#46005 [Opn]: [PATCH] User not consistently logged under Apache2

2008-12-17 Thread stas 
 ID:   46005
 Updated by:   s...@php.net
 Reported By:  admorten at umich dot edu
 Status:   Open
 Bug Type: Apache2 related
 Operating System: Linux 2.6.21.3
 PHP Version:  5.2.6
 New Comment:

It should definitely be estrdup, since SAPI.c uses efree to free it.


Previous Comments:


[2008-11-06 18:57:05] admorten at umich dot edu

Do you have a backtrace?



[2008-11-05 10:16:01] k at kelvinlim dot com

I encountered this bug as well, as our Apache configuration uses a
custom single sign-on authentication module.

admorten's patches successfully resolved the issue--but only after I
switched back to the use of estrdup.  apr_pstrdup does *not* work;
instead, it causes my Apache processes (prefork MPM) to segfault.



[2008-10-10 15:52:32] admorten at umich dot edu

I've updated both patches to use apr_pstrdup instead of estrdup when 
copying r->user into SG(request_info).auth_user, which is how the rest

of the request info is copied. URLs are still the same.



[2008-09-05 20:01:05] admorten at umich dot edu

Patch URLs got mangled. Shortened patch names:






[2008-09-05 19:57:04] admorten at umich dot edu

Description:

The apache2 handler and filter strip the user (r->user) from the 
request if there's no Authorization header in the request. This breaks

user logging for authorization filters like mod_auth_kerb, 
mod_authnz_ldap and mod_cosign, which do not use the Authorization 
header. The patches linked to below check to see r->user is set and 
ensures that the user remains attached to the request, which Apache2 
can then use to log the user properly.

This should fix the issues reported previously in bug #44631. The 
issue was partially fixed with the patch in bug #22672, but that patch

continued to rely on Authorization headers, and was only applied to 
the apache2 handler.

Patches (apply to 5.2.6):








-- 
Edit this bug report at http://bugs.php.net/?id=46005&edit=1

#46005 [Opn]: [PATCH] User not consistently logged under Apache2

2008-10-10 Thread admorten at umich dot edu 
 ID:   46005
 User updated by:  admorten at umich dot edu
 Reported By:  admorten at umich dot edu
 Status:   Open
 Bug Type: Apache2 related
 Operating System: Linux 2.6.21.3
 PHP Version:  5.2.6
 New Comment:

I've updated both patches to use apr_pstrdup instead of estrdup when 
copying r->user into SG(request_info).auth_user, which is how the rest

of the request info is copied. URLs are still the same.


Previous Comments:


[2008-09-05 20:01:05] admorten at umich dot edu

Patch URLs got mangled. Shortened patch names:






[2008-09-05 19:57:04] admorten at umich dot edu

Description:

The apache2 handler and filter strip the user (r->user) from the 
request if there's no Authorization header in the request. This breaks

user logging for authorization filters like mod_auth_kerb, 
mod_authnz_ldap and mod_cosign, which do not use the Authorization 
header. The patches linked to below check to see r->user is set and 
ensures that the user remains attached to the request, which Apache2 
can then use to log the user properly.

This should fix the issues reported previously in bug #44631. The 
issue was partially fixed with the patch in bug #22672, but that patch

continued to rely on Authorization headers, and was only applied to 
the apache2 handler.

Patches (apply to 5.2.6):








-- 
Edit this bug report at http://bugs.php.net/?id=46005&edit=1