--- trunk/webservices/ELOG/elog-2.9.0/src/elogd.c	2011/10/20 14:36:27	3247
+++ trunk/webservices/ELOG/elog-2.9.0/src/elogd.c	2012/01/30 08:14:32	4130
@@ -37,6 +37,7 @@
 char listen_interface[256];
 char theme_name[80];
 char http_host[256];
+char http_user[256];
 
 char _param[MAX_PARAM][NAME_LENGTH];
 char _value[MAX_PARAM][NAME_LENGTH];
@@ -8534,7 +8535,7 @@
    if (old_pwd[0] || new_pwd[0]) {
       if (user[0]) {
 
-         if (stristr(auth, "Kerberos")) {
+         if (stristr(auth, "Kerberos") || stristr(auth, "Webserver")) {
             if (strcmp(new_pwd, new_pwd2) != 0)
                wrong_pwd = 2;
          } else {
@@ -12677,6 +12679,12 @@
       return 0;
    }
 
+   /* if we have outsourced the authentication, use external username */
+   getcfg(lbs->name, "Authentication", str, sizeof(str));
+   if ( stristr(str, "Webserver")) {
+       strncpy(user,http_user,sizeof(user));
+   }
+
    /* check for full name */
    if (!isparam("new_full_name") || *getparam("new_full_name") == 0) {
       sprintf(str, loc("Please enter \"%s\""), loc("Full name"));
@@ -13247,7 +13255,7 @@
    rsprintf("<tr><td nowrap width=\"15%%\">%s:</td>\n", loc("Login name"));
 
    getcfg(lbs->name, "Authentication", auth, sizeof(auth));
-   if (stristr(auth, "Kerberos"))
+   if (stristr(auth, "Kerberos") || stristr(auth, "Webserver"))
       rsprintf("<td><input type=text size=40 name=new_user_name value=\"%s\" readonly></td></tr>\n", str);
    else
       rsprintf("<td><input type=text size=40 name=new_user_name value=\"%s\"></td></tr>\n", str);
@@ -13334,6 +13342,7 @@
 
    rsprintf("<tr><td class=\"menuframe\"><span class=\"menu1\">\n");
 
+  /* remove user-management buttons 
    if (is_admin_user(logbook, getparam("unm")) || !getcfg(logbook, "allow password change", str, sizeof(str))
        || atoi(str) == 1)
       rsprintf("<input type=submit name=cmd value=\"%s\">\n", loc("Change password"));
@@ -13345,7 +13354,7 @@
       strlcpy(str, loc("Change config file"), sizeof(str));
       rsprintf("<input type=submit name=cmd value=\"%s\">\n", str);
    }
-
+   */
    rsprintf("</span></td></tr></table>\n\n");
    show_bottom_text(lbs);
    rsprintf("</form></body></html>\r\n");
@@ -13579,9 +13588,9 @@
       /*---- header ----*/
 
       getcfg(lbs->name, "Authentication", str, sizeof(str));
-      if (stristr(str, "Kerberos")) {
+      if (stristr(str, "Kerberos")|| stristr(str, "Webserver")) {
          show_error
-             ("This installation of ELOG uses site authentification\nwhere password recovery is not possible");
+             ("This installation of ELOG has outsourced its authentification\nwhere password recovery is not possible");
          return;
       }
 
@@ -13609,6 +13618,7 @@
 
 void show_new_user_page(LOGBOOK * lbs, char *user)
 {
+   char str[256];
    /*---- header ----*/
 
    show_html_header(lbs, TRUE, loc("ELOG new user"), TRUE, FALSE, NULL, FALSE);
@@ -13644,13 +13654,14 @@
 
    rsprintf("<tr><td nowrap>Email:</td>\n");
    rsprintf("<td colspan=2><input type=text size=40 name=new_user_email></tr>\n");
+   getcfg(lbs->name, "Authentication", str, sizeof(str));
+   if (!stristr(str, "Kerberos") && !stristr(str, "Webserver")) {
+       rsprintf("<tr><td nowrap>%s:</td>\n", loc("Password"));
+       rsprintf("<td colspan=2><input type=password size=40 name=newpwd>\n");
 
-   rsprintf("<tr><td nowrap>%s:</td>\n", loc("Password"));
-   rsprintf("<td colspan=2><input type=password size=40 name=newpwd>\n");
-
-   rsprintf("<tr><td nowrap>%s:</td>\n", loc("Retype password"));
-   rsprintf("<td colspan=2><input type=password size=40 name=newpwd2>\n");
-
+       rsprintf("<tr><td nowrap>%s:</td>\n", loc("Retype password"));
+       rsprintf("<td colspan=2><input type=password size=40 name=newpwd2>\n");
+   }
    rsprintf("</td></tr></table>\n");
 
    /*---- menu buttons ----*/
@@ -25391,7 +25402,12 @@
    if (!enum_user_line(lbs, 0, str, sizeof(str))) {
       if (isparam("new_user_name"))
          return TRUE;
-      show_new_user_page(lbs, NULL);
+      getcfg(lbs->name, "Authentication", str, sizeof(str));
+      if (stristr(str, "Webserver")) {
+         show_new_user_page(lbs, http_user);
+      } else {
+         show_new_user_page(lbs, NULL);
+      }
       return FALSE;
    }
 
@@ -25417,7 +25433,9 @@
       }
    }
 
-   /* if invalid or no session ID, show login page */
+   /* if invalid or no session ID, show login page, 
+      unless we have outsourced the authentication to webserver
+   */
    if (!skip_sid_check && !sid_check(sid, user_name)) {
       if (isparam("redir"))
          strlcpy(str, getparam("redir"), sizeof(str));
@@ -26397,6 +26415,25 @@
    if (lbs->n_attr < 0)
       return;
 
+   /* if we outsource the authentication to Webserver and have no sid, just set a new sid  */
+   getcfg(lbs->name, "Authentication", str, sizeof(str));
+   if (stristr(str, "Webserver")) {
+      if (http_user[0]) {
+         if (!sid_check(getparam("sid"), http_user)) { /*  if we don't have a sid yet, set it */
+            /* get a new session ID */
+            sid_new(lbs, http_user, (char *) inet_ntoa(rem_addr), sid);
+            /* set SID cookie */
+            set_sid_cookie(lbs, sid);
+         }
+     } else {
+        sprintf(str, "Error: Misconfigured webserver, did not get X-Forwarded-User from it.");
+        show_error(str);
+        return;
+     }
+   }
+
+
+
    /* check for new login */
    if (isparam("uname") && isparam("upassword")) {
       /* log logins */
@@ -27650,6 +27693,17 @@
          *strchr(http_host, '\r') = 0;
    }
 
+   /* extract X-Forwarded-User into http_user if Authentication==Webserver */
+   http_user[0] = 0;
+   if ((p = strstr(request, "X-Forwarded-User:")) != NULL) {
+      p += 17;
+      while (*p && *p == ' ')
+         p++;
+      strlcpy(http_user, p, sizeof(http_user));
+      if (strchr(http_user, '\r'))
+         *strchr(http_user, '\r') = 0;
+   }
+
    /* extract "X-Forwarded-For:" */
    if ((p = strstr(request, "X-Forwarded-For:")) != NULL) {
       p += 16;