From ae9cdceca27ade0b74cd26d51a7872a601cac228 Mon Sep 17 00:00:00 2001
From: scantor <scantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Date: Mon, 17 Jun 2013 19:40:37 +0000
Subject: [PATCH] Restrict pre-2.4 use of new require rules

git-svn-id: https://svn.shibboleth.net/cpp-sp/branches/REL_2@3867 cb58f699-b61c-0410-a6fe-9272a202ed29
---
 apache/mod_shib.cpp | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/apache/mod_shib.cpp b/apache/mod_shib.cpp
index 41b4d8f..fe7d038 100644
--- a/apache/mod_shib.cpp
+++ b/apache/mod_shib.cpp
@@ -1291,13 +1291,20 @@ AccessControl::aclresult_t htAccessControl::authorized(const SPRequest& request,
                 status = true;
             }
         }
-        else if ((!strcmp(w,"valid-user") || !strcmp(w,"shib-session")) && session) {
-            request.log(SPRequest::SPDebug, "htaccess: accepting shib-session/valid-user based on active session");
+        else if (!strcmp(w,"valid-user") && session) {
+            request.log(SPRequest::SPDebug, "htaccess: accepting valid-user based on active session");
+            status = true;
+        }
+        else if (sta->m_dc->bCompatWith24 == 1 && !strcmp(w,"shib-session") && session) {
+            request.log(SPRequest::SPDebug, "htaccess: accepting shib-session based on active session");
             status = true;
         }
         else if (!strcmp(w,"user") && !remote_user.empty()) {
             status = (doUser(*sta, t) == shib_acl_true);
         }
+        else if (sta->m_dc->bCompatWith24 == 1 && !strcmp(w,"shib-user") && !remote_user.empty()) {
+            status = (doUser(*sta, t) == shib_acl_true);
+        }
         else if (!strcmp(w,"group")  && !remote_user.empty()) {
             status = (doGroup(*sta, t) == shib_acl_true);
         }
-- 
2.1.4