support Apache’s REDIRECT_REMOTE_USER CGI env var

* In places where the CGI variable REMOTE_USER is read, support alternatively
  REDIRECT_REMOTE_USER, which is used by the Apache HTTPD Server instead, when a
  redirect was used.

Note: This alone is not enough yet, to fully support it in DAViCal. An analogous
      change (commit 29ddd89baaf65bda2560e51665a2e761abef4147) is necessary in
      AWL.

ChangeLog

@@ -1,3 +1,8 @@
+2013-03-25  Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
+	* In places where the CGI variable REMOTE_USER is read, support
+	  alternatively REDIRECT_REMOTE_USER, which is used by the Apache
+	  HTTPD Server instead, when a redirect was used.
+
 2013-03-23  Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
 	* Handle the content of the CGI AUTH_TYPE variable case-insensitively as
 	  defined by RFC 3875 Section 4.1.1.

debian/changelog

@@ -1,6 +1,6 @@
 davical (1.1.2-1) unstable; urgency=low
 
-  * New upstream release (closes:#702403, #703290, #703383, #703387)
+  * New upstream release (closes: #656395, #702403, #703290, #703383, #703387)
   * Updated the control file Vcs-* fields to the new addresses of the
     canonical git upstream repository.
 

inc/HTTPAuthSession.php

@@ -112,7 +112,8 @@ class HTTPAuthSession {
       }
     }
     else if ( isset($c->authenticate_hook['server_auth_type'])
-              && isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
+              && (  ( isset($_SERVER["REMOTE_USER"]) && !empty($_SERVER["REMOTE_USER"]) )  ||
+                    ( isset($_SERVER["REDIRECT_REMOTE_USER"]) && !empty($_SERVER["REDIRECT_REMOTE_USER"]) )  )   ) {
       if ( ( is_array($c->authenticate_hook['server_auth_type'])
                     && in_array( strtolower($_SERVER['AUTH_TYPE']), array_map('strtolower', $c->authenticate_hook['server_auth_type'])) )
          ||
@@ -122,7 +123,10 @@ class HTTPAuthSession {
         /**
         * The authentication has happened in the server, and we should accept it.
         */
-        $_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER'];
+        if (isset($_SERVER["REMOTE_USER"]))
+          $_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER'];
+        else
+          $_SERVER['PHP_AUTH_USER'] = $_SERVER['REDIRECT_REMOTE_USER'];
         $_SERVER['PHP_AUTH_PW'] = 'Externally Authenticated';
         if ( ! isset($c->authenticate_hook['call']) ) {
           /**

inc/drivers_ldap.php

@@ -205,9 +205,16 @@ class ldapDrivers
     $dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry));
 
     if ( isset($c->authenticate_hook['config']['i_use_mode_kerberos']) && $c->authenticate_hook['config']['i_use_mode_kerberos'] == "i_know_what_i_am_doing") {
-    	dbg_error_log( "LDAP", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REMOTE_USER"]);
-      if ($username != $_SERVER["REMOTE_USER"]) {
-        return false;
+      if (isset($_SERVER["REMOTE_USER"])) {
+        dbg_error_log( "LOG", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REMOTE_USER"]);
+        if ($username != $_SERVER["REMOTE_USER"]) {
+          return false;
+        }
+      } else {
+        dbg_error_log( "LOG", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REDIRECT_REMOTE_USER"]);
+        if ($username != $_SERVER["REDIRECT_REMOTE_USER"]) {
+          return false;
+        }
       }
     }
     else if ( empty($passwd) || preg_match('/[\x00-\x19]/',$passwd) ) {