Add check for remote_user variable for trusted proxy auth

If trusted proxy authentication is on, yet the proxy did not authenticate the
user, then the default authentication method is used instead of returning 'Unauthorized'.

Apache/SOGo.conf

@@ -26,12 +26,23 @@ Alias /SOGo/WebServerResources/ \
 ## need to set the "SOGoTrustProxyAuthentication" SOGo user default to YES and
 ## adjust the "x-webobjects-remote-user" proxy header in the "Proxy" section
 ## below.
+#
+## For full proxy-side authentication:
 #<Location /SOGo>
 #  AuthType XXX
 #  Require valid-user
 #  SetEnv proxy-nokeepalive 1
 #  Allow from all
 #</Location>
+#
+## For proxy-side authentication only for CardDAV and GroupDAV from external
+## clients:
+#<Location /SOGo/dav>
+#  AuthType XXX
+#  Require valid-user
+#  SetEnv proxy-nokeepalive 1
+#  Allow from all
+#</Location>
 
 ProxyRequests Off
 SetEnv proxy-nokeepalive 1
@@ -64,7 +75,8 @@ ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
 
 ## When using proxy-side autentication, you need to uncomment and
 ## adjust the following line:
-#  RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e"
+  RequestHeader unset "x-webobjects-remote-user"
+#  RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e" env=REMOTE_USER
 
   RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
 

Main/SOGo.m

@@ -283,7 +283,7 @@ static BOOL debugLeaks;
 {
   id authenticator;
 
-  if (trustProxyAuthentication)
+  if (trustProxyAuthentication && [[context request] headerForKey: @"x-webobjects-remote-user"])
     authenticator = [SOGoProxyAuthenticator sharedSOGoProxyAuthenticator];
   else
     {