Index: mod_authz_svn.c
===================================================================
--- mod_authz_svn.c	(revision 512)
+++ mod_authz_svn.c	(revision 513)
@@ -38,6 +38,16 @@
 #include <apr_lib.h>
 #include <mod_dav.h>
 
+#if ( AP_SERVER_MAJORVERSION_NUMBER * 10 + AP_SERVER_MINORVERSION_NUMBER ) > 23
+# define HAVE_AP_24 1
+# else
+# define HAVE_AP_24 0
+#endif
+
+#if HAVE_AP_24
+#include "mod_auth.h"
+#endif
+
 #include "mod_dav_svn.h"
 #include "mod_authz_svn.h"
 #include "svn_path.h"
@@ -84,6 +94,11 @@
   const char *force_username_case;
 } authz_svn_config_rec;
 
+
+
+#if HAVE_AP_24
+
+#else
 /* version where ap_some_auth_required breaks */
 #if AP_MODULE_MAGIC_AT_LEAST(20060110,0)
 /* first version with force_authn hook and ap_some_authn_required()
@@ -105,6 +120,7 @@
    /* old enough that ap_some_auth_required() still works */
 #  define USE_FORCE_AUTHN 0
 #endif
+#endif
 
 /*
  * Configuration
@@ -916,6 +932,88 @@
  * Hooks
  */
 
+
+
+#if HAVE_AP_24
+
+static authz_status svnpath_check_authorization(request_rec *r,
+                                                   const char *require_args,
+                                                   const void *parsed_require_args)
+{
+  authz_svn_config_rec *conf = ap_get_module_config(r->per_dir_config,
+                                                    &authz_svn_module);
+  const char *repos_path = NULL;
+  const char *dest_repos_path = NULL;
+  int status;
+
+  /* Use the force_authn() hook available in 2.4.x to work securely
+   * given that ap_some_auth_required() is no longer functional for our
+   * purposes in 2.4.x.
+   */
+  int authn_configured;
+
+  /* We are not configured to run */
+  if (! (conf->access_file || conf->repo_relative_access_file))
+    return AUTHZ_GENERAL_ERROR;
+  
+  /* See if authentication is configured */
+  
+  authn_configured = ap_auth_type(r) != NULL;
+  
+  /* ap_auth_type: Returns the authentication type (as set by the AuthType directive) for the request r. Currently this should only be Basic, Digest, or NULL. */
+
+  if (!r->user) { 
+    if (authn_configured && !conf->anonymous) {
+      /* We need an user because don't allow anonymous access */
+      return AUTHZ_DENIED_NO_USER;
+    }
+    else if (!authn_configured && !conf->anonymous) {
+      /* There is no auth defined and we don't allow anonymous */
+      return AUTHZ_DENIED;
+    }
+  }
+  
+  /* Now we have an user (r->user) or we don't but want anonymous access (!authn_configured && conf->anonymous) */
+  
+
+  /* If anon access is allowed, return OK */
+
+  /* Now test */
+  
+  status = req_check_access(r, conf, &repos_path, &dest_repos_path);
+  if (status == DECLINED)
+    {
+      
+      log_access_verdict(APLOG_MARK, r, 0, FALSE, repos_path, dest_repos_path);
+      if (authn_configured && !r->user ) {
+	/* Give a second chance only in the case that authn modules could call us back with an user */
+	return AUTHZ_DENIED_NO_USER;
+      }
+      
+      /* in any other case we have failed */
+      
+      return AUTHZ_DENIED;
+      
+    }
+
+  if (status != OK) {
+    switch (status)
+      {
+      case HTTP_BAD_REQUEST:
+      case HTTP_FORBIDDEN:
+	return AUTHZ_GENERAL_ERROR;
+      default:
+	return AUTHZ_DENIED;
+      }
+  }
+  
+  log_access_verdict(APLOG_MARK, r, 1, FALSE, repos_path, dest_repos_path);
+
+  return AUTH_GRANTED;
+}
+
+#else
+
 static int
 access_checker(request_rec *r)
 {
@@ -1117,15 +1215,73 @@
   return DECLINED;
 }
 #endif
+#endif
 
 /*
  * Module flesh
  */
 
+
+
+#if HAVE_AP_24
+
+static const char *svnpathchk_parse_config(cmd_parms *cmd, const char *require_line,
+                                     const void **parsed_require_line)
+{
+    const char *expr_err = NULL;
+    ap_expr_info_t *expr;
+
+    expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
+            &expr_err, NULL);
+
+    if (expr_err)
+        return apr_pstrcat(cmd->temp_pool,
+                           "Cannot parse expression in require line: ",
+                           expr_err, NULL);
+
+    *parsed_require_line = expr;
+
+    return NULL;
+}
+
+
+static const authz_provider authz_svnpathchk_provider =
+{
+  &svnpath_check_authorization,
+  &svnpathchk_parse_config,
+};
+
+
+#endif
+
+
 /* Implements the #register_hooks method of Apache's #module vtable. */
 static void
 register_hooks(apr_pool_t *p)
 {
+
+#if HAVE_AP_24
+  /* 
+   * Register authz provider
+   * We begin with AP_AUTH_INTERNAL_PER_CONF setting
+   * to avoid breaking too much things, as we don't know if subrequests of aun authorized path 
+   * are going to use an unauthorized path
+   * 
+   * Otherways we could be using AP_AUTH_INTERNAL_PER_URI
+   */
+  ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "svnpathaccess",
+                              AUTHZ_PROVIDER_VERSION,
+                              &authz_svnpathchk_provider,
+                              AP_AUTH_INTERNAL_PER_CONF);
+
+
+
+#else  
+  /* 
+   * 2.2 compatible stuff 
+   * from <https://httpd.apache.org/docs/2.4/developer/new_api_2_4.html>, it is:
+   ** DEPRECATED direct use of ap_hook_access_checker, access_checker_ex, ap_hook_check_user_id, ap_hook_auth_checker
+   */
   static const char * const mod_ssl[] = { "mod_ssl.c", NULL };
 
   ap_hook_access_checker(access_checker, NULL, NULL, APR_HOOK_LAST);
@@ -1137,6 +1293,7 @@
 #if USE_FORCE_AUTHN
   ap_hook_force_authn(force_authn, NULL, NULL, APR_HOOK_FIRST);
 #endif
+#endif
   ap_register_provider(p,
                        AUTHZ_SVN__SUBREQ_BYPASS_PROV_GRP,
                        AUTHZ_SVN__SUBREQ_BYPASS_PROV_NAME,