1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Amitay Isaacs <amitay@w-o-i.com> |
14 | Eric Warnke <ericw@albany.edu> |
15 | Rasmus Lerdorf <rasmus@php.net> |
16 | Gerrit Thomson <334647@swin.edu.au> |
17 | Jani Taskinen <sniper@iki.fi> |
18 | Stig Venaas <venaas@uninett.no> |
19 | Doug Goldstein <cardoe@cardoe.com> |
20 | Côme Chilliet <mcmic@php.net> |
21 | PHP 4.0 updates: Zeev Suraski <zeev@php.net> |
22 +----------------------------------------------------------------------+
23 */
24
25 #ifdef HAVE_CONFIG_H
26 #include "config.h"
27 #endif
28
29 #include "php.h"
30 #include "php_ini.h"
31 #include "Zend/zend_attributes.h"
32
33 #include <stddef.h>
34
35 #include "ext/standard/dl.h"
36 #include "php_ldap.h"
37
38 #ifdef PHP_WIN32
39 #include <string.h>
40 #include "config.w32.h"
41 #undef WINDOWS
42 #undef strcasecmp
43 #undef strncasecmp
44 #define WINSOCK 1
45 #define __STDC__ 1
46 #endif
47
48 #include "ext/standard/info.h"
49
50 #ifdef HAVE_LDAP_SASL
51 #include <sasl/sasl.h>
52 #endif
53
54 #define PHP_LDAP_ESCAPE_FILTER 0x01
55 #define PHP_LDAP_ESCAPE_DN 0x02
56
57 #include "ldap_arginfo.h"
58
59 #if defined(LDAP_CONTROL_PAGEDRESULTS) && !defined(HAVE_LDAP_CONTROL_FIND)
ldap_control_find(const char * oid,LDAPControl ** ctrls,LDAPControl *** nextctrlp)60 LDAPControl *ldap_control_find( const char *oid, LDAPControl **ctrls, LDAPControl ***nextctrlp)
61 {
62 assert(nextctrlp == NULL);
63 return ldap_find_control(oid, ctrls);
64 }
65 #endif
66
67 #if !defined(LDAP_API_FEATURE_X_OPENLDAP)
ldap_memvfree(void ** v)68 void ldap_memvfree(void **v)
69 {
70 ldap_value_free((char **)v);
71 }
72 #endif
73
74 typedef struct {
75 LDAP *link;
76 #if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
77 zval rebindproc;
78 #endif
79 zend_object std;
80 } ldap_linkdata;
81
82 typedef struct {
83 LDAPMessage *result;
84 zend_object std;
85 } ldap_resultdata;
86
87 typedef struct {
88 LDAPMessage *data;
89 BerElement *ber;
90 zval res;
91 zend_object std;
92 } ldap_result_entry;
93
94 ZEND_DECLARE_MODULE_GLOBALS(ldap)
95 static PHP_GINIT_FUNCTION(ldap);
96
97 static zend_class_entry *ldap_link_ce, *ldap_result_ce, *ldap_result_entry_ce;
98 static zend_object_handlers ldap_link_object_handlers, ldap_result_object_handlers, ldap_result_entry_object_handlers;
99
100 #ifdef COMPILE_DL_LDAP
101 #ifdef ZTS
102 ZEND_TSRMLS_CACHE_DEFINE()
103 #endif
ZEND_GET_MODULE(ldap)104 ZEND_GET_MODULE(ldap)
105 #endif
106
107 static inline ldap_linkdata *ldap_link_from_obj(zend_object *obj) {
108 return (ldap_linkdata *)((char *)(obj) - XtOffsetOf(ldap_linkdata, std));
109 }
110
111 #define Z_LDAP_LINK_P(zv) ldap_link_from_obj(Z_OBJ_P(zv))
112
ldap_link_create_object(zend_class_entry * class_type)113 static zend_object *ldap_link_create_object(zend_class_entry *class_type) {
114 ldap_linkdata *intern = zend_object_alloc(sizeof(ldap_linkdata), class_type);
115
116 zend_object_std_init(&intern->std, class_type);
117 object_properties_init(&intern->std, class_type);
118
119 return &intern->std;
120 }
121
ldap_link_get_constructor(zend_object * object)122 static zend_function *ldap_link_get_constructor(zend_object *object) {
123 zend_throw_error(NULL, "Cannot directly construct LDAP\\Connection, use ldap_connect() instead");
124 return NULL;
125 }
126
ldap_link_free(ldap_linkdata * ld)127 static void ldap_link_free(ldap_linkdata *ld)
128 {
129 /* We use ldap_destroy rather than ldap_unbind here, because ldap_unbind
130 * will skip the destructor entirely if a critical client control is set. */
131 ldap_destroy(ld->link);
132 ld->link = NULL;
133
134 #if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
135 zval_ptr_dtor(&ld->rebindproc);
136 #endif
137
138 LDAPG(num_links)--;
139 }
140
ldap_link_free_obj(zend_object * obj)141 static void ldap_link_free_obj(zend_object *obj)
142 {
143 ldap_linkdata *ld = ldap_link_from_obj(obj);
144
145 if (ld->link) {
146 ldap_link_free(ld);
147 }
148
149 zend_object_std_dtor(&ld->std);
150 }
151
ldap_result_from_obj(zend_object * obj)152 static inline ldap_resultdata *ldap_result_from_obj(zend_object *obj) {
153 return (ldap_resultdata *)((char *)(obj) - XtOffsetOf(ldap_resultdata, std));
154 }
155
156 #define Z_LDAP_RESULT_P(zv) ldap_result_from_obj(Z_OBJ_P(zv))
157
ldap_result_create_object(zend_class_entry * class_type)158 static zend_object *ldap_result_create_object(zend_class_entry *class_type) {
159 ldap_resultdata *intern = zend_object_alloc(sizeof(ldap_resultdata), class_type);
160
161 zend_object_std_init(&intern->std, class_type);
162 object_properties_init(&intern->std, class_type);
163
164 return &intern->std;
165 }
166
ldap_result_get_constructor(zend_object * object)167 static zend_function *ldap_result_get_constructor(zend_object *object) {
168 zend_throw_error(NULL, "Cannot directly construct LDAP\\Result, use the dedicated functions instead");
169 return NULL;
170 }
171
ldap_result_free(ldap_resultdata * result)172 static void ldap_result_free(ldap_resultdata *result)
173 {
174 ldap_msgfree(result->result);
175 result->result = NULL;
176 }
177
ldap_result_free_obj(zend_object * obj)178 static void ldap_result_free_obj(zend_object *obj)
179 {
180 ldap_resultdata *result = ldap_result_from_obj(obj);
181
182 if (result->result) {
183 ldap_result_free(result);
184 }
185
186 zend_object_std_dtor(&result->std);
187 }
188
ldap_result_entry_from_obj(zend_object * obj)189 static inline ldap_result_entry *ldap_result_entry_from_obj(zend_object *obj) {
190 return (ldap_result_entry *)((char *)(obj) - XtOffsetOf(ldap_result_entry, std));
191 }
192
193 #define Z_LDAP_RESULT_ENTRY_P(zv) ldap_result_entry_from_obj(Z_OBJ_P(zv))
194
ldap_result_entry_create_object(zend_class_entry * class_type)195 static zend_object *ldap_result_entry_create_object(zend_class_entry *class_type) {
196 ldap_result_entry *intern = zend_object_alloc(sizeof(ldap_result_entry), class_type);
197
198 zend_object_std_init(&intern->std, class_type);
199 object_properties_init(&intern->std, class_type);
200
201 return &intern->std;
202 }
203
ldap_result_entry_get_constructor(zend_object * obj)204 static zend_function *ldap_result_entry_get_constructor(zend_object *obj) {
205 zend_throw_error(NULL, "Cannot directly construct LDAP\\ResultEntry, use the dedicated functions instead");
206 return NULL;
207 }
208
ldap_result_entry_free_obj(zend_object * obj)209 static void ldap_result_entry_free_obj(zend_object *obj)
210 {
211 ldap_result_entry *entry = ldap_result_entry_from_obj(obj);
212
213 if (entry->ber != NULL) {
214 ber_free(entry->ber, 0);
215 entry->ber = NULL;
216 }
217 zval_ptr_dtor(&entry->res);
218
219 zend_object_std_dtor(&entry->std);
220 }
221
222 #define VERIFY_LDAP_LINK_CONNECTED(ld) \
223 { \
224 if (!ld->link) { \
225 zend_throw_error(NULL, "LDAP connection has already been closed"); \
226 RETURN_THROWS(); \
227 } \
228 }
229
230 #define VERIFY_LDAP_RESULT_OPEN(lr) \
231 { \
232 if (!lr->result) { \
233 zend_throw_error(NULL, "LDAP result has already been closed"); \
234 RETURN_THROWS(); \
235 } \
236 }
237
238 /* {{{ Parse controls from and to arrays */
_php_ldap_control_to_array(LDAP * ld,LDAPControl * ctrl,zval * array,int request)239 static void _php_ldap_control_to_array(LDAP *ld, LDAPControl* ctrl, zval* array, int request)
240 {
241 array_init(array);
242
243 add_assoc_string(array, "oid", ctrl->ldctl_oid);
244 if (request) {
245 /* iscritical field only makes sense in request controls (which may be obtained by ldap_get_option) */
246 add_assoc_bool(array, "iscritical", (ctrl->ldctl_iscritical != 0));
247 }
248
249 /* If it is a known oid, parse to values */
250 if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) {
251 int expire = 0, grace = 0, rc;
252 LDAPPasswordPolicyError pperr;
253 zval value;
254
255 rc = ldap_parse_passwordpolicy_control(ld, ctrl, &expire, &grace, &pperr);
256 if ( rc == LDAP_SUCCESS ) {
257 array_init(&value);
258 add_assoc_long(&value, "expire", expire);
259 add_assoc_long(&value, "grace", grace);
260
261 if ( pperr != PP_noError ) {
262 add_assoc_long(&value, "error", pperr);
263 }
264 add_assoc_zval(array, "value", &value);
265 } else {
266 add_assoc_null(array, "value");
267 }
268 } else if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_PAGEDRESULTS) == 0) {
269 int lestimated, rc;
270 struct berval lcookie = { 0L, NULL };
271 zval value;
272
273 if (ctrl->ldctl_value.bv_len) {
274 /* ldap_parse_pageresponse_control() allocates lcookie.bv_val */
275 rc = ldap_parse_pageresponse_control(ld, ctrl, &lestimated, &lcookie);
276 } else {
277 /* ldap_parse_pageresponse_control will crash if value is empty */
278 rc = -1;
279 }
280
281 if ( rc == LDAP_SUCCESS ) {
282 array_init(&value);
283 add_assoc_long(&value, "size", lestimated);
284 add_assoc_stringl(&value, "cookie", lcookie.bv_val, lcookie.bv_len);
285 add_assoc_zval(array, "value", &value);
286 } else {
287 add_assoc_null(array, "value");
288 }
289
290 if (lcookie.bv_val) {
291 ldap_memfree(lcookie.bv_val);
292 }
293 } else if ((strcmp(ctrl->ldctl_oid, LDAP_CONTROL_PRE_READ) == 0) || (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_POST_READ) == 0)) {
294 BerElement *ber;
295 struct berval bv;
296
297 ber = ber_init(&ctrl->ldctl_value);
298 if (ber == NULL) {
299 add_assoc_null(array, "value");
300 } else if (ber_scanf(ber, "{m{" /*}}*/, &bv) == LBER_ERROR) {
301 add_assoc_null(array, "value");
302 } else {
303 zval value;
304
305 array_init(&value);
306 add_assoc_stringl(&value, "dn", bv.bv_val, bv.bv_len);
307
308 while (ber_scanf(ber, "{m" /*}*/, &bv) != LBER_ERROR) {
309 int i;
310 BerVarray vals = NULL;
311 zval tmp;
312
313 if (ber_scanf(ber, "[W]", &vals) == LBER_ERROR || vals == NULL)
314 {
315 break;
316 }
317
318 array_init(&tmp);
319 for (i = 0; vals[i].bv_val != NULL; i++) {
320 add_next_index_stringl(&tmp, vals[i].bv_val, vals[i].bv_len);
321 }
322 add_assoc_zval(&value, bv.bv_val, &tmp);
323
324 ber_bvarray_free(vals);
325 }
326 add_assoc_zval(array, "value", &value);
327 }
328
329 if (ber != NULL) {
330 ber_free(ber, 1);
331 }
332 } else if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_SORTRESPONSE) == 0) {
333 zval value;
334 int errcode, rc;
335 char* attribute;
336
337 if (ctrl->ldctl_value.bv_len) {
338 rc = ldap_parse_sortresponse_control(ld, ctrl, &errcode, &attribute);
339 } else {
340 rc = -1;
341 }
342 if ( rc == LDAP_SUCCESS ) {
343 array_init(&value);
344 add_assoc_long(&value, "errcode", errcode);
345 if (attribute) {
346 add_assoc_string(&value, "attribute", attribute);
347 ldap_memfree(attribute);
348 }
349 add_assoc_zval(array, "value", &value);
350 } else {
351 add_assoc_null(array, "value");
352 }
353 } else if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_VLVRESPONSE) == 0) {
354 int target, count, errcode, rc;
355 struct berval *context;
356 zval value;
357
358 if (ctrl->ldctl_value.bv_len) {
359 rc = ldap_parse_vlvresponse_control(ld, ctrl, &target, &count, &context, &errcode);
360 } else {
361 rc = -1;
362 }
363 if ( rc == LDAP_SUCCESS ) {
364 array_init(&value);
365 add_assoc_long(&value, "target", target);
366 add_assoc_long(&value, "count", count);
367 add_assoc_long(&value, "errcode", errcode);
368 if (context) {
369 add_assoc_stringl(&value, "context", context->bv_val, context->bv_len);
370 }
371 add_assoc_zval(array, "value", &value);
372 ber_bvfree(context);
373 } else {
374 add_assoc_null(array, "value");
375 }
376 } else {
377 if (ctrl->ldctl_value.bv_len) {
378 add_assoc_stringl(array, "value", ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len);
379 } else {
380 add_assoc_null(array, "value");
381 }
382 }
383 }
384
_php_ldap_control_from_array(LDAP * ld,LDAPControl ** ctrl,zval * array)385 static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* array)
386 {
387 zval* val;
388 zend_string *control_oid;
389 int control_iscritical = 0, rc = LDAP_SUCCESS;
390 char** ldap_attrs = NULL;
391 LDAPSortKey** sort_keys = NULL;
392 zend_string *tmpstring = NULL, **tmpstrings1 = NULL, **tmpstrings2 = NULL;
393 size_t num_tmpstrings1 = 0, num_tmpstrings2 = 0;
394
395 if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "oid", sizeof("oid") - 1)) == NULL) {
396 zend_value_error("%s(): Control must have an \"oid\" key", get_active_function_name());
397 return -1;
398 }
399
400 control_oid = zval_get_string(val);
401 if (EG(exception)) {
402 return -1;
403 }
404
405 if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "iscritical", sizeof("iscritical") - 1)) != NULL) {
406 control_iscritical = zend_is_true(val);
407 } else {
408 control_iscritical = 0;
409 }
410
411 BerElement *ber = NULL;
412 struct berval control_value = { 0L, NULL };
413 int control_value_alloc = 0;
414
415 if ((val = zend_hash_find(Z_ARRVAL_P(array), ZSTR_KNOWN(ZEND_STR_VALUE))) != NULL) {
416 if (Z_TYPE_P(val) != IS_ARRAY) {
417 tmpstring = zval_get_string(val);
418 if (EG(exception)) {
419 rc = -1;
420 goto failure;
421 }
422 control_value.bv_val = ZSTR_VAL(tmpstring);
423 control_value.bv_len = ZSTR_LEN(tmpstring);
424 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_PAGEDRESULTS) == 0) {
425 zval* tmp;
426 int pagesize = 1;
427 struct berval cookie = { 0L, NULL };
428 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "size", sizeof("size") - 1)) != NULL) {
429 pagesize = zval_get_long(tmp);
430 }
431 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "cookie", sizeof("cookie") - 1)) != NULL) {
432 tmpstring = zval_get_string(tmp);
433 if (EG(exception)) {
434 rc = -1;
435 goto failure;
436 }
437 cookie.bv_val = ZSTR_VAL(tmpstring);
438 cookie.bv_len = ZSTR_LEN(tmpstring);
439 }
440 /* ldap_create_page_control_value() allocates memory for control_value.bv_val */
441 control_value_alloc = 1;
442 rc = ldap_create_page_control_value(ld, pagesize, &cookie, &control_value);
443 if (rc != LDAP_SUCCESS) {
444 php_error_docref(NULL, E_WARNING, "Failed to create paged result control value: %s (%d)", ldap_err2string(rc), rc);
445 }
446 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_ASSERT) == 0) {
447 zval* tmp;
448 zend_string* assert;
449 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "filter", sizeof("filter") - 1)) == NULL) {
450 rc = -1;
451 zend_value_error("%s(): Control must have a \"filter\" key", get_active_function_name());
452 } else {
453 assert = zval_get_string(tmp);
454 if (EG(exception)) {
455 rc = -1;
456 goto failure;
457 }
458 /* ldap_create_assertion_control_value does not reset ld_errno, we need to do it ourselves
459 See http://www.openldap.org/its/index.cgi/Incoming?id=8674 */
460 int success = LDAP_SUCCESS;
461 ldap_set_option(ld, LDAP_OPT_RESULT_CODE, &success);
462 /* ldap_create_assertion_control_value() allocates memory for control_value.bv_val */
463 control_value_alloc = 1;
464 rc = ldap_create_assertion_control_value(ld, ZSTR_VAL(assert), &control_value);
465 if (rc != LDAP_SUCCESS) {
466 php_error_docref(NULL, E_WARNING, "Failed to create assert control value: %s (%d)", ldap_err2string(rc), rc);
467 }
468 zend_string_release(assert);
469 }
470 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_VALUESRETURNFILTER) == 0) {
471 zval* tmp;
472 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "filter", sizeof("filter") - 1)) == NULL) {
473 rc = -1;
474 zend_value_error("%s(): Control must have a \"filter\" key", get_active_function_name());
475 } else {
476 ber = ber_alloc_t(LBER_USE_DER);
477 if (ber == NULL) {
478 rc = -1;
479 php_error_docref(NULL, E_WARNING, "Failed to allocate control value");
480 } else {
481 tmpstring = zval_get_string(tmp);
482 if (EG(exception)) {
483 rc = -1;
484 goto failure;
485 }
486 if (ldap_put_vrFilter(ber, ZSTR_VAL(tmpstring)) == -1) {
487 rc = -1;
488 php_error_docref(NULL, E_WARNING, "Failed to create control value: Bad ValuesReturnFilter: %s", ZSTR_VAL(tmpstring));
489 } else if (ber_flatten2(ber, &control_value, control_value_alloc) == -1) {
490 rc = -1;
491 }
492 }
493 }
494 } else if ((strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_PRE_READ) == 0) || (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_POST_READ) == 0)) {
495 zval* tmp;
496 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "attrs", sizeof("attrs") - 1)) == NULL) {
497 rc = -1;
498 zend_value_error("%s(): Control must have an \"attrs\" key", get_active_function_name());
499 } else {
500 ber = ber_alloc_t(LBER_USE_DER);
501
502 if (ber == NULL) {
503 rc = -1;
504 php_error_docref(NULL, E_WARNING, "Failed to allocate control value");
505 } else {
506 int num_attribs, i;
507 zval* attr;
508
509 num_attribs = zend_hash_num_elements(Z_ARRVAL_P(tmp));
510 ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0);
511 tmpstrings1 = safe_emalloc(num_attribs, sizeof(zend_string*), 0);
512 num_tmpstrings1 = 0;
513
514 for (i = 0; i<num_attribs; i++) {
515 if ((attr = zend_hash_index_find(Z_ARRVAL_P(tmp), i)) == NULL) {
516 rc = -1;
517 php_error_docref(NULL, E_WARNING, "Failed to encode attribute list");
518 goto failure;
519 }
520
521 tmpstrings1[num_tmpstrings1] = zval_get_string(attr);
522 if (EG(exception)) {
523 rc = -1;
524 goto failure;
525 }
526 ldap_attrs[i] = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
527 ++num_tmpstrings1;
528 }
529 ldap_attrs[num_attribs] = NULL;
530
531 ber_init2( ber, NULL, LBER_USE_DER );
532
533 if (ber_printf(ber, "{v}", ldap_attrs) == -1) {
534 rc = -1;
535 php_error_docref(NULL, E_WARNING, "Failed to encode attribute list");
536 } else {
537 int err;
538 err = ber_flatten2(ber, &control_value, control_value_alloc);
539 if (err < 0) {
540 rc = -1;
541 php_error_docref(NULL, E_WARNING, "Failed to encode control value (%d)", err);
542 }
543 }
544 }
545 }
546 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_SORTREQUEST) == 0) {
547 int num_keys, i;
548 zval *sortkey, *tmp;
549
550 num_keys = zend_hash_num_elements(Z_ARRVAL_P(val));
551 sort_keys = safe_emalloc((num_keys+1), sizeof(LDAPSortKey*), 0);
552 tmpstrings1 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
553 tmpstrings2 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
554 num_tmpstrings1 = 0;
555 num_tmpstrings2 = 0;
556
557 for (i = 0; i<num_keys; i++) {
558 if ((sortkey = zend_hash_index_find(Z_ARRVAL_P(val), i)) == NULL) {
559 rc = -1;
560 php_error_docref(NULL, E_WARNING, "Failed to encode sort keys list");
561 goto failure;
562 }
563
564 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "attr", sizeof("attr") - 1)) == NULL) {
565 rc = -1;
566 zend_value_error("%s(): Sort key list must have an \"attr\" key", get_active_function_name());
567 goto failure;
568 }
569 sort_keys[i] = emalloc(sizeof(LDAPSortKey));
570 tmpstrings1[num_tmpstrings1] = zval_get_string(tmp);
571 if (EG(exception)) {
572 rc = -1;
573 goto failure;
574 }
575 sort_keys[i]->attributeType = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
576 ++num_tmpstrings1;
577
578 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "oid", sizeof("oid") - 1)) != NULL) {
579 tmpstrings2[num_tmpstrings2] = zval_get_string(tmp);
580 if (EG(exception)) {
581 rc = -1;
582 goto failure;
583 }
584 sort_keys[i]->orderingRule = ZSTR_VAL(tmpstrings2[num_tmpstrings2]);
585 ++num_tmpstrings2;
586 } else {
587 sort_keys[i]->orderingRule = NULL;
588 }
589
590 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "reverse", sizeof("reverse") - 1)) != NULL) {
591 sort_keys[i]->reverseOrder = zend_is_true(tmp);
592 } else {
593 sort_keys[i]->reverseOrder = 0;
594 }
595 }
596 sort_keys[num_keys] = NULL;
597 /* ldap_create_sort_control_value() allocates memory for control_value.bv_val */
598 control_value_alloc = 1;
599 rc = ldap_create_sort_control_value(ld, sort_keys, &control_value);
600 if (rc != LDAP_SUCCESS) {
601 php_error_docref(NULL, E_WARNING, "Failed to create sort control value: %s (%d)", ldap_err2string(rc), rc);
602 }
603 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_VLVREQUEST) == 0) {
604 zval* tmp;
605 LDAPVLVInfo vlvInfo;
606 struct berval attrValue;
607 struct berval context;
608
609 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "before", sizeof("before") - 1)) != NULL) {
610 vlvInfo.ldvlv_before_count = zval_get_long(tmp);
611 } else {
612 rc = -1;
613 zend_value_error("%s(): Array value for VLV control must have a \"before\" key", get_active_function_name());
614 goto failure;
615 }
616
617 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "after", sizeof("after") - 1)) != NULL) {
618 vlvInfo.ldvlv_after_count = zval_get_long(tmp);
619 } else {
620 rc = -1;
621 zend_value_error("%s(): Array value for VLV control must have an \"after\" key", get_active_function_name());
622 goto failure;
623 }
624
625 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "attrvalue", sizeof("attrvalue") - 1)) != NULL) {
626 tmpstring = zval_get_string(tmp);
627 if (EG(exception)) {
628 rc = -1;
629 goto failure;
630 }
631 attrValue.bv_val = ZSTR_VAL(tmpstring);
632 attrValue.bv_len = ZSTR_LEN(tmpstring);
633 vlvInfo.ldvlv_attrvalue = &attrValue;
634 } else if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "offset", sizeof("offset") - 1)) != NULL) {
635 vlvInfo.ldvlv_attrvalue = NULL;
636 vlvInfo.ldvlv_offset = zval_get_long(tmp);
637 /* Find "count" key */
638 if ((tmp = zend_hash_find(Z_ARRVAL_P(val), ZSTR_KNOWN(ZEND_STR_COUNT))) != NULL) {
639 vlvInfo.ldvlv_count = zval_get_long(tmp);
640 } else {
641 rc = -1;
642 zend_value_error("%s(): Array value for VLV control must have a \"count\" key", get_active_function_name());
643 goto failure;
644 }
645 } else {
646 rc = -1;
647 zend_value_error("%s(): Array value for VLV control must have either an \"attrvalue\" or an \"offset\" key", get_active_function_name());
648 goto failure;
649 }
650
651 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "context", sizeof("context") - 1)) != NULL) {
652 tmpstring = zval_get_string(tmp);
653 if (EG(exception)) {
654 rc = -1;
655 goto failure;
656 }
657 context.bv_val = ZSTR_VAL(tmpstring);
658 context.bv_len = ZSTR_LEN(tmpstring);
659 vlvInfo.ldvlv_context = &context;
660 } else {
661 vlvInfo.ldvlv_context = NULL;
662 }
663
664 /* ldap_create_vlv_control_value() allocates memory for control_value.bv_val */
665 control_value_alloc = 1;
666 rc = ldap_create_vlv_control_value(ld, &vlvInfo, &control_value);
667 if (rc != LDAP_SUCCESS) {
668 php_error_docref(NULL, E_WARNING, "Failed to create VLV control value: %s (%d)", ldap_err2string(rc), rc);
669 }
670 } else {
671 zend_type_error("%s(): Control OID %s cannot be of type array", get_active_function_name(), ZSTR_VAL(control_oid));
672 rc = -1;
673 }
674 }
675
676 if (rc == LDAP_SUCCESS) {
677 rc = ldap_control_create(ZSTR_VAL(control_oid), control_iscritical, &control_value, 1, ctrl);
678 }
679
680 failure:
681 zend_string_release(control_oid);
682 if (tmpstring != NULL) {
683 zend_string_release(tmpstring);
684 }
685 if (tmpstrings1 != NULL) {
686 int i;
687 for (i = 0; i < num_tmpstrings1; ++i) {
688 zend_string_release(tmpstrings1[i]);
689 }
690 efree(tmpstrings1);
691 }
692 if (tmpstrings2 != NULL) {
693 int i;
694 for (i = 0; i < num_tmpstrings2; ++i) {
695 zend_string_release(tmpstrings2[i]);
696 }
697 efree(tmpstrings2);
698 }
699 if (control_value.bv_val != NULL && control_value_alloc != 0) {
700 ber_memfree(control_value.bv_val);
701 }
702 if (ber != NULL) {
703 ber_free(ber, 1);
704 }
705 if (ldap_attrs != NULL) {
706 efree(ldap_attrs);
707 }
708 if (sort_keys != NULL) {
709 LDAPSortKey** sortp = sort_keys;
710 while (*sortp) {
711 efree(*sortp);
712 sortp++;
713 }
714 efree(sort_keys);
715 sort_keys = NULL;
716 }
717
718 if (rc == LDAP_SUCCESS) {
719 return LDAP_SUCCESS;
720 }
721
722 /* Failed */
723 *ctrl = NULL;
724 return -1;
725 }
726
_php_ldap_controls_to_array(LDAP * ld,LDAPControl ** ctrls,zval * array,int request)727 static void _php_ldap_controls_to_array(LDAP *ld, LDAPControl** ctrls, zval* array, int request)
728 {
729 zval tmp1;
730 LDAPControl **ctrlp;
731
732 array = zend_try_array_init(array);
733 if (!array) {
734 return;
735 }
736
737 if (ctrls == NULL) {
738 return;
739 }
740 ctrlp = ctrls;
741 while (*ctrlp != NULL) {
742 _php_ldap_control_to_array(ld, *ctrlp, &tmp1, request);
743 add_assoc_zval(array, (*ctrlp)->ldctl_oid, &tmp1);
744 ctrlp++;
745 }
746 ldap_controls_free(ctrls);
747 }
748
_php_ldap_controls_from_array(LDAP * ld,zval * array,uint32_t arg_num)749 static LDAPControl** _php_ldap_controls_from_array(LDAP *ld, zval* array, uint32_t arg_num)
750 {
751 int ncontrols;
752 LDAPControl** ctrlp, **ctrls = NULL;
753 zval* ctrlarray;
754 int error = 0;
755
756 ncontrols = zend_hash_num_elements(Z_ARRVAL_P(array));
757 ctrls = safe_emalloc((1 + ncontrols), sizeof(*ctrls), 0);
758 *ctrls = NULL;
759 ctrlp = ctrls;
760 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(array), ctrlarray) {
761 if (Z_TYPE_P(ctrlarray) != IS_ARRAY) {
762 zend_argument_type_error(arg_num, "must contain only arrays, where each array is a control");
763 error = 1;
764 break;
765 }
766
767 if (_php_ldap_control_from_array(ld, ctrlp, ctrlarray) == LDAP_SUCCESS) {
768 ++ctrlp;
769 } else {
770 error = 1;
771 break;
772 }
773
774 *ctrlp = NULL;
775 } ZEND_HASH_FOREACH_END();
776
777 if (error) {
778 ctrlp = ctrls;
779 while (*ctrlp) {
780 ldap_control_free(*ctrlp);
781 ctrlp++;
782 }
783 efree(ctrls);
784 ctrls = NULL;
785 }
786
787 return ctrls;
788 }
789
_php_ldap_controls_free(LDAPControl *** ctrls)790 static void _php_ldap_controls_free (LDAPControl*** ctrls)
791 {
792 LDAPControl **ctrlp;
793
794 if (*ctrls) {
795 ctrlp = *ctrls;
796 while (*ctrlp) {
797 ldap_control_free(*ctrlp);
798 ctrlp++;
799 }
800 efree(*ctrls);
801 *ctrls = NULL;
802 }
803 }
804 /* }}} */
805
806 /* {{{ PHP_INI_BEGIN */
807 PHP_INI_BEGIN()
808 STD_PHP_INI_ENTRY_EX("ldap.max_links", "-1", PHP_INI_SYSTEM, OnUpdateLong, max_links, zend_ldap_globals, ldap_globals, display_link_numbers)
PHP_INI_END()809 PHP_INI_END()
810 /* }}} */
811
812 /* {{{ PHP_GINIT_FUNCTION */
813 static PHP_GINIT_FUNCTION(ldap)
814 {
815 #if defined(COMPILE_DL_LDAP) && defined(ZTS)
816 ZEND_TSRMLS_CACHE_UPDATE();
817 #endif
818 ldap_globals->num_links = 0;
819 }
820 /* }}} */
821
822 /* {{{ PHP_MINIT_FUNCTION */
PHP_MINIT_FUNCTION(ldap)823 PHP_MINIT_FUNCTION(ldap)
824 {
825 REGISTER_INI_ENTRIES();
826
827 ldap_link_ce = register_class_LDAP_Connection();
828 ldap_link_ce->create_object = ldap_link_create_object;
829 ldap_link_ce->default_object_handlers = &ldap_link_object_handlers;
830
831 memcpy(&ldap_link_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
832 ldap_link_object_handlers.offset = XtOffsetOf(ldap_linkdata, std);
833 ldap_link_object_handlers.free_obj = ldap_link_free_obj;
834 ldap_link_object_handlers.get_constructor = ldap_link_get_constructor;
835 ldap_link_object_handlers.clone_obj = NULL;
836 ldap_link_object_handlers.compare = zend_objects_not_comparable;
837
838 ldap_result_ce = register_class_LDAP_Result();
839 ldap_result_ce->create_object = ldap_result_create_object;
840 ldap_result_ce->default_object_handlers = &ldap_result_object_handlers;
841
842 memcpy(&ldap_result_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
843 ldap_result_object_handlers.offset = XtOffsetOf(ldap_resultdata, std);
844 ldap_result_object_handlers.free_obj = ldap_result_free_obj;
845 ldap_result_object_handlers.get_constructor = ldap_result_get_constructor;
846 ldap_result_object_handlers.clone_obj = NULL;
847 ldap_result_object_handlers.compare = zend_objects_not_comparable;
848
849 ldap_result_entry_ce = register_class_LDAP_ResultEntry();
850 ldap_result_entry_ce->create_object = ldap_result_entry_create_object;
851 ldap_result_entry_ce->default_object_handlers = &ldap_result_entry_object_handlers;
852
853 memcpy(&ldap_result_entry_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
854 ldap_result_entry_object_handlers.offset = XtOffsetOf(ldap_result_entry, std);
855 ldap_result_entry_object_handlers.free_obj = ldap_result_entry_free_obj;
856 ldap_result_entry_object_handlers.get_constructor = ldap_result_entry_get_constructor;
857 ldap_result_entry_object_handlers.clone_obj = NULL;
858 ldap_result_entry_object_handlers.compare = zend_objects_not_comparable;
859
860 register_ldap_symbols(module_number);
861
862 ldap_module_entry.type = type;
863
864 return SUCCESS;
865 }
866 /* }}} */
867
868 /* {{{ PHP_MSHUTDOWN_FUNCTION */
PHP_MSHUTDOWN_FUNCTION(ldap)869 PHP_MSHUTDOWN_FUNCTION(ldap)
870 {
871 UNREGISTER_INI_ENTRIES();
872 return SUCCESS;
873 }
874 /* }}} */
875
876 /* {{{ PHP_MINFO_FUNCTION */
PHP_MINFO_FUNCTION(ldap)877 PHP_MINFO_FUNCTION(ldap)
878 {
879 char tmp[32];
880
881 php_info_print_table_start();
882 php_info_print_table_row(2, "LDAP Support", "enabled");
883
884 if (LDAPG(max_links) == -1) {
885 snprintf(tmp, 31, ZEND_LONG_FMT "/unlimited", LDAPG(num_links));
886 } else {
887 snprintf(tmp, 31, ZEND_LONG_FMT "/" ZEND_LONG_FMT, LDAPG(num_links), LDAPG(max_links));
888 }
889 php_info_print_table_row(2, "Total Links", tmp);
890
891 #ifdef LDAP_API_VERSION
892 snprintf(tmp, 31, "%d", LDAP_API_VERSION);
893 php_info_print_table_row(2, "API Version", tmp);
894 #endif
895
896 #ifdef LDAP_VENDOR_NAME
897 php_info_print_table_row(2, "Vendor Name", LDAP_VENDOR_NAME);
898 #endif
899
900 #ifdef LDAP_VENDOR_VERSION
901 snprintf(tmp, 31, "%d", LDAP_VENDOR_VERSION);
902 php_info_print_table_row(2, "Vendor Version", tmp);
903 #endif
904
905 #ifdef HAVE_LDAP_SASL
906 php_info_print_table_row(2, "SASL Support", "Enabled");
907 #endif
908
909 php_info_print_table_end();
910 DISPLAY_INI_ENTRIES();
911 }
912 /* }}} */
913
914 /* {{{ Connect to an LDAP server */
PHP_FUNCTION(ldap_connect)915 PHP_FUNCTION(ldap_connect)
916 {
917 char *host = NULL;
918 size_t hostlen = 0;
919 zend_long port = LDAP_PORT;
920 #ifdef HAVE_ORALDAP
921 char *wallet = NULL, *walletpasswd = NULL;
922 size_t walletlen = 0, walletpasswdlen = 0;
923 zend_long authmode = GSLC_SSL_NO_AUTH;
924 int ssl=0;
925 #endif
926 ldap_linkdata *ld;
927 LDAP *ldap = NULL;
928
929 if (ZEND_NUM_ARGS() == 2) {
930 zend_error(E_DEPRECATED, "Usage of ldap_connect with two arguments is deprecated");
931 }
932
933 #ifdef HAVE_ORALDAP
934 if (ZEND_NUM_ARGS() == 3 || ZEND_NUM_ARGS() == 4) {
935 WRONG_PARAM_COUNT;
936 }
937
938 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|s!lssl", &host, &hostlen, &port, &wallet, &walletlen, &walletpasswd, &walletpasswdlen, &authmode) != SUCCESS) {
939 RETURN_THROWS();
940 }
941
942 if (ZEND_NUM_ARGS() == 5) {
943 ssl = 1;
944 }
945 #else
946 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|s!l", &host, &hostlen, &port) != SUCCESS) {
947 RETURN_THROWS();
948 }
949 #endif
950
951 if (LDAPG(max_links) != -1 && LDAPG(num_links) >= LDAPG(max_links)) {
952 php_error_docref(NULL, E_WARNING, "Too many open links (" ZEND_LONG_FMT ")", LDAPG(num_links));
953 RETURN_FALSE;
954 }
955
956 object_init_ex(return_value, ldap_link_ce);
957 ld = Z_LDAP_LINK_P(return_value);
958
959 {
960 int rc = LDAP_SUCCESS;
961 char *url = host;
962 if (url && !ldap_is_ldap_url(url)) {
963 size_t urllen = hostlen + sizeof( "ldap://:65535" );
964
965 if (port <= 0 || port > 65535) {
966 zend_argument_value_error(2, "must be between 1 and 65535");
967 RETURN_THROWS();
968 }
969
970 url = emalloc(urllen);
971 snprintf( url, urllen, "ldap://%s:" ZEND_LONG_FMT, host, port );
972 }
973
974 #ifdef LDAP_API_FEATURE_X_OPENLDAP
975 /* ldap_init() is deprecated, use ldap_initialize() instead.
976 */
977 rc = ldap_initialize(&ldap, url);
978 #else /* ! LDAP_API_FEATURE_X_OPENLDAP */
979 /* ldap_init does not support URLs.
980 * We must try the original host and port information.
981 */
982 ldap = ldap_init(host, port);
983 if (ldap == NULL) {
984 zval_ptr_dtor(return_value);
985 php_error_docref(NULL, E_WARNING, "Could not create session handle");
986 RETURN_FALSE;
987 }
988 #endif /* ! LDAP_API_FEATURE_X_OPENLDAP */
989 if (url != host) {
990 efree(url);
991 }
992 if (rc != LDAP_SUCCESS) {
993 zval_ptr_dtor(return_value);
994 php_error_docref(NULL, E_WARNING, "Could not create session handle: %s", ldap_err2string(rc));
995 RETURN_FALSE;
996 }
997 }
998
999 if (ldap == NULL) {
1000 zval_ptr_dtor(return_value);
1001 RETURN_FALSE;
1002 } else {
1003 #ifdef HAVE_ORALDAP
1004 if (ssl) {
1005 if (ldap_init_SSL(&ldap->ld_sb, wallet, walletpasswd, authmode)) {
1006 zval_ptr_dtor(return_value);
1007 php_error_docref(NULL, E_WARNING, "SSL init failed");
1008 RETURN_FALSE;
1009 }
1010 }
1011 #endif
1012 LDAPG(num_links)++;
1013 ld->link = ldap;
1014 }
1015
1016 }
1017 /* }}} */
1018
1019 #if defined(HAVE_ORALDAP) && defined(LDAP_API_FEATURE_X_OPENLDAP)
PHP_FUNCTION(ldap_connect_wallet)1020 PHP_FUNCTION(ldap_connect_wallet) {
1021 char *host = NULL;
1022 size_t hostlen = 0;
1023 char *wallet = NULL, *walletpasswd = NULL;
1024 size_t walletlen = 0, walletpasswdlen = 0;
1025 zend_long authmode = GSLC_SSL_NO_AUTH;
1026 bool ssl = false;
1027
1028 ldap_linkdata *ld;
1029 LDAP *ldap = NULL;
1030
1031 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s!ss|l",
1032 &host, &hostlen, &wallet, &walletlen, &walletpasswd, &walletpasswdlen, &authmode) != SUCCESS
1033 ) {
1034 RETURN_THROWS();
1035 }
1036
1037 if (authmode != 0) {
1038 ssl = true;
1039 }
1040
1041 if (LDAPG(max_links) != -1 && LDAPG(num_links) >= LDAPG(max_links)) {
1042 php_error_docref(NULL, E_WARNING, "Too many open links (" ZEND_LONG_FMT ")", LDAPG(num_links));
1043 RETURN_FALSE;
1044 }
1045
1046 object_init_ex(return_value, ldap_link_ce);
1047 ld = Z_LDAP_LINK_P(return_value);
1048
1049 {
1050 int rc = LDAP_SUCCESS;
1051 char *url = host;
1052 if (url && !ldap_is_ldap_url(url)) {
1053 size_t urllen = hostlen + sizeof( "ldap://:65535" );
1054
1055 url = emalloc(urllen);
1056 snprintf( url, urllen, "ldap://%s", host );
1057 }
1058
1059 /* ldap_init() is deprecated, use ldap_initialize() instead. */
1060 rc = ldap_initialize(&ldap, url);
1061 if (url != host) {
1062 efree(url);
1063 }
1064 if (rc != LDAP_SUCCESS) {
1065 zval_ptr_dtor(return_value);
1066 php_error_docref(NULL, E_WARNING, "Could not create session handle: %s", ldap_err2string(rc));
1067 RETURN_FALSE;
1068 }
1069 }
1070
1071 if (ldap == NULL) {
1072 zval_ptr_dtor(return_value);
1073 RETURN_FALSE;
1074 } else {
1075 if (ssl) {
1076 if (ldap_init_SSL(&ldap->ld_sb, wallet, walletpasswd, authmode)) {
1077 zval_ptr_dtor(return_value);
1078 php_error_docref(NULL, E_WARNING, "SSL init failed");
1079 RETURN_FALSE;
1080 }
1081 }
1082 LDAPG(num_links)++;
1083 ld->link = ldap;
1084 }
1085 }
1086 #endif
1087
1088 /* {{{ _get_lderrno */
_get_lderrno(LDAP * ldap)1089 static int _get_lderrno(LDAP *ldap)
1090 {
1091 #if LDAP_API_VERSION > 2000 || defined(HAVE_ORALDAP)
1092 int lderr;
1093
1094 /* New versions of OpenLDAP do it this way */
1095 ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &lderr);
1096 return lderr;
1097 #else
1098 return ldap->ld_errno;
1099 #endif
1100 }
1101 /* }}} */
1102
1103 /* {{{ _set_lderrno */
_set_lderrno(LDAP * ldap,int lderr)1104 static void _set_lderrno(LDAP *ldap, int lderr)
1105 {
1106 #if LDAP_API_VERSION > 2000 || defined(HAVE_ORALDAP)
1107 /* New versions of OpenLDAP do it this way */
1108 ldap_set_option(ldap, LDAP_OPT_ERROR_NUMBER, &lderr);
1109 #else
1110 ldap->ld_errno = lderr;
1111 #endif
1112 }
1113 /* }}} */
1114
1115 /* {{{ Bind to LDAP directory */
PHP_FUNCTION(ldap_bind)1116 PHP_FUNCTION(ldap_bind)
1117 {
1118 zval *link;
1119 char *ldap_bind_dn = NULL, *ldap_bind_pw = NULL;
1120 size_t ldap_bind_dnlen, ldap_bind_pwlen;
1121 ldap_linkdata *ld;
1122 int rc;
1123
1124 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O|s!s!", &link, ldap_link_ce, &ldap_bind_dn, &ldap_bind_dnlen, &ldap_bind_pw, &ldap_bind_pwlen) != SUCCESS) {
1125 RETURN_THROWS();
1126 }
1127
1128 ld = Z_LDAP_LINK_P(link);
1129 VERIFY_LDAP_LINK_CONNECTED(ld);
1130
1131 if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
1132 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1133 zend_argument_type_error(2, "must not contain null bytes");
1134 RETURN_THROWS();
1135 }
1136
1137 if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
1138 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1139 zend_argument_type_error(3, "must not contain null bytes");
1140 RETURN_THROWS();
1141 }
1142
1143 {
1144 #ifdef LDAP_API_FEATURE_X_OPENLDAP
1145 /* ldap_simple_bind_s() is deprecated, use ldap_sasl_bind_s() instead.
1146 */
1147 struct berval cred;
1148
1149 cred.bv_val = ldap_bind_pw;
1150 cred.bv_len = ldap_bind_pw ? ldap_bind_pwlen : 0;
1151 rc = ldap_sasl_bind_s(ld->link, ldap_bind_dn, LDAP_SASL_SIMPLE, &cred,
1152 NULL, NULL, /* no controls right now */
1153 NULL); /* we don't care about the server's credentials */
1154 #else /* ! LDAP_API_FEATURE_X_OPENLDAP */
1155 rc = ldap_simple_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw);
1156 #endif /* ! LDAP_API_FEATURE_X_OPENLDAP */
1157 }
1158 if ( rc != LDAP_SUCCESS) {
1159 php_error_docref(NULL, E_WARNING, "Unable to bind to server: %s", ldap_err2string(rc));
1160 RETURN_FALSE;
1161 } else {
1162 RETURN_TRUE;
1163 }
1164 }
1165 /* }}} */
1166
1167 /* {{{ Bind to LDAP directory */
PHP_FUNCTION(ldap_bind_ext)1168 PHP_FUNCTION(ldap_bind_ext)
1169 {
1170 zval *serverctrls = NULL;
1171 zval *link;
1172 char *ldap_bind_dn = NULL, *ldap_bind_pw = NULL;
1173 size_t ldap_bind_dnlen, ldap_bind_pwlen;
1174 ldap_linkdata *ld;
1175 LDAPControl **lserverctrls = NULL;
1176 ldap_resultdata *result;
1177 LDAPMessage *ldap_res;
1178 int rc;
1179
1180 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O|s!s!a!", &link, ldap_link_ce, &ldap_bind_dn, &ldap_bind_dnlen, &ldap_bind_pw, &ldap_bind_pwlen, &serverctrls) != SUCCESS) {
1181 RETURN_THROWS();
1182 }
1183
1184 ld = Z_LDAP_LINK_P(link);
1185 VERIFY_LDAP_LINK_CONNECTED(ld);
1186
1187 if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
1188 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1189 zend_argument_type_error(2, "must not contain null bytes");
1190 RETURN_THROWS();
1191 }
1192
1193 if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
1194 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1195 zend_argument_type_error(3, "must not contain null bytes");
1196 RETURN_THROWS();
1197 }
1198
1199 if (serverctrls) {
1200 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
1201 if (lserverctrls == NULL) {
1202 RETVAL_FALSE;
1203 goto cleanup;
1204 }
1205 }
1206
1207 {
1208 /* ldap_simple_bind() is deprecated, use ldap_sasl_bind() instead */
1209 struct berval cred;
1210 int msgid;
1211
1212 cred.bv_val = ldap_bind_pw;
1213 cred.bv_len = ldap_bind_pw ? ldap_bind_pwlen : 0;
1214 /* asynchronous call */
1215 rc = ldap_sasl_bind(ld->link, ldap_bind_dn, LDAP_SASL_SIMPLE, &cred,
1216 lserverctrls, NULL, &msgid);
1217 if (rc != LDAP_SUCCESS ) {
1218 php_error_docref(NULL, E_WARNING, "Unable to bind to server: %s (%d)", ldap_err2string(rc), rc);
1219 RETVAL_FALSE;
1220 goto cleanup;
1221 }
1222
1223 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
1224 if (rc == -1) {
1225 php_error_docref(NULL, E_WARNING, "Bind operation failed");
1226 RETVAL_FALSE;
1227 goto cleanup;
1228 }
1229
1230 /* return a PHP control object */
1231 object_init_ex(return_value, ldap_result_ce);
1232 result = Z_LDAP_RESULT_P(return_value);
1233 result->result = ldap_res;
1234 }
1235
1236 cleanup:
1237 if (lserverctrls) {
1238 _php_ldap_controls_free(&lserverctrls);
1239 }
1240
1241 return;
1242 }
1243 /* }}} */
1244
1245 #ifdef HAVE_LDAP_SASL
1246 typedef struct {
1247 char *mech;
1248 char *realm;
1249 char *authcid;
1250 char *passwd;
1251 char *authzid;
1252 } php_ldap_bictx;
1253
1254 /* {{{ _php_sasl_setdefs */
_php_sasl_setdefs(LDAP * ld,char * sasl_mech,char * sasl_realm,char * sasl_authc_id,char * passwd,char * sasl_authz_id)1255 static php_ldap_bictx *_php_sasl_setdefs(LDAP *ld, char *sasl_mech, char *sasl_realm, char *sasl_authc_id, char *passwd, char *sasl_authz_id)
1256 {
1257 php_ldap_bictx *ctx;
1258
1259 ctx = ber_memalloc(sizeof(php_ldap_bictx));
1260 ctx->mech = (sasl_mech) ? ber_strdup(sasl_mech) : NULL;
1261 ctx->realm = (sasl_realm) ? ber_strdup(sasl_realm) : NULL;
1262 ctx->authcid = (sasl_authc_id) ? ber_strdup(sasl_authc_id) : NULL;
1263 ctx->passwd = (passwd) ? ber_strdup(passwd) : NULL;
1264 ctx->authzid = (sasl_authz_id) ? ber_strdup(sasl_authz_id) : NULL;
1265
1266 if (ctx->mech == NULL) {
1267 ldap_get_option(ld, LDAP_OPT_X_SASL_MECH, &ctx->mech);
1268 }
1269 if (ctx->realm == NULL) {
1270 ldap_get_option(ld, LDAP_OPT_X_SASL_REALM, &ctx->realm);
1271 }
1272 if (ctx->authcid == NULL) {
1273 ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHCID, &ctx->authcid);
1274 }
1275 if (ctx->authzid == NULL) {
1276 ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHZID, &ctx->authzid);
1277 }
1278
1279 return ctx;
1280 }
1281 /* }}} */
1282
1283 /* {{{ _php_sasl_freedefs */
_php_sasl_freedefs(php_ldap_bictx * ctx)1284 static void _php_sasl_freedefs(php_ldap_bictx *ctx)
1285 {
1286 if (ctx->mech) ber_memfree(ctx->mech);
1287 if (ctx->realm) ber_memfree(ctx->realm);
1288 if (ctx->authcid) ber_memfree(ctx->authcid);
1289 if (ctx->passwd) ber_memfree(ctx->passwd);
1290 if (ctx->authzid) ber_memfree(ctx->authzid);
1291 ber_memfree(ctx);
1292 }
1293 /* }}} */
1294
1295 /* {{{ _php_sasl_interact
1296 Internal interact function for SASL */
_php_sasl_interact(LDAP * ld,unsigned flags,void * defaults,void * in)1297 static int _php_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *in)
1298 {
1299 sasl_interact_t *interact = in;
1300 const char *p;
1301 php_ldap_bictx *ctx = defaults;
1302
1303 for (;interact->id != SASL_CB_LIST_END;interact++) {
1304 p = NULL;
1305 switch(interact->id) {
1306 case SASL_CB_GETREALM:
1307 p = ctx->realm;
1308 break;
1309 case SASL_CB_AUTHNAME:
1310 p = ctx->authcid;
1311 break;
1312 case SASL_CB_USER:
1313 p = ctx->authzid;
1314 break;
1315 case SASL_CB_PASS:
1316 p = ctx->passwd;
1317 break;
1318 }
1319 if (p) {
1320 interact->result = p;
1321 interact->len = strlen(interact->result);
1322 }
1323 }
1324 return LDAP_SUCCESS;
1325 }
1326 /* }}} */
1327
1328 /* {{{ Bind to LDAP directory using SASL */
PHP_FUNCTION(ldap_sasl_bind)1329 PHP_FUNCTION(ldap_sasl_bind)
1330 {
1331 zval *link;
1332 ldap_linkdata *ld;
1333 char *binddn = NULL;
1334 char *passwd = NULL;
1335 char *sasl_mech = NULL;
1336 char *sasl_realm = NULL;
1337 char *sasl_authz_id = NULL;
1338 char *sasl_authc_id = NULL;
1339 char *props = NULL;
1340 size_t rc, dn_len, passwd_len, mech_len, realm_len, authc_id_len, authz_id_len, props_len;
1341 php_ldap_bictx *ctx;
1342
1343 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O|s!s!s!s!s!s!s!", &link, ldap_link_ce, &binddn, &dn_len, &passwd, &passwd_len, &sasl_mech, &mech_len, &sasl_realm, &realm_len, &sasl_authc_id, &authc_id_len, &sasl_authz_id, &authz_id_len, &props, &props_len) != SUCCESS) {
1344 RETURN_THROWS();
1345 }
1346
1347 ld = Z_LDAP_LINK_P(link);
1348 VERIFY_LDAP_LINK_CONNECTED(ld);
1349
1350 ctx = _php_sasl_setdefs(ld->link, sasl_mech, sasl_realm, sasl_authc_id, passwd, sasl_authz_id);
1351
1352 if (props) {
1353 ldap_set_option(ld->link, LDAP_OPT_X_SASL_SECPROPS, props);
1354 }
1355
1356 rc = ldap_sasl_interactive_bind_s(ld->link, binddn, ctx->mech, NULL, NULL, LDAP_SASL_QUIET, _php_sasl_interact, ctx);
1357 if (rc != LDAP_SUCCESS) {
1358 php_error_docref(NULL, E_WARNING, "Unable to bind to server: %s", ldap_err2string(rc));
1359 RETVAL_FALSE;
1360 } else {
1361 RETVAL_TRUE;
1362 }
1363 _php_sasl_freedefs(ctx);
1364 }
1365 /* }}} */
1366 #endif /* HAVE_LDAP_SASL */
1367
1368 /* {{{ Unbind from LDAP directory */
PHP_FUNCTION(ldap_unbind)1369 PHP_FUNCTION(ldap_unbind)
1370 {
1371 zval *link;
1372 ldap_linkdata *ld;
1373
1374 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) != SUCCESS) {
1375 RETURN_THROWS();
1376 }
1377
1378 ld = Z_LDAP_LINK_P(link);
1379 VERIFY_LDAP_LINK_CONNECTED(ld);
1380
1381 ldap_link_free(ld);
1382
1383 RETURN_TRUE;
1384 }
1385 /* }}} */
1386
1387 /* {{{ php_set_opts */
php_set_opts(LDAP * ldap,int sizelimit,int timelimit,int deref,int * old_sizelimit,int * old_timelimit,int * old_deref)1388 static void php_set_opts(LDAP *ldap, int sizelimit, int timelimit, int deref, int *old_sizelimit, int *old_timelimit, int *old_deref)
1389 {
1390 /* sizelimit */
1391 if (sizelimit > -1) {
1392 #if (LDAP_API_VERSION >= 2004) || defined(HAVE_ORALDAP)
1393 ldap_get_option(ldap, LDAP_OPT_SIZELIMIT, old_sizelimit);
1394 ldap_set_option(ldap, LDAP_OPT_SIZELIMIT, &sizelimit);
1395 #else
1396 *old_sizelimit = ldap->ld_sizelimit;
1397 ldap->ld_sizelimit = sizelimit;
1398 #endif
1399 }
1400
1401 /* timelimit */
1402 if (timelimit > -1) {
1403 #if (LDAP_API_VERSION >= 2004) || defined(HAVE_ORALDAP)
1404 ldap_get_option(ldap, LDAP_OPT_TIMELIMIT, old_timelimit);
1405 ldap_set_option(ldap, LDAP_OPT_TIMELIMIT, &timelimit);
1406 #else
1407 *old_timelimit = ldap->ld_timelimit;
1408 ldap->ld_timelimit = timelimit;
1409 #endif
1410 }
1411
1412 /* deref */
1413 if (deref > -1) {
1414 #if (LDAP_API_VERSION >= 2004) || defined(HAVE_ORALDAP)
1415 ldap_get_option(ldap, LDAP_OPT_DEREF, old_deref);
1416 ldap_set_option(ldap, LDAP_OPT_DEREF, &deref);
1417 #else
1418 *old_deref = ldap->ld_deref;
1419 ldap->ld_deref = deref;
1420 #endif
1421 }
1422 }
1423 /* }}} */
1424
1425 /* {{{ php_ldap_do_search */
php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS,int scope)1426 static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
1427 {
1428 zval *link, *attrs = NULL, *attr, *serverctrls = NULL;
1429 zend_string *base_dn_str, *filter_str;
1430 HashTable *base_dn_ht, *filter_ht;
1431 zend_long attrsonly, sizelimit, timelimit, deref;
1432 zend_string *ldap_filter = NULL, *ldap_base_dn = NULL;
1433 char **ldap_attrs = NULL;
1434 ldap_linkdata *ld = NULL;
1435 ldap_resultdata *result;
1436 LDAPMessage *ldap_res = NULL;
1437 LDAPControl **lserverctrls = NULL;
1438 int ldap_attrsonly = 0, ldap_sizelimit = -1, ldap_timelimit = -1, ldap_deref = -1;
1439 int old_ldap_sizelimit = -1, old_ldap_timelimit = -1, old_ldap_deref = -1;
1440 int num_attribs = 0, ret = 1, i, ldap_errno, argcount = ZEND_NUM_ARGS();
1441
1442 ZEND_PARSE_PARAMETERS_START(3, 9)
1443 Z_PARAM_ZVAL(link)
1444 Z_PARAM_ARRAY_HT_OR_STR(base_dn_ht, base_dn_str)
1445 Z_PARAM_ARRAY_HT_OR_STR(filter_ht, filter_str)
1446 Z_PARAM_OPTIONAL
1447 Z_PARAM_ARRAY_EX(attrs, 0, 1)
1448 Z_PARAM_LONG(attrsonly)
1449 Z_PARAM_LONG(sizelimit)
1450 Z_PARAM_LONG(timelimit)
1451 Z_PARAM_LONG(deref)
1452 Z_PARAM_ARRAY_EX(serverctrls, 1, 1)
1453 ZEND_PARSE_PARAMETERS_END();
1454
1455 /* Reverse -> fall through */
1456 switch (argcount) {
1457 case 9:
1458 case 8:
1459 ldap_deref = deref;
1460 ZEND_FALLTHROUGH;
1461 case 7:
1462 ldap_timelimit = timelimit;
1463 ZEND_FALLTHROUGH;
1464 case 6:
1465 ldap_sizelimit = sizelimit;
1466 ZEND_FALLTHROUGH;
1467 case 5:
1468 ldap_attrsonly = attrsonly;
1469 ZEND_FALLTHROUGH;
1470 case 4:
1471 num_attribs = zend_hash_num_elements(Z_ARRVAL_P(attrs));
1472 ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0);
1473
1474 for (i = 0; i<num_attribs; i++) {
1475 if ((attr = zend_hash_index_find(Z_ARRVAL_P(attrs), i)) == NULL) {
1476 php_error_docref(NULL, E_WARNING, "Array initialization wrong");
1477 ret = 0;
1478 goto cleanup;
1479 }
1480
1481 convert_to_string(attr);
1482 if (EG(exception)) {
1483 ret = 0;
1484 goto cleanup;
1485 }
1486 ldap_attrs[i] = Z_STRVAL_P(attr);
1487 }
1488 ldap_attrs[num_attribs] = NULL;
1489 ZEND_FALLTHROUGH;
1490 default:
1491 break;
1492 }
1493
1494 /* parallel search? */
1495 if (Z_TYPE_P(link) == IS_ARRAY) {
1496 int i, nlinks, nbases, nfilters, *rcs;
1497 ldap_linkdata **lds;
1498 zval *entry, object;
1499
1500 nlinks = zend_hash_num_elements(Z_ARRVAL_P(link));
1501 if (nlinks == 0) {
1502 zend_argument_value_error(1, "cannot be empty");
1503 ret = 0;
1504 goto cleanup;
1505 }
1506
1507 if (base_dn_ht) {
1508 nbases = zend_hash_num_elements(base_dn_ht);
1509 if (nbases != nlinks) {
1510 zend_argument_value_error(2, "must have the same number of elements as the links array");
1511 ret = 0;
1512 goto cleanup;
1513 }
1514 zend_hash_internal_pointer_reset(base_dn_ht);
1515 } else {
1516 nbases = 0; /* this means string, not array */
1517 ldap_base_dn = zend_string_copy(base_dn_str);
1518 if (EG(exception)) {
1519 ret = 0;
1520 goto cleanup;
1521 }
1522 }
1523
1524 if (filter_ht) {
1525 nfilters = zend_hash_num_elements(filter_ht);
1526 if (nfilters != nlinks) {
1527 zend_argument_value_error(3, "must have the same number of elements as the links array");
1528 ret = 0;
1529 goto cleanup;
1530 }
1531 zend_hash_internal_pointer_reset(filter_ht);
1532 } else {
1533 nfilters = 0; /* this means string, not array */
1534 ldap_filter = zend_string_copy(filter_str);
1535 }
1536
1537 lds = safe_emalloc(nlinks, sizeof(ldap_linkdata), 0);
1538 rcs = safe_emalloc(nlinks, sizeof(*rcs), 0);
1539
1540 zend_hash_internal_pointer_reset(Z_ARRVAL_P(link));
1541 for (i=0; i<nlinks; i++) {
1542 entry = zend_hash_get_current_data(Z_ARRVAL_P(link));
1543
1544 if (Z_TYPE_P(entry) != IS_OBJECT || !instanceof_function(Z_OBJCE_P(entry), ldap_link_ce)) {
1545 zend_argument_value_error(1, "must only contain objects of type LDAP");
1546 ret = 0;
1547 goto cleanup_parallel;
1548 }
1549
1550 ld = Z_LDAP_LINK_P(entry);
1551 if (!ld->link) {
1552 zend_throw_error(NULL, "LDAP connection has already been closed");
1553 ret = 0;
1554 goto cleanup_parallel;
1555 }
1556
1557 if (nbases != 0) { /* base_dn an array? */
1558 entry = zend_hash_get_current_data(base_dn_ht);
1559 zend_hash_move_forward(base_dn_ht);
1560 ldap_base_dn = zval_get_string(entry);
1561 if (EG(exception)) {
1562 ret = 0;
1563 goto cleanup_parallel;
1564 }
1565 }
1566 if (nfilters != 0) { /* filter an array? */
1567 entry = zend_hash_get_current_data(filter_ht);
1568 zend_hash_move_forward(filter_ht);
1569 ldap_filter = zval_get_string(entry);
1570 if (EG(exception)) {
1571 ret = 0;
1572 goto cleanup_parallel;
1573 }
1574 }
1575
1576 if (serverctrls) {
1577 /* We have to parse controls again for each link as they use it */
1578 _php_ldap_controls_free(&lserverctrls);
1579 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 9);
1580 if (lserverctrls == NULL) {
1581 rcs[i] = -1;
1582 continue;
1583 }
1584 }
1585
1586 php_set_opts(ld->link, ldap_sizelimit, ldap_timelimit, ldap_deref, &old_ldap_sizelimit, &old_ldap_timelimit, &old_ldap_deref);
1587
1588 /* Run the actual search */
1589 ldap_search_ext(ld->link, ZSTR_VAL(ldap_base_dn), scope, ZSTR_VAL(ldap_filter), ldap_attrs, ldap_attrsonly, lserverctrls, NULL, NULL, ldap_sizelimit, &rcs[i]);
1590 lds[i] = ld;
1591 zend_hash_move_forward(Z_ARRVAL_P(link));
1592 }
1593
1594 array_init(return_value);
1595
1596 /* Collect results from the searches */
1597 for (i=0; i<nlinks; i++) {
1598 if (rcs[i] != -1) {
1599 rcs[i] = ldap_result(lds[i]->link, LDAP_RES_ANY, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
1600 }
1601 if (rcs[i] != -1) {
1602 object_init_ex(&object, ldap_result_ce);
1603 result = Z_LDAP_RESULT_P(&object);
1604 result->result = ldap_res;
1605 add_next_index_zval(return_value, &object);
1606 } else {
1607 add_next_index_bool(return_value, 0);
1608 }
1609 }
1610
1611 cleanup_parallel:
1612 efree(lds);
1613 efree(rcs);
1614 } else if (Z_TYPE_P(link) == IS_OBJECT && instanceof_function(Z_OBJCE_P(link), ldap_link_ce)) {
1615 ld = Z_LDAP_LINK_P(link);
1616 if (!ld->link) {
1617 zend_throw_error(NULL, "LDAP connection has already been closed");
1618 ret = 0;
1619 goto cleanup;
1620 }
1621
1622 if (!base_dn_str) {
1623 zend_argument_type_error(2, "must be of type string when argument #1 ($ldap) is an LDAP instance");
1624 ret = 0;
1625 goto cleanup;
1626 }
1627 ldap_base_dn = zend_string_copy(base_dn_str);
1628
1629 if (!filter_str) {
1630 zend_argument_type_error(3, "must be of type string when argument #1 ($ldap) is an LDAP instance");
1631 ret = 0;
1632 goto cleanup;
1633 }
1634 ldap_filter = zend_string_copy(filter_str);
1635
1636 if (serverctrls) {
1637 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 9);
1638 if (lserverctrls == NULL) {
1639 ret = 0;
1640 goto cleanup;
1641 }
1642 }
1643
1644 php_set_opts(ld->link, ldap_sizelimit, ldap_timelimit, ldap_deref, &old_ldap_sizelimit, &old_ldap_timelimit, &old_ldap_deref);
1645
1646 /* Run the actual search */
1647 ldap_errno = ldap_search_ext_s(ld->link, ZSTR_VAL(ldap_base_dn), scope, ZSTR_VAL(ldap_filter), ldap_attrs, ldap_attrsonly, lserverctrls, NULL, NULL, ldap_sizelimit, &ldap_res);
1648
1649 if (ldap_errno != LDAP_SUCCESS
1650 && ldap_errno != LDAP_SIZELIMIT_EXCEEDED
1651 #ifdef LDAP_ADMINLIMIT_EXCEEDED
1652 && ldap_errno != LDAP_ADMINLIMIT_EXCEEDED
1653 #endif
1654 #ifdef LDAP_REFERRAL
1655 && ldap_errno != LDAP_REFERRAL
1656 #endif
1657 ) {
1658 /* ldap_res should be freed regardless of return value of ldap_search_ext_s()
1659 * see: https://linux.die.net/man/3/ldap_search_ext_s */
1660 if (ldap_res != NULL) {
1661 ldap_msgfree(ldap_res);
1662 }
1663 php_error_docref(NULL, E_WARNING, "Search: %s", ldap_err2string(ldap_errno));
1664 ret = 0;
1665 } else {
1666 if (ldap_errno == LDAP_SIZELIMIT_EXCEEDED) {
1667 php_error_docref(NULL, E_WARNING, "Partial search results returned: Sizelimit exceeded");
1668 }
1669 #ifdef LDAP_ADMINLIMIT_EXCEEDED
1670 else if (ldap_errno == LDAP_ADMINLIMIT_EXCEEDED) {
1671 php_error_docref(NULL, E_WARNING, "Partial search results returned: Adminlimit exceeded");
1672 }
1673 #endif
1674 object_init_ex(return_value, ldap_result_ce);
1675 result = Z_LDAP_RESULT_P(return_value);
1676 result->result = ldap_res;
1677 }
1678 } else {
1679 zend_argument_type_error(1, "must be of type LDAP|array, %s given", zend_zval_value_name(link));
1680 }
1681
1682 cleanup:
1683 if (ld) {
1684 /* Restoring previous options */
1685 php_set_opts(ld->link, old_ldap_sizelimit, old_ldap_timelimit, old_ldap_deref, &ldap_sizelimit, &ldap_timelimit, &ldap_deref);
1686 }
1687 if (ldap_filter) {
1688 zend_string_release(ldap_filter);
1689 }
1690 if (ldap_base_dn) {
1691 zend_string_release(ldap_base_dn);
1692 }
1693 if (ldap_attrs != NULL) {
1694 efree(ldap_attrs);
1695 }
1696 if (!ret) {
1697 RETVAL_BOOL(ret);
1698 }
1699 if (lserverctrls) {
1700 _php_ldap_controls_free(&lserverctrls);
1701 }
1702 }
1703 /* }}} */
1704
1705 /* {{{ Read an entry */
PHP_FUNCTION(ldap_read)1706 PHP_FUNCTION(ldap_read)
1707 {
1708 php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_BASE);
1709 }
1710 /* }}} */
1711
1712 /* {{{ Single-level search */
PHP_FUNCTION(ldap_list)1713 PHP_FUNCTION(ldap_list)
1714 {
1715 php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_ONELEVEL);
1716 }
1717 /* }}} */
1718
1719 /* {{{ Search LDAP tree under base_dn */
PHP_FUNCTION(ldap_search)1720 PHP_FUNCTION(ldap_search)
1721 {
1722 php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_SUBTREE);
1723 }
1724 /* }}} */
1725
1726 /* {{{ Free result memory */
PHP_FUNCTION(ldap_free_result)1727 PHP_FUNCTION(ldap_free_result)
1728 {
1729 zval *result;
1730 ldap_resultdata *ldap_result;
1731
1732 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &result, ldap_result_ce) != SUCCESS) {
1733 RETURN_THROWS();
1734 }
1735
1736 ldap_result = Z_LDAP_RESULT_P(result);
1737 VERIFY_LDAP_RESULT_OPEN(ldap_result);
1738
1739 ldap_result_free(ldap_result);
1740
1741 RETVAL_TRUE;
1742 }
1743 /* }}} */
1744
1745 /* {{{ Count the number of entries in a search result */
PHP_FUNCTION(ldap_count_entries)1746 PHP_FUNCTION(ldap_count_entries)
1747 {
1748 zval *link, *result;
1749 ldap_linkdata *ld;
1750 ldap_resultdata *ldap_result;
1751
1752 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result, ldap_result_ce) != SUCCESS) {
1753 RETURN_THROWS();
1754 }
1755
1756 ld = Z_LDAP_LINK_P(link);
1757 VERIFY_LDAP_LINK_CONNECTED(ld);
1758
1759 ldap_result = Z_LDAP_RESULT_P(result);
1760 VERIFY_LDAP_RESULT_OPEN(ldap_result);
1761
1762 RETURN_LONG(ldap_count_entries(ld->link, ldap_result->result));
1763 }
1764 /* }}} */
1765
1766 /* {{{ Return first result id */
PHP_FUNCTION(ldap_first_entry)1767 PHP_FUNCTION(ldap_first_entry)
1768 {
1769 zval *link, *result;
1770 ldap_linkdata *ld;
1771 ldap_result_entry *resultentry;
1772 ldap_resultdata *ldap_result;
1773 LDAPMessage *entry;
1774
1775 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result, ldap_result_ce) != SUCCESS) {
1776 RETURN_THROWS();
1777 }
1778
1779 ld = Z_LDAP_LINK_P(link);
1780 VERIFY_LDAP_LINK_CONNECTED(ld);
1781
1782 ldap_result = Z_LDAP_RESULT_P(result);
1783 VERIFY_LDAP_RESULT_OPEN(ldap_result);
1784
1785 if ((entry = ldap_first_entry(ld->link, ldap_result->result)) == NULL) {
1786 RETVAL_FALSE;
1787 } else {
1788 object_init_ex(return_value, ldap_result_entry_ce);
1789 resultentry = Z_LDAP_RESULT_ENTRY_P(return_value);
1790 ZVAL_COPY(&resultentry->res, result);
1791 resultentry->data = entry;
1792 resultentry->ber = NULL;
1793 }
1794 }
1795 /* }}} */
1796
1797 /* {{{ Get next result entry */
PHP_FUNCTION(ldap_next_entry)1798 PHP_FUNCTION(ldap_next_entry)
1799 {
1800 zval *link, *result_entry;
1801 ldap_linkdata *ld;
1802 ldap_result_entry *resultentry, *resultentry_next;
1803 LDAPMessage *entry_next;
1804
1805 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
1806 RETURN_THROWS();
1807 }
1808
1809 ld = Z_LDAP_LINK_P(link);
1810 VERIFY_LDAP_LINK_CONNECTED(ld);
1811
1812 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
1813
1814 if ((entry_next = ldap_next_entry(ld->link, resultentry->data)) == NULL) {
1815 RETVAL_FALSE;
1816 } else {
1817 object_init_ex(return_value, ldap_result_entry_ce);
1818 resultentry_next = Z_LDAP_RESULT_ENTRY_P(return_value);
1819 ZVAL_COPY(&resultentry_next->res, &resultentry->res);
1820 resultentry_next->data = entry_next;
1821 resultentry_next->ber = NULL;
1822 }
1823 }
1824 /* }}} */
1825
1826 /* {{{ Get all result entries */
PHP_FUNCTION(ldap_get_entries)1827 PHP_FUNCTION(ldap_get_entries)
1828 {
1829 zval *link, *result;
1830 ldap_resultdata *ldap_result;
1831 LDAPMessage *ldap_result_entry;
1832 zval tmp1, tmp2;
1833 ldap_linkdata *ld;
1834 LDAP *ldap;
1835 int num_entries, num_attrib, num_values, i;
1836 BerElement *ber;
1837 char *attribute;
1838 size_t attr_len;
1839 struct berval **ldap_value;
1840 char *dn;
1841
1842 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result, ldap_result_ce) != SUCCESS) {
1843 RETURN_THROWS();
1844 }
1845
1846 ld = Z_LDAP_LINK_P(link);
1847 VERIFY_LDAP_LINK_CONNECTED(ld);
1848
1849 ldap_result = Z_LDAP_RESULT_P(result);
1850 VERIFY_LDAP_RESULT_OPEN(ldap_result);
1851
1852 ldap = ld->link;
1853 num_entries = ldap_count_entries(ldap, ldap_result->result);
1854
1855 array_init(return_value);
1856 add_assoc_long(return_value, "count", num_entries);
1857
1858 if (num_entries == 0) {
1859 return;
1860 }
1861
1862 ldap_result_entry = ldap_first_entry(ldap, ldap_result->result);
1863 if (ldap_result_entry == NULL) {
1864 zend_array_destroy(Z_ARR_P(return_value));
1865 RETURN_FALSE;
1866 }
1867
1868 num_entries = 0;
1869 while (ldap_result_entry != NULL) {
1870 array_init(&tmp1);
1871
1872 num_attrib = 0;
1873 attribute = ldap_first_attribute(ldap, ldap_result_entry, &ber);
1874
1875 while (attribute != NULL) {
1876 ldap_value = ldap_get_values_len(ldap, ldap_result_entry, attribute);
1877 num_values = ldap_count_values_len(ldap_value);
1878
1879 array_init(&tmp2);
1880 add_assoc_long(&tmp2, "count", num_values);
1881 for (i = 0; i < num_values; i++) {
1882 add_index_stringl(&tmp2, i, ldap_value[i]->bv_val, ldap_value[i]->bv_len);
1883 }
1884 ldap_value_free_len(ldap_value);
1885
1886 attr_len = strlen(attribute);
1887 zend_str_tolower(attribute, attr_len);
1888 zend_hash_str_update(Z_ARRVAL(tmp1), attribute, attr_len, &tmp2);
1889 add_index_string(&tmp1, num_attrib, attribute);
1890
1891 num_attrib++;
1892 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1893 ldap_memfree(attribute);
1894 #endif
1895 attribute = ldap_next_attribute(ldap, ldap_result_entry, ber);
1896 }
1897 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1898 if (ber != NULL) {
1899 ber_free(ber, 0);
1900 }
1901 #endif
1902
1903 add_assoc_long(&tmp1, "count", num_attrib);
1904 dn = ldap_get_dn(ldap, ldap_result_entry);
1905 if (dn) {
1906 add_assoc_string(&tmp1, "dn", dn);
1907 } else {
1908 add_assoc_null(&tmp1, "dn");
1909 }
1910 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1911 ldap_memfree(dn);
1912 #else
1913 free(dn);
1914 #endif
1915
1916 zend_hash_index_update(Z_ARRVAL_P(return_value), num_entries, &tmp1);
1917
1918 num_entries++;
1919 ldap_result_entry = ldap_next_entry(ldap, ldap_result_entry);
1920 }
1921
1922 add_assoc_long(return_value, "count", num_entries);
1923
1924 }
1925 /* }}} */
1926
1927 /* {{{ Return first attribute */
PHP_FUNCTION(ldap_first_attribute)1928 PHP_FUNCTION(ldap_first_attribute)
1929 {
1930 zval *link, *result_entry;
1931 ldap_linkdata *ld;
1932 ldap_result_entry *resultentry;
1933 char *attribute;
1934
1935 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
1936 RETURN_THROWS();
1937 }
1938
1939 ld = Z_LDAP_LINK_P(link);
1940 VERIFY_LDAP_LINK_CONNECTED(ld);
1941
1942 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
1943
1944 if ((attribute = ldap_first_attribute(ld->link, resultentry->data, &resultentry->ber)) == NULL) {
1945 RETURN_FALSE;
1946 } else {
1947 RETVAL_STRING(attribute);
1948 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1949 ldap_memfree(attribute);
1950 #endif
1951 }
1952 }
1953 /* }}} */
1954
1955 /* {{{ Get the next attribute in result */
PHP_FUNCTION(ldap_next_attribute)1956 PHP_FUNCTION(ldap_next_attribute)
1957 {
1958 zval *link, *result_entry;
1959 ldap_linkdata *ld;
1960 ldap_result_entry *resultentry;
1961 char *attribute;
1962
1963 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
1964 RETURN_THROWS();
1965 }
1966
1967 ld = Z_LDAP_LINK_P(link);
1968 VERIFY_LDAP_LINK_CONNECTED(ld);
1969
1970 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
1971
1972 if (resultentry->ber == NULL) {
1973 php_error_docref(NULL, E_WARNING, "Called before calling ldap_first_attribute() or no attributes found in result entry");
1974 RETURN_FALSE;
1975 }
1976
1977 if ((attribute = ldap_next_attribute(ld->link, resultentry->data, resultentry->ber)) == NULL) {
1978 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1979 if (resultentry->ber != NULL) {
1980 ber_free(resultentry->ber, 0);
1981 resultentry->ber = NULL;
1982 }
1983 #endif
1984 RETURN_FALSE;
1985 } else {
1986 RETVAL_STRING(attribute);
1987 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1988 ldap_memfree(attribute);
1989 #endif
1990 }
1991 }
1992 /* }}} */
1993
1994 /* {{{ Get attributes from a search result entry */
PHP_FUNCTION(ldap_get_attributes)1995 PHP_FUNCTION(ldap_get_attributes)
1996 {
1997 zval *link, *result_entry;
1998 zval tmp;
1999 ldap_linkdata *ld;
2000 ldap_result_entry *resultentry;
2001 char *attribute;
2002 struct berval **ldap_value;
2003 int i, num_values, num_attrib;
2004 BerElement *ber;
2005
2006 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
2007 RETURN_THROWS();
2008 }
2009
2010 ld = Z_LDAP_LINK_P(link);
2011 VERIFY_LDAP_LINK_CONNECTED(ld);
2012
2013 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
2014
2015 array_init(return_value);
2016 num_attrib = 0;
2017
2018 attribute = ldap_first_attribute(ld->link, resultentry->data, &ber);
2019 while (attribute != NULL) {
2020 ldap_value = ldap_get_values_len(ld->link, resultentry->data, attribute);
2021 num_values = ldap_count_values_len(ldap_value);
2022
2023 array_init(&tmp);
2024 add_assoc_long(&tmp, "count", num_values);
2025 for (i = 0; i < num_values; i++) {
2026 add_index_stringl(&tmp, i, ldap_value[i]->bv_val, ldap_value[i]->bv_len);
2027 }
2028 ldap_value_free_len(ldap_value);
2029
2030 zend_hash_str_update(Z_ARRVAL_P(return_value), attribute, strlen(attribute), &tmp);
2031 add_index_string(return_value, num_attrib, attribute);
2032
2033 num_attrib++;
2034 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2035 ldap_memfree(attribute);
2036 #endif
2037 attribute = ldap_next_attribute(ld->link, resultentry->data, ber);
2038 }
2039 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2040 if (ber != NULL) {
2041 ber_free(ber, 0);
2042 }
2043 #endif
2044
2045 add_assoc_long(return_value, "count", num_attrib);
2046 }
2047 /* }}} */
2048
2049 /* {{{ Get all values with lengths from a result entry */
PHP_FUNCTION(ldap_get_values_len)2050 PHP_FUNCTION(ldap_get_values_len)
2051 {
2052 zval *link, *result_entry;
2053 ldap_linkdata *ld;
2054 ldap_result_entry *resultentry;
2055 char *attr;
2056 struct berval **ldap_value_len;
2057 int i, num_values;
2058 size_t attr_len;
2059
2060 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OOs", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce, &attr, &attr_len) != SUCCESS) {
2061 RETURN_THROWS();
2062 }
2063
2064 ld = Z_LDAP_LINK_P(link);
2065 VERIFY_LDAP_LINK_CONNECTED(ld);
2066
2067 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
2068
2069 if ((ldap_value_len = ldap_get_values_len(ld->link, resultentry->data, attr)) == NULL) {
2070 php_error_docref(NULL, E_WARNING, "Cannot get the value(s) of attribute %s", ldap_err2string(_get_lderrno(ld->link)));
2071 RETURN_FALSE;
2072 }
2073
2074 num_values = ldap_count_values_len(ldap_value_len);
2075 array_init(return_value);
2076
2077 for (i=0; i<num_values; i++) {
2078 add_next_index_stringl(return_value, ldap_value_len[i]->bv_val, ldap_value_len[i]->bv_len);
2079 }
2080
2081 add_assoc_long(return_value, "count", num_values);
2082 ldap_value_free_len(ldap_value_len);
2083
2084 }
2085 /* }}} */
2086
2087 /* {{{ Get the DN of a result entry */
PHP_FUNCTION(ldap_get_dn)2088 PHP_FUNCTION(ldap_get_dn)
2089 {
2090 zval *link, *result_entry;
2091 ldap_linkdata *ld;
2092 ldap_result_entry *resultentry;
2093 char *text;
2094
2095 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
2096 RETURN_THROWS();
2097 }
2098
2099 ld = Z_LDAP_LINK_P(link);
2100 VERIFY_LDAP_LINK_CONNECTED(ld);
2101
2102 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
2103
2104 text = ldap_get_dn(ld->link, resultentry->data);
2105 if (text != NULL) {
2106 RETVAL_STRING(text);
2107 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2108 ldap_memfree(text);
2109 #else
2110 free(text);
2111 #endif
2112 } else {
2113 RETURN_FALSE;
2114 }
2115 }
2116 /* }}} */
2117
2118 /* {{{ Splits DN into its component parts */
PHP_FUNCTION(ldap_explode_dn)2119 PHP_FUNCTION(ldap_explode_dn)
2120 {
2121 zend_long with_attrib;
2122 char *dn, **ldap_value;
2123 int i, count;
2124 size_t dn_len;
2125
2126 if (zend_parse_parameters(ZEND_NUM_ARGS(), "sl", &dn, &dn_len, &with_attrib) != SUCCESS) {
2127 RETURN_THROWS();
2128 }
2129
2130 if (!(ldap_value = ldap_explode_dn(dn, with_attrib))) {
2131 /* Invalid parameters were passed to ldap_explode_dn */
2132 RETURN_FALSE;
2133 }
2134
2135 i=0;
2136 while (ldap_value[i] != NULL) i++;
2137 count = i;
2138
2139 array_init(return_value);
2140
2141 add_assoc_long(return_value, "count", count);
2142 for (i = 0; i<count; i++) {
2143 add_index_string(return_value, i, ldap_value[i]);
2144 }
2145
2146 ldap_memvfree((void **)ldap_value);
2147 }
2148 /* }}} */
2149
2150 /* {{{ Convert DN to User Friendly Naming format */
PHP_FUNCTION(ldap_dn2ufn)2151 PHP_FUNCTION(ldap_dn2ufn)
2152 {
2153 char *dn, *ufn;
2154 size_t dn_len;
2155
2156 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &dn, &dn_len) != SUCCESS) {
2157 RETURN_THROWS();
2158 }
2159
2160 ufn = ldap_dn2ufn(dn);
2161
2162 if (ufn != NULL) {
2163 RETVAL_STRING(ufn);
2164 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2165 ldap_memfree(ufn);
2166 #endif
2167 } else {
2168 RETURN_FALSE;
2169 }
2170 }
2171 /* }}} */
2172
2173
2174 /* added to fix use of ldap_modify_add for doing an ldap_add, gerrit thomson. */
2175 #define PHP_LD_FULL_ADD 0xff
2176 /* {{{ php_ldap_do_modify */
php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS,int oper,int ext)2177 static void php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS, int oper, int ext)
2178 {
2179 zval *serverctrls = NULL;
2180 zval *link, *entry, *value, *ivalue;
2181 ldap_linkdata *ld;
2182 char *dn;
2183 LDAPMod **ldap_mods;
2184 LDAPControl **lserverctrls = NULL;
2185 ldap_resultdata *result;
2186 LDAPMessage *ldap_res;
2187 int i, j, num_attribs, num_values, msgid;
2188 size_t dn_len;
2189 int *num_berval;
2190 zend_string *attribute;
2191 zend_ulong index;
2192 int is_full_add=0; /* flag for full add operation so ldap_mod_add can be put back into oper, gerrit THomson */
2193
2194 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Osa/|a!", &link, ldap_link_ce, &dn, &dn_len, &entry, &serverctrls) != SUCCESS) {
2195 RETURN_THROWS();
2196 }
2197
2198 ld = Z_LDAP_LINK_P(link);
2199 VERIFY_LDAP_LINK_CONNECTED(ld);
2200
2201 num_attribs = zend_hash_num_elements(Z_ARRVAL_P(entry));
2202 ldap_mods = safe_emalloc((num_attribs+1), sizeof(LDAPMod *), 0);
2203 num_berval = safe_emalloc(num_attribs, sizeof(int), 0);
2204 zend_hash_internal_pointer_reset(Z_ARRVAL_P(entry));
2205
2206 /* added by gerrit thomson to fix ldap_add using ldap_mod_add */
2207 if (oper == PHP_LD_FULL_ADD) {
2208 oper = LDAP_MOD_ADD;
2209 is_full_add = 1;
2210 }
2211 /* end additional , gerrit thomson */
2212
2213 for (i = 0; i < num_attribs; i++) {
2214 ldap_mods[i] = emalloc(sizeof(LDAPMod));
2215 ldap_mods[i]->mod_op = oper | LDAP_MOD_BVALUES;
2216 ldap_mods[i]->mod_type = NULL;
2217
2218 if (zend_hash_get_current_key(Z_ARRVAL_P(entry), &attribute, &index) == HASH_KEY_IS_STRING) {
2219 ldap_mods[i]->mod_type = estrndup(ZSTR_VAL(attribute), ZSTR_LEN(attribute));
2220 } else {
2221 php_error_docref(NULL, E_WARNING, "Unknown attribute in the data");
2222 /* Free allocated memory */
2223 while (i >= 0) {
2224 if (ldap_mods[i]->mod_type) {
2225 efree(ldap_mods[i]->mod_type);
2226 }
2227 efree(ldap_mods[i]);
2228 i--;
2229 }
2230 efree(num_berval);
2231 efree(ldap_mods);
2232 RETURN_FALSE;
2233 }
2234
2235 value = zend_hash_get_current_data(Z_ARRVAL_P(entry));
2236
2237 ZVAL_DEREF(value);
2238 if (Z_TYPE_P(value) != IS_ARRAY) {
2239 num_values = 1;
2240 } else {
2241 SEPARATE_ARRAY(value);
2242 num_values = zend_hash_num_elements(Z_ARRVAL_P(value));
2243 }
2244
2245 num_berval[i] = num_values;
2246 ldap_mods[i]->mod_bvalues = safe_emalloc((num_values + 1), sizeof(struct berval *), 0);
2247
2248 /* allow for arrays with one element, no allowance for arrays with none but probably not required, gerrit thomson. */
2249 if ((num_values == 1) && (Z_TYPE_P(value) != IS_ARRAY)) {
2250 convert_to_string(value);
2251 if (EG(exception)) {
2252 RETVAL_FALSE;
2253 goto cleanup;
2254 }
2255 ldap_mods[i]->mod_bvalues[0] = (struct berval *) emalloc (sizeof(struct berval));
2256 ldap_mods[i]->mod_bvalues[0]->bv_val = Z_STRVAL_P(value);
2257 ldap_mods[i]->mod_bvalues[0]->bv_len = Z_STRLEN_P(value);
2258 } else {
2259 for (j = 0; j < num_values; j++) {
2260 if ((ivalue = zend_hash_index_find(Z_ARRVAL_P(value), j)) == NULL) {
2261 zend_argument_value_error(3, "must contain arrays with consecutive integer indices starting from 0");
2262 num_berval[i] = j;
2263 num_attribs = i + 1;
2264 RETVAL_FALSE;
2265 goto cleanup;
2266 }
2267 convert_to_string(ivalue);
2268 if (EG(exception)) {
2269 RETVAL_FALSE;
2270 goto cleanup;
2271 }
2272 ldap_mods[i]->mod_bvalues[j] = (struct berval *) emalloc (sizeof(struct berval));
2273 ldap_mods[i]->mod_bvalues[j]->bv_val = Z_STRVAL_P(ivalue);
2274 ldap_mods[i]->mod_bvalues[j]->bv_len = Z_STRLEN_P(ivalue);
2275 }
2276 }
2277 ldap_mods[i]->mod_bvalues[num_values] = NULL;
2278 zend_hash_move_forward(Z_ARRVAL_P(entry));
2279 }
2280 ldap_mods[num_attribs] = NULL;
2281
2282 if (serverctrls) {
2283 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
2284 if (lserverctrls == NULL) {
2285 RETVAL_FALSE;
2286 goto cleanup;
2287 }
2288 }
2289
2290 /* check flag to see if do_mod was called to perform full add , gerrit thomson */
2291 if (is_full_add == 1) {
2292 if (ext) {
2293 i = ldap_add_ext(ld->link, dn, ldap_mods, lserverctrls, NULL, &msgid);
2294 } else {
2295 i = ldap_add_ext_s(ld->link, dn, ldap_mods, lserverctrls, NULL);
2296 }
2297 if (i != LDAP_SUCCESS) {
2298 php_error_docref(NULL, E_WARNING, "Add: %s", ldap_err2string(i));
2299 RETVAL_FALSE;
2300 } else if (ext) {
2301 i = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
2302 if (i == -1) {
2303 php_error_docref(NULL, E_WARNING, "Add operation failed");
2304 RETVAL_FALSE;
2305 goto cleanup;
2306 }
2307
2308 /* return a PHP control object */
2309 object_init_ex(return_value, ldap_result_ce);
2310 result = Z_LDAP_RESULT_P(return_value);
2311 result->result = ldap_res;
2312 } else RETVAL_TRUE;
2313 } else {
2314 if (ext) {
2315 i = ldap_modify_ext(ld->link, dn, ldap_mods, lserverctrls, NULL, &msgid);
2316 } else {
2317 i = ldap_modify_ext_s(ld->link, dn, ldap_mods, lserverctrls, NULL);
2318 }
2319 if (i != LDAP_SUCCESS) {
2320 php_error_docref(NULL, E_WARNING, "Modify: %s", ldap_err2string(i));
2321 RETVAL_FALSE;
2322 } else if (ext) {
2323 i = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
2324 if (i == -1) {
2325 php_error_docref(NULL, E_WARNING, "Modify operation failed");
2326 RETVAL_FALSE;
2327 goto cleanup;
2328 }
2329
2330 /* return a PHP control object */
2331 object_init_ex(return_value, ldap_result_ce);
2332 result = Z_LDAP_RESULT_P(return_value);
2333 result->result = ldap_res;
2334 } else RETVAL_TRUE;
2335 }
2336
2337 cleanup:
2338 for (i = 0; i < num_attribs; i++) {
2339 efree(ldap_mods[i]->mod_type);
2340 for (j = 0; j < num_berval[i]; j++) {
2341 efree(ldap_mods[i]->mod_bvalues[j]);
2342 }
2343 efree(ldap_mods[i]->mod_bvalues);
2344 efree(ldap_mods[i]);
2345 }
2346 efree(num_berval);
2347 efree(ldap_mods);
2348
2349 if (lserverctrls) {
2350 _php_ldap_controls_free(&lserverctrls);
2351 }
2352
2353 return;
2354 }
2355 /* }}} */
2356
2357 /* {{{ Add entries to LDAP directory */
PHP_FUNCTION(ldap_add)2358 PHP_FUNCTION(ldap_add)
2359 {
2360 /* use a newly define parameter into the do_modify so ldap_mod_add can be used the way it is supposed to be used , Gerrit THomson */
2361 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_LD_FULL_ADD, 0);
2362 }
2363 /* }}} */
2364
2365 /* {{{ Add entries to LDAP directory */
PHP_FUNCTION(ldap_add_ext)2366 PHP_FUNCTION(ldap_add_ext)
2367 {
2368 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_LD_FULL_ADD, 1);
2369 }
2370 /* }}} */
2371
2372 /* three functions for attribute base modifications, gerrit Thomson */
2373
2374 /* {{{ Replace attribute values with new ones */
PHP_FUNCTION(ldap_mod_replace)2375 PHP_FUNCTION(ldap_mod_replace)
2376 {
2377 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_REPLACE, 0);
2378 }
2379 /* }}} */
2380
2381 /* {{{ Replace attribute values with new ones */
PHP_FUNCTION(ldap_mod_replace_ext)2382 PHP_FUNCTION(ldap_mod_replace_ext)
2383 {
2384 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_REPLACE, 1);
2385 }
2386 /* }}} */
2387
2388 /* {{{ Add attribute values to current */
PHP_FUNCTION(ldap_mod_add)2389 PHP_FUNCTION(ldap_mod_add)
2390 {
2391 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_ADD, 0);
2392 }
2393 /* }}} */
2394
2395 /* {{{ Add attribute values to current */
PHP_FUNCTION(ldap_mod_add_ext)2396 PHP_FUNCTION(ldap_mod_add_ext)
2397 {
2398 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_ADD, 1);
2399 }
2400 /* }}} */
2401
2402 /* {{{ Delete attribute values */
PHP_FUNCTION(ldap_mod_del)2403 PHP_FUNCTION(ldap_mod_del)
2404 {
2405 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_DELETE, 0);
2406 }
2407 /* }}} */
2408
2409 /* {{{ Delete attribute values */
PHP_FUNCTION(ldap_mod_del_ext)2410 PHP_FUNCTION(ldap_mod_del_ext)
2411 {
2412 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_DELETE, 1);
2413 }
2414 /* }}} */
2415
2416 /* {{{ php_ldap_do_delete */
php_ldap_do_delete(INTERNAL_FUNCTION_PARAMETERS,int ext)2417 static void php_ldap_do_delete(INTERNAL_FUNCTION_PARAMETERS, int ext)
2418 {
2419 zval *serverctrls = NULL;
2420 zval *link;
2421 ldap_linkdata *ld;
2422 LDAPControl **lserverctrls = NULL;
2423 ldap_resultdata *result;
2424 LDAPMessage *ldap_res;
2425 char *dn;
2426 int rc, msgid;
2427 size_t dn_len;
2428
2429 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Os|a!", &link, ldap_link_ce, &dn, &dn_len, &serverctrls) != SUCCESS) {
2430 RETURN_THROWS();
2431 }
2432
2433 ld = Z_LDAP_LINK_P(link);
2434 VERIFY_LDAP_LINK_CONNECTED(ld);
2435
2436 if (serverctrls) {
2437 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 3);
2438 if (lserverctrls == NULL) {
2439 RETVAL_FALSE;
2440 goto cleanup;
2441 }
2442 }
2443
2444 if (ext) {
2445 rc = ldap_delete_ext(ld->link, dn, lserverctrls, NULL, &msgid);
2446 } else {
2447 rc = ldap_delete_ext_s(ld->link, dn, lserverctrls, NULL);
2448 }
2449 if (rc != LDAP_SUCCESS) {
2450 php_error_docref(NULL, E_WARNING, "Delete: %s", ldap_err2string(rc));
2451 RETVAL_FALSE;
2452 goto cleanup;
2453 } else if (ext) {
2454 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
2455 if (rc == -1) {
2456 php_error_docref(NULL, E_WARNING, "Delete operation failed");
2457 RETVAL_FALSE;
2458 goto cleanup;
2459 }
2460
2461 /* return a PHP control object */
2462 object_init_ex(return_value, ldap_result_ce);
2463 result = Z_LDAP_RESULT_P(return_value);
2464 result->result = ldap_res;
2465 } else {
2466 RETVAL_TRUE;
2467 }
2468
2469 cleanup:
2470 if (lserverctrls) {
2471 _php_ldap_controls_free(&lserverctrls);
2472 }
2473
2474 return;
2475 }
2476 /* }}} */
2477
2478 /* {{{ Delete an entry from a directory */
PHP_FUNCTION(ldap_delete)2479 PHP_FUNCTION(ldap_delete)
2480 {
2481 php_ldap_do_delete(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
2482 }
2483 /* }}} */
2484
2485 /* {{{ Delete an entry from a directory */
PHP_FUNCTION(ldap_delete_ext)2486 PHP_FUNCTION(ldap_delete_ext)
2487 {
2488 php_ldap_do_delete(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
2489 }
2490 /* }}} */
2491
2492 /* {{{ _ldap_str_equal_to_const */
_ldap_str_equal_to_const(const char * str,size_t str_len,const char * cstr)2493 static size_t _ldap_str_equal_to_const(const char *str, size_t str_len, const char *cstr)
2494 {
2495 size_t i;
2496
2497 if (strlen(cstr) != str_len)
2498 return 0;
2499
2500 for (i = 0; i < str_len; ++i) {
2501 if (str[i] != cstr[i]) {
2502 return 0;
2503 }
2504 }
2505
2506 return 1;
2507 }
2508 /* }}} */
2509
2510 /* {{{ _ldap_strlen_max */
_ldap_strlen_max(const char * str,size_t max_len)2511 static size_t _ldap_strlen_max(const char *str, size_t max_len)
2512 {
2513 size_t i;
2514
2515 for (i = 0; i < max_len; ++i) {
2516 if (str[i] == '\0') {
2517 return i;
2518 }
2519 }
2520
2521 return max_len;
2522 }
2523 /* }}} */
2524
2525 /* {{{ _ldap_hash_fetch */
_ldap_hash_fetch(zval * hashTbl,const char * key,zval ** out)2526 static void _ldap_hash_fetch(zval *hashTbl, const char *key, zval **out)
2527 {
2528 *out = zend_hash_str_find(Z_ARRVAL_P(hashTbl), key, strlen(key));
2529 }
2530 /* }}} */
2531
2532 /* {{{ Perform multiple modifications as part of one operation */
PHP_FUNCTION(ldap_modify_batch)2533 PHP_FUNCTION(ldap_modify_batch)
2534 {
2535 zval *serverctrls = NULL;
2536 ldap_linkdata *ld;
2537 zval *link, *mods, *mod, *modinfo;
2538 zend_string *modval;
2539 zval *attrib, *modtype, *vals;
2540 zval *fetched;
2541 char *dn;
2542 size_t dn_len;
2543 int i, j, k;
2544 int num_mods, num_modprops, num_modvals;
2545 LDAPMod **ldap_mods;
2546 LDAPControl **lserverctrls = NULL;
2547 uint32_t oper;
2548
2549 /*
2550 $mods = array(
2551 array(
2552 "attrib" => "unicodePwd",
2553 "modtype" => LDAP_MODIFY_BATCH_REMOVE,
2554 "values" => array($oldpw)
2555 ),
2556 array(
2557 "attrib" => "unicodePwd",
2558 "modtype" => LDAP_MODIFY_BATCH_ADD,
2559 "values" => array($newpw)
2560 ),
2561 array(
2562 "attrib" => "userPrincipalName",
2563 "modtype" => LDAP_MODIFY_BATCH_REPLACE,
2564 "values" => array("janitor@corp.contoso.com")
2565 ),
2566 array(
2567 "attrib" => "userCert",
2568 "modtype" => LDAP_MODIFY_BATCH_REMOVE_ALL
2569 )
2570 );
2571 */
2572
2573 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Osa/|a!", &link, ldap_link_ce, &dn, &dn_len, &mods, &serverctrls) != SUCCESS) {
2574 RETURN_THROWS();
2575 }
2576
2577 ld = Z_LDAP_LINK_P(link);
2578 VERIFY_LDAP_LINK_CONNECTED(ld);
2579
2580 /* perform validation */
2581 {
2582 zend_string *modkey;
2583 zend_long modtype;
2584
2585 /* to store the wrongly-typed keys */
2586 zend_ulong tmpUlong;
2587
2588 /* make sure the DN contains no NUL bytes */
2589 if (_ldap_strlen_max(dn, dn_len) != dn_len) {
2590 zend_argument_type_error(2, "must not contain null bytes");
2591 RETURN_THROWS();
2592 }
2593
2594 /* make sure the top level is a normal array */
2595 zend_hash_internal_pointer_reset(Z_ARRVAL_P(mods));
2596 if (zend_hash_get_current_key_type(Z_ARRVAL_P(mods)) != HASH_KEY_IS_LONG) {
2597 zend_argument_type_error(3, "must be integer-indexed");
2598 RETURN_THROWS();
2599 }
2600
2601 num_mods = zend_hash_num_elements(Z_ARRVAL_P(mods));
2602
2603 for (i = 0; i < num_mods; i++) {
2604 /* is the numbering consecutive? */
2605 if ((fetched = zend_hash_index_find(Z_ARRVAL_P(mods), i)) == NULL) {
2606 zend_argument_value_error(3, "must have consecutive integer indices starting from 0");
2607 RETURN_THROWS();
2608 }
2609 mod = fetched;
2610
2611 /* is it an array? */
2612 if (Z_TYPE_P(mod) != IS_ARRAY) {
2613 zend_argument_value_error(3, "must only contain arrays");
2614 RETURN_THROWS();
2615 }
2616
2617 SEPARATE_ARRAY(mod);
2618 /* for the modification hashtable... */
2619 zend_hash_internal_pointer_reset(Z_ARRVAL_P(mod));
2620 num_modprops = zend_hash_num_elements(Z_ARRVAL_P(mod));
2621
2622 for (j = 0; j < num_modprops; j++) {
2623 /* are the keys strings? */
2624 if (zend_hash_get_current_key(Z_ARRVAL_P(mod), &modkey, &tmpUlong) != HASH_KEY_IS_STRING) {
2625 zend_argument_type_error(3, "must only contain string-indexed arrays");
2626 RETURN_THROWS();
2627 }
2628
2629 /* is this a valid entry? */
2630 if (
2631 !_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_ATTRIB) &&
2632 !_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_MODTYPE) &&
2633 !_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_VALUES)
2634 ) {
2635 zend_argument_value_error(3, "must contain arrays only containing the \"" LDAP_MODIFY_BATCH_ATTRIB "\", \"" LDAP_MODIFY_BATCH_MODTYPE "\" and \"" LDAP_MODIFY_BATCH_VALUES "\" keys");
2636 RETURN_THROWS();
2637 }
2638
2639 fetched = zend_hash_get_current_data(Z_ARRVAL_P(mod));
2640 modinfo = fetched;
2641
2642 /* does the value type match the key? */
2643 if (_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_ATTRIB)) {
2644 if (Z_TYPE_P(modinfo) != IS_STRING) {
2645 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_ATTRIB "\" must be of type string, %s given", get_active_function_name(), zend_zval_value_name(modinfo));
2646 RETURN_THROWS();
2647 }
2648
2649 if (Z_STRLEN_P(modinfo) != _ldap_strlen_max(Z_STRVAL_P(modinfo), Z_STRLEN_P(modinfo))) {
2650 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_ATTRIB "\" cannot contain null-bytes", get_active_function_name());
2651 RETURN_THROWS();
2652 }
2653 }
2654 else if (_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_MODTYPE)) {
2655 if (Z_TYPE_P(modinfo) != IS_LONG) {
2656 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_MODTYPE "\" must be of type int, %s given", get_active_function_name(), zend_zval_value_name(modinfo));
2657 RETURN_THROWS();
2658 }
2659
2660 /* is the value in range? */
2661 modtype = Z_LVAL_P(modinfo);
2662 if (
2663 modtype != LDAP_MODIFY_BATCH_ADD &&
2664 modtype != LDAP_MODIFY_BATCH_REMOVE &&
2665 modtype != LDAP_MODIFY_BATCH_REPLACE &&
2666 modtype != LDAP_MODIFY_BATCH_REMOVE_ALL
2667 ) {
2668 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_MODTYPE "\" must be one of the LDAP_MODIFY_BATCH_* constants", get_active_function_name());
2669 RETURN_THROWS();
2670 }
2671
2672 /* if it's REMOVE_ALL, there must not be a values array; otherwise, there must */
2673 if (modtype == LDAP_MODIFY_BATCH_REMOVE_ALL) {
2674 if (zend_hash_str_exists(Z_ARRVAL_P(mod), LDAP_MODIFY_BATCH_VALUES, strlen(LDAP_MODIFY_BATCH_VALUES))) {
2675 zend_value_error("%s(): If option \"" LDAP_MODIFY_BATCH_MODTYPE "\" is LDAP_MODIFY_BATCH_REMOVE_ALL, option \"" LDAP_MODIFY_BATCH_VALUES "\" cannot be provided", get_active_function_name());
2676 RETURN_THROWS();
2677 }
2678 }
2679 else {
2680 if (!zend_hash_str_exists(Z_ARRVAL_P(mod), LDAP_MODIFY_BATCH_VALUES, strlen(LDAP_MODIFY_BATCH_VALUES))) {
2681 zend_value_error("%s(): If option \"" LDAP_MODIFY_BATCH_MODTYPE "\" is not LDAP_MODIFY_BATCH_REMOVE_ALL, option \"" LDAP_MODIFY_BATCH_VALUES "\" must be provided", get_active_function_name());
2682 RETURN_THROWS();
2683 }
2684 }
2685 }
2686 else if (_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_VALUES)) {
2687 if (Z_TYPE_P(modinfo) != IS_ARRAY) {
2688 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" must be of type array, %s given", get_active_function_name(), zend_zval_value_name(modinfo));
2689 RETURN_THROWS();
2690 }
2691
2692 SEPARATE_ARRAY(modinfo);
2693 /* is the array not empty? */
2694 zend_hash_internal_pointer_reset(Z_ARRVAL_P(modinfo));
2695 num_modvals = zend_hash_num_elements(Z_ARRVAL_P(modinfo));
2696 if (num_modvals == 0) {
2697 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" cannot be empty", get_active_function_name());
2698 RETURN_THROWS();
2699 }
2700
2701 /* are its keys integers? */
2702 if (zend_hash_get_current_key_type(Z_ARRVAL_P(modinfo)) != HASH_KEY_IS_LONG) {
2703 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" must be integer-indexed", get_active_function_name());
2704 RETURN_THROWS();
2705 }
2706
2707 /* are the keys consecutive? */
2708 for (k = 0; k < num_modvals; k++) {
2709 if ((fetched = zend_hash_index_find(Z_ARRVAL_P(modinfo), k)) == NULL) {
2710 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" must have consecutive integer indices starting from 0", get_active_function_name());
2711 RETURN_THROWS();
2712 }
2713 }
2714 }
2715
2716 zend_hash_move_forward(Z_ARRVAL_P(mod));
2717 }
2718 }
2719 }
2720 /* validation was successful */
2721
2722 /* allocate array of modifications */
2723 ldap_mods = safe_emalloc((num_mods+1), sizeof(LDAPMod *), 0);
2724
2725 /* for each modification */
2726 for (i = 0; i < num_mods; i++) {
2727 /* allocate the modification struct */
2728 ldap_mods[i] = safe_emalloc(1, sizeof(LDAPMod), 0);
2729
2730 /* fetch the relevant data */
2731 fetched = zend_hash_index_find(Z_ARRVAL_P(mods), i);
2732 mod = fetched;
2733
2734 _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_ATTRIB, &attrib);
2735 _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_MODTYPE, &modtype);
2736 _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_VALUES, &vals);
2737
2738 /* map the modification type */
2739 switch (Z_LVAL_P(modtype)) {
2740 case LDAP_MODIFY_BATCH_ADD:
2741 oper = LDAP_MOD_ADD;
2742 break;
2743 case LDAP_MODIFY_BATCH_REMOVE:
2744 case LDAP_MODIFY_BATCH_REMOVE_ALL:
2745 oper = LDAP_MOD_DELETE;
2746 break;
2747 case LDAP_MODIFY_BATCH_REPLACE:
2748 oper = LDAP_MOD_REPLACE;
2749 break;
2750 default:
2751 zend_throw_error(NULL, "Unknown and uncaught modification type.");
2752 RETVAL_FALSE;
2753 efree(ldap_mods[i]);
2754 num_mods = i;
2755 goto cleanup;
2756 }
2757
2758 /* fill in the basic info */
2759 ldap_mods[i]->mod_op = oper | LDAP_MOD_BVALUES;
2760 ldap_mods[i]->mod_type = estrndup(Z_STRVAL_P(attrib), Z_STRLEN_P(attrib));
2761
2762 if (Z_LVAL_P(modtype) == LDAP_MODIFY_BATCH_REMOVE_ALL) {
2763 /* no values */
2764 ldap_mods[i]->mod_bvalues = NULL;
2765 }
2766 else {
2767 /* allocate space for the values as part of this modification */
2768 num_modvals = zend_hash_num_elements(Z_ARRVAL_P(vals));
2769 ldap_mods[i]->mod_bvalues = safe_emalloc((num_modvals+1), sizeof(struct berval *), 0);
2770
2771 /* for each value */
2772 for (j = 0; j < num_modvals; j++) {
2773 /* fetch it */
2774 fetched = zend_hash_index_find(Z_ARRVAL_P(vals), j);
2775 modval = zval_get_string(fetched);
2776 if (EG(exception)) {
2777 RETVAL_FALSE;
2778 ldap_mods[i]->mod_bvalues[j] = NULL;
2779 num_mods = i + 1;
2780 goto cleanup;
2781 }
2782
2783 /* allocate the data struct */
2784 ldap_mods[i]->mod_bvalues[j] = safe_emalloc(1, sizeof(struct berval), 0);
2785
2786 /* fill it */
2787 ldap_mods[i]->mod_bvalues[j]->bv_len = ZSTR_LEN(modval);
2788 ldap_mods[i]->mod_bvalues[j]->bv_val = estrndup(ZSTR_VAL(modval), ZSTR_LEN(modval));
2789 zend_string_release(modval);
2790 }
2791
2792 /* NULL-terminate values */
2793 ldap_mods[i]->mod_bvalues[num_modvals] = NULL;
2794 }
2795 }
2796
2797 /* NULL-terminate modifications */
2798 ldap_mods[num_mods] = NULL;
2799
2800 if (serverctrls) {
2801 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
2802 if (lserverctrls == NULL) {
2803 RETVAL_FALSE;
2804 goto cleanup;
2805 }
2806 }
2807
2808 /* perform (finally) */
2809 if ((i = ldap_modify_ext_s(ld->link, dn, ldap_mods, lserverctrls, NULL)) != LDAP_SUCCESS) {
2810 php_error_docref(NULL, E_WARNING, "Batch Modify: %s", ldap_err2string(i));
2811 RETVAL_FALSE;
2812 } else RETVAL_TRUE;
2813
2814 /* clean up */
2815 cleanup: {
2816 for (i = 0; i < num_mods; i++) {
2817 /* attribute */
2818 efree(ldap_mods[i]->mod_type);
2819
2820 if (ldap_mods[i]->mod_bvalues != NULL) {
2821 /* each BER value */
2822 for (j = 0; ldap_mods[i]->mod_bvalues[j] != NULL; j++) {
2823 /* free the data bytes */
2824 efree(ldap_mods[i]->mod_bvalues[j]->bv_val);
2825
2826 /* free the bvalue struct */
2827 efree(ldap_mods[i]->mod_bvalues[j]);
2828 }
2829
2830 /* the BER value array */
2831 efree(ldap_mods[i]->mod_bvalues);
2832 }
2833
2834 /* the modification */
2835 efree(ldap_mods[i]);
2836 }
2837
2838 /* the modifications array */
2839 efree(ldap_mods);
2840
2841 if (lserverctrls) {
2842 _php_ldap_controls_free(&lserverctrls);
2843 }
2844 }
2845 }
2846 /* }}} */
2847
2848 /* {{{ Get the current ldap error number */
PHP_FUNCTION(ldap_errno)2849 PHP_FUNCTION(ldap_errno)
2850 {
2851 zval *link;
2852 ldap_linkdata *ld;
2853
2854 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) != SUCCESS) {
2855 RETURN_THROWS();
2856 }
2857
2858 ld = Z_LDAP_LINK_P(link);
2859 VERIFY_LDAP_LINK_CONNECTED(ld);
2860
2861 RETURN_LONG(_get_lderrno(ld->link));
2862 }
2863 /* }}} */
2864
2865 /* {{{ Convert error number to error string */
PHP_FUNCTION(ldap_err2str)2866 PHP_FUNCTION(ldap_err2str)
2867 {
2868 zend_long perrno;
2869
2870 if (zend_parse_parameters(ZEND_NUM_ARGS(), "l", &perrno) != SUCCESS) {
2871 RETURN_THROWS();
2872 }
2873
2874 RETURN_STRING(ldap_err2string(perrno));
2875 }
2876 /* }}} */
2877
2878 /* {{{ Get the current ldap error string */
PHP_FUNCTION(ldap_error)2879 PHP_FUNCTION(ldap_error)
2880 {
2881 zval *link;
2882 ldap_linkdata *ld;
2883 int ld_errno;
2884
2885 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) != SUCCESS) {
2886 RETURN_THROWS();
2887 }
2888
2889 ld = Z_LDAP_LINK_P(link);
2890 VERIFY_LDAP_LINK_CONNECTED(ld);
2891
2892 ld_errno = _get_lderrno(ld->link);
2893
2894 RETURN_STRING(ldap_err2string(ld_errno));
2895 }
2896 /* }}} */
2897
2898 /* {{{ Determine if an entry has a specific value for one of its attributes */
PHP_FUNCTION(ldap_compare)2899 PHP_FUNCTION(ldap_compare)
2900 {
2901 zval *serverctrls = NULL;
2902 zval *link;
2903 char *dn, *attr, *value;
2904 size_t dn_len, attr_len, value_len;
2905 ldap_linkdata *ld;
2906 LDAPControl **lserverctrls = NULL;
2907 int ldap_errno;
2908 struct berval lvalue;
2909
2910 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Osss|a!", &link, ldap_link_ce, &dn, &dn_len, &attr, &attr_len, &value, &value_len, &serverctrls) != SUCCESS) {
2911 RETURN_THROWS();
2912 }
2913
2914 ld = Z_LDAP_LINK_P(link);
2915 VERIFY_LDAP_LINK_CONNECTED(ld);
2916
2917 if (serverctrls) {
2918 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 5);
2919 if (lserverctrls == NULL) {
2920 RETVAL_FALSE;
2921 goto cleanup;
2922 }
2923 }
2924
2925 lvalue.bv_val = value;
2926 lvalue.bv_len = value_len;
2927
2928 ldap_errno = ldap_compare_ext_s(ld->link, dn, attr, &lvalue, lserverctrls, NULL);
2929
2930 switch (ldap_errno) {
2931 case LDAP_COMPARE_TRUE:
2932 RETVAL_TRUE;
2933 break;
2934
2935 case LDAP_COMPARE_FALSE:
2936 RETVAL_FALSE;
2937 break;
2938
2939 default:
2940 php_error_docref(NULL, E_WARNING, "Compare: %s", ldap_err2string(ldap_errno));
2941 RETVAL_LONG(-1);
2942 }
2943
2944 cleanup:
2945 if (lserverctrls) {
2946 _php_ldap_controls_free(&lserverctrls);
2947 }
2948
2949 return;
2950 }
2951 /* }}} */
2952
2953 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP)
2954 /* {{{ Get the current value of various session-wide parameters */
PHP_FUNCTION(ldap_get_option)2955 PHP_FUNCTION(ldap_get_option)
2956 {
2957 zval *link, *retval;
2958 ldap_linkdata *ld;
2959 zend_long option;
2960
2961 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Olz", &link, ldap_link_ce, &option, &retval) != SUCCESS) {
2962 RETURN_THROWS();
2963 }
2964
2965 ld = Z_LDAP_LINK_P(link);
2966 VERIFY_LDAP_LINK_CONNECTED(ld);
2967
2968 switch (option) {
2969 /* options with int value */
2970 case LDAP_OPT_DEREF:
2971 case LDAP_OPT_SIZELIMIT:
2972 case LDAP_OPT_TIMELIMIT:
2973 case LDAP_OPT_PROTOCOL_VERSION:
2974 case LDAP_OPT_ERROR_NUMBER:
2975 case LDAP_OPT_REFERRALS:
2976 #ifdef LDAP_OPT_RESTART
2977 case LDAP_OPT_RESTART:
2978 #endif
2979 #ifdef LDAP_OPT_X_SASL_NOCANON
2980 case LDAP_OPT_X_SASL_NOCANON:
2981 #endif
2982 #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
2983 case LDAP_OPT_X_TLS_REQUIRE_CERT:
2984 #endif
2985 #ifdef LDAP_OPT_X_TLS_CRLCHECK
2986 case LDAP_OPT_X_TLS_CRLCHECK:
2987 #endif
2988 #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
2989 case LDAP_OPT_X_TLS_PROTOCOL_MIN:
2990 #endif
2991 #ifdef LDAP_OPT_X_KEEPALIVE_IDLE
2992 case LDAP_OPT_X_KEEPALIVE_IDLE:
2993 case LDAP_OPT_X_KEEPALIVE_PROBES:
2994 case LDAP_OPT_X_KEEPALIVE_INTERVAL:
2995 #endif
2996 {
2997 int val;
2998
2999 if (ldap_get_option(ld->link, option, &val)) {
3000 RETURN_FALSE;
3001 }
3002 ZEND_TRY_ASSIGN_REF_LONG(retval, val);
3003 } break;
3004 #ifdef LDAP_OPT_NETWORK_TIMEOUT
3005 case LDAP_OPT_NETWORK_TIMEOUT:
3006 {
3007 struct timeval *timeout = NULL;
3008
3009 if (ldap_get_option(ld->link, LDAP_OPT_NETWORK_TIMEOUT, (void *) &timeout)) {
3010 if (timeout) {
3011 ldap_memfree(timeout);
3012 }
3013 RETURN_FALSE;
3014 }
3015 if (!timeout) {
3016 RETURN_FALSE;
3017 }
3018 ZEND_TRY_ASSIGN_REF_LONG(retval, timeout->tv_sec);
3019 ldap_memfree(timeout);
3020 } break;
3021 #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
3022 case LDAP_X_OPT_CONNECT_TIMEOUT:
3023 {
3024 int timeout;
3025
3026 if (ldap_get_option(ld->link, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout)) {
3027 RETURN_FALSE;
3028 }
3029 ZEND_TRY_ASSIGN_REF_LONG(retval, (timeout / 1000));
3030 } break;
3031 #endif
3032 #ifdef LDAP_OPT_TIMEOUT
3033 case LDAP_OPT_TIMEOUT:
3034 {
3035 struct timeval *timeout = NULL;
3036
3037 if (ldap_get_option(ld->link, LDAP_OPT_TIMEOUT, (void *) &timeout)) {
3038 if (timeout) {
3039 ldap_memfree(timeout);
3040 }
3041 RETURN_FALSE;
3042 }
3043 if (!timeout) {
3044 RETURN_FALSE;
3045 }
3046 ZEND_TRY_ASSIGN_REF_LONG(retval, timeout->tv_sec);
3047 ldap_memfree(timeout);
3048 } break;
3049 #endif
3050 /* options with string value */
3051 case LDAP_OPT_ERROR_STRING:
3052 #ifdef LDAP_OPT_HOST_NAME
3053 case LDAP_OPT_HOST_NAME:
3054 #endif
3055 #ifdef HAVE_LDAP_SASL
3056 case LDAP_OPT_X_SASL_MECH:
3057 case LDAP_OPT_X_SASL_REALM:
3058 case LDAP_OPT_X_SASL_AUTHCID:
3059 case LDAP_OPT_X_SASL_AUTHZID:
3060 #endif
3061 #ifdef LDAP_OPT_X_SASL_USERNAME
3062 case LDAP_OPT_X_SASL_USERNAME:
3063 #endif
3064 #if (LDAP_API_VERSION > 2000)
3065 case LDAP_OPT_X_TLS_CACERTDIR:
3066 case LDAP_OPT_X_TLS_CACERTFILE:
3067 case LDAP_OPT_X_TLS_CERTFILE:
3068 case LDAP_OPT_X_TLS_CIPHER_SUITE:
3069 case LDAP_OPT_X_TLS_KEYFILE:
3070 case LDAP_OPT_X_TLS_RANDOM_FILE:
3071 #endif
3072 #ifdef LDAP_OPT_X_TLS_PACKAGE
3073 case LDAP_OPT_X_TLS_PACKAGE:
3074 #endif
3075 #ifdef LDAP_OPT_X_TLS_CRLFILE
3076 case LDAP_OPT_X_TLS_CRLFILE:
3077 #endif
3078 #ifdef LDAP_OPT_X_TLS_DHFILE
3079 case LDAP_OPT_X_TLS_DHFILE:
3080 #endif
3081 #ifdef LDAP_OPT_MATCHED_DN
3082 case LDAP_OPT_MATCHED_DN:
3083 #endif
3084 {
3085 char *val = NULL;
3086
3087 if (ldap_get_option(ld->link, option, &val) || val == NULL || *val == '\0') {
3088 if (val) {
3089 ldap_memfree(val);
3090 }
3091 RETURN_FALSE;
3092 }
3093 ZEND_TRY_ASSIGN_REF_STRING(retval, val);
3094 ldap_memfree(val);
3095 } break;
3096 case LDAP_OPT_SERVER_CONTROLS:
3097 case LDAP_OPT_CLIENT_CONTROLS:
3098 {
3099 LDAPControl **ctrls = NULL;
3100
3101 if (ldap_get_option(ld->link, option, &ctrls) || ctrls == NULL) {
3102 if (ctrls) {
3103 ldap_memfree(ctrls);
3104 }
3105 RETURN_FALSE;
3106 }
3107 _php_ldap_controls_to_array(ld->link, ctrls, retval, 1);
3108 } break;
3109 /* options not implemented
3110 case LDAP_OPT_API_INFO:
3111 case LDAP_OPT_API_FEATURE_INFO:
3112 */
3113 default:
3114 RETURN_FALSE;
3115 }
3116 RETURN_TRUE;
3117 }
3118 /* }}} */
3119
3120 /* {{{ Set the value of various session-wide parameters */
PHP_FUNCTION(ldap_set_option)3121 PHP_FUNCTION(ldap_set_option)
3122 {
3123 zval *link = NULL, *newval;
3124 ldap_linkdata *ld;
3125 LDAP *ldap;
3126 zend_long option;
3127
3128 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O!lz", &link, ldap_link_ce, &option, &newval) != SUCCESS) {
3129 RETURN_THROWS();
3130 }
3131
3132 if (!link) {
3133 ldap = NULL;
3134 } else {
3135 ld = Z_LDAP_LINK_P(link);
3136 VERIFY_LDAP_LINK_CONNECTED(ld);
3137 ldap = ld->link;
3138 }
3139
3140 switch (option) {
3141 /* options with int value */
3142 case LDAP_OPT_DEREF:
3143 case LDAP_OPT_SIZELIMIT:
3144 case LDAP_OPT_TIMELIMIT:
3145 case LDAP_OPT_PROTOCOL_VERSION:
3146 case LDAP_OPT_ERROR_NUMBER:
3147 #ifdef LDAP_OPT_DEBUG_LEVEL
3148 case LDAP_OPT_DEBUG_LEVEL:
3149 #endif
3150 #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
3151 case LDAP_OPT_X_TLS_REQUIRE_CERT:
3152 #endif
3153 #ifdef LDAP_OPT_X_TLS_CRLCHECK
3154 case LDAP_OPT_X_TLS_CRLCHECK:
3155 #endif
3156 #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
3157 case LDAP_OPT_X_TLS_PROTOCOL_MIN:
3158 #endif
3159 #ifdef LDAP_OPT_X_KEEPALIVE_IDLE
3160 case LDAP_OPT_X_KEEPALIVE_IDLE:
3161 case LDAP_OPT_X_KEEPALIVE_PROBES:
3162 case LDAP_OPT_X_KEEPALIVE_INTERVAL:
3163 #endif
3164 {
3165 int val;
3166
3167 convert_to_long(newval);
3168 if (ZEND_LONG_EXCEEDS_INT(Z_LVAL_P(newval))) {
3169 zend_argument_value_error(3, "is too large");
3170 RETURN_THROWS();
3171 }
3172 val = (int)Z_LVAL_P(newval);
3173 if (ldap_set_option(ldap, option, &val)) {
3174 RETURN_FALSE;
3175 }
3176 } break;
3177 #ifdef LDAP_OPT_NETWORK_TIMEOUT
3178 case LDAP_OPT_NETWORK_TIMEOUT:
3179 {
3180 struct timeval timeout;
3181
3182 convert_to_long(newval);
3183 timeout.tv_sec = Z_LVAL_P(newval);
3184 timeout.tv_usec = 0;
3185 if (ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, (void *) &timeout)) {
3186 RETURN_FALSE;
3187 }
3188 } break;
3189 #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
3190 case LDAP_X_OPT_CONNECT_TIMEOUT:
3191 {
3192 int timeout;
3193
3194 convert_to_long(newval);
3195 timeout = 1000 * Z_LVAL_P(newval); /* Convert to milliseconds */
3196 if (ldap_set_option(ldap, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout)) {
3197 RETURN_FALSE;
3198 }
3199 } break;
3200 #endif
3201 #ifdef LDAP_OPT_TIMEOUT
3202 case LDAP_OPT_TIMEOUT:
3203 {
3204 struct timeval timeout;
3205
3206 convert_to_long(newval);
3207 timeout.tv_sec = Z_LVAL_P(newval);
3208 timeout.tv_usec = 0;
3209 if (ldap_set_option(ldap, LDAP_OPT_TIMEOUT, (void *) &timeout)) {
3210 RETURN_FALSE;
3211 }
3212 } break;
3213 #endif
3214 /* options with string value */
3215 case LDAP_OPT_ERROR_STRING:
3216 #ifdef LDAP_OPT_HOST_NAME
3217 case LDAP_OPT_HOST_NAME:
3218 #endif
3219 #ifdef HAVE_LDAP_SASL
3220 case LDAP_OPT_X_SASL_MECH:
3221 case LDAP_OPT_X_SASL_REALM:
3222 case LDAP_OPT_X_SASL_AUTHCID:
3223 case LDAP_OPT_X_SASL_AUTHZID:
3224 #endif
3225 #if (LDAP_API_VERSION > 2000)
3226 case LDAP_OPT_X_TLS_CACERTDIR:
3227 case LDAP_OPT_X_TLS_CACERTFILE:
3228 case LDAP_OPT_X_TLS_CERTFILE:
3229 case LDAP_OPT_X_TLS_CIPHER_SUITE:
3230 case LDAP_OPT_X_TLS_KEYFILE:
3231 case LDAP_OPT_X_TLS_RANDOM_FILE:
3232 #endif
3233 #ifdef LDAP_OPT_X_TLS_CRLFILE
3234 case LDAP_OPT_X_TLS_CRLFILE:
3235 #endif
3236 #ifdef LDAP_OPT_X_TLS_DHFILE
3237 case LDAP_OPT_X_TLS_DHFILE:
3238 #endif
3239 #ifdef LDAP_OPT_MATCHED_DN
3240 case LDAP_OPT_MATCHED_DN:
3241 #endif
3242 {
3243 zend_string *val;
3244 val = zval_get_string(newval);
3245 if (EG(exception)) {
3246 RETURN_THROWS();
3247 }
3248 if (ldap_set_option(ldap, option, ZSTR_VAL(val))) {
3249 zend_string_release(val);
3250 RETURN_FALSE;
3251 }
3252 zend_string_release(val);
3253 } break;
3254 /* options with boolean value */
3255 case LDAP_OPT_REFERRALS:
3256 #ifdef LDAP_OPT_RESTART
3257 case LDAP_OPT_RESTART:
3258 #endif
3259 #ifdef LDAP_OPT_X_SASL_NOCANON
3260 case LDAP_OPT_X_SASL_NOCANON:
3261 #endif
3262 {
3263 void *val;
3264 val = zend_is_true(newval) ? LDAP_OPT_ON : LDAP_OPT_OFF;
3265 if (ldap_set_option(ldap, option, val)) {
3266 RETURN_FALSE;
3267 }
3268 } break;
3269 /* options with control list value */
3270 case LDAP_OPT_SERVER_CONTROLS:
3271 case LDAP_OPT_CLIENT_CONTROLS:
3272 {
3273 LDAPControl **ctrls;
3274 int rc;
3275
3276 if (Z_TYPE_P(newval) != IS_ARRAY) {
3277 zend_argument_type_error(3, "must be of type array for the LDAP_OPT_CLIENT_CONTROLS option, %s given", zend_zval_value_name(newval));
3278 RETURN_THROWS();
3279 }
3280
3281 ctrls = _php_ldap_controls_from_array(ldap, newval, 3);
3282
3283 if (ctrls == NULL) {
3284 RETURN_FALSE;
3285 } else {
3286 rc = ldap_set_option(ldap, option, ctrls);
3287 _php_ldap_controls_free(&ctrls);
3288 if (rc != LDAP_SUCCESS) {
3289 RETURN_FALSE;
3290 }
3291 }
3292 } break;
3293 default:
3294 RETURN_FALSE;
3295 }
3296 RETURN_TRUE;
3297 }
3298 /* }}} */
3299
3300 #ifdef HAVE_LDAP_PARSE_RESULT
3301 /* {{{ Extract information from result */
PHP_FUNCTION(ldap_parse_result)3302 PHP_FUNCTION(ldap_parse_result)
3303 {
3304 zval *link, *result, *errcode, *matcheddn, *errmsg, *referrals, *serverctrls;
3305 ldap_linkdata *ld;
3306 ldap_resultdata *ldap_result;
3307 LDAPControl **lserverctrls = NULL;
3308 char **lreferrals, **refp;
3309 char *lmatcheddn, *lerrmsg;
3310 int rc, lerrcode, myargcount = ZEND_NUM_ARGS();
3311
3312 if (zend_parse_parameters(myargcount, "OOz|zzzz", &link, ldap_link_ce, &result, ldap_result_ce, &errcode, &matcheddn, &errmsg, &referrals, &serverctrls) != SUCCESS) {
3313 RETURN_THROWS();
3314 }
3315
3316 ld = Z_LDAP_LINK_P(link);
3317 VERIFY_LDAP_LINK_CONNECTED(ld);
3318
3319 ldap_result = Z_LDAP_RESULT_P(result);
3320 VERIFY_LDAP_RESULT_OPEN(ldap_result);
3321
3322 rc = ldap_parse_result(ld->link, ldap_result->result, &lerrcode,
3323 myargcount > 3 ? &lmatcheddn : NULL,
3324 myargcount > 4 ? &lerrmsg : NULL,
3325 myargcount > 5 ? &lreferrals : NULL,
3326 myargcount > 6 ? &lserverctrls : NULL,
3327 0);
3328 if (rc != LDAP_SUCCESS) {
3329 php_error_docref(NULL, E_WARNING, "Unable to parse result: %s", ldap_err2string(rc));
3330 RETURN_FALSE;
3331 }
3332
3333 ZEND_TRY_ASSIGN_REF_LONG(errcode, lerrcode);
3334
3335 /* Reverse -> fall through */
3336 switch (myargcount) {
3337 case 7:
3338 _php_ldap_controls_to_array(ld->link, lserverctrls, serverctrls, 0);
3339 ZEND_FALLTHROUGH;
3340 case 6:
3341 referrals = zend_try_array_init(referrals);
3342 if (!referrals) {
3343 RETURN_THROWS();
3344 }
3345 if (lreferrals != NULL) {
3346 refp = lreferrals;
3347 while (*refp) {
3348 add_next_index_string(referrals, *refp);
3349 refp++;
3350 }
3351 ldap_memvfree((void**)lreferrals);
3352 }
3353 ZEND_FALLTHROUGH;
3354 case 5:
3355 if (lerrmsg == NULL) {
3356 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(errmsg);
3357 } else {
3358 ZEND_TRY_ASSIGN_REF_STRING(errmsg, lerrmsg);
3359 ldap_memfree(lerrmsg);
3360 }
3361 ZEND_FALLTHROUGH;
3362 case 4:
3363 if (lmatcheddn == NULL) {
3364 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(matcheddn);
3365 } else {
3366 ZEND_TRY_ASSIGN_REF_STRING(matcheddn, lmatcheddn);
3367 ldap_memfree(lmatcheddn);
3368 }
3369 }
3370 RETURN_TRUE;
3371 }
3372 /* }}} */
3373 #endif
3374
3375 /* {{{ Extended operation response parsing, Pierangelo Masarati */
3376 #ifdef HAVE_LDAP_PARSE_EXTENDED_RESULT
3377 /* {{{ Extract information from extended operation result */
PHP_FUNCTION(ldap_parse_exop)3378 PHP_FUNCTION(ldap_parse_exop)
3379 {
3380 zval *link, *result, *retdata, *retoid;
3381 ldap_linkdata *ld;
3382 ldap_resultdata *ldap_result;
3383 char *lretoid;
3384 struct berval *lretdata;
3385 int rc, myargcount = ZEND_NUM_ARGS();
3386
3387 if (zend_parse_parameters(myargcount, "OO|zz", &link, ldap_link_ce, &result, ldap_result_ce, &retdata, &retoid) != SUCCESS) {
3388 RETURN_THROWS();
3389 }
3390
3391 ld = Z_LDAP_LINK_P(link);
3392 VERIFY_LDAP_LINK_CONNECTED(ld);
3393
3394 ldap_result = Z_LDAP_RESULT_P(result);
3395 VERIFY_LDAP_RESULT_OPEN(ldap_result);
3396
3397 rc = ldap_parse_extended_result(ld->link, ldap_result->result,
3398 myargcount > 3 ? &lretoid: NULL,
3399 myargcount > 2 ? &lretdata: NULL,
3400 0);
3401 if (rc != LDAP_SUCCESS) {
3402 php_error_docref(NULL, E_WARNING, "Unable to parse extended operation result: %s", ldap_err2string(rc));
3403 RETURN_FALSE;
3404 }
3405
3406 /* Reverse -> fall through */
3407 switch (myargcount) {
3408 case 4:
3409 if (lretoid == NULL) {
3410 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retoid);
3411 } else {
3412 ZEND_TRY_ASSIGN_REF_STRING(retoid, lretoid);
3413 ldap_memfree(lretoid);
3414 }
3415 ZEND_FALLTHROUGH;
3416 case 3:
3417 /* use arg #3 as the data returned by the server */
3418 if (lretdata == NULL) {
3419 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retdata);
3420 } else {
3421 ZEND_TRY_ASSIGN_REF_STRINGL(retdata, lretdata->bv_val, lretdata->bv_len);
3422 ldap_memfree(lretdata->bv_val);
3423 ldap_memfree(lretdata);
3424 }
3425 }
3426 RETURN_TRUE;
3427 }
3428 /* }}} */
3429 #endif
3430 /* }}} */
3431
3432 /* {{{ Count the number of references in a search result */
PHP_FUNCTION(ldap_count_references)3433 PHP_FUNCTION(ldap_count_references)
3434 {
3435 zval *link, *result;
3436 ldap_linkdata *ld;
3437 ldap_resultdata *ldap_result;
3438
3439 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result, ldap_result_ce) != SUCCESS) {
3440 RETURN_THROWS();
3441 }
3442
3443 ld = Z_LDAP_LINK_P(link);
3444 VERIFY_LDAP_LINK_CONNECTED(ld);
3445
3446 ldap_result = Z_LDAP_RESULT_P(result);
3447 VERIFY_LDAP_RESULT_OPEN(ldap_result);
3448
3449 RETURN_LONG(ldap_count_references(ld->link, ldap_result->result));
3450 }
3451 /* }}} */
3452
3453 /* {{{ Return first reference */
PHP_FUNCTION(ldap_first_reference)3454 PHP_FUNCTION(ldap_first_reference)
3455 {
3456 zval *link, *result;
3457 ldap_linkdata *ld;
3458 ldap_result_entry *resultentry;
3459 ldap_resultdata *ldap_result;
3460 LDAPMessage *entry;
3461
3462 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result, ldap_result_ce) != SUCCESS) {
3463 RETURN_THROWS();
3464 }
3465
3466 ld = Z_LDAP_LINK_P(link);
3467 VERIFY_LDAP_LINK_CONNECTED(ld);
3468
3469 ldap_result = Z_LDAP_RESULT_P(result);
3470 VERIFY_LDAP_RESULT_OPEN(ldap_result);
3471
3472 if ((entry = ldap_first_reference(ld->link, ldap_result->result)) == NULL) {
3473 RETVAL_FALSE;
3474 } else {
3475 object_init_ex(return_value, ldap_result_entry_ce);
3476 resultentry = Z_LDAP_RESULT_ENTRY_P(return_value);
3477 ZVAL_COPY(&resultentry->res, result);
3478 resultentry->data = entry;
3479 resultentry->ber = NULL;
3480 }
3481 }
3482 /* }}} */
3483
3484 /* {{{ Get next reference */
PHP_FUNCTION(ldap_next_reference)3485 PHP_FUNCTION(ldap_next_reference)
3486 {
3487 zval *link, *result_entry;
3488 ldap_linkdata *ld;
3489 ldap_result_entry *resultentry, *resultentry_next;
3490 LDAPMessage *entry_next;
3491
3492 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OO", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce) != SUCCESS) {
3493 RETURN_THROWS();
3494 }
3495
3496 ld = Z_LDAP_LINK_P(link);
3497 VERIFY_LDAP_LINK_CONNECTED(ld);
3498
3499 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
3500
3501 if ((entry_next = ldap_next_reference(ld->link, resultentry->data)) == NULL) {
3502 RETVAL_FALSE;
3503 } else {
3504 object_init_ex(return_value, ldap_result_entry_ce);
3505 resultentry_next = Z_LDAP_RESULT_ENTRY_P(return_value);
3506 ZVAL_COPY(&resultentry_next->res, &resultentry->res);
3507 resultentry_next->data = entry_next;
3508 resultentry_next->ber = NULL;
3509 }
3510 }
3511 /* }}} */
3512
3513 #ifdef HAVE_LDAP_PARSE_REFERENCE
3514 /* {{{ Extract information from reference entry */
PHP_FUNCTION(ldap_parse_reference)3515 PHP_FUNCTION(ldap_parse_reference)
3516 {
3517 zval *link, *result_entry, *referrals;
3518 ldap_linkdata *ld;
3519 ldap_result_entry *resultentry;
3520 char **lreferrals, **refp;
3521
3522 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OOz", &link, ldap_link_ce, &result_entry, ldap_result_entry_ce, &referrals) != SUCCESS) {
3523 RETURN_THROWS();
3524 }
3525
3526 ld = Z_LDAP_LINK_P(link);
3527 VERIFY_LDAP_LINK_CONNECTED(ld);
3528
3529 resultentry = Z_LDAP_RESULT_ENTRY_P(result_entry);
3530
3531 if (ldap_parse_reference(ld->link, resultentry->data, &lreferrals, NULL /* &serverctrls */, 0) != LDAP_SUCCESS) {
3532 RETURN_FALSE;
3533 }
3534
3535 referrals = zend_try_array_init(referrals);
3536 if (!referrals) {
3537 RETURN_THROWS();
3538 }
3539
3540 if (lreferrals != NULL) {
3541 refp = lreferrals;
3542 while (*refp) {
3543 add_next_index_string(referrals, *refp);
3544 refp++;
3545 }
3546 ldap_memvfree((void**)lreferrals);
3547 }
3548 RETURN_TRUE;
3549 }
3550 /* }}} */
3551 #endif
3552
3553 /* {{{ php_ldap_do_rename */
php_ldap_do_rename(INTERNAL_FUNCTION_PARAMETERS,int ext)3554 static void php_ldap_do_rename(INTERNAL_FUNCTION_PARAMETERS, int ext)
3555 {
3556 zval *serverctrls = NULL;
3557 zval *link;
3558 ldap_linkdata *ld;
3559 LDAPControl **lserverctrls = NULL;
3560 ldap_resultdata *result;
3561 LDAPMessage *ldap_res;
3562 int rc, msgid;
3563 char *dn, *newrdn, *newparent;
3564 size_t dn_len, newrdn_len, newparent_len;
3565 bool deleteoldrdn;
3566
3567 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Osssb|a!", &link, ldap_link_ce, &dn, &dn_len, &newrdn, &newrdn_len, &newparent, &newparent_len, &deleteoldrdn, &serverctrls) != SUCCESS) {
3568 RETURN_THROWS();
3569 }
3570
3571 ld = Z_LDAP_LINK_P(link);
3572 VERIFY_LDAP_LINK_CONNECTED(ld);
3573
3574 if (newparent_len == 0) {
3575 newparent = NULL;
3576 }
3577
3578 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP)
3579 if (serverctrls) {
3580 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 6);
3581 if (lserverctrls == NULL) {
3582 RETVAL_FALSE;
3583 goto cleanup;
3584 }
3585 }
3586
3587 if (ext) {
3588 rc = ldap_rename(ld->link, dn, newrdn, newparent, deleteoldrdn, lserverctrls, NULL, &msgid);
3589 } else {
3590 rc = ldap_rename_s(ld->link, dn, newrdn, newparent, deleteoldrdn, lserverctrls, NULL);
3591 }
3592 #else
3593 if (newparent_len != 0) {
3594 php_error_docref(NULL, E_WARNING, "You are using old LDAP API, newparent must be the empty string, can only modify RDN");
3595 RETURN_FALSE;
3596 }
3597 if (serverctrls) {
3598 php_error_docref(NULL, E_WARNING, "You are using old LDAP API, controls are not supported");
3599 RETURN_FALSE;
3600 }
3601 if (ext) {
3602 php_error_docref(NULL, E_WARNING, "You are using old LDAP API, ldap_rename_ext is not supported");
3603 RETURN_FALSE;
3604 }
3605 /* could support old APIs but need check for ldap_modrdn2()/ldap_modrdn() */
3606 rc = ldap_modrdn2_s(ld->link, dn, newrdn, deleteoldrdn);
3607 #endif
3608
3609 if (rc != LDAP_SUCCESS) {
3610 RETVAL_FALSE;
3611 } else if (ext) {
3612 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
3613 if (rc == -1) {
3614 php_error_docref(NULL, E_WARNING, "Rename operation failed");
3615 RETVAL_FALSE;
3616 goto cleanup;
3617 }
3618
3619 /* return a PHP control object */
3620 object_init_ex(return_value, ldap_result_ce);
3621 result = Z_LDAP_RESULT_P(return_value);
3622 result->result = ldap_res;
3623 } else {
3624 RETVAL_TRUE;
3625 }
3626
3627 cleanup:
3628 if (lserverctrls) {
3629 _php_ldap_controls_free(&lserverctrls);
3630 }
3631
3632 return;
3633 }
3634 /* }}} */
3635
3636 /* {{{ Modify the name of an entry */
PHP_FUNCTION(ldap_rename)3637 PHP_FUNCTION(ldap_rename)
3638 {
3639 php_ldap_do_rename(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
3640 }
3641 /* }}} */
3642
3643 /* {{{ Modify the name of an entry */
PHP_FUNCTION(ldap_rename_ext)3644 PHP_FUNCTION(ldap_rename_ext)
3645 {
3646 php_ldap_do_rename(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
3647 }
3648 /* }}} */
3649
3650 #ifdef HAVE_LDAP_START_TLS_S
3651 /* {{{ Start TLS */
PHP_FUNCTION(ldap_start_tls)3652 PHP_FUNCTION(ldap_start_tls)
3653 {
3654 zval *link;
3655 ldap_linkdata *ld;
3656 int rc, protocol = LDAP_VERSION3;
3657
3658 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) != SUCCESS) {
3659 RETURN_THROWS();
3660 }
3661
3662 ld = Z_LDAP_LINK_P(link);
3663 VERIFY_LDAP_LINK_CONNECTED(ld);
3664
3665 if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &protocol)) != LDAP_SUCCESS) ||
3666 ((rc = ldap_start_tls_s(ld->link, NULL, NULL)) != LDAP_SUCCESS)
3667 ) {
3668 php_error_docref(NULL, E_WARNING,"Unable to start TLS: %s", ldap_err2string(rc));
3669 RETURN_FALSE;
3670 } else {
3671 RETURN_TRUE;
3672 }
3673 }
3674 /* }}} */
3675 #endif
3676 #endif /* (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) */
3677
3678 #if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
3679 /* {{{ _ldap_rebind_proc() */
_ldap_rebind_proc(LDAP * ldap,const char * url,ber_tag_t req,ber_int_t msgid,void * params)3680 int _ldap_rebind_proc(LDAP *ldap, const char *url, ber_tag_t req, ber_int_t msgid, void *params)
3681 {
3682 ldap_linkdata *ld = NULL;
3683 int retval;
3684 zval cb_args[2];
3685 zval cb_retval;
3686 zval *cb_link = (zval *) params;
3687
3688 ld = Z_LDAP_LINK_P(cb_link);
3689 if (!ld->link) {
3690 zend_throw_error(NULL, "LDAP connection has already been closed");
3691 return LDAP_OTHER;
3692 }
3693
3694 /* link exists and callback set? */
3695 if (Z_ISUNDEF(ld->rebindproc)) {
3696 php_error_docref(NULL, E_WARNING, "No callback set");
3697 return LDAP_OTHER;
3698 }
3699
3700 /* callback */
3701 ZVAL_COPY_VALUE(&cb_args[0], cb_link);
3702 ZVAL_STRING(&cb_args[1], url);
3703 if (call_user_function(EG(function_table), NULL, &ld->rebindproc, &cb_retval, 2, cb_args) == SUCCESS && !Z_ISUNDEF(cb_retval)) {
3704 retval = zval_get_long(&cb_retval);
3705 zval_ptr_dtor(&cb_retval);
3706 } else {
3707 php_error_docref(NULL, E_WARNING, "rebind_proc PHP callback failed");
3708 retval = LDAP_OTHER;
3709 }
3710 zval_ptr_dtor(&cb_args[1]);
3711 return retval;
3712 }
3713 /* }}} */
3714
3715 /* {{{ Set a callback function to do re-binds on referral chasing. */
PHP_FUNCTION(ldap_set_rebind_proc)3716 PHP_FUNCTION(ldap_set_rebind_proc)
3717 {
3718 zval *link;
3719 zend_fcall_info fci;
3720 zend_fcall_info_cache fcc;
3721 ldap_linkdata *ld;
3722
3723 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Of!", &link, ldap_link_ce, &fci, &fcc) == FAILURE) {
3724 RETURN_THROWS();
3725 }
3726
3727 ld = Z_LDAP_LINK_P(link);
3728 VERIFY_LDAP_LINK_CONNECTED(ld);
3729
3730 if (!ZEND_FCI_INITIALIZED(fci)) {
3731 /* unregister rebind procedure */
3732 if (!Z_ISUNDEF(ld->rebindproc)) {
3733 zval_ptr_dtor(&ld->rebindproc);
3734 ZVAL_UNDEF(&ld->rebindproc);
3735 ldap_set_rebind_proc(ld->link, NULL, NULL);
3736 }
3737 RETURN_TRUE;
3738 }
3739
3740 /* register rebind procedure */
3741 if (Z_ISUNDEF(ld->rebindproc)) {
3742 ldap_set_rebind_proc(ld->link, _ldap_rebind_proc, (void *) link);
3743 } else {
3744 zval_ptr_dtor(&ld->rebindproc);
3745 }
3746
3747 ZVAL_COPY(&ld->rebindproc, &fci.function_name);
3748 RETURN_TRUE;
3749 }
3750 /* }}} */
3751 #endif
3752
php_ldap_do_escape(const bool * map,const char * value,size_t valuelen,zend_long flags)3753 static zend_string* php_ldap_do_escape(const bool *map, const char *value, size_t valuelen, zend_long flags)
3754 {
3755 char hex[] = "0123456789abcdef";
3756 size_t i, p = 0;
3757 size_t len = 0;
3758 zend_string *ret;
3759
3760 for (i = 0; i < valuelen; i++) {
3761 len += (map[(unsigned char) value[i]]) ? 3 : 1;
3762 }
3763 /* Per RFC 4514, a leading and trailing space must be escaped */
3764 if ((flags & PHP_LDAP_ESCAPE_DN) && (value[0] == ' ')) {
3765 len += 2;
3766 }
3767 if ((flags & PHP_LDAP_ESCAPE_DN) && ((valuelen > 1) && (value[valuelen - 1] == ' '))) {
3768 len += 2;
3769 }
3770
3771 ret = zend_string_alloc(len, 0);
3772
3773 for (i = 0; i < valuelen; i++) {
3774 unsigned char v = (unsigned char) value[i];
3775
3776 if (map[v] || ((flags & PHP_LDAP_ESCAPE_DN) && ((i == 0) || (i + 1 == valuelen)) && (v == ' '))) {
3777 ZSTR_VAL(ret)[p++] = '\\';
3778 ZSTR_VAL(ret)[p++] = hex[v >> 4];
3779 ZSTR_VAL(ret)[p++] = hex[v & 0x0f];
3780 } else {
3781 ZSTR_VAL(ret)[p++] = v;
3782 }
3783 }
3784
3785 ZSTR_VAL(ret)[p] = '\0';
3786 ZSTR_LEN(ret) = p;
3787 return ret;
3788 }
3789
php_ldap_escape_map_set_chars(bool * map,const char * chars,const size_t charslen,char escape)3790 static void php_ldap_escape_map_set_chars(bool *map, const char *chars, const size_t charslen, char escape)
3791 {
3792 size_t i = 0;
3793 while (i < charslen) {
3794 map[(unsigned char) chars[i++]] = escape;
3795 }
3796 }
3797
PHP_FUNCTION(ldap_escape)3798 PHP_FUNCTION(ldap_escape)
3799 {
3800 char *value, *ignores;
3801 size_t valuelen = 0, ignoreslen = 0;
3802 int i;
3803 zend_long flags = 0;
3804 bool map[256] = {0}, havecharlist = 0;
3805
3806 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|sl", &value, &valuelen, &ignores, &ignoreslen, &flags) != SUCCESS) {
3807 RETURN_THROWS();
3808 }
3809
3810 if (!valuelen) {
3811 RETURN_EMPTY_STRING();
3812 }
3813
3814 if (flags & PHP_LDAP_ESCAPE_FILTER) {
3815 havecharlist = 1;
3816 php_ldap_escape_map_set_chars(map, "\\*()\0", sizeof("\\*()\0") - 1, 1);
3817 }
3818
3819 if (flags & PHP_LDAP_ESCAPE_DN) {
3820 havecharlist = 1;
3821 php_ldap_escape_map_set_chars(map, "\\,=+<>;\"#\r", sizeof("\\,=+<>;\"#\r") - 1, 1);
3822 }
3823
3824 if (!havecharlist) {
3825 for (i = 0; i < 256; i++) {
3826 map[i] = 1;
3827 }
3828 }
3829
3830 if (ignoreslen) {
3831 php_ldap_escape_map_set_chars(map, ignores, ignoreslen, 0);
3832 }
3833
3834 RETURN_NEW_STR(php_ldap_do_escape(map, value, valuelen, flags));
3835 }
3836
3837 #ifdef STR_TRANSLATION
3838 /* {{{ php_ldap_do_translate */
php_ldap_do_translate(INTERNAL_FUNCTION_PARAMETERS,int way)3839 static void php_ldap_do_translate(INTERNAL_FUNCTION_PARAMETERS, int way)
3840 {
3841 char *value;
3842 size_t value_len;
3843 int result;
3844
3845 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &value, &value_len) != SUCCESS) {
3846 RETURN_THROWS();
3847 }
3848
3849 if (value_len == 0) {
3850 RETURN_FALSE;
3851 }
3852
3853 if (way == 1) {
3854 result = ldap_8859_to_t61(&value, &value_len, 0);
3855 } else {
3856 result = ldap_t61_to_8859(&value, &value_len, 0);
3857 }
3858
3859 if (result == LDAP_SUCCESS) {
3860 RETVAL_STRINGL(value, value_len);
3861 free(value);
3862 } else {
3863 php_error_docref(NULL, E_WARNING, "Conversion from ISO-8859-1 to t61 failed: %s", ldap_err2string(result));
3864 RETVAL_FALSE;
3865 }
3866 }
3867 /* }}} */
3868
3869 /* {{{ Translate t61 characters to 8859 characters */
PHP_FUNCTION(ldap_t61_to_8859)3870 PHP_FUNCTION(ldap_t61_to_8859)
3871 {
3872 php_ldap_do_translate(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
3873 }
3874 /* }}} */
3875
3876 /* {{{ Translate 8859 characters to t61 characters */
PHP_FUNCTION(ldap_8859_to_t61)3877 PHP_FUNCTION(ldap_8859_to_t61)
3878 {
3879 php_ldap_do_translate(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
3880 }
3881 /* }}} */
3882 #endif
3883
3884 /* {{{ Extended operations, Pierangelo Masarati */
3885 #ifdef HAVE_LDAP_EXTENDED_OPERATION_S
php_ldap_exop(INTERNAL_FUNCTION_PARAMETERS,bool force_sync)3886 static void php_ldap_exop(INTERNAL_FUNCTION_PARAMETERS, bool force_sync) {
3887 zval *serverctrls = NULL;
3888 zval *link, *retdata = NULL, *retoid = NULL;
3889 char *lretoid = NULL;
3890 zend_string *reqoid, *reqdata = NULL;
3891 struct berval lreqdata, *lretdata = NULL;
3892 ldap_linkdata *ld;
3893 ldap_resultdata *result;
3894 LDAPMessage *ldap_res;
3895 LDAPControl **lserverctrls = NULL;
3896 int rc, msgid;
3897
3898 if (zend_parse_parameters(ZEND_NUM_ARGS(), "OS|S!a!zz", &link, ldap_link_ce, &reqoid, &reqdata, &serverctrls, &retdata, &retoid) != SUCCESS) {
3899 RETURN_THROWS();
3900 }
3901
3902 ld = Z_LDAP_LINK_P(link);
3903 VERIFY_LDAP_LINK_CONNECTED(ld);
3904
3905 if (reqdata) {
3906 lreqdata.bv_val = ZSTR_VAL(reqdata);
3907 lreqdata.bv_len = ZSTR_LEN(reqdata);
3908 } else {
3909 lreqdata.bv_len = 0;
3910 }
3911
3912 if (serverctrls) {
3913 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
3914 if (lserverctrls == NULL) {
3915 RETVAL_FALSE;
3916 goto cleanup;
3917 }
3918 }
3919
3920 if (force_sync || retdata) {
3921 /* synchronous call */
3922 rc = ldap_extended_operation_s(ld->link, ZSTR_VAL(reqoid),
3923 lreqdata.bv_len > 0 ? &lreqdata: NULL,
3924 lserverctrls,
3925 NULL,
3926 retoid ? &lretoid : NULL,
3927 &lretdata );
3928 if (rc != LDAP_SUCCESS ) {
3929 php_error_docref(NULL, E_WARNING, "Extended operation %s failed: %s (%d)", ZSTR_VAL(reqoid), ldap_err2string(rc), rc);
3930 RETVAL_FALSE;
3931 goto cleanup;
3932 }
3933
3934 if (retoid) {
3935 if (lretoid) {
3936 ZEND_TRY_ASSIGN_REF_STRING(retoid, lretoid);
3937 ldap_memfree(lretoid);
3938 } else {
3939 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retoid);
3940 }
3941 }
3942
3943 if (lretdata) {
3944 ZEND_TRY_ASSIGN_REF_STRINGL(retdata, lretdata->bv_val, lretdata->bv_len);
3945 ldap_memfree(lretdata->bv_val);
3946 ldap_memfree(lretdata);
3947 } else {
3948 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retdata);
3949 }
3950
3951 RETVAL_TRUE;
3952 goto cleanup;
3953 }
3954
3955 /* asynchronous call */
3956 rc = ldap_extended_operation(ld->link, ZSTR_VAL(reqoid),
3957 lreqdata.bv_len > 0 ? &lreqdata: NULL,
3958 lserverctrls,
3959 NULL,
3960 &msgid);
3961 if (rc != LDAP_SUCCESS ) {
3962 php_error_docref(NULL, E_WARNING, "Extended operation %s failed: %s (%d)", ZSTR_VAL(reqoid), ldap_err2string(rc), rc);
3963 RETVAL_FALSE;
3964 goto cleanup;
3965 }
3966
3967 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
3968 if (rc == -1) {
3969 php_error_docref(NULL, E_WARNING, "Extended operation %s failed", ZSTR_VAL(reqoid));
3970 RETVAL_FALSE;
3971 goto cleanup;
3972 }
3973
3974 /* return a PHP control object */
3975 object_init_ex(return_value, ldap_result_ce);
3976 result = Z_LDAP_RESULT_P(return_value);
3977 result->result = ldap_res;
3978
3979 cleanup:
3980 if (lserverctrls) {
3981 _php_ldap_controls_free(&lserverctrls);
3982 }
3983 }
3984
3985 /* {{{ Extended operation */
PHP_FUNCTION(ldap_exop)3986 PHP_FUNCTION(ldap_exop)
3987 {
3988 php_ldap_exop(INTERNAL_FUNCTION_PARAM_PASSTHRU, false);
3989 }
3990 /* }}} */
3991
PHP_FUNCTION(ldap_exop_sync)3992 PHP_FUNCTION(ldap_exop_sync)
3993 {
3994 php_ldap_exop(INTERNAL_FUNCTION_PARAM_PASSTHRU, true);
3995 }
3996 #endif
3997
3998 #ifdef HAVE_LDAP_PASSWD
3999 /* {{{ Passwd modify extended operation */
PHP_FUNCTION(ldap_exop_passwd)4000 PHP_FUNCTION(ldap_exop_passwd)
4001 {
4002 zval *link, *serverctrls;
4003 struct berval luser = { 0L, NULL };
4004 struct berval loldpw = { 0L, NULL };
4005 struct berval lnewpw = { 0L, NULL };
4006 struct berval lgenpasswd = { 0L, NULL };
4007 LDAPControl *ctrl, **lserverctrls = NULL, *requestctrls[2] = { NULL, NULL };
4008 LDAPMessage* ldap_res = NULL;
4009 ldap_linkdata *ld;
4010 int rc, myargcount = ZEND_NUM_ARGS(), msgid, err;
4011 char* errmsg = NULL;
4012
4013 if (zend_parse_parameters(myargcount, "O|sssz/", &link, ldap_link_ce, &luser.bv_val, &luser.bv_len, &loldpw.bv_val, &loldpw.bv_len, &lnewpw.bv_val, &lnewpw.bv_len, &serverctrls) == FAILURE) {
4014 RETURN_THROWS();
4015 }
4016
4017 ld = Z_LDAP_LINK_P(link);
4018 VERIFY_LDAP_LINK_CONNECTED(ld);
4019
4020 switch (myargcount) {
4021 case 5:
4022 /* ldap_create_passwordpolicy_control() allocates ctrl */
4023 if (ldap_create_passwordpolicy_control(ld->link, &ctrl) == LDAP_SUCCESS) {
4024 requestctrls[0] = ctrl;
4025 }
4026 }
4027
4028 /* asynchronous call to get result and controls */
4029 rc = ldap_passwd(ld->link, &luser,
4030 loldpw.bv_len > 0 ? &loldpw : NULL,
4031 lnewpw.bv_len > 0 ? &lnewpw : NULL,
4032 requestctrls,
4033 NULL, &msgid);
4034
4035 if (requestctrls[0] != NULL) {
4036 ldap_control_free(requestctrls[0]);
4037 }
4038
4039 if (rc != LDAP_SUCCESS ) {
4040 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4041 RETVAL_FALSE;
4042 goto cleanup;
4043 }
4044
4045 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
4046 if ((rc < 0) || !ldap_res) {
4047 rc = _get_lderrno(ld->link);
4048 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4049 RETVAL_FALSE;
4050 goto cleanup;
4051 }
4052
4053 rc = ldap_parse_passwd(ld->link, ldap_res, &lgenpasswd);
4054 if( rc != LDAP_SUCCESS ) {
4055 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4056 RETVAL_FALSE;
4057 goto cleanup;
4058 }
4059
4060 rc = ldap_parse_result(ld->link, ldap_res, &err, NULL, &errmsg, NULL, (myargcount > 4 ? &lserverctrls : NULL), 0);
4061 if( rc != LDAP_SUCCESS ) {
4062 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4063 RETVAL_FALSE;
4064 goto cleanup;
4065 }
4066
4067 if (myargcount > 4) {
4068 _php_ldap_controls_to_array(ld->link, lserverctrls, serverctrls, 0);
4069 }
4070
4071 /* return */
4072 if (lnewpw.bv_len == 0) {
4073 if (lgenpasswd.bv_len == 0) {
4074 RETVAL_EMPTY_STRING();
4075 } else {
4076 RETVAL_STRINGL(lgenpasswd.bv_val, lgenpasswd.bv_len);
4077 }
4078 } else if (err == LDAP_SUCCESS) {
4079 RETVAL_TRUE;
4080 } else {
4081 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", (errmsg ? errmsg : ldap_err2string(err)), err);
4082 RETVAL_FALSE;
4083 }
4084
4085 cleanup:
4086 if (lgenpasswd.bv_val != NULL) {
4087 ldap_memfree(lgenpasswd.bv_val);
4088 }
4089 if (ldap_res != NULL) {
4090 ldap_msgfree(ldap_res);
4091 }
4092 if (errmsg != NULL) {
4093 ldap_memfree(errmsg);
4094 }
4095 }
4096 /* }}} */
4097 #endif
4098
4099 #ifdef HAVE_LDAP_WHOAMI_S
4100 /* {{{ Whoami extended operation */
PHP_FUNCTION(ldap_exop_whoami)4101 PHP_FUNCTION(ldap_exop_whoami)
4102 {
4103 zval *link;
4104 struct berval *lauthzid;
4105 ldap_linkdata *ld;
4106 int rc;
4107
4108 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) == FAILURE) {
4109 RETURN_THROWS();
4110 }
4111
4112 ld = Z_LDAP_LINK_P(link);
4113 VERIFY_LDAP_LINK_CONNECTED(ld);
4114
4115 /* synchronous call */
4116 rc = ldap_whoami_s(ld->link, &lauthzid, NULL, NULL);
4117 if (rc != LDAP_SUCCESS ) {
4118 php_error_docref(NULL, E_WARNING, "Whoami extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4119 RETURN_FALSE;
4120 }
4121
4122 if (lauthzid == NULL) {
4123 RETVAL_EMPTY_STRING();
4124 } else {
4125 RETVAL_STRINGL(lauthzid->bv_val, lauthzid->bv_len);
4126 ldap_memfree(lauthzid->bv_val);
4127 ldap_memfree(lauthzid);
4128 }
4129 }
4130 /* }}} */
4131 #endif
4132
4133 #ifdef HAVE_LDAP_REFRESH_S
4134 /* {{{ DDS refresh extended operation */
PHP_FUNCTION(ldap_exop_refresh)4135 PHP_FUNCTION(ldap_exop_refresh)
4136 {
4137 zval *link;
4138 zend_long ttl;
4139 struct berval ldn;
4140 ber_int_t lttl;
4141 ber_int_t newttl;
4142 ldap_linkdata *ld;
4143 int rc;
4144
4145 if (zend_parse_parameters(ZEND_NUM_ARGS(), "Osl", &link, ldap_link_ce, &ldn.bv_val, &ldn.bv_len, &ttl) != SUCCESS) {
4146 RETURN_THROWS();
4147 }
4148
4149 ld = Z_LDAP_LINK_P(link);
4150 VERIFY_LDAP_LINK_CONNECTED(ld);
4151
4152 lttl = (ber_int_t) ttl;
4153
4154 rc = ldap_refresh_s(ld->link, &ldn, lttl, &newttl, NULL, NULL);
4155 if (rc != LDAP_SUCCESS ) {
4156 php_error_docref(NULL, E_WARNING, "Refresh extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4157 RETURN_FALSE;
4158 }
4159
4160 RETURN_LONG(newttl);
4161 }
4162 /* }}} */
4163 #endif
4164
4165 zend_module_entry ldap_module_entry = { /* {{{ */
4166 STANDARD_MODULE_HEADER,
4167 "ldap",
4168 ext_functions,
4169 PHP_MINIT(ldap),
4170 PHP_MSHUTDOWN(ldap),
4171 NULL,
4172 NULL,
4173 PHP_MINFO(ldap),
4174 PHP_LDAP_VERSION,
4175 PHP_MODULE_GLOBALS(ldap),
4176 PHP_GINIT(ldap),
4177 NULL,
4178 NULL,
4179 STANDARD_MODULE_PROPERTIES_EX
4180 };
4181 /* }}} */
4182
