1 files changed, 33 insertions, 2 deletions

diff --git a/modules/aaa/mod_authz_user.c b/modules/aaa/mod_authz_user.c
index e4af7946..881f77f1 100644
--- a/modules/aaa/mod_authz_user.c
+++ b/modules/aaa/mod_authz_user.c
@@ -49,13 +49,25 @@ static authz_status user_check_authorization(request_rec *r,
                                              const char *require_args,
                                              const void *parsed_require_args)
 {
+    const char *err = NULL;
+    const ap_expr_info_t *expr = parsed_require_args;
+    const char *require;
+
     const char *t, *w;
 
     if (!r->user) {
         return AUTHZ_DENIED_NO_USER;
     }
 
-    t = require_args;
+    require = ap_expr_str_exec(r, expr, &err);
+    if (err) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594)
+                      "authz_user authorize: require user: Can't "
+                      "evaluate require expression: %s", err);
+        return AUTHZ_DENIED;
+    }
+
+    t = require;
     while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
         if (!strcmp(r->user, w)) {
             return AUTHZ_GRANTED;
@@ -81,10 +93,29 @@ static authz_status validuser_check_authorization(request_rec *r,
     return AUTHZ_GRANTED;
 }
 
+static const char *user_parse_config(cmd_parms *cmd, const char *require_line,
+                                     const void **parsed_require_line)
+{
+    const char *expr_err = NULL;
+    ap_expr_info_t *expr;
+
+    expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
+            &expr_err, NULL);
+
+    if (expr_err)
+        return apr_pstrcat(cmd->temp_pool,
+                           "Cannot parse expression in require line: ",
+                           expr_err, NULL);
+
+    *parsed_require_line = expr;
+
+    return NULL;
+}
+
 static const authz_provider authz_user_provider =
 {
     &user_check_authorization,
-    NULL,
+    &user_parse_config,
 };
 static const authz_provider authz_validuser_provider =
 {