ID: 46005 Comment by: admorten at umich dot edu Reported By: admorten at umich dot edu Status: Open Bug Type: Apache2 related Operating System: Linux 2.6.21.3 PHP Version: 5.2.6 New Comment:
Do you have a backtrace? Previous Comments: ------------------------------------------------------------------------ [2008-11-05 10:16:01] k at kelvinlim dot com I encountered this bug as well, as our Apache configuration uses a custom single sign-on authentication module. admorten's patches successfully resolved the issue--but only after I switched back to the use of estrdup. apr_pstrdup does *not* work; instead, it causes my Apache processes (prefork MPM) to segfault. ------------------------------------------------------------------------ [2008-10-10 15:52:32] admorten at umich dot edu I've updated both patches to use apr_pstrdup instead of estrdup when copying r->user into SG(request_info).auth_user, which is how the rest of the request info is copied. URLs are still the same. ------------------------------------------------------------------------ [2008-09-05 20:01:05] admorten at umich dot edu Patch URLs got mangled. Shortened patch names: <http://rsug.itd.umich.edu/~admorten/apache2filter_user_logging.patch> <http://rsug.itd.umich.edu/~admorten/apache2handler_user_logging.patch> ------------------------------------------------------------------------ [2008-09-05 19:57:04] admorten at umich dot edu Description: ------------ The apache2 handler and filter strip the user (r->user) from the request if there's no Authorization header in the request. This breaks user logging for authorization filters like mod_auth_kerb, mod_authnz_ldap and mod_cosign, which do not use the Authorization header. The patches linked to below check to see r->user is set and ensures that the user remains attached to the request, which Apache2 can then use to log the user properly. This should fix the issues reported previously in bug #44631. The issue was partially fixed with the patch in bug #22672, but that patch continued to rely on Authorization headers, and was only applied to the apache2 handler. Patches (apply to 5.2.6): <http://rsug.itd.umich.edu/~admorten/sapi_apache2filter_user_logging_f ix.patch> <http://rsug.itd.umich.edu/~admorten/sapi_apache2handler_user_logging_ fix.patch> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46005&edit=1