|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47061 User not logged under Apache
Submitted: 2009-01-10 11:38 UTC Modified: 2011-11-15 23:08 UTC
Avg. Score:4.2 ± 0.4
Reproduced:2 of 3 (66.7%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: php at planchon dot org Assigned:
Status: Open Package: Apache related
PHP Version: 5.3, 5.4, trunk OS: Debian
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: php at planchon dot org
New email:
PHP Version: OS:


 [2009-01-10 11:38 UTC] php at planchon dot org
User is not logged in apache log when using an external authentication method which not fake basic auth. This bug was introduced in with php bugfix #22672 (apache bug #8500)

Reproduce code:
Use an external authentication method not based on Basic and Digest. (NTLM or mod_auth_pubtkt) and call a php URI.

Expected result:
User appears in apache log

Actual result:
User in apache log is '-' which mean no user is logged


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-01-10 11:47 UTC] php at planchon dot org
The bug is an interaction between 
main/main.c and sapi/apache2handler/sapi_apache2.c (and maybe other connector)

472     auth = apr_table_get(r->headers_in, "Authorization");
473     php_handle_auth_data(auth TSRMLS_CC);
474     if (SG(request_info).auth_user == NULL && r->user) {
475         SG(request_info).auth_user = estrdup(r->user);
476     }
477     ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user);

main.c do a correct work but sapi consider main knowing the world and resetting user (line 477) according to auth mechanism made by main (line 473)

The user should be setting only if a real user has been set.
so the line 477 should look likes (not tested)
if( SG(request_info).auth_user && !ctx->r->user )
   ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user);

In fact I've detected this bug on my php 5.2.0 and check cvs from php5 and php6 to trace this bug.
 [2011-11-15 23:08 UTC]
-PHP Version: 6CVS-2009-01-10 (CVS) +PHP Version: 5.3, 5.4, trunk
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Oct 01 03:01:25 2023 UTC