Add all Debian patches up to 4.3.9-13, including a fix for CVE-2008-2384.

Bump PKGREVISION.

5 files changed, 1062 insertions, 8 deletions

diff --git a/www/ap-auth-mysql/Makefile b/www/ap-auth-mysql/Makefile
index d02d35518db..7e84422e137 100644
--- a/www/ap-auth-mysql/Makefile
+++ b/www/ap-auth-mysql/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.24 2011/04/01 15:03:48 wiz Exp $
+# $NetBSD: Makefile,v 1.25 2011/04/01 15:11:58 wiz Exp $
 #
 
 DISTNAME=		mod-auth-mysql_4.3.9.orig
 PKGNAME=		${APACHE_PKG_PREFIX}-auth-mysql-4.3.9
+PKGREVISION=		1
 WRKSRC=			${WRKDIR}/${DISTNAME:S/_/-/}
 CATEGORIES=		www databases security
 MASTER_SITES=		${MASTER_SITE_DEBIAN:=pool/main/m/mod-auth-mysql/}
diff --git a/www/ap-auth-mysql/distinfo b/www/ap-auth-mysql/distinfo
index f500abaf07a..d8e619c7b4d 100644
--- a/www/ap-auth-mysql/distinfo
+++ b/www/ap-auth-mysql/distinfo
@@ -1,10 +1,12 @@
-$NetBSD: distinfo,v 1.7 2011/04/01 15:03:48 wiz Exp $
+$NetBSD: distinfo,v 1.8 2011/04/01 15:11:58 wiz Exp $
 
 SHA1 (mod-auth-mysql_4.3.9.orig.tar.gz) = 417efcd2fcd2cce9092843179b52b5901e38aea6
 RMD160 (mod-auth-mysql_4.3.9.orig.tar.gz) = 06d041bf229007e2d08dc86285f349d33df2e019
 Size (mod-auth-mysql_4.3.9.orig.tar.gz) = 48479 bytes
+SHA1 (patch-DIRECTIVES) = a7ec300f0c4efaa2137818af5aa711e569be86eb
+SHA1 (patch-USAGE) = 441f0da8842d51ee994c8ead114cbda9135e632f
 SHA1 (patch-aa) = c18f857317b5838c955ddfea501961e0e2a88e76
 SHA1 (patch-ab) = 7acddeb4e25a50e7460b07e498bbc71a9d125ea5
 SHA1 (patch-ac) = 4cbc888cc09c522270690d39a6625d3d5967440f
-SHA1 (patch-ad) = 37a3ebecfd5a58df42f81002e998a33f43188630
+SHA1 (patch-ad) = 13a665c78c4c4bf4d359a6e6ec4e36e2a4027687
 SHA1 (patch-ae) = 2e5569026965558d9490d3a8face857f5d611b1b
diff --git a/www/ap-auth-mysql/patches/patch-DIRECTIVES b/www/ap-auth-mysql/patches/patch-DIRECTIVES
new file mode 100644
index 00000000000..e314143510e
--- /dev/null
+++ b/www/ap-auth-mysql/patches/patch-DIRECTIVES
@@ -0,0 +1,251 @@
+$NetBSD: patch-DIRECTIVES,v 1.1 2011/04/01 15:11:58 wiz Exp $
+
+All Debian patches up to 4.3.9-13.
+
+--- DIRECTIVES.orig	2004-12-23 13:43:14.000000000 +0000
++++ DIRECTIVES
+@@ -1,23 +1,27 @@
+ All the directives understood by this version of mod-auth-mysql are listed
+-below.  The huge number of synonym directives is due to the merging of two
+-separate versions of the program, both of which had subtly different usage
+-symantics.  I'm sure there will be rationalisation in the near future.
++below.  All directives exist in the two forms Auth_MySQL_* and AuthMySQL_*
++and share the same semantics.  They are the result of merging two separate
++versions of the mod_auth_mysql in the first place, both of which had subtly
++different usage symantics.  The directive names have since then unified.
++
++Auth_MySQL <on/off>
++	Enable/disable MySQL authentication
+ 
+ Auth_MySQL_Info <host> <user> <password>
+ 	Server-wide config option to specify the database host, username,
+ 	and password used to connect to the MySQL server.
+ 
+ 	This option affects all directories which do not override it via
+-	AuthMySQL_Host, AuthMySQL_User, and/or AuthMySQL_Password.
++	Auth_MySQL_Host, Auth_MySQL_User, and/or Auth_MySQL_Password.
+ 
+-AuthMySQL_DefaultHost <hostname>
++Auth_MySQL_DefaultHost <hostname>
+ 	Specifies the MySQL server to use for authentication.
+ 	
+ 	This option affects all directories which do not override it via
+-	AuthMySQL_Host.
++	Auth_MySQL_Host.
+ 
+-AuthMySQL_Host <hostname>
+-	Synonym for AuthMySQL_DefaultHost, to be used in .htaccess files and
++Auth_MySQL_Host <hostname>
++	Synonym for Auth_MySQL_DefaultHost, to be used in .htaccess files and
+ 	directory-specific entries.
+ 
+ Auth_MySQL_DefaultPort <portnum>
+@@ -28,35 +32,37 @@ Auth_MySQL_DefaultPort <portnum>
+ 	Auth_MySQL_Port.
+ 
+ Auth_MySQL_Port <portnum>
+-	Specifies a non-default port to use (other than 3306) when talking
+-	to the MySQL server on AuthMySQL_Host or AuthMySQL_DefaultHost.
++	Synonym for Auth_MySQL_DefaultPort, to be used in .htaccess files and
++	directory-specific entries.
+ 
+ Auth_MySQL_DefaultSocket <socketname>
+-	If using a local MySQL server, you can
+-	specify a non-default named pipe to use instead of the default pipe
+-	name compiled into your MySQL client library.
++	If using a local MySQL server, you can specify a non-default named
++	pipe to use instead of the default pipe name compiled into your MySQL
++	client library.
+ 
+ 	This option affects all directories which do not override it via
+ 	Auth_MySQL_Socket.
+ 
+ Auth_MySQL_Socket <socketname>
+-	If using a local MySQL server, you can specify a non-default named
+-	pipe to use instead of the default one compiled into MySQL with this
+-	option.
++	Synonym for Auth_MySQL_DefaultSocket, to be used in .htaccess files and
++	directory-specific entries.
+ 
+-AuthMySQL_DefaultUser <username>
++Auth_MySQL_DefaultUser <username>
+ 	Specifies the username for connection to the MySQL server.
+ 
+-AuthMySQL_User <username>
+-	Synonym for AuthMySQL_DefaultUser, to be used in .htaccess files and
++Auth_MySQL_User <username>
++	Synonym for Auth_MySQL_DefaultUser, to be used in .htaccess files and
+ 	directory-specific entries.
+ 	
+-AuthMySQL_DefaultPassword <password>
++Auth_MySQL_Username <username>
++	Synonym for Auth_MySQL_User.
++	
++Auth_MySQL_DefaultPassword <password>
+ 	Specifies the password user together with the above user.
+ 
+-AuthMySQL_Password <password>
+-	Synonym for AuthMySQL_Password, to be used in .htaccess files and
+-	directory-specific entries.
++Auth_MySQL_Password <password>
++	Synonym for Auth_MySQL_DefaultPassword, to be used in .htaccess files
++	and directory-specific entries.
+ 
+ Auth_MySQL_General_DB <database_name>
+ 	Server-wide, specifies a default database name to use.
+@@ -65,12 +71,20 @@ Auth_MySQL_DB <database_name>
+ 	Synonym for Auth_MySQL_General_DB, to be used in .htaccess files and
+ 	directory-specific entries.
+ 
+-AuthMySQL_DefaultDB <database_name>
++Auth_MySQL_DefaultDB <database_name>
+ 	Synonym for Auth_MySQL_General_DB.
+ 
+-AuthMySQL_DB <database_name>
+-	Synonym for Auth_MySQL_General_DB, to be used in .htaccess files and
+-	directory-specific entries.
++Auth_MySQL_CharacterSet <character set>
++
++	Set the connection character set to the specified one.  Otherwise no
++	particular character set is used when the connection is created.
++	This could cause problems with differently encoded strings and table
++	or column collations.  The parameter must be a valid MySQL
++	character.  It is mandatory if the character set used for tables/rows
++	differs from the default.
++
++AuthMySQL_CharacterSet <character set>
++        Synonym for Auth_MySQL_CharacterSet.
+ 
+ AuthName "<Realm>"
+ 	Describes the data you're guarding.
+@@ -96,39 +110,28 @@ Auth_MySQL_Password_Table <password_tabl
+ 	The name of the MySQL table in the specified database which stores
+ 	username:password pairs.  By default, it is 'mysql_auth'.
+ 
+-AuthMySQL_Password_Table <password_table_name>
+-	Synonym for Auth_MySQL_Password_Table.
+-
+ Auth_MySQL_Group_Table <group_table_name>
+ 	As per ...Password_Table above, stores username:group pairs. 
+ 	Normally you'll store username:password:group triplets in the one
+ 	table, but we are nothing if not flexible.  Defaults to
+ 	'mysql_auth'.
+ 
+-AuthMySQL_Group_Table <group_table_name>
+-	Synonym for Auth_MySQL_Group_Table.
+-
+ Auth_MySQL_Username_Field <username_field_name>
+ 	The name of the field which stores usernames.  Defaults to
+ 	'username'. The username/password combo specified in Auth_MySQL_Info
+ 	must have select privileges to this field in the Password and Group
+ 	tables.
+ 
+-AuthMySQL_Username_Field <username_field_name>
+-	Synonym for Auth_MySQL_Username_Field.
+-
+ Auth_MySQL_Password_Field <password_field_name>
+ 	As per ...Username_Field above, but for passwords.  Same MySQL
+-	access privileges.  Defaults to 'password'.
++	access privileges.  Defaults to 'passwd'.
+ 
+ AuthMySQL_Password_Field <password_field_name>
+ 	Synonym for Auth_MySQL_Password_Field.
+ 
+ Auth_MySQL_Group_Field <group_field_name>
+-	As per ...Username_Field above.  Defaults to 'groups'.
+-	
+-AuthMySQL_Group_Field <group_field_name>
+-	Synonym for Auth_MySQL_Group_Field.
++	As per ...Username_Field above.  Defaults to 'groups'.  The query 
++	will use FIND_IN_SET(<group_name>,<group_field_name>).
+ 	
+ Auth_MySQL_Group_User_Field <field_name>
+ 	The name of the field in the groups table which stores the username. 
+@@ -146,6 +149,9 @@ Auth_MySQL_Group_Clause <SQL fragment>
+ 	Adds arbitrary clause to username:group matching query, for example:
+ 	" AND Allowed=1". Clause has to start with space. Default is empty.
+  
++Auth_MySQL_Where_Clause <SQL fragment>
++	Synonym for Auth_MySQL_Password_Clause.
++
+ Auth_MySQL_Empty_Passwords <on/off>
+ 	Whether or not to allow empty passwords.  If the password field is
+ 	empty (equals to '') and this option is 'on', users would be able to
+@@ -153,9 +159,6 @@ Auth_MySQL_Empty_Passwords <on/off>
+ 	PASSWORD CHECKING.  If this is 'off', they would be denied access. 
+ 	Default: 'on'.
+ 
+-AuthMySQL_Empty_Passwords <on/off>
+-	Synonym for Auth_MySQL_Empty_Passwords.
+-
+ Auth_MySQL_Encryption_Types <type_list>
+ 
+ 	Select which types of encryption to check, and in which order to
+@@ -203,10 +206,11 @@ Auth_MySQL_Encryption_Types <type_list>
+ 
+ 	MySQL
+ 		The hashing scheme used by the MySQL PASSWORD() function.
++	
++	Apache
++		The hashing scheme used by htpasswd utility. Compatible to
++		authuserfile.
+ 		
+-AuthMySQL_Encryption_Types <type_list>
+-	Synonym for Auth_MySQL_Encryption_Types.
+-
+ Auth_MySQL_Encrypted_Passwords <on/off> (DEPRECATED)
+ 	Equivalent to: Auth_MySQL_Encryption_Types Crypt_DES
+ 	Only used if ...Encryption_Types is not set.  Defaults to 'on'.  If
+@@ -214,17 +218,11 @@ Auth_MySQL_Encrypted_Passwords <on/off> 
+ 	...Encryption_Types is not set, passwords are expected to be in
+ 	plaintext.
+ 
+-AuthMySQL_Encrypted_Passwords <on/off> (DEPRECATED)
+-	Synonym for Auth_MySQL_Encrypted_Passwords.
+-
+ Auth_MySQL_Scrambled_Passwords <on/off> (DEPRECATED)
+ 	Equivalent to: Auth_MySQL_Encryption_Types MySQL
+ 	The same restrictions apply to this directive as to
+ 	...Encrypted_Passwords.
+ 
+-AuthMySQL_Scrambled_Passwords <on/off> (DEPRECATED)
+-	Synonym for Auth_MySQL_Scrambled_Passwords.
+-
+ Auth_MySQL_Authoritative <on/off>
+ 	Whether or not to use other authentication schemes if the user is
+ 	successfully authenticated.  That is, if the user passes the MySQL
+@@ -232,9 +230,6 @@ Auth_MySQL_Authoritative <on/off>
+ 	option is set 'off'.  The default is 'on' (i.e. if the user passes
+ 	the MySQL module, they're considered OK).
+ 
+-AuthMySQL_Authoritative <on/off>
+-	Synonym for Auth_MySQL_Authoritative.
+-
+ Auth_MySQL_Non_Persistent <on/off>
+ 	If set to 'on', the link to the MySQL server is explicitly closed
+ 	after each authentication request.  Note that I can't think of any
+@@ -244,10 +239,15 @@ Auth_MySQL_Non_Persistent <on/off>
+ 	increase the maximum number of simultaneous threads in MySQL and
+ 	keep this option off.  Default: off, and for good reason.
+ 
+-AuthMySQL_Persistent <on/off>
++	Please bear in mind that modern MySQL installations appear to have a
++	connection timeout of 28000 seconds (8 hours), one may want to lower
++	this to 30 (max_connections) if you have very busy site and are
++	observing spikes containing a large number of connection threads.
++
++Auth_MySQL_Persistent <on/off>
+ 	An antonym for Auth_MySQL_Non_Persistent.
+ 
+-AuthMySQL_AllowOverride <on/off>
++Auth_MySQL_AllowOverride <on/off>
+ 	Whether or not .htaccess files are allowed to use their own
+ 	Host/User/Password/DB specifications.  If set to 'off', then the
+ 	defaults specified in the httpd.conf cannot be overridden.
+@@ -256,6 +256,3 @@ Auth_MYSQL <on/off>
+ 	Whether or not to enable MySQL authentication.  If it's off, the
+ 	MySQL authentication will simply pass authentication off to other
+ 	modules defined.
+-
+-AuthMySQL <on/off>
+-	Synonym for Auth_MYSQL.
diff --git a/www/ap-auth-mysql/patches/patch-USAGE b/www/ap-auth-mysql/patches/patch-USAGE
new file mode 100644
index 00000000000..ce576c21ef2
--- /dev/null
+++ b/www/ap-auth-mysql/patches/patch-USAGE
@@ -0,0 +1,69 @@
+$NetBSD: patch-USAGE,v 1.1 2011/04/01 15:11:58 wiz Exp $
+
+All Debian patches up to 4.3.9-13.
+
+--- USAGE.orig	2004-12-23 13:43:14.000000000 +0000
++++ USAGE
+@@ -18,7 +18,10 @@ create table mysql_auth (
+ 	primary key (username)
+ );
+ 
+-This would work quite well.
++This would work quite well.  Remember that the passwd field needs to be long
++enough to store the entire password string -- for example, if you are using
++MD5 passwords, passwd needs to be 32 characters long, and if you are using
++SHA1 it must be 40 characters long.
+ 
+ NOTE 1: You don't have to use a new table for the purpose of storing
+ usernames and passwords; I quite happily use a 'members' table (with all
+@@ -41,9 +44,9 @@ Auth_MySQL_Info <host> <user> <password>
+ 
+ or
+ 
+-AuthMySQL_DefaultHost <host>
+-AuthMySQL_DefaultUser <user>
+-AuthMySQL_DefaultPassword <password>
++Auth_MySQL_DefaultHost <host>
++Auth_MySQL_DefaultUser <user>
++Auth_MySQL_DefaultPassword <password>
+ 
+ This should be placed globally.
+ 
+@@ -53,12 +56,12 @@ use
+ Auth_MySQL_General_DB <database>
+ 
+ to set that.  This setting can be overridden in .htaccess files if
+-AuthMySQL_AllowOverride is set.
++Auth_MySQL_AllowOverride is set.
+ 
+ On that topic, if you want .htaccess files to be restricted in what they're
+ able to connect to database-wise, you can
+ 
+-AuthMySQL_AllowOverride no
++Auth_MySQL_AllowOverride no
+ 
+ and the host, user, password, and database name cannot be changed.
+ 
+@@ -123,3 +126,22 @@ become plaintext equivalents.
+ 
+ The full set of directives available are now listed in the file DIRECTIVES,
+ for ease of perusal.
++
++Disable other Auth methods
++--------------------------
++
++For some reason Apache has problems handing over authority to this
++module if this is requested an another auth module is also loaded.
++
++If you have another authentication module loaded, you'll have to
++disable it the hard way.
++
++AuthBasicAuthoritative Off
++AuthUserFile /dev/null
++
++The following option is not sufficient
++
++Auth_MySQL_Authoritative On
++
++If you experience similar problems with group membership, try
++repeating the same procedure with AuthGroupFile.
diff --git a/www/ap-auth-mysql/patches/patch-ad b/www/ap-auth-mysql/patches/patch-ad
index 71fba069cc7..eac477afd8c 100644
--- a/www/ap-auth-mysql/patches/patch-ad
+++ b/www/ap-auth-mysql/patches/patch-ad
@@ -1,8 +1,21 @@
-$NetBSD: patch-ad,v 1.4 2011/04/01 15:03:48 wiz Exp $
+$NetBSD: patch-ad,v 1.5 2011/04/01 15:11:58 wiz Exp $
+
+Some crypt.h changes that were here before, undocumented.
+All Debian patches up to 4.3.9-13, including a fix for
+CVE-2008-2384.
 
 --- mod_auth_mysql.c.orig	2004-12-23 13:43:14.000000000 +0000
 +++ mod_auth_mysql.c
-@@ -55,12 +55,18 @@
+@@ -48,19 +48,27 @@
+ #include <http_log.h>
+ #ifdef APACHE2
+ #include "http_request.h"   /* for ap_hook_(check_user_id | auth_checker)*/
++#include <apr_general.h>
+ #include <apr_md5.h>
+ #include <apr_sha1.h>
++#include <apr_strings.h>
+ #else
+ #include <ap_md5.h>
  #include <ap_sha1.h>
  #endif
  
@@ -21,7 +34,7 @@ $NetBSD: patch-ad,v 1.4 2011/04/01 15:03:48 wiz Exp $
  #endif
  
  #ifndef TRUE
-@@ -98,7 +104,7 @@ unsigned long auth_db_client_flag = 0;
+@@ -98,10 +106,14 @@ unsigned long auth_db_client_flag = 0;
  #define CRYPT_MD5_ENCRYPTION_FLAG	1<<3
  #endif
  #define PHP_MD5_ENCRYPTION_FLAG		1<<4
@@ -30,7 +43,14 @@ $NetBSD: patch-ad,v 1.4 2011/04/01 15:03:48 wiz Exp $
  #define CRYPT_ENCRYPTION_FLAG		1<<5
  #endif
  #define SHA1SUM_ENCRYPTION_FLAG		1<<6
-@@ -131,7 +137,7 @@ static int check_crypt_MD5_encryption(co
++#define APACHE_ENCRYPTION_FLAG		1<<7
++
++/* from include/sha1.h from the mysql-server source distribution */
++#define SHA1_HASH_SIZE 20 /* Hash size in bytes */
+ 
+ static int check_no_encryption(const char *passwd, char *enc_passwd)
+ {
+@@ -131,7 +143,7 @@ static int check_crypt_MD5_encryption(co
  }
  #endif
  
@@ -39,7 +59,30 @@ $NetBSD: patch-ad,v 1.4 2011/04/01 15:03:48 wiz Exp $
  static int check_crypt_encryption(const char *passwd, char *enc_passwd)
  {
  	return (!strcmp(crypt(passwd, enc_passwd), enc_passwd));
-@@ -250,7 +256,9 @@ encryption_type_entry supported_encrypti
+@@ -229,12 +241,21 @@ static int check_SHA1Sum_encryption(cons
+ 
+ static int check_mysql_encryption(const char *passwd, char *enc_passwd)
+ {
+-	char scrambled_passwd[32];
++	char scrambled_passwd[2*SHA1_HASH_SIZE + 2];
+ 	
+ 	make_scrambled_password(scrambled_passwd, passwd);
+ 	return (!strcmp(scrambled_passwd, enc_passwd));
+ }
+ 
++static int check_apache_encryption(const char *passwd, char *enc_passwd)
++{
++#ifdef APACHE2
++	return (!apr_password_validate(passwd, enc_passwd));
++#else
++	return (!ap_validate_password(passwd, enc_passwd));
++#endif
++}
++
+ typedef struct {
+ 	char *name;
+ 	int (*check_function)(const char *passwd, char *enc_passwd);
+@@ -250,9 +271,12 @@ encryption_type_entry supported_encrypti
  #if CRYPT_MD5
  	{ "Crypt_MD5",		check_crypt_MD5_encryption,		CRYPT_MD5_ENCRYPTION_FLAG },
  #endif
@@ -48,4 +91,692 @@ $NetBSD: patch-ad,v 1.4 2011/04/01 15:03:48 wiz Exp $
 +#endif
  	{ "PHP_MD5",		check_PHP_MD5_encryption,		PHP_MD5_ENCRYPTION_FLAG	},
  	{ "SHA1Sum",	check_SHA1Sum_encryption, SHA1SUM_ENCRYPTION_FLAG},
++	{ "Apache",		check_apache_encryption,		APACHE_ENCRYPTION_FLAG  },
  	/* add additional encryption types below */
+ 	{ NULL,			NULL,					0 }
+ };
+@@ -284,6 +308,7 @@ typedef struct {
+ 	char *db_user;
+ 	char *db_pwd;
+ 	char *db_name;
++	char *db_charset;
+ 	
+ 	MYSQL *dbh;
+ 
+@@ -324,11 +349,14 @@ typedef struct {
+ 
+ module auth_mysql_module;
+ 
++static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec);
++
+ #ifdef APACHE2
+ static apr_status_t
+ #else
+ static void
+ #endif
++
+ auth_mysql_cleanup(void *ptr)
+ {
+ 	mysql_auth_config_rec *sec = ptr;
+@@ -380,7 +408,7 @@ void *create_mysql_auth_dir_config(pool 
+ 				sizeof(mysql_auth_config_rec));
+ #endif
+ 
+-	sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = NULL;
++	sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = sec->db_charset = NULL;
+ 
+ 	sec->dbh = NULL;
+ 	/* When the memory for this connection record is cleaned, we must
+@@ -489,9 +517,9 @@ static const char *set_scrambled_passwor
+  * server when passed in as part of a query.
+  */
+ #ifdef APACHE2
+-static char *mysql_escape(char *str, apr_pool_t *p)
++static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p)
+ #else
+-static char *mysql_escape(char *str, pool *p)
++static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p)
+ #endif
+ {
+ 	char *dest;
+@@ -505,7 +533,7 @@ static char *mysql_escape(char *str, poo
+ 		return str;
+ 	}
+ 	
+-	mysql_escape_string(dest, str, strlen(str));
++	mysql_real_escape_string(sec->dbh, dest, str, strlen(str));
+ 	
+ 	return dest;
+ }
+@@ -644,6 +672,24 @@ static const char *enable_mysql(cmd_parm
+ 	return NULL;
+ }
+ 
++static const char *set_empty_passwords(cmd_parms *cmd, void *sconf, int arg)
++{
++	mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf;
++
++	sec->allow_empty_passwords = arg;
++	APACHELOG(APLOG_DEBUG, cmd, "set_empty_passwords: Setting allow_empty_passwords in %s to %i", sec->dir, sec->allow_empty_passwords);
++	return NULL;
++}
++
++static const char *set_authoritative(cmd_parms *cmd, void *sconf, int arg)
++{
++	mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf;
++
++	sec->authoritative = arg;
++	APACHELOG(APLOG_DEBUG, cmd, "set_authoritative: Setting authoritative in %s to %i", sec->dir, sec->authoritative);
++	return NULL;
++}
++
+ /* The command list.  What it's called, when it's legal to use it, and
+  * what to do when we find it.  Pretty cool, IMHO.
+  */
+@@ -655,14 +701,30 @@ command_rec mysql_auth_cmds[] = {
+    		  NULL,
+    		  RSRC_CONF,	"host, user and password of the MySQL database" ),
+ 
++   AP_INIT_TAKE3( "AuthMySQL_Info",	set_auth_mysql_info,
++   		  NULL,
++   		  RSRC_CONF,	"host, user and password of the MySQL database" ),
++
++   AP_INIT_TAKE1( "Auth_MySQL_DefaultHost",	set_auth_mysql_host,
++		  NULL,
++		  RSRC_CONF,	"Default MySQL host" ),
++
+    AP_INIT_TAKE1( "AuthMySQL_DefaultHost",	set_auth_mysql_host,
+ 		  NULL,
+ 		  RSRC_CONF,	"Default MySQL host" ),
+ 
++   AP_INIT_TAKE1( "Auth_MySQL_DefaultUser",	set_auth_mysql_user,
++		  NULL,
++		  RSRC_CONF,	"Default MySQL user" ),
++
+    AP_INIT_TAKE1( "AuthMySQL_DefaultUser",	set_auth_mysql_user,
+ 		  NULL,
+ 		  RSRC_CONF,	"Default MySQL user" ),
+ 
++   AP_INIT_TAKE1( "Auth_MySQL_DefaultPassword",	set_auth_mysql_pwd,
++		  NULL,
++		  RSRC_CONF,	"Default MySQL password" ),
++
+    AP_INIT_TAKE1( "AuthMySQL_DefaultPassword",	set_auth_mysql_pwd,
+ 		  NULL,
+ 		  RSRC_CONF,	"Default MySQL password" ),
+@@ -671,138 +733,182 @@ command_rec mysql_auth_cmds[] = {
+ 		  NULL,
+ 		  RSRC_CONF,	"Default MySQL server port" ),
+ 	
++   AP_INIT_TAKE1( "AuthMySQL_DefaultPort",	set_auth_mysql_port,
++		  NULL,
++		  RSRC_CONF,	"Default MySQL server port" ),
++	
+    AP_INIT_TAKE1( "Auth_MySQL_DefaultSocket",	set_auth_mysql_socket,
+ 		  NULL,
+ 		  RSRC_CONF,	"Default MySQL server socket" ),
+ 	  	
++   AP_INIT_TAKE1( "AuthMySQL_DefaultSocket",	set_auth_mysql_socket,
++		  NULL,
++		  RSRC_CONF,	"Default MySQL server socket" ),
++	  	
+    AP_INIT_TAKE1( "Auth_MySQL_General_DB",	set_auth_mysql_db,
+ 		  NULL,
+ 		  RSRC_CONF,	"default database for MySQL authentication" ),
+ 
++   AP_INIT_TAKE1( "AuthMySQL_General_DB",	set_auth_mysql_db,
++		  NULL,
++		  RSRC_CONF,	"default database for MySQL authentication" ),
++
++   AP_INIT_TAKE1( "Auth_MySQL_DefaultDB",	set_auth_mysql_db,
++		  NULL,
++		  RSRC_CONF,	"default database for MySQL authentication" ),
++
+    AP_INIT_TAKE1( "AuthMySQL_DefaultDB",	set_auth_mysql_db,
+ 		  NULL,
+ 		  RSRC_CONF,	"default database for MySQL authentication" ),
+ 
+-   AP_INIT_TAKE1( "AuthMySQL_Host",	ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host),
++   AP_INIT_TAKE1( "Auth_MySQL_Host",	ap_set_string_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host),
+ 		  OR_AUTHCFG,	"database host" ),
+ 
+-   AP_INIT_TAKE1( "Auth_MySQL_Host",	ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host),
++   AP_INIT_TAKE1( "AuthMySQL_Host",	ap_set_string_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host),
+ 		  OR_AUTHCFG,	"database host" ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Socket",	ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket),
+ 		  OR_AUTHCFG,	"database host socket" ),
+ 
+    AP_INIT_TAKE1( "AuthMySQL_Socket",	ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket),
+ 		  OR_AUTHCFG,	"database host socket" ),
+ 
+-   AP_INIT_TAKE1( "Auth_MySQL_Port",	ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port),
++   AP_INIT_TAKE1( "Auth_MySQL_Port",	ap_set_int_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port),
+ 		  OR_AUTHCFG,	"database host port" ),
+ 
+-   AP_INIT_TAKE1( "AuthMySQL_Port",	ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port),
++   AP_INIT_TAKE1( "AuthMySQL_Port",	ap_set_int_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port),
+ 		  OR_AUTHCFG,	"database host port" ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Username",	ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
++		  OR_AUTHCFG,	"database user" ),
++
++   AP_INIT_TAKE1( "AuthMySQL_Username",	ap_set_string_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
++		  OR_AUTHCFG,	"database user" ),
++
++   AP_INIT_TAKE1( "Auth_MySQL_User",	ap_set_string_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
+ 		  OR_AUTHCFG,	"database user" ),
+ 
+    AP_INIT_TAKE1( "AuthMySQL_User",	ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
+ 		  OR_AUTHCFG,	"database user" ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Password",	ap_set_string_slot,
+-		(void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd),
+ 		  OR_AUTHCFG,	"database password" ),
+ 
+    AP_INIT_TAKE1( "AuthMySQL_Password",			ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd),
+ 		  OR_AUTHCFG,	"database password" ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_DB",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name),
+ 		  OR_AUTHCFG,	"database name" ),
+ 
+    AP_INIT_TAKE1( "AuthMySQL_DB",	ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name),
+ 		  OR_AUTHCFG,	"database name" ),
+ 
++   AP_INIT_TAKE1( "Auth_MySQL_CharacterSet",		ap_set_string_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset),
++		  OR_AUTHCFG,	"character set" ),
++
++   AP_INIT_TAKE1( "AuthMySQL_CharacterSet",	ap_set_string_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset),
++		  OR_AUTHCFG,	"character set" ),
++
+    AP_INIT_TAKE1( "Auth_MySQL_Password_Table",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table),
+ 		  OR_AUTHCFG,	"Name of the MySQL table containing the password/user-name combination" ),
+ 
+    AP_INIT_TAKE1( "AuthMySQL_Password_Table",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table),
+ 		  OR_AUTHCFG,	"Name of the MySQL table containing the password/user-name combination" ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Group_Table",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table),
++		  OR_AUTHCFG,	"Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ),
++
++   AP_INIT_TAKE1( "AuthMySQL_Group_Table",		ap_set_string_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table),
+ 		  OR_AUTHCFG,	"Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Group_Clause",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_where_clause),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause),
+ 		  OR_AUTHCFG,	"Additional WHERE clause for group/user-name lookup" ),
+ 
+-   AP_INIT_TAKE1( "AuthMySQL_Group_Table",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table),
+-		  OR_AUTHCFG,	"Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ),
++   AP_INIT_TAKE1( "AuthMySQL_Group_Clause",		ap_set_string_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause),
++		  OR_AUTHCFG,	"Additional WHERE clause for group/user-name lookup" ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Password_Field",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field),
+ 		  OR_AUTHCFG,	"The name of the field in the MySQL password table" ),
+ 
+    AP_INIT_TAKE1( "AuthMySQL_Password_Field",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field),
+ 		  OR_AUTHCFG,	"The name of the field in the MySQL password table" ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Password_Clause",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
++		  OR_AUTHCFG,	"Additional WHERE clause for group password/user-name lookup" ),
++
++   AP_INIT_TAKE1( "AuthMySQL_Password_Clause",		ap_set_string_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
+ 		  OR_AUTHCFG,	"Additional WHERE clause for group password/user-name lookup" ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Username_Field",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field),
+ 		  OR_AUTHCFG,	"The name of the user-name field in the MySQL password (and possibly group) table(s)." ),
+ 
+    AP_INIT_TAKE1( "AuthMySQL_Username_Field",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field),
+ 		  OR_AUTHCFG,	"The name of the user-name field in the MySQL password (and possibly group) table(s)." ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Group_Field",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field),
+ 		  OR_AUTHCFG,	"The name of the group field in the MySQL group table; must be set if you want to use groups." ),
+ 
+    AP_INIT_TAKE1( "AuthMySQL_Group_Field",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field),
+ 		  OR_AUTHCFG,	"The name of the group field in the MySQL group table; must be set if you want to use groups." ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Group_User_Field",	ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field),
+ 		  OR_AUTHCFG,	"The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ),
+ 
+    AP_INIT_TAKE1( "AuthMySQL_Group_User_Field",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field),
+ 		  OR_AUTHCFG,	"The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ),
+ 
+-   AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords",		ap_set_flag_slot,
+-		 (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
++   AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords",		set_empty_passwords,
++		 NULL,
+ 		 OR_AUTHCFG,	"Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ),
+ 
+-   AP_INIT_FLAG( "AuthMySQL_Empty_Passwords",		ap_set_flag_slot,
+-		 (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
++   AP_INIT_FLAG( "AuthMySQL_Empty_Passwords",		set_empty_passwords,
++		 NULL,
+ 		 OR_AUTHCFG,	"Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ),
+ 
+-   AP_INIT_FLAG( "Auth_MySQL_Authoritative",		ap_set_flag_slot,
+-		 (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative),
++   AP_INIT_FLAG( "Auth_MySQL_Authoritative",		set_authoritative,
++		 NULL,
+ 		 OR_AUTHCFG,	"When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ),
+ 
+-   AP_INIT_FLAG( "AuthMySQL_Authoritative",		ap_set_flag_slot,
+-		 (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative),
++   AP_INIT_FLAG( "AuthMySQL_Authoritative",		set_authoritative,
++		 NULL,
+ 		 OR_AUTHCFG,	"When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ),
+ 
++   AP_INIT_FLAG( "Auth_MySQL_AllowOverride",		set_auth_mysql_override,
++		 NULL,
++		 RSRC_CONF,	"Allow directory overrides of configuration" ),
++
+    AP_INIT_FLAG( "AuthMySQL_AllowOverride",		set_auth_mysql_override,
+ 		 NULL,
+ 		 RSRC_CONF,	"Allow directory overrides of configuration" ),
+@@ -835,6 +941,14 @@ command_rec mysql_auth_cmds[] = {
+ 		 NULL,
+ 		 OR_AUTHCFG,	"Use non-persistent MySQL links" ),
+ 
++   AP_INIT_FLAG( "AuthMySQL_Non_Persistent",		set_non_persistent,
++		 NULL,
++		 OR_AUTHCFG,	"Use non-persistent MySQL links" ),
++
++   AP_INIT_FLAG( "Auth_MySQL_Persistent",		set_persistent,
++		 NULL,
++		 OR_AUTHCFG,	"Use non-persistent MySQL links" ),
++
+    AP_INIT_FLAG( "AuthMySQL_Persistent",		set_persistent,
+ 		 NULL,
+ 		 OR_AUTHCFG,	"Use non-persistent MySQL links" ),
+@@ -848,7 +962,11 @@ command_rec mysql_auth_cmds[] = {
+ 		 OR_AUTHCFG,	"Enable MySQL authentication" ),
+ 
+    AP_INIT_TAKE1( "Auth_MySQL_Where",		ap_set_string_slot,
+-		  (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause),
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
++		  OR_AUTHCFG,	"Additional WHERE clause for group password/user-name lookup" ),
++
++   AP_INIT_TAKE1( "AuthMySQL_Where",		ap_set_string_slot,
++		  (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
+ 		  OR_AUTHCFG,	"Additional WHERE clause for group password/user-name lookup" ),
+ 
+   { NULL }
+@@ -859,14 +977,30 @@ command_rec mysql_auth_cmds[] = {
+ 	  NULL,
+ 	  RSRC_CONF,	TAKE3,	"host, user and password of the MySQL database" },
+ 
++	{ "AuthMySQL_Info",			set_auth_mysql_info,
++	  NULL,
++	  RSRC_CONF,	TAKE3,	"host, user and password of the MySQL database" },
++
++	{ "Auth_MySQL_DefaultHost",		set_auth_mysql_host,
++	  NULL,
++	  RSRC_CONF,	TAKE1,	"Default MySQL host" },
++
+ 	{ "AuthMySQL_DefaultHost",		set_auth_mysql_host,
+ 	  NULL,
+ 	  RSRC_CONF,	TAKE1,	"Default MySQL host" },
+ 
++	{ "Auth_MySQL_DefaultUser",		set_auth_mysql_user,
++	  NULL,
++	  RSRC_CONF,	TAKE1,	"Default MySQL user" },
++
+ 	{ "AuthMySQL_DefaultUser",		set_auth_mysql_user,
+ 	  NULL,
+ 	  RSRC_CONF,	TAKE1,	"Default MySQL user" },
+ 
++	{ "Auth_MySQL_DefaultPassword",		set_auth_mysql_pwd,
++	  NULL,
++	  RSRC_CONF,	TAKE1,	"Default MySQL password" },
++
+ 	{ "AuthMySQL_DefaultPassword",		set_auth_mysql_pwd,
+ 	  NULL,
+ 	  RSRC_CONF,	TAKE1,	"Default MySQL password" },
+@@ -875,23 +1009,39 @@ command_rec mysql_auth_cmds[] = {
+ 	  NULL,
+ 	  RSRC_CONF,	TAKE1,  "Default MySQL server port" },
+ 	
++	{ "AuthMySQL_DefaultPort",		set_auth_mysql_port,
++	  NULL,
++	  RSRC_CONF,	TAKE1,  "Default MySQL server port" },
++	
+ 	{ "Auth_MySQL_DefaultSocket",		set_auth_mysql_socket,
+ 	  NULL,
+ 	  RSRC_CONF,    TAKE1,  "Default MySQL server socket" },
+ 	  	
++	{ "AuthMySQL_DefaultSocket",		set_auth_mysql_socket,
++	  NULL,
++	  RSRC_CONF,    TAKE1,  "Default MySQL server socket" },
++	  	
+ 	{ "Auth_MySQL_General_DB",		set_auth_mysql_db,
+ 	  NULL,
+ 	  RSRC_CONF,	TAKE1,	"default database for MySQL authentication" },
+ 	  
++	{ "AuthMySQL_General_DB",		set_auth_mysql_db,
++	  NULL,
++	  RSRC_CONF,	TAKE1,	"default database for MySQL authentication" },
++	  
++	{ "Auth_MySQL_DefaultDB",		set_auth_mysql_db,
++	  NULL,
++	  RSRC_CONF,	TAKE1,	"default database for MySQL authentication" },
++
+ 	{ "AuthMySQL_DefaultDB",		set_auth_mysql_db,
+ 	  NULL,
+ 	  RSRC_CONF,	TAKE1,	"default database for MySQL authentication" },
+ 
+-	{ "AuthMySQL_Host",			ap_set_string_slot,
++	{ "Auth_MySQL_Host",			ap_set_string_slot,
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, db_host),
+ 	  OR_AUTHCFG,	TAKE1,	"database host" },
+ 
+-	{ "Auth_MySQL_Host",			ap_set_string_slot,
++	{ "AuthMySQL_Host",			ap_set_string_slot,
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, db_host),
+ 	  OR_AUTHCFG,	TAKE1,	"database host" },
+ 
+@@ -899,7 +1049,15 @@ command_rec mysql_auth_cmds[] = {
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, db_socket),
+ 	  OR_AUTHCFG,	TAKE1,	"database host socket" },
+ 
+-	{ "Auth_MySQL_Port",			ap_set_string_slot,
++	{ "AuthMySQL_Socket",			ap_set_string_slot,
++	  (void *) XtOffsetOf(mysql_auth_config_rec, db_socket),
++	  OR_AUTHCFG,	TAKE1,	"database host socket" },
++
++	{ "Auth_MySQL_Port",			ap_set_int_slot,
++	  (void *) XtOffsetOf(mysql_auth_config_rec, db_port),
++	  OR_AUTHCFG,	TAKE1,	"database host socket" },
++
++	{ "AuthMySQL_Port",			ap_set_int_slot,
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, db_port),
+ 	  OR_AUTHCFG,	TAKE1,	"database host socket" },
+ 
+@@ -907,6 +1065,14 @@ command_rec mysql_auth_cmds[] = {
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, db_user),
+ 	  OR_AUTHCFG,	TAKE1,	"database user" },
+ 	  
++	{ "AuthMySQL_Username",		ap_set_string_slot,
++	  (void *) XtOffsetOf(mysql_auth_config_rec, db_user),
++	  OR_AUTHCFG,	TAKE1,	"database user" },
++	  
++	{ "Auth_MySQL_User",			ap_set_string_slot,
++	  (void *) XtOffsetOf(mysql_auth_config_rec, db_user),
++	  OR_AUTHCFG,	TAKE1,	"database user" },
++	  
+ 	{ "AuthMySQL_User",			ap_set_string_slot,
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, db_user),
+ 	  OR_AUTHCFG,	TAKE1,	"database user" },
+@@ -927,6 +1093,14 @@ command_rec mysql_auth_cmds[] = {
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, db_name),
+ 	  OR_AUTHCFG,	TAKE1,	"database name" },
+ 	  
++	{ "Auth_MySQL_CharacterSet",			ap_set_string_slot,
++	  (void *) XtOffsetOf(mysql_auth_config_rec, db_charset),
++	  OR_AUTHCFG,	TAKE1,	"character set" },
++	  
++	{ "AuthMySQL_CharacterSet",			ap_set_string_slot,
++	  (void *) XtOffsetOf(mysql_auth_config_rec, db_charset),
++	  OR_AUTHCFG,	TAKE1,	"character set" },
++	  
+ 	{ "Auth_MySQL_Password_Table",		ap_set_string_slot,
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, user_table),
+ 	  OR_AUTHCFG,	TAKE1,	"Name of the MySQL table containing the password/user-name combination" },
+@@ -939,14 +1113,18 @@ command_rec mysql_auth_cmds[] = {
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, group_table),
+ 	  OR_AUTHCFG,	TAKE1,	"Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." },
+ 	  
++	{ "AuthMySQL_Group_Table",		ap_set_string_slot,
++	  (void *) XtOffsetOf(mysql_auth_config_rec, group_table),
++	  OR_AUTHCFG,	TAKE1,	"Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." },
++	  
+ 	{ "Auth_MySQL_Group_Clause",		ap_set_string_slot,
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause),
+ 	  OR_AUTHCFG,	TAKE1,  "Additional WHERE clause for group/user-name lookup" },
+ 	  
+-	{ "AuthMySQL_Group_Table",		ap_set_string_slot,
+-	  (void *) XtOffsetOf(mysql_auth_config_rec, group_table),
+-	  OR_AUTHCFG,	TAKE1,	"Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." },
+-
++	{ "AuthMySQL_Group_Clause",		ap_set_string_slot,
++	  (void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause),
++	  OR_AUTHCFG,	TAKE1,  "Additional WHERE clause for group/user-name lookup" },
++	  
+ 	{ "Auth_MySQL_Password_Field",		ap_set_string_slot,
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, password_field),
+ 	  OR_AUTHCFG,	TAKE1,	"The name of the field in the MySQL password table" },
+@@ -959,6 +1137,10 @@ command_rec mysql_auth_cmds[] = {
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
+ 	  OR_AUTHCFG,	TAKE1,  "Additional WHERE clause for group password/user-name lookup" },
+ 
++	{ "AuthMySQL_Password_Clause",		ap_set_string_slot,
++	  (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
++	  OR_AUTHCFG,	TAKE1,  "Additional WHERE clause for group password/user-name lookup" },
++
+ 	{ "Auth_MySQL_Username_Field",		ap_set_string_slot,
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, user_field),
+ 	  OR_AUTHCFG,	TAKE1,	"The name of the user-name field in the MySQL password (and possibly group) table(s)." },
+@@ -983,22 +1165,26 @@ command_rec mysql_auth_cmds[] = {
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, group_user_field),
+ 	  OR_AUTHCFG,	TAKE1,	"The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." },
+ 
+-	{ "Auth_MySQL_Empty_Passwords",		ap_set_flag_slot,
+-	  (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
++	{ "Auth_MySQL_Empty_Passwords",		set_empty_passwords,
++	  NULL,
+ 	  OR_AUTHCFG,	FLAG,	"Enable (on) or disable (off) empty password strings; in which case any user password is accepted." },
+ 
+-	{ "AuthMySQL_Empty_Passwords",		ap_set_flag_slot,
+-	  (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
++	{ "AuthMySQL_Empty_Passwords",		set_empty_passwords,
++	  NULL,
+ 	  OR_AUTHCFG,	FLAG,	"Enable (on) or disable (off) empty password strings; in which case any user password is accepted." },
+ 
+-	{ "Auth_MySQL_Authoritative",		ap_set_flag_slot,
+-	  (void *) XtOffsetOf(mysql_auth_config_rec, authoritative),
++	{ "Auth_MySQL_Authoritative",		set_authoritative,
++	  NULL,
+ 	  OR_AUTHCFG,	FLAG,	"When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." },
+ 
+-	{ "AuthMySQL_Authoritative",		ap_set_flag_slot,
+-	  (void *) XtOffsetOf(mysql_auth_config_rec, authoritative),
++	{ "AuthMySQL_Authoritative",		set_authoritative,
++	  NULL,
+ 	  OR_AUTHCFG,	FLAG,	"When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." },
+ 
++	{ "Auth_MySQL_AllowOverride",		set_auth_mysql_override,
++	  NULL,
++	  RSRC_CONF,	FLAG,	"Allow directory overrides of configuration" },
++
+ 	{ "AuthMySQL_AllowOverride",		set_auth_mysql_override,
+ 	  NULL,
+ 	  RSRC_CONF,	FLAG,	"Allow directory overrides of configuration" },
+@@ -1031,6 +1217,14 @@ command_rec mysql_auth_cmds[] = {
+ 	  NULL,
+ 	  OR_AUTHCFG,	FLAG,	"Use non-persistent MySQL links" },
+ 
++	{ "AuthMySQL_Non_Persistent",		set_non_persistent,
++	  NULL,
++	  OR_AUTHCFG,	FLAG,	"Use non-persistent MySQL links" },
++
++	{ "Auth_MySQL_Persistent",		set_persistent,
++	  NULL,
++	  OR_AUTHCFG,	FLAG,	"Use non-persistent MySQL links" },
++
+ 	{ "AuthMySQL_Persistent",		set_persistent,
+ 	  NULL,
+ 	  OR_AUTHCFG,	FLAG,	"Use non-persistent MySQL links" },
+@@ -1047,6 +1241,10 @@ command_rec mysql_auth_cmds[] = {
+ 	  (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
+ 	  OR_AUTHCFG,	TAKE1,  "Additional WHERE clause for group password/user-name lookup" },
+ 
++	{ "AuthMySQL_Where",			ap_set_string_slot,
++	  (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
++	  OR_AUTHCFG,	TAKE1,  "Additional WHERE clause for group password/user-name lookup" },
++
+ 	{ NULL }
+ };
+ 
+@@ -1092,6 +1290,10 @@ static int open_auth_dblink(request_rec 
+ 	char *dbname = auth_db_name, *user = auth_db_user, *pwd = auth_db_pwd;
+ 	void (*sigpipe_handler)();
+ 	unsigned long client_flag = 0;
++#if MYSQL_VERSION_ID >= 50013
++	my_bool do_reconnect = 1;
++#endif
++	char *query;
+ 
+ 	APACHELOG(APLOG_DEBUG, r, "Opening DB connection for %s", sec->dir);
+ 	
+@@ -1160,6 +1362,13 @@ static int open_auth_dblink(request_rec 
+ 		return errno;
+ 	}
+ 
++#if MYSQL_VERSION_ID >= 50013
++	/* The default is no longer to automatically reconnect on failure,
++	 * (as of 5.0.3) so we have to set that option here.  The option is
++	 * available from 5.0.13.  */
++	mysql_options(sec->dbh, MYSQL_OPT_RECONNECT, &do_reconnect);
++#endif
++
+ 	signal(SIGPIPE, sigpipe_handler);
+ 	
+ 	APACHELOG(APLOG_DEBUG, r, "Persistent in %s is %i", sec->dir, sec->persistent);
+@@ -1175,6 +1384,23 @@ static int open_auth_dblink(request_rec 
+ #endif
+ 	}
+ 
++	if (sec->db_charset) {
++		const char *check;
++
++		APACHELOG(APLOG_DEBUG, r,
++			"Setting character set to %s", sec->db_charset);
++
++		mysql_set_character_set(sec->dbh, sec->db_charset);
++
++		check = mysql_character_set_name(sec->dbh);
++
++		if (!check || strcmp(sec->db_charset, check)) {
++			APACHELOG(APLOG_ERR, r,
++				"Failed to set character set to %s", sec->db_charset);
++			return -1;
++		}
++	}
++
+ 	/* W00t!  We made it! */
+ 	return 0;
+ }
+@@ -1287,10 +1513,16 @@ static int check_password(const char *pl
+ 	encryption_type_entry *ete;
+ 	
+ 	/* empty password support */
+-	if (sec->allow_empty_passwords && !strlen(hashed)) {
+-		APACHELOG(APLOG_INFO, r, "User successful on empty password");
+-		return 1;
+-	}
++	if (!strlen(hashed)) {
++               if (sec->allow_empty_passwords) {
++                       APACHELOG(APLOG_INFO, r, "User successful on empty password");
++                       return 1;
++               } else {
++                       APACHELOG(APLOG_INFO, r, "Rejecting login because of empty password field in DB");
++                       return 0;
++               }
++        }
++
+ 			
+ 	for (ete=supported_encryption_types; ete->name; ete++) {
+ 		if (sec->encryption_types & ete->flag) {
+@@ -1315,11 +1547,27 @@ static int mysql_check_user_password(req
+ 	char *auth_table = "mysql_auth", *auth_user_field = "username",
+ 		*auth_password_field = "passwd", *auth_password_clause = "";
+ 	char *query;
+-	char *esc_user = mysql_escape(user, r->pool);
++	char *esc_user = NULL;
+ 	MYSQL_RES *result;
+ 	MYSQL_ROW sql_row;
++	int error = CR_UNKNOWN_ERROR;
+ 	int rv;
+ 		
++	if (!sec->dbh) {
++		APACHELOG(APLOG_DEBUG, r,
++			"No DB connection open - firing one up");
++		if ((error = open_auth_dblink(r, sec))) {
++			APACHELOG(APLOG_DEBUG, r,
++				"open_auth_dblink returned %i", error);
++			return error;
++		}
++
++		APACHELOG(APLOG_DEBUG, r,
++			"Correctly opened a new DB connection");
++	}
++
++	esc_user = mysql_escape(sec, r, user, r->pool);
++
+ 	if (sec->user_table) {
+ 		auth_table = sec->user_table;
+ 	}
+@@ -1405,8 +1653,8 @@ static int mysql_check_group(request_rec
+ {
+ 	char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause="";
+ 	char *query;
+-	char *esc_user = mysql_escape(user, r->pool);
+-	char *esc_group = mysql_escape(group, r->pool);
++	char *esc_user = mysql_escape(sec, r, user, r->pool);
++	char *esc_group = mysql_escape(sec, r, group, r->pool);
+ 	MYSQL_RES *result;
+ 	MYSQL_ROW row;
+ 	char *auth_user_field = "username";