1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Amitay Isaacs <amitay@w-o-i.com> |
14 | Eric Warnke <ericw@albany.edu> |
15 | Rasmus Lerdorf <rasmus@php.net> |
16 | Gerrit Thomson <334647@swin.edu.au> |
17 | Jani Taskinen <sniper@iki.fi> |
18 | Stig Venaas <venaas@uninett.no> |
19 | Doug Goldstein <cardoe@cardoe.com> |
20 | Côme Chilliet <mcmic@php.net> |
21 | PHP 4.0 updates: Zeev Suraski <zeev@php.net> |
22 +----------------------------------------------------------------------+
23 */
24
25 #ifdef HAVE_CONFIG_H
26 #include "config.h"
27 #endif
28
29 #include "php.h"
30 #include "php_ini.h"
31
32 #include <stddef.h>
33
34 #include "ext/standard/dl.h"
35 #include "php_ldap.h"
36 #include "ldap_arginfo.h"
37
38 #ifdef PHP_WIN32
39 #include <string.h>
40 #include "config.w32.h"
41 #undef WINDOWS
42 #undef strcasecmp
43 #undef strncasecmp
44 #define WINSOCK 1
45 #define __STDC__ 1
46 #endif
47
48 #include "ext/standard/info.h"
49
50 #ifdef HAVE_LDAP_SASL
51 #include <sasl/sasl.h>
52 #endif
53
54 #define PHP_LDAP_ESCAPE_FILTER 0x01
55 #define PHP_LDAP_ESCAPE_DN 0x02
56
57 #if defined(LDAP_CONTROL_PAGEDRESULTS) && !defined(HAVE_LDAP_CONTROL_FIND)
ldap_control_find(const char * oid,LDAPControl ** ctrls,LDAPControl *** nextctrlp)58 LDAPControl *ldap_control_find( const char *oid, LDAPControl **ctrls, LDAPControl ***nextctrlp)
59 {
60 assert(nextctrlp == NULL);
61 return ldap_find_control(oid, ctrls);
62 }
63 #endif
64
65 #if !defined(LDAP_API_FEATURE_X_OPENLDAP)
ldap_memvfree(void ** v)66 void ldap_memvfree(void **v)
67 {
68 ldap_value_free((char **)v);
69 }
70 #endif
71
72 typedef struct {
73 LDAP *link;
74 #if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
75 zval rebindproc;
76 #endif
77 zend_object std;
78 } ldap_linkdata;
79
80 typedef struct {
81 LDAPMessage *result;
82 zend_object std;
83 } ldap_resultdata;
84
85 typedef struct {
86 LDAPMessage *data;
87 BerElement *ber;
88 zval res;
89 zend_object std;
90 } ldap_result_entry;
91
92 ZEND_DECLARE_MODULE_GLOBALS(ldap)
93 static PHP_GINIT_FUNCTION(ldap);
94
95 static zend_class_entry *ldap_link_ce, *ldap_result_ce, *ldap_result_entry_ce;
96 static zend_object_handlers ldap_link_object_handlers, ldap_result_object_handlers, ldap_result_entry_object_handlers;
97
98 #ifdef COMPILE_DL_LDAP
99 #ifdef ZTS
100 ZEND_TSRMLS_CACHE_DEFINE()
101 #endif
ZEND_GET_MODULE(ldap)102 ZEND_GET_MODULE(ldap)
103 #endif
104
105 static inline ldap_linkdata *ldap_link_from_obj(zend_object *obj) {
106 return (ldap_linkdata *)((char *)(obj) - XtOffsetOf(ldap_linkdata, std));
107 }
108
109 #define Z_LDAP_LINK_P(zv) ldap_link_from_obj(Z_OBJ_P(zv))
110
ldap_link_create_object(zend_class_entry * class_type)111 static zend_object *ldap_link_create_object(zend_class_entry *class_type) {
112 ldap_linkdata *intern = zend_object_alloc(sizeof(ldap_linkdata), class_type);
113
114 zend_object_std_init(&intern->std, class_type);
115 object_properties_init(&intern->std, class_type);
116 intern->std.handlers = &ldap_link_object_handlers;
117
118 return &intern->std;
119 }
120
ldap_link_get_constructor(zend_object * object)121 static zend_function *ldap_link_get_constructor(zend_object *object) {
122 zend_throw_error(NULL, "Cannot directly construct LDAP\\Connection, use ldap_connect() instead");
123 return NULL;
124 }
125
ldap_link_free(ldap_linkdata * ld)126 static void ldap_link_free(ldap_linkdata *ld)
127 {
128 /* We use ldap_destroy rather than ldap_unbind here, because ldap_unbind
129 * will skip the destructor entirely if a critical client control is set. */
130 ldap_destroy(ld->link);
131 ld->link = NULL;
132
133 #if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
134 zval_ptr_dtor(&ld->rebindproc);
135 #endif
136
137 LDAPG(num_links)--;
138 }
139
ldap_link_free_obj(zend_object * obj)140 static void ldap_link_free_obj(zend_object *obj)
141 {
142 ldap_linkdata *ld = ldap_link_from_obj(obj);
143
144 if (ld->link) {
145 ldap_link_free(ld);
146 }
147
148 zend_object_std_dtor(&ld->std);
149 }
150
ldap_result_from_obj(zend_object * obj)151 static inline ldap_resultdata *ldap_result_from_obj(zend_object *obj) {
152 return (ldap_resultdata *)((char *)(obj) - XtOffsetOf(ldap_resultdata, std));
153 }
154
155 #define Z_LDAP_RESULT_P(zv) ldap_result_from_obj(Z_OBJ_P(zv))
156
ldap_result_create_object(zend_class_entry * class_type)157 static zend_object *ldap_result_create_object(zend_class_entry *class_type) {
158 ldap_resultdata *intern = zend_object_alloc(sizeof(ldap_resultdata), class_type);
159
160 zend_object_std_init(&intern->std, class_type);
161 object_properties_init(&intern->std, class_type);
162 intern->std.handlers = &ldap_result_object_handlers;
163
164 return &intern->std;
165 }
166
ldap_result_get_constructor(zend_object * object)167 static zend_function *ldap_result_get_constructor(zend_object *object) {
168 zend_throw_error(NULL, "Cannot directly construct LDAP\\Result, use the dedicated functions instead");
169 return NULL;
170 }
171
ldap_result_free(ldap_resultdata * result)172 static void ldap_result_free(ldap_resultdata *result)
173 {
174 ldap_msgfree(result->result);
175 result->result = NULL;
176 }
177
ldap_result_free_obj(zend_object * obj)178 static void ldap_result_free_obj(zend_object *obj)
179 {
180 ldap_resultdata *result = ldap_result_from_obj(obj);
181
182 if (result->result) {
183 ldap_result_free(result);
184 }
185
186 zend_object_std_dtor(&result->std);
187 }
188
ldap_result_entry_from_obj(zend_object * obj)189 static inline ldap_result_entry *ldap_result_entry_from_obj(zend_object *obj) {
190 return (ldap_result_entry *)((char *)(obj) - XtOffsetOf(ldap_result_entry, std));
191 }
192
193 #define Z_LDAP_RESULT_ENTRY_P(zv) ldap_result_entry_from_obj(Z_OBJ_P(zv))
194
ldap_result_entry_create_object(zend_class_entry * class_type)195 static zend_object *ldap_result_entry_create_object(zend_class_entry *class_type) {
196 ldap_result_entry *intern = zend_object_alloc(sizeof(ldap_result_entry), class_type);
197
198 zend_object_std_init(&intern->std, class_type);
199 object_properties_init(&intern->std, class_type);
200 intern->std.handlers = &ldap_result_entry_object_handlers;
201
202 return &intern->std;
203 }
204
ldap_result_entry_get_constructor(zend_object * obj)205 static zend_function *ldap_result_entry_get_constructor(zend_object *obj) {
206 zend_throw_error(NULL, "Cannot directly construct LDAP\\ResultEntry, use the dedicated functions instead");
207 return NULL;
208 }
209
ldap_result_entry_free_obj(zend_object * obj)210 static void ldap_result_entry_free_obj(zend_object *obj)
211 {
212 ldap_result_entry *entry = ldap_result_entry_from_obj(obj);
213
214 if (entry->ber != NULL) {
215 ber_free(entry->ber, 0);
216 entry->ber = NULL;
217 }
218 zval_ptr_dtor(&entry->res);
219
220 zend_object_std_dtor(&entry->std);
221 }
222
223 #define VERIFY_LDAP_LINK_CONNECTED(ld) \
224 { \
225 if (!ld->link) { \
226 zend_throw_error(NULL, "LDAP connection has already been closed"); \
227 RETURN_THROWS(); \
228 } \
229 }
230
231 #define VERIFY_LDAP_RESULT_OPEN(lr) \
232 { \
233 if (!lr->result) { \
234 zend_throw_error(NULL, "LDAP result has already been closed"); \
235 RETURN_THROWS(); \
236 } \
237 }
238
239 /* {{{ Parse controls from and to arrays */
_php_ldap_control_to_array(LDAP * ld,LDAPControl * ctrl,zval * array,int request)240 static void _php_ldap_control_to_array(LDAP *ld, LDAPControl* ctrl, zval* array, int request)
241 {
242 array_init(array);
243
244 add_assoc_string(array, "oid", ctrl->ldctl_oid);
245 if (request) {
246 /* iscritical field only makes sense in request controls (which may be obtained by ldap_get_option) */
247 add_assoc_bool(array, "iscritical", (ctrl->ldctl_iscritical != 0));
248 }
249
250 /* If it is a known oid, parse to values */
251 if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) {
252 int expire = 0, grace = 0, rc;
253 LDAPPasswordPolicyError pperr;
254 zval value;
255
256 rc = ldap_parse_passwordpolicy_control(ld, ctrl, &expire, &grace, &pperr);
257 if ( rc == LDAP_SUCCESS ) {
258 array_init(&value);
259 add_assoc_long(&value, "expire", expire);
260 add_assoc_long(&value, "grace", grace);
261
262 if ( pperr != PP_noError ) {
263 add_assoc_long(&value, "error", pperr);
264 }
265 add_assoc_zval(array, "value", &value);
266 } else {
267 add_assoc_null(array, "value");
268 }
269 } else if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_PAGEDRESULTS) == 0) {
270 int lestimated, rc;
271 struct berval lcookie = { 0L, NULL };
272 zval value;
273
274 if (ctrl->ldctl_value.bv_len) {
275 /* ldap_parse_pageresponse_control() allocates lcookie.bv_val */
276 rc = ldap_parse_pageresponse_control(ld, ctrl, &lestimated, &lcookie);
277 } else {
278 /* ldap_parse_pageresponse_control will crash if value is empty */
279 rc = -1;
280 }
281
282 if ( rc == LDAP_SUCCESS ) {
283 array_init(&value);
284 add_assoc_long(&value, "size", lestimated);
285 add_assoc_stringl(&value, "cookie", lcookie.bv_val, lcookie.bv_len);
286 add_assoc_zval(array, "value", &value);
287 } else {
288 add_assoc_null(array, "value");
289 }
290
291 if (lcookie.bv_val) {
292 ldap_memfree(lcookie.bv_val);
293 }
294 } else if ((strcmp(ctrl->ldctl_oid, LDAP_CONTROL_PRE_READ) == 0) || (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_POST_READ) == 0)) {
295 BerElement *ber;
296 struct berval bv;
297
298 ber = ber_init(&ctrl->ldctl_value);
299 if (ber == NULL) {
300 add_assoc_null(array, "value");
301 } else if (ber_scanf(ber, "{m{" /*}}*/, &bv) == LBER_ERROR) {
302 add_assoc_null(array, "value");
303 } else {
304 zval value;
305
306 array_init(&value);
307 add_assoc_stringl(&value, "dn", bv.bv_val, bv.bv_len);
308
309 while (ber_scanf(ber, "{m" /*}*/, &bv) != LBER_ERROR) {
310 int i;
311 BerVarray vals = NULL;
312 zval tmp;
313
314 if (ber_scanf(ber, "[W]", &vals) == LBER_ERROR || vals == NULL)
315 {
316 break;
317 }
318
319 array_init(&tmp);
320 for (i = 0; vals[i].bv_val != NULL; i++) {
321 add_next_index_stringl(&tmp, vals[i].bv_val, vals[i].bv_len);
322 }
323 add_assoc_zval(&value, bv.bv_val, &tmp);
324
325 ber_bvarray_free(vals);
326 }
327 add_assoc_zval(array, "value", &value);
328 }
329
330 if (ber != NULL) {
331 ber_free(ber, 1);
332 }
333 } else if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_SORTRESPONSE) == 0) {
334 zval value;
335 int errcode, rc;
336 char* attribute;
337
338 if (ctrl->ldctl_value.bv_len) {
339 rc = ldap_parse_sortresponse_control(ld, ctrl, &errcode, &attribute);
340 } else {
341 rc = -1;
342 }
343 if ( rc == LDAP_SUCCESS ) {
344 array_init(&value);
345 add_assoc_long(&value, "errcode", errcode);
346 if (attribute) {
347 add_assoc_string(&value, "attribute", attribute);
348 ldap_memfree(attribute);
349 }
350 add_assoc_zval(array, "value", &value);
351 } else {
352 add_assoc_null(array, "value");
353 }
354 } else if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_VLVRESPONSE) == 0) {
355 int target, count, errcode, rc;
356 struct berval *context;
357 zval value;
358
359 if (ctrl->ldctl_value.bv_len) {
360 rc = ldap_parse_vlvresponse_control(ld, ctrl, &target, &count, &context, &errcode);
361 } else {
362 rc = -1;
363 }
364 if ( rc == LDAP_SUCCESS ) {
365 array_init(&value);
366 add_assoc_long(&value, "target", target);
367 add_assoc_long(&value, "count", count);
368 add_assoc_long(&value, "errcode", errcode);
369 if (context) {
370 add_assoc_stringl(&value, "context", context->bv_val, context->bv_len);
371 }
372 add_assoc_zval(array, "value", &value);
373 ber_bvfree(context);
374 } else {
375 add_assoc_null(array, "value");
376 }
377 } else {
378 if (ctrl->ldctl_value.bv_len) {
379 add_assoc_stringl(array, "value", ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len);
380 } else {
381 add_assoc_null(array, "value");
382 }
383 }
384 }
385
_php_ldap_control_from_array(LDAP * ld,LDAPControl ** ctrl,zval * array)386 static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* array)
387 {
388 zval* val;
389 zend_string *control_oid;
390 int control_iscritical = 0, rc = LDAP_SUCCESS;
391 char** ldap_attrs = NULL;
392 LDAPSortKey** sort_keys = NULL;
393 zend_string *tmpstring = NULL, **tmpstrings1 = NULL, **tmpstrings2 = NULL;
394 size_t num_tmpstrings1 = 0, num_tmpstrings2 = 0;
395
396 if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "oid", sizeof("oid") - 1)) == NULL) {
397 zend_value_error("%s(): Control must have an \"oid\" key", get_active_function_name());
398 return -1;
399 }
400
401 control_oid = zval_get_string(val);
402 if (EG(exception)) {
403 return -1;
404 }
405
406 if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "iscritical", sizeof("iscritical") - 1)) != NULL) {
407 control_iscritical = zend_is_true(val);
408 } else {
409 control_iscritical = 0;
410 }
411
412 BerElement *ber = NULL;
413 struct berval control_value = { 0L, NULL };
414 int control_value_alloc = 0;
415
416 if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "value", sizeof("value") - 1)) != NULL) {
417 if (Z_TYPE_P(val) != IS_ARRAY) {
418 tmpstring = zval_get_string(val);
419 if (EG(exception)) {
420 rc = -1;
421 goto failure;
422 }
423 control_value.bv_val = ZSTR_VAL(tmpstring);
424 control_value.bv_len = ZSTR_LEN(tmpstring);
425 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_PAGEDRESULTS) == 0) {
426 zval* tmp;
427 int pagesize = 1;
428 struct berval cookie = { 0L, NULL };
429 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "size", sizeof("size") - 1)) != NULL) {
430 pagesize = zval_get_long(tmp);
431 }
432 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "cookie", sizeof("cookie") - 1)) != NULL) {
433 tmpstring = zval_get_string(tmp);
434 if (EG(exception)) {
435 rc = -1;
436 goto failure;
437 }
438 cookie.bv_val = ZSTR_VAL(tmpstring);
439 cookie.bv_len = ZSTR_LEN(tmpstring);
440 }
441 /* ldap_create_page_control_value() allocates memory for control_value.bv_val */
442 control_value_alloc = 1;
443 rc = ldap_create_page_control_value(ld, pagesize, &cookie, &control_value);
444 if (rc != LDAP_SUCCESS) {
445 php_error_docref(NULL, E_WARNING, "Failed to create paged result control value: %s (%d)", ldap_err2string(rc), rc);
446 }
447 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_ASSERT) == 0) {
448 zval* tmp;
449 zend_string* assert;
450 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "filter", sizeof("filter") - 1)) == NULL) {
451 rc = -1;
452 zend_value_error("%s(): Control must have a \"filter\" key", get_active_function_name());
453 } else {
454 assert = zval_get_string(tmp);
455 if (EG(exception)) {
456 rc = -1;
457 goto failure;
458 }
459 /* ldap_create_assertion_control_value does not reset ld_errno, we need to do it ourselves
460 See http://www.openldap.org/its/index.cgi/Incoming?id=8674 */
461 int success = LDAP_SUCCESS;
462 ldap_set_option(ld, LDAP_OPT_RESULT_CODE, &success);
463 /* ldap_create_assertion_control_value() allocates memory for control_value.bv_val */
464 control_value_alloc = 1;
465 rc = ldap_create_assertion_control_value(ld, ZSTR_VAL(assert), &control_value);
466 if (rc != LDAP_SUCCESS) {
467 php_error_docref(NULL, E_WARNING, "Failed to create assert control value: %s (%d)", ldap_err2string(rc), rc);
468 }
469 zend_string_release(assert);
470 }
471 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_VALUESRETURNFILTER) == 0) {
472 zval* tmp;
473 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "filter", sizeof("filter") - 1)) == NULL) {
474 rc = -1;
475 zend_value_error("%s(): Control must have a \"filter\" key", get_active_function_name());
476 } else {
477 ber = ber_alloc_t(LBER_USE_DER);
478 if (ber == NULL) {
479 rc = -1;
480 php_error_docref(NULL, E_WARNING, "Failed to allocate control value");
481 } else {
482 tmpstring = zval_get_string(tmp);
483 if (EG(exception)) {
484 rc = -1;
485 goto failure;
486 }
487 if (ldap_put_vrFilter(ber, ZSTR_VAL(tmpstring)) == -1) {
488 rc = -1;
489 php_error_docref(NULL, E_WARNING, "Failed to create control value: Bad ValuesReturnFilter: %s", ZSTR_VAL(tmpstring));
490 } else if (ber_flatten2(ber, &control_value, control_value_alloc) == -1) {
491 rc = -1;
492 }
493 }
494 }
495 } else if ((strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_PRE_READ) == 0) || (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_POST_READ) == 0)) {
496 zval* tmp;
497 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "attrs", sizeof("attrs") - 1)) == NULL) {
498 rc = -1;
499 zend_value_error("%s(): Control must have an \"attrs\" key", get_active_function_name());
500 } else {
501 ber = ber_alloc_t(LBER_USE_DER);
502
503 if (ber == NULL) {
504 rc = -1;
505 php_error_docref(NULL, E_WARNING, "Failed to allocate control value");
506 } else {
507 int num_attribs, i;
508 zval* attr;
509
510 num_attribs = zend_hash_num_elements(Z_ARRVAL_P(tmp));
511 ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0);
512 tmpstrings1 = safe_emalloc(num_attribs, sizeof(zend_string*), 0);
513 num_tmpstrings1 = 0;
514
515 for (i = 0; i<num_attribs; i++) {
516 if ((attr = zend_hash_index_find(Z_ARRVAL_P(tmp), i)) == NULL) {
517 rc = -1;
518 php_error_docref(NULL, E_WARNING, "Failed to encode attribute list");
519 goto failure;
520 }
521
522 tmpstrings1[num_tmpstrings1] = zval_get_string(attr);
523 if (EG(exception)) {
524 rc = -1;
525 goto failure;
526 }
527 ldap_attrs[i] = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
528 ++num_tmpstrings1;
529 }
530 ldap_attrs[num_attribs] = NULL;
531
532 ber_init2( ber, NULL, LBER_USE_DER );
533
534 if (ber_printf(ber, "{v}", ldap_attrs) == -1) {
535 rc = -1;
536 php_error_docref(NULL, E_WARNING, "Failed to encode attribute list");
537 } else {
538 int err;
539 err = ber_flatten2(ber, &control_value, control_value_alloc);
540 if (err < 0) {
541 rc = -1;
542 php_error_docref(NULL, E_WARNING, "Failed to encode control value (%d)", err);
543 }
544 }
545 }
546 }
547 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_SORTREQUEST) == 0) {
548 int num_keys, i;
549 zval *sortkey, *tmp;
550
551 num_keys = zend_hash_num_elements(Z_ARRVAL_P(val));
552 sort_keys = safe_emalloc((num_keys+1), sizeof(LDAPSortKey*), 0);
553 tmpstrings1 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
554 tmpstrings2 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
555 num_tmpstrings1 = 0;
556 num_tmpstrings2 = 0;
557
558 for (i = 0; i<num_keys; i++) {
559 if ((sortkey = zend_hash_index_find(Z_ARRVAL_P(val), i)) == NULL) {
560 rc = -1;
561 php_error_docref(NULL, E_WARNING, "Failed to encode sort keys list");
562 goto failure;
563 }
564
565 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "attr", sizeof("attr") - 1)) == NULL) {
566 rc = -1;
567 zend_value_error("%s(): Sort key list must have an \"attr\" key", get_active_function_name());
568 goto failure;
569 }
570 sort_keys[i] = emalloc(sizeof(LDAPSortKey));
571 tmpstrings1[num_tmpstrings1] = zval_get_string(tmp);
572 if (EG(exception)) {
573 rc = -1;
574 goto failure;
575 }
576 sort_keys[i]->attributeType = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
577 ++num_tmpstrings1;
578
579 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "oid", sizeof("oid") - 1)) != NULL) {
580 tmpstrings2[num_tmpstrings2] = zval_get_string(tmp);
581 if (EG(exception)) {
582 rc = -1;
583 goto failure;
584 }
585 sort_keys[i]->orderingRule = ZSTR_VAL(tmpstrings2[num_tmpstrings2]);
586 ++num_tmpstrings2;
587 } else {
588 sort_keys[i]->orderingRule = NULL;
589 }
590
591 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "reverse", sizeof("reverse") - 1)) != NULL) {
592 sort_keys[i]->reverseOrder = zend_is_true(tmp);
593 } else {
594 sort_keys[i]->reverseOrder = 0;
595 }
596 }
597 sort_keys[num_keys] = NULL;
598 /* ldap_create_sort_control_value() allocates memory for control_value.bv_val */
599 control_value_alloc = 1;
600 rc = ldap_create_sort_control_value(ld, sort_keys, &control_value);
601 if (rc != LDAP_SUCCESS) {
602 php_error_docref(NULL, E_WARNING, "Failed to create sort control value: %s (%d)", ldap_err2string(rc), rc);
603 }
604 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_VLVREQUEST) == 0) {
605 zval* tmp;
606 LDAPVLVInfo vlvInfo;
607 struct berval attrValue;
608 struct berval context;
609
610 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "before", sizeof("before") - 1)) != NULL) {
611 vlvInfo.ldvlv_before_count = zval_get_long(tmp);
612 } else {
613 rc = -1;
614 zend_value_error("%s(): Array value for VLV control must have a \"before\" key", get_active_function_name());
615 goto failure;
616 }
617
618 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "after", sizeof("after") - 1)) != NULL) {
619 vlvInfo.ldvlv_after_count = zval_get_long(tmp);
620 } else {
621 rc = -1;
622 zend_value_error("%s(): Array value for VLV control must have an \"after\" key", get_active_function_name());
623 goto failure;
624 }
625
626 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "attrvalue", sizeof("attrvalue") - 1)) != NULL) {
627 tmpstring = zval_get_string(tmp);
628 if (EG(exception)) {
629 rc = -1;
630 goto failure;
631 }
632 attrValue.bv_val = ZSTR_VAL(tmpstring);
633 attrValue.bv_len = ZSTR_LEN(tmpstring);
634 vlvInfo.ldvlv_attrvalue = &attrValue;
635 } else if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "offset", sizeof("offset") - 1)) != NULL) {
636 vlvInfo.ldvlv_attrvalue = NULL;
637 vlvInfo.ldvlv_offset = zval_get_long(tmp);
638 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "count", sizeof("count") - 1)) != NULL) {
639 vlvInfo.ldvlv_count = zval_get_long(tmp);
640 } else {
641 rc = -1;
642 zend_value_error("%s(): Array value for VLV control must have a \"count\" key", get_active_function_name());
643 goto failure;
644 }
645 } else {
646 rc = -1;
647 zend_value_error("%s(): Array value for VLV control must have either an \"attrvalue\" or an \"offset\" key", get_active_function_name());
648 goto failure;
649 }
650
651 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "context", sizeof("context") - 1)) != NULL) {
652 tmpstring = zval_get_string(tmp);
653 if (EG(exception)) {
654 rc = -1;
655 goto failure;
656 }
657 context.bv_val = ZSTR_VAL(tmpstring);
658 context.bv_len = ZSTR_LEN(tmpstring);
659 vlvInfo.ldvlv_context = &context;
660 } else {
661 vlvInfo.ldvlv_context = NULL;
662 }
663
664 /* ldap_create_vlv_control_value() allocates memory for control_value.bv_val */
665 control_value_alloc = 1;
666 rc = ldap_create_vlv_control_value(ld, &vlvInfo, &control_value);
667 if (rc != LDAP_SUCCESS) {
668 php_error_docref(NULL, E_WARNING, "Failed to create VLV control value: %s (%d)", ldap_err2string(rc), rc);
669 }
670 } else {
671 zend_type_error("%s(): Control OID %s cannot be of type array", get_active_function_name(), ZSTR_VAL(control_oid));
672 rc = -1;
673 }
674 }
675
676 if (rc == LDAP_SUCCESS) {
677 rc = ldap_control_create(ZSTR_VAL(control_oid), control_iscritical, &control_value, 1, ctrl);
678 }
679
680 failure:
681 zend_string_release(control_oid);
682 if (tmpstring != NULL) {
683 zend_string_release(tmpstring);
684 }
685 if (tmpstrings1 != NULL) {
686 int i;
687 for (i = 0; i < num_tmpstrings1; ++i) {
688 zend_string_release(tmpstrings1[i]);
689 }
690 efree(tmpstrings1);
691 }
692 if (tmpstrings2 != NULL) {
693 int i;
694 for (i = 0; i < num_tmpstrings2; ++i) {
695 zend_string_release(tmpstrings2[i]);
696 }
697 efree(tmpstrings2);
698 }
699 if (control_value.bv_val != NULL && control_value_alloc != 0) {
700 ber_memfree(control_value.bv_val);
701 }
702 if (ber != NULL) {
703 ber_free(ber, 1);
704 }
705 if (ldap_attrs != NULL) {
706 efree(ldap_attrs);
707 }
708 if (sort_keys != NULL) {
709 LDAPSortKey** sortp = sort_keys;
710 while (*sortp) {
711 efree(*sortp);
712 sortp++;
713 }
714 efree(sort_keys);
715 sort_keys = NULL;
716 }
717
718 if (rc == LDAP_SUCCESS) {
719 return LDAP_SUCCESS;
720 }
721
722 /* Failed */
723 *ctrl = NULL;
724 return -1;
725 }
726
_php_ldap_controls_to_array(LDAP * ld,LDAPControl ** ctrls,zval * array,int request)727 static void _php_ldap_controls_to_array(LDAP *ld, LDAPControl** ctrls, zval* array, int request)
728 {
729 zval tmp1;
730 LDAPControl **ctrlp;
731
732 array = zend_try_array_init(array);
733 if (!array) {
734 return;
735 }
736
737 if (ctrls == NULL) {
738 return;
739 }
740 ctrlp = ctrls;
741 while (*ctrlp != NULL) {
742 _php_ldap_control_to_array(ld, *ctrlp, &tmp1, request);
743 add_assoc_zval(array, (*ctrlp)->ldctl_oid, &tmp1);
744 ctrlp++;
745 }
746 ldap_controls_free(ctrls);
747 }
748
_php_ldap_controls_from_array(LDAP * ld,zval * array,uint32_t arg_num)749 static LDAPControl** _php_ldap_controls_from_array(LDAP *ld, zval* array, uint32_t arg_num)
750 {
751 int ncontrols;
752 LDAPControl** ctrlp, **ctrls = NULL;
753 zval* ctrlarray;
754 int error = 0;
755
756 ncontrols = zend_hash_num_elements(Z_ARRVAL_P(array));
757 ctrls = safe_emalloc((1 + ncontrols), sizeof(*ctrls), 0);
758 *ctrls = NULL;
759 ctrlp = ctrls;
760 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(array), ctrlarray) {
761 if (Z_TYPE_P(ctrlarray) != IS_ARRAY) {
762 zend_argument_type_error(arg_num, "must contain only arrays, where each array is a control");
763 error = 1;
764 break;
765 }
766
767 if (_php_ldap_control_from_array(ld, ctrlp, ctrlarray) == LDAP_SUCCESS) {
768 ++ctrlp;
769 } else {
770 error = 1;
771 break;
772 }
773
774 *ctrlp = NULL;
775 } ZEND_HASH_FOREACH_END();
776
777 if (error) {
778 ctrlp = ctrls;
779 while (*ctrlp) {
780 ldap_control_free(*ctrlp);
781 ctrlp++;
782 }
783 efree(ctrls);
784 ctrls = NULL;
785 }
786
787 return ctrls;
788 }
789
_php_ldap_controls_free(LDAPControl *** ctrls)790 static void _php_ldap_controls_free (LDAPControl*** ctrls)
791 {
792 LDAPControl **ctrlp;
793
794 if (*ctrls) {
795 ctrlp = *ctrls;
796 while (*ctrlp) {
797 ldap_control_free(*ctrlp);
798 ctrlp++;
799 }
800 efree(*ctrls);
801 *ctrls = NULL;
802 }
803 }
804 /* }}} */
805
806 /* {{{ PHP_INI_BEGIN */
807 PHP_INI_BEGIN()
808 STD_PHP_INI_ENTRY_EX("ldap.max_links", "-1", PHP_INI_SYSTEM, OnUpdateLong, max_links, zend_ldap_globals, ldap_globals, display_link_numbers)
PHP_INI_END()809 PHP_INI_END()
810 /* }}} */
811
812 /* {{{ PHP_GINIT_FUNCTION */
813 static PHP_GINIT_FUNCTION(ldap)
814 {
815 #if defined(COMPILE_DL_LDAP) && defined(ZTS)
816 ZEND_TSRMLS_CACHE_UPDATE();
817 #endif
818 ldap_globals->num_links = 0;
819 }
820 /* }}} */
821
822 /* {{{ PHP_MINIT_FUNCTION */
PHP_MINIT_FUNCTION(ldap)823 PHP_MINIT_FUNCTION(ldap)
824 {
825 REGISTER_INI_ENTRIES();
826
827 ldap_link_ce = register_class_LDAP_Connection();
828 ldap_link_ce->create_object = ldap_link_create_object;
829
830 memcpy(&ldap_link_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
831 ldap_link_object_handlers.offset = XtOffsetOf(ldap_linkdata, std);
832 ldap_link_object_handlers.free_obj = ldap_link_free_obj;
833 ldap_link_object_handlers.get_constructor = ldap_link_get_constructor;
834 ldap_link_object_handlers.clone_obj = NULL;
835 ldap_link_object_handlers.compare = zend_objects_not_comparable;
836
837 ldap_result_ce = register_class_LDAP_Result();
838 ldap_result_ce->create_object = ldap_result_create_object;
839
840 memcpy(&ldap_result_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
841 ldap_result_object_handlers.offset = XtOffsetOf(ldap_resultdata, std);
842 ldap_result_object_handlers.free_obj = ldap_result_free_obj;
843 ldap_result_object_handlers.get_constructor = ldap_result_get_constructor;
844 ldap_result_object_handlers.clone_obj = NULL;
845 ldap_result_object_handlers.compare = zend_objects_not_comparable;
846
847 ldap_result_entry_ce = register_class_LDAP_ResultEntry();
848 ldap_result_entry_ce->create_object = ldap_result_entry_create_object;
849
850 memcpy(&ldap_result_entry_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
851 ldap_result_entry_object_handlers.offset = XtOffsetOf(ldap_result_entry, std);
852 ldap_result_entry_object_handlers.free_obj = ldap_result_entry_free_obj;
853 ldap_result_entry_object_handlers.get_constructor = ldap_result_entry_get_constructor;
854 ldap_result_entry_object_handlers.clone_obj = NULL;
855 ldap_result_entry_object_handlers.compare = zend_objects_not_comparable;
856
857 /* Constants to be used with deref-parameter in php_ldap_do_search() */
858 REGISTER_LONG_CONSTANT("LDAP_DEREF_NEVER", LDAP_DEREF_NEVER, CONST_PERSISTENT | CONST_CS);
859 REGISTER_LONG_CONSTANT("LDAP_DEREF_SEARCHING", LDAP_DEREF_SEARCHING, CONST_PERSISTENT | CONST_CS);
860 REGISTER_LONG_CONSTANT("LDAP_DEREF_FINDING", LDAP_DEREF_FINDING, CONST_PERSISTENT | CONST_CS);
861 REGISTER_LONG_CONSTANT("LDAP_DEREF_ALWAYS", LDAP_DEREF_ALWAYS, CONST_PERSISTENT | CONST_CS);
862
863 /* Constants to be used with ldap_modify_batch() */
864 REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_ADD", LDAP_MODIFY_BATCH_ADD, CONST_PERSISTENT | CONST_CS);
865 REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REMOVE", LDAP_MODIFY_BATCH_REMOVE, CONST_PERSISTENT | CONST_CS);
866 REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REMOVE_ALL", LDAP_MODIFY_BATCH_REMOVE_ALL, CONST_PERSISTENT | CONST_CS);
867 REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REPLACE", LDAP_MODIFY_BATCH_REPLACE, CONST_PERSISTENT | CONST_CS);
868 REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_ATTRIB", LDAP_MODIFY_BATCH_ATTRIB, CONST_PERSISTENT | CONST_CS);
869 REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_MODTYPE", LDAP_MODIFY_BATCH_MODTYPE, CONST_PERSISTENT | CONST_CS);
870 REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_VALUES", LDAP_MODIFY_BATCH_VALUES, CONST_PERSISTENT | CONST_CS);
871
872 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP)
873 /* LDAP options */
874 REGISTER_LONG_CONSTANT("LDAP_OPT_DEREF", LDAP_OPT_DEREF, CONST_PERSISTENT | CONST_CS);
875 REGISTER_LONG_CONSTANT("LDAP_OPT_SIZELIMIT", LDAP_OPT_SIZELIMIT, CONST_PERSISTENT | CONST_CS);
876 REGISTER_LONG_CONSTANT("LDAP_OPT_TIMELIMIT", LDAP_OPT_TIMELIMIT, CONST_PERSISTENT | CONST_CS);
877 #ifdef LDAP_OPT_NETWORK_TIMEOUT
878 REGISTER_LONG_CONSTANT("LDAP_OPT_NETWORK_TIMEOUT", LDAP_OPT_NETWORK_TIMEOUT, CONST_PERSISTENT | CONST_CS);
879 #elif defined (LDAP_X_OPT_CONNECT_TIMEOUT)
880 REGISTER_LONG_CONSTANT("LDAP_OPT_NETWORK_TIMEOUT", LDAP_X_OPT_CONNECT_TIMEOUT, CONST_PERSISTENT | CONST_CS);
881 #endif
882 #ifdef LDAP_OPT_TIMEOUT
883 REGISTER_LONG_CONSTANT("LDAP_OPT_TIMEOUT", LDAP_OPT_TIMEOUT, CONST_PERSISTENT | CONST_CS);
884 #endif
885 REGISTER_LONG_CONSTANT("LDAP_OPT_PROTOCOL_VERSION", LDAP_OPT_PROTOCOL_VERSION, CONST_PERSISTENT | CONST_CS);
886 REGISTER_LONG_CONSTANT("LDAP_OPT_ERROR_NUMBER", LDAP_OPT_ERROR_NUMBER, CONST_PERSISTENT | CONST_CS);
887 REGISTER_LONG_CONSTANT("LDAP_OPT_REFERRALS", LDAP_OPT_REFERRALS, CONST_PERSISTENT | CONST_CS);
888 #ifdef LDAP_OPT_RESTART
889 REGISTER_LONG_CONSTANT("LDAP_OPT_RESTART", LDAP_OPT_RESTART, CONST_PERSISTENT | CONST_CS);
890 #endif
891 #ifdef LDAP_OPT_HOST_NAME
892 REGISTER_LONG_CONSTANT("LDAP_OPT_HOST_NAME", LDAP_OPT_HOST_NAME, CONST_PERSISTENT | CONST_CS);
893 #endif
894 REGISTER_LONG_CONSTANT("LDAP_OPT_ERROR_STRING", LDAP_OPT_ERROR_STRING, CONST_PERSISTENT | CONST_CS);
895 #ifdef LDAP_OPT_MATCHED_DN
896 REGISTER_LONG_CONSTANT("LDAP_OPT_MATCHED_DN", LDAP_OPT_MATCHED_DN, CONST_PERSISTENT | CONST_CS);
897 #endif
898 REGISTER_LONG_CONSTANT("LDAP_OPT_SERVER_CONTROLS", LDAP_OPT_SERVER_CONTROLS, CONST_PERSISTENT | CONST_CS);
899 REGISTER_LONG_CONSTANT("LDAP_OPT_CLIENT_CONTROLS", LDAP_OPT_CLIENT_CONTROLS, CONST_PERSISTENT | CONST_CS);
900 #endif
901 #ifdef LDAP_OPT_DEBUG_LEVEL
902 REGISTER_LONG_CONSTANT("LDAP_OPT_DEBUG_LEVEL", LDAP_OPT_DEBUG_LEVEL, CONST_PERSISTENT | CONST_CS);
903 #endif
904
905 #ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE
906 REGISTER_LONG_CONSTANT("LDAP_OPT_DIAGNOSTIC_MESSAGE", LDAP_OPT_DIAGNOSTIC_MESSAGE, CONST_PERSISTENT | CONST_CS);
907 #endif
908
909 #ifdef HAVE_LDAP_SASL
910 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_MECH", LDAP_OPT_X_SASL_MECH, CONST_PERSISTENT | CONST_CS);
911 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_REALM", LDAP_OPT_X_SASL_REALM, CONST_PERSISTENT | CONST_CS);
912 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_AUTHCID", LDAP_OPT_X_SASL_AUTHCID, CONST_PERSISTENT | CONST_CS);
913 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_AUTHZID", LDAP_OPT_X_SASL_AUTHZID, CONST_PERSISTENT | CONST_CS);
914 #endif
915 #ifdef LDAP_OPT_X_SASL_NOCANON
916 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_NOCANON", LDAP_OPT_X_SASL_NOCANON, CONST_PERSISTENT | CONST_CS);
917 #endif
918 #ifdef LDAP_OPT_X_SASL_USERNAME
919 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_USERNAME", LDAP_OPT_X_SASL_USERNAME, CONST_PERSISTENT | CONST_CS);
920 #endif
921
922 #ifdef ORALDAP
923 REGISTER_LONG_CONSTANT("GSLC_SSL_NO_AUTH", GSLC_SSL_NO_AUTH, CONST_PERSISTENT | CONST_CS);
924 REGISTER_LONG_CONSTANT("GSLC_SSL_ONEWAY_AUTH", GSLC_SSL_ONEWAY_AUTH, CONST_PERSISTENT | CONST_CS);
925 REGISTER_LONG_CONSTANT("GSLC_SSL_TWOWAY_AUTH", GSLC_SSL_TWOWAY_AUTH, CONST_PERSISTENT | CONST_CS);
926 #endif
927
928 #if (LDAP_API_VERSION > 2000)
929 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_REQUIRE_CERT", LDAP_OPT_X_TLS_REQUIRE_CERT, CONST_PERSISTENT | CONST_CS);
930
931 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_NEVER", LDAP_OPT_X_TLS_NEVER, CONST_PERSISTENT | CONST_CS);
932 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_HARD", LDAP_OPT_X_TLS_HARD, CONST_PERSISTENT | CONST_CS);
933 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_DEMAND", LDAP_OPT_X_TLS_DEMAND, CONST_PERSISTENT | CONST_CS);
934 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_ALLOW", LDAP_OPT_X_TLS_ALLOW, CONST_PERSISTENT | CONST_CS);
935 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_TRY", LDAP_OPT_X_TLS_TRY, CONST_PERSISTENT | CONST_CS);
936
937 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CACERTDIR", LDAP_OPT_X_TLS_CACERTDIR, CONST_PERSISTENT | CONST_CS);
938 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CACERTFILE", LDAP_OPT_X_TLS_CACERTFILE, CONST_PERSISTENT | CONST_CS);
939 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CERTFILE", LDAP_OPT_X_TLS_CERTFILE, CONST_PERSISTENT | CONST_CS);
940 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CIPHER_SUITE", LDAP_OPT_X_TLS_CIPHER_SUITE, CONST_PERSISTENT | CONST_CS);
941 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_KEYFILE", LDAP_OPT_X_TLS_KEYFILE, CONST_PERSISTENT | CONST_CS);
942 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_RANDOM_FILE", LDAP_OPT_X_TLS_RANDOM_FILE, CONST_PERSISTENT | CONST_CS);
943 #endif
944
945 #ifdef LDAP_OPT_X_TLS_CRLCHECK
946 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CRLCHECK", LDAP_OPT_X_TLS_CRLCHECK, CONST_PERSISTENT | CONST_CS);
947
948 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CRL_NONE", LDAP_OPT_X_TLS_CRL_NONE, CONST_PERSISTENT | CONST_CS);
949 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CRL_PEER", LDAP_OPT_X_TLS_CRL_PEER, CONST_PERSISTENT | CONST_CS);
950 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CRL_ALL", LDAP_OPT_X_TLS_CRL_ALL, CONST_PERSISTENT | CONST_CS);
951 #endif
952
953 #ifdef LDAP_OPT_X_TLS_DHFILE
954 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_DHFILE", LDAP_OPT_X_TLS_DHFILE, CONST_PERSISTENT | CONST_CS);
955 #endif
956
957 #ifdef LDAP_OPT_X_TLS_CRLFILE
958 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CRLFILE", LDAP_OPT_X_TLS_CRLFILE, CONST_PERSISTENT | CONST_CS);
959 #endif
960
961 #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
962 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_MIN", LDAP_OPT_X_TLS_PROTOCOL_MIN, CONST_PERSISTENT | CONST_CS);
963
964 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_SSL2", LDAP_OPT_X_TLS_PROTOCOL_SSL2, CONST_PERSISTENT | CONST_CS);
965 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_SSL3", LDAP_OPT_X_TLS_PROTOCOL_SSL3, CONST_PERSISTENT | CONST_CS);
966 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_TLS1_0", LDAP_OPT_X_TLS_PROTOCOL_TLS1_0, CONST_PERSISTENT | CONST_CS);
967 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_TLS1_1", LDAP_OPT_X_TLS_PROTOCOL_TLS1_1, CONST_PERSISTENT | CONST_CS);
968 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_TLS1_2", LDAP_OPT_X_TLS_PROTOCOL_TLS1_2, CONST_PERSISTENT | CONST_CS);
969 #endif
970
971 #ifdef LDAP_OPT_X_TLS_PACKAGE
972 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PACKAGE", LDAP_OPT_X_TLS_PACKAGE, CONST_PERSISTENT | CONST_CS);
973 #endif
974
975 #ifdef LDAP_OPT_X_KEEPALIVE_IDLE
976 REGISTER_LONG_CONSTANT("LDAP_OPT_X_KEEPALIVE_IDLE", LDAP_OPT_X_KEEPALIVE_IDLE, CONST_PERSISTENT | CONST_CS);
977 REGISTER_LONG_CONSTANT("LDAP_OPT_X_KEEPALIVE_PROBES", LDAP_OPT_X_KEEPALIVE_PROBES, CONST_PERSISTENT | CONST_CS);
978 REGISTER_LONG_CONSTANT("LDAP_OPT_X_KEEPALIVE_INTERVAL", LDAP_OPT_X_KEEPALIVE_INTERVAL, CONST_PERSISTENT | CONST_CS);
979 #endif
980
981 REGISTER_LONG_CONSTANT("LDAP_ESCAPE_FILTER", PHP_LDAP_ESCAPE_FILTER, CONST_PERSISTENT | CONST_CS);
982 REGISTER_LONG_CONSTANT("LDAP_ESCAPE_DN", PHP_LDAP_ESCAPE_DN, CONST_PERSISTENT | CONST_CS);
983
984 #ifdef HAVE_LDAP_EXTENDED_OPERATION_S
985 REGISTER_STRING_CONSTANT("LDAP_EXOP_START_TLS", LDAP_EXOP_START_TLS, CONST_PERSISTENT | CONST_CS);
986 REGISTER_STRING_CONSTANT("LDAP_EXOP_MODIFY_PASSWD", LDAP_EXOP_MODIFY_PASSWD, CONST_PERSISTENT | CONST_CS);
987 REGISTER_STRING_CONSTANT("LDAP_EXOP_REFRESH", LDAP_EXOP_REFRESH, CONST_PERSISTENT | CONST_CS);
988 REGISTER_STRING_CONSTANT("LDAP_EXOP_WHO_AM_I", LDAP_EXOP_WHO_AM_I, CONST_PERSISTENT | CONST_CS);
989 REGISTER_STRING_CONSTANT("LDAP_EXOP_TURN", LDAP_EXOP_TURN, CONST_PERSISTENT | CONST_CS);
990 #endif
991
992 /* LDAP Controls */
993 /* standard track controls */
994 #ifdef LDAP_CONTROL_MANAGEDSAIT
995 /* RFC 3296 */
996 REGISTER_STRING_CONSTANT("LDAP_CONTROL_MANAGEDSAIT", LDAP_CONTROL_MANAGEDSAIT, CONST_PERSISTENT | CONST_CS);
997 #endif
998 #ifdef LDAP_CONTROL_PROXY_AUTHZ
999 /* RFC 4370 */
1000 REGISTER_STRING_CONSTANT("LDAP_CONTROL_PROXY_AUTHZ", LDAP_CONTROL_PROXY_AUTHZ, CONST_PERSISTENT | CONST_CS);
1001 #endif
1002 #ifdef LDAP_CONTROL_SUBENTRIES
1003 /* RFC 3672 */
1004 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SUBENTRIES", LDAP_CONTROL_SUBENTRIES, CONST_PERSISTENT | CONST_CS);
1005 #endif
1006 #ifdef LDAP_CONTROL_VALUESRETURNFILTER
1007 /* RFC 3876 */
1008 REGISTER_STRING_CONSTANT("LDAP_CONTROL_VALUESRETURNFILTER", LDAP_CONTROL_VALUESRETURNFILTER, CONST_PERSISTENT | CONST_CS);
1009 #endif
1010 #ifdef LDAP_CONTROL_ASSERT
1011 /* RFC 4528 */
1012 REGISTER_STRING_CONSTANT("LDAP_CONTROL_ASSERT", LDAP_CONTROL_ASSERT, CONST_PERSISTENT | CONST_CS);
1013 /* RFC 4527 */
1014 REGISTER_STRING_CONSTANT("LDAP_CONTROL_PRE_READ", LDAP_CONTROL_PRE_READ, CONST_PERSISTENT | CONST_CS);
1015 REGISTER_STRING_CONSTANT("LDAP_CONTROL_POST_READ", LDAP_CONTROL_POST_READ, CONST_PERSISTENT | CONST_CS);
1016 #endif
1017 #ifdef LDAP_CONTROL_SORTREQUEST
1018 /* RFC 2891 */
1019 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SORTREQUEST", LDAP_CONTROL_SORTREQUEST, CONST_PERSISTENT | CONST_CS);
1020 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SORTRESPONSE", LDAP_CONTROL_SORTRESPONSE, CONST_PERSISTENT | CONST_CS);
1021 #endif
1022 /* non-standard track controls */
1023 #ifdef LDAP_CONTROL_PAGEDRESULTS
1024 /* RFC 2696 */
1025 REGISTER_STRING_CONSTANT("LDAP_CONTROL_PAGEDRESULTS", LDAP_CONTROL_PAGEDRESULTS, CONST_PERSISTENT | CONST_CS);
1026 #endif
1027 #ifdef LDAP_CONTROL_AUTHZID_REQUEST
1028 /* RFC 3829 */
1029 REGISTER_STRING_CONSTANT("LDAP_CONTROL_AUTHZID_REQUEST", LDAP_CONTROL_AUTHZID_REQUEST, CONST_PERSISTENT | CONST_CS);
1030 REGISTER_STRING_CONSTANT("LDAP_CONTROL_AUTHZID_RESPONSE", LDAP_CONTROL_AUTHZID_RESPONSE, CONST_PERSISTENT | CONST_CS);
1031 #endif
1032 #ifdef LDAP_CONTROL_SYNC
1033 /* LDAP Content Synchronization Operation -- RFC 4533 */
1034 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC", LDAP_CONTROL_SYNC, CONST_PERSISTENT | CONST_CS);
1035 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC_STATE", LDAP_CONTROL_SYNC_STATE, CONST_PERSISTENT | CONST_CS);
1036 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC_DONE", LDAP_CONTROL_SYNC_DONE, CONST_PERSISTENT | CONST_CS);
1037 #endif
1038 #ifdef LDAP_CONTROL_DONTUSECOPY
1039 /* LDAP Don't Use Copy Control (RFC 6171) */
1040 REGISTER_STRING_CONSTANT("LDAP_CONTROL_DONTUSECOPY", LDAP_CONTROL_DONTUSECOPY, CONST_PERSISTENT | CONST_CS);
1041 #endif
1042 #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
1043 /* Password policy Controls */
1044 REGISTER_STRING_CONSTANT("LDAP_CONTROL_PASSWORDPOLICYREQUEST", LDAP_CONTROL_PASSWORDPOLICYREQUEST, CONST_PERSISTENT | CONST_CS);
1045 REGISTER_STRING_CONSTANT("LDAP_CONTROL_PASSWORDPOLICYRESPONSE", LDAP_CONTROL_PASSWORDPOLICYRESPONSE, CONST_PERSISTENT | CONST_CS);
1046 #endif
1047 #ifdef LDAP_CONTROL_X_INCREMENTAL_VALUES
1048 /* MS Active Directory controls */
1049 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_INCREMENTAL_VALUES", LDAP_CONTROL_X_INCREMENTAL_VALUES, CONST_PERSISTENT | CONST_CS);
1050 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_DOMAIN_SCOPE", LDAP_CONTROL_X_DOMAIN_SCOPE, CONST_PERSISTENT | CONST_CS);
1051 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_PERMISSIVE_MODIFY", LDAP_CONTROL_X_PERMISSIVE_MODIFY, CONST_PERSISTENT | CONST_CS);
1052 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_SEARCH_OPTIONS", LDAP_CONTROL_X_SEARCH_OPTIONS, CONST_PERSISTENT | CONST_CS);
1053 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_TREE_DELETE", LDAP_CONTROL_X_TREE_DELETE, CONST_PERSISTENT | CONST_CS);
1054 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_EXTENDED_DN", LDAP_CONTROL_X_EXTENDED_DN, CONST_PERSISTENT | CONST_CS);
1055 #endif
1056 #ifdef LDAP_CONTROL_VLVREQUEST
1057 /* LDAP VLV */
1058 REGISTER_STRING_CONSTANT("LDAP_CONTROL_VLVREQUEST", LDAP_CONTROL_VLVREQUEST, CONST_PERSISTENT | CONST_CS);
1059 REGISTER_STRING_CONSTANT("LDAP_CONTROL_VLVRESPONSE", LDAP_CONTROL_VLVRESPONSE, CONST_PERSISTENT | CONST_CS);
1060 #endif
1061
1062 ldap_module_entry.type = type;
1063
1064 return SUCCESS;
1065 }
1066 /* }}} */
1067
1068 /* {{{ PHP_MSHUTDOWN_FUNCTION */
PHP_MSHUTDOWN_FUNCTION(ldap)1069 PHP_MSHUTDOWN_FUNCTION(ldap)
1070 {
1071 UNREGISTER_INI_ENTRIES();
1072 return SUCCESS;
1073 }
1074 /* }}} */
1075
1076 /* {{{ PHP_MINFO_FUNCTION */
PHP_MINFO_FUNCTION(ldap)1077 PHP_MINFO_FUNCTION(ldap)
1078 {
1079 char tmp[32];
1080
1081 php_info_print_table_start();
1082 php_info_print_table_row(2, "LDAP Support", "enabled");
1083
1084 if (LDAPG(max_links) == -1) {
1085 snprintf(tmp, 31, ZEND_LONG_FMT "/unlimited", LDAPG(num_links));
1086 } else {
1087 snprintf(tmp, 31, ZEND_LONG_FMT "/" ZEND_LONG_FMT, LDAPG(num_links), LDAPG(max_links));
1088 }
1089 php_info_print_table_row(2, "Total Links", tmp);
1090
1091 #ifdef LDAP_API_VERSION
1092 snprintf(tmp, 31, "%d", LDAP_API_VERSION);
1093 php_info_print_table_row(2, "API Version", tmp);
1094 #endif
1095
1096 #ifdef LDAP_VENDOR_NAME
1097 php_info_print_table_row(2, "Vendor Name", LDAP_VENDOR_NAME);
1098 #endif
1099
1100 #ifdef LDAP_VENDOR_VERSION
1101 snprintf(tmp, 31, "%d", LDAP_VENDOR_VERSION);
1102 php_info_print_table_row(2, "Vendor Version", tmp);
1103 #endif
1104
1105 #ifdef HAVE_LDAP_SASL
1106 php_info_print_table_row(2, "SASL Support", "Enabled");
1107 #endif
1108
1109 php_info_print_table_end();
1110 DISPLAY_INI_ENTRIES();
1111 }
1112 /* }}} */
1113
1114 /* {{{ Connect to an LDAP server */
PHP_FUNCTION(ldap_connect)1115 PHP_FUNCTION(ldap_connect)
1116 {
1117 char *host = NULL;
1118 size_t hostlen = 0;
1119 zend_long port = LDAP_PORT;
1120 #ifdef HAVE_ORALDAP
1121 char *wallet = NULL, *walletpasswd = NULL;
1122 size_t walletlen = 0, walletpasswdlen = 0;
1123 zend_long authmode = GSLC_SSL_NO_AUTH;
1124 int ssl=0;
1125 #endif
1126 ldap_linkdata *ld;
1127 LDAP *ldap = NULL;
1128
1129 #ifdef HAVE_ORALDAP
1130 if (ZEND_NUM_ARGS() == 3 || ZEND_NUM_ARGS() == 4) {
1131 WRONG_PARAM_COUNT;
1132 }
1133
1134 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|s!lssl", &host, &hostlen, &port, &wallet, &walletlen, &walletpasswd, &walletpasswdlen, &authmode) != SUCCESS) {
1135 RETURN_THROWS();
1136 }
1137
1138 if (ZEND_NUM_ARGS() == 5) {
1139 ssl = 1;
1140 }
1141 #else
1142 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|s!l", &host, &hostlen, &port) != SUCCESS) {
1143 RETURN_THROWS();
1144 }
1145 #endif
1146
1147 if (LDAPG(max_links) != -1 && LDAPG(num_links) >= LDAPG(max_links)) {
1148 php_error_docref(NULL, E_WARNING, "Too many open links (" ZEND_LONG_FMT ")", LDAPG(num_links));
1149 RETURN_FALSE;
1150 }
1151
1152 object_init_ex(return_value, ldap_link_ce);
1153 ld = Z_LDAP_LINK_P(return_value);
1154
1155 {
1156 int rc = LDAP_SUCCESS;
1157 char *url = host;
1158 if (url && !ldap_is_ldap_url(url)) {
1159 size_t urllen = hostlen + sizeof( "ldap://:65535" );
1160
1161 if (port <= 0 || port > 65535) {
1162 zend_argument_value_error(2, "must be between 1 and 65535");
1163 RETURN_THROWS();
1164 }
1165
1166 url = emalloc(urllen);
1167 snprintf( url, urllen, "ldap://%s:" ZEND_LONG_FMT, host, port );
1168 }
1169
1170 #ifdef LDAP_API_FEATURE_X_OPENLDAP
1171 /* ldap_init() is deprecated, use ldap_initialize() instead.
1172 */
1173 rc = ldap_initialize(&ldap, url);
1174 #else /* ! LDAP_API_FEATURE_X_OPENLDAP */
1175 /* ldap_init does not support URLs.
1176 * We must try the original host and port information.
1177 */
1178 ldap = ldap_init(host, port);
1179 if (ldap == NULL) {
1180 zval_ptr_dtor(return_value);
1181 php_error_docref(NULL, E_WARNING, "Could not create session handle");
1182 RETURN_FALSE;
1183 }
1184 #endif /* ! LDAP_API_FEATURE_X_OPENLDAP */
1185 if (url != host) {
1186 efree(url);
1187 }
1188 if (rc != LDAP_SUCCESS) {
1189 zval_ptr_dtor(return_value);
1190 php_error_docref(NULL, E_WARNING, "Could not create session handle: %s", ldap_err2string(rc));
1191 RETURN_FALSE;
1192 }
1193 }
1194
1195 if (ldap == NULL) {
1196 zval_ptr_dtor(return_value);
1197 RETURN_FALSE;
1198 } else {
1199 #ifdef HAVE_ORALDAP
1200 if (ssl) {
1201 if (ldap_init_SSL(&ldap->ld_sb, wallet, walletpasswd, authmode)) {
1202 zval_ptr_dtor(return_value);
1203 php_error_docref(NULL, E_WARNING, "SSL init failed");
1204 RETURN_FALSE;
1205 }
1206 }
1207 #endif
1208 LDAPG(num_links)++;
1209 ld->link = ldap;
1210 }
1211
1212 }
1213 /* }}} */
1214
1215 /* {{{ _get_lderrno */
_get_lderrno(LDAP * ldap)1216 static int _get_lderrno(LDAP *ldap)
1217 {
1218 #if LDAP_API_VERSION > 2000 || defined(HAVE_ORALDAP)
1219 int lderr;
1220
1221 /* New versions of OpenLDAP do it this way */
1222 ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &lderr);
1223 return lderr;
1224 #else
1225 return ldap->ld_errno;
1226 #endif
1227 }
1228 /* }}} */
1229
1230 /* {{{ _set_lderrno */
_set_lderrno(LDAP * ldap,int lderr)1231 static void _set_lderrno(LDAP *ldap, int lderr)
1232 {
1233 #if LDAP_API_VERSION > 2000 || defined(HAVE_ORALDAP)
1234 /* New versions of OpenLDAP do it this way */
1235 ldap_set_option(ldap, LDAP_OPT_ERROR_NUMBER, &lderr);
1236 #else
1237 ldap->ld_errno = lderr;
1238 #endif
1239 }
1240 /* }}} */
1241
1242 /* {{{ Bind to LDAP directory */
PHP_FUNCTION(ldap_bind)1243 PHP_FUNCTION(ldap_bind)
1244 {
1245 zval *link;
1246 char *ldap_bind_dn = NULL, *ldap_bind_pw = NULL;
1247 size_t ldap_bind_dnlen, ldap_bind_pwlen;
1248 ldap_linkdata *ld;
1249 int rc;
1250
1251 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O|s!s!", &link, ldap_link_ce, &ldap_bind_dn, &ldap_bind_dnlen, &ldap_bind_pw, &ldap_bind_pwlen) != SUCCESS) {
1252 RETURN_THROWS();
1253 }
1254
1255 ld = Z_LDAP_LINK_P(link);
1256 VERIFY_LDAP_LINK_CONNECTED(ld);
1257
1258 if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
1259 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1260 zend_argument_type_error(2, "must not contain null bytes");
1261 RETURN_THROWS();
1262 }
1263
1264 if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
1265 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1266 zend_argument_type_error(3, "must not contain null bytes");
1267 RETURN_THROWS();
1268 }
1269
1270 {
1271 #ifdef LDAP_API_FEATURE_X_OPENLDAP
1272 /* ldap_simple_bind_s() is deprecated, use ldap_sasl_bind_s() instead.
1273 */
1274 struct berval cred;
1275
1276 cred.bv_val = ldap_bind_pw;
1277 cred.bv_len = ldap_bind_pw ? ldap_bind_pwlen : 0;
1278 rc = ldap_sasl_bind_s(ld->link, ldap_bind_dn, LDAP_SASL_SIMPLE, &cred,
1279 NULL, NULL, /* no controls right now */
1280 NULL); /* we don't care about the server's credentials */
1281 #else /* ! LDAP_API_FEATURE_X_OPENLDAP */
1282 rc = ldap_simple_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw);
1283 #endif /* ! LDAP_API_FEATURE_X_OPENLDAP */
1284 }
1285 if ( rc != LDAP_SUCCESS) {
1286 php_error_docref(NULL, E_WARNING, "Unable to bind to server: %s", ldap_err2string(rc));
1287 RETURN_FALSE;
1288 } else {
1289 RETURN_TRUE;
1290 }
1291 }
1292 /* }}} */
1293
1294 /* {{{ Bind to LDAP directory */
PHP_FUNCTION(ldap_bind_ext)1295 PHP_FUNCTION(ldap_bind_ext)
1296 {
1297 zval *serverctrls = NULL;
1298 zval *link;
1299 char *ldap_bind_dn = NULL, *ldap_bind_pw = NULL;
1300 size_t ldap_bind_dnlen, ldap_bind_pwlen;
1301 ldap_linkdata *ld;
1302 LDAPControl **lserverctrls = NULL;
1303 ldap_resultdata *result;
1304 LDAPMessage *ldap_res;
1305 int rc;
1306
1307 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O|s!s!a!", &link, ldap_link_ce, &ldap_bind_dn, &ldap_bind_dnlen, &ldap_bind_pw, &ldap_bind_pwlen, &serverctrls) != SUCCESS) {
1308 RETURN_THROWS();
1309 }
1310
1311 ld = Z_LDAP_LINK_P(link);
1312 VERIFY_LDAP_LINK_CONNECTED(ld);
1313
1314 if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
1315 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1316 zend_argument_type_error(2, "must not contain null bytes");
1317 RETURN_THROWS();
1318 }
1319
1320 if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
1321 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1322 zend_argument_type_error(3, "must not contain null bytes");
1323 RETURN_THROWS();
1324 }
1325
1326 if (serverctrls) {
1327 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
1328 if (lserverctrls == NULL) {
1329 RETVAL_FALSE;
1330 goto cleanup;
1331 }
1332 }
1333
1334 {
1335 /* ldap_simple_bind() is deprecated, use ldap_sasl_bind() instead */
1336 struct berval cred;
1337 int msgid;
1338
1339 cred.bv_val = ldap_bind_pw;
1340 cred.bv_len = ldap_bind_pw ? ldap_bind_pwlen : 0;
1341 /* asynchronous call */
1342 rc = ldap_sasl_bind(ld->link, ldap_bind_dn, LDAP_SASL_SIMPLE, &cred,
1343 lserverctrls, NULL, &msgid);
1344 if (rc != LDAP_SUCCESS ) {
1345 php_error_docref(NULL, E_WARNING, "Unable to bind to server: %s (%d)", ldap_err2string(rc), rc);
1346 RETVAL_FALSE;
1347 goto cleanup;
1348 }
1349
1350 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
1351 if (rc == -1) {
1352 php_error_docref(NULL, E_WARNING, "Bind operation failed");
1353 RETVAL_FALSE;
1354 goto cleanup;
1355 }
1356
1357 /* return a PHP control object */
1358 object_init_ex(return_value, ldap_result_ce);
1359 result = Z_LDAP_RESULT_P(return_value);
1360 result->result = ldap_res;
1361 }
1362
1363 cleanup:
1364 if (lserverctrls) {
1365 _php_ldap_controls_free(&lserverctrls);
1366 }
1367
1368 return;
1369 }
1370 /* }}} */
1371
1372 #ifdef HAVE_LDAP_SASL
1373 typedef struct {
1374 char *mech;
1375 char *realm;
1376 char *authcid;
1377 char *passwd;
1378 char *authzid;
1379 } php_ldap_bictx;
1380
1381 /* {{{ _php_sasl_setdefs */
_php_sasl_setdefs(LDAP * ld,char * sasl_mech,char * sasl_realm,char * sasl_authc_id,char * passwd,char * sasl_authz_id)1382 static php_ldap_bictx *_php_sasl_setdefs(LDAP *ld, char *sasl_mech, char *sasl_realm, char *sasl_authc_id, char *passwd, char *sasl_authz_id)
1383 {
1384 php_ldap_bictx *ctx;
1385
1386 ctx = ber_memalloc(sizeof(php_ldap_bictx));
1387 ctx->mech = (sasl_mech) ? ber_strdup(sasl_mech) : NULL;
1388 ctx->realm = (sasl_realm) ? ber_strdup(sasl_realm) : NULL;
1389 ctx->authcid = (sasl_authc_id) ? ber_strdup(sasl_authc_id) : NULL;
1390 ctx->passwd = (passwd) ? ber_strdup(passwd) : NULL;
1391 ctx->authzid = (sasl_authz_id) ? ber_strdup(sasl_authz_id) : NULL;
1392
1393 if (ctx->mech == NULL) {
1394 ldap_get_option(ld, LDAP_OPT_X_SASL_MECH, &ctx->mech);
1395 }
1396 if (ctx->realm == NULL) {
1397 ldap_get_option(ld, LDAP_OPT_X_SASL_REALM, &ctx->realm);
1398 }
1399 if (ctx->authcid == NULL) {
1400 ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHCID, &ctx->authcid);
1401 }
1402 if (ctx->authzid == NULL) {
1403 ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHZID, &ctx->authzid);
1404 }
1405
1406 return ctx;
1407 }
1408 /* }}} */
1409
1410 /* {{{ _php_sasl_freedefs */
_php_sasl_freedefs(php_ldap_bictx * ctx)1411 static void _php_sasl_freedefs(php_ldap_bictx *ctx)
1412 {
1413 if (ctx->mech) ber_memfree(ctx->mech);
1414 if (ctx->realm) ber_memfree(ctx->realm);
1415 if (ctx->authcid) ber_memfree(ctx->authcid);
1416 if (ctx->passwd) ber_memfree(ctx->passwd);
1417 if (ctx->authzid) ber_memfree(ctx->authzid);
1418 ber_memfree(ctx);
1419 }
1420 /* }}} */
1421
1422 /* {{{ _php_sasl_interact
1423 Internal interact function for SASL */
_php_sasl_interact(LDAP * ld,unsigned flags,void * defaults,void * in)1424 static int _php_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *in)
1425 {
1426 sasl_interact_t *interact = in;
1427 const char *p;
1428 php_ldap_bictx *ctx = defaults;
1429
1430 for (;interact->id != SASL_CB_LIST_END;interact++) {
1431 p = NULL;
1432 switch(interact->id) {
1433 case SASL_CB_GETREALM:
1434 p = ctx->realm;
1435 break;
1436 case SASL_CB_AUTHNAME:
1437 p = ctx->authcid;
1438 break;
1439 case SASL_CB_USER:
1440 p = ctx->authzid;
1441 break;
1442 case SASL_CB_PASS:
1443 p = ctx->passwd;
1444 break;
1445 }
1446 if (p) {
1447 interact->result = p;
1448 interact->len = strlen(interact->result);
1449 }
1450 }
1451 return LDAP_SUCCESS;
1452 }
1453 /* }}} */
1454
1455 /* {{{ Bind to LDAP directory using SASL */
PHP_FUNCTION(ldap_sasl_bind)1456 PHP_FUNCTION(ldap_sasl_bind)
1457 {
1458 zval *link;
1459 ldap_linkdata *ld;
1460 char *binddn = NULL;
1461 char *passwd = NULL;
1462 char *sasl_mech = NULL;
1463 char *sasl_realm = NULL;
1464 char *sasl_authz_id = NULL;
1465 char *sasl_authc_id = NULL;
1466 char *props = NULL;
1467 size_t rc, dn_len, passwd_len, mech_len, realm_len, authc_id_len, authz_id_len, props_len;
1468 php_ldap_bictx *ctx;
1469
1470 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O|s!s!s!s!s!s!s!", &link, ldap_link_ce, &binddn, &dn_len, &passwd, &passwd_len, &sasl_mech, &mech_len, &sasl_realm, &realm_len, &sasl_authc_id, &authc_id_len, &sasl_authz_id, &authz_id_len, &props, &props_len) != SUCCESS) {
1471 RETURN_THROWS();
1472 }
1473
1474 ld = Z_LDAP_LINK_P(link);
1475 VERIFY_LDAP_LINK_CONNECTED(ld);
1476
1477 ctx = _php_sasl_setdefs(ld->link, sasl_mech, sasl_realm, sasl_authc_id, passwd, sasl_authz_id);
1478
1479 if (props) {
1480 ldap_set_option(ld->link, LDAP_OPT_X_SASL_SECPROPS, props);
1481 }
1482
1483 rc = ldap_sasl_interactive_bind_s(ld->link, binddn, ctx->mech, NULL, NULL, LDAP_SASL_QUIET, _php_sasl_interact, ctx);
1484 if (rc != LDAP_SUCCESS) {
1485 php_error_docref(NULL, E_WARNING, "Unable to bind to server: %s", ldap_err2string(rc));
1486 RETVAL_FALSE;
1487 } else {
1488 RETVAL_TRUE;
1489 }
1490 _php_sasl_freedefs(ctx);
1491 }
1492 /* }}} */
1493 #endif /* HAVE_LDAP_SASL */
1494
1495 /* {{{ Unbind from LDAP directory */
PHP_FUNCTION(ldap_unbind)1496 PHP_FUNCTION(ldap_unbind)
1497 {
1498 zval *link;
1499 ldap_linkdata *ld;
1500
1501 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) != SUCCESS) {
1502 RETURN_THROWS();
1503 }
1504
1505 ld = Z_LDAP_LINK_P(link);
1506 VERIFY_LDAP_LINK_CONNECTED(ld);
1507
1508 ldap_link_free(ld);
1509
1510 RETURN_TRUE;
1511 }
1512 /* }}} */
1513
1514 /* {{{ php_set_opts */
php_set_opts(LDAP * ldap,int sizelimit,int timelimit,int deref,int * old_sizelimit,int * old_timelimit,int * old_deref)1515 static void php_set_opts(LDAP *ldap, int sizelimit, int timelimit, int deref, int *old_sizelimit, int *old_timelimit, int *old_deref)
1516 {
1517 /* sizelimit */
1518 if (sizelimit > -1) {
1519 #if (LDAP_API_VERSION >= 2004) || defined(HAVE_ORALDAP)
1520 ldap_get_option(ldap, LDAP_OPT_SIZELIMIT, old_sizelimit);
1521 ldap_set_option(ldap, LDAP_OPT_SIZELIMIT, &sizelimit);
1522 #else
1523 *old_sizelimit = ldap->ld_sizelimit;
1524 ldap->ld_sizelimit = sizelimit;
1525 #endif
1526 }
1527
1528 /* timelimit */
1529 if (timelimit > -1) {
1530 #if (LDAP_API_VERSION >= 2004) || defined(HAVE_ORALDAP)
1531 ldap_get_option(ldap, LDAP_OPT_TIMELIMIT, old_timelimit);
1532 ldap_set_option(ldap, LDAP_OPT_TIMELIMIT, &timelimit);
1533 #else
1534 *old_timelimit = ldap->ld_timelimit;
1535 ldap->ld_timelimit = timelimit;
1536 #endif
1537 }
1538
1539 /* deref */
1540 if (deref > -1) {
1541 #if (LDAP_API_VERSION >= 2004) || defined(HAVE_ORALDAP)
1542 ldap_get_option(ldap, LDAP_OPT_DEREF, old_deref);
1543 ldap_set_option(ldap, LDAP_OPT_DEREF, &deref);
1544 #else
1545 *old_deref = ldap->ld_deref;
1546 ldap->ld_deref = deref;
1547 #endif
1548 }
1549 }
1550 /* }}} */
1551
1552 /* {{{ php_ldap_do_search */
php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS,int scope)1553 static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
1554 {
1555 zval *link, *attrs = NULL, *attr, *serverctrls = NULL;
1556 zend_string *base_dn_str, *filter_str;
1557 HashTable *base_dn_ht, *filter_ht;
1558 zend_long attrsonly, sizelimit, timelimit, deref;
1559 zend_string *ldap_filter = NULL, *ldap_base_dn = NULL;
1560 char **ldap_attrs = NULL;
1561 ldap_linkdata *ld = NULL;
1562 ldap_resultdata *result;
1563 LDAPMessage *ldap_res = NULL;
1564 LDAPControl **lserverctrls = NULL;
1565 int ldap_attrsonly = 0, ldap_sizelimit = -1, ldap_timelimit = -1, ldap_deref = -1;
1566 int old_ldap_sizelimit = -1, old_ldap_timelimit = -1, old_ldap_deref = -1;
1567 int num_attribs = 0, ret = 1, i, ldap_errno, argcount = ZEND_NUM_ARGS();
1568
1569 ZEND_PARSE_PARAMETERS_START(3, 9)
1570 Z_PARAM_ZVAL(link)
1571 Z_PARAM_ARRAY_HT_OR_STR(base_dn_ht, base_dn_str)
1572 Z_PARAM_ARRAY_HT_OR_STR(filter_ht, filter_str)
1573 Z_PARAM_OPTIONAL
1574 Z_PARAM_ARRAY_EX(attrs, 0, 1)
1575 Z_PARAM_LONG(attrsonly)
1576 Z_PARAM_LONG(sizelimit)
1577 Z_PARAM_LONG(timelimit)
1578 Z_PARAM_LONG(deref)
1579 Z_PARAM_ARRAY_EX(serverctrls, 1, 1)
1580 ZEND_PARSE_PARAMETERS_END();
1581
1582 /* Reverse -> fall through */
1583 switch (argcount) {
1584 case 9:
1585 case 8:
1586 ldap_deref = deref;
1587 ZEND_FALLTHROUGH;
1588 case 7:
1589 ldap_timelimit = timelimit;
1590 ZEND_FALLTHROUGH;
1591 case 6:
1592 ldap_sizelimit = sizelimit;
1593 ZEND_FALLTHROUGH;
1594 case 5:
1595 ldap_attrsonly = attrsonly;
1596 ZEND_FALLTHROUGH;
1597 case 4:
1598 num_attribs = zend_hash_num_elements(Z_ARRVAL_P(attrs));
1599 ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0);
1600
1601 for (i = 0; i<num_attribs; i++) {
1602 if ((attr = zend_hash_index_find(Z_ARRVAL_P(attrs), i)) == NULL) {
1603 php_error_docref(NULL, E_WARNING, "Array initialization wrong");
1604 ret = 0;
1605 goto cleanup;
1606 }
1607
1608 convert_to_string(attr);
1609 if (EG(exception)) {
1610 ret = 0;
1611 goto cleanup;
1612 }
1613 ldap_attrs[i] = Z_STRVAL_P(attr);
1614 }
1615 ldap_attrs[num_attribs] = NULL;
1616 ZEND_FALLTHROUGH;
1617 default:
1618 break;
1619 }
1620
1621 /* parallel search? */
1622 if (Z_TYPE_P(link) == IS_ARRAY) {
1623 int i, nlinks, nbases, nfilters, *rcs;
1624 ldap_linkdata **lds;
1625 zval *entry, object;
1626
1627 nlinks = zend_hash_num_elements(Z_ARRVAL_P(link));
1628 if (nlinks == 0) {
1629 zend_argument_value_error(1, "cannot be empty");
1630 ret = 0;
1631 goto cleanup;
1632 }
1633
1634 if (base_dn_ht) {
1635 nbases = zend_hash_num_elements(base_dn_ht);
1636 if (nbases != nlinks) {
1637 zend_argument_value_error(2, "must have the same number of elements as the links array");
1638 ret = 0;
1639 goto cleanup;
1640 }
1641 zend_hash_internal_pointer_reset(base_dn_ht);
1642 } else {
1643 nbases = 0; /* this means string, not array */
1644 ldap_base_dn = zend_string_copy(base_dn_str);
1645 if (EG(exception)) {
1646 ret = 0;
1647 goto cleanup;
1648 }
1649 }
1650
1651 if (filter_ht) {
1652 nfilters = zend_hash_num_elements(filter_ht);
1653 if (nfilters != nlinks) {
1654 zend_argument_value_error(3, "must have the same number of elements as the links array");
1655 ret = 0;
1656 goto cleanup;
1657 }
1658 zend_hash_internal_pointer_reset(filter_ht);
1659 } else {
1660 nfilters = 0; /* this means string, not array */
1661 ldap_filter = zend_string_copy(filter_str);
1662 }
1663
1664 lds = safe_emalloc(nlinks, sizeof(ldap_linkdata), 0);
1665 rcs = safe_emalloc(nlinks, sizeof(*rcs), 0);
1666
1667 zend_hash_internal_pointer_reset(Z_ARRVAL_P(link));
1668 for (i=0; i<nlinks; i++) {
1669 entry = zend_hash_get_current_data(Z_ARRVAL_P(link));
1670
1671 if (Z_TYPE_P(entry) != IS_OBJECT || !instanceof_function(Z_OBJCE_P(entry), ldap_link_ce)) {
1672 zend_argument_value_error(1, "must only contain objects of type LDAP");
1673 ret = 0;
1674 goto cleanup_parallel;
1675 }
1676
1677 ld = Z_LDAP_LINK_P(entry);
1678 if (!ld->link) {
1679 zend_throw_error(NULL, "LDAP connection has already been closed");
1680 ret = 0;
1681 goto cleanup_parallel;
1682 }
1683
1684 if (nbases != 0) { /* base_dn an array? */
1685 entry = zend_hash_get_current_data(base_dn_ht);
1686 zend_hash_move_forward(base_dn_ht);
1687 ldap_base_dn = zval_get_string(entry);
1688 if (EG(exception)) {
1689 ret = 0;
1690 goto cleanup_parallel;
1691 }
1692 }
1693 if (nfilters != 0) { /* filter an array? */
1694 entry = zend_hash_get_current_data(filter_ht);
1695 zend_hash_move_forward(filter_ht);
1696 ldap_filter = zval_get_string(entry);
1697 if (EG(exception)) {
1698 ret = 0;
1699 goto cleanup_parallel;
1700 }
1701 }
1702
1703 if (serverctrls) {
1704 /* We have to parse controls again for each link as they use it */
1705 _php_ldap_controls_free(&lserverctrls);
1706 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 9);
1707 if (lserverctrls == NULL) {
1708 rcs[i] = -1;
1709 continue;
1710 }
1711 }
1712
1713 php_set_opts(ld->link, ldap_sizelimit, ldap_timelimit, ldap_deref, &old_ldap_sizelimit, &old_ldap_timelimit, &old_ldap_deref);
1714
1715 /* Run the actual search */
1716 ldap_search_ext(ld->link, ZSTR_VAL(ldap_base_dn), scope, ZSTR_VAL(ldap_filter), ldap_attrs, ldap_attrsonly, lserverctrls, NULL, NULL, ldap_sizelimit, &rcs[i]);
1717 lds[i] = ld;
1718 zend_hash_move_forward(Z_ARRVAL_P(link));
1719 }
1720
1721 array_init(return_value);
1722
1723 /* Collect results from the searches */
1724 for (i=0; i<nlinks; i++) {
1725 if (rcs[i] != -1) {
1726 rcs[i] = ldap_result(lds[i]->link, LDAP_RES_ANY, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
1727 }
1728 if (rcs[i] != -1) {
1729 object_init_ex(&object, ldap_result_ce);
1730 result = Z_LDAP_RESULT_P(&object);
1731 result->result = ldap_res;
1732 add_next_index_zval(return_value, &object);
1733 } else {
1734 add_next_index_bool(return_value, 0);
1735 }
1736 }
1737
1738 cleanup_parallel:
1739 efree(lds);
1740 efree(rcs);
1741 } else if (Z_TYPE_P(link) == IS_OBJECT && instanceof_function(Z_OBJCE_P(link), ldap_link_ce)) {
1742 ld = Z_LDAP_LINK_P(link);
1743 if (!ld->link) {
1744 zend_throw_error(NULL, "LDAP connection has already been closed");
1745 ret = 0;
1746 goto cleanup;
1747 }
1748
1749 if (!base_dn_str) {
1750 zend_argument_type_error(2, "must be of type string when argument #1 ($ldap) is an LDAP instance");
1751 ret = 0;
1752 goto cleanup;
1753 }
1754 ldap_base_dn = zend_string_copy(base_dn_str);
1755
1756 if (!filter_str) {
1757 zend_argument_type_error(3, "must be of type string when argument #1 ($ldap) is an LDAP instance");
1758 ret = 0;
1759 goto cleanup;
1760 }
1761 ldap_filter = zend_string_copy(filter_str);
1762
1763 if (serverctrls) {
1764 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 9);
1765 if (lserverctrls == NULL) {
1766 ret = 0;
1767 goto cleanup;
1768 }
1769 }
1770
1771 php_set_opts(ld->link, ldap_sizelimit, ldap_timelimit, ldap_deref, &old_ldap_sizelimit, &old_ldap_timelimit, &old_ldap_deref);
1772
1773 /* Run the actual search */
1774 ldap_errno = ldap_search_ext_s(ld->link, ZSTR_VAL(ldap_base_dn), scope, ZSTR_VAL(ldap_filter), ldap_attrs, ldap_attrsonly, lserverctrls, NULL, NULL, ldap_sizelimit, &ldap_res);
1775
1776 if (ldap_errno != LDAP_SUCCESS
1777 && ldap_errno != LDAP_SIZELIMIT_EXCEEDED
1778 #ifdef LDAP_ADMINLIMIT_EXCEEDED
1779 && ldap_errno != LDAP_ADMINLIMIT_EXCEEDED
1780 #endif
1781 #ifdef LDAP_REFERRAL
1782 && ldap_errno != LDAP_REFERRAL
1783 #endif
1784 ) {
1785 /* ldap_res should be freed regardless of return value of ldap_search_ext_s()
1786 * see: https://linux.die.net/man/3/ldap_search_ext_s */
1787 if (ldap_res != NULL) {
1788 ldap_msgfree(ldap_res);
1789 }
1790 php_error_docref(NULL, E_WARNING, "Search: %s", ldap_err2string(ldap_errno));
1791 ret = 0;
1792 } else {
1793 if (ldap_errno == LDAP_SIZELIMIT_EXCEEDED) {
1794 php_error_docref(NULL, E_WARNING, "Partial search results returned: Sizelimit exceeded");
1795 }
1796 #ifdef LDAP_ADMINLIMIT_EXCEEDED
1797 else if (ldap_errno == LDAP_ADMINLIMIT_EXCEEDED) {
1798 php_error_docref(NULL, E_WARNING, "Partial search results returned: Adminlimit exceeded");
1799 }
1800 #endif
1801 object_init_ex(return_value, ldap_result_ce);
1802 result = Z_LDAP_RESULT_P(return_value);
1803 result->result = ldap_res;
1804 }
1805 } else {
1806 zend_argument_type_error(1, "must be of type LDAP|array, %s given", zend_zval_type_name(link));
1807 }
1808
1809 cleanup:
1810 if (ld) {
1811 /* Restoring previous options */
1812 php_set_opts(ld->link, old_ldap_sizelimit, old_ldap_timelimit, old_ldap_deref, &ldap_sizelimit, &ldap_timelimit, &ldap_deref);
1813 }
1814 if (ldap_filter) {
1815 zend_string_release(ldap_filter);
1816 }
1817 if (ldap_base_dn) {
1818 zend_string_release(ldap_base_dn);
1819 }
1820 if (ldap_attrs != NULL) {
1821 efree(ldap_attrs);
1822 }
1823 if (!ret) {
1824 RETVAL_BOOL(ret);
1825 }
1826 if (lserverctrls) {
1827 _php_ldap_controls_free(&lserverctrls);
1828 }
1829 }
1830 /* }}} */
1831
1832 /* {{{ Read an entry */
PHP_FUNCTION(ldap_read)1833 PHP_FUNCTION(ldap_read)
1834 {
1835 php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_BASE);
1836 }
1837 /* }}} */
1838
1839 /* {{{ Single-level search */
PHP_FUNCTION(ldap_list)1840 PHP_FUNCTION(ldap_list)
1841 {
1842 php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_ONELEVEL);
1843 }
1844 /* }}} */
1845
1846 /* {{{ Search LDAP tree under base_dn */
PHP_FUNCTION(ldap_search)1847 PHP_FUNCTION(ldap_search)
1848 {
1849 php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_SUBTREE);
1850 }
1851 /* }}} */
1852
1853 /* {{{ Free result memory */
PHP_FUNCTION(ldap_free_result)1854 PHP_FUNCTION(ldap_free_result)
1855 {
1856 zval *result;
1857 ldap_resultdata *ldap_result;
1858
1859 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &result, ldap_result_ce) != SUCCESS) {
1860 RETURN_THROWS();
1861 }
1862
1863 ldap_result = Z_LDAP_RESULT_P(result);
1864 VERIFY_LDAP_RESULT_OPEN(ldap_result);
1865
1866 ldap_result_free(ldap_result);
1867
1868 RETVAL_TRUE;
1869 }
1870 /* }}} */
1871
1872 /* {{{ Count the number of entries in a search result */
PHP_FUNCTION(ldap_count_entries)1873 PHP_FUNCTION(ldap_count_entries)
1874 {
1875 zval *link, *result;
1876 ldap_linkdata *ld;
1877 ldap_resultdata *ldap_result;
1878
1879 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result, ldap_result_ce) != SUCCESS) {
1880 RETURN_THROWS();
1881 }
1882
1883 ld = Z_LDAP_LINK_P(link);
1884 VERIFY_LDAP_LINK_CONNECTED(ld);
1885
1886 ldap_result = Z_LDAP_RESULT_P(result);
1887 VERIFY_LDAP_RESULT_OPEN(ldap_result);
1888
1889 RETURN_LONG(ldap_count_entries(ld->link, ldap_result->result));
1890 }
1891 /* }}} */
1892
1893 /* {{{ Return first result id */
PHP_FUNCTION(ldap_first_entry)1894 PHP_FUNCTION(ldap_first_entry)
1895 {
1896 zval *link, *result;
1897 ldap_linkdata *ld;
1898 ldap_result_entry *resultentry;
1899 ldap_resultdata *ldap_result;
1900 LDAPMessage *entry;
1901
1902 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result, ldap_result_ce) != SUCCESS) {
1903 RETURN_THROWS();
1904 }
1905
1906 ld = Z_LDAP_LINK_P(link);
1907 VERIFY_LDAP_LINK_CONNECTED(ld);
1908
1909 ldap_result = Z_LDAP_RESULT_P(result);
1910 VERIFY_LDAP_RESULT_OPEN(ldap_result);
1911
1912 if ((entry = ldap_first_entry(ld->link, ldap_result->result)) == NULL) {
1913 RETVAL_FALSE;
1914 } else {
1915 object_init_ex(return_value, ldap_result_entry_ce);
1916 resultentry = Z_LDAP_RESULT_ENTRY_P(return_value);
1917 ZVAL_COPY(&resultentry->res, result);
1918 resultentry->data = entry;
1919 resultentry->ber = NULL;
1920 }
1921 }
1922 /* }}} */
1923
1924 /* {{{ Get next result entry */
PHP_FUNCTION(ldap_next_entry)1925 PHP_FUNCTION(ldap_next_entry)
1926 {
1927 zval *link, *result_entry;
1928 ldap_linkdata *ld;
1929 ldap_result_entry *resultentry, *resultentry_next;
1930 LDAPMessage *entry_next;
1931
1932 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
1933 RETURN_THROWS();
1934 }
1935
1936 ld = Z_LDAP_LINK_P(link);
1937 VERIFY_LDAP_LINK_CONNECTED(ld);
1938
1939 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
1940
1941 if ((entry_next = ldap_next_entry(ld->link, resultentry->data)) == NULL) {
1942 RETVAL_FALSE;
1943 } else {
1944 object_init_ex(return_value, ldap_result_entry_ce);
1945 resultentry_next = Z_LDAP_RESULT_ENTRY_P(return_value);
1946 ZVAL_COPY(&resultentry_next->res, &resultentry->res);
1947 resultentry_next->data = entry_next;
1948 resultentry_next->ber = NULL;
1949 }
1950 }
1951 /* }}} */
1952
1953 /* {{{ Get all result entries */
PHP_FUNCTION(ldap_get_entries)1954 PHP_FUNCTION(ldap_get_entries)
1955 {
1956 zval *link, *result;
1957 ldap_resultdata *ldap_result;
1958 LDAPMessage *ldap_result_entry;
1959 zval tmp1, tmp2;
1960 ldap_linkdata *ld;
1961 LDAP *ldap;
1962 int num_entries, num_attrib, num_values, i;
1963 BerElement *ber;
1964 char *attribute;
1965 size_t attr_len;
1966 struct berval **ldap_value;
1967 char *dn;
1968
1969 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result, ldap_result_ce) != SUCCESS) {
1970 RETURN_THROWS();
1971 }
1972
1973 ld = Z_LDAP_LINK_P(link);
1974 VERIFY_LDAP_LINK_CONNECTED(ld);
1975
1976 ldap_result = Z_LDAP_RESULT_P(result);
1977 VERIFY_LDAP_RESULT_OPEN(ldap_result);
1978
1979 ldap = ld->link;
1980 num_entries = ldap_count_entries(ldap, ldap_result->result);
1981
1982 array_init(return_value);
1983 add_assoc_long(return_value, "count", num_entries);
1984
1985 if (num_entries == 0) {
1986 return;
1987 }
1988
1989 ldap_result_entry = ldap_first_entry(ldap, ldap_result->result);
1990 if (ldap_result_entry == NULL) {
1991 zend_array_destroy(Z_ARR_P(return_value));
1992 RETURN_FALSE;
1993 }
1994
1995 num_entries = 0;
1996 while (ldap_result_entry != NULL) {
1997 array_init(&tmp1);
1998
1999 num_attrib = 0;
2000 attribute = ldap_first_attribute(ldap, ldap_result_entry, &ber);
2001
2002 while (attribute != NULL) {
2003 ldap_value = ldap_get_values_len(ldap, ldap_result_entry, attribute);
2004 num_values = ldap_count_values_len(ldap_value);
2005
2006 array_init(&tmp2);
2007 add_assoc_long(&tmp2, "count", num_values);
2008 for (i = 0; i < num_values; i++) {
2009 add_index_stringl(&tmp2, i, ldap_value[i]->bv_val, ldap_value[i]->bv_len);
2010 }
2011 ldap_value_free_len(ldap_value);
2012
2013 attr_len = strlen(attribute);
2014 zend_str_tolower(attribute, attr_len);
2015 zend_hash_str_update(Z_ARRVAL(tmp1), attribute, attr_len, &tmp2);
2016 add_index_string(&tmp1, num_attrib, attribute);
2017
2018 num_attrib++;
2019 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2020 ldap_memfree(attribute);
2021 #endif
2022 attribute = ldap_next_attribute(ldap, ldap_result_entry, ber);
2023 }
2024 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2025 if (ber != NULL) {
2026 ber_free(ber, 0);
2027 }
2028 #endif
2029
2030 add_assoc_long(&tmp1, "count", num_attrib);
2031 dn = ldap_get_dn(ldap, ldap_result_entry);
2032 if (dn) {
2033 add_assoc_string(&tmp1, "dn", dn);
2034 } else {
2035 add_assoc_null(&tmp1, "dn");
2036 }
2037 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2038 ldap_memfree(dn);
2039 #else
2040 free(dn);
2041 #endif
2042
2043 zend_hash_index_update(Z_ARRVAL_P(return_value), num_entries, &tmp1);
2044
2045 num_entries++;
2046 ldap_result_entry = ldap_next_entry(ldap, ldap_result_entry);
2047 }
2048
2049 add_assoc_long(return_value, "count", num_entries);
2050
2051 }
2052 /* }}} */
2053
2054 /* {{{ Return first attribute */
PHP_FUNCTION(ldap_first_attribute)2055 PHP_FUNCTION(ldap_first_attribute)
2056 {
2057 zval *link, *result_entry;
2058 ldap_linkdata *ld;
2059 ldap_result_entry *resultentry;
2060 char *attribute;
2061
2062 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
2063 RETURN_THROWS();
2064 }
2065
2066 ld = Z_LDAP_LINK_P(link);
2067 VERIFY_LDAP_LINK_CONNECTED(ld);
2068
2069 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
2070
2071 if ((attribute = ldap_first_attribute(ld->link, resultentry->data, &resultentry->ber)) == NULL) {
2072 RETURN_FALSE;
2073 } else {
2074 RETVAL_STRING(attribute);
2075 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2076 ldap_memfree(attribute);
2077 #endif
2078 }
2079 }
2080 /* }}} */
2081
2082 /* {{{ Get the next attribute in result */
PHP_FUNCTION(ldap_next_attribute)2083 PHP_FUNCTION(ldap_next_attribute)
2084 {
2085 zval *link, *result_entry;
2086 ldap_linkdata *ld;
2087 ldap_result_entry *resultentry;
2088 char *attribute;
2089
2090 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
2091 RETURN_THROWS();
2092 }
2093
2094 ld = Z_LDAP_LINK_P(link);
2095 VERIFY_LDAP_LINK_CONNECTED(ld);
2096
2097 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
2098
2099 if (resultentry->ber == NULL) {
2100 php_error_docref(NULL, E_WARNING, "Called before calling ldap_first_attribute() or no attributes found in result entry");
2101 RETURN_FALSE;
2102 }
2103
2104 if ((attribute = ldap_next_attribute(ld->link, resultentry->data, resultentry->ber)) == NULL) {
2105 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2106 if (resultentry->ber != NULL) {
2107 ber_free(resultentry->ber, 0);
2108 resultentry->ber = NULL;
2109 }
2110 #endif
2111 RETURN_FALSE;
2112 } else {
2113 RETVAL_STRING(attribute);
2114 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2115 ldap_memfree(attribute);
2116 #endif
2117 }
2118 }
2119 /* }}} */
2120
2121 /* {{{ Get attributes from a search result entry */
PHP_FUNCTION(ldap_get_attributes)2122 PHP_FUNCTION(ldap_get_attributes)
2123 {
2124 zval *link, *result_entry;
2125 zval tmp;
2126 ldap_linkdata *ld;
2127 ldap_result_entry *resultentry;
2128 char *attribute;
2129 struct berval **ldap_value;
2130 int i, num_values, num_attrib;
2131 BerElement *ber;
2132
2133 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
2134 RETURN_THROWS();
2135 }
2136
2137 ld = Z_LDAP_LINK_P(link);
2138 VERIFY_LDAP_LINK_CONNECTED(ld);
2139
2140 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
2141
2142 array_init(return_value);
2143 num_attrib = 0;
2144
2145 attribute = ldap_first_attribute(ld->link, resultentry->data, &ber);
2146 while (attribute != NULL) {
2147 ldap_value = ldap_get_values_len(ld->link, resultentry->data, attribute);
2148 num_values = ldap_count_values_len(ldap_value);
2149
2150 array_init(&tmp);
2151 add_assoc_long(&tmp, "count", num_values);
2152 for (i = 0; i < num_values; i++) {
2153 add_index_stringl(&tmp, i, ldap_value[i]->bv_val, ldap_value[i]->bv_len);
2154 }
2155 ldap_value_free_len(ldap_value);
2156
2157 zend_hash_str_update(Z_ARRVAL_P(return_value), attribute, strlen(attribute), &tmp);
2158 add_index_string(return_value, num_attrib, attribute);
2159
2160 num_attrib++;
2161 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2162 ldap_memfree(attribute);
2163 #endif
2164 attribute = ldap_next_attribute(ld->link, resultentry->data, ber);
2165 }
2166 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2167 if (ber != NULL) {
2168 ber_free(ber, 0);
2169 }
2170 #endif
2171
2172 add_assoc_long(return_value, "count", num_attrib);
2173 }
2174 /* }}} */
2175
2176 /* {{{ Get all values with lengths from a result entry */
PHP_FUNCTION(ldap_get_values_len)2177 PHP_FUNCTION(ldap_get_values_len)
2178 {
2179 zval *link, *result_entry;
2180 ldap_linkdata *ld;
2181 ldap_result_entry *resultentry;
2182 char *attr;
2183 struct berval **ldap_value_len;
2184 int i, num_values;
2185 size_t attr_len;
2186
2187 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OOs", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce, &attr, &attr_len) != SUCCESS) {
2188 RETURN_THROWS();
2189 }
2190
2191 ld = Z_LDAP_LINK_P(link);
2192 VERIFY_LDAP_LINK_CONNECTED(ld);
2193
2194 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
2195
2196 if ((ldap_value_len = ldap_get_values_len(ld->link, resultentry->data, attr)) == NULL) {
2197 php_error_docref(NULL, E_WARNING, "Cannot get the value(s) of attribute %s", ldap_err2string(_get_lderrno(ld->link)));
2198 RETURN_FALSE;
2199 }
2200
2201 num_values = ldap_count_values_len(ldap_value_len);
2202 array_init(return_value);
2203
2204 for (i=0; i<num_values; i++) {
2205 add_next_index_stringl(return_value, ldap_value_len[i]->bv_val, ldap_value_len[i]->bv_len);
2206 }
2207
2208 add_assoc_long(return_value, "count", num_values);
2209 ldap_value_free_len(ldap_value_len);
2210
2211 }
2212 /* }}} */
2213
2214 /* {{{ Get the DN of a result entry */
PHP_FUNCTION(ldap_get_dn)2215 PHP_FUNCTION(ldap_get_dn)
2216 {
2217 zval *link, *result_entry;
2218 ldap_linkdata *ld;
2219 ldap_result_entry *resultentry;
2220 char *text;
2221
2222 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
2223 RETURN_THROWS();
2224 }
2225
2226 ld = Z_LDAP_LINK_P(link);
2227 VERIFY_LDAP_LINK_CONNECTED(ld);
2228
2229 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
2230
2231 text = ldap_get_dn(ld->link, resultentry->data);
2232 if (text != NULL) {
2233 RETVAL_STRING(text);
2234 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2235 ldap_memfree(text);
2236 #else
2237 free(text);
2238 #endif
2239 } else {
2240 RETURN_FALSE;
2241 }
2242 }
2243 /* }}} */
2244
2245 /* {{{ Splits DN into its component parts */
PHP_FUNCTION(ldap_explode_dn)2246 PHP_FUNCTION(ldap_explode_dn)
2247 {
2248 zend_long with_attrib;
2249 char *dn, **ldap_value;
2250 int i, count;
2251 size_t dn_len;
2252
2253 if (zend_parse_parameters(ZEND_NUM_ARGS(), "sl", &dn, &dn_len, &with_attrib) != SUCCESS) {
2254 RETURN_THROWS();
2255 }
2256
2257 if (!(ldap_value = ldap_explode_dn(dn, with_attrib))) {
2258 /* Invalid parameters were passed to ldap_explode_dn */
2259 RETURN_FALSE;
2260 }
2261
2262 i=0;
2263 while (ldap_value[i] != NULL) i++;
2264 count = i;
2265
2266 array_init(return_value);
2267
2268 add_assoc_long(return_value, "count", count);
2269 for (i = 0; i<count; i++) {
2270 add_index_string(return_value, i, ldap_value[i]);
2271 }
2272
2273 ldap_memvfree((void **)ldap_value);
2274 }
2275 /* }}} */
2276
2277 /* {{{ Convert DN to User Friendly Naming format */
PHP_FUNCTION(ldap_dn2ufn)2278 PHP_FUNCTION(ldap_dn2ufn)
2279 {
2280 char *dn, *ufn;
2281 size_t dn_len;
2282
2283 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &dn, &dn_len) != SUCCESS) {
2284 RETURN_THROWS();
2285 }
2286
2287 ufn = ldap_dn2ufn(dn);
2288
2289 if (ufn != NULL) {
2290 RETVAL_STRING(ufn);
2291 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2292 ldap_memfree(ufn);
2293 #endif
2294 } else {
2295 RETURN_FALSE;
2296 }
2297 }
2298 /* }}} */
2299
2300
2301 /* added to fix use of ldap_modify_add for doing an ldap_add, gerrit thomson. */
2302 #define PHP_LD_FULL_ADD 0xff
2303 /* {{{ php_ldap_do_modify */
php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS,int oper,int ext)2304 static void php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS, int oper, int ext)
2305 {
2306 zval *serverctrls = NULL;
2307 zval *link, *entry, *value, *ivalue;
2308 ldap_linkdata *ld;
2309 char *dn;
2310 LDAPMod **ldap_mods;
2311 LDAPControl **lserverctrls = NULL;
2312 ldap_resultdata *result;
2313 LDAPMessage *ldap_res;
2314 int i, j, num_attribs, num_values, msgid;
2315 size_t dn_len;
2316 int *num_berval;
2317 zend_string *attribute;
2318 zend_ulong index;
2319 int is_full_add=0; /* flag for full add operation so ldap_mod_add can be put back into oper, gerrit THomson */
2320
2321 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Osa/|a!", &link, ldap_link_ce, &dn, &dn_len, &entry, &serverctrls) != SUCCESS) {
2322 RETURN_THROWS();
2323 }
2324
2325 ld = Z_LDAP_LINK_P(link);
2326 VERIFY_LDAP_LINK_CONNECTED(ld);
2327
2328 num_attribs = zend_hash_num_elements(Z_ARRVAL_P(entry));
2329 ldap_mods = safe_emalloc((num_attribs+1), sizeof(LDAPMod *), 0);
2330 num_berval = safe_emalloc(num_attribs, sizeof(int), 0);
2331 zend_hash_internal_pointer_reset(Z_ARRVAL_P(entry));
2332
2333 /* added by gerrit thomson to fix ldap_add using ldap_mod_add */
2334 if (oper == PHP_LD_FULL_ADD) {
2335 oper = LDAP_MOD_ADD;
2336 is_full_add = 1;
2337 }
2338 /* end additional , gerrit thomson */
2339
2340 for (i = 0; i < num_attribs; i++) {
2341 ldap_mods[i] = emalloc(sizeof(LDAPMod));
2342 ldap_mods[i]->mod_op = oper | LDAP_MOD_BVALUES;
2343 ldap_mods[i]->mod_type = NULL;
2344
2345 if (zend_hash_get_current_key(Z_ARRVAL_P(entry), &attribute, &index) == HASH_KEY_IS_STRING) {
2346 ldap_mods[i]->mod_type = estrndup(ZSTR_VAL(attribute), ZSTR_LEN(attribute));
2347 } else {
2348 php_error_docref(NULL, E_WARNING, "Unknown attribute in the data");
2349 /* Free allocated memory */
2350 while (i >= 0) {
2351 if (ldap_mods[i]->mod_type) {
2352 efree(ldap_mods[i]->mod_type);
2353 }
2354 efree(ldap_mods[i]);
2355 i--;
2356 }
2357 efree(num_berval);
2358 efree(ldap_mods);
2359 RETURN_FALSE;
2360 }
2361
2362 value = zend_hash_get_current_data(Z_ARRVAL_P(entry));
2363
2364 ZVAL_DEREF(value);
2365 if (Z_TYPE_P(value) != IS_ARRAY) {
2366 num_values = 1;
2367 } else {
2368 SEPARATE_ARRAY(value);
2369 num_values = zend_hash_num_elements(Z_ARRVAL_P(value));
2370 }
2371
2372 num_berval[i] = num_values;
2373 ldap_mods[i]->mod_bvalues = safe_emalloc((num_values + 1), sizeof(struct berval *), 0);
2374
2375 /* allow for arrays with one element, no allowance for arrays with none but probably not required, gerrit thomson. */
2376 if ((num_values == 1) && (Z_TYPE_P(value) != IS_ARRAY)) {
2377 convert_to_string(value);
2378 if (EG(exception)) {
2379 RETVAL_FALSE;
2380 goto cleanup;
2381 }
2382 ldap_mods[i]->mod_bvalues[0] = (struct berval *) emalloc (sizeof(struct berval));
2383 ldap_mods[i]->mod_bvalues[0]->bv_val = Z_STRVAL_P(value);
2384 ldap_mods[i]->mod_bvalues[0]->bv_len = Z_STRLEN_P(value);
2385 } else {
2386 for (j = 0; j < num_values; j++) {
2387 if ((ivalue = zend_hash_index_find(Z_ARRVAL_P(value), j)) == NULL) {
2388 zend_argument_value_error(3, "must contain arrays with consecutive integer indices starting from 0");
2389 num_berval[i] = j;
2390 num_attribs = i + 1;
2391 RETVAL_FALSE;
2392 goto cleanup;
2393 }
2394 convert_to_string(ivalue);
2395 if (EG(exception)) {
2396 RETVAL_FALSE;
2397 goto cleanup;
2398 }
2399 ldap_mods[i]->mod_bvalues[j] = (struct berval *) emalloc (sizeof(struct berval));
2400 ldap_mods[i]->mod_bvalues[j]->bv_val = Z_STRVAL_P(ivalue);
2401 ldap_mods[i]->mod_bvalues[j]->bv_len = Z_STRLEN_P(ivalue);
2402 }
2403 }
2404 ldap_mods[i]->mod_bvalues[num_values] = NULL;
2405 zend_hash_move_forward(Z_ARRVAL_P(entry));
2406 }
2407 ldap_mods[num_attribs] = NULL;
2408
2409 if (serverctrls) {
2410 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
2411 if (lserverctrls == NULL) {
2412 RETVAL_FALSE;
2413 goto cleanup;
2414 }
2415 }
2416
2417 /* check flag to see if do_mod was called to perform full add , gerrit thomson */
2418 if (is_full_add == 1) {
2419 if (ext) {
2420 i = ldap_add_ext(ld->link, dn, ldap_mods, lserverctrls, NULL, &msgid);
2421 } else {
2422 i = ldap_add_ext_s(ld->link, dn, ldap_mods, lserverctrls, NULL);
2423 }
2424 if (i != LDAP_SUCCESS) {
2425 php_error_docref(NULL, E_WARNING, "Add: %s", ldap_err2string(i));
2426 RETVAL_FALSE;
2427 } else if (ext) {
2428 i = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
2429 if (i == -1) {
2430 php_error_docref(NULL, E_WARNING, "Add operation failed");
2431 RETVAL_FALSE;
2432 goto cleanup;
2433 }
2434
2435 /* return a PHP control object */
2436 object_init_ex(return_value, ldap_result_ce);
2437 result = Z_LDAP_RESULT_P(return_value);
2438 result->result = ldap_res;
2439 } else RETVAL_TRUE;
2440 } else {
2441 if (ext) {
2442 i = ldap_modify_ext(ld->link, dn, ldap_mods, lserverctrls, NULL, &msgid);
2443 } else {
2444 i = ldap_modify_ext_s(ld->link, dn, ldap_mods, lserverctrls, NULL);
2445 }
2446 if (i != LDAP_SUCCESS) {
2447 php_error_docref(NULL, E_WARNING, "Modify: %s", ldap_err2string(i));
2448 RETVAL_FALSE;
2449 } else if (ext) {
2450 i = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
2451 if (i == -1) {
2452 php_error_docref(NULL, E_WARNING, "Modify operation failed");
2453 RETVAL_FALSE;
2454 goto cleanup;
2455 }
2456
2457 /* return a PHP control object */
2458 object_init_ex(return_value, ldap_result_ce);
2459 result = Z_LDAP_RESULT_P(return_value);
2460 result->result = ldap_res;
2461 } else RETVAL_TRUE;
2462 }
2463
2464 cleanup:
2465 for (i = 0; i < num_attribs; i++) {
2466 efree(ldap_mods[i]->mod_type);
2467 for (j = 0; j < num_berval[i]; j++) {
2468 efree(ldap_mods[i]->mod_bvalues[j]);
2469 }
2470 efree(ldap_mods[i]->mod_bvalues);
2471 efree(ldap_mods[i]);
2472 }
2473 efree(num_berval);
2474 efree(ldap_mods);
2475
2476 if (lserverctrls) {
2477 _php_ldap_controls_free(&lserverctrls);
2478 }
2479
2480 return;
2481 }
2482 /* }}} */
2483
2484 /* {{{ Add entries to LDAP directory */
PHP_FUNCTION(ldap_add)2485 PHP_FUNCTION(ldap_add)
2486 {
2487 /* use a newly define parameter into the do_modify so ldap_mod_add can be used the way it is supposed to be used , Gerrit THomson */
2488 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_LD_FULL_ADD, 0);
2489 }
2490 /* }}} */
2491
2492 /* {{{ Add entries to LDAP directory */
PHP_FUNCTION(ldap_add_ext)2493 PHP_FUNCTION(ldap_add_ext)
2494 {
2495 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_LD_FULL_ADD, 1);
2496 }
2497 /* }}} */
2498
2499 /* three functions for attribute base modifications, gerrit Thomson */
2500
2501 /* {{{ Replace attribute values with new ones */
PHP_FUNCTION(ldap_mod_replace)2502 PHP_FUNCTION(ldap_mod_replace)
2503 {
2504 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_REPLACE, 0);
2505 }
2506 /* }}} */
2507
2508 /* {{{ Replace attribute values with new ones */
PHP_FUNCTION(ldap_mod_replace_ext)2509 PHP_FUNCTION(ldap_mod_replace_ext)
2510 {
2511 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_REPLACE, 1);
2512 }
2513 /* }}} */
2514
2515 /* {{{ Add attribute values to current */
PHP_FUNCTION(ldap_mod_add)2516 PHP_FUNCTION(ldap_mod_add)
2517 {
2518 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_ADD, 0);
2519 }
2520 /* }}} */
2521
2522 /* {{{ Add attribute values to current */
PHP_FUNCTION(ldap_mod_add_ext)2523 PHP_FUNCTION(ldap_mod_add_ext)
2524 {
2525 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_ADD, 1);
2526 }
2527 /* }}} */
2528
2529 /* {{{ Delete attribute values */
PHP_FUNCTION(ldap_mod_del)2530 PHP_FUNCTION(ldap_mod_del)
2531 {
2532 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_DELETE, 0);
2533 }
2534 /* }}} */
2535
2536 /* {{{ Delete attribute values */
PHP_FUNCTION(ldap_mod_del_ext)2537 PHP_FUNCTION(ldap_mod_del_ext)
2538 {
2539 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_DELETE, 1);
2540 }
2541 /* }}} */
2542
2543 /* {{{ php_ldap_do_delete */
php_ldap_do_delete(INTERNAL_FUNCTION_PARAMETERS,int ext)2544 static void php_ldap_do_delete(INTERNAL_FUNCTION_PARAMETERS, int ext)
2545 {
2546 zval *serverctrls = NULL;
2547 zval *link;
2548 ldap_linkdata *ld;
2549 LDAPControl **lserverctrls = NULL;
2550 ldap_resultdata *result;
2551 LDAPMessage *ldap_res;
2552 char *dn;
2553 int rc, msgid;
2554 size_t dn_len;
2555
2556 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Os|a!", &link, ldap_link_ce, &dn, &dn_len, &serverctrls) != SUCCESS) {
2557 RETURN_THROWS();
2558 }
2559
2560 ld = Z_LDAP_LINK_P(link);
2561 VERIFY_LDAP_LINK_CONNECTED(ld);
2562
2563 if (serverctrls) {
2564 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 3);
2565 if (lserverctrls == NULL) {
2566 RETVAL_FALSE;
2567 goto cleanup;
2568 }
2569 }
2570
2571 if (ext) {
2572 rc = ldap_delete_ext(ld->link, dn, lserverctrls, NULL, &msgid);
2573 } else {
2574 rc = ldap_delete_ext_s(ld->link, dn, lserverctrls, NULL);
2575 }
2576 if (rc != LDAP_SUCCESS) {
2577 php_error_docref(NULL, E_WARNING, "Delete: %s", ldap_err2string(rc));
2578 RETVAL_FALSE;
2579 goto cleanup;
2580 } else if (ext) {
2581 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
2582 if (rc == -1) {
2583 php_error_docref(NULL, E_WARNING, "Delete operation failed");
2584 RETVAL_FALSE;
2585 goto cleanup;
2586 }
2587
2588 /* return a PHP control object */
2589 object_init_ex(return_value, ldap_result_ce);
2590 result = Z_LDAP_RESULT_P(return_value);
2591 result->result = ldap_res;
2592 } else {
2593 RETVAL_TRUE;
2594 }
2595
2596 cleanup:
2597 if (lserverctrls) {
2598 _php_ldap_controls_free(&lserverctrls);
2599 }
2600
2601 return;
2602 }
2603 /* }}} */
2604
2605 /* {{{ Delete an entry from a directory */
PHP_FUNCTION(ldap_delete)2606 PHP_FUNCTION(ldap_delete)
2607 {
2608 php_ldap_do_delete(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
2609 }
2610 /* }}} */
2611
2612 /* {{{ Delete an entry from a directory */
PHP_FUNCTION(ldap_delete_ext)2613 PHP_FUNCTION(ldap_delete_ext)
2614 {
2615 php_ldap_do_delete(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
2616 }
2617 /* }}} */
2618
2619 /* {{{ _ldap_str_equal_to_const */
_ldap_str_equal_to_const(const char * str,size_t str_len,const char * cstr)2620 static size_t _ldap_str_equal_to_const(const char *str, size_t str_len, const char *cstr)
2621 {
2622 size_t i;
2623
2624 if (strlen(cstr) != str_len)
2625 return 0;
2626
2627 for (i = 0; i < str_len; ++i) {
2628 if (str[i] != cstr[i]) {
2629 return 0;
2630 }
2631 }
2632
2633 return 1;
2634 }
2635 /* }}} */
2636
2637 /* {{{ _ldap_strlen_max */
_ldap_strlen_max(const char * str,size_t max_len)2638 static size_t _ldap_strlen_max(const char *str, size_t max_len)
2639 {
2640 size_t i;
2641
2642 for (i = 0; i < max_len; ++i) {
2643 if (str[i] == '\0') {
2644 return i;
2645 }
2646 }
2647
2648 return max_len;
2649 }
2650 /* }}} */
2651
2652 /* {{{ _ldap_hash_fetch */
_ldap_hash_fetch(zval * hashTbl,const char * key,zval ** out)2653 static void _ldap_hash_fetch(zval *hashTbl, const char *key, zval **out)
2654 {
2655 *out = zend_hash_str_find(Z_ARRVAL_P(hashTbl), key, strlen(key));
2656 }
2657 /* }}} */
2658
2659 /* {{{ Perform multiple modifications as part of one operation */
PHP_FUNCTION(ldap_modify_batch)2660 PHP_FUNCTION(ldap_modify_batch)
2661 {
2662 zval *serverctrls = NULL;
2663 ldap_linkdata *ld;
2664 zval *link, *mods, *mod, *modinfo;
2665 zend_string *modval;
2666 zval *attrib, *modtype, *vals;
2667 zval *fetched;
2668 char *dn;
2669 size_t dn_len;
2670 int i, j, k;
2671 int num_mods, num_modprops, num_modvals;
2672 LDAPMod **ldap_mods;
2673 LDAPControl **lserverctrls = NULL;
2674 uint32_t oper;
2675
2676 /*
2677 $mods = array(
2678 array(
2679 "attrib" => "unicodePwd",
2680 "modtype" => LDAP_MODIFY_BATCH_REMOVE,
2681 "values" => array($oldpw)
2682 ),
2683 array(
2684 "attrib" => "unicodePwd",
2685 "modtype" => LDAP_MODIFY_BATCH_ADD,
2686 "values" => array($newpw)
2687 ),
2688 array(
2689 "attrib" => "userPrincipalName",
2690 "modtype" => LDAP_MODIFY_BATCH_REPLACE,
2691 "values" => array("janitor@corp.contoso.com")
2692 ),
2693 array(
2694 "attrib" => "userCert",
2695 "modtype" => LDAP_MODIFY_BATCH_REMOVE_ALL
2696 )
2697 );
2698 */
2699
2700 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Osa/|a!", &link, ldap_link_ce, &dn, &dn_len, &mods, &serverctrls) != SUCCESS) {
2701 RETURN_THROWS();
2702 }
2703
2704 ld = Z_LDAP_LINK_P(link);
2705 VERIFY_LDAP_LINK_CONNECTED(ld);
2706
2707 /* perform validation */
2708 {
2709 zend_string *modkey;
2710 zend_long modtype;
2711
2712 /* to store the wrongly-typed keys */
2713 zend_ulong tmpUlong;
2714
2715 /* make sure the DN contains no NUL bytes */
2716 if (_ldap_strlen_max(dn, dn_len) != dn_len) {
2717 zend_argument_type_error(2, "must not contain null bytes");
2718 RETURN_THROWS();
2719 }
2720
2721 /* make sure the top level is a normal array */
2722 zend_hash_internal_pointer_reset(Z_ARRVAL_P(mods));
2723 if (zend_hash_get_current_key_type(Z_ARRVAL_P(mods)) != HASH_KEY_IS_LONG) {
2724 zend_argument_type_error(3, "must be integer-indexed");
2725 RETURN_THROWS();
2726 }
2727
2728 num_mods = zend_hash_num_elements(Z_ARRVAL_P(mods));
2729
2730 for (i = 0; i < num_mods; i++) {
2731 /* is the numbering consecutive? */
2732 if ((fetched = zend_hash_index_find(Z_ARRVAL_P(mods), i)) == NULL) {
2733 zend_argument_value_error(3, "must have consecutive integer indices starting from 0");
2734 RETURN_THROWS();
2735 }
2736 mod = fetched;
2737
2738 /* is it an array? */
2739 if (Z_TYPE_P(mod) != IS_ARRAY) {
2740 zend_argument_value_error(3, "must only contain arrays");
2741 RETURN_THROWS();
2742 }
2743
2744 SEPARATE_ARRAY(mod);
2745 /* for the modification hashtable... */
2746 zend_hash_internal_pointer_reset(Z_ARRVAL_P(mod));
2747 num_modprops = zend_hash_num_elements(Z_ARRVAL_P(mod));
2748
2749 for (j = 0; j < num_modprops; j++) {
2750 /* are the keys strings? */
2751 if (zend_hash_get_current_key(Z_ARRVAL_P(mod), &modkey, &tmpUlong) != HASH_KEY_IS_STRING) {
2752 zend_argument_type_error(3, "must only contain string-indexed arrays");
2753 RETURN_THROWS();
2754 }
2755
2756 /* is this a valid entry? */
2757 if (
2758 !_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_ATTRIB) &&
2759 !_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_MODTYPE) &&
2760 !_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_VALUES)
2761 ) {
2762 zend_argument_value_error(3, "must contain arrays only containing the \"" LDAP_MODIFY_BATCH_ATTRIB "\", \"" LDAP_MODIFY_BATCH_MODTYPE "\" and \"" LDAP_MODIFY_BATCH_VALUES "\" keys");
2763 RETURN_THROWS();
2764 }
2765
2766 fetched = zend_hash_get_current_data(Z_ARRVAL_P(mod));
2767 modinfo = fetched;
2768
2769 /* does the value type match the key? */
2770 if (_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_ATTRIB)) {
2771 if (Z_TYPE_P(modinfo) != IS_STRING) {
2772 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_ATTRIB "\" must be of type string, %s given", get_active_function_name(), zend_zval_type_name(modinfo));
2773 RETURN_THROWS();
2774 }
2775
2776 if (Z_STRLEN_P(modinfo) != _ldap_strlen_max(Z_STRVAL_P(modinfo), Z_STRLEN_P(modinfo))) {
2777 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_ATTRIB "\" cannot contain null-bytes", get_active_function_name());
2778 RETURN_THROWS();
2779 }
2780 }
2781 else if (_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_MODTYPE)) {
2782 if (Z_TYPE_P(modinfo) != IS_LONG) {
2783 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_MODTYPE "\" must be of type int, %s given", get_active_function_name(), zend_zval_type_name(modinfo));
2784 RETURN_THROWS();
2785 }
2786
2787 /* is the value in range? */
2788 modtype = Z_LVAL_P(modinfo);
2789 if (
2790 modtype != LDAP_MODIFY_BATCH_ADD &&
2791 modtype != LDAP_MODIFY_BATCH_REMOVE &&
2792 modtype != LDAP_MODIFY_BATCH_REPLACE &&
2793 modtype != LDAP_MODIFY_BATCH_REMOVE_ALL
2794 ) {
2795 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_MODTYPE "\" must be one of the LDAP_MODIFY_BATCH_* constants", get_active_function_name());
2796 RETURN_THROWS();
2797 }
2798
2799 /* if it's REMOVE_ALL, there must not be a values array; otherwise, there must */
2800 if (modtype == LDAP_MODIFY_BATCH_REMOVE_ALL) {
2801 if (zend_hash_str_exists(Z_ARRVAL_P(mod), LDAP_MODIFY_BATCH_VALUES, strlen(LDAP_MODIFY_BATCH_VALUES))) {
2802 zend_value_error("%s(): If option \"" LDAP_MODIFY_BATCH_MODTYPE "\" is LDAP_MODIFY_BATCH_REMOVE_ALL, option \"" LDAP_MODIFY_BATCH_VALUES "\" cannot be provided", get_active_function_name());
2803 RETURN_THROWS();
2804 }
2805 }
2806 else {
2807 if (!zend_hash_str_exists(Z_ARRVAL_P(mod), LDAP_MODIFY_BATCH_VALUES, strlen(LDAP_MODIFY_BATCH_VALUES))) {
2808 zend_value_error("%s(): If option \"" LDAP_MODIFY_BATCH_MODTYPE "\" is not LDAP_MODIFY_BATCH_REMOVE_ALL, option \"" LDAP_MODIFY_BATCH_VALUES "\" must be provided", get_active_function_name());
2809 RETURN_THROWS();
2810 }
2811 }
2812 }
2813 else if (_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_VALUES)) {
2814 if (Z_TYPE_P(modinfo) != IS_ARRAY) {
2815 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" must be of type array, %s given", get_active_function_name(), zend_zval_type_name(modinfo));
2816 RETURN_THROWS();
2817 }
2818
2819 SEPARATE_ARRAY(modinfo);
2820 /* is the array not empty? */
2821 zend_hash_internal_pointer_reset(Z_ARRVAL_P(modinfo));
2822 num_modvals = zend_hash_num_elements(Z_ARRVAL_P(modinfo));
2823 if (num_modvals == 0) {
2824 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" cannot be empty", get_active_function_name());
2825 RETURN_THROWS();
2826 }
2827
2828 /* are its keys integers? */
2829 if (zend_hash_get_current_key_type(Z_ARRVAL_P(modinfo)) != HASH_KEY_IS_LONG) {
2830 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" must be integer-indexed", get_active_function_name());
2831 RETURN_THROWS();
2832 }
2833
2834 /* are the keys consecutive? */
2835 for (k = 0; k < num_modvals; k++) {
2836 if ((fetched = zend_hash_index_find(Z_ARRVAL_P(modinfo), k)) == NULL) {
2837 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" must have consecutive integer indices starting from 0", get_active_function_name());
2838 RETURN_THROWS();
2839 }
2840 }
2841 }
2842
2843 zend_hash_move_forward(Z_ARRVAL_P(mod));
2844 }
2845 }
2846 }
2847 /* validation was successful */
2848
2849 /* allocate array of modifications */
2850 ldap_mods = safe_emalloc((num_mods+1), sizeof(LDAPMod *), 0);
2851
2852 /* for each modification */
2853 for (i = 0; i < num_mods; i++) {
2854 /* allocate the modification struct */
2855 ldap_mods[i] = safe_emalloc(1, sizeof(LDAPMod), 0);
2856
2857 /* fetch the relevant data */
2858 fetched = zend_hash_index_find(Z_ARRVAL_P(mods), i);
2859 mod = fetched;
2860
2861 _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_ATTRIB, &attrib);
2862 _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_MODTYPE, &modtype);
2863 _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_VALUES, &vals);
2864
2865 /* map the modification type */
2866 switch (Z_LVAL_P(modtype)) {
2867 case LDAP_MODIFY_BATCH_ADD:
2868 oper = LDAP_MOD_ADD;
2869 break;
2870 case LDAP_MODIFY_BATCH_REMOVE:
2871 case LDAP_MODIFY_BATCH_REMOVE_ALL:
2872 oper = LDAP_MOD_DELETE;
2873 break;
2874 case LDAP_MODIFY_BATCH_REPLACE:
2875 oper = LDAP_MOD_REPLACE;
2876 break;
2877 default:
2878 zend_throw_error(NULL, "Unknown and uncaught modification type.");
2879 RETVAL_FALSE;
2880 efree(ldap_mods[i]);
2881 num_mods = i;
2882 goto cleanup;
2883 }
2884
2885 /* fill in the basic info */
2886 ldap_mods[i]->mod_op = oper | LDAP_MOD_BVALUES;
2887 ldap_mods[i]->mod_type = estrndup(Z_STRVAL_P(attrib), Z_STRLEN_P(attrib));
2888
2889 if (Z_LVAL_P(modtype) == LDAP_MODIFY_BATCH_REMOVE_ALL) {
2890 /* no values */
2891 ldap_mods[i]->mod_bvalues = NULL;
2892 }
2893 else {
2894 /* allocate space for the values as part of this modification */
2895 num_modvals = zend_hash_num_elements(Z_ARRVAL_P(vals));
2896 ldap_mods[i]->mod_bvalues = safe_emalloc((num_modvals+1), sizeof(struct berval *), 0);
2897
2898 /* for each value */
2899 for (j = 0; j < num_modvals; j++) {
2900 /* fetch it */
2901 fetched = zend_hash_index_find(Z_ARRVAL_P(vals), j);
2902 modval = zval_get_string(fetched);
2903 if (EG(exception)) {
2904 RETVAL_FALSE;
2905 ldap_mods[i]->mod_bvalues[j] = NULL;
2906 num_mods = i + 1;
2907 goto cleanup;
2908 }
2909
2910 /* allocate the data struct */
2911 ldap_mods[i]->mod_bvalues[j] = safe_emalloc(1, sizeof(struct berval), 0);
2912
2913 /* fill it */
2914 ldap_mods[i]->mod_bvalues[j]->bv_len = ZSTR_LEN(modval);
2915 ldap_mods[i]->mod_bvalues[j]->bv_val = estrndup(ZSTR_VAL(modval), ZSTR_LEN(modval));
2916 zend_string_release(modval);
2917 }
2918
2919 /* NULL-terminate values */
2920 ldap_mods[i]->mod_bvalues[num_modvals] = NULL;
2921 }
2922 }
2923
2924 /* NULL-terminate modifications */
2925 ldap_mods[num_mods] = NULL;
2926
2927 if (serverctrls) {
2928 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
2929 if (lserverctrls == NULL) {
2930 RETVAL_FALSE;
2931 goto cleanup;
2932 }
2933 }
2934
2935 /* perform (finally) */
2936 if ((i = ldap_modify_ext_s(ld->link, dn, ldap_mods, lserverctrls, NULL)) != LDAP_SUCCESS) {
2937 php_error_docref(NULL, E_WARNING, "Batch Modify: %s", ldap_err2string(i));
2938 RETVAL_FALSE;
2939 } else RETVAL_TRUE;
2940
2941 /* clean up */
2942 cleanup: {
2943 for (i = 0; i < num_mods; i++) {
2944 /* attribute */
2945 efree(ldap_mods[i]->mod_type);
2946
2947 if (ldap_mods[i]->mod_bvalues != NULL) {
2948 /* each BER value */
2949 for (j = 0; ldap_mods[i]->mod_bvalues[j] != NULL; j++) {
2950 /* free the data bytes */
2951 efree(ldap_mods[i]->mod_bvalues[j]->bv_val);
2952
2953 /* free the bvalue struct */
2954 efree(ldap_mods[i]->mod_bvalues[j]);
2955 }
2956
2957 /* the BER value array */
2958 efree(ldap_mods[i]->mod_bvalues);
2959 }
2960
2961 /* the modification */
2962 efree(ldap_mods[i]);
2963 }
2964
2965 /* the modifications array */
2966 efree(ldap_mods);
2967
2968 if (lserverctrls) {
2969 _php_ldap_controls_free(&lserverctrls);
2970 }
2971 }
2972 }
2973 /* }}} */
2974
2975 /* {{{ Get the current ldap error number */
PHP_FUNCTION(ldap_errno)2976 PHP_FUNCTION(ldap_errno)
2977 {
2978 zval *link;
2979 ldap_linkdata *ld;
2980
2981 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) != SUCCESS) {
2982 RETURN_THROWS();
2983 }
2984
2985 ld = Z_LDAP_LINK_P(link);
2986 VERIFY_LDAP_LINK_CONNECTED(ld);
2987
2988 RETURN_LONG(_get_lderrno(ld->link));
2989 }
2990 /* }}} */
2991
2992 /* {{{ Convert error number to error string */
PHP_FUNCTION(ldap_err2str)2993 PHP_FUNCTION(ldap_err2str)
2994 {
2995 zend_long perrno;
2996
2997 if (zend_parse_parameters(ZEND_NUM_ARGS(), "l", &perrno) != SUCCESS) {
2998 RETURN_THROWS();
2999 }
3000
3001 RETURN_STRING(ldap_err2string(perrno));
3002 }
3003 /* }}} */
3004
3005 /* {{{ Get the current ldap error string */
PHP_FUNCTION(ldap_error)3006 PHP_FUNCTION(ldap_error)
3007 {
3008 zval *link;
3009 ldap_linkdata *ld;
3010 int ld_errno;
3011
3012 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) != SUCCESS) {
3013 RETURN_THROWS();
3014 }
3015
3016 ld = Z_LDAP_LINK_P(link);
3017 VERIFY_LDAP_LINK_CONNECTED(ld);
3018
3019 ld_errno = _get_lderrno(ld->link);
3020
3021 RETURN_STRING(ldap_err2string(ld_errno));
3022 }
3023 /* }}} */
3024
3025 /* {{{ Determine if an entry has a specific value for one of its attributes */
PHP_FUNCTION(ldap_compare)3026 PHP_FUNCTION(ldap_compare)
3027 {
3028 zval *serverctrls = NULL;
3029 zval *link;
3030 char *dn, *attr, *value;
3031 size_t dn_len, attr_len, value_len;
3032 ldap_linkdata *ld;
3033 LDAPControl **lserverctrls = NULL;
3034 int ldap_errno;
3035 struct berval lvalue;
3036
3037 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Osss|a!", &link, ldap_link_ce, &dn, &dn_len, &attr, &attr_len, &value, &value_len, &serverctrls) != SUCCESS) {
3038 RETURN_THROWS();
3039 }
3040
3041 ld = Z_LDAP_LINK_P(link);
3042 VERIFY_LDAP_LINK_CONNECTED(ld);
3043
3044 if (serverctrls) {
3045 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 5);
3046 if (lserverctrls == NULL) {
3047 RETVAL_FALSE;
3048 goto cleanup;
3049 }
3050 }
3051
3052 lvalue.bv_val = value;
3053 lvalue.bv_len = value_len;
3054
3055 ldap_errno = ldap_compare_ext_s(ld->link, dn, attr, &lvalue, lserverctrls, NULL);
3056
3057 switch (ldap_errno) {
3058 case LDAP_COMPARE_TRUE:
3059 RETVAL_TRUE;
3060 break;
3061
3062 case LDAP_COMPARE_FALSE:
3063 RETVAL_FALSE;
3064 break;
3065
3066 default:
3067 php_error_docref(NULL, E_WARNING, "Compare: %s", ldap_err2string(ldap_errno));
3068 RETVAL_LONG(-1);
3069 }
3070
3071 cleanup:
3072 if (lserverctrls) {
3073 _php_ldap_controls_free(&lserverctrls);
3074 }
3075
3076 return;
3077 }
3078 /* }}} */
3079
3080 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP)
3081 /* {{{ Get the current value of various session-wide parameters */
PHP_FUNCTION(ldap_get_option)3082 PHP_FUNCTION(ldap_get_option)
3083 {
3084 zval *link, *retval;
3085 ldap_linkdata *ld;
3086 zend_long option;
3087
3088 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Olz", &link, ldap_link_ce, &option, &retval) != SUCCESS) {
3089 RETURN_THROWS();
3090 }
3091
3092 ld = Z_LDAP_LINK_P(link);
3093 VERIFY_LDAP_LINK_CONNECTED(ld);
3094
3095 switch (option) {
3096 /* options with int value */
3097 case LDAP_OPT_DEREF:
3098 case LDAP_OPT_SIZELIMIT:
3099 case LDAP_OPT_TIMELIMIT:
3100 case LDAP_OPT_PROTOCOL_VERSION:
3101 case LDAP_OPT_ERROR_NUMBER:
3102 case LDAP_OPT_REFERRALS:
3103 #ifdef LDAP_OPT_RESTART
3104 case LDAP_OPT_RESTART:
3105 #endif
3106 #ifdef LDAP_OPT_X_SASL_NOCANON
3107 case LDAP_OPT_X_SASL_NOCANON:
3108 #endif
3109 #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
3110 case LDAP_OPT_X_TLS_REQUIRE_CERT:
3111 #endif
3112 #ifdef LDAP_OPT_X_TLS_CRLCHECK
3113 case LDAP_OPT_X_TLS_CRLCHECK:
3114 #endif
3115 #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
3116 case LDAP_OPT_X_TLS_PROTOCOL_MIN:
3117 #endif
3118 #ifdef LDAP_OPT_X_KEEPALIVE_IDLE
3119 case LDAP_OPT_X_KEEPALIVE_IDLE:
3120 case LDAP_OPT_X_KEEPALIVE_PROBES:
3121 case LDAP_OPT_X_KEEPALIVE_INTERVAL:
3122 #endif
3123 {
3124 int val;
3125
3126 if (ldap_get_option(ld->link, option, &val)) {
3127 RETURN_FALSE;
3128 }
3129 ZEND_TRY_ASSIGN_REF_LONG(retval, val);
3130 } break;
3131 #ifdef LDAP_OPT_NETWORK_TIMEOUT
3132 case LDAP_OPT_NETWORK_TIMEOUT:
3133 {
3134 struct timeval *timeout = NULL;
3135
3136 if (ldap_get_option(ld->link, LDAP_OPT_NETWORK_TIMEOUT, (void *) &timeout)) {
3137 if (timeout) {
3138 ldap_memfree(timeout);
3139 }
3140 RETURN_FALSE;
3141 }
3142 if (!timeout) {
3143 RETURN_FALSE;
3144 }
3145 ZEND_TRY_ASSIGN_REF_LONG(retval, timeout->tv_sec);
3146 ldap_memfree(timeout);
3147 } break;
3148 #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
3149 case LDAP_X_OPT_CONNECT_TIMEOUT:
3150 {
3151 int timeout;
3152
3153 if (ldap_get_option(ld->link, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout)) {
3154 RETURN_FALSE;
3155 }
3156 ZEND_TRY_ASSIGN_REF_LONG(retval, (timeout / 1000));
3157 } break;
3158 #endif
3159 #ifdef LDAP_OPT_TIMEOUT
3160 case LDAP_OPT_TIMEOUT:
3161 {
3162 struct timeval *timeout = NULL;
3163
3164 if (ldap_get_option(ld->link, LDAP_OPT_TIMEOUT, (void *) &timeout)) {
3165 if (timeout) {
3166 ldap_memfree(timeout);
3167 }
3168 RETURN_FALSE;
3169 }
3170 if (!timeout) {
3171 RETURN_FALSE;
3172 }
3173 ZEND_TRY_ASSIGN_REF_LONG(retval, timeout->tv_sec);
3174 ldap_memfree(timeout);
3175 } break;
3176 #endif
3177 /* options with string value */
3178 case LDAP_OPT_ERROR_STRING:
3179 #ifdef LDAP_OPT_HOST_NAME
3180 case LDAP_OPT_HOST_NAME:
3181 #endif
3182 #ifdef HAVE_LDAP_SASL
3183 case LDAP_OPT_X_SASL_MECH:
3184 case LDAP_OPT_X_SASL_REALM:
3185 case LDAP_OPT_X_SASL_AUTHCID:
3186 case LDAP_OPT_X_SASL_AUTHZID:
3187 #endif
3188 #ifdef LDAP_OPT_X_SASL_USERNAME
3189 case LDAP_OPT_X_SASL_USERNAME:
3190 #endif
3191 #if (LDAP_API_VERSION > 2000)
3192 case LDAP_OPT_X_TLS_CACERTDIR:
3193 case LDAP_OPT_X_TLS_CACERTFILE:
3194 case LDAP_OPT_X_TLS_CERTFILE:
3195 case LDAP_OPT_X_TLS_CIPHER_SUITE:
3196 case LDAP_OPT_X_TLS_KEYFILE:
3197 case LDAP_OPT_X_TLS_RANDOM_FILE:
3198 #endif
3199 #ifdef LDAP_OPT_X_TLS_PACKAGE
3200 case LDAP_OPT_X_TLS_PACKAGE:
3201 #endif
3202 #ifdef LDAP_OPT_X_TLS_CRLFILE
3203 case LDAP_OPT_X_TLS_CRLFILE:
3204 #endif
3205 #ifdef LDAP_OPT_X_TLS_DHFILE
3206 case LDAP_OPT_X_TLS_DHFILE:
3207 #endif
3208 #ifdef LDAP_OPT_MATCHED_DN
3209 case LDAP_OPT_MATCHED_DN:
3210 #endif
3211 {
3212 char *val = NULL;
3213
3214 if (ldap_get_option(ld->link, option, &val) || val == NULL || *val == '\0') {
3215 if (val) {
3216 ldap_memfree(val);
3217 }
3218 RETURN_FALSE;
3219 }
3220 ZEND_TRY_ASSIGN_REF_STRING(retval, val);
3221 ldap_memfree(val);
3222 } break;
3223 case LDAP_OPT_SERVER_CONTROLS:
3224 case LDAP_OPT_CLIENT_CONTROLS:
3225 {
3226 LDAPControl **ctrls = NULL;
3227
3228 if (ldap_get_option(ld->link, option, &ctrls) || ctrls == NULL) {
3229 if (ctrls) {
3230 ldap_memfree(ctrls);
3231 }
3232 RETURN_FALSE;
3233 }
3234 _php_ldap_controls_to_array(ld->link, ctrls, retval, 1);
3235 } break;
3236 /* options not implemented
3237 case LDAP_OPT_API_INFO:
3238 case LDAP_OPT_API_FEATURE_INFO:
3239 */
3240 default:
3241 RETURN_FALSE;
3242 }
3243 RETURN_TRUE;
3244 }
3245 /* }}} */
3246
3247 /* {{{ Set the value of various session-wide parameters */
PHP_FUNCTION(ldap_set_option)3248 PHP_FUNCTION(ldap_set_option)
3249 {
3250 zval *link = NULL, *newval;
3251 ldap_linkdata *ld;
3252 LDAP *ldap;
3253 zend_long option;
3254
3255 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O!lz", &link, ldap_link_ce, &option, &newval) != SUCCESS) {
3256 RETURN_THROWS();
3257 }
3258
3259 if (!link) {
3260 ldap = NULL;
3261 } else {
3262 ld = Z_LDAP_LINK_P(link);
3263 VERIFY_LDAP_LINK_CONNECTED(ld);
3264 ldap = ld->link;
3265 }
3266
3267 switch (option) {
3268 /* options with int value */
3269 case LDAP_OPT_DEREF:
3270 case LDAP_OPT_SIZELIMIT:
3271 case LDAP_OPT_TIMELIMIT:
3272 case LDAP_OPT_PROTOCOL_VERSION:
3273 case LDAP_OPT_ERROR_NUMBER:
3274 #ifdef LDAP_OPT_DEBUG_LEVEL
3275 case LDAP_OPT_DEBUG_LEVEL:
3276 #endif
3277 #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
3278 case LDAP_OPT_X_TLS_REQUIRE_CERT:
3279 #endif
3280 #ifdef LDAP_OPT_X_TLS_CRLCHECK
3281 case LDAP_OPT_X_TLS_CRLCHECK:
3282 #endif
3283 #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
3284 case LDAP_OPT_X_TLS_PROTOCOL_MIN:
3285 #endif
3286 #ifdef LDAP_OPT_X_KEEPALIVE_IDLE
3287 case LDAP_OPT_X_KEEPALIVE_IDLE:
3288 case LDAP_OPT_X_KEEPALIVE_PROBES:
3289 case LDAP_OPT_X_KEEPALIVE_INTERVAL:
3290 #endif
3291 {
3292 int val;
3293
3294 convert_to_long(newval);
3295 if (ZEND_LONG_EXCEEDS_INT(Z_LVAL_P(newval))) {
3296 zend_argument_value_error(3, "is too large");
3297 RETURN_THROWS();
3298 }
3299 val = (int)Z_LVAL_P(newval);
3300 if (ldap_set_option(ldap, option, &val)) {
3301 RETURN_FALSE;
3302 }
3303 } break;
3304 #ifdef LDAP_OPT_NETWORK_TIMEOUT
3305 case LDAP_OPT_NETWORK_TIMEOUT:
3306 {
3307 struct timeval timeout;
3308
3309 convert_to_long(newval);
3310 timeout.tv_sec = Z_LVAL_P(newval);
3311 timeout.tv_usec = 0;
3312 if (ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, (void *) &timeout)) {
3313 RETURN_FALSE;
3314 }
3315 } break;
3316 #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
3317 case LDAP_X_OPT_CONNECT_TIMEOUT:
3318 {
3319 int timeout;
3320
3321 convert_to_long(newval);
3322 timeout = 1000 * Z_LVAL_P(newval); /* Convert to milliseconds */
3323 if (ldap_set_option(ldap, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout)) {
3324 RETURN_FALSE;
3325 }
3326 } break;
3327 #endif
3328 #ifdef LDAP_OPT_TIMEOUT
3329 case LDAP_OPT_TIMEOUT:
3330 {
3331 struct timeval timeout;
3332
3333 convert_to_long(newval);
3334 timeout.tv_sec = Z_LVAL_P(newval);
3335 timeout.tv_usec = 0;
3336 if (ldap_set_option(ldap, LDAP_OPT_TIMEOUT, (void *) &timeout)) {
3337 RETURN_FALSE;
3338 }
3339 } break;
3340 #endif
3341 /* options with string value */
3342 case LDAP_OPT_ERROR_STRING:
3343 #ifdef LDAP_OPT_HOST_NAME
3344 case LDAP_OPT_HOST_NAME:
3345 #endif
3346 #ifdef HAVE_LDAP_SASL
3347 case LDAP_OPT_X_SASL_MECH:
3348 case LDAP_OPT_X_SASL_REALM:
3349 case LDAP_OPT_X_SASL_AUTHCID:
3350 case LDAP_OPT_X_SASL_AUTHZID:
3351 #endif
3352 #if (LDAP_API_VERSION > 2000)
3353 case LDAP_OPT_X_TLS_CACERTDIR:
3354 case LDAP_OPT_X_TLS_CACERTFILE:
3355 case LDAP_OPT_X_TLS_CERTFILE:
3356 case LDAP_OPT_X_TLS_CIPHER_SUITE:
3357 case LDAP_OPT_X_TLS_KEYFILE:
3358 case LDAP_OPT_X_TLS_RANDOM_FILE:
3359 #endif
3360 #ifdef LDAP_OPT_X_TLS_CRLFILE
3361 case LDAP_OPT_X_TLS_CRLFILE:
3362 #endif
3363 #ifdef LDAP_OPT_X_TLS_DHFILE
3364 case LDAP_OPT_X_TLS_DHFILE:
3365 #endif
3366 #ifdef LDAP_OPT_MATCHED_DN
3367 case LDAP_OPT_MATCHED_DN:
3368 #endif
3369 {
3370 zend_string *val;
3371 val = zval_get_string(newval);
3372 if (EG(exception)) {
3373 RETURN_THROWS();
3374 }
3375 if (ldap_set_option(ldap, option, ZSTR_VAL(val))) {
3376 zend_string_release(val);
3377 RETURN_FALSE;
3378 }
3379 zend_string_release(val);
3380 } break;
3381 /* options with boolean value */
3382 case LDAP_OPT_REFERRALS:
3383 #ifdef LDAP_OPT_RESTART
3384 case LDAP_OPT_RESTART:
3385 #endif
3386 #ifdef LDAP_OPT_X_SASL_NOCANON
3387 case LDAP_OPT_X_SASL_NOCANON:
3388 #endif
3389 {
3390 void *val;
3391 val = zend_is_true(newval) ? LDAP_OPT_ON : LDAP_OPT_OFF;
3392 if (ldap_set_option(ldap, option, val)) {
3393 RETURN_FALSE;
3394 }
3395 } break;
3396 /* options with control list value */
3397 case LDAP_OPT_SERVER_CONTROLS:
3398 case LDAP_OPT_CLIENT_CONTROLS:
3399 {
3400 LDAPControl **ctrls;
3401 int rc;
3402
3403 if (Z_TYPE_P(newval) != IS_ARRAY) {
3404 zend_argument_type_error(3, "must be of type array for the LDAP_OPT_CLIENT_CONTROLS option, %s given", zend_zval_type_name(newval));
3405 RETURN_THROWS();
3406 }
3407
3408 ctrls = _php_ldap_controls_from_array(ldap, newval, 3);
3409
3410 if (ctrls == NULL) {
3411 RETURN_FALSE;
3412 } else {
3413 rc = ldap_set_option(ldap, option, ctrls);
3414 _php_ldap_controls_free(&ctrls);
3415 if (rc != LDAP_SUCCESS) {
3416 RETURN_FALSE;
3417 }
3418 }
3419 } break;
3420 default:
3421 RETURN_FALSE;
3422 }
3423 RETURN_TRUE;
3424 }
3425 /* }}} */
3426
3427 #ifdef HAVE_LDAP_PARSE_RESULT
3428 /* {{{ Extract information from result */
PHP_FUNCTION(ldap_parse_result)3429 PHP_FUNCTION(ldap_parse_result)
3430 {
3431 zval *link, *result, *errcode, *matcheddn, *errmsg, *referrals, *serverctrls;
3432 ldap_linkdata *ld;
3433 ldap_resultdata *ldap_result;
3434 LDAPControl **lserverctrls = NULL;
3435 char **lreferrals, **refp;
3436 char *lmatcheddn, *lerrmsg;
3437 int rc, lerrcode, myargcount = ZEND_NUM_ARGS();
3438
3439 if (zend_parse_parameters(myargcount, "OOz|zzzz", &link, ldap_link_ce, &result, ldap_result_ce, &errcode, &matcheddn, &errmsg, &referrals, &serverctrls) != SUCCESS) {
3440 RETURN_THROWS();
3441 }
3442
3443 ld = Z_LDAP_LINK_P(link);
3444 VERIFY_LDAP_LINK_CONNECTED(ld);
3445
3446 ldap_result = Z_LDAP_RESULT_P(result);
3447 VERIFY_LDAP_RESULT_OPEN(ldap_result);
3448
3449 rc = ldap_parse_result(ld->link, ldap_result->result, &lerrcode,
3450 myargcount > 3 ? &lmatcheddn : NULL,
3451 myargcount > 4 ? &lerrmsg : NULL,
3452 myargcount > 5 ? &lreferrals : NULL,
3453 myargcount > 6 ? &lserverctrls : NULL,
3454 0);
3455 if (rc != LDAP_SUCCESS) {
3456 php_error_docref(NULL, E_WARNING, "Unable to parse result: %s", ldap_err2string(rc));
3457 RETURN_FALSE;
3458 }
3459
3460 ZEND_TRY_ASSIGN_REF_LONG(errcode, lerrcode);
3461
3462 /* Reverse -> fall through */
3463 switch (myargcount) {
3464 case 7:
3465 _php_ldap_controls_to_array(ld->link, lserverctrls, serverctrls, 0);
3466 ZEND_FALLTHROUGH;
3467 case 6:
3468 referrals = zend_try_array_init(referrals);
3469 if (!referrals) {
3470 RETURN_THROWS();
3471 }
3472 if (lreferrals != NULL) {
3473 refp = lreferrals;
3474 while (*refp) {
3475 add_next_index_string(referrals, *refp);
3476 refp++;
3477 }
3478 ldap_memvfree((void**)lreferrals);
3479 }
3480 ZEND_FALLTHROUGH;
3481 case 5:
3482 if (lerrmsg == NULL) {
3483 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(errmsg);
3484 } else {
3485 ZEND_TRY_ASSIGN_REF_STRING(errmsg, lerrmsg);
3486 ldap_memfree(lerrmsg);
3487 }
3488 ZEND_FALLTHROUGH;
3489 case 4:
3490 if (lmatcheddn == NULL) {
3491 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(matcheddn);
3492 } else {
3493 ZEND_TRY_ASSIGN_REF_STRING(matcheddn, lmatcheddn);
3494 ldap_memfree(lmatcheddn);
3495 }
3496 }
3497 RETURN_TRUE;
3498 }
3499 /* }}} */
3500 #endif
3501
3502 /* {{{ Extended operation response parsing, Pierangelo Masarati */
3503 #ifdef HAVE_LDAP_PARSE_EXTENDED_RESULT
3504 /* {{{ Extract information from extended operation result */
PHP_FUNCTION(ldap_parse_exop)3505 PHP_FUNCTION(ldap_parse_exop)
3506 {
3507 zval *link, *result, *retdata, *retoid;
3508 ldap_linkdata *ld;
3509 ldap_resultdata *ldap_result;
3510 char *lretoid;
3511 struct berval *lretdata;
3512 int rc, myargcount = ZEND_NUM_ARGS();
3513
3514 if (zend_parse_parameters(myargcount, "OO|zz", &link, ldap_link_ce, &result, ldap_result_ce, &retdata, &retoid) != SUCCESS) {
3515 RETURN_THROWS();
3516 }
3517
3518 ld = Z_LDAP_LINK_P(link);
3519 VERIFY_LDAP_LINK_CONNECTED(ld);
3520
3521 ldap_result = Z_LDAP_RESULT_P(result);
3522 VERIFY_LDAP_RESULT_OPEN(ldap_result);
3523
3524 rc = ldap_parse_extended_result(ld->link, ldap_result->result,
3525 myargcount > 3 ? &lretoid: NULL,
3526 myargcount > 2 ? &lretdata: NULL,
3527 0);
3528 if (rc != LDAP_SUCCESS) {
3529 php_error_docref(NULL, E_WARNING, "Unable to parse extended operation result: %s", ldap_err2string(rc));
3530 RETURN_FALSE;
3531 }
3532
3533 /* Reverse -> fall through */
3534 switch (myargcount) {
3535 case 4:
3536 if (lretoid == NULL) {
3537 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retoid);
3538 } else {
3539 ZEND_TRY_ASSIGN_REF_STRING(retoid, lretoid);
3540 ldap_memfree(lretoid);
3541 }
3542 ZEND_FALLTHROUGH;
3543 case 3:
3544 /* use arg #3 as the data returned by the server */
3545 if (lretdata == NULL) {
3546 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retdata);
3547 } else {
3548 ZEND_TRY_ASSIGN_REF_STRINGL(retdata, lretdata->bv_val, lretdata->bv_len);
3549 ldap_memfree(lretdata->bv_val);
3550 ldap_memfree(lretdata);
3551 }
3552 }
3553 RETURN_TRUE;
3554 }
3555 /* }}} */
3556 #endif
3557 /* }}} */
3558
3559 /* {{{ Count the number of references in a search result */
PHP_FUNCTION(ldap_count_references)3560 PHP_FUNCTION(ldap_count_references)
3561 {
3562 zval *link, *result;
3563 ldap_linkdata *ld;
3564 ldap_resultdata *ldap_result;
3565
3566 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result, ldap_result_ce) != SUCCESS) {
3567 RETURN_THROWS();
3568 }
3569
3570 ld = Z_LDAP_LINK_P(link);
3571 VERIFY_LDAP_LINK_CONNECTED(ld);
3572
3573 ldap_result = Z_LDAP_RESULT_P(result);
3574 VERIFY_LDAP_RESULT_OPEN(ldap_result);
3575
3576 RETURN_LONG(ldap_count_references(ld->link, ldap_result->result));
3577 }
3578 /* }}} */
3579
3580 /* {{{ Return first reference */
PHP_FUNCTION(ldap_first_reference)3581 PHP_FUNCTION(ldap_first_reference)
3582 {
3583 zval *link, *result;
3584 ldap_linkdata *ld;
3585 ldap_result_entry *resultentry;
3586 ldap_resultdata *ldap_result;
3587 LDAPMessage *entry;
3588
3589 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result, ldap_result_ce) != SUCCESS) {
3590 RETURN_THROWS();
3591 }
3592
3593 ld = Z_LDAP_LINK_P(link);
3594 VERIFY_LDAP_LINK_CONNECTED(ld);
3595
3596 ldap_result = Z_LDAP_RESULT_P(result);
3597 VERIFY_LDAP_RESULT_OPEN(ldap_result);
3598
3599 if ((entry = ldap_first_reference(ld->link, ldap_result->result)) == NULL) {
3600 RETVAL_FALSE;
3601 } else {
3602 object_init_ex(return_value, ldap_result_entry_ce);
3603 resultentry = Z_LDAP_RESULT_ENTRY_P(return_value);
3604 ZVAL_COPY(&resultentry->res, result);
3605 resultentry->data = entry;
3606 resultentry->ber = NULL;
3607 }
3608 }
3609 /* }}} */
3610
3611 /* {{{ Get next reference */
PHP_FUNCTION(ldap_next_reference)3612 PHP_FUNCTION(ldap_next_reference)
3613 {
3614 zval *link, *result_entry;
3615 ldap_linkdata *ld;
3616 ldap_result_entry *resultentry, *resultentry_next;
3617 LDAPMessage *entry_next;
3618
3619 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
3620 RETURN_THROWS();
3621 }
3622
3623 ld = Z_LDAP_LINK_P(link);
3624 VERIFY_LDAP_LINK_CONNECTED(ld);
3625
3626 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
3627
3628 if ((entry_next = ldap_next_reference(ld->link, resultentry->data)) == NULL) {
3629 RETVAL_FALSE;
3630 } else {
3631 object_init_ex(return_value, ldap_result_entry_ce);
3632 resultentry_next = Z_LDAP_RESULT_ENTRY_P(return_value);
3633 ZVAL_COPY(&resultentry_next->res, &resultentry->res);
3634 resultentry_next->data = entry_next;
3635 resultentry_next->ber = NULL;
3636 }
3637 }
3638 /* }}} */
3639
3640 #ifdef HAVE_LDAP_PARSE_REFERENCE
3641 /* {{{ Extract information from reference entry */
PHP_FUNCTION(ldap_parse_reference)3642 PHP_FUNCTION(ldap_parse_reference)
3643 {
3644 zval *link, *result_entry, *referrals;
3645 ldap_linkdata *ld;
3646 ldap_result_entry *resultentry;
3647 char **lreferrals, **refp;
3648
3649 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OOz", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce, &referrals) != SUCCESS) {
3650 RETURN_THROWS();
3651 }
3652
3653 ld = Z_LDAP_LINK_P(link);
3654 VERIFY_LDAP_LINK_CONNECTED(ld);
3655
3656 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
3657
3658 if (ldap_parse_reference(ld->link, resultentry->data, &lreferrals, NULL /* &serverctrls */, 0) != LDAP_SUCCESS) {
3659 RETURN_FALSE;
3660 }
3661
3662 referrals = zend_try_array_init(referrals);
3663 if (!referrals) {
3664 RETURN_THROWS();
3665 }
3666
3667 if (lreferrals != NULL) {
3668 refp = lreferrals;
3669 while (*refp) {
3670 add_next_index_string(referrals, *refp);
3671 refp++;
3672 }
3673 ldap_memvfree((void**)lreferrals);
3674 }
3675 RETURN_TRUE;
3676 }
3677 /* }}} */
3678 #endif
3679
3680 /* {{{ php_ldap_do_rename */
php_ldap_do_rename(INTERNAL_FUNCTION_PARAMETERS,int ext)3681 static void php_ldap_do_rename(INTERNAL_FUNCTION_PARAMETERS, int ext)
3682 {
3683 zval *serverctrls = NULL;
3684 zval *link;
3685 ldap_linkdata *ld;
3686 LDAPControl **lserverctrls = NULL;
3687 ldap_resultdata *result;
3688 LDAPMessage *ldap_res;
3689 int rc, msgid;
3690 char *dn, *newrdn, *newparent;
3691 size_t dn_len, newrdn_len, newparent_len;
3692 bool deleteoldrdn;
3693
3694 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Osssb|a!", &link, ldap_link_ce, &dn, &dn_len, &newrdn, &newrdn_len, &newparent, &newparent_len, &deleteoldrdn, &serverctrls) != SUCCESS) {
3695 RETURN_THROWS();
3696 }
3697
3698 ld = Z_LDAP_LINK_P(link);
3699 VERIFY_LDAP_LINK_CONNECTED(ld);
3700
3701 if (newparent_len == 0) {
3702 newparent = NULL;
3703 }
3704
3705 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP)
3706 if (serverctrls) {
3707 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 6);
3708 if (lserverctrls == NULL) {
3709 RETVAL_FALSE;
3710 goto cleanup;
3711 }
3712 }
3713
3714 if (ext) {
3715 rc = ldap_rename(ld->link, dn, newrdn, newparent, deleteoldrdn, lserverctrls, NULL, &msgid);
3716 } else {
3717 rc = ldap_rename_s(ld->link, dn, newrdn, newparent, deleteoldrdn, lserverctrls, NULL);
3718 }
3719 #else
3720 if (newparent_len != 0) {
3721 php_error_docref(NULL, E_WARNING, "You are using old LDAP API, newparent must be the empty string, can only modify RDN");
3722 RETURN_FALSE;
3723 }
3724 if (serverctrls) {
3725 php_error_docref(NULL, E_WARNING, "You are using old LDAP API, controls are not supported");
3726 RETURN_FALSE;
3727 }
3728 if (ext) {
3729 php_error_docref(NULL, E_WARNING, "You are using old LDAP API, ldap_rename_ext is not supported");
3730 RETURN_FALSE;
3731 }
3732 /* could support old APIs but need check for ldap_modrdn2()/ldap_modrdn() */
3733 rc = ldap_modrdn2_s(ld->link, dn, newrdn, deleteoldrdn);
3734 #endif
3735
3736 if (rc != LDAP_SUCCESS) {
3737 RETVAL_FALSE;
3738 } else if (ext) {
3739 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
3740 if (rc == -1) {
3741 php_error_docref(NULL, E_WARNING, "Rename operation failed");
3742 RETVAL_FALSE;
3743 goto cleanup;
3744 }
3745
3746 /* return a PHP control object */
3747 object_init_ex(return_value, ldap_result_ce);
3748 result = Z_LDAP_RESULT_P(return_value);
3749 result->result = ldap_res;
3750 } else {
3751 RETVAL_TRUE;
3752 }
3753
3754 cleanup:
3755 if (lserverctrls) {
3756 _php_ldap_controls_free(&lserverctrls);
3757 }
3758
3759 return;
3760 }
3761 /* }}} */
3762
3763 /* {{{ Modify the name of an entry */
PHP_FUNCTION(ldap_rename)3764 PHP_FUNCTION(ldap_rename)
3765 {
3766 php_ldap_do_rename(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
3767 }
3768 /* }}} */
3769
3770 /* {{{ Modify the name of an entry */
PHP_FUNCTION(ldap_rename_ext)3771 PHP_FUNCTION(ldap_rename_ext)
3772 {
3773 php_ldap_do_rename(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
3774 }
3775 /* }}} */
3776
3777 #ifdef HAVE_LDAP_START_TLS_S
3778 /* {{{ Start TLS */
PHP_FUNCTION(ldap_start_tls)3779 PHP_FUNCTION(ldap_start_tls)
3780 {
3781 zval *link;
3782 ldap_linkdata *ld;
3783 int rc, protocol = LDAP_VERSION3;
3784
3785 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) != SUCCESS) {
3786 RETURN_THROWS();
3787 }
3788
3789 ld = Z_LDAP_LINK_P(link);
3790 VERIFY_LDAP_LINK_CONNECTED(ld);
3791
3792 if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &protocol)) != LDAP_SUCCESS) ||
3793 ((rc = ldap_start_tls_s(ld->link, NULL, NULL)) != LDAP_SUCCESS)
3794 ) {
3795 php_error_docref(NULL, E_WARNING,"Unable to start TLS: %s", ldap_err2string(rc));
3796 RETURN_FALSE;
3797 } else {
3798 RETURN_TRUE;
3799 }
3800 }
3801 /* }}} */
3802 #endif
3803 #endif /* (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) */
3804
3805 #if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
3806 /* {{{ _ldap_rebind_proc() */
_ldap_rebind_proc(LDAP * ldap,const char * url,ber_tag_t req,ber_int_t msgid,void * params)3807 int _ldap_rebind_proc(LDAP *ldap, const char *url, ber_tag_t req, ber_int_t msgid, void *params)
3808 {
3809 ldap_linkdata *ld = NULL;
3810 int retval;
3811 zval cb_args[2];
3812 zval cb_retval;
3813 zval *cb_link = (zval *) params;
3814
3815 ld = Z_LDAP_LINK_P(cb_link);
3816 if (!ld->link) {
3817 zend_throw_error(NULL, "LDAP connection has already been closed");
3818 return LDAP_OTHER;
3819 }
3820
3821 /* link exists and callback set? */
3822 if (Z_ISUNDEF(ld->rebindproc)) {
3823 php_error_docref(NULL, E_WARNING, "No callback set");
3824 return LDAP_OTHER;
3825 }
3826
3827 /* callback */
3828 ZVAL_COPY_VALUE(&cb_args[0], cb_link);
3829 ZVAL_STRING(&cb_args[1], url);
3830 if (call_user_function(EG(function_table), NULL, &ld->rebindproc, &cb_retval, 2, cb_args) == SUCCESS && !Z_ISUNDEF(cb_retval)) {
3831 retval = zval_get_long(&cb_retval);
3832 zval_ptr_dtor(&cb_retval);
3833 } else {
3834 php_error_docref(NULL, E_WARNING, "rebind_proc PHP callback failed");
3835 retval = LDAP_OTHER;
3836 }
3837 zval_ptr_dtor(&cb_args[1]);
3838 return retval;
3839 }
3840 /* }}} */
3841
3842 /* {{{ Set a callback function to do re-binds on referral chasing. */
PHP_FUNCTION(ldap_set_rebind_proc)3843 PHP_FUNCTION(ldap_set_rebind_proc)
3844 {
3845 zval *link;
3846 zend_fcall_info fci;
3847 zend_fcall_info_cache fcc;
3848 ldap_linkdata *ld;
3849
3850 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Of!", &link, ldap_link_ce, &fci, &fcc) == FAILURE) {
3851 RETURN_THROWS();
3852 }
3853
3854 ld = Z_LDAP_LINK_P(link);
3855 VERIFY_LDAP_LINK_CONNECTED(ld);
3856
3857 if (!ZEND_FCI_INITIALIZED(fci)) {
3858 /* unregister rebind procedure */
3859 if (!Z_ISUNDEF(ld->rebindproc)) {
3860 zval_ptr_dtor(&ld->rebindproc);
3861 ZVAL_UNDEF(&ld->rebindproc);
3862 ldap_set_rebind_proc(ld->link, NULL, NULL);
3863 }
3864 RETURN_TRUE;
3865 }
3866
3867 /* register rebind procedure */
3868 if (Z_ISUNDEF(ld->rebindproc)) {
3869 ldap_set_rebind_proc(ld->link, _ldap_rebind_proc, (void *) link);
3870 } else {
3871 zval_ptr_dtor(&ld->rebindproc);
3872 }
3873
3874 ZVAL_COPY(&ld->rebindproc, &fci.function_name);
3875 RETURN_TRUE;
3876 }
3877 /* }}} */
3878 #endif
3879
php_ldap_do_escape(const bool * map,const char * value,size_t valuelen,zend_long flags)3880 static zend_string* php_ldap_do_escape(const bool *map, const char *value, size_t valuelen, zend_long flags)
3881 {
3882 char hex[] = "0123456789abcdef";
3883 size_t i, p = 0;
3884 size_t len = 0;
3885 zend_string *ret;
3886
3887 for (i = 0; i < valuelen; i++) {
3888 len += (map[(unsigned char) value[i]]) ? 3 : 1;
3889 }
3890 /* Per RFC 4514, a leading and trailing space must be escaped */
3891 if ((flags & PHP_LDAP_ESCAPE_DN) && (value[0] == ' ')) {
3892 len += 2;
3893 }
3894 if ((flags & PHP_LDAP_ESCAPE_DN) && ((valuelen > 1) && (value[valuelen - 1] == ' '))) {
3895 len += 2;
3896 }
3897
3898 ret = zend_string_alloc(len, 0);
3899
3900 for (i = 0; i < valuelen; i++) {
3901 unsigned char v = (unsigned char) value[i];
3902
3903 if (map[v] || ((flags & PHP_LDAP_ESCAPE_DN) && ((i == 0) || (i + 1 == valuelen)) && (v == ' '))) {
3904 ZSTR_VAL(ret)[p++] = '\\';
3905 ZSTR_VAL(ret)[p++] = hex[v >> 4];
3906 ZSTR_VAL(ret)[p++] = hex[v & 0x0f];
3907 } else {
3908 ZSTR_VAL(ret)[p++] = v;
3909 }
3910 }
3911
3912 ZSTR_VAL(ret)[p] = '\0';
3913 ZSTR_LEN(ret) = p;
3914 return ret;
3915 }
3916
php_ldap_escape_map_set_chars(bool * map,const char * chars,const size_t charslen,char escape)3917 static void php_ldap_escape_map_set_chars(bool *map, const char *chars, const size_t charslen, char escape)
3918 {
3919 size_t i = 0;
3920 while (i < charslen) {
3921 map[(unsigned char) chars[i++]] = escape;
3922 }
3923 }
3924
PHP_FUNCTION(ldap_escape)3925 PHP_FUNCTION(ldap_escape)
3926 {
3927 char *value, *ignores;
3928 size_t valuelen = 0, ignoreslen = 0;
3929 int i;
3930 zend_long flags = 0;
3931 bool map[256] = {0}, havecharlist = 0;
3932
3933 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|sl", &value, &valuelen, &ignores, &ignoreslen, &flags) != SUCCESS) {
3934 RETURN_THROWS();
3935 }
3936
3937 if (!valuelen) {
3938 RETURN_EMPTY_STRING();
3939 }
3940
3941 if (flags & PHP_LDAP_ESCAPE_FILTER) {
3942 havecharlist = 1;
3943 php_ldap_escape_map_set_chars(map, "\\*()\0", sizeof("\\*()\0") - 1, 1);
3944 }
3945
3946 if (flags & PHP_LDAP_ESCAPE_DN) {
3947 havecharlist = 1;
3948 php_ldap_escape_map_set_chars(map, "\\,=+<>;\"#\r", sizeof("\\,=+<>;\"#\r") - 1, 1);
3949 }
3950
3951 if (!havecharlist) {
3952 for (i = 0; i < 256; i++) {
3953 map[i] = 1;
3954 }
3955 }
3956
3957 if (ignoreslen) {
3958 php_ldap_escape_map_set_chars(map, ignores, ignoreslen, 0);
3959 }
3960
3961 RETURN_NEW_STR(php_ldap_do_escape(map, value, valuelen, flags));
3962 }
3963
3964 #ifdef STR_TRANSLATION
3965 /* {{{ php_ldap_do_translate */
php_ldap_do_translate(INTERNAL_FUNCTION_PARAMETERS,int way)3966 static void php_ldap_do_translate(INTERNAL_FUNCTION_PARAMETERS, int way)
3967 {
3968 char *value;
3969 size_t value_len;
3970 int result;
3971
3972 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &value, &value_len) != SUCCESS) {
3973 RETURN_THROWS();
3974 }
3975
3976 if (value_len == 0) {
3977 RETURN_FALSE;
3978 }
3979
3980 if (way == 1) {
3981 result = ldap_8859_to_t61(&value, &value_len, 0);
3982 } else {
3983 result = ldap_t61_to_8859(&value, &value_len, 0);
3984 }
3985
3986 if (result == LDAP_SUCCESS) {
3987 RETVAL_STRINGL(value, value_len);
3988 free(value);
3989 } else {
3990 php_error_docref(NULL, E_WARNING, "Conversion from ISO-8859-1 to t61 failed: %s", ldap_err2string(result));
3991 RETVAL_FALSE;
3992 }
3993 }
3994 /* }}} */
3995
3996 /* {{{ Translate t61 characters to 8859 characters */
PHP_FUNCTION(ldap_t61_to_8859)3997 PHP_FUNCTION(ldap_t61_to_8859)
3998 {
3999 php_ldap_do_translate(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
4000 }
4001 /* }}} */
4002
4003 /* {{{ Translate 8859 characters to t61 characters */
PHP_FUNCTION(ldap_8859_to_t61)4004 PHP_FUNCTION(ldap_8859_to_t61)
4005 {
4006 php_ldap_do_translate(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
4007 }
4008 /* }}} */
4009 #endif
4010
4011 /* {{{ Extended operations, Pierangelo Masarati */
4012 #ifdef HAVE_LDAP_EXTENDED_OPERATION_S
4013 /* {{{ Extended operation */
PHP_FUNCTION(ldap_exop)4014 PHP_FUNCTION(ldap_exop)
4015 {
4016 zval *serverctrls = NULL;
4017 zval *link, *retdata = NULL, *retoid = NULL;
4018 char *lretoid = NULL;
4019 zend_string *reqoid, *reqdata = NULL;
4020 struct berval lreqdata, *lretdata = NULL;
4021 ldap_linkdata *ld;
4022 ldap_resultdata *result;
4023 LDAPMessage *ldap_res;
4024 LDAPControl **lserverctrls = NULL;
4025 int rc, msgid;
4026
4027 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OS|S!a!zz", &link, ldap_link_ce, &reqoid, &reqdata, &serverctrls, &retdata, &retoid) != SUCCESS) {
4028 RETURN_THROWS();
4029 }
4030
4031 ld = Z_LDAP_LINK_P(link);
4032 VERIFY_LDAP_LINK_CONNECTED(ld);
4033
4034 if (reqdata) {
4035 lreqdata.bv_val = ZSTR_VAL(reqdata);
4036 lreqdata.bv_len = ZSTR_LEN(reqdata);
4037 } else {
4038 lreqdata.bv_len = 0;
4039 }
4040
4041 if (serverctrls) {
4042 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
4043 if (lserverctrls == NULL) {
4044 RETVAL_FALSE;
4045 goto cleanup;
4046 }
4047 }
4048
4049 if (retdata) {
4050 /* synchronous call */
4051 rc = ldap_extended_operation_s(ld->link, ZSTR_VAL(reqoid),
4052 lreqdata.bv_len > 0 ? &lreqdata: NULL,
4053 lserverctrls,
4054 NULL,
4055 retoid ? &lretoid : NULL,
4056 &lretdata );
4057 if (rc != LDAP_SUCCESS ) {
4058 php_error_docref(NULL, E_WARNING, "Extended operation %s failed: %s (%d)", ZSTR_VAL(reqoid), ldap_err2string(rc), rc);
4059 RETVAL_FALSE;
4060 goto cleanup;
4061 }
4062
4063 if (retoid) {
4064 if (lretoid) {
4065 ZEND_TRY_ASSIGN_REF_STRING(retoid, lretoid);
4066 ldap_memfree(lretoid);
4067 } else {
4068 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retoid);
4069 }
4070 }
4071
4072 if (lretdata) {
4073 ZEND_TRY_ASSIGN_REF_STRINGL(retdata, lretdata->bv_val, lretdata->bv_len);
4074 ldap_memfree(lretdata->bv_val);
4075 ldap_memfree(lretdata);
4076 } else {
4077 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retdata);
4078 }
4079
4080 RETVAL_TRUE;
4081 goto cleanup;
4082 }
4083
4084 /* asynchronous call */
4085 rc = ldap_extended_operation(ld->link, ZSTR_VAL(reqoid),
4086 lreqdata.bv_len > 0 ? &lreqdata: NULL,
4087 lserverctrls,
4088 NULL,
4089 &msgid);
4090 if (rc != LDAP_SUCCESS ) {
4091 php_error_docref(NULL, E_WARNING, "Extended operation %s failed: %s (%d)", ZSTR_VAL(reqoid), ldap_err2string(rc), rc);
4092 RETVAL_FALSE;
4093 goto cleanup;
4094 }
4095
4096 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
4097 if (rc == -1) {
4098 php_error_docref(NULL, E_WARNING, "Extended operation %s failed", ZSTR_VAL(reqoid));
4099 RETVAL_FALSE;
4100 goto cleanup;
4101 }
4102
4103 /* return a PHP control object */
4104 object_init_ex(return_value, ldap_result_ce);
4105 result = Z_LDAP_RESULT_P(return_value);
4106 result->result = ldap_res;
4107
4108 cleanup:
4109 if (lserverctrls) {
4110 _php_ldap_controls_free(&lserverctrls);
4111 }
4112 }
4113 /* }}} */
4114 #endif
4115
4116 #ifdef HAVE_LDAP_PASSWD
4117 /* {{{ Passwd modify extended operation */
PHP_FUNCTION(ldap_exop_passwd)4118 PHP_FUNCTION(ldap_exop_passwd)
4119 {
4120 zval *link, *serverctrls;
4121 struct berval luser = { 0L, NULL };
4122 struct berval loldpw = { 0L, NULL };
4123 struct berval lnewpw = { 0L, NULL };
4124 struct berval lgenpasswd = { 0L, NULL };
4125 LDAPControl *ctrl, **lserverctrls = NULL, *requestctrls[2] = { NULL, NULL };
4126 LDAPMessage* ldap_res = NULL;
4127 ldap_linkdata *ld;
4128 int rc, myargcount = ZEND_NUM_ARGS(), msgid, err;
4129 char* errmsg = NULL;
4130
4131 if (zend_parse_parameters(myargcount, "O|sssz/", &link, ldap_link_ce, &luser.bv_val, &luser.bv_len, &loldpw.bv_val, &loldpw.bv_len, &lnewpw.bv_val, &lnewpw.bv_len, &serverctrls) == FAILURE) {
4132 RETURN_THROWS();
4133 }
4134
4135 ld = Z_LDAP_LINK_P(link);
4136 VERIFY_LDAP_LINK_CONNECTED(ld);
4137
4138 switch (myargcount) {
4139 case 5:
4140 /* ldap_create_passwordpolicy_control() allocates ctrl */
4141 if (ldap_create_passwordpolicy_control(ld->link, &ctrl) == LDAP_SUCCESS) {
4142 requestctrls[0] = ctrl;
4143 }
4144 }
4145
4146 /* asynchronous call to get result and controls */
4147 rc = ldap_passwd(ld->link, &luser,
4148 loldpw.bv_len > 0 ? &loldpw : NULL,
4149 lnewpw.bv_len > 0 ? &lnewpw : NULL,
4150 requestctrls,
4151 NULL, &msgid);
4152
4153 if (requestctrls[0] != NULL) {
4154 ldap_control_free(requestctrls[0]);
4155 }
4156
4157 if (rc != LDAP_SUCCESS ) {
4158 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4159 RETVAL_FALSE;
4160 goto cleanup;
4161 }
4162
4163 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
4164 if ((rc < 0) || !ldap_res) {
4165 rc = _get_lderrno(ld->link);
4166 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4167 RETVAL_FALSE;
4168 goto cleanup;
4169 }
4170
4171 rc = ldap_parse_passwd(ld->link, ldap_res, &lgenpasswd);
4172 if( rc != LDAP_SUCCESS ) {
4173 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4174 RETVAL_FALSE;
4175 goto cleanup;
4176 }
4177
4178 rc = ldap_parse_result(ld->link, ldap_res, &err, NULL, &errmsg, NULL, (myargcount > 4 ? &lserverctrls : NULL), 0);
4179 if( rc != LDAP_SUCCESS ) {
4180 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4181 RETVAL_FALSE;
4182 goto cleanup;
4183 }
4184
4185 if (myargcount > 4) {
4186 _php_ldap_controls_to_array(ld->link, lserverctrls, serverctrls, 0);
4187 }
4188
4189 /* return */
4190 if (lnewpw.bv_len == 0) {
4191 if (lgenpasswd.bv_len == 0) {
4192 RETVAL_EMPTY_STRING();
4193 } else {
4194 RETVAL_STRINGL(lgenpasswd.bv_val, lgenpasswd.bv_len);
4195 }
4196 } else if (err == LDAP_SUCCESS) {
4197 RETVAL_TRUE;
4198 } else {
4199 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", (errmsg ? errmsg : ldap_err2string(err)), err);
4200 RETVAL_FALSE;
4201 }
4202
4203 cleanup:
4204 if (lgenpasswd.bv_val != NULL) {
4205 ldap_memfree(lgenpasswd.bv_val);
4206 }
4207 if (ldap_res != NULL) {
4208 ldap_msgfree(ldap_res);
4209 }
4210 if (errmsg != NULL) {
4211 ldap_memfree(errmsg);
4212 }
4213 }
4214 /* }}} */
4215 #endif
4216
4217 #ifdef HAVE_LDAP_WHOAMI_S
4218 /* {{{ Whoami extended operation */
PHP_FUNCTION(ldap_exop_whoami)4219 PHP_FUNCTION(ldap_exop_whoami)
4220 {
4221 zval *link;
4222 struct berval *lauthzid;
4223 ldap_linkdata *ld;
4224 int rc;
4225
4226 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) == FAILURE) {
4227 RETURN_THROWS();
4228 }
4229
4230 ld = Z_LDAP_LINK_P(link);
4231 VERIFY_LDAP_LINK_CONNECTED(ld);
4232
4233 /* synchronous call */
4234 rc = ldap_whoami_s(ld->link, &lauthzid, NULL, NULL);
4235 if (rc != LDAP_SUCCESS ) {
4236 php_error_docref(NULL, E_WARNING, "Whoami extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4237 RETURN_FALSE;
4238 }
4239
4240 if (lauthzid == NULL) {
4241 RETVAL_EMPTY_STRING();
4242 } else {
4243 RETVAL_STRINGL(lauthzid->bv_val, lauthzid->bv_len);
4244 ldap_memfree(lauthzid->bv_val);
4245 ldap_memfree(lauthzid);
4246 }
4247 }
4248 /* }}} */
4249 #endif
4250
4251 #ifdef HAVE_LDAP_REFRESH_S
4252 /* {{{ DDS refresh extended operation */
PHP_FUNCTION(ldap_exop_refresh)4253 PHP_FUNCTION(ldap_exop_refresh)
4254 {
4255 zval *link;
4256 zend_long ttl;
4257 struct berval ldn;
4258 ber_int_t lttl;
4259 ber_int_t newttl;
4260 ldap_linkdata *ld;
4261 int rc;
4262
4263 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Osl", &link, ldap_link_ce, &ldn.bv_val, &ldn.bv_len, &ttl) != SUCCESS) {
4264 RETURN_THROWS();
4265 }
4266
4267 ld = Z_LDAP_LINK_P(link);
4268 VERIFY_LDAP_LINK_CONNECTED(ld);
4269
4270 lttl = (ber_int_t) ttl;
4271
4272 rc = ldap_refresh_s(ld->link, &ldn, lttl, &newttl, NULL, NULL);
4273 if (rc != LDAP_SUCCESS ) {
4274 php_error_docref(NULL, E_WARNING, "Refresh extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4275 RETURN_FALSE;
4276 }
4277
4278 RETURN_LONG(newttl);
4279 }
4280 /* }}} */
4281 #endif
4282
4283 zend_module_entry ldap_module_entry = { /* {{{ */
4284 STANDARD_MODULE_HEADER,
4285 "ldap",
4286 ext_functions,
4287 PHP_MINIT(ldap),
4288 PHP_MSHUTDOWN(ldap),
4289 NULL,
4290 NULL,
4291 PHP_MINFO(ldap),
4292 PHP_LDAP_VERSION,
4293 PHP_MODULE_GLOBALS(ldap),
4294 PHP_GINIT(ldap),
4295 NULL,
4296 NULL,
4297 STANDARD_MODULE_PROPERTIES_EX
4298 };
4299 /* }}} */
4300