ID: 47061
Comment by: php at planchon dot org
Reported By: php at planchon dot org
Status: Open
Bug Type: Apache related
Operating System: Debian
PHP Version: 6CVS-2009-01-10 (CVS)
New Comment:
The bug is an interaction between
main/main.c and sapi/apache2handler/sapi_apache2.c (and maybe other
connector)
sapi_apache2.c
472 auth = apr_table_get(r->headers_in, "Authorization");
473 php_handle_auth_data(auth TSRMLS_CC);
474 if (SG(request_info).auth_user == NULL && r->user) {
475 SG(request_info).auth_user = estrdup(r->user);
476 }
477 ctx->r->user = apr_pstrdup(ctx->r->pool,
SG(request_info).auth_user);
main.c do a correct work but sapi consider main knowing the world and
resetting user (line 477) according to auth mechanism made by main (line
473)
The user should be setting only if a real user has been set.
so the line 477 should look likes (not tested)
if( SG(request_info).auth_user && !ctx->r->user )
ctx->r->user = apr_pstrdup(ctx->r->pool,
SG(request_info).auth_user);
In fact I've detected this bug on my php 5.2.0 and check cvs from php5
and php6 to trace this bug.
Previous Comments:
------------------------------------------------------------------------
[2009-01-10 11:38:55] php at planchon dot org
Description:
------------
User is not logged in apache log when using an external authentication
method which not fake basic auth. This bug was introduced in with php
bugfix #22672 (apache bug #8500)
Reproduce code:
---------------
Use an external authentication method not based on Basic and Digest.
(NTLM or mod_auth_pubtkt) and call a php URI.
Expected result:
----------------
User appears in apache log
Actual result:
--------------
User in apache log is '-' which mean no user is logged
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=47061&edit=1
