|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2009-01-10 11:38 UTC] php at planchon dot org
Description: ------------ User is not logged in apache log when using an external authentication method which not fake basic auth. This bug was introduced in with php bugfix #22672 (apache bug #8500) Reproduce code: --------------- Use an external authentication method not based on Basic and Digest. (NTLM or mod_auth_pubtkt) and call a php URI. Expected result: ---------------- User appears in apache log Actual result: -------------- User in apache log is '-' which mean no user is logged PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 12:01:31 2024 UTC |
The bug is an interaction between main/main.c and sapi/apache2handler/sapi_apache2.c (and maybe other connector) sapi_apache2.c 472 auth = apr_table_get(r->headers_in, "Authorization"); 473 php_handle_auth_data(auth TSRMLS_CC); 474 if (SG(request_info).auth_user == NULL && r->user) { 475 SG(request_info).auth_user = estrdup(r->user); 476 } 477 ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user); main.c do a correct work but sapi consider main knowing the world and resetting user (line 477) according to auth mechanism made by main (line 473) The user should be setting only if a real user has been set. so the line 477 should look likes (not tested) if( SG(request_info).auth_user && !ctx->r->user ) ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user); In fact I've detected this bug on my php 5.2.0 and check cvs from php5 and php6 to trace this bug.