Restrict pre-2.4 use of new require rules

diff --git a/apache/mod_shib.cpp b/apache/mod_shib.cpp
index 41b4d8f..fe7d038 100644 (file)
--- a/apache/mod_shib.cpp
+++ b/apache/mod_shib.cpp
@@ -1291,13 +1291,20 @@ AccessControl::aclresult_t htAccessControl::authorized(const SPRequest& request,
                 status = true;
             }
         }
-        else if ((!strcmp(w,"valid-user") || !strcmp(w,"shib-session")) && session) {
-            request.log(SPRequest::SPDebug, "htaccess: accepting shib-session/valid-user based on active session");
+        else if (!strcmp(w,"valid-user") && session) {
+            request.log(SPRequest::SPDebug, "htaccess: accepting valid-user based on active session");
+            status = true;
+        }
+        else if (sta->m_dc->bCompatWith24 == 1 && !strcmp(w,"shib-session") && session) {
+            request.log(SPRequest::SPDebug, "htaccess: accepting shib-session based on active session");
             status = true;
         }
         else if (!strcmp(w,"user") && !remote_user.empty()) {
             status = (doUser(*sta, t) == shib_acl_true);
         }
+        else if (sta->m_dc->bCompatWith24 == 1 && !strcmp(w,"shib-user") && !remote_user.empty()) {
+            status = (doUser(*sta, t) == shib_acl_true);
+        }
         else if (!strcmp(w,"group")  && !remote_user.empty()) {
             status = (doGroup(*sta, t) == shib_acl_true);
         }