From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 17 Jun 2013 19:40:37 +0000 (+0000)
Subject: Restrict pre-2.4 use of new require rules
X-Git-Tag: 2.5.2~1
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp.git;a=commitdiff_plain;h=5e9e86b9ca490421ccda55991c9176c94144eff4

Restrict pre-2.4 use of new require rules
---

diff --git a/apache/mod_shib.cpp b/apache/mod_shib.cpp
index 41b4d8f..fe7d038 100644
--- a/apache/mod_shib.cpp
+++ b/apache/mod_shib.cpp
@@ -1291,13 +1291,20 @@ AccessControl::aclresult_t htAccessControl::authorized(const SPRequest& request,
                 status = true;
             }
         }
-        else if ((!strcmp(w,"valid-user") || !strcmp(w,"shib-session")) && session) {
-            request.log(SPRequest::SPDebug, "htaccess: accepting shib-session/valid-user based on active session");
+        else if (!strcmp(w,"valid-user") && session) {
+            request.log(SPRequest::SPDebug, "htaccess: accepting valid-user based on active session");
+            status = true;
+        }
+        else if (sta->m_dc->bCompatWith24 == 1 && !strcmp(w,"shib-session") && session) {
+            request.log(SPRequest::SPDebug, "htaccess: accepting shib-session based on active session");
             status = true;
         }
         else if (!strcmp(w,"user") && !remote_user.empty()) {
             status = (doUser(*sta, t) == shib_acl_true);
         }
+        else if (sta->m_dc->bCompatWith24 == 1 && !strcmp(w,"shib-user") && !remote_user.empty()) {
+            status = (doUser(*sta, t) == shib_acl_true);
+        }
         else if (!strcmp(w,"group")  && !remote_user.empty()) {
             status = (doGroup(*sta, t) == shib_acl_true);
         }