Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-88869

QAuthenticator hard-coded to HTTP in SPNEGO/Negotiate

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 6.4.0 Beta1
    • 5.15.2
    • Network: HTTP
    • None
    • Windows
    • Windows
    • 5
    • 576730f599 (qt/qtbase/dev) 576730f599 (qt/tqtc-qtbase/dev)
    • Team A Foundation Sprint 57

    Description

      I am connecting to a Windows Communication Foundation (WCF) web service, using QNetworkRequest.  I have a slot for QNetworkAccessManage::authenticationRequired, and am supplying credentials using the QAuthenticator in that slot.  Server replies back with HTTP 401 Unauthorized.  Also the HTTP headers from the server include "WWW-Authentication: Negotiate".  This is on a Windows client also, and uses the SSPI library (not GSSAPI).

      qauthenticator.cpp, around line 1631 looks like this:

      // Calculate target (SPN for Negotiate, empty for NTLM)
std::wstring targetNameW = (
        method == QAuthenticatorPrivate::Negotiate
        ? QLatin1String("HTTP/") + host
        : QString()
    ).toStdWString();

      The code then flows into a call to InitializeSecurityContext() and passes the targetNameW from above as a parameter.  The function call fails with SEC_E_WRONG_PRINCIPAL.  If I change the targetNameW to instead use QLatin1String("SPN/") + host, the call to InitializeSecurityContext() succeeds and the web service call works as expected.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            ivan.solovev Ivan Solovev
            jflatt Jason Flatt
            Vladimir Minenko Vladimir Minenko
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes