From 41413702eab798e7c76eb79853586eed1bed9add Mon Sep 17 00:00:00 2001 From: scantor Date: Wed, 17 Oct 2012 16:17:00 +0000 Subject: [PATCH] SSPCPP-502: more deadlock prevention in 2.4 authz hooks git-svn-id: https://svn.shibboleth.net/cpp-sp/branches/REL_2@3791 cb58f699-b61c-0410-a6fe-9272a202ed29 --- apache/mod_shib.cpp | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/apache/mod_shib.cpp b/apache/mod_shib.cpp index 0c379a3..3899db4 100644 --- a/apache/mod_shib.cpp +++ b/apache/mod_shib.cpp @@ -1585,7 +1585,8 @@ extern "C" authz_status shib_validuser_check_authz(request_rec* r, const char* r return sta.second; try { - const Session* session = sta.first->getSession(false); + Session* session = sta.first->getSession(false, true, false); + Locker slocker(session, false); if (session) { sta.first->log(SPRequest::SPDebug, "htaccess: accepting valid-user based on active session"); return AUTHZ_GRANTED; @@ -1621,7 +1622,8 @@ extern "C" authz_status shib_acclass_check_authz(request_rec* r, const char* req const htAccessControl& hta = dynamic_cast(sta.first->getRequestSettings().first)->getHTAccessControl(); try { - const Session* session = sta.first->getSession(false); + Session* session = sta.first->getSession(false, true, false); + Locker slocker(session, false); if (session && hta.doAuthnContext(*sta.first, session->getAuthnContextClassRef(), require_line) == AccessControl::shib_acl_true) return AUTHZ_GRANTED; return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER; @@ -1642,7 +1644,8 @@ extern "C" authz_status shib_acdecl_check_authz(request_rec* r, const char* requ const htAccessControl& hta = dynamic_cast(sta.first->getRequestSettings().first)->getHTAccessControl(); try { - const Session* session = sta.first->getSession(false); + Session* session = sta.first->getSession(false, true, false); + Locker slocker(session, false); if (session && hta.doAuthnContext(*sta.first, session->getAuthnContextDeclRef(), require_line) == AccessControl::shib_acl_true) return AUTHZ_GRANTED; return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER; @@ -1663,7 +1666,8 @@ extern "C" authz_status shib_attr_check_authz(request_rec* r, const char* requir const htAccessControl& hta = dynamic_cast(sta.first->getRequestSettings().first)->getHTAccessControl(); try { - const Session* session = sta.first->getSession(false); + Session* session = sta.first->getSession(false, true, false); + Locker slocker(session, false); if (session) { const char* rule = ap_getword_conf(r->pool, &require_line); if (rule && hta.doShibAttr(*sta.first, session, rule, require_line) == AccessControl::shib_acl_true) @@ -1687,7 +1691,8 @@ extern "C" authz_status shib_plugin_check_authz(request_rec* r, const char* requ const htAccessControl& hta = dynamic_cast(sta.first->getRequestSettings().first)->getHTAccessControl(); try { - const Session* session = sta.first->getSession(false); + Session* session = sta.first->getSession(false, true, false); + Locker slocker(session, false); if (session) { const char* config = ap_getword_conf(r->pool, &require_line); if (config && hta.doAccessControl(*sta.first, session, config) == AccessControl::shib_acl_true) -- 2.1.4