07755: Webserver Authentication losing domain from username

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

07755	Bug reports	Authentication	public	2013-04-10 10:55	2013-08-16 13:54

Reporter	Andy_K	Assigned To	mdekker
Priority	normal	Severity	minor
Status	closed	Resolution	fixed
Product Version	2.00+
Target Version	2.05 RC	Fixed in Version	2.05 RC

Summary	07755: Webserver Authentication losing domain from username
Description	Upgrading from Version 1.90+ Build 9642 to Version 2.00+ Build 130325. Windows Server 2008 R2 IIS 7.5 PHP 5.4.11 We are installing fresh on a new server and new MySQL database with an import of the existing data, sowe are currently testing with the ability to make changes without harming the live system. Installing the new version and the upgrade of old data went fine. We are able to logon fine with the local account. Set auth_webserver to true and setup the IIS authentication on the relevant admin folders. Set auth_webserver_user_map to a shared Active Directory account to the local user. Logging in with the shared account will successfully be recognised as the local account. Logging in with an existing username from the old system will not be recognised. We did some digging and narrowed it down to the following: Webserver authentication works as the username is being passed along. The username is not being recognised as being in the existing user list. By getting it to output the user string at several points, the AD Domain is being stripped from the user string.
Additional Information	In the 1.9x version, the domain was kept intact so all the users are entered as DOMAIN\username If this was a new installation this would not cause a problem, as we could just enter users as username-only, but we have an existing user base with historical data that we wish to preserve. We were able to narrow it down to the following code fragment, lines 80 & 81 in UserIdentity.php if (strpos($sUser,"\")!==false) { `$sUser = substr($sUser, strrpos($sUser, "\\")+1);` These strip out the domain from the username string, meaning that the authenticated usernames no longer match those in the existing user list. We can get it to work by commenting out the lines but we are hesitant to go live with this approach as it could be affected by future updates.
Tags	No tags attached.

Bug heat	6
Complete LimeSurvey version number (& build)	130325
I will donate to the project if issue is resolved	No
Browser	IE9, Chrome, Firefox
Database type & version	MySQL 5.6
Server OS (if known)	Windows Server 2008 R2
Webserver software & version (if known)	IIS 7.5
PHP Version	PHP 5.4.11

User List	There are no users monitoring this issue.

DenisChenu 2013-04-12 12:20 developer ~24952	Menno : it's OK for you ?

mdekker 2013-04-16 10:41 reporter ~24962	In 2.05 we will have authentication plugins, I will make it a configuration switch to strip domain or not so current and previous behaviour will continue to work. If possible it would be great if you checked out the beta release of 2.05 (probably new release this week, wait for that one it should be beta 2). All feedback before release is welcome.

mdekker 2013-04-16 10:49 reporter ~24963	Fix committed to 2.05 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=12276

DenisChenu 2013-04-16 10:56 developer ~24964	mdekker : i don't use Webserver auth, but : what is the default in the last commit ? Think the default is best to strip_domain to on. Is there a way in plugin to have a "default" != false/0/null ? Denis

mdekker 2013-04-16 11:01 reporter ~24966	I am not sure about what default to choose, i left it at false so the domain won't be stripped unless explicitly marked in the plugin since that was original behaviour. The bugfix of restoring the functionality in 2.0 introduced different behaviour. I undo that with this plugin. It might be something to add to the release notes. In line 41 I read the setting, the last parameter is the default to use when not found.

c_schmitz 2013-08-16 13:54 administrator ~26018	2.05 beta 6 released

Date Modified	Username	Field	Change
2013-04-10 10:55	Andy_K	New Issue
2013-04-12 12:20	DenisChenu	Assigned To	=> mdekker
2013-04-12 12:20	DenisChenu	Status	new => assigned
2013-04-12 12:20	DenisChenu	Note Added: 24952
2013-04-16 10:41	mdekker	Note Added: 24962
2013-04-16 10:49	mdekker	Changeset attached	=> LimeSurvey 2.05 bd3fe498
2013-04-16 10:49	mdekker	Note Added: 24963
2013-04-16 10:49	mdekker	Resolution	open => fixed
2013-04-16 10:50	mdekker	Target Version	=> 2.05 RC
2013-04-16 10:50	mdekker	Description Updated
2013-04-16 10:56	DenisChenu	Note Added: 24964
2013-04-16 11:01	mdekker	Note Added: 24966
2013-04-25 09:39	mdekker	Status	assigned => resolved
2013-04-25 09:39	mdekker	Fixed in Version	=> 2.05 RC
2013-08-16 13:54	c_schmitz	Note Added: 26018
2013-08-16 13:54	c_schmitz	Status	resolved => closed

LimeSurvey: 2.05 bd3fe498 2013-04-16 08:47:59 mdekker Details Diff	Fixed 07755: Webserver Authentication losing domain from username dev: made it optional in the plugin		Affected Issues 07755
	mod - application/core/plugins/Authwebserver/Authwebserver.php		Diff File

View Issue Details

Users monitoring this issue

Activities

Related Changesets

Issue History