Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-88869

QAuthenticator hard-coded to HTTP in SPNEGO/Negotiate

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: P2: Important
    • Resolution: Unresolved
    • Affects Version/s: 5.15.2
    • Fix Version/s: None
    • Component/s: Network: HTTP
    • Labels:
      None
    • Environment:
      Windows
    • Platform/s:
      Windows

      Description

      I am connecting to a Windows Communication Foundation (WCF) web service, using QNetworkRequest.  I have a slot for QNetworkAccessManage::authenticationRequired, and am supplying credentials using the QAuthenticator in that slot.  Server replies back with HTTP 401 Unauthorized.  Also the HTTP headers from the server include "WWW-Authentication: Negotiate".  This is on a Windows client also, and uses the SSPI library (not GSSAPI).

      qauthenticator.cpp, around line 1631 looks like this:

      // Calculate target (SPN for Negotiate, empty for NTLM)
      std::wstring targetNameW = (
              method == QAuthenticatorPrivate::Negotiate
              ? QLatin1String("HTTP/") + host
              : QString()
          ).toStdWString();
      

      The code then flows into a call to InitializeSecurityContext() and passes the targetNameW from above as a parameter.  The function call fails with SEC_E_WRONG_PRINCIPAL.  If I change the targetNameW to instead use QLatin1String("SPN/") + host, the call to InitializeSecurityContext() succeeds and the web service call works as expected.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            manordheim Mårten Nordheim
            Reporter:
            jflatt Jason Flatt
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Gerrit Reviews

                There are no open Gerrit changes