php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47061 User not logged under Apache
Submitted: 2009-01-10 11:38 UTC Modified: 2011-11-15 23:08 UTC
Votes:4
Avg. Score:4.2 ± 0.4
Reproduced:2 of 3 (66.7%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: php at planchon dot org Assigned:
Status: Open Package: Apache related
PHP Version: 5.3, 5.4, trunk OS: Debian
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: php at planchon dot org
New email:
PHP Version: OS:

 

 [2009-01-10 11:38 UTC] php at planchon dot org
Description:
------------
User is not logged in apache log when using an external authentication method which not fake basic auth. This bug was introduced in with php bugfix #22672 (apache bug #8500)


Reproduce code:
---------------
Use an external authentication method not based on Basic and Digest. (NTLM or mod_auth_pubtkt) and call a php URI.

Expected result:
----------------
User appears in apache log

Actual result:
--------------
User in apache log is '-' which mean no user is logged

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-01-10 11:47 UTC] php at planchon dot org
The bug is an interaction between 
main/main.c and sapi/apache2handler/sapi_apache2.c (and maybe other connector)

sapi_apache2.c
472     auth = apr_table_get(r->headers_in, "Authorization");
473     php_handle_auth_data(auth TSRMLS_CC);
474     if (SG(request_info).auth_user == NULL && r->user) {
475         SG(request_info).auth_user = estrdup(r->user);
476     }
477     ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user);

main.c do a correct work but sapi consider main knowing the world and resetting user (line 477) according to auth mechanism made by main (line 473)

The user should be setting only if a real user has been set.
so the line 477 should look likes (not tested)
if( SG(request_info).auth_user && !ctx->r->user )
   ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user);

In fact I've detected this bug on my php 5.2.0 and check cvs from php5 and php6 to trace this bug.
 [2011-11-15 23:08 UTC] felipe@php.net
-PHP Version: 6CVS-2009-01-10 (CVS) +PHP Version: 5.3, 5.4, trunk
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 07 21:01:27 2024 UTC