shib_request_config* rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib);
if (!rc || !rc->sta) {
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_base_check_authz found no per-request structure");
- return make_pair(nullptr, AUTHZ_GENERAL_ERROR);
+ return make_pair((ShibTargetApache*)nullptr, AUTHZ_GENERAL_ERROR);
}
else if (!rc->sta->isInitialized()) {
- return make_pair(nullptr, AUTHZ_DENIED_NO_USER);
+ return make_pair((ShibTargetApache*)nullptr, AUTHZ_DENIED_NO_USER);
}
return make_pair(rc->sta, AUTHZ_GRANTED);
}
-extern "C" static authz_status shib_shibboleth_check_authz(request_rec* r, const char* require_line, const void*)
+extern "C" authz_status shib_shibboleth_check_authz(request_rec* r, const char* require_line, const void*)
{
pair<ShibTargetApache*,authz_status> sta = shib_base_check_authz(r);
if (!sta.first)
return AUTHZ_GRANTED;
}
-extern "C" static authz_status shib_validuser_check_authz(request_rec* r, const char* require_line, const void*)
+extern "C" authz_status shib_validuser_check_authz(request_rec* r, const char* require_line, const void*)
{
pair<ShibTargetApache*,authz_status> sta = shib_base_check_authz(r);
if (!sta.first)
return AUTHZ_DENIED_NO_USER;
}
-extern "C" static authz_status shib_user_check_authz(request_rec* r, const char* require_line, const void*)
+extern "C" authz_status shib_user_check_authz(request_rec* r, const char* require_line, const void*)
{
- if (!r->user)
+ if (!r->user || !*(r->user))
return AUTHZ_DENIED_NO_USER;
pair<ShibTargetApache*,authz_status> sta = shib_base_check_authz(r);
if (!sta.first)
return AUTHZ_DENIED;
}
-extern "C" static authz_status shib_acclass_check_authz(request_rec* r, const char* require_line, const void*)
+extern "C" authz_status shib_acclass_check_authz(request_rec* r, const char* require_line, const void*)
{
pair<ShibTargetApache*,authz_status> sta = shib_base_check_authz(r);
if (!sta.first)
const Session* session = sta.first->getSession(false);
if (session && hta.doAuthnContext(*sta.first, session->getAuthnContextClassRef(), require_line) == AccessControl::shib_acl_true)
return AUTHZ_GRANTED;
- return AUTHZ_DENIED;
+ return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER;
}
catch (std::exception& e) {
sta.first->log(SPRequest::SPWarn, string("htaccess: unable to obtain session for access control check: ") + e.what());
return AUTHZ_GENERAL_ERROR;
}
-extern "C" static authz_status shib_acdecl_check_authz(request_rec* r, const char* require_line, const void*)
+extern "C" authz_status shib_acdecl_check_authz(request_rec* r, const char* require_line, const void*)
{
pair<ShibTargetApache*,authz_status> sta = shib_base_check_authz(r);
if (!sta.first)
const Session* session = sta.first->getSession(false);
if (session && hta.doAuthnContext(*sta.first, session->getAuthnContextDeclRef(), require_line) == AccessControl::shib_acl_true)
return AUTHZ_GRANTED;
- return AUTHZ_DENIED;
+ return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER;
}
catch (std::exception& e) {
sta.first->log(SPRequest::SPWarn, string("htaccess: unable to obtain session for access control check: ") + e.what());
return AUTHZ_GENERAL_ERROR;
}
-extern "C" static authz_status shib_attr_check_authz(request_rec* r, const char* require_line, const void*)
+extern "C" authz_status shib_attr_check_authz(request_rec* r, const char* require_line, const void*)
{
pair<ShibTargetApache*,authz_status> sta = shib_base_check_authz(r);
if (!sta.first)
if (rule && hta.doShibAttr(*sta.first, session, rule, require_line) == AccessControl::shib_acl_true)
return AUTHZ_GRANTED;
}
- return AUTHZ_DENIED;
+ return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER;
}
catch (std::exception& e) {
sta.first->log(SPRequest::SPWarn, string("htaccess: unable to obtain session for access control check: ") + e.what());
return AUTHZ_GENERAL_ERROR;
}
-extern "C" static authz_status shib_plugin_check_authz(request_rec* r, const char* require_line, const void*)
+extern "C" authz_status shib_plugin_check_authz(request_rec* r, const char* require_line, const void*)
{
pair<ShibTargetApache*,authz_status> sta = shib_base_check_authz(r);
if (!sta.first)
if (config && hta.doAccessControl(*sta.first, session, config) == AccessControl::shib_acl_true)
return AUTHZ_GRANTED;
}
- return AUTHZ_DENIED;
+ return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER;
}
catch (std::exception& e) {
sta.first->log(SPRequest::SPWarn, string("htaccess: unable to obtain session for access control check: ") + e.what());
#else
#ifdef SHIB_APACHE_24
-extern "C" static const authz_provider shib_authz_shibboleth_provider = { &shib_shibboleth_check_authz, nullptr };
-extern "C" static const authz_provider shib_authz_validuser_provider = { &shib_validuser_check_authz, nullptr };
-extern "C" static const authz_provider shib_authz_user_provider = { &shib_user_check_authz, nullptr };
-extern "C" static const authz_provider shib_authz_acclass_provider = { &shib_acclass_check_authz, nullptr };
-extern "C" static const authz_provider shib_authz_acdecl_provider = { &shib_acdecl_check_authz, nullptr };
-extern "C" static const authz_provider shib_authz_attr_provider = { &shib_attr_check_authz, nullptr };
-extern "C" static const authz_provider shib_authz_plugin_provider = { &shib_plugin_check_authz, nullptr };
+extern "C" const authz_provider shib_authz_shibboleth_provider = { &shib_shibboleth_check_authz, nullptr };
+extern "C" const authz_provider shib_authz_validuser_provider = { &shib_validuser_check_authz, nullptr };
+extern "C" const authz_provider shib_authz_user_provider = { &shib_user_check_authz, nullptr };
+extern "C" const authz_provider shib_authz_acclass_provider = { &shib_acclass_check_authz, nullptr };
+extern "C" const authz_provider shib_authz_acdecl_provider = { &shib_acdecl_check_authz, nullptr };
+extern "C" const authz_provider shib_authz_attr_provider = { &shib_attr_check_authz, nullptr };
+extern "C" const authz_provider shib_authz_plugin_provider = { &shib_plugin_check_authz, nullptr };
#endif
extern "C" void shib_register_hooks (apr_pool_t *p)