diff -u old/mod_auth_mysql-2.20/USAGE mod_auth_mysql-2.20/USAGE --- old/mod_auth_mysql-2.20/USAGE Sat Oct 3 16:18:49 1998 +++ mod_auth_mysql-2.20/USAGE Mon Dec 15 18:31:41 2003 @@ -130,6 +130,12 @@ the page by just specifying their username without any password checking. If this is 'Off', they would be denied access. Default: On. +Auth_MySQL_Multiple_Passwords on/off + Whether or not to allow multiple passwords. If the database table + includes multiple rows for single username and this is set to 'On', + accept any one of the passwords. If this is 'Off', multiple rows on + password table for one username results in an error. Default: Off. + Auth_MySQL_Encryption_Types [Plaintext, Crypt_DES, MySQL] This directive tells the authentication module which encryption type(s) to use. It overrides the Auth_MySQL_Scrambled_Passwords and diff -u old/mod_auth_mysql-2.20/mod_auth_mysql.c mod_auth_mysql-2.20/mod_auth_mysql.c --- old/mod_auth_mysql-2.20/mod_auth_mysql.c Sat Oct 3 20:41:41 1998 +++ mod_auth_mysql-2.20/mod_auth_mysql.c Mon Dec 15 15:52:51 2003 @@ -109,6 +109,7 @@ unsigned char encryption_types_initialized; unsigned char allow_empty_passwords; + unsigned char allow_multiple_passwords; unsigned char assume_authoritative; unsigned char enable_mysql_auth; unsigned char non_persistent; @@ -134,6 +135,7 @@ sec->assume_authoritative = 1; sec->allow_empty_passwords = 1; + sec->allow_multiple_passwords = 0; sec->enable_mysql_auth = 1; sec->encryption_types = CRYPT_DES_ENCRYPTION_FLAG; @@ -152,6 +154,13 @@ } +static const char *my_set_multiple_passwd_flag(cmd_parms *cmd, mysql_auth_config_rec *sec, int arg) +{ + sec->allow_multiple_passwords = (unsigned char) arg; + return NULL; +} + + static const char *my_set_mysql_auth_flag(cmd_parms *cmd, mysql_auth_config_rec *sec, int arg) { sec->enable_mysql_auth = (unsigned char) arg; @@ -264,6 +273,7 @@ { "Auth_MySQL_Username_Field", my_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, user_field), OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL password (and possibly group) table(s)." }, { "Auth_MySQL_Group_Field", my_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, group_field),OR_AUTHCFG, TAKE1, "The name of the group field in the MySQL group table; must be set if you want to use groups." }, { "Auth_MySQL_Empty_Passwords", my_set_passwd_flag, NULL, OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." }, + { "Auth_MySQL_Multiple_Passwords", my_set_multiple_passwd_flag, NULL, OR_AUTHCFG, FLAG, "Enable (on) or disable (off) multiple passwords; in which case any of the passwords in database is accepted." }, { "Auth_MySQL_Authoritative", my_set_authoritative_flag, NULL, OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." }, { "Auth_MySQL_Encrypted_Passwords", my_set_crypted_password_flag, NULL, OR_AUTHCFG, FLAG, "When 'on' the password in the password table are taken to be crypt()ed using your machines crypt() function." }, { "Auth_MySQL_Scrambled_Passwords", my_set_scrambled_password_flag, NULL, OR_AUTHCFG, FLAG, "When 'on' the password in the password table are taken to be scramble()d using mySQL's password() function." }, @@ -444,6 +454,7 @@ MYSQL_RES *result; MYSQL_ROW sql_row; encryption_type_entry *ete; + int npass, n; if (sec->user_table) { auth_table = sec->user_table; @@ -466,11 +477,12 @@ if (!result) { return -1; } - switch (mysql_num_rows(result)) { - case 0: - return 0; - break; - case 1: + npass = mysql_num_rows(result); + if (npass <= 0) + return 0; + if (!sec->allow_multiple_passwords && npass > 1) + return -1; + for (n = 1; n <= npass; ++n) { sql_row = mysql_fetch_row(result); /* ensure we have a row, and non NULL value */ if (!sql_row || !sql_row[0]) { @@ -489,15 +501,8 @@ } } } - return 0; - - - break; - default: - return -1; - break; } - return -1; + return 0; }