Remove empty dir

[shibboleth/cpp-sp.git] / apache / mod_shib.cpp

diff --git a/apache/mod_shib.cpp b/apache/mod_shib.cpp
index 0c379a3..00cca09 100644 (file)
--- a/apache/mod_shib.cpp
+++ b/apache/mod_shib.cpp
@@ -809,8 +809,9 @@ extern "C" int shib_handler(request_rec* r)
 #else
         shib_request_config* rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib);
         if (!rc || !rc->sta) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_handler found no per-request structure");
-            return SERVER_ERROR;
+            ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, SH_AP_R(r), "shib_handler found no per-request structure");
+            shib_post_read(r);  // ensures objects are created if post_read hook didn't run
+            rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib);
         }
         ShibTargetApache* psta = rc->sta;
 #endif
@@ -1585,7 +1586,8 @@ extern "C" authz_status shib_validuser_check_authz(request_rec* r, const char* r
         return sta.second;
 
     try {
-        const Session* session = sta.first->getSession(false);
+        Session* session = sta.first->getSession(false, true, false);
+        Locker slocker(session, false);
         if (session) {
             sta.first->log(SPRequest::SPDebug, "htaccess: accepting valid-user based on active session");
             return AUTHZ_GRANTED;
@@ -1621,7 +1623,8 @@ extern "C" authz_status shib_acclass_check_authz(request_rec* r, const char* req
     const htAccessControl& hta = dynamic_cast<const ApacheRequestMapper*>(sta.first->getRequestSettings().first)->getHTAccessControl();
 
     try {
-        const Session* session = sta.first->getSession(false);
+        Session* session = sta.first->getSession(false, true, false);
+        Locker slocker(session, false);
         if (session && hta.doAuthnContext(*sta.first, session->getAuthnContextClassRef(), require_line) == AccessControl::shib_acl_true)
             return AUTHZ_GRANTED;
         return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER;
@@ -1642,7 +1645,8 @@ extern "C" authz_status shib_acdecl_check_authz(request_rec* r, const char* requ
     const htAccessControl& hta = dynamic_cast<const ApacheRequestMapper*>(sta.first->getRequestSettings().first)->getHTAccessControl();
 
     try {
-        const Session* session = sta.first->getSession(false);
+        Session* session = sta.first->getSession(false, true, false);
+        Locker slocker(session, false);
         if (session && hta.doAuthnContext(*sta.first, session->getAuthnContextDeclRef(), require_line) == AccessControl::shib_acl_true)
             return AUTHZ_GRANTED;
         return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER;
@@ -1663,7 +1667,8 @@ extern "C" authz_status shib_attr_check_authz(request_rec* r, const char* requir
     const htAccessControl& hta = dynamic_cast<const ApacheRequestMapper*>(sta.first->getRequestSettings().first)->getHTAccessControl();
 
     try {
-        const Session* session = sta.first->getSession(false);
+        Session* session = sta.first->getSession(false, true, false);
+        Locker slocker(session, false);
         if (session) {
             const char* rule = ap_getword_conf(r->pool, &require_line);
             if (rule && hta.doShibAttr(*sta.first, session, rule, require_line) == AccessControl::shib_acl_true)
@@ -1687,7 +1692,8 @@ extern "C" authz_status shib_plugin_check_authz(request_rec* r, const char* requ
     const htAccessControl& hta = dynamic_cast<const ApacheRequestMapper*>(sta.first->getRequestSettings().first)->getHTAccessControl();
 
     try {
-        const Session* session = sta.first->getSession(false);
+        Session* session = sta.first->getSession(false, true, false);
+        Locker slocker(session, false);
         if (session) {
             const char* config = ap_getword_conf(r->pool, &require_line);
             if (config && hta.doAccessControl(*sta.first, session, config) == AccessControl::shib_acl_true)