From 35e471013b4981869cb21aad30b5d324dcc35d70 Mon Sep 17 00:00:00 2001 From: Christoph Anton Mitterer Date: Mon, 25 Mar 2013 02:01:04 +0100 Subject: [PATCH] =?utf8?q?support=20Apache=E2=80=99s=20REDIRECT=5FREMOTE?= =?utf8?q?=5FUSER=20CGI=20env=20var?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit * In places where the CGI variable REMOTE_USER is read, support alternatively REDIRECT_REMOTE_USER, which is used by the Apache HTTPD Server instead, when a redirect was used. Note: This alone is not enough yet, to fully support it in DAViCal. An analogous change (commit 29ddd89baaf65bda2560e51665a2e761abef4147) is necessary in AWL. --- ChangeLog | 5 +++++ debian/changelog | 2 +- inc/HTTPAuthSession.php | 8 ++++++-- inc/drivers_ldap.php | 13 ++++++++++--- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index ba907cf7..4a0292d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2013-03-25 Christoph Anton Mitterer + * In places where the CGI variable REMOTE_USER is read, support + alternatively REDIRECT_REMOTE_USER, which is used by the Apache + HTTPD Server instead, when a redirect was used. + 2013-03-23 Christoph Anton Mitterer * Handle the content of the CGI AUTH_TYPE variable case-insensitively as defined by RFC 3875 Section 4.1.1. diff --git a/debian/changelog b/debian/changelog index ed742c3b..058ed940 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,6 @@ davical (1.1.2-1) unstable; urgency=low - * New upstream release (closes:#702403, #703290, #703383, #703387) + * New upstream release (closes: #656395, #702403, #703290, #703383, #703387) * Updated the control file Vcs-* fields to the new addresses of the canonical git upstream repository. diff --git a/inc/HTTPAuthSession.php b/inc/HTTPAuthSession.php index cee5d0b4..3e2bd2f6 100644 --- a/inc/HTTPAuthSession.php +++ b/inc/HTTPAuthSession.php @@ -112,7 +112,8 @@ class HTTPAuthSession { } } else if ( isset($c->authenticate_hook['server_auth_type']) - && isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) { + && ( ( isset($_SERVER["REMOTE_USER"]) && !empty($_SERVER["REMOTE_USER"]) ) || + ( isset($_SERVER["REDIRECT_REMOTE_USER"]) && !empty($_SERVER["REDIRECT_REMOTE_USER"]) ) ) ) { if ( ( is_array($c->authenticate_hook['server_auth_type']) && in_array( strtolower($_SERVER['AUTH_TYPE']), array_map('strtolower', $c->authenticate_hook['server_auth_type'])) ) || @@ -122,7 +123,10 @@ class HTTPAuthSession { /** * The authentication has happened in the server, and we should accept it. */ - $_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER']; + if (isset($_SERVER["REMOTE_USER"])) + $_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER']; + else + $_SERVER['PHP_AUTH_USER'] = $_SERVER['REDIRECT_REMOTE_USER']; $_SERVER['PHP_AUTH_PW'] = 'Externally Authenticated'; if ( ! isset($c->authenticate_hook['call']) ) { /** diff --git a/inc/drivers_ldap.php b/inc/drivers_ldap.php index d2c80147..a6665297 100644 --- a/inc/drivers_ldap.php +++ b/inc/drivers_ldap.php @@ -205,9 +205,16 @@ class ldapDrivers $dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry)); if ( isset($c->authenticate_hook['config']['i_use_mode_kerberos']) && $c->authenticate_hook['config']['i_use_mode_kerberos'] == "i_know_what_i_am_doing") { - dbg_error_log( "LDAP", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REMOTE_USER"]); - if ($username != $_SERVER["REMOTE_USER"]) { - return false; + if (isset($_SERVER["REMOTE_USER"])) { + dbg_error_log( "LOG", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REMOTE_USER"]); + if ($username != $_SERVER["REMOTE_USER"]) { + return false; + } + } else { + dbg_error_log( "LOG", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REDIRECT_REMOTE_USER"]); + if ($username != $_SERVER["REDIRECT_REMOTE_USER"]) { + return false; + } } } else if ( empty($passwd) || preg_match('/[\x00-\x19]/',$passwd) ) { -- 2.11.4.GIT