tags 656395 + patch
stop

Hey Andrew.

The following patch should solve this. But please double check the
code :)


Chris.
* Should add support for the environment variable “REDIRECT_REMOTE_USER”
  which the Apache HTTPD Server sets instead of the environment variable
  “REMOTE_USER” when a redirect was made.
--- a/inc/HTTPAuthSession.php
+++ b/inc/HTTPAuthSession.php
@@ -112,7 +112,8 @@
       }
     }
     else if ( isset($c->authenticate_hook['server_auth_type'])
-              && isset($_SERVER["REMOTE_USER"]) && !empty($_SERVER["REMOTE_USER"])) {
+              && ( isset($_SERVER["REMOTE_USER"]) && !empty($_SERVER["REMOTE_USER"]) )  ||
+                 ( isset($_SERVER["REDIRECT_REMOTE_USER"]) && !empty($_SERVER["REDIRECT_REMOTE_USER"]) )  ) {
       if ( ( is_array($c->authenticate_hook['server_auth_type'])
                     && in_array($_SERVER['AUTH_TYPE'], $c->authenticate_hook['server_auth_type']) )
          ||
@@ -122,7 +123,10 @@
         /**
         * The authentication has happened in the server, and we should accept it.
         */
-        $_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER'];
+	if (isset($_SERVER["REMOTE_USER"]))
+        	$_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER'];
+	else
+        	$_SERVER['PHP_AUTH_USER'] = $_SERVER['REDIRECT_REMOTE_USER'];
         $_SERVER['PHP_AUTH_PW'] = 'Externally Authenticated';
         if ( ! isset($c->authenticate_hook['call']) ) {
           /**
--- a/inc/drivers_ldap.php
+++ b/inc/drivers_ldap.php
@@ -205,9 +205,16 @@
     $dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry));
 
     if ( isset($c->authenticate_hook['config']['i_use_mode_kerberos']) && $c->authenticate_hook['config']['i_use_mode_kerberos'] == "i_know_what_i_am_doing") {
-    	dbg_error_log( "LOG", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REMOTE_USER"]);
-      if ($username != $_SERVER["REMOTE_USER"]) {
-        return false;
+      if (isset($_SERVER["REMOTE_USER"])) {
+        dbg_error_log( "LOG", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REMOTE_USER"]);
+        if ($username != $_SERVER["REMOTE_USER"]) {
+          return false;
+        }
+      } else {
+        dbg_error_log( "LOG", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REDIRECT_REMOTE_USER"]);
+        if ($username != $_SERVER["REDIRECT_REMOTE_USER"]) {
+          return false;
+        }
       }
     }
     else if ( empty($passwd) || preg_match('/[\x00-\x19]/',$passwd) ) {

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to