}
}
}
+ else if (!strcmp(w,"authnContextClassRef")) {
+ const char* ref = session->getAuthnContextClassRef();
+ while (ref && *t) {
+ w=ap_getword_conf(sta->m_req->pool,&t);
+ if (!strcmp(w, ref)) {
+ request.log(SPRequest::SPDebug, string("htAccessControl plugin accepting authnContextClassRef (") + w + ")");
+ SHIB_AP_CHECK_IS_OK;
+ }
+ }
+ }
+ else if (!strcmp(w,"authnContextDeclRef")) {
+ const char* ref = session->getAuthnContextDeclRef();
+ while (ref && *t) {
+ w=ap_getword_conf(sta->m_req->pool,&t);
+ if (!strcmp(w, ref)) {
+ request.log(SPRequest::SPDebug, string("htAccessControl plugin accepting authnContextDeclRef (") + w + ")");
+ SHIB_AP_CHECK_IS_OK;
+ }
+ }
+ }
else {
// Map alias in rule to the attribute.
if (!session) {
return shib_acl_false;\r
}\r
\r
+ if (m_alias == "user") {\r
+ for (vector<string>::const_iterator i=m_vals.begin(); i!=m_vals.end(); ++i) {\r
+ if (*i == request.getRemoteUser()) {\r
+ request.log(SPRequest::SPDebug, string("AccessControl plugin expecting REMOTE_USER (") + *i + "), authz granted");\r
+ return shib_acl_true;\r
+ }\r
+ }\r
+ return shib_acl_false;\r
+ }\r
+ else if (m_alias == "authnContextClassRef") {\r
+ const char* ref = session->getAuthnContextClassRef();\r
+ for (vector<string>::const_iterator i=m_vals.begin(); ref && i!=m_vals.end(); ++i) {\r
+ if (!strcmp(i->c_str(),ref)) {\r
+ request.log(SPRequest::SPDebug, string("AccessControl plugin expecting authnContextClassRef (") + *i + "), authz granted");\r
+ return shib_acl_true;\r
+ }\r
+ }\r
+ return shib_acl_false;\r
+ }\r
+ else if (m_alias == "authnContextDeclRef") {\r
+ const char* ref = session->getAuthnContextDeclRef();\r
+ for (vector<string>::const_iterator i=m_vals.begin(); ref && i!=m_vals.end(); ++i) {\r
+ if (!strcmp(i->c_str(),ref)) {\r
+ request.log(SPRequest::SPDebug, string("AccessControl plugin expecting authnContextDeclRef (") + *i + "), authz granted");\r
+ return shib_acl_true;\r
+ }\r
+ }\r
+ return shib_acl_false;\r
+ }\r
+\r
// Find the attribute(s) matching the require rule.\r
pair<multimap<string,const Attribute*>::const_iterator, multimap<string,const Attribute*>::const_iterator> attrs =\r
session->getIndexedAttributes().equal_range(m_alias);\r
for (vector<string>::const_iterator i=m_vals.begin(); i!=m_vals.end(); ++i) {\r
for (vector<string>::const_iterator j=vals.begin(); j!=vals.end(); ++j) {\r
if ((caseSensitive && *i == *j) || (!caseSensitive && !strcasecmp(i->c_str(),j->c_str()))) {\r
- request.log(SPRequest::SPDebug, string("AccessControl plugin expecting ") + *j + ", authz granted");\r
+ request.log(SPRequest::SPDebug, string("AccessControl plugin expecting (") + *j + "), authz granted");\r
return shib_acl_true;\r
}\r
}\r