value("spn"_L1).toString(); + if (targetName.isEmpty()) + targetName = "HTTP/"_L1 + host; + const std::wstring targetNameW = (method == QAuthenticatorPrivate::Negotiate + ? targetName : QString()).toStdWString(); // Generate our challenge-response message SECURITY_STATUS secStatus = pSecurityFunctionTable->InitializeSecurityContext( |