|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47061 User not logged under Apache
Submitted: 2009-01-10 11:38 UTC Modified: 2011-11-15 23:08 UTC
Avg. Score:4.2 ± 0.4
Reproduced:2 of 3 (66.7%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: php at planchon dot org Assigned:
Status: Open Package: Apache related
PHP Version: 5.3, 5.4, trunk OS: Debian
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: php at planchon dot org
New email:
PHP Version: OS:


 [2009-01-10 11:38 UTC] php at planchon dot org
User is not logged in apache log when using an external authentication method which not fake basic auth. This bug was introduced in with php bugfix #22672 (apache bug #8500)

Reproduce code:
Use an external authentication method not based on Basic and Digest. (NTLM or mod_auth_pubtkt) and call a php URI.

Expected result:
User appears in apache log

Actual result:
User in apache log is '-' which mean no user is logged


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-01-10 11:47 UTC] php at planchon dot org
The bug is an interaction between 
main/main.c and sapi/apache2handler/sapi_apache2.c (and maybe other connector)

472     auth = apr_table_get(r->headers_in, "Authorization");
473     php_handle_auth_data(auth TSRMLS_CC);
474     if (SG(request_info).auth_user == NULL && r->user) {
475         SG(request_info).auth_user = estrdup(r->user);
476     }
477     ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user);

main.c do a correct work but sapi consider main knowing the world and resetting user (line 477) according to auth mechanism made by main (line 473)

The user should be setting only if a real user has been set.
so the line 477 should look likes (not tested)
if( SG(request_info).auth_user && !ctx->r->user )
   ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user);

In fact I've detected this bug on my php 5.2.0 and check cvs from php5 and php6 to trace this bug.
 [2011-11-15 23:08 UTC]
-PHP Version: 6CVS-2009-01-10 (CVS) +PHP Version: 5.3, 5.4, trunk
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Dec 06 07:01:27 2023 UTC