tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Autologin: Use REMOTE_USER for authentication 

It's not safe to rely on PHP_AUTH_USER and PHP_AUTH_TYPE because
PHP cgi handlers (fgcid for example) only set the REMOTE_USER environment variable
and the authentication type for negogiation methods (Kerberos for example) is neither
Basic nor Digest.
We may have to add REDIRECT_REMOTE_USER for authentication for proxy setups.
This commit is contained in:
Eric Lippmann 2014-06-11 14:47:15 +02:00
parent c09341d77e
commit 63fc8eb27e
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/Icinga/Authentication/Backend/AutoLoginBackend.php
View File

@ -53,11 +53,8 @@ class AutoLoginBackend extends UserBackend
*/
public function hasUser(User $user)
{
if (isset($_SERVER['PHP_AUTH_USER'])
&& isset($_SERVER['AUTH_TYPE'])
&& in_array($_SERVER['AUTH_TYPE'], array('Basic', 'Digest')) === true
) {
$username = $_SERVER['PHP_AUTH_USER'];
if (isset($_SERVER['REMOTE_USER'])) {
$username = $_SERVER['REMOTE_USER'];
if ($username !== false) {
if ($this->stripUsernameRegexp !== null) {