--- mod_auth_mysql.c	2020-04-26 15:23:20.000000000 +0100
+++ mod_auth_mysql.c	2020-04-26 15:18:06.000000000 +0100
@@ -87,7 +87,7 @@ 
  */
 
 /* 
- * $Id: mod_auth_mysql.c,v 1.13 2016/02/22 11:01:34 ueli Exp $
+ * $Id: mod_auth_mysql.c,v 1.2 2020/04/21 18:16:39 rb Exp $
  */
 
 #define MODULE_RELEASE "1.13"
@@ -101,6 +101,11 @@ 
 #include "apr_dbm.h"
 #include "apr_md5.h"
 
+#ifdef APACHE24
+#include "ap_config.h"
+#include "ap_provider.h"
+#include "mod_auth.h"
+#endif
 #include "httpd.h"
 #include "http_config.h"
 #include "http_core.h"
@@ -121,7 +126,7 @@ 
 
 #include <mysql/mysql.h>
 
-static char *version = "$Id: mod_auth_mysql.c,v 1.13 2016/02/22 11:01:34 ueli Exp $ 2013 ueli heuer";
+static char *version = "$Id: mod_auth_mysql.c,v 1.2 2020/04/21 18:16:39 rb Exp $ 2013 ueli heuer";
 
 typedef struct  {
     char *db_host;                  /* host name of db server */
@@ -152,7 +157,7 @@ 
     int  auth_dbauthoritative;      /* are we authoritative? */
     int  auth_enable;               /* module enabled? */
     int  auth_virtualhost;          /* use VirtualHostHostname in the queris */       
-    /* MYSQL *mysql_handle;            /* the mysql-handle */
+    // MYSQL *mysql_handle;            /* the mysql-handle */
 
 #ifdef MYSQL_USE_SSL
     int  db_client_use_ssl;         /* MySQL Client SSL flag */
@@ -450,6 +455,7 @@ 
         }
     }
 #endif
+
     mysql_handle=mysql_real_connect(&mysql_conn,db_host,
       conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0);
 
@@ -491,7 +497,6 @@ 
     if(open_db_handle(r,conf)) {
         return NULL;                /* failure reason already logged */
     }
-
     if (mysql_select_db(mysql_handle,conf->db_name) != 0) {
       ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r,
         "MOD_AUTH_MYSQL: MYSQL ERROR %s: '%s'", mysql_error(mysql_handle),
@@ -634,6 +639,7 @@ 
         return NULL;
     }
 
+
     if(open_db_handle(r,conf)) {
         return NULL;        /* failure reason already logged */
     }
@@ -752,6 +758,88 @@ 
     return OK;
 } // }}}
 
+#ifdef APACHE24
+static const char *groupfile_parse_config(cmd_parms *cmd, const char *require_line,
+                                          const void **parsed_require_line)
+{
+    const char *expr_err = NULL;
+    ap_expr_info_t *expr;
+
+    expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
+            &expr_err, NULL);
+
+    if (expr_err)
+        return apr_pstrcat(cmd->temp_pool,
+                           "Cannot parse expression in require line: ",
+                           expr_err, NULL);
+
+    *parsed_require_line = expr;
+
+    return NULL;
+}
+
+static authz_status group_check_authorization(request_rec *r,
+                                              const char *require_args,
+                                              const void *parsed_require_args)
+{
+    char *user = r->user;    
+        
+    const char *err = NULL;
+    const ap_expr_info_t *expr = parsed_require_args;
+    const char *require;
+    
+    const char *t, *w;
+    char ** groups;
+    auth_mysql_config_rec *conf = ap_get_module_config(r->per_dir_config,
+      &auth_mysql_module);
+        
+    if (!user) {
+        return AUTHZ_DENIED_NO_USER;   
+    }
+     
+    require = ap_expr_str_exec(r, expr, &err);
+    if (err) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02592)
+                      "mod_auth_mysql authorize: require group: Can't "
+                      "evaluate require expression: %s", err);
+        return AUTHZ_DENIED;
+    }
+
+    if (!(groups = get_db_grp(r, user, conf))) {
+        if (!(conf->auth_dbauthoritative)) {
+            return DECLINED;
+        }
+        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
+          "user not in any group ::  http://%s@%s%s",
+          user, r->hostname, r->filename);      
+          ap_note_basic_auth_failure(r);
+        return HTTP_UNAUTHORIZED;
+    }
+    t = require;
+    while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+        int i = 0;
+        while (groups[i]) {
+            if (!strcmp(groups[i], w)) {
+                return AUTHZ_GRANTED;
+            }
+        i++;
+        }
+    }
+    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,   
+      "user not in right group: http://%s@%s%s",
+      user, r->hostname,r->uri);
+    ap_note_basic_auth_failure(r);
+
+    return AUTHZ_DENIED;
+}
+
+static const authz_provider authz_group_provider =
+{
+    &group_check_authorization,
+    &groupfile_parse_config,
+};
+
+#else
 /* {{{ static int db_check_auth() 
  * Checking ID 
  */
@@ -762,11 +850,7 @@ 
     char *user = r->user;
     int m = r->method_number;
 
-#ifdef APACHE24
-    const apr_array_header_t *reqs_arr = NULL;
-#else
     const apr_array_header_t *reqs_arr = ap_requires(r);
-#endif
     require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
 
     register int x;
@@ -826,6 +910,8 @@ 
 
     return DECLINED;
 } // }}}
+#endif // not APACHE24
+
 
 /*
  * Initialize the module
@@ -845,7 +931,14 @@ 
 {
     ap_hook_post_config(auth_mysql_init, NULL, NULL, APR_HOOK_MIDDLE);
     ap_hook_check_user_id(db_authenticate_basic_user, NULL, NULL, APR_HOOK_MIDDLE);
+#ifdef APACHE24
+    ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "group",
+                              AUTHZ_PROVIDER_VERSION,
+                              &authz_group_provider,
+                              AP_AUTH_INTERNAL_PER_CONF);
+#else
     ap_hook_auth_checker(db_check_auth, NULL, NULL, APR_HOOK_MIDDLE);
+#endif
 }
 
 /*