Merge pull request #647 in ZP/z-push from...

Merge pull request #647 in ZP/z-push from bugfix/ZP-1353-check-user-vs-authuser-case-insensitive-for-log to develop * commit 'aa17e60b': ZP-1353 Check user vs authUser case-insensitive for log.

Merge pull request #647 in ZP/z-push from...
Merge pull request #647 in ZP/z-push from bugfix/ZP-1353-check-user-vs-authuser-case-insensitive-for-log to develop * commit 'aa17e60b': ZP-1353 Check user vs authUser case-insensitive for log.
9479c0d1 · Sebastian Kummer · 736493bb · aa17e60b · 9479c0d1 · 9479c0d1
Commit 9479c0d1 authored Feb 05, 2018 by Sebastian Kummer
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 7 deletions

filelog.php src/lib/log/filelog.php +3 -3

syslog.php src/lib/log/syslog.php +3 -3

requestprocessor.php src/lib/request/requestprocessor.php +1 -1

No files found.
--- a/src/lib/log/filelog.php
+++ b/src/lib/log/filelog.php
@@ -86,11 +86,11 @@ class FileLog extends Log {

        if ($includeUserDevice) {
            // when the users differ, we need to log both
-            if ($this->GetUser() != $this->GetAuthUser()) {
-                $log .= ' ['. $this->GetAuthUser() . Request::IMPERSONATE_DELIM . $this->GetUser() .']';
+            if (strcasecmp($this->GetAuthUser(), $this->GetUser()) == 0) {
+                $log .= ' ['. $this->GetUser() .']';
            }
            else {
-                $log .= ' ['. $this->GetUser() .']';
+                $log .= ' ['. $this->GetAuthUser() . Request::IMPERSONATE_DELIM . $this->GetUser() .']';
            }
        }
        if ($includeUserDevice && (LOGLEVEL >= LOGLEVEL_DEVICEID || (LOGUSERLEVEL >= LOGLEVEL_DEVICEID && $this->IsAuthUserInSpecialLogUsers()))) {

--- a/src/lib/log/syslog.php
+++ b/src/lib/log/syslog.php
@@ -167,11 +167,11 @@ class Syslog extends Log {
    public function BuildLogString($loglevel, $message, $includeUserDevice = true) {
        $log = $this->GetLogLevelString($loglevel); // Never pad syslog log because syslog log are usually read with a software.
        // when the users differ, we need to log both
-        if ($this->GetUser() != $this->GetAuthUser()) {
-            $log .= ' ['. $this->GetAuthUser() . Request::IMPERSONATE_DELIM . $this->GetUser() .']';
+        if (strcasecmp($this->GetAuthUser(), $this->GetUser()) == 0) {
+            $log .= ' ['. $this->GetUser() .']';
        }
        else {
-            $log .= ' ['. $this->GetUser() .']';
+            $log .= ' ['. $this->GetAuthUser() . Request::IMPERSONATE_DELIM . $this->GetUser() .']';
        }
        if ($loglevel >= LOGLEVEL_DEVICEID) {
            $log .= '['. $this->GetDevid() .']';

--- a/src/lib/request/requestprocessor.php
+++ b/src/lib/request/requestprocessor.php
@@ -60,7 +60,7 @@ abstract class RequestProcessor {
        if(defined("CERTIFICATE_OWNER_PARAMETER") && isset($_SERVER[CERTIFICATE_OWNER_PARAMETER]) && strtolower($_SERVER[CERTIFICATE_OWNER_PARAMETER]) != strtolower(Request::GetAuthUser()))
            throw new AuthenticationRequiredException(sprintf("Access denied. Access is allowed only for the certificate owner '%s'", $_SERVER[CERTIFICATE_OWNER_PARAMETER]));

-        if (Request::GetImpersonatedUser() && Request::GetAuthUser() != Request::GetImpersonatedUser()) {
+        if (Request::GetImpersonatedUser() && strcasecmp(Request::GetAuthUser(), Request::GetImpersonatedUser()) !== 0) {
            ZLog::Write(LOGLEVEL_DEBUG, sprintf("RequestProcessor->Authenticate(): Impersonation active - authenticating: '%s' - impersonating '%s'", Request::GetAuthUser(), Request::GetImpersonatedUser()));
        }