1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | http://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Amitay Isaacs <amitay@w-o-i.com> |
14 | Eric Warnke <ericw@albany.edu> |
15 | Rasmus Lerdorf <rasmus@php.net> |
16 | Gerrit Thomson <334647@swin.edu.au> |
17 | Jani Taskinen <sniper@iki.fi> |
18 | Stig Venaas <venaas@uninett.no> |
19 | Doug Goldstein <cardoe@cardoe.com> |
20 | Côme Chilliet <mcmic@php.net> |
21 | PHP 4.0 updates: Zeev Suraski <zeev@php.net> |
22 +----------------------------------------------------------------------+
23 */
24
25 #ifdef HAVE_CONFIG_H
26 #include "config.h"
27 #endif
28
29 #include "php.h"
30 #include "php_ini.h"
31
32 #include <stddef.h>
33
34 #include "ext/standard/dl.h"
35 #include "php_ldap.h"
36 #include "ldap_arginfo.h"
37
38 #ifdef PHP_WIN32
39 #include <string.h>
40 #include "config.w32.h"
41 #undef WINDOWS
42 #undef strcasecmp
43 #undef strncasecmp
44 #define WINSOCK 1
45 #define __STDC__ 1
46 #endif
47
48 #include "ext/standard/php_string.h"
49 #include "ext/standard/info.h"
50
51 #ifdef HAVE_LDAP_SASL
52 #include <sasl/sasl.h>
53 #endif
54
55 #define PHP_LDAP_ESCAPE_FILTER 0x01
56 #define PHP_LDAP_ESCAPE_DN 0x02
57
58 #if defined(LDAP_CONTROL_PAGEDRESULTS) && !defined(HAVE_LDAP_CONTROL_FIND)
ldap_control_find(const char * oid,LDAPControl ** ctrls,LDAPControl *** nextctrlp)59 LDAPControl *ldap_control_find( const char *oid, LDAPControl **ctrls, LDAPControl ***nextctrlp)
60 {
61 assert(nextctrlp == NULL);
62 return ldap_find_control(oid, ctrls);
63 }
64 #endif
65
66 #if !defined(LDAP_API_FEATURE_X_OPENLDAP)
ldap_memvfree(void ** v)67 void ldap_memvfree(void **v)
68 {
69 ldap_value_free((char **)v);
70 }
71 #endif
72
73 typedef struct {
74 LDAP *link;
75 #if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
76 zval rebindproc;
77 #endif
78 } ldap_linkdata;
79
80 typedef struct {
81 LDAPMessage *data;
82 BerElement *ber;
83 zval res;
84 } ldap_resultentry;
85
86 ZEND_DECLARE_MODULE_GLOBALS(ldap)
87 static PHP_GINIT_FUNCTION(ldap);
88
89 static int le_link, le_result, le_result_entry;
90
91 #ifdef COMPILE_DL_LDAP
92 #ifdef ZTS
93 ZEND_TSRMLS_CACHE_DEFINE()
94 #endif
ZEND_GET_MODULE(ldap)95 ZEND_GET_MODULE(ldap)
96 #endif
97
98 static void _close_ldap_link(zend_resource *rsrc) /* {{{ */
99 {
100 ldap_linkdata *ld = (ldap_linkdata *)rsrc->ptr;
101
102 /* We use ldap_destroy rather than ldap_unbind here, because ldap_unbind
103 * will skip the destructor entirely if a critical client control is set. */
104 ldap_destroy(ld->link);
105
106 #if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
107 zval_ptr_dtor(&ld->rebindproc);
108 #endif
109
110 efree(ld);
111 LDAPG(num_links)--;
112 }
113 /* }}} */
114
_free_ldap_result(zend_resource * rsrc)115 static void _free_ldap_result(zend_resource *rsrc) /* {{{ */
116 {
117 LDAPMessage *result = (LDAPMessage *)rsrc->ptr;
118 ldap_msgfree(result);
119 }
120 /* }}} */
121
_free_ldap_result_entry(zend_resource * rsrc)122 static void _free_ldap_result_entry(zend_resource *rsrc) /* {{{ */
123 {
124 ldap_resultentry *entry = (ldap_resultentry *)rsrc->ptr;
125
126 if (entry->ber != NULL) {
127 ber_free(entry->ber, 0);
128 entry->ber = NULL;
129 }
130 zval_ptr_dtor(&entry->res);
131 efree(entry);
132 }
133 /* }}} */
134
135 /* {{{ Parse controls from and to arrays */
_php_ldap_control_to_array(LDAP * ld,LDAPControl * ctrl,zval * array,int request)136 static void _php_ldap_control_to_array(LDAP *ld, LDAPControl* ctrl, zval* array, int request)
137 {
138 array_init(array);
139
140 add_assoc_string(array, "oid", ctrl->ldctl_oid);
141 if (request) {
142 /* iscritical field only makes sense in request controls (which may be obtained by ldap_get_option) */
143 add_assoc_bool(array, "iscritical", (ctrl->ldctl_iscritical != 0));
144 }
145
146 /* If it is a known oid, parse to values */
147 if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) {
148 int expire = 0, grace = 0, rc;
149 LDAPPasswordPolicyError pperr;
150 zval value;
151
152 rc = ldap_parse_passwordpolicy_control(ld, ctrl, &expire, &grace, &pperr);
153 if ( rc == LDAP_SUCCESS ) {
154 array_init(&value);
155 add_assoc_long(&value, "expire", expire);
156 add_assoc_long(&value, "grace", grace);
157
158 if ( pperr != PP_noError ) {
159 add_assoc_long(&value, "error", pperr);
160 }
161 add_assoc_zval(array, "value", &value);
162 } else {
163 add_assoc_null(array, "value");
164 }
165 } else if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_PAGEDRESULTS) == 0) {
166 int lestimated, rc;
167 struct berval lcookie = { 0L, NULL };
168 zval value;
169
170 if (ctrl->ldctl_value.bv_len) {
171 /* ldap_parse_pageresponse_control() allocates lcookie.bv_val */
172 rc = ldap_parse_pageresponse_control(ld, ctrl, &lestimated, &lcookie);
173 } else {
174 /* ldap_parse_pageresponse_control will crash if value is empty */
175 rc = -1;
176 }
177
178 if ( rc == LDAP_SUCCESS ) {
179 array_init(&value);
180 add_assoc_long(&value, "size", lestimated);
181 add_assoc_stringl(&value, "cookie", lcookie.bv_val, lcookie.bv_len);
182 add_assoc_zval(array, "value", &value);
183 } else {
184 add_assoc_null(array, "value");
185 }
186
187 if (lcookie.bv_val) {
188 ldap_memfree(lcookie.bv_val);
189 }
190 } else if ((strcmp(ctrl->ldctl_oid, LDAP_CONTROL_PRE_READ) == 0) || (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_POST_READ) == 0)) {
191 BerElement *ber;
192 struct berval bv;
193
194 ber = ber_init(&ctrl->ldctl_value);
195 if (ber == NULL) {
196 add_assoc_null(array, "value");
197 } else if (ber_scanf(ber, "{m{" /*}}*/, &bv) == LBER_ERROR) {
198 add_assoc_null(array, "value");
199 } else {
200 zval value;
201
202 array_init(&value);
203 add_assoc_stringl(&value, "dn", bv.bv_val, bv.bv_len);
204
205 while (ber_scanf(ber, "{m" /*}*/, &bv) != LBER_ERROR) {
206 int i;
207 BerVarray vals = NULL;
208 zval tmp;
209
210 if (ber_scanf(ber, "[W]", &vals) == LBER_ERROR || vals == NULL)
211 {
212 break;
213 }
214
215 array_init(&tmp);
216 for (i = 0; vals[i].bv_val != NULL; i++) {
217 add_next_index_stringl(&tmp, vals[i].bv_val, vals[i].bv_len);
218 }
219 add_assoc_zval(&value, bv.bv_val, &tmp);
220
221 ber_bvarray_free(vals);
222 }
223 add_assoc_zval(array, "value", &value);
224 }
225
226 if (ber != NULL) {
227 ber_free(ber, 1);
228 }
229 } else if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_SORTRESPONSE) == 0) {
230 zval value;
231 int errcode, rc;
232 char* attribute;
233
234 if (ctrl->ldctl_value.bv_len) {
235 rc = ldap_parse_sortresponse_control(ld, ctrl, &errcode, &attribute);
236 } else {
237 rc = -1;
238 }
239 if ( rc == LDAP_SUCCESS ) {
240 array_init(&value);
241 add_assoc_long(&value, "errcode", errcode);
242 if (attribute) {
243 add_assoc_string(&value, "attribute", attribute);
244 ldap_memfree(attribute);
245 }
246 add_assoc_zval(array, "value", &value);
247 } else {
248 add_assoc_null(array, "value");
249 }
250 } else if (strcmp(ctrl->ldctl_oid, LDAP_CONTROL_VLVRESPONSE) == 0) {
251 int target, count, errcode, rc;
252 struct berval *context;
253 zval value;
254
255 if (ctrl->ldctl_value.bv_len) {
256 rc = ldap_parse_vlvresponse_control(ld, ctrl, &target, &count, &context, &errcode);
257 } else {
258 rc = -1;
259 }
260 if ( rc == LDAP_SUCCESS ) {
261 array_init(&value);
262 add_assoc_long(&value, "target", target);
263 add_assoc_long(&value, "count", count);
264 add_assoc_long(&value, "errcode", errcode);
265 if (context) {
266 add_assoc_stringl(&value, "context", context->bv_val, context->bv_len);
267 }
268 add_assoc_zval(array, "value", &value);
269 ber_bvfree(context);
270 } else {
271 add_assoc_null(array, "value");
272 }
273 } else {
274 if (ctrl->ldctl_value.bv_len) {
275 add_assoc_stringl(array, "value", ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len);
276 } else {
277 add_assoc_null(array, "value");
278 }
279 }
280 }
281
_php_ldap_control_from_array(LDAP * ld,LDAPControl ** ctrl,zval * array)282 static int _php_ldap_control_from_array(LDAP *ld, LDAPControl** ctrl, zval* array)
283 {
284 zval* val;
285 zend_string *control_oid;
286 int control_iscritical = 0, rc = LDAP_SUCCESS;
287 char** ldap_attrs = NULL;
288 LDAPSortKey** sort_keys = NULL;
289 zend_string *tmpstring = NULL, **tmpstrings1 = NULL, **tmpstrings2 = NULL;
290 size_t num_tmpstrings1 = 0, num_tmpstrings2 = 0;
291
292 if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "oid", sizeof("oid") - 1)) == NULL) {
293 zend_value_error("%s(): Control must have an \"oid\" key", get_active_function_name());
294 return -1;
295 }
296
297 control_oid = zval_get_string(val);
298 if (EG(exception)) {
299 return -1;
300 }
301
302 if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "iscritical", sizeof("iscritical") - 1)) != NULL) {
303 control_iscritical = zend_is_true(val);
304 } else {
305 control_iscritical = 0;
306 }
307
308 BerElement *ber = NULL;
309 struct berval control_value = { 0L, NULL };
310 int control_value_alloc = 0;
311
312 if ((val = zend_hash_str_find(Z_ARRVAL_P(array), "value", sizeof("value") - 1)) != NULL) {
313 if (Z_TYPE_P(val) != IS_ARRAY) {
314 tmpstring = zval_get_string(val);
315 if (EG(exception)) {
316 rc = -1;
317 goto failure;
318 }
319 control_value.bv_val = ZSTR_VAL(tmpstring);
320 control_value.bv_len = ZSTR_LEN(tmpstring);
321 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_PAGEDRESULTS) == 0) {
322 zval* tmp;
323 int pagesize = 1;
324 struct berval cookie = { 0L, NULL };
325 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "size", sizeof("size") - 1)) != NULL) {
326 pagesize = zval_get_long(tmp);
327 }
328 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "cookie", sizeof("cookie") - 1)) != NULL) {
329 tmpstring = zval_get_string(tmp);
330 if (EG(exception)) {
331 rc = -1;
332 goto failure;
333 }
334 cookie.bv_val = ZSTR_VAL(tmpstring);
335 cookie.bv_len = ZSTR_LEN(tmpstring);
336 }
337 /* ldap_create_page_control_value() allocates memory for control_value.bv_val */
338 control_value_alloc = 1;
339 rc = ldap_create_page_control_value(ld, pagesize, &cookie, &control_value);
340 if (rc != LDAP_SUCCESS) {
341 php_error_docref(NULL, E_WARNING, "Failed to create paged result control value: %s (%d)", ldap_err2string(rc), rc);
342 }
343 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_ASSERT) == 0) {
344 zval* tmp;
345 zend_string* assert;
346 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "filter", sizeof("filter") - 1)) == NULL) {
347 rc = -1;
348 zend_value_error("%s(): Control must have a \"filter\" key", get_active_function_name());
349 } else {
350 assert = zval_get_string(tmp);
351 if (EG(exception)) {
352 rc = -1;
353 goto failure;
354 }
355 /* ldap_create_assertion_control_value does not reset ld_errno, we need to do it ourselves
356 See http://www.openldap.org/its/index.cgi/Incoming?id=8674 */
357 int success = LDAP_SUCCESS;
358 ldap_set_option(ld, LDAP_OPT_RESULT_CODE, &success);
359 /* ldap_create_assertion_control_value() allocates memory for control_value.bv_val */
360 control_value_alloc = 1;
361 rc = ldap_create_assertion_control_value(ld, ZSTR_VAL(assert), &control_value);
362 if (rc != LDAP_SUCCESS) {
363 php_error_docref(NULL, E_WARNING, "Failed to create assert control value: %s (%d)", ldap_err2string(rc), rc);
364 }
365 zend_string_release(assert);
366 }
367 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_VALUESRETURNFILTER) == 0) {
368 zval* tmp;
369 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "filter", sizeof("filter") - 1)) == NULL) {
370 rc = -1;
371 zend_value_error("%s(): Control must have a \"filter\" key", get_active_function_name());
372 } else {
373 ber = ber_alloc_t(LBER_USE_DER);
374 if (ber == NULL) {
375 rc = -1;
376 php_error_docref(NULL, E_WARNING, "Failed to allocate control value");
377 } else {
378 tmpstring = zval_get_string(tmp);
379 if (EG(exception)) {
380 rc = -1;
381 goto failure;
382 }
383 if (ldap_put_vrFilter(ber, ZSTR_VAL(tmpstring)) == -1) {
384 rc = -1;
385 php_error_docref(NULL, E_WARNING, "Failed to create control value: Bad ValuesReturnFilter: %s", ZSTR_VAL(tmpstring));
386 } else if (ber_flatten2(ber, &control_value, control_value_alloc) == -1) {
387 rc = -1;
388 }
389 }
390 }
391 } else if ((strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_PRE_READ) == 0) || (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_POST_READ) == 0)) {
392 zval* tmp;
393 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "attrs", sizeof("attrs") - 1)) == NULL) {
394 rc = -1;
395 zend_value_error("%s(): Control must have an \"attrs\" key", get_active_function_name());
396 } else {
397 ber = ber_alloc_t(LBER_USE_DER);
398
399 if (ber == NULL) {
400 rc = -1;
401 php_error_docref(NULL, E_WARNING, "Failed to allocate control value");
402 } else {
403 int num_attribs, i;
404 zval* attr;
405
406 num_attribs = zend_hash_num_elements(Z_ARRVAL_P(tmp));
407 ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0);
408 tmpstrings1 = safe_emalloc(num_attribs, sizeof(zend_string*), 0);
409 num_tmpstrings1 = 0;
410
411 for (i = 0; i<num_attribs; i++) {
412 if ((attr = zend_hash_index_find(Z_ARRVAL_P(tmp), i)) == NULL) {
413 rc = -1;
414 php_error_docref(NULL, E_WARNING, "Failed to encode attribute list");
415 goto failure;
416 }
417
418 tmpstrings1[num_tmpstrings1] = zval_get_string(attr);
419 if (EG(exception)) {
420 rc = -1;
421 goto failure;
422 }
423 ldap_attrs[i] = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
424 ++num_tmpstrings1;
425 }
426 ldap_attrs[num_attribs] = NULL;
427
428 ber_init2( ber, NULL, LBER_USE_DER );
429
430 if (ber_printf(ber, "{v}", ldap_attrs) == -1) {
431 rc = -1;
432 php_error_docref(NULL, E_WARNING, "Failed to encode attribute list");
433 } else {
434 int err;
435 err = ber_flatten2(ber, &control_value, control_value_alloc);
436 if (err < 0) {
437 rc = -1;
438 php_error_docref(NULL, E_WARNING, "Failed to encode control value (%d)", err);
439 }
440 }
441 }
442 }
443 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_SORTREQUEST) == 0) {
444 int num_keys, i;
445 zval *sortkey, *tmp;
446
447 num_keys = zend_hash_num_elements(Z_ARRVAL_P(val));
448 sort_keys = safe_emalloc((num_keys+1), sizeof(LDAPSortKey*), 0);
449 tmpstrings1 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
450 tmpstrings2 = safe_emalloc(num_keys, sizeof(zend_string*), 0);
451 num_tmpstrings1 = 0;
452 num_tmpstrings2 = 0;
453
454 for (i = 0; i<num_keys; i++) {
455 if ((sortkey = zend_hash_index_find(Z_ARRVAL_P(val), i)) == NULL) {
456 rc = -1;
457 php_error_docref(NULL, E_WARNING, "Failed to encode sort keys list");
458 goto failure;
459 }
460
461 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "attr", sizeof("attr") - 1)) == NULL) {
462 rc = -1;
463 zend_value_error("%s(): Sort key list must have an \"attr\" key", get_active_function_name());
464 goto failure;
465 }
466 sort_keys[i] = emalloc(sizeof(LDAPSortKey));
467 tmpstrings1[num_tmpstrings1] = zval_get_string(tmp);
468 if (EG(exception)) {
469 rc = -1;
470 goto failure;
471 }
472 sort_keys[i]->attributeType = ZSTR_VAL(tmpstrings1[num_tmpstrings1]);
473 ++num_tmpstrings1;
474
475 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "oid", sizeof("oid") - 1)) != NULL) {
476 tmpstrings2[num_tmpstrings2] = zval_get_string(tmp);
477 if (EG(exception)) {
478 rc = -1;
479 goto failure;
480 }
481 sort_keys[i]->orderingRule = ZSTR_VAL(tmpstrings2[num_tmpstrings2]);
482 ++num_tmpstrings2;
483 } else {
484 sort_keys[i]->orderingRule = NULL;
485 }
486
487 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(sortkey), "reverse", sizeof("reverse") - 1)) != NULL) {
488 sort_keys[i]->reverseOrder = zend_is_true(tmp);
489 } else {
490 sort_keys[i]->reverseOrder = 0;
491 }
492 }
493 sort_keys[num_keys] = NULL;
494 /* ldap_create_sort_control_value() allocates memory for control_value.bv_val */
495 control_value_alloc = 1;
496 rc = ldap_create_sort_control_value(ld, sort_keys, &control_value);
497 if (rc != LDAP_SUCCESS) {
498 php_error_docref(NULL, E_WARNING, "Failed to create sort control value: %s (%d)", ldap_err2string(rc), rc);
499 }
500 } else if (strcmp(ZSTR_VAL(control_oid), LDAP_CONTROL_VLVREQUEST) == 0) {
501 zval* tmp;
502 LDAPVLVInfo vlvInfo;
503 struct berval attrValue;
504 struct berval context;
505
506 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "before", sizeof("before") - 1)) != NULL) {
507 vlvInfo.ldvlv_before_count = zval_get_long(tmp);
508 } else {
509 rc = -1;
510 zend_value_error("%s(): Array value for VLV control must have a \"before\" key", get_active_function_name());
511 goto failure;
512 }
513
514 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "after", sizeof("after") - 1)) != NULL) {
515 vlvInfo.ldvlv_after_count = zval_get_long(tmp);
516 } else {
517 rc = -1;
518 zend_value_error("%s(): Array value for VLV control must have an \"after\" key", get_active_function_name());
519 goto failure;
520 }
521
522 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "attrvalue", sizeof("attrvalue") - 1)) != NULL) {
523 tmpstring = zval_get_string(tmp);
524 if (EG(exception)) {
525 rc = -1;
526 goto failure;
527 }
528 attrValue.bv_val = ZSTR_VAL(tmpstring);
529 attrValue.bv_len = ZSTR_LEN(tmpstring);
530 vlvInfo.ldvlv_attrvalue = &attrValue;
531 } else if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "offset", sizeof("offset") - 1)) != NULL) {
532 vlvInfo.ldvlv_attrvalue = NULL;
533 vlvInfo.ldvlv_offset = zval_get_long(tmp);
534 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "count", sizeof("count") - 1)) != NULL) {
535 vlvInfo.ldvlv_count = zval_get_long(tmp);
536 } else {
537 rc = -1;
538 zend_value_error("%s(): Array value for VLV control must have a \"count\" key", get_active_function_name());
539 goto failure;
540 }
541 } else {
542 rc = -1;
543 zend_value_error("%s(): Array value for VLV control must have either an \"attrvalue\" or an \"offset\" key", get_active_function_name());
544 goto failure;
545 }
546
547 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(val), "context", sizeof("context") - 1)) != NULL) {
548 tmpstring = zval_get_string(tmp);
549 if (EG(exception)) {
550 rc = -1;
551 goto failure;
552 }
553 context.bv_val = ZSTR_VAL(tmpstring);
554 context.bv_len = ZSTR_LEN(tmpstring);
555 vlvInfo.ldvlv_context = &context;
556 } else {
557 vlvInfo.ldvlv_context = NULL;
558 }
559
560 /* ldap_create_vlv_control_value() allocates memory for control_value.bv_val */
561 control_value_alloc = 1;
562 rc = ldap_create_vlv_control_value(ld, &vlvInfo, &control_value);
563 if (rc != LDAP_SUCCESS) {
564 php_error_docref(NULL, E_WARNING, "Failed to create VLV control value: %s (%d)", ldap_err2string(rc), rc);
565 }
566 } else {
567 zend_type_error("%s(): Control OID %s cannot be of type array", get_active_function_name(), ZSTR_VAL(control_oid));
568 rc = -1;
569 }
570 }
571
572 if (rc == LDAP_SUCCESS) {
573 rc = ldap_control_create(ZSTR_VAL(control_oid), control_iscritical, &control_value, 1, ctrl);
574 }
575
576 failure:
577 zend_string_release(control_oid);
578 if (tmpstring != NULL) {
579 zend_string_release(tmpstring);
580 }
581 if (tmpstrings1 != NULL) {
582 int i;
583 for (i = 0; i < num_tmpstrings1; ++i) {
584 zend_string_release(tmpstrings1[i]);
585 }
586 efree(tmpstrings1);
587 }
588 if (tmpstrings2 != NULL) {
589 int i;
590 for (i = 0; i < num_tmpstrings2; ++i) {
591 zend_string_release(tmpstrings2[i]);
592 }
593 efree(tmpstrings2);
594 }
595 if (control_value.bv_val != NULL && control_value_alloc != 0) {
596 ber_memfree(control_value.bv_val);
597 }
598 if (ber != NULL) {
599 ber_free(ber, 1);
600 }
601 if (ldap_attrs != NULL) {
602 efree(ldap_attrs);
603 }
604 if (sort_keys != NULL) {
605 LDAPSortKey** sortp = sort_keys;
606 while (*sortp) {
607 efree(*sortp);
608 sortp++;
609 }
610 efree(sort_keys);
611 sort_keys = NULL;
612 }
613
614 if (rc == LDAP_SUCCESS) {
615 return LDAP_SUCCESS;
616 }
617
618 /* Failed */
619 *ctrl = NULL;
620 return -1;
621 }
622
_php_ldap_controls_to_array(LDAP * ld,LDAPControl ** ctrls,zval * array,int request)623 static void _php_ldap_controls_to_array(LDAP *ld, LDAPControl** ctrls, zval* array, int request)
624 {
625 zval tmp1;
626 LDAPControl **ctrlp;
627
628 array = zend_try_array_init(array);
629 if (!array) {
630 return;
631 }
632
633 if (ctrls == NULL) {
634 return;
635 }
636 ctrlp = ctrls;
637 while (*ctrlp != NULL) {
638 _php_ldap_control_to_array(ld, *ctrlp, &tmp1, request);
639 add_assoc_zval(array, (*ctrlp)->ldctl_oid, &tmp1);
640 ctrlp++;
641 }
642 ldap_controls_free(ctrls);
643 }
644
_php_ldap_controls_from_array(LDAP * ld,zval * array,uint32_t arg_num)645 static LDAPControl** _php_ldap_controls_from_array(LDAP *ld, zval* array, uint32_t arg_num)
646 {
647 int ncontrols;
648 LDAPControl** ctrlp, **ctrls = NULL;
649 zval* ctrlarray;
650 int error = 0;
651
652 ncontrols = zend_hash_num_elements(Z_ARRVAL_P(array));
653 ctrls = safe_emalloc((1 + ncontrols), sizeof(*ctrls), 0);
654 *ctrls = NULL;
655 ctrlp = ctrls;
656 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(array), ctrlarray) {
657 if (Z_TYPE_P(ctrlarray) != IS_ARRAY) {
658 zend_argument_type_error(arg_num, "must contain only arrays, where each array is a control");
659 error = 1;
660 break;
661 }
662
663 if (_php_ldap_control_from_array(ld, ctrlp, ctrlarray) == LDAP_SUCCESS) {
664 ++ctrlp;
665 } else {
666 error = 1;
667 break;
668 }
669
670 *ctrlp = NULL;
671 } ZEND_HASH_FOREACH_END();
672
673 if (error) {
674 ctrlp = ctrls;
675 while (*ctrlp) {
676 ldap_control_free(*ctrlp);
677 ctrlp++;
678 }
679 efree(ctrls);
680 ctrls = NULL;
681 }
682
683 return ctrls;
684 }
685
_php_ldap_controls_free(LDAPControl *** ctrls)686 static void _php_ldap_controls_free (LDAPControl*** ctrls)
687 {
688 LDAPControl **ctrlp;
689
690 if (*ctrls) {
691 ctrlp = *ctrls;
692 while (*ctrlp) {
693 ldap_control_free(*ctrlp);
694 ctrlp++;
695 }
696 efree(*ctrls);
697 *ctrls = NULL;
698 }
699 }
700 /* }}} */
701
702 /* {{{ PHP_INI_BEGIN */
703 PHP_INI_BEGIN()
704 STD_PHP_INI_ENTRY_EX("ldap.max_links", "-1", PHP_INI_SYSTEM, OnUpdateLong, max_links, zend_ldap_globals, ldap_globals, display_link_numbers)
PHP_INI_END()705 PHP_INI_END()
706 /* }}} */
707
708 /* {{{ PHP_GINIT_FUNCTION */
709 static PHP_GINIT_FUNCTION(ldap)
710 {
711 #if defined(COMPILE_DL_LDAP) && defined(ZTS)
712 ZEND_TSRMLS_CACHE_UPDATE();
713 #endif
714 ldap_globals->num_links = 0;
715 }
716 /* }}} */
717
718 /* {{{ PHP_MINIT_FUNCTION */
PHP_MINIT_FUNCTION(ldap)719 PHP_MINIT_FUNCTION(ldap)
720 {
721 REGISTER_INI_ENTRIES();
722
723 /* Constants to be used with deref-parameter in php_ldap_do_search() */
724 REGISTER_LONG_CONSTANT("LDAP_DEREF_NEVER", LDAP_DEREF_NEVER, CONST_PERSISTENT | CONST_CS);
725 REGISTER_LONG_CONSTANT("LDAP_DEREF_SEARCHING", LDAP_DEREF_SEARCHING, CONST_PERSISTENT | CONST_CS);
726 REGISTER_LONG_CONSTANT("LDAP_DEREF_FINDING", LDAP_DEREF_FINDING, CONST_PERSISTENT | CONST_CS);
727 REGISTER_LONG_CONSTANT("LDAP_DEREF_ALWAYS", LDAP_DEREF_ALWAYS, CONST_PERSISTENT | CONST_CS);
728
729 /* Constants to be used with ldap_modify_batch() */
730 REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_ADD", LDAP_MODIFY_BATCH_ADD, CONST_PERSISTENT | CONST_CS);
731 REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REMOVE", LDAP_MODIFY_BATCH_REMOVE, CONST_PERSISTENT | CONST_CS);
732 REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REMOVE_ALL", LDAP_MODIFY_BATCH_REMOVE_ALL, CONST_PERSISTENT | CONST_CS);
733 REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REPLACE", LDAP_MODIFY_BATCH_REPLACE, CONST_PERSISTENT | CONST_CS);
734 REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_ATTRIB", LDAP_MODIFY_BATCH_ATTRIB, CONST_PERSISTENT | CONST_CS);
735 REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_MODTYPE", LDAP_MODIFY_BATCH_MODTYPE, CONST_PERSISTENT | CONST_CS);
736 REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_VALUES", LDAP_MODIFY_BATCH_VALUES, CONST_PERSISTENT | CONST_CS);
737
738 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP)
739 /* LDAP options */
740 REGISTER_LONG_CONSTANT("LDAP_OPT_DEREF", LDAP_OPT_DEREF, CONST_PERSISTENT | CONST_CS);
741 REGISTER_LONG_CONSTANT("LDAP_OPT_SIZELIMIT", LDAP_OPT_SIZELIMIT, CONST_PERSISTENT | CONST_CS);
742 REGISTER_LONG_CONSTANT("LDAP_OPT_TIMELIMIT", LDAP_OPT_TIMELIMIT, CONST_PERSISTENT | CONST_CS);
743 #ifdef LDAP_OPT_NETWORK_TIMEOUT
744 REGISTER_LONG_CONSTANT("LDAP_OPT_NETWORK_TIMEOUT", LDAP_OPT_NETWORK_TIMEOUT, CONST_PERSISTENT | CONST_CS);
745 #elif defined (LDAP_X_OPT_CONNECT_TIMEOUT)
746 REGISTER_LONG_CONSTANT("LDAP_OPT_NETWORK_TIMEOUT", LDAP_X_OPT_CONNECT_TIMEOUT, CONST_PERSISTENT | CONST_CS);
747 #endif
748 #ifdef LDAP_OPT_TIMEOUT
749 REGISTER_LONG_CONSTANT("LDAP_OPT_TIMEOUT", LDAP_OPT_TIMEOUT, CONST_PERSISTENT | CONST_CS);
750 #endif
751 REGISTER_LONG_CONSTANT("LDAP_OPT_PROTOCOL_VERSION", LDAP_OPT_PROTOCOL_VERSION, CONST_PERSISTENT | CONST_CS);
752 REGISTER_LONG_CONSTANT("LDAP_OPT_ERROR_NUMBER", LDAP_OPT_ERROR_NUMBER, CONST_PERSISTENT | CONST_CS);
753 REGISTER_LONG_CONSTANT("LDAP_OPT_REFERRALS", LDAP_OPT_REFERRALS, CONST_PERSISTENT | CONST_CS);
754 #ifdef LDAP_OPT_RESTART
755 REGISTER_LONG_CONSTANT("LDAP_OPT_RESTART", LDAP_OPT_RESTART, CONST_PERSISTENT | CONST_CS);
756 #endif
757 #ifdef LDAP_OPT_HOST_NAME
758 REGISTER_LONG_CONSTANT("LDAP_OPT_HOST_NAME", LDAP_OPT_HOST_NAME, CONST_PERSISTENT | CONST_CS);
759 #endif
760 REGISTER_LONG_CONSTANT("LDAP_OPT_ERROR_STRING", LDAP_OPT_ERROR_STRING, CONST_PERSISTENT | CONST_CS);
761 #ifdef LDAP_OPT_MATCHED_DN
762 REGISTER_LONG_CONSTANT("LDAP_OPT_MATCHED_DN", LDAP_OPT_MATCHED_DN, CONST_PERSISTENT | CONST_CS);
763 #endif
764 REGISTER_LONG_CONSTANT("LDAP_OPT_SERVER_CONTROLS", LDAP_OPT_SERVER_CONTROLS, CONST_PERSISTENT | CONST_CS);
765 REGISTER_LONG_CONSTANT("LDAP_OPT_CLIENT_CONTROLS", LDAP_OPT_CLIENT_CONTROLS, CONST_PERSISTENT | CONST_CS);
766 #endif
767 #ifdef LDAP_OPT_DEBUG_LEVEL
768 REGISTER_LONG_CONSTANT("LDAP_OPT_DEBUG_LEVEL", LDAP_OPT_DEBUG_LEVEL, CONST_PERSISTENT | CONST_CS);
769 #endif
770
771 #ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE
772 REGISTER_LONG_CONSTANT("LDAP_OPT_DIAGNOSTIC_MESSAGE", LDAP_OPT_DIAGNOSTIC_MESSAGE, CONST_PERSISTENT | CONST_CS);
773 #endif
774
775 #ifdef HAVE_LDAP_SASL
776 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_MECH", LDAP_OPT_X_SASL_MECH, CONST_PERSISTENT | CONST_CS);
777 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_REALM", LDAP_OPT_X_SASL_REALM, CONST_PERSISTENT | CONST_CS);
778 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_AUTHCID", LDAP_OPT_X_SASL_AUTHCID, CONST_PERSISTENT | CONST_CS);
779 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_AUTHZID", LDAP_OPT_X_SASL_AUTHZID, CONST_PERSISTENT | CONST_CS);
780 #endif
781 #ifdef LDAP_OPT_X_SASL_NOCANON
782 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_NOCANON", LDAP_OPT_X_SASL_NOCANON, CONST_PERSISTENT | CONST_CS);
783 #endif
784 #ifdef LDAP_OPT_X_SASL_USERNAME
785 REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_USERNAME", LDAP_OPT_X_SASL_USERNAME, CONST_PERSISTENT | CONST_CS);
786 #endif
787
788 #ifdef ORALDAP
789 REGISTER_LONG_CONSTANT("GSLC_SSL_NO_AUTH", GSLC_SSL_NO_AUTH, CONST_PERSISTENT | CONST_CS);
790 REGISTER_LONG_CONSTANT("GSLC_SSL_ONEWAY_AUTH", GSLC_SSL_ONEWAY_AUTH, CONST_PERSISTENT | CONST_CS);
791 REGISTER_LONG_CONSTANT("GSLC_SSL_TWOWAY_AUTH", GSLC_SSL_TWOWAY_AUTH, CONST_PERSISTENT | CONST_CS);
792 #endif
793
794 #if (LDAP_API_VERSION > 2000)
795 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_REQUIRE_CERT", LDAP_OPT_X_TLS_REQUIRE_CERT, CONST_PERSISTENT | CONST_CS);
796
797 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_NEVER", LDAP_OPT_X_TLS_NEVER, CONST_PERSISTENT | CONST_CS);
798 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_HARD", LDAP_OPT_X_TLS_HARD, CONST_PERSISTENT | CONST_CS);
799 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_DEMAND", LDAP_OPT_X_TLS_DEMAND, CONST_PERSISTENT | CONST_CS);
800 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_ALLOW", LDAP_OPT_X_TLS_ALLOW, CONST_PERSISTENT | CONST_CS);
801 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_TRY", LDAP_OPT_X_TLS_TRY, CONST_PERSISTENT | CONST_CS);
802
803 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CACERTDIR", LDAP_OPT_X_TLS_CACERTDIR, CONST_PERSISTENT | CONST_CS);
804 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CACERTFILE", LDAP_OPT_X_TLS_CACERTFILE, CONST_PERSISTENT | CONST_CS);
805 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CERTFILE", LDAP_OPT_X_TLS_CERTFILE, CONST_PERSISTENT | CONST_CS);
806 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CIPHER_SUITE", LDAP_OPT_X_TLS_CIPHER_SUITE, CONST_PERSISTENT | CONST_CS);
807 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_KEYFILE", LDAP_OPT_X_TLS_KEYFILE, CONST_PERSISTENT | CONST_CS);
808 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_RANDOM_FILE", LDAP_OPT_X_TLS_RANDOM_FILE, CONST_PERSISTENT | CONST_CS);
809 #endif
810
811 #ifdef LDAP_OPT_X_TLS_CRLCHECK
812 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CRLCHECK", LDAP_OPT_X_TLS_CRLCHECK, CONST_PERSISTENT | CONST_CS);
813
814 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CRL_NONE", LDAP_OPT_X_TLS_CRL_NONE, CONST_PERSISTENT | CONST_CS);
815 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CRL_PEER", LDAP_OPT_X_TLS_CRL_PEER, CONST_PERSISTENT | CONST_CS);
816 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CRL_ALL", LDAP_OPT_X_TLS_CRL_ALL, CONST_PERSISTENT | CONST_CS);
817 #endif
818
819 #ifdef LDAP_OPT_X_TLS_DHFILE
820 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_DHFILE", LDAP_OPT_X_TLS_DHFILE, CONST_PERSISTENT | CONST_CS);
821 #endif
822
823 #ifdef LDAP_OPT_X_TLS_CRLFILE
824 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_CRLFILE", LDAP_OPT_X_TLS_CRLFILE, CONST_PERSISTENT | CONST_CS);
825 #endif
826
827 #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
828 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_MIN", LDAP_OPT_X_TLS_PROTOCOL_MIN, CONST_PERSISTENT | CONST_CS);
829
830 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_SSL2", LDAP_OPT_X_TLS_PROTOCOL_SSL2, CONST_PERSISTENT | CONST_CS);
831 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_SSL3", LDAP_OPT_X_TLS_PROTOCOL_SSL3, CONST_PERSISTENT | CONST_CS);
832 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_TLS1_0", LDAP_OPT_X_TLS_PROTOCOL_TLS1_0, CONST_PERSISTENT | CONST_CS);
833 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_TLS1_1", LDAP_OPT_X_TLS_PROTOCOL_TLS1_1, CONST_PERSISTENT | CONST_CS);
834 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PROTOCOL_TLS1_2", LDAP_OPT_X_TLS_PROTOCOL_TLS1_2, CONST_PERSISTENT | CONST_CS);
835 #endif
836
837 #ifdef LDAP_OPT_X_TLS_PACKAGE
838 REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_PACKAGE", LDAP_OPT_X_TLS_PACKAGE, CONST_PERSISTENT | CONST_CS);
839 #endif
840
841 #ifdef LDAP_OPT_X_KEEPALIVE_IDLE
842 REGISTER_LONG_CONSTANT("LDAP_OPT_X_KEEPALIVE_IDLE", LDAP_OPT_X_KEEPALIVE_IDLE, CONST_PERSISTENT | CONST_CS);
843 REGISTER_LONG_CONSTANT("LDAP_OPT_X_KEEPALIVE_PROBES", LDAP_OPT_X_KEEPALIVE_PROBES, CONST_PERSISTENT | CONST_CS);
844 REGISTER_LONG_CONSTANT("LDAP_OPT_X_KEEPALIVE_INTERVAL", LDAP_OPT_X_KEEPALIVE_INTERVAL, CONST_PERSISTENT | CONST_CS);
845 #endif
846
847 REGISTER_LONG_CONSTANT("LDAP_ESCAPE_FILTER", PHP_LDAP_ESCAPE_FILTER, CONST_PERSISTENT | CONST_CS);
848 REGISTER_LONG_CONSTANT("LDAP_ESCAPE_DN", PHP_LDAP_ESCAPE_DN, CONST_PERSISTENT | CONST_CS);
849
850 #ifdef HAVE_LDAP_EXTENDED_OPERATION_S
851 REGISTER_STRING_CONSTANT("LDAP_EXOP_START_TLS", LDAP_EXOP_START_TLS, CONST_PERSISTENT | CONST_CS);
852 REGISTER_STRING_CONSTANT("LDAP_EXOP_MODIFY_PASSWD", LDAP_EXOP_MODIFY_PASSWD, CONST_PERSISTENT | CONST_CS);
853 REGISTER_STRING_CONSTANT("LDAP_EXOP_REFRESH", LDAP_EXOP_REFRESH, CONST_PERSISTENT | CONST_CS);
854 REGISTER_STRING_CONSTANT("LDAP_EXOP_WHO_AM_I", LDAP_EXOP_WHO_AM_I, CONST_PERSISTENT | CONST_CS);
855 REGISTER_STRING_CONSTANT("LDAP_EXOP_TURN", LDAP_EXOP_TURN, CONST_PERSISTENT | CONST_CS);
856 #endif
857
858 /* LDAP Controls */
859 /* standard track controls */
860 #ifdef LDAP_CONTROL_MANAGEDSAIT
861 /* RFC 3296 */
862 REGISTER_STRING_CONSTANT("LDAP_CONTROL_MANAGEDSAIT", LDAP_CONTROL_MANAGEDSAIT, CONST_PERSISTENT | CONST_CS);
863 #endif
864 #ifdef LDAP_CONTROL_PROXY_AUTHZ
865 /* RFC 4370 */
866 REGISTER_STRING_CONSTANT("LDAP_CONTROL_PROXY_AUTHZ", LDAP_CONTROL_PROXY_AUTHZ, CONST_PERSISTENT | CONST_CS);
867 #endif
868 #ifdef LDAP_CONTROL_SUBENTRIES
869 /* RFC 3672 */
870 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SUBENTRIES", LDAP_CONTROL_SUBENTRIES, CONST_PERSISTENT | CONST_CS);
871 #endif
872 #ifdef LDAP_CONTROL_VALUESRETURNFILTER
873 /* RFC 3876 */
874 REGISTER_STRING_CONSTANT("LDAP_CONTROL_VALUESRETURNFILTER", LDAP_CONTROL_VALUESRETURNFILTER, CONST_PERSISTENT | CONST_CS);
875 #endif
876 #ifdef LDAP_CONTROL_ASSERT
877 /* RFC 4528 */
878 REGISTER_STRING_CONSTANT("LDAP_CONTROL_ASSERT", LDAP_CONTROL_ASSERT, CONST_PERSISTENT | CONST_CS);
879 /* RFC 4527 */
880 REGISTER_STRING_CONSTANT("LDAP_CONTROL_PRE_READ", LDAP_CONTROL_PRE_READ, CONST_PERSISTENT | CONST_CS);
881 REGISTER_STRING_CONSTANT("LDAP_CONTROL_POST_READ", LDAP_CONTROL_POST_READ, CONST_PERSISTENT | CONST_CS);
882 #endif
883 #ifdef LDAP_CONTROL_SORTREQUEST
884 /* RFC 2891 */
885 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SORTREQUEST", LDAP_CONTROL_SORTREQUEST, CONST_PERSISTENT | CONST_CS);
886 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SORTRESPONSE", LDAP_CONTROL_SORTRESPONSE, CONST_PERSISTENT | CONST_CS);
887 #endif
888 /* non-standard track controls */
889 #ifdef LDAP_CONTROL_PAGEDRESULTS
890 /* RFC 2696 */
891 REGISTER_STRING_CONSTANT("LDAP_CONTROL_PAGEDRESULTS", LDAP_CONTROL_PAGEDRESULTS, CONST_PERSISTENT | CONST_CS);
892 #endif
893 #ifdef LDAP_CONTROL_AUTHZID_REQUEST
894 /* RFC 3829 */
895 REGISTER_STRING_CONSTANT("LDAP_CONTROL_AUTHZID_REQUEST", LDAP_CONTROL_AUTHZID_REQUEST, CONST_PERSISTENT | CONST_CS);
896 REGISTER_STRING_CONSTANT("LDAP_CONTROL_AUTHZID_RESPONSE", LDAP_CONTROL_AUTHZID_RESPONSE, CONST_PERSISTENT | CONST_CS);
897 #endif
898 #ifdef LDAP_CONTROL_SYNC
899 /* LDAP Content Synchronization Operation -- RFC 4533 */
900 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC", LDAP_CONTROL_SYNC, CONST_PERSISTENT | CONST_CS);
901 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC_STATE", LDAP_CONTROL_SYNC_STATE, CONST_PERSISTENT | CONST_CS);
902 REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC_DONE", LDAP_CONTROL_SYNC_DONE, CONST_PERSISTENT | CONST_CS);
903 #endif
904 #ifdef LDAP_CONTROL_DONTUSECOPY
905 /* LDAP Don't Use Copy Control (RFC 6171) */
906 REGISTER_STRING_CONSTANT("LDAP_CONTROL_DONTUSECOPY", LDAP_CONTROL_DONTUSECOPY, CONST_PERSISTENT | CONST_CS);
907 #endif
908 #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
909 /* Password policy Controls */
910 REGISTER_STRING_CONSTANT("LDAP_CONTROL_PASSWORDPOLICYREQUEST", LDAP_CONTROL_PASSWORDPOLICYREQUEST, CONST_PERSISTENT | CONST_CS);
911 REGISTER_STRING_CONSTANT("LDAP_CONTROL_PASSWORDPOLICYRESPONSE", LDAP_CONTROL_PASSWORDPOLICYRESPONSE, CONST_PERSISTENT | CONST_CS);
912 #endif
913 #ifdef LDAP_CONTROL_X_INCREMENTAL_VALUES
914 /* MS Active Directory controls */
915 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_INCREMENTAL_VALUES", LDAP_CONTROL_X_INCREMENTAL_VALUES, CONST_PERSISTENT | CONST_CS);
916 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_DOMAIN_SCOPE", LDAP_CONTROL_X_DOMAIN_SCOPE, CONST_PERSISTENT | CONST_CS);
917 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_PERMISSIVE_MODIFY", LDAP_CONTROL_X_PERMISSIVE_MODIFY, CONST_PERSISTENT | CONST_CS);
918 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_SEARCH_OPTIONS", LDAP_CONTROL_X_SEARCH_OPTIONS, CONST_PERSISTENT | CONST_CS);
919 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_TREE_DELETE", LDAP_CONTROL_X_TREE_DELETE, CONST_PERSISTENT | CONST_CS);
920 REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_EXTENDED_DN", LDAP_CONTROL_X_EXTENDED_DN, CONST_PERSISTENT | CONST_CS);
921 #endif
922 #ifdef LDAP_CONTROL_VLVREQUEST
923 /* LDAP VLV */
924 REGISTER_STRING_CONSTANT("LDAP_CONTROL_VLVREQUEST", LDAP_CONTROL_VLVREQUEST, CONST_PERSISTENT | CONST_CS);
925 REGISTER_STRING_CONSTANT("LDAP_CONTROL_VLVRESPONSE", LDAP_CONTROL_VLVRESPONSE, CONST_PERSISTENT | CONST_CS);
926 #endif
927
928 le_link = zend_register_list_destructors_ex(_close_ldap_link, NULL, "ldap link", module_number);
929 le_result = zend_register_list_destructors_ex(_free_ldap_result, NULL, "ldap result", module_number);
930 le_result_entry = zend_register_list_destructors_ex(_free_ldap_result_entry, NULL, "ldap result entry", module_number);
931
932 ldap_module_entry.type = type;
933
934 return SUCCESS;
935 }
936 /* }}} */
937
938 /* {{{ PHP_MSHUTDOWN_FUNCTION */
PHP_MSHUTDOWN_FUNCTION(ldap)939 PHP_MSHUTDOWN_FUNCTION(ldap)
940 {
941 UNREGISTER_INI_ENTRIES();
942 return SUCCESS;
943 }
944 /* }}} */
945
946 /* {{{ PHP_MINFO_FUNCTION */
PHP_MINFO_FUNCTION(ldap)947 PHP_MINFO_FUNCTION(ldap)
948 {
949 char tmp[32];
950
951 php_info_print_table_start();
952 php_info_print_table_row(2, "LDAP Support", "enabled");
953
954 if (LDAPG(max_links) == -1) {
955 snprintf(tmp, 31, ZEND_LONG_FMT "/unlimited", LDAPG(num_links));
956 } else {
957 snprintf(tmp, 31, ZEND_LONG_FMT "/" ZEND_LONG_FMT, LDAPG(num_links), LDAPG(max_links));
958 }
959 php_info_print_table_row(2, "Total Links", tmp);
960
961 #ifdef LDAP_API_VERSION
962 snprintf(tmp, 31, "%d", LDAP_API_VERSION);
963 php_info_print_table_row(2, "API Version", tmp);
964 #endif
965
966 #ifdef LDAP_VENDOR_NAME
967 php_info_print_table_row(2, "Vendor Name", LDAP_VENDOR_NAME);
968 #endif
969
970 #ifdef LDAP_VENDOR_VERSION
971 snprintf(tmp, 31, "%d", LDAP_VENDOR_VERSION);
972 php_info_print_table_row(2, "Vendor Version", tmp);
973 #endif
974
975 #ifdef HAVE_LDAP_SASL
976 php_info_print_table_row(2, "SASL Support", "Enabled");
977 #endif
978
979 php_info_print_table_end();
980 DISPLAY_INI_ENTRIES();
981 }
982 /* }}} */
983
984 /* {{{ Connect to an LDAP server */
PHP_FUNCTION(ldap_connect)985 PHP_FUNCTION(ldap_connect)
986 {
987 char *host = NULL;
988 size_t hostlen = 0;
989 zend_long port = LDAP_PORT;
990 #ifdef HAVE_ORALDAP
991 char *wallet = NULL, *walletpasswd = NULL;
992 size_t walletlen = 0, walletpasswdlen = 0;
993 zend_long authmode = GSLC_SSL_NO_AUTH;
994 int ssl=0;
995 #endif
996 ldap_linkdata *ld;
997 LDAP *ldap = NULL;
998
999 #ifdef HAVE_ORALDAP
1000 if (ZEND_NUM_ARGS() == 3 || ZEND_NUM_ARGS() == 4) {
1001 WRONG_PARAM_COUNT;
1002 }
1003
1004 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|s!lssl", &host, &hostlen, &port, &wallet, &walletlen, &walletpasswd, &walletpasswdlen, &authmode) != SUCCESS) {
1005 RETURN_THROWS();
1006 }
1007
1008 if (ZEND_NUM_ARGS() == 5) {
1009 ssl = 1;
1010 }
1011 #else
1012 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|s!l", &host, &hostlen, &port) != SUCCESS) {
1013 RETURN_THROWS();
1014 }
1015 #endif
1016
1017 if (LDAPG(max_links) != -1 && LDAPG(num_links) >= LDAPG(max_links)) {
1018 php_error_docref(NULL, E_WARNING, "Too many open links (" ZEND_LONG_FMT ")", LDAPG(num_links));
1019 RETURN_FALSE;
1020 }
1021
1022 ld = ecalloc(1, sizeof(ldap_linkdata));
1023
1024 {
1025 int rc = LDAP_SUCCESS;
1026 char *url = host;
1027 if (url && !ldap_is_ldap_url(url)) {
1028 size_t urllen = hostlen + sizeof( "ldap://:65535" );
1029
1030 if (port <= 0 || port > 65535) {
1031 efree(ld);
1032 zend_argument_value_error(2, "must be between 1 and 65535");
1033 RETURN_THROWS();
1034 }
1035
1036 url = emalloc(urllen);
1037 snprintf( url, urllen, "ldap://%s:" ZEND_LONG_FMT, host, port );
1038 }
1039
1040 #ifdef LDAP_API_FEATURE_X_OPENLDAP
1041 /* ldap_init() is deprecated, use ldap_initialize() instead.
1042 */
1043 rc = ldap_initialize(&ldap, url);
1044 #else /* ! LDAP_API_FEATURE_X_OPENLDAP */
1045 /* ldap_init does not support URLs.
1046 * We must try the original host and port information.
1047 */
1048 ldap = ldap_init(host, port);
1049 if (ldap == NULL) {
1050 efree(ld);
1051 php_error_docref(NULL, E_WARNING, "Could not create session handle");
1052 RETURN_FALSE;
1053 }
1054 #endif /* ! LDAP_API_FEATURE_X_OPENLDAP */
1055 if (url != host) {
1056 efree(url);
1057 }
1058 if (rc != LDAP_SUCCESS) {
1059 efree(ld);
1060 php_error_docref(NULL, E_WARNING, "Could not create session handle: %s", ldap_err2string(rc));
1061 RETURN_FALSE;
1062 }
1063 }
1064
1065 if (ldap == NULL) {
1066 efree(ld);
1067 RETURN_FALSE;
1068 } else {
1069 #ifdef HAVE_ORALDAP
1070 if (ssl) {
1071 if (ldap_init_SSL(&ldap->ld_sb, wallet, walletpasswd, authmode)) {
1072 efree(ld);
1073 php_error_docref(NULL, E_WARNING, "SSL init failed");
1074 RETURN_FALSE;
1075 }
1076 }
1077 #endif
1078 LDAPG(num_links)++;
1079 ld->link = ldap;
1080 RETURN_RES(zend_register_resource(ld, le_link));
1081 }
1082
1083 }
1084 /* }}} */
1085
1086 /* {{{ _get_lderrno */
_get_lderrno(LDAP * ldap)1087 static int _get_lderrno(LDAP *ldap)
1088 {
1089 #if LDAP_API_VERSION > 2000 || defined(HAVE_ORALDAP)
1090 int lderr;
1091
1092 /* New versions of OpenLDAP do it this way */
1093 ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &lderr);
1094 return lderr;
1095 #else
1096 return ldap->ld_errno;
1097 #endif
1098 }
1099 /* }}} */
1100
1101 /* {{{ _set_lderrno */
_set_lderrno(LDAP * ldap,int lderr)1102 static void _set_lderrno(LDAP *ldap, int lderr)
1103 {
1104 #if LDAP_API_VERSION > 2000 || defined(HAVE_ORALDAP)
1105 /* New versions of OpenLDAP do it this way */
1106 ldap_set_option(ldap, LDAP_OPT_ERROR_NUMBER, &lderr);
1107 #else
1108 ldap->ld_errno = lderr;
1109 #endif
1110 }
1111 /* }}} */
1112
1113 /* {{{ Bind to LDAP directory */
PHP_FUNCTION(ldap_bind)1114 PHP_FUNCTION(ldap_bind)
1115 {
1116 zval *link;
1117 char *ldap_bind_dn = NULL, *ldap_bind_pw = NULL;
1118 size_t ldap_bind_dnlen, ldap_bind_pwlen;
1119 ldap_linkdata *ld;
1120 int rc;
1121
1122 if (zend_parse_parameters(ZEND_NUM_ARGS(), "r|s!s!", &link, &ldap_bind_dn, &ldap_bind_dnlen, &ldap_bind_pw, &ldap_bind_pwlen) != SUCCESS) {
1123 RETURN_THROWS();
1124 }
1125
1126 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1127 RETURN_THROWS();
1128 }
1129
1130 if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
1131 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1132 zend_argument_type_error(2, "must not contain null bytes");
1133 RETURN_THROWS();
1134 }
1135
1136 if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
1137 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1138 zend_argument_type_error(3, "must not contain null bytes");
1139 RETURN_THROWS();
1140 }
1141
1142 {
1143 #ifdef LDAP_API_FEATURE_X_OPENLDAP
1144 /* ldap_simple_bind_s() is deprecated, use ldap_sasl_bind_s() instead.
1145 */
1146 struct berval cred;
1147
1148 cred.bv_val = ldap_bind_pw;
1149 cred.bv_len = ldap_bind_pw ? ldap_bind_pwlen : 0;
1150 rc = ldap_sasl_bind_s(ld->link, ldap_bind_dn, LDAP_SASL_SIMPLE, &cred,
1151 NULL, NULL, /* no controls right now */
1152 NULL); /* we don't care about the server's credentials */
1153 #else /* ! LDAP_API_FEATURE_X_OPENLDAP */
1154 rc = ldap_simple_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw);
1155 #endif /* ! LDAP_API_FEATURE_X_OPENLDAP */
1156 }
1157 if ( rc != LDAP_SUCCESS) {
1158 php_error_docref(NULL, E_WARNING, "Unable to bind to server: %s", ldap_err2string(rc));
1159 RETURN_FALSE;
1160 } else {
1161 RETURN_TRUE;
1162 }
1163 }
1164 /* }}} */
1165
1166 /* {{{ Bind to LDAP directory */
PHP_FUNCTION(ldap_bind_ext)1167 PHP_FUNCTION(ldap_bind_ext)
1168 {
1169 zval *serverctrls = NULL;
1170 zval *link;
1171 char *ldap_bind_dn = NULL, *ldap_bind_pw = NULL;
1172 size_t ldap_bind_dnlen, ldap_bind_pwlen;
1173 ldap_linkdata *ld;
1174 LDAPControl **lserverctrls = NULL;
1175 LDAPMessage *ldap_res;
1176 int rc;
1177
1178 if (zend_parse_parameters(ZEND_NUM_ARGS(), "r|s!s!a!", &link, &ldap_bind_dn, &ldap_bind_dnlen, &ldap_bind_pw, &ldap_bind_pwlen, &serverctrls) != SUCCESS) {
1179 RETURN_THROWS();
1180 }
1181
1182 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1183 RETURN_THROWS();
1184 }
1185
1186 if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
1187 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1188 zend_argument_type_error(2, "must not contain null bytes");
1189 RETURN_THROWS();
1190 }
1191
1192 if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
1193 _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
1194 zend_argument_type_error(3, "must not contain null bytes");
1195 RETURN_THROWS();
1196 }
1197
1198 if (serverctrls) {
1199 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
1200 if (lserverctrls == NULL) {
1201 RETVAL_FALSE;
1202 goto cleanup;
1203 }
1204 }
1205
1206 {
1207 /* ldap_simple_bind() is deprecated, use ldap_sasl_bind() instead */
1208 struct berval cred;
1209 int msgid;
1210
1211 cred.bv_val = ldap_bind_pw;
1212 cred.bv_len = ldap_bind_pw ? ldap_bind_pwlen : 0;
1213 /* asynchronous call */
1214 rc = ldap_sasl_bind(ld->link, ldap_bind_dn, LDAP_SASL_SIMPLE, &cred,
1215 lserverctrls, NULL, &msgid);
1216 if (rc != LDAP_SUCCESS ) {
1217 php_error_docref(NULL, E_WARNING, "Unable to bind to server: %s (%d)", ldap_err2string(rc), rc);
1218 RETVAL_FALSE;
1219 goto cleanup;
1220 }
1221
1222 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
1223 if (rc == -1) {
1224 php_error_docref(NULL, E_WARNING, "Bind operation failed");
1225 RETVAL_FALSE;
1226 goto cleanup;
1227 }
1228
1229 /* return a PHP control object */
1230 RETVAL_RES(zend_register_resource(ldap_res, le_result));
1231 }
1232
1233 cleanup:
1234 if (lserverctrls) {
1235 _php_ldap_controls_free(&lserverctrls);
1236 }
1237
1238 return;
1239 }
1240 /* }}} */
1241
1242 #ifdef HAVE_LDAP_SASL
1243 typedef struct {
1244 char *mech;
1245 char *realm;
1246 char *authcid;
1247 char *passwd;
1248 char *authzid;
1249 } php_ldap_bictx;
1250
1251 /* {{{ _php_sasl_setdefs */
_php_sasl_setdefs(LDAP * ld,char * sasl_mech,char * sasl_realm,char * sasl_authc_id,char * passwd,char * sasl_authz_id)1252 static php_ldap_bictx *_php_sasl_setdefs(LDAP *ld, char *sasl_mech, char *sasl_realm, char *sasl_authc_id, char *passwd, char *sasl_authz_id)
1253 {
1254 php_ldap_bictx *ctx;
1255
1256 ctx = ber_memalloc(sizeof(php_ldap_bictx));
1257 ctx->mech = (sasl_mech) ? ber_strdup(sasl_mech) : NULL;
1258 ctx->realm = (sasl_realm) ? ber_strdup(sasl_realm) : NULL;
1259 ctx->authcid = (sasl_authc_id) ? ber_strdup(sasl_authc_id) : NULL;
1260 ctx->passwd = (passwd) ? ber_strdup(passwd) : NULL;
1261 ctx->authzid = (sasl_authz_id) ? ber_strdup(sasl_authz_id) : NULL;
1262
1263 if (ctx->mech == NULL) {
1264 ldap_get_option(ld, LDAP_OPT_X_SASL_MECH, &ctx->mech);
1265 }
1266 if (ctx->realm == NULL) {
1267 ldap_get_option(ld, LDAP_OPT_X_SASL_REALM, &ctx->realm);
1268 }
1269 if (ctx->authcid == NULL) {
1270 ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHCID, &ctx->authcid);
1271 }
1272 if (ctx->authzid == NULL) {
1273 ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHZID, &ctx->authzid);
1274 }
1275
1276 return ctx;
1277 }
1278 /* }}} */
1279
1280 /* {{{ _php_sasl_freedefs */
_php_sasl_freedefs(php_ldap_bictx * ctx)1281 static void _php_sasl_freedefs(php_ldap_bictx *ctx)
1282 {
1283 if (ctx->mech) ber_memfree(ctx->mech);
1284 if (ctx->realm) ber_memfree(ctx->realm);
1285 if (ctx->authcid) ber_memfree(ctx->authcid);
1286 if (ctx->passwd) ber_memfree(ctx->passwd);
1287 if (ctx->authzid) ber_memfree(ctx->authzid);
1288 ber_memfree(ctx);
1289 }
1290 /* }}} */
1291
1292 /* {{{ _php_sasl_interact
1293 Internal interact function for SASL */
_php_sasl_interact(LDAP * ld,unsigned flags,void * defaults,void * in)1294 static int _php_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *in)
1295 {
1296 sasl_interact_t *interact = in;
1297 const char *p;
1298 php_ldap_bictx *ctx = defaults;
1299
1300 for (;interact->id != SASL_CB_LIST_END;interact++) {
1301 p = NULL;
1302 switch(interact->id) {
1303 case SASL_CB_GETREALM:
1304 p = ctx->realm;
1305 break;
1306 case SASL_CB_AUTHNAME:
1307 p = ctx->authcid;
1308 break;
1309 case SASL_CB_USER:
1310 p = ctx->authzid;
1311 break;
1312 case SASL_CB_PASS:
1313 p = ctx->passwd;
1314 break;
1315 }
1316 if (p) {
1317 interact->result = p;
1318 interact->len = strlen(interact->result);
1319 }
1320 }
1321 return LDAP_SUCCESS;
1322 }
1323 /* }}} */
1324
1325 /* {{{ Bind to LDAP directory using SASL */
PHP_FUNCTION(ldap_sasl_bind)1326 PHP_FUNCTION(ldap_sasl_bind)
1327 {
1328 zval *link;
1329 ldap_linkdata *ld;
1330 char *binddn = NULL;
1331 char *passwd = NULL;
1332 char *sasl_mech = NULL;
1333 char *sasl_realm = NULL;
1334 char *sasl_authz_id = NULL;
1335 char *sasl_authc_id = NULL;
1336 char *props = NULL;
1337 size_t rc, dn_len, passwd_len, mech_len, realm_len, authc_id_len, authz_id_len, props_len;
1338 php_ldap_bictx *ctx;
1339
1340 if (zend_parse_parameters(ZEND_NUM_ARGS(), "r|s!s!s!s!s!s!s!", &link, &binddn, &dn_len, &passwd, &passwd_len, &sasl_mech, &mech_len, &sasl_realm, &realm_len, &sasl_authc_id, &authc_id_len, &sasl_authz_id, &authz_id_len, &props, &props_len) != SUCCESS) {
1341 RETURN_THROWS();
1342 }
1343
1344 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1345 RETURN_THROWS();
1346 }
1347
1348 ctx = _php_sasl_setdefs(ld->link, sasl_mech, sasl_realm, sasl_authc_id, passwd, sasl_authz_id);
1349
1350 if (props) {
1351 ldap_set_option(ld->link, LDAP_OPT_X_SASL_SECPROPS, props);
1352 }
1353
1354 rc = ldap_sasl_interactive_bind_s(ld->link, binddn, ctx->mech, NULL, NULL, LDAP_SASL_QUIET, _php_sasl_interact, ctx);
1355 if (rc != LDAP_SUCCESS) {
1356 php_error_docref(NULL, E_WARNING, "Unable to bind to server: %s", ldap_err2string(rc));
1357 RETVAL_FALSE;
1358 } else {
1359 RETVAL_TRUE;
1360 }
1361 _php_sasl_freedefs(ctx);
1362 }
1363 /* }}} */
1364 #endif /* HAVE_LDAP_SASL */
1365
1366 /* {{{ Unbind from LDAP directory */
PHP_FUNCTION(ldap_unbind)1367 PHP_FUNCTION(ldap_unbind)
1368 {
1369 zval *link;
1370 ldap_linkdata *ld;
1371
1372 if (zend_parse_parameters(ZEND_NUM_ARGS(), "r", &link) != SUCCESS) {
1373 RETURN_THROWS();
1374 }
1375
1376 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1377 RETURN_THROWS();
1378 }
1379
1380 zend_list_close(Z_RES_P(link));
1381 RETURN_TRUE;
1382 }
1383 /* }}} */
1384
1385 /* {{{ php_set_opts */
php_set_opts(LDAP * ldap,int sizelimit,int timelimit,int deref,int * old_sizelimit,int * old_timelimit,int * old_deref)1386 static void php_set_opts(LDAP *ldap, int sizelimit, int timelimit, int deref, int *old_sizelimit, int *old_timelimit, int *old_deref)
1387 {
1388 /* sizelimit */
1389 if (sizelimit > -1) {
1390 #if (LDAP_API_VERSION >= 2004) || defined(HAVE_ORALDAP)
1391 ldap_get_option(ldap, LDAP_OPT_SIZELIMIT, old_sizelimit);
1392 ldap_set_option(ldap, LDAP_OPT_SIZELIMIT, &sizelimit);
1393 #else
1394 *old_sizelimit = ldap->ld_sizelimit;
1395 ldap->ld_sizelimit = sizelimit;
1396 #endif
1397 }
1398
1399 /* timelimit */
1400 if (timelimit > -1) {
1401 #if (LDAP_API_VERSION >= 2004) || defined(HAVE_ORALDAP)
1402 ldap_get_option(ldap, LDAP_OPT_TIMELIMIT, old_timelimit);
1403 ldap_set_option(ldap, LDAP_OPT_TIMELIMIT, &timelimit);
1404 #else
1405 *old_timelimit = ldap->ld_timelimit;
1406 ldap->ld_timelimit = timelimit;
1407 #endif
1408 }
1409
1410 /* deref */
1411 if (deref > -1) {
1412 #if (LDAP_API_VERSION >= 2004) || defined(HAVE_ORALDAP)
1413 ldap_get_option(ldap, LDAP_OPT_DEREF, old_deref);
1414 ldap_set_option(ldap, LDAP_OPT_DEREF, &deref);
1415 #else
1416 *old_deref = ldap->ld_deref;
1417 ldap->ld_deref = deref;
1418 #endif
1419 }
1420 }
1421 /* }}} */
1422
1423 /* {{{ php_ldap_do_search */
php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS,int scope)1424 static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
1425 {
1426 zval *link, *attrs = NULL, *attr, *serverctrls = NULL;
1427 zend_string *base_dn_str, *filter_str;
1428 HashTable *base_dn_ht, *filter_ht;
1429 zend_long attrsonly, sizelimit, timelimit, deref;
1430 zend_string *ldap_filter = NULL, *ldap_base_dn = NULL;
1431 char **ldap_attrs = NULL;
1432 ldap_linkdata *ld = NULL;
1433 LDAPMessage *ldap_res = NULL;
1434 LDAPControl **lserverctrls = NULL;
1435 int ldap_attrsonly = 0, ldap_sizelimit = -1, ldap_timelimit = -1, ldap_deref = -1;
1436 int old_ldap_sizelimit = -1, old_ldap_timelimit = -1, old_ldap_deref = -1;
1437 int num_attribs = 0, ret = 1, i, errno, argcount = ZEND_NUM_ARGS();
1438
1439 ZEND_PARSE_PARAMETERS_START(3, 9)
1440 Z_PARAM_ZVAL(link)
1441 Z_PARAM_ARRAY_HT_OR_STR(base_dn_ht, base_dn_str)
1442 Z_PARAM_ARRAY_HT_OR_STR(filter_ht, filter_str)
1443 Z_PARAM_OPTIONAL
1444 Z_PARAM_ARRAY_EX(attrs, 0, 1)
1445 Z_PARAM_LONG(attrsonly)
1446 Z_PARAM_LONG(sizelimit)
1447 Z_PARAM_LONG(timelimit)
1448 Z_PARAM_LONG(deref)
1449 Z_PARAM_ARRAY_EX(serverctrls, 1, 1)
1450 ZEND_PARSE_PARAMETERS_END();
1451
1452 /* Reverse -> fall through */
1453 switch (argcount) {
1454 case 9:
1455 case 8:
1456 ldap_deref = deref;
1457 case 7:
1458 ldap_timelimit = timelimit;
1459 case 6:
1460 ldap_sizelimit = sizelimit;
1461 case 5:
1462 ldap_attrsonly = attrsonly;
1463 case 4:
1464 num_attribs = zend_hash_num_elements(Z_ARRVAL_P(attrs));
1465 ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0);
1466
1467 for (i = 0; i<num_attribs; i++) {
1468 if ((attr = zend_hash_index_find(Z_ARRVAL_P(attrs), i)) == NULL) {
1469 php_error_docref(NULL, E_WARNING, "Array initialization wrong");
1470 ret = 0;
1471 goto cleanup;
1472 }
1473
1474 convert_to_string(attr);
1475 if (EG(exception)) {
1476 ret = 0;
1477 goto cleanup;
1478 }
1479 ldap_attrs[i] = Z_STRVAL_P(attr);
1480 }
1481 ldap_attrs[num_attribs] = NULL;
1482 default:
1483 break;
1484 }
1485
1486 /* parallel search? */
1487 if (Z_TYPE_P(link) == IS_ARRAY) {
1488 int i, nlinks, nbases, nfilters, *rcs;
1489 ldap_linkdata **lds;
1490 zval *entry, resource;
1491
1492 nlinks = zend_hash_num_elements(Z_ARRVAL_P(link));
1493 if (nlinks == 0) {
1494 zend_argument_value_error(1, "cannot be empty");
1495 ret = 0;
1496 goto cleanup;
1497 }
1498
1499 if (base_dn_ht) {
1500 nbases = zend_hash_num_elements(base_dn_ht);
1501 if (nbases != nlinks) {
1502 zend_argument_value_error(2, "must have the same number of elements as the links array");
1503 ret = 0;
1504 goto cleanup;
1505 }
1506 zend_hash_internal_pointer_reset(base_dn_ht);
1507 } else {
1508 nbases = 0; /* this means string, not array */
1509 ldap_base_dn = zend_string_copy(base_dn_str);
1510 if (EG(exception)) {
1511 ret = 0;
1512 goto cleanup;
1513 }
1514 }
1515
1516 if (filter_ht) {
1517 nfilters = zend_hash_num_elements(filter_ht);
1518 if (nfilters != nlinks) {
1519 zend_argument_value_error(3, "must have the same number of elements as the links array");
1520 ret = 0;
1521 goto cleanup;
1522 }
1523 zend_hash_internal_pointer_reset(filter_ht);
1524 } else {
1525 nfilters = 0; /* this means string, not array */
1526 ldap_filter = zend_string_copy(filter_str);
1527 }
1528
1529 lds = safe_emalloc(nlinks, sizeof(ldap_linkdata), 0);
1530 rcs = safe_emalloc(nlinks, sizeof(*rcs), 0);
1531
1532 zend_hash_internal_pointer_reset(Z_ARRVAL_P(link));
1533 for (i=0; i<nlinks; i++) {
1534 entry = zend_hash_get_current_data(Z_ARRVAL_P(link));
1535
1536 ld = (ldap_linkdata *) zend_fetch_resource_ex(entry, "ldap link", le_link);
1537 if (ld == NULL) {
1538 ret = 0;
1539 goto cleanup_parallel;
1540 }
1541 if (nbases != 0) { /* base_dn an array? */
1542 entry = zend_hash_get_current_data(base_dn_ht);
1543 zend_hash_move_forward(base_dn_ht);
1544 ldap_base_dn = zval_get_string(entry);
1545 if (EG(exception)) {
1546 ret = 0;
1547 goto cleanup_parallel;
1548 }
1549 }
1550 if (nfilters != 0) { /* filter an array? */
1551 entry = zend_hash_get_current_data(filter_ht);
1552 zend_hash_move_forward(filter_ht);
1553 ldap_filter = zval_get_string(entry);
1554 if (EG(exception)) {
1555 ret = 0;
1556 goto cleanup_parallel;
1557 }
1558 }
1559
1560 if (serverctrls) {
1561 /* We have to parse controls again for each link as they use it */
1562 _php_ldap_controls_free(&lserverctrls);
1563 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 9);
1564 if (lserverctrls == NULL) {
1565 rcs[i] = -1;
1566 continue;
1567 }
1568 }
1569
1570 php_set_opts(ld->link, ldap_sizelimit, ldap_timelimit, ldap_deref, &old_ldap_sizelimit, &old_ldap_timelimit, &old_ldap_deref);
1571
1572 /* Run the actual search */
1573 ldap_search_ext(ld->link, ZSTR_VAL(ldap_base_dn), scope, ZSTR_VAL(ldap_filter), ldap_attrs, ldap_attrsonly, lserverctrls, NULL, NULL, ldap_sizelimit, &rcs[i]);
1574 lds[i] = ld;
1575 zend_hash_move_forward(Z_ARRVAL_P(link));
1576 }
1577
1578 array_init(return_value);
1579
1580 /* Collect results from the searches */
1581 for (i=0; i<nlinks; i++) {
1582 if (rcs[i] != -1) {
1583 rcs[i] = ldap_result(lds[i]->link, LDAP_RES_ANY, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
1584 }
1585 if (rcs[i] != -1) {
1586 ZVAL_RES(&resource, zend_register_resource(ldap_res, le_result));
1587 add_next_index_zval(return_value, &resource);
1588 } else {
1589 add_next_index_bool(return_value, 0);
1590 }
1591 }
1592
1593 cleanup_parallel:
1594 efree(lds);
1595 efree(rcs);
1596 } else {
1597 ld = (ldap_linkdata *) zend_fetch_resource_ex(link, "ldap link", le_link);
1598 if (ld == NULL) {
1599 ret = 0;
1600 goto cleanup;
1601 }
1602
1603 if (!base_dn_str) {
1604 zend_argument_type_error(2, "must be of type string when argument #1 ($ldap) is a resource");
1605 ret = 0;
1606 goto cleanup;
1607 }
1608 ldap_base_dn = zend_string_copy(base_dn_str);
1609
1610 if (!filter_str) {
1611 zend_argument_type_error(3, "must be of type string when argument #1 ($ldap) is a resource");
1612 ret = 0;
1613 goto cleanup;
1614 }
1615 ldap_filter = zend_string_copy(filter_str);
1616
1617 if (serverctrls) {
1618 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 9);
1619 if (lserverctrls == NULL) {
1620 ret = 0;
1621 goto cleanup;
1622 }
1623 }
1624
1625 php_set_opts(ld->link, ldap_sizelimit, ldap_timelimit, ldap_deref, &old_ldap_sizelimit, &old_ldap_timelimit, &old_ldap_deref);
1626
1627 /* Run the actual search */
1628 errno = ldap_search_ext_s(ld->link, ZSTR_VAL(ldap_base_dn), scope, ZSTR_VAL(ldap_filter), ldap_attrs, ldap_attrsonly, lserverctrls, NULL, NULL, ldap_sizelimit, &ldap_res);
1629
1630 if (errno != LDAP_SUCCESS
1631 && errno != LDAP_SIZELIMIT_EXCEEDED
1632 #ifdef LDAP_ADMINLIMIT_EXCEEDED
1633 && errno != LDAP_ADMINLIMIT_EXCEEDED
1634 #endif
1635 #ifdef LDAP_REFERRAL
1636 && errno != LDAP_REFERRAL
1637 #endif
1638 ) {
1639 /* ldap_res should be freed regardless of return value of ldap_search_ext_s()
1640 * see: https://linux.die.net/man/3/ldap_search_ext_s */
1641 if (ldap_res != NULL) {
1642 ldap_msgfree(ldap_res);
1643 }
1644 php_error_docref(NULL, E_WARNING, "Search: %s", ldap_err2string(errno));
1645 ret = 0;
1646 } else {
1647 if (errno == LDAP_SIZELIMIT_EXCEEDED) {
1648 php_error_docref(NULL, E_WARNING, "Partial search results returned: Sizelimit exceeded");
1649 }
1650 #ifdef LDAP_ADMINLIMIT_EXCEEDED
1651 else if (errno == LDAP_ADMINLIMIT_EXCEEDED) {
1652 php_error_docref(NULL, E_WARNING, "Partial search results returned: Adminlimit exceeded");
1653 }
1654 #endif
1655
1656 RETVAL_RES(zend_register_resource(ldap_res, le_result));
1657 }
1658 }
1659
1660 cleanup:
1661 if (ld) {
1662 /* Restoring previous options */
1663 php_set_opts(ld->link, old_ldap_sizelimit, old_ldap_timelimit, old_ldap_deref, &ldap_sizelimit, &ldap_timelimit, &ldap_deref);
1664 }
1665 if (ldap_filter) {
1666 zend_string_release(ldap_filter);
1667 }
1668 if (ldap_base_dn) {
1669 zend_string_release(ldap_base_dn);
1670 }
1671 if (ldap_attrs != NULL) {
1672 efree(ldap_attrs);
1673 }
1674 if (!ret) {
1675 RETVAL_BOOL(ret);
1676 }
1677 if (lserverctrls) {
1678 _php_ldap_controls_free(&lserverctrls);
1679 }
1680 }
1681 /* }}} */
1682
1683 /* {{{ Read an entry */
PHP_FUNCTION(ldap_read)1684 PHP_FUNCTION(ldap_read)
1685 {
1686 php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_BASE);
1687 }
1688 /* }}} */
1689
1690 /* {{{ Single-level search */
PHP_FUNCTION(ldap_list)1691 PHP_FUNCTION(ldap_list)
1692 {
1693 php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_ONELEVEL);
1694 }
1695 /* }}} */
1696
1697 /* {{{ Search LDAP tree under base_dn */
PHP_FUNCTION(ldap_search)1698 PHP_FUNCTION(ldap_search)
1699 {
1700 php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_SUBTREE);
1701 }
1702 /* }}} */
1703
1704 /* {{{ Free result memory */
PHP_FUNCTION(ldap_free_result)1705 PHP_FUNCTION(ldap_free_result)
1706 {
1707 zval *result;
1708 LDAPMessage *ldap_result;
1709
1710 if (zend_parse_parameters(ZEND_NUM_ARGS(), "r", &result) != SUCCESS) {
1711 RETURN_THROWS();
1712 }
1713
1714 if ((ldap_result = (LDAPMessage *)zend_fetch_resource(Z_RES_P(result), "ldap result", le_result)) == NULL) {
1715 RETURN_THROWS();
1716 }
1717
1718 zend_list_close(Z_RES_P(result)); /* Delete list entry */
1719 RETVAL_TRUE;
1720 }
1721 /* }}} */
1722
1723 /* {{{ Count the number of entries in a search result */
PHP_FUNCTION(ldap_count_entries)1724 PHP_FUNCTION(ldap_count_entries)
1725 {
1726 zval *link, *result;
1727 ldap_linkdata *ld;
1728 LDAPMessage *ldap_result;
1729
1730 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result) != SUCCESS) {
1731 RETURN_THROWS();
1732 }
1733
1734 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1735 RETURN_THROWS();
1736 }
1737
1738 if ((ldap_result = (LDAPMessage *)zend_fetch_resource(Z_RES_P(result), "ldap result", le_result)) == NULL) {
1739 RETURN_THROWS();
1740 }
1741
1742 RETURN_LONG(ldap_count_entries(ld->link, ldap_result));
1743 }
1744 /* }}} */
1745
1746 /* {{{ Return first result id */
PHP_FUNCTION(ldap_first_entry)1747 PHP_FUNCTION(ldap_first_entry)
1748 {
1749 zval *link, *result;
1750 ldap_linkdata *ld;
1751 ldap_resultentry *resultentry;
1752 LDAPMessage *ldap_result, *entry;
1753
1754 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result) != SUCCESS) {
1755 RETURN_THROWS();
1756 }
1757
1758 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1759 RETURN_THROWS();
1760 }
1761
1762 if ((ldap_result = (LDAPMessage *)zend_fetch_resource(Z_RES_P(result), "ldap result", le_result)) == NULL) {
1763 RETURN_THROWS();
1764 }
1765
1766 if ((entry = ldap_first_entry(ld->link, ldap_result)) == NULL) {
1767 RETVAL_FALSE;
1768 } else {
1769 resultentry = emalloc(sizeof(ldap_resultentry));
1770 RETVAL_RES(zend_register_resource(resultentry, le_result_entry));
1771 ZVAL_COPY(&resultentry->res, result);
1772 resultentry->data = entry;
1773 resultentry->ber = NULL;
1774 }
1775 }
1776 /* }}} */
1777
1778 /* {{{ Get next result entry */
PHP_FUNCTION(ldap_next_entry)1779 PHP_FUNCTION(ldap_next_entry)
1780 {
1781 zval *link, *result_entry;
1782 ldap_linkdata *ld;
1783 ldap_resultentry *resultentry, *resultentry_next;
1784 LDAPMessage *entry_next;
1785
1786 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result_entry) != SUCCESS) {
1787 RETURN_THROWS();
1788 }
1789
1790 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1791 RETURN_THROWS();
1792 }
1793 if ((resultentry = (ldap_resultentry *)zend_fetch_resource(Z_RES_P(result_entry), "ldap result entry", le_result_entry)) == NULL) {
1794 RETURN_THROWS();
1795 }
1796
1797 if ((entry_next = ldap_next_entry(ld->link, resultentry->data)) == NULL) {
1798 RETVAL_FALSE;
1799 } else {
1800 resultentry_next = emalloc(sizeof(ldap_resultentry));
1801 RETVAL_RES(zend_register_resource(resultentry_next, le_result_entry));
1802 ZVAL_COPY(&resultentry_next->res, &resultentry->res);
1803 resultentry_next->data = entry_next;
1804 resultentry_next->ber = NULL;
1805 }
1806 }
1807 /* }}} */
1808
1809 /* {{{ Get all result entries */
PHP_FUNCTION(ldap_get_entries)1810 PHP_FUNCTION(ldap_get_entries)
1811 {
1812 zval *link, *result;
1813 LDAPMessage *ldap_result, *ldap_result_entry;
1814 zval tmp1, tmp2;
1815 ldap_linkdata *ld;
1816 LDAP *ldap;
1817 int num_entries, num_attrib, num_values, i;
1818 BerElement *ber;
1819 char *attribute;
1820 size_t attr_len;
1821 struct berval **ldap_value;
1822 char *dn;
1823
1824 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result) != SUCCESS) {
1825 RETURN_THROWS();
1826 }
1827
1828 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1829 RETURN_THROWS();
1830 }
1831 if ((ldap_result = (LDAPMessage *)zend_fetch_resource(Z_RES_P(result), "ldap result", le_result)) == NULL) {
1832 RETURN_THROWS();
1833 }
1834
1835 ldap = ld->link;
1836 num_entries = ldap_count_entries(ldap, ldap_result);
1837
1838 array_init(return_value);
1839 add_assoc_long(return_value, "count", num_entries);
1840
1841 if (num_entries == 0) {
1842 return;
1843 }
1844
1845 ldap_result_entry = ldap_first_entry(ldap, ldap_result);
1846 if (ldap_result_entry == NULL) {
1847 zend_array_destroy(Z_ARR_P(return_value));
1848 RETURN_FALSE;
1849 }
1850
1851 num_entries = 0;
1852 while (ldap_result_entry != NULL) {
1853 array_init(&tmp1);
1854
1855 num_attrib = 0;
1856 attribute = ldap_first_attribute(ldap, ldap_result_entry, &ber);
1857
1858 while (attribute != NULL) {
1859 ldap_value = ldap_get_values_len(ldap, ldap_result_entry, attribute);
1860 num_values = ldap_count_values_len(ldap_value);
1861
1862 array_init(&tmp2);
1863 add_assoc_long(&tmp2, "count", num_values);
1864 for (i = 0; i < num_values; i++) {
1865 add_index_stringl(&tmp2, i, ldap_value[i]->bv_val, ldap_value[i]->bv_len);
1866 }
1867 ldap_value_free_len(ldap_value);
1868
1869 attr_len = strlen(attribute);
1870 zend_hash_str_update(Z_ARRVAL(tmp1), php_strtolower(attribute, attr_len), attr_len, &tmp2);
1871 add_index_string(&tmp1, num_attrib, attribute);
1872
1873 num_attrib++;
1874 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1875 ldap_memfree(attribute);
1876 #endif
1877 attribute = ldap_next_attribute(ldap, ldap_result_entry, ber);
1878 }
1879 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1880 if (ber != NULL) {
1881 ber_free(ber, 0);
1882 }
1883 #endif
1884
1885 add_assoc_long(&tmp1, "count", num_attrib);
1886 dn = ldap_get_dn(ldap, ldap_result_entry);
1887 if (dn) {
1888 add_assoc_string(&tmp1, "dn", dn);
1889 } else {
1890 add_assoc_null(&tmp1, "dn");
1891 }
1892 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1893 ldap_memfree(dn);
1894 #else
1895 free(dn);
1896 #endif
1897
1898 zend_hash_index_update(Z_ARRVAL_P(return_value), num_entries, &tmp1);
1899
1900 num_entries++;
1901 ldap_result_entry = ldap_next_entry(ldap, ldap_result_entry);
1902 }
1903
1904 add_assoc_long(return_value, "count", num_entries);
1905
1906 }
1907 /* }}} */
1908
1909 /* {{{ Return first attribute */
PHP_FUNCTION(ldap_first_attribute)1910 PHP_FUNCTION(ldap_first_attribute)
1911 {
1912 zval *link, *result_entry;
1913 ldap_linkdata *ld;
1914 ldap_resultentry *resultentry;
1915 char *attribute;
1916
1917 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result_entry) != SUCCESS) {
1918 RETURN_THROWS();
1919 }
1920
1921 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1922 RETURN_THROWS();
1923 }
1924
1925 if ((resultentry = (ldap_resultentry *)zend_fetch_resource(Z_RES_P(result_entry), "ldap result entry", le_result_entry)) == NULL) {
1926 RETURN_THROWS();
1927 }
1928
1929 if ((attribute = ldap_first_attribute(ld->link, resultentry->data, &resultentry->ber)) == NULL) {
1930 RETURN_FALSE;
1931 } else {
1932 RETVAL_STRING(attribute);
1933 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1934 ldap_memfree(attribute);
1935 #endif
1936 }
1937 }
1938 /* }}} */
1939
1940 /* {{{ Get the next attribute in result */
PHP_FUNCTION(ldap_next_attribute)1941 PHP_FUNCTION(ldap_next_attribute)
1942 {
1943 zval *link, *result_entry;
1944 ldap_linkdata *ld;
1945 ldap_resultentry *resultentry;
1946 char *attribute;
1947
1948 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result_entry) != SUCCESS) {
1949 RETURN_THROWS();
1950 }
1951
1952 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1953 RETURN_THROWS();
1954 }
1955
1956 if ((resultentry = (ldap_resultentry *)zend_fetch_resource(Z_RES_P(result_entry), "ldap result entry", le_result_entry)) == NULL) {
1957 RETURN_THROWS();
1958 }
1959
1960 if (resultentry->ber == NULL) {
1961 php_error_docref(NULL, E_WARNING, "Called before calling ldap_first_attribute() or no attributes found in result entry");
1962 RETURN_FALSE;
1963 }
1964
1965 if ((attribute = ldap_next_attribute(ld->link, resultentry->data, resultentry->ber)) == NULL) {
1966 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1967 if (resultentry->ber != NULL) {
1968 ber_free(resultentry->ber, 0);
1969 resultentry->ber = NULL;
1970 }
1971 #endif
1972 RETURN_FALSE;
1973 } else {
1974 RETVAL_STRING(attribute);
1975 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
1976 ldap_memfree(attribute);
1977 #endif
1978 }
1979 }
1980 /* }}} */
1981
1982 /* {{{ Get attributes from a search result entry */
PHP_FUNCTION(ldap_get_attributes)1983 PHP_FUNCTION(ldap_get_attributes)
1984 {
1985 zval *link, *result_entry;
1986 zval tmp;
1987 ldap_linkdata *ld;
1988 ldap_resultentry *resultentry;
1989 char *attribute;
1990 struct berval **ldap_value;
1991 int i, num_values, num_attrib;
1992 BerElement *ber;
1993
1994 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result_entry) != SUCCESS) {
1995 RETURN_THROWS();
1996 }
1997
1998 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
1999 RETURN_THROWS();
2000 }
2001
2002 if ((resultentry = (ldap_resultentry *)zend_fetch_resource(Z_RES_P(result_entry), "ldap result entry", le_result_entry)) == NULL) {
2003 RETURN_THROWS();
2004 }
2005
2006 array_init(return_value);
2007 num_attrib = 0;
2008
2009 attribute = ldap_first_attribute(ld->link, resultentry->data, &ber);
2010 while (attribute != NULL) {
2011 ldap_value = ldap_get_values_len(ld->link, resultentry->data, attribute);
2012 num_values = ldap_count_values_len(ldap_value);
2013
2014 array_init(&tmp);
2015 add_assoc_long(&tmp, "count", num_values);
2016 for (i = 0; i < num_values; i++) {
2017 add_index_stringl(&tmp, i, ldap_value[i]->bv_val, ldap_value[i]->bv_len);
2018 }
2019 ldap_value_free_len(ldap_value);
2020
2021 zend_hash_str_update(Z_ARRVAL_P(return_value), attribute, strlen(attribute), &tmp);
2022 add_index_string(return_value, num_attrib, attribute);
2023
2024 num_attrib++;
2025 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2026 ldap_memfree(attribute);
2027 #endif
2028 attribute = ldap_next_attribute(ld->link, resultentry->data, ber);
2029 }
2030 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2031 if (ber != NULL) {
2032 ber_free(ber, 0);
2033 }
2034 #endif
2035
2036 add_assoc_long(return_value, "count", num_attrib);
2037 }
2038 /* }}} */
2039
2040 /* {{{ Get all values with lengths from a result entry */
PHP_FUNCTION(ldap_get_values_len)2041 PHP_FUNCTION(ldap_get_values_len)
2042 {
2043 zval *link, *result_entry;
2044 ldap_linkdata *ld;
2045 ldap_resultentry *resultentry;
2046 char *attr;
2047 struct berval **ldap_value_len;
2048 int i, num_values;
2049 size_t attr_len;
2050
2051 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rrs", &link, &result_entry, &attr, &attr_len) != SUCCESS) {
2052 RETURN_THROWS();
2053 }
2054
2055 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
2056 RETURN_THROWS();
2057 }
2058
2059 if ((resultentry = (ldap_resultentry *)zend_fetch_resource(Z_RES_P(result_entry), "ldap result entry", le_result_entry)) == NULL) {
2060 RETURN_THROWS();
2061 }
2062
2063 if ((ldap_value_len = ldap_get_values_len(ld->link, resultentry->data, attr)) == NULL) {
2064 php_error_docref(NULL, E_WARNING, "Cannot get the value(s) of attribute %s", ldap_err2string(_get_lderrno(ld->link)));
2065 RETURN_FALSE;
2066 }
2067
2068 num_values = ldap_count_values_len(ldap_value_len);
2069 array_init(return_value);
2070
2071 for (i=0; i<num_values; i++) {
2072 add_next_index_stringl(return_value, ldap_value_len[i]->bv_val, ldap_value_len[i]->bv_len);
2073 }
2074
2075 add_assoc_long(return_value, "count", num_values);
2076 ldap_value_free_len(ldap_value_len);
2077
2078 }
2079 /* }}} */
2080
2081 /* {{{ Get the DN of a result entry */
PHP_FUNCTION(ldap_get_dn)2082 PHP_FUNCTION(ldap_get_dn)
2083 {
2084 zval *link, *result_entry;
2085 ldap_linkdata *ld;
2086 ldap_resultentry *resultentry;
2087 char *text;
2088
2089 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result_entry) != SUCCESS) {
2090 RETURN_THROWS();
2091 }
2092
2093 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
2094 RETURN_THROWS();
2095 }
2096
2097 if ((resultentry = (ldap_resultentry *)zend_fetch_resource(Z_RES_P(result_entry), "ldap result entry", le_result_entry)) == NULL) {
2098 RETURN_THROWS();
2099 }
2100
2101 text = ldap_get_dn(ld->link, resultentry->data);
2102 if (text != NULL) {
2103 RETVAL_STRING(text);
2104 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2105 ldap_memfree(text);
2106 #else
2107 free(text);
2108 #endif
2109 } else {
2110 RETURN_FALSE;
2111 }
2112 }
2113 /* }}} */
2114
2115 /* {{{ Splits DN into its component parts */
PHP_FUNCTION(ldap_explode_dn)2116 PHP_FUNCTION(ldap_explode_dn)
2117 {
2118 zend_long with_attrib;
2119 char *dn, **ldap_value;
2120 int i, count;
2121 size_t dn_len;
2122
2123 if (zend_parse_parameters(ZEND_NUM_ARGS(), "sl", &dn, &dn_len, &with_attrib) != SUCCESS) {
2124 RETURN_THROWS();
2125 }
2126
2127 if (!(ldap_value = ldap_explode_dn(dn, with_attrib))) {
2128 /* Invalid parameters were passed to ldap_explode_dn */
2129 RETURN_FALSE;
2130 }
2131
2132 i=0;
2133 while (ldap_value[i] != NULL) i++;
2134 count = i;
2135
2136 array_init(return_value);
2137
2138 add_assoc_long(return_value, "count", count);
2139 for (i = 0; i<count; i++) {
2140 add_index_string(return_value, i, ldap_value[i]);
2141 }
2142
2143 ldap_memvfree((void **)ldap_value);
2144 }
2145 /* }}} */
2146
2147 /* {{{ Convert DN to User Friendly Naming format */
PHP_FUNCTION(ldap_dn2ufn)2148 PHP_FUNCTION(ldap_dn2ufn)
2149 {
2150 char *dn, *ufn;
2151 size_t dn_len;
2152
2153 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &dn, &dn_len) != SUCCESS) {
2154 RETURN_THROWS();
2155 }
2156
2157 ufn = ldap_dn2ufn(dn);
2158
2159 if (ufn != NULL) {
2160 RETVAL_STRING(ufn);
2161 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) || WINDOWS
2162 ldap_memfree(ufn);
2163 #endif
2164 } else {
2165 RETURN_FALSE;
2166 }
2167 }
2168 /* }}} */
2169
2170
2171 /* added to fix use of ldap_modify_add for doing an ldap_add, gerrit thomson. */
2172 #define PHP_LD_FULL_ADD 0xff
2173 /* {{{ php_ldap_do_modify */
php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS,int oper,int ext)2174 static void php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS, int oper, int ext)
2175 {
2176 zval *serverctrls = NULL;
2177 zval *link, *entry, *value, *ivalue;
2178 ldap_linkdata *ld;
2179 char *dn;
2180 LDAPMod **ldap_mods;
2181 LDAPControl **lserverctrls = NULL;
2182 LDAPMessage *ldap_res;
2183 int i, j, num_attribs, num_values, msgid;
2184 size_t dn_len;
2185 int *num_berval;
2186 zend_string *attribute;
2187 zend_ulong index;
2188 int is_full_add=0; /* flag for full add operation so ldap_mod_add can be put back into oper, gerrit THomson */
2189
2190 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rsa/|a!", &link, &dn, &dn_len, &entry, &serverctrls) != SUCCESS) {
2191 RETURN_THROWS();
2192 }
2193
2194 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
2195 RETURN_THROWS();
2196 }
2197
2198 num_attribs = zend_hash_num_elements(Z_ARRVAL_P(entry));
2199 ldap_mods = safe_emalloc((num_attribs+1), sizeof(LDAPMod *), 0);
2200 num_berval = safe_emalloc(num_attribs, sizeof(int), 0);
2201 zend_hash_internal_pointer_reset(Z_ARRVAL_P(entry));
2202
2203 /* added by gerrit thomson to fix ldap_add using ldap_mod_add */
2204 if (oper == PHP_LD_FULL_ADD) {
2205 oper = LDAP_MOD_ADD;
2206 is_full_add = 1;
2207 }
2208 /* end additional , gerrit thomson */
2209
2210 for (i = 0; i < num_attribs; i++) {
2211 ldap_mods[i] = emalloc(sizeof(LDAPMod));
2212 ldap_mods[i]->mod_op = oper | LDAP_MOD_BVALUES;
2213 ldap_mods[i]->mod_type = NULL;
2214
2215 if (zend_hash_get_current_key(Z_ARRVAL_P(entry), &attribute, &index) == HASH_KEY_IS_STRING) {
2216 ldap_mods[i]->mod_type = estrndup(ZSTR_VAL(attribute), ZSTR_LEN(attribute));
2217 } else {
2218 php_error_docref(NULL, E_WARNING, "Unknown attribute in the data");
2219 /* Free allocated memory */
2220 while (i >= 0) {
2221 if (ldap_mods[i]->mod_type) {
2222 efree(ldap_mods[i]->mod_type);
2223 }
2224 efree(ldap_mods[i]);
2225 i--;
2226 }
2227 efree(num_berval);
2228 efree(ldap_mods);
2229 RETURN_FALSE;
2230 }
2231
2232 value = zend_hash_get_current_data(Z_ARRVAL_P(entry));
2233
2234 ZVAL_DEREF(value);
2235 if (Z_TYPE_P(value) != IS_ARRAY) {
2236 num_values = 1;
2237 } else {
2238 SEPARATE_ARRAY(value);
2239 num_values = zend_hash_num_elements(Z_ARRVAL_P(value));
2240 }
2241
2242 num_berval[i] = num_values;
2243 ldap_mods[i]->mod_bvalues = safe_emalloc((num_values + 1), sizeof(struct berval *), 0);
2244
2245 /* allow for arrays with one element, no allowance for arrays with none but probably not required, gerrit thomson. */
2246 if ((num_values == 1) && (Z_TYPE_P(value) != IS_ARRAY)) {
2247 convert_to_string(value);
2248 if (EG(exception)) {
2249 RETVAL_FALSE;
2250 goto cleanup;
2251 }
2252 ldap_mods[i]->mod_bvalues[0] = (struct berval *) emalloc (sizeof(struct berval));
2253 ldap_mods[i]->mod_bvalues[0]->bv_val = Z_STRVAL_P(value);
2254 ldap_mods[i]->mod_bvalues[0]->bv_len = Z_STRLEN_P(value);
2255 } else {
2256 for (j = 0; j < num_values; j++) {
2257 if ((ivalue = zend_hash_index_find(Z_ARRVAL_P(value), j)) == NULL) {
2258 zend_argument_value_error(3, "must contain arrays with consecutive integer indices starting from 0");
2259 num_berval[i] = j;
2260 num_attribs = i + 1;
2261 RETVAL_FALSE;
2262 goto cleanup;
2263 }
2264 convert_to_string(ivalue);
2265 if (EG(exception)) {
2266 RETVAL_FALSE;
2267 goto cleanup;
2268 }
2269 ldap_mods[i]->mod_bvalues[j] = (struct berval *) emalloc (sizeof(struct berval));
2270 ldap_mods[i]->mod_bvalues[j]->bv_val = Z_STRVAL_P(ivalue);
2271 ldap_mods[i]->mod_bvalues[j]->bv_len = Z_STRLEN_P(ivalue);
2272 }
2273 }
2274 ldap_mods[i]->mod_bvalues[num_values] = NULL;
2275 zend_hash_move_forward(Z_ARRVAL_P(entry));
2276 }
2277 ldap_mods[num_attribs] = NULL;
2278
2279 if (serverctrls) {
2280 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
2281 if (lserverctrls == NULL) {
2282 RETVAL_FALSE;
2283 goto cleanup;
2284 }
2285 }
2286
2287 /* check flag to see if do_mod was called to perform full add , gerrit thomson */
2288 if (is_full_add == 1) {
2289 if (ext) {
2290 i = ldap_add_ext(ld->link, dn, ldap_mods, lserverctrls, NULL, &msgid);
2291 } else {
2292 i = ldap_add_ext_s(ld->link, dn, ldap_mods, lserverctrls, NULL);
2293 }
2294 if (i != LDAP_SUCCESS) {
2295 php_error_docref(NULL, E_WARNING, "Add: %s", ldap_err2string(i));
2296 RETVAL_FALSE;
2297 } else if (ext) {
2298 i = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
2299 if (i == -1) {
2300 php_error_docref(NULL, E_WARNING, "Add operation failed");
2301 RETVAL_FALSE;
2302 goto cleanup;
2303 }
2304
2305 /* return a PHP control object */
2306 RETVAL_RES(zend_register_resource(ldap_res, le_result));
2307 } else RETVAL_TRUE;
2308 } else {
2309 if (ext) {
2310 i = ldap_modify_ext(ld->link, dn, ldap_mods, lserverctrls, NULL, &msgid);
2311 } else {
2312 i = ldap_modify_ext_s(ld->link, dn, ldap_mods, lserverctrls, NULL);
2313 }
2314 if (i != LDAP_SUCCESS) {
2315 php_error_docref(NULL, E_WARNING, "Modify: %s", ldap_err2string(i));
2316 RETVAL_FALSE;
2317 } else if (ext) {
2318 i = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
2319 if (i == -1) {
2320 php_error_docref(NULL, E_WARNING, "Modify operation failed");
2321 RETVAL_FALSE;
2322 goto cleanup;
2323 }
2324
2325 /* return a PHP control object */
2326 RETVAL_RES(zend_register_resource(ldap_res, le_result));
2327 } else RETVAL_TRUE;
2328 }
2329
2330 cleanup:
2331 for (i = 0; i < num_attribs; i++) {
2332 efree(ldap_mods[i]->mod_type);
2333 for (j = 0; j < num_berval[i]; j++) {
2334 efree(ldap_mods[i]->mod_bvalues[j]);
2335 }
2336 efree(ldap_mods[i]->mod_bvalues);
2337 efree(ldap_mods[i]);
2338 }
2339 efree(num_berval);
2340 efree(ldap_mods);
2341
2342 if (lserverctrls) {
2343 _php_ldap_controls_free(&lserverctrls);
2344 }
2345
2346 return;
2347 }
2348 /* }}} */
2349
2350 /* {{{ Add entries to LDAP directory */
PHP_FUNCTION(ldap_add)2351 PHP_FUNCTION(ldap_add)
2352 {
2353 /* use a newly define parameter into the do_modify so ldap_mod_add can be used the way it is supposed to be used , Gerrit THomson */
2354 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_LD_FULL_ADD, 0);
2355 }
2356 /* }}} */
2357
2358 /* {{{ Add entries to LDAP directory */
PHP_FUNCTION(ldap_add_ext)2359 PHP_FUNCTION(ldap_add_ext)
2360 {
2361 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_LD_FULL_ADD, 1);
2362 }
2363 /* }}} */
2364
2365 /* three functions for attribute base modifications, gerrit Thomson */
2366
2367 /* {{{ Replace attribute values with new ones */
PHP_FUNCTION(ldap_mod_replace)2368 PHP_FUNCTION(ldap_mod_replace)
2369 {
2370 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_REPLACE, 0);
2371 }
2372 /* }}} */
2373
2374 /* {{{ Replace attribute values with new ones */
PHP_FUNCTION(ldap_mod_replace_ext)2375 PHP_FUNCTION(ldap_mod_replace_ext)
2376 {
2377 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_REPLACE, 1);
2378 }
2379 /* }}} */
2380
2381 /* {{{ Add attribute values to current */
PHP_FUNCTION(ldap_mod_add)2382 PHP_FUNCTION(ldap_mod_add)
2383 {
2384 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_ADD, 0);
2385 }
2386 /* }}} */
2387
2388 /* {{{ Add attribute values to current */
PHP_FUNCTION(ldap_mod_add_ext)2389 PHP_FUNCTION(ldap_mod_add_ext)
2390 {
2391 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_ADD, 1);
2392 }
2393 /* }}} */
2394
2395 /* {{{ Delete attribute values */
PHP_FUNCTION(ldap_mod_del)2396 PHP_FUNCTION(ldap_mod_del)
2397 {
2398 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_DELETE, 0);
2399 }
2400 /* }}} */
2401
2402 /* {{{ Delete attribute values */
PHP_FUNCTION(ldap_mod_del_ext)2403 PHP_FUNCTION(ldap_mod_del_ext)
2404 {
2405 php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_DELETE, 1);
2406 }
2407 /* }}} */
2408
2409 /* {{{ php_ldap_do_delete */
php_ldap_do_delete(INTERNAL_FUNCTION_PARAMETERS,int ext)2410 static void php_ldap_do_delete(INTERNAL_FUNCTION_PARAMETERS, int ext)
2411 {
2412 zval *serverctrls = NULL;
2413 zval *link;
2414 ldap_linkdata *ld;
2415 LDAPControl **lserverctrls = NULL;
2416 LDAPMessage *ldap_res;
2417 char *dn;
2418 int rc, msgid;
2419 size_t dn_len;
2420
2421 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rs|a!", &link, &dn, &dn_len, &serverctrls) != SUCCESS) {
2422 RETURN_THROWS();
2423 }
2424
2425 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
2426 RETURN_THROWS();
2427 }
2428
2429 if (serverctrls) {
2430 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 3);
2431 if (lserverctrls == NULL) {
2432 RETVAL_FALSE;
2433 goto cleanup;
2434 }
2435 }
2436
2437 if (ext) {
2438 rc = ldap_delete_ext(ld->link, dn, lserverctrls, NULL, &msgid);
2439 } else {
2440 rc = ldap_delete_ext_s(ld->link, dn, lserverctrls, NULL);
2441 }
2442 if (rc != LDAP_SUCCESS) {
2443 php_error_docref(NULL, E_WARNING, "Delete: %s", ldap_err2string(rc));
2444 RETVAL_FALSE;
2445 goto cleanup;
2446 } else if (ext) {
2447 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
2448 if (rc == -1) {
2449 php_error_docref(NULL, E_WARNING, "Delete operation failed");
2450 RETVAL_FALSE;
2451 goto cleanup;
2452 }
2453
2454 /* return a PHP control object */
2455 RETVAL_RES(zend_register_resource(ldap_res, le_result));
2456 } else {
2457 RETVAL_TRUE;
2458 }
2459
2460 cleanup:
2461 if (lserverctrls) {
2462 _php_ldap_controls_free(&lserverctrls);
2463 }
2464
2465 return;
2466 }
2467 /* }}} */
2468
2469 /* {{{ Delete an entry from a directory */
PHP_FUNCTION(ldap_delete)2470 PHP_FUNCTION(ldap_delete)
2471 {
2472 php_ldap_do_delete(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
2473 }
2474 /* }}} */
2475
2476 /* {{{ Delete an entry from a directory */
PHP_FUNCTION(ldap_delete_ext)2477 PHP_FUNCTION(ldap_delete_ext)
2478 {
2479 php_ldap_do_delete(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
2480 }
2481 /* }}} */
2482
2483 /* {{{ _ldap_str_equal_to_const */
_ldap_str_equal_to_const(const char * str,size_t str_len,const char * cstr)2484 static size_t _ldap_str_equal_to_const(const char *str, size_t str_len, const char *cstr)
2485 {
2486 size_t i;
2487
2488 if (strlen(cstr) != str_len)
2489 return 0;
2490
2491 for (i = 0; i < str_len; ++i) {
2492 if (str[i] != cstr[i]) {
2493 return 0;
2494 }
2495 }
2496
2497 return 1;
2498 }
2499 /* }}} */
2500
2501 /* {{{ _ldap_strlen_max */
_ldap_strlen_max(const char * str,size_t max_len)2502 static size_t _ldap_strlen_max(const char *str, size_t max_len)
2503 {
2504 size_t i;
2505
2506 for (i = 0; i < max_len; ++i) {
2507 if (str[i] == '\0') {
2508 return i;
2509 }
2510 }
2511
2512 return max_len;
2513 }
2514 /* }}} */
2515
2516 /* {{{ _ldap_hash_fetch */
_ldap_hash_fetch(zval * hashTbl,const char * key,zval ** out)2517 static void _ldap_hash_fetch(zval *hashTbl, const char *key, zval **out)
2518 {
2519 *out = zend_hash_str_find(Z_ARRVAL_P(hashTbl), key, strlen(key));
2520 }
2521 /* }}} */
2522
2523 /* {{{ Perform multiple modifications as part of one operation */
PHP_FUNCTION(ldap_modify_batch)2524 PHP_FUNCTION(ldap_modify_batch)
2525 {
2526 zval *serverctrls = NULL;
2527 ldap_linkdata *ld;
2528 zval *link, *mods, *mod, *modinfo;
2529 zend_string *modval;
2530 zval *attrib, *modtype, *vals;
2531 zval *fetched;
2532 char *dn;
2533 size_t dn_len;
2534 int i, j, k;
2535 int num_mods, num_modprops, num_modvals;
2536 LDAPMod **ldap_mods;
2537 LDAPControl **lserverctrls = NULL;
2538 uint32_t oper;
2539
2540 /*
2541 $mods = array(
2542 array(
2543 "attrib" => "unicodePwd",
2544 "modtype" => LDAP_MODIFY_BATCH_REMOVE,
2545 "values" => array($oldpw)
2546 ),
2547 array(
2548 "attrib" => "unicodePwd",
2549 "modtype" => LDAP_MODIFY_BATCH_ADD,
2550 "values" => array($newpw)
2551 ),
2552 array(
2553 "attrib" => "userPrincipalName",
2554 "modtype" => LDAP_MODIFY_BATCH_REPLACE,
2555 "values" => array("janitor@corp.contoso.com")
2556 ),
2557 array(
2558 "attrib" => "userCert",
2559 "modtype" => LDAP_MODIFY_BATCH_REMOVE_ALL
2560 )
2561 );
2562 */
2563
2564 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rsa/|a!", &link, &dn, &dn_len, &mods, &serverctrls) != SUCCESS) {
2565 RETURN_THROWS();
2566 }
2567
2568 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
2569 RETURN_THROWS();
2570 }
2571
2572 /* perform validation */
2573 {
2574 zend_string *modkey;
2575 zend_long modtype;
2576
2577 /* to store the wrongly-typed keys */
2578 zend_ulong tmpUlong;
2579
2580 /* make sure the DN contains no NUL bytes */
2581 if (_ldap_strlen_max(dn, dn_len) != dn_len) {
2582 zend_argument_type_error(2, "must not contain null bytes");
2583 RETURN_THROWS();
2584 }
2585
2586 /* make sure the top level is a normal array */
2587 zend_hash_internal_pointer_reset(Z_ARRVAL_P(mods));
2588 if (zend_hash_get_current_key_type(Z_ARRVAL_P(mods)) != HASH_KEY_IS_LONG) {
2589 zend_argument_type_error(3, "must be integer-indexed");
2590 RETURN_THROWS();
2591 }
2592
2593 num_mods = zend_hash_num_elements(Z_ARRVAL_P(mods));
2594
2595 for (i = 0; i < num_mods; i++) {
2596 /* is the numbering consecutive? */
2597 if ((fetched = zend_hash_index_find(Z_ARRVAL_P(mods), i)) == NULL) {
2598 zend_argument_value_error(3, "must have consecutive integer indices starting from 0");
2599 RETURN_THROWS();
2600 }
2601 mod = fetched;
2602
2603 /* is it an array? */
2604 if (Z_TYPE_P(mod) != IS_ARRAY) {
2605 zend_argument_value_error(3, "must only contain arrays");
2606 RETURN_THROWS();
2607 }
2608
2609 SEPARATE_ARRAY(mod);
2610 /* for the modification hashtable... */
2611 zend_hash_internal_pointer_reset(Z_ARRVAL_P(mod));
2612 num_modprops = zend_hash_num_elements(Z_ARRVAL_P(mod));
2613
2614 for (j = 0; j < num_modprops; j++) {
2615 /* are the keys strings? */
2616 if (zend_hash_get_current_key(Z_ARRVAL_P(mod), &modkey, &tmpUlong) != HASH_KEY_IS_STRING) {
2617 zend_argument_type_error(3, "must only contain string-indexed arrays");
2618 RETURN_THROWS();
2619 }
2620
2621 /* is this a valid entry? */
2622 if (
2623 !_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_ATTRIB) &&
2624 !_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_MODTYPE) &&
2625 !_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_VALUES)
2626 ) {
2627 zend_argument_value_error(3, "must contain arrays only containing the \"" LDAP_MODIFY_BATCH_ATTRIB "\", \"" LDAP_MODIFY_BATCH_MODTYPE "\" and \"" LDAP_MODIFY_BATCH_VALUES "\" keys");
2628 RETURN_THROWS();
2629 }
2630
2631 fetched = zend_hash_get_current_data(Z_ARRVAL_P(mod));
2632 modinfo = fetched;
2633
2634 /* does the value type match the key? */
2635 if (_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_ATTRIB)) {
2636 if (Z_TYPE_P(modinfo) != IS_STRING) {
2637 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_ATTRIB "\" must be of type string, %s given", get_active_function_name(), zend_zval_type_name(modinfo));
2638 RETURN_THROWS();
2639 }
2640
2641 if (Z_STRLEN_P(modinfo) != _ldap_strlen_max(Z_STRVAL_P(modinfo), Z_STRLEN_P(modinfo))) {
2642 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_ATTRIB "\" cannot contain null-bytes", get_active_function_name());
2643 RETURN_THROWS();
2644 }
2645 }
2646 else if (_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_MODTYPE)) {
2647 if (Z_TYPE_P(modinfo) != IS_LONG) {
2648 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_MODTYPE "\" must be of type int, %s given", get_active_function_name(), zend_zval_type_name(modinfo));
2649 RETURN_THROWS();
2650 }
2651
2652 /* is the value in range? */
2653 modtype = Z_LVAL_P(modinfo);
2654 if (
2655 modtype != LDAP_MODIFY_BATCH_ADD &&
2656 modtype != LDAP_MODIFY_BATCH_REMOVE &&
2657 modtype != LDAP_MODIFY_BATCH_REPLACE &&
2658 modtype != LDAP_MODIFY_BATCH_REMOVE_ALL
2659 ) {
2660 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_MODTYPE "\" must be one of the LDAP_MODIFY_BATCH_* constants", get_active_function_name());
2661 RETURN_THROWS();
2662 }
2663
2664 /* if it's REMOVE_ALL, there must not be a values array; otherwise, there must */
2665 if (modtype == LDAP_MODIFY_BATCH_REMOVE_ALL) {
2666 if (zend_hash_str_exists(Z_ARRVAL_P(mod), LDAP_MODIFY_BATCH_VALUES, strlen(LDAP_MODIFY_BATCH_VALUES))) {
2667 zend_value_error("%s(): If option \"" LDAP_MODIFY_BATCH_MODTYPE "\" is LDAP_MODIFY_BATCH_REMOVE_ALL, option \"" LDAP_MODIFY_BATCH_VALUES "\" cannot be provided", get_active_function_name());
2668 RETURN_THROWS();
2669 }
2670 }
2671 else {
2672 if (!zend_hash_str_exists(Z_ARRVAL_P(mod), LDAP_MODIFY_BATCH_VALUES, strlen(LDAP_MODIFY_BATCH_VALUES))) {
2673 zend_value_error("%s(): If option \"" LDAP_MODIFY_BATCH_MODTYPE "\" is not LDAP_MODIFY_BATCH_REMOVE_ALL, option \"" LDAP_MODIFY_BATCH_VALUES "\" must be provided", get_active_function_name());
2674 RETURN_THROWS();
2675 }
2676 }
2677 }
2678 else if (_ldap_str_equal_to_const(ZSTR_VAL(modkey), ZSTR_LEN(modkey), LDAP_MODIFY_BATCH_VALUES)) {
2679 if (Z_TYPE_P(modinfo) != IS_ARRAY) {
2680 zend_type_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" must be of type array, %s given", get_active_function_name(), zend_zval_type_name(modinfo));
2681 RETURN_THROWS();
2682 }
2683
2684 SEPARATE_ARRAY(modinfo);
2685 /* is the array not empty? */
2686 zend_hash_internal_pointer_reset(Z_ARRVAL_P(modinfo));
2687 num_modvals = zend_hash_num_elements(Z_ARRVAL_P(modinfo));
2688 if (num_modvals == 0) {
2689 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" cannot be empty", get_active_function_name());
2690 RETURN_THROWS();
2691 }
2692
2693 /* are its keys integers? */
2694 if (zend_hash_get_current_key_type(Z_ARRVAL_P(modinfo)) != HASH_KEY_IS_LONG) {
2695 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" must be integer-indexed", get_active_function_name());
2696 RETURN_THROWS();
2697 }
2698
2699 /* are the keys consecutive? */
2700 for (k = 0; k < num_modvals; k++) {
2701 if ((fetched = zend_hash_index_find(Z_ARRVAL_P(modinfo), k)) == NULL) {
2702 zend_value_error("%s(): Option \"" LDAP_MODIFY_BATCH_VALUES "\" must have consecutive integer indices starting from 0", get_active_function_name());
2703 RETURN_THROWS();
2704 }
2705 }
2706 }
2707
2708 zend_hash_move_forward(Z_ARRVAL_P(mod));
2709 }
2710 }
2711 }
2712 /* validation was successful */
2713
2714 /* allocate array of modifications */
2715 ldap_mods = safe_emalloc((num_mods+1), sizeof(LDAPMod *), 0);
2716
2717 /* for each modification */
2718 for (i = 0; i < num_mods; i++) {
2719 /* allocate the modification struct */
2720 ldap_mods[i] = safe_emalloc(1, sizeof(LDAPMod), 0);
2721
2722 /* fetch the relevant data */
2723 fetched = zend_hash_index_find(Z_ARRVAL_P(mods), i);
2724 mod = fetched;
2725
2726 _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_ATTRIB, &attrib);
2727 _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_MODTYPE, &modtype);
2728 _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_VALUES, &vals);
2729
2730 /* map the modification type */
2731 switch (Z_LVAL_P(modtype)) {
2732 case LDAP_MODIFY_BATCH_ADD:
2733 oper = LDAP_MOD_ADD;
2734 break;
2735 case LDAP_MODIFY_BATCH_REMOVE:
2736 case LDAP_MODIFY_BATCH_REMOVE_ALL:
2737 oper = LDAP_MOD_DELETE;
2738 break;
2739 case LDAP_MODIFY_BATCH_REPLACE:
2740 oper = LDAP_MOD_REPLACE;
2741 break;
2742 default:
2743 zend_throw_error(NULL, "Unknown and uncaught modification type.");
2744 RETVAL_FALSE;
2745 efree(ldap_mods[i]);
2746 num_mods = i;
2747 goto cleanup;
2748 }
2749
2750 /* fill in the basic info */
2751 ldap_mods[i]->mod_op = oper | LDAP_MOD_BVALUES;
2752 ldap_mods[i]->mod_type = estrndup(Z_STRVAL_P(attrib), Z_STRLEN_P(attrib));
2753
2754 if (Z_LVAL_P(modtype) == LDAP_MODIFY_BATCH_REMOVE_ALL) {
2755 /* no values */
2756 ldap_mods[i]->mod_bvalues = NULL;
2757 }
2758 else {
2759 /* allocate space for the values as part of this modification */
2760 num_modvals = zend_hash_num_elements(Z_ARRVAL_P(vals));
2761 ldap_mods[i]->mod_bvalues = safe_emalloc((num_modvals+1), sizeof(struct berval *), 0);
2762
2763 /* for each value */
2764 for (j = 0; j < num_modvals; j++) {
2765 /* fetch it */
2766 fetched = zend_hash_index_find(Z_ARRVAL_P(vals), j);
2767 modval = zval_get_string(fetched);
2768 if (EG(exception)) {
2769 RETVAL_FALSE;
2770 ldap_mods[i]->mod_bvalues[j] = NULL;
2771 num_mods = i + 1;
2772 goto cleanup;
2773 }
2774
2775 /* allocate the data struct */
2776 ldap_mods[i]->mod_bvalues[j] = safe_emalloc(1, sizeof(struct berval), 0);
2777
2778 /* fill it */
2779 ldap_mods[i]->mod_bvalues[j]->bv_len = ZSTR_LEN(modval);
2780 ldap_mods[i]->mod_bvalues[j]->bv_val = estrndup(ZSTR_VAL(modval), ZSTR_LEN(modval));
2781 zend_string_release(modval);
2782 }
2783
2784 /* NULL-terminate values */
2785 ldap_mods[i]->mod_bvalues[num_modvals] = NULL;
2786 }
2787 }
2788
2789 /* NULL-terminate modifications */
2790 ldap_mods[num_mods] = NULL;
2791
2792 if (serverctrls) {
2793 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
2794 if (lserverctrls == NULL) {
2795 RETVAL_FALSE;
2796 goto cleanup;
2797 }
2798 }
2799
2800 /* perform (finally) */
2801 if ((i = ldap_modify_ext_s(ld->link, dn, ldap_mods, lserverctrls, NULL)) != LDAP_SUCCESS) {
2802 php_error_docref(NULL, E_WARNING, "Batch Modify: %s", ldap_err2string(i));
2803 RETVAL_FALSE;
2804 } else RETVAL_TRUE;
2805
2806 /* clean up */
2807 cleanup: {
2808 for (i = 0; i < num_mods; i++) {
2809 /* attribute */
2810 efree(ldap_mods[i]->mod_type);
2811
2812 if (ldap_mods[i]->mod_bvalues != NULL) {
2813 /* each BER value */
2814 for (j = 0; ldap_mods[i]->mod_bvalues[j] != NULL; j++) {
2815 /* free the data bytes */
2816 efree(ldap_mods[i]->mod_bvalues[j]->bv_val);
2817
2818 /* free the bvalue struct */
2819 efree(ldap_mods[i]->mod_bvalues[j]);
2820 }
2821
2822 /* the BER value array */
2823 efree(ldap_mods[i]->mod_bvalues);
2824 }
2825
2826 /* the modification */
2827 efree(ldap_mods[i]);
2828 }
2829
2830 /* the modifications array */
2831 efree(ldap_mods);
2832
2833 if (lserverctrls) {
2834 _php_ldap_controls_free(&lserverctrls);
2835 }
2836 }
2837 }
2838 /* }}} */
2839
2840 /* {{{ Get the current ldap error number */
PHP_FUNCTION(ldap_errno)2841 PHP_FUNCTION(ldap_errno)
2842 {
2843 zval *link;
2844 ldap_linkdata *ld;
2845
2846 if (zend_parse_parameters(ZEND_NUM_ARGS(), "r", &link) != SUCCESS) {
2847 RETURN_THROWS();
2848 }
2849
2850 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
2851 RETURN_THROWS();
2852 }
2853
2854 RETURN_LONG(_get_lderrno(ld->link));
2855 }
2856 /* }}} */
2857
2858 /* {{{ Convert error number to error string */
PHP_FUNCTION(ldap_err2str)2859 PHP_FUNCTION(ldap_err2str)
2860 {
2861 zend_long perrno;
2862
2863 if (zend_parse_parameters(ZEND_NUM_ARGS(), "l", &perrno) != SUCCESS) {
2864 RETURN_THROWS();
2865 }
2866
2867 RETURN_STRING(ldap_err2string(perrno));
2868 }
2869 /* }}} */
2870
2871 /* {{{ Get the current ldap error string */
PHP_FUNCTION(ldap_error)2872 PHP_FUNCTION(ldap_error)
2873 {
2874 zval *link;
2875 ldap_linkdata *ld;
2876 int ld_errno;
2877
2878 if (zend_parse_parameters(ZEND_NUM_ARGS(), "r", &link) != SUCCESS) {
2879 RETURN_THROWS();
2880 }
2881
2882 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
2883 RETURN_THROWS();
2884 }
2885
2886 ld_errno = _get_lderrno(ld->link);
2887
2888 RETURN_STRING(ldap_err2string(ld_errno));
2889 }
2890 /* }}} */
2891
2892 /* {{{ Determine if an entry has a specific value for one of its attributes */
PHP_FUNCTION(ldap_compare)2893 PHP_FUNCTION(ldap_compare)
2894 {
2895 zval *serverctrls = NULL;
2896 zval *link;
2897 char *dn, *attr, *value;
2898 size_t dn_len, attr_len, value_len;
2899 ldap_linkdata *ld;
2900 LDAPControl **lserverctrls = NULL;
2901 int errno;
2902 struct berval lvalue;
2903
2904 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rsss|a!", &link, &dn, &dn_len, &attr, &attr_len, &value, &value_len, &serverctrls) != SUCCESS) {
2905 RETURN_THROWS();
2906 }
2907
2908 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
2909 RETURN_THROWS();
2910 }
2911
2912 if (serverctrls) {
2913 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 5);
2914 if (lserverctrls == NULL) {
2915 RETVAL_FALSE;
2916 goto cleanup;
2917 }
2918 }
2919
2920 lvalue.bv_val = value;
2921 lvalue.bv_len = value_len;
2922
2923 errno = ldap_compare_ext_s(ld->link, dn, attr, &lvalue, lserverctrls, NULL);
2924
2925 switch (errno) {
2926 case LDAP_COMPARE_TRUE:
2927 RETVAL_TRUE;
2928 break;
2929
2930 case LDAP_COMPARE_FALSE:
2931 RETVAL_FALSE;
2932 break;
2933
2934 default:
2935 php_error_docref(NULL, E_WARNING, "Compare: %s", ldap_err2string(errno));
2936 RETVAL_LONG(-1);
2937 }
2938
2939 cleanup:
2940 if (lserverctrls) {
2941 _php_ldap_controls_free(&lserverctrls);
2942 }
2943
2944 return;
2945 }
2946 /* }}} */
2947
2948 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP)
2949 /* {{{ Get the current value of various session-wide parameters */
PHP_FUNCTION(ldap_get_option)2950 PHP_FUNCTION(ldap_get_option)
2951 {
2952 zval *link, *retval;
2953 ldap_linkdata *ld;
2954 zend_long option;
2955
2956 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rlz", &link, &option, &retval) != SUCCESS) {
2957 RETURN_THROWS();
2958 }
2959
2960 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
2961 RETURN_THROWS();
2962 }
2963
2964 switch (option) {
2965 /* options with int value */
2966 case LDAP_OPT_DEREF:
2967 case LDAP_OPT_SIZELIMIT:
2968 case LDAP_OPT_TIMELIMIT:
2969 case LDAP_OPT_PROTOCOL_VERSION:
2970 case LDAP_OPT_ERROR_NUMBER:
2971 case LDAP_OPT_REFERRALS:
2972 #ifdef LDAP_OPT_RESTART
2973 case LDAP_OPT_RESTART:
2974 #endif
2975 #ifdef LDAP_OPT_X_SASL_NOCANON
2976 case LDAP_OPT_X_SASL_NOCANON:
2977 #endif
2978 #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
2979 case LDAP_OPT_X_TLS_REQUIRE_CERT:
2980 #endif
2981 #ifdef LDAP_OPT_X_TLS_CRLCHECK
2982 case LDAP_OPT_X_TLS_CRLCHECK:
2983 #endif
2984 #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
2985 case LDAP_OPT_X_TLS_PROTOCOL_MIN:
2986 #endif
2987 #ifdef LDAP_OPT_X_KEEPALIVE_IDLE
2988 case LDAP_OPT_X_KEEPALIVE_IDLE:
2989 case LDAP_OPT_X_KEEPALIVE_PROBES:
2990 case LDAP_OPT_X_KEEPALIVE_INTERVAL:
2991 #endif
2992 {
2993 int val;
2994
2995 if (ldap_get_option(ld->link, option, &val)) {
2996 RETURN_FALSE;
2997 }
2998 ZEND_TRY_ASSIGN_REF_LONG(retval, val);
2999 } break;
3000 #ifdef LDAP_OPT_NETWORK_TIMEOUT
3001 case LDAP_OPT_NETWORK_TIMEOUT:
3002 {
3003 struct timeval *timeout = NULL;
3004
3005 if (ldap_get_option(ld->link, LDAP_OPT_NETWORK_TIMEOUT, (void *) &timeout)) {
3006 if (timeout) {
3007 ldap_memfree(timeout);
3008 }
3009 RETURN_FALSE;
3010 }
3011 if (!timeout) {
3012 RETURN_FALSE;
3013 }
3014 ZEND_TRY_ASSIGN_REF_LONG(retval, timeout->tv_sec);
3015 ldap_memfree(timeout);
3016 } break;
3017 #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
3018 case LDAP_X_OPT_CONNECT_TIMEOUT:
3019 {
3020 int timeout;
3021
3022 if (ldap_get_option(ld->link, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout)) {
3023 RETURN_FALSE;
3024 }
3025 ZEND_TRY_ASSIGN_REF_LONG(retval, (timeout / 1000));
3026 } break;
3027 #endif
3028 #ifdef LDAP_OPT_TIMEOUT
3029 case LDAP_OPT_TIMEOUT:
3030 {
3031 struct timeval *timeout = NULL;
3032
3033 if (ldap_get_option(ld->link, LDAP_OPT_TIMEOUT, (void *) &timeout)) {
3034 if (timeout) {
3035 ldap_memfree(timeout);
3036 }
3037 RETURN_FALSE;
3038 }
3039 if (!timeout) {
3040 RETURN_FALSE;
3041 }
3042 ZEND_TRY_ASSIGN_REF_LONG(retval, timeout->tv_sec);
3043 ldap_memfree(timeout);
3044 } break;
3045 #endif
3046 /* options with string value */
3047 case LDAP_OPT_ERROR_STRING:
3048 #ifdef LDAP_OPT_HOST_NAME
3049 case LDAP_OPT_HOST_NAME:
3050 #endif
3051 #ifdef HAVE_LDAP_SASL
3052 case LDAP_OPT_X_SASL_MECH:
3053 case LDAP_OPT_X_SASL_REALM:
3054 case LDAP_OPT_X_SASL_AUTHCID:
3055 case LDAP_OPT_X_SASL_AUTHZID:
3056 #endif
3057 #ifdef LDAP_OPT_X_SASL_USERNAME
3058 case LDAP_OPT_X_SASL_USERNAME:
3059 #endif
3060 #if (LDAP_API_VERSION > 2000)
3061 case LDAP_OPT_X_TLS_CACERTDIR:
3062 case LDAP_OPT_X_TLS_CACERTFILE:
3063 case LDAP_OPT_X_TLS_CERTFILE:
3064 case LDAP_OPT_X_TLS_CIPHER_SUITE:
3065 case LDAP_OPT_X_TLS_KEYFILE:
3066 case LDAP_OPT_X_TLS_RANDOM_FILE:
3067 #endif
3068 #ifdef LDAP_OPT_X_TLS_PACKAGE
3069 case LDAP_OPT_X_TLS_PACKAGE:
3070 #endif
3071 #ifdef LDAP_OPT_X_TLS_CRLFILE
3072 case LDAP_OPT_X_TLS_CRLFILE:
3073 #endif
3074 #ifdef LDAP_OPT_X_TLS_DHFILE
3075 case LDAP_OPT_X_TLS_DHFILE:
3076 #endif
3077 #ifdef LDAP_OPT_MATCHED_DN
3078 case LDAP_OPT_MATCHED_DN:
3079 #endif
3080 {
3081 char *val = NULL;
3082
3083 if (ldap_get_option(ld->link, option, &val) || val == NULL || *val == '\0') {
3084 if (val) {
3085 ldap_memfree(val);
3086 }
3087 RETURN_FALSE;
3088 }
3089 ZEND_TRY_ASSIGN_REF_STRING(retval, val);
3090 ldap_memfree(val);
3091 } break;
3092 case LDAP_OPT_SERVER_CONTROLS:
3093 case LDAP_OPT_CLIENT_CONTROLS:
3094 {
3095 LDAPControl **ctrls = NULL;
3096
3097 if (ldap_get_option(ld->link, option, &ctrls) || ctrls == NULL) {
3098 if (ctrls) {
3099 ldap_memfree(ctrls);
3100 }
3101 RETURN_FALSE;
3102 }
3103 _php_ldap_controls_to_array(ld->link, ctrls, retval, 1);
3104 } break;
3105 /* options not implemented
3106 case LDAP_OPT_API_INFO:
3107 case LDAP_OPT_API_FEATURE_INFO:
3108 */
3109 default:
3110 RETURN_FALSE;
3111 }
3112 RETURN_TRUE;
3113 }
3114 /* }}} */
3115
3116 /* {{{ Set the value of various session-wide parameters */
PHP_FUNCTION(ldap_set_option)3117 PHP_FUNCTION(ldap_set_option)
3118 {
3119 zval *link, *newval;
3120 ldap_linkdata *ld;
3121 LDAP *ldap;
3122 zend_long option;
3123
3124 if (zend_parse_parameters(ZEND_NUM_ARGS(), "zlz", &link, &option, &newval) != SUCCESS) {
3125 RETURN_THROWS();
3126 }
3127
3128 if (Z_TYPE_P(link) == IS_NULL) {
3129 ldap = NULL;
3130 } else {
3131 if ((ld = (ldap_linkdata *)zend_fetch_resource_ex(link, "ldap link", le_link)) == NULL) {
3132 RETURN_THROWS();
3133 }
3134 ldap = ld->link;
3135 }
3136
3137 switch (option) {
3138 /* options with int value */
3139 case LDAP_OPT_DEREF:
3140 case LDAP_OPT_SIZELIMIT:
3141 case LDAP_OPT_TIMELIMIT:
3142 case LDAP_OPT_PROTOCOL_VERSION:
3143 case LDAP_OPT_ERROR_NUMBER:
3144 #ifdef LDAP_OPT_DEBUG_LEVEL
3145 case LDAP_OPT_DEBUG_LEVEL:
3146 #endif
3147 #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
3148 case LDAP_OPT_X_TLS_REQUIRE_CERT:
3149 #endif
3150 #ifdef LDAP_OPT_X_TLS_CRLCHECK
3151 case LDAP_OPT_X_TLS_CRLCHECK:
3152 #endif
3153 #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
3154 case LDAP_OPT_X_TLS_PROTOCOL_MIN:
3155 #endif
3156 #ifdef LDAP_OPT_X_KEEPALIVE_IDLE
3157 case LDAP_OPT_X_KEEPALIVE_IDLE:
3158 case LDAP_OPT_X_KEEPALIVE_PROBES:
3159 case LDAP_OPT_X_KEEPALIVE_INTERVAL:
3160 #endif
3161 {
3162 int val;
3163
3164 convert_to_long_ex(newval);
3165 if (ZEND_LONG_EXCEEDS_INT(Z_LVAL_P(newval))) {
3166 zend_argument_value_error(3, "is too large");
3167 RETURN_THROWS();
3168 }
3169 val = (int)Z_LVAL_P(newval);
3170 if (ldap_set_option(ldap, option, &val)) {
3171 RETURN_FALSE;
3172 }
3173 } break;
3174 #ifdef LDAP_OPT_NETWORK_TIMEOUT
3175 case LDAP_OPT_NETWORK_TIMEOUT:
3176 {
3177 struct timeval timeout;
3178
3179 convert_to_long_ex(newval);
3180 timeout.tv_sec = Z_LVAL_P(newval);
3181 timeout.tv_usec = 0;
3182 if (ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, (void *) &timeout)) {
3183 RETURN_FALSE;
3184 }
3185 } break;
3186 #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
3187 case LDAP_X_OPT_CONNECT_TIMEOUT:
3188 {
3189 int timeout;
3190
3191 convert_to_long_ex(newval);
3192 timeout = 1000 * Z_LVAL_P(newval); /* Convert to milliseconds */
3193 if (ldap_set_option(ldap, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout)) {
3194 RETURN_FALSE;
3195 }
3196 } break;
3197 #endif
3198 #ifdef LDAP_OPT_TIMEOUT
3199 case LDAP_OPT_TIMEOUT:
3200 {
3201 struct timeval timeout;
3202
3203 convert_to_long_ex(newval);
3204 timeout.tv_sec = Z_LVAL_P(newval);
3205 timeout.tv_usec = 0;
3206 if (ldap_set_option(ldap, LDAP_OPT_TIMEOUT, (void *) &timeout)) {
3207 RETURN_FALSE;
3208 }
3209 } break;
3210 #endif
3211 /* options with string value */
3212 case LDAP_OPT_ERROR_STRING:
3213 #ifdef LDAP_OPT_HOST_NAME
3214 case LDAP_OPT_HOST_NAME:
3215 #endif
3216 #ifdef HAVE_LDAP_SASL
3217 case LDAP_OPT_X_SASL_MECH:
3218 case LDAP_OPT_X_SASL_REALM:
3219 case LDAP_OPT_X_SASL_AUTHCID:
3220 case LDAP_OPT_X_SASL_AUTHZID:
3221 #endif
3222 #if (LDAP_API_VERSION > 2000)
3223 case LDAP_OPT_X_TLS_CACERTDIR:
3224 case LDAP_OPT_X_TLS_CACERTFILE:
3225 case LDAP_OPT_X_TLS_CERTFILE:
3226 case LDAP_OPT_X_TLS_CIPHER_SUITE:
3227 case LDAP_OPT_X_TLS_KEYFILE:
3228 case LDAP_OPT_X_TLS_RANDOM_FILE:
3229 #endif
3230 #ifdef LDAP_OPT_X_TLS_CRLFILE
3231 case LDAP_OPT_X_TLS_CRLFILE:
3232 #endif
3233 #ifdef LDAP_OPT_X_TLS_DHFILE
3234 case LDAP_OPT_X_TLS_DHFILE:
3235 #endif
3236 #ifdef LDAP_OPT_MATCHED_DN
3237 case LDAP_OPT_MATCHED_DN:
3238 #endif
3239 {
3240 zend_string *val;
3241 val = zval_get_string(newval);
3242 if (EG(exception)) {
3243 RETURN_THROWS();
3244 }
3245 if (ldap_set_option(ldap, option, ZSTR_VAL(val))) {
3246 zend_string_release(val);
3247 RETURN_FALSE;
3248 }
3249 zend_string_release(val);
3250 } break;
3251 /* options with boolean value */
3252 case LDAP_OPT_REFERRALS:
3253 #ifdef LDAP_OPT_RESTART
3254 case LDAP_OPT_RESTART:
3255 #endif
3256 #ifdef LDAP_OPT_X_SASL_NOCANON
3257 case LDAP_OPT_X_SASL_NOCANON:
3258 #endif
3259 {
3260 void *val;
3261 val = zend_is_true(newval) ? LDAP_OPT_ON : LDAP_OPT_OFF;
3262 if (ldap_set_option(ldap, option, val)) {
3263 RETURN_FALSE;
3264 }
3265 } break;
3266 /* options with control list value */
3267 case LDAP_OPT_SERVER_CONTROLS:
3268 case LDAP_OPT_CLIENT_CONTROLS:
3269 {
3270 LDAPControl **ctrls;
3271 int rc;
3272
3273 if (Z_TYPE_P(newval) != IS_ARRAY) {
3274 zend_argument_type_error(3, "must be of type array for the LDAP_OPT_CLIENT_CONTROLS option, %s given", zend_zval_type_name(newval));
3275 RETURN_THROWS();
3276 }
3277
3278 ctrls = _php_ldap_controls_from_array(ldap, newval, 3);
3279
3280 if (ctrls == NULL) {
3281 RETURN_FALSE;
3282 } else {
3283 rc = ldap_set_option(ldap, option, ctrls);
3284 _php_ldap_controls_free(&ctrls);
3285 if (rc != LDAP_SUCCESS) {
3286 RETURN_FALSE;
3287 }
3288 }
3289 } break;
3290 default:
3291 RETURN_FALSE;
3292 }
3293 RETURN_TRUE;
3294 }
3295 /* }}} */
3296
3297 #ifdef HAVE_LDAP_PARSE_RESULT
3298 /* {{{ Extract information from result */
PHP_FUNCTION(ldap_parse_result)3299 PHP_FUNCTION(ldap_parse_result)
3300 {
3301 zval *link, *result, *errcode, *matcheddn, *errmsg, *referrals, *serverctrls;
3302 ldap_linkdata *ld;
3303 LDAPMessage *ldap_result;
3304 LDAPControl **lserverctrls = NULL;
3305 char **lreferrals, **refp;
3306 char *lmatcheddn, *lerrmsg;
3307 int rc, lerrcode, myargcount = ZEND_NUM_ARGS();
3308
3309 if (zend_parse_parameters(myargcount, "rrz|zzzz", &link, &result, &errcode, &matcheddn, &errmsg, &referrals, &serverctrls) != SUCCESS) {
3310 RETURN_THROWS();
3311 }
3312
3313 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
3314 RETURN_THROWS();
3315 }
3316
3317 if ((ldap_result = (LDAPMessage *)zend_fetch_resource(Z_RES_P(result), "ldap result", le_result)) == NULL) {
3318 RETURN_THROWS();
3319 }
3320
3321 rc = ldap_parse_result(ld->link, ldap_result, &lerrcode,
3322 myargcount > 3 ? &lmatcheddn : NULL,
3323 myargcount > 4 ? &lerrmsg : NULL,
3324 myargcount > 5 ? &lreferrals : NULL,
3325 myargcount > 6 ? &lserverctrls : NULL,
3326 0);
3327 if (rc != LDAP_SUCCESS) {
3328 php_error_docref(NULL, E_WARNING, "Unable to parse result: %s", ldap_err2string(rc));
3329 RETURN_FALSE;
3330 }
3331
3332 ZEND_TRY_ASSIGN_REF_LONG(errcode, lerrcode);
3333
3334 /* Reverse -> fall through */
3335 switch (myargcount) {
3336 case 7:
3337 _php_ldap_controls_to_array(ld->link, lserverctrls, serverctrls, 0);
3338 case 6:
3339 referrals = zend_try_array_init(referrals);
3340 if (!referrals) {
3341 RETURN_THROWS();
3342 }
3343 if (lreferrals != NULL) {
3344 refp = lreferrals;
3345 while (*refp) {
3346 add_next_index_string(referrals, *refp);
3347 refp++;
3348 }
3349 ldap_memvfree((void**)lreferrals);
3350 }
3351 case 5:
3352 if (lerrmsg == NULL) {
3353 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(errmsg);
3354 } else {
3355 ZEND_TRY_ASSIGN_REF_STRING(errmsg, lerrmsg);
3356 ldap_memfree(lerrmsg);
3357 }
3358 case 4:
3359 if (lmatcheddn == NULL) {
3360 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(matcheddn);
3361 } else {
3362 ZEND_TRY_ASSIGN_REF_STRING(matcheddn, lmatcheddn);
3363 ldap_memfree(lmatcheddn);
3364 }
3365 }
3366 RETURN_TRUE;
3367 }
3368 /* }}} */
3369 #endif
3370
3371 /* {{{ Extended operation response parsing, Pierangelo Masarati */
3372 #ifdef HAVE_LDAP_PARSE_EXTENDED_RESULT
3373 /* {{{ Extract information from extended operation result */
PHP_FUNCTION(ldap_parse_exop)3374 PHP_FUNCTION(ldap_parse_exop)
3375 {
3376 zval *link, *result, *retdata, *retoid;
3377 ldap_linkdata *ld;
3378 LDAPMessage *ldap_result;
3379 char *lretoid;
3380 struct berval *lretdata;
3381 int rc, myargcount = ZEND_NUM_ARGS();
3382
3383 if (zend_parse_parameters(myargcount, "rr|zz", &link, &result, &retdata, &retoid) != SUCCESS) {
3384 RETURN_THROWS();
3385 }
3386
3387 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
3388 RETURN_THROWS();
3389 }
3390
3391 if ((ldap_result = (LDAPMessage *)zend_fetch_resource(Z_RES_P(result), "ldap result", le_result)) == NULL) {
3392 RETURN_THROWS();
3393 }
3394
3395 rc = ldap_parse_extended_result(ld->link, ldap_result,
3396 myargcount > 3 ? &lretoid: NULL,
3397 myargcount > 2 ? &lretdata: NULL,
3398 0);
3399 if (rc != LDAP_SUCCESS) {
3400 php_error_docref(NULL, E_WARNING, "Unable to parse extended operation result: %s", ldap_err2string(rc));
3401 RETURN_FALSE;
3402 }
3403
3404 /* Reverse -> fall through */
3405 switch (myargcount) {
3406 case 4:
3407 if (lretoid == NULL) {
3408 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retoid);
3409 } else {
3410 ZEND_TRY_ASSIGN_REF_STRING(retoid, lretoid);
3411 ldap_memfree(lretoid);
3412 }
3413 case 3:
3414 /* use arg #3 as the data returned by the server */
3415 if (lretdata == NULL) {
3416 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retdata);
3417 } else {
3418 ZEND_TRY_ASSIGN_REF_STRINGL(retdata, lretdata->bv_val, lretdata->bv_len);
3419 ldap_memfree(lretdata->bv_val);
3420 ldap_memfree(lretdata);
3421 }
3422 }
3423 RETURN_TRUE;
3424 }
3425 /* }}} */
3426 #endif
3427 /* }}} */
3428
3429 /* {{{ Count the number of references in a search result */
PHP_FUNCTION(ldap_count_references)3430 PHP_FUNCTION(ldap_count_references)
3431 {
3432 zval *link, *result;
3433 ldap_linkdata *ld;
3434 LDAPMessage *ldap_result;
3435
3436 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result) != SUCCESS) {
3437 RETURN_THROWS();
3438 }
3439
3440 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
3441 RETURN_THROWS();
3442 }
3443
3444 if ((ldap_result = (LDAPMessage *)zend_fetch_resource(Z_RES_P(result), "ldap result", le_result)) == NULL) {
3445 RETURN_THROWS();
3446 }
3447
3448 RETURN_LONG(ldap_count_references(ld->link, ldap_result));
3449 }
3450 /* }}} */
3451
3452 /* {{{ Return first reference */
PHP_FUNCTION(ldap_first_reference)3453 PHP_FUNCTION(ldap_first_reference)
3454 {
3455 zval *link, *result;
3456 ldap_linkdata *ld;
3457 ldap_resultentry *resultentry;
3458 LDAPMessage *ldap_result, *entry;
3459
3460 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result) != SUCCESS) {
3461 RETURN_THROWS();
3462 }
3463
3464 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
3465 RETURN_THROWS();
3466 }
3467
3468 if ((ldap_result = (LDAPMessage *)zend_fetch_resource(Z_RES_P(result), "ldap result", le_result)) == NULL) {
3469 RETURN_THROWS();
3470 }
3471
3472 if ((entry = ldap_first_reference(ld->link, ldap_result)) == NULL) {
3473 RETVAL_FALSE;
3474 } else {
3475 resultentry = emalloc(sizeof(ldap_resultentry));
3476 RETVAL_RES(zend_register_resource(resultentry, le_result_entry));
3477 ZVAL_COPY(&resultentry->res, result);
3478 resultentry->data = entry;
3479 resultentry->ber = NULL;
3480 }
3481 }
3482 /* }}} */
3483
3484 /* {{{ Get next reference */
PHP_FUNCTION(ldap_next_reference)3485 PHP_FUNCTION(ldap_next_reference)
3486 {
3487 zval *link, *result_entry;
3488 ldap_linkdata *ld;
3489 ldap_resultentry *resultentry, *resultentry_next;
3490 LDAPMessage *entry_next;
3491
3492 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr", &link, &result_entry) != SUCCESS) {
3493 RETURN_THROWS();
3494 }
3495
3496 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
3497 RETURN_THROWS();
3498 }
3499
3500 if ((resultentry = (ldap_resultentry *)zend_fetch_resource(Z_RES_P(result_entry), "ldap result entry", le_result_entry)) == NULL) {
3501 RETURN_THROWS();
3502 }
3503
3504 if ((entry_next = ldap_next_reference(ld->link, resultentry->data)) == NULL) {
3505 RETVAL_FALSE;
3506 } else {
3507 resultentry_next = emalloc(sizeof(ldap_resultentry));
3508 RETVAL_RES(zend_register_resource(resultentry_next, le_result_entry));
3509 ZVAL_COPY(&resultentry_next->res, &resultentry->res);
3510 resultentry_next->data = entry_next;
3511 resultentry_next->ber = NULL;
3512 }
3513 }
3514 /* }}} */
3515
3516 #ifdef HAVE_LDAP_PARSE_REFERENCE
3517 /* {{{ Extract information from reference entry */
PHP_FUNCTION(ldap_parse_reference)3518 PHP_FUNCTION(ldap_parse_reference)
3519 {
3520 zval *link, *result_entry, *referrals;
3521 ldap_linkdata *ld;
3522 ldap_resultentry *resultentry;
3523 char **lreferrals, **refp;
3524
3525 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rrz", &link, &result_entry, &referrals) != SUCCESS) {
3526 RETURN_THROWS();
3527 }
3528
3529 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
3530 RETURN_THROWS();
3531 }
3532
3533 if ((resultentry = (ldap_resultentry *)zend_fetch_resource(Z_RES_P(result_entry), "ldap result entry", le_result_entry)) == NULL) {
3534 RETURN_THROWS();
3535 }
3536
3537 if (ldap_parse_reference(ld->link, resultentry->data, &lreferrals, NULL /* &serverctrls */, 0) != LDAP_SUCCESS) {
3538 RETURN_FALSE;
3539 }
3540
3541 referrals = zend_try_array_init(referrals);
3542 if (!referrals) {
3543 RETURN_THROWS();
3544 }
3545
3546 if (lreferrals != NULL) {
3547 refp = lreferrals;
3548 while (*refp) {
3549 add_next_index_string(referrals, *refp);
3550 refp++;
3551 }
3552 ldap_memvfree((void**)lreferrals);
3553 }
3554 RETURN_TRUE;
3555 }
3556 /* }}} */
3557 #endif
3558
3559 /* {{{ php_ldap_do_rename */
php_ldap_do_rename(INTERNAL_FUNCTION_PARAMETERS,int ext)3560 static void php_ldap_do_rename(INTERNAL_FUNCTION_PARAMETERS, int ext)
3561 {
3562 zval *serverctrls = NULL;
3563 zval *link;
3564 ldap_linkdata *ld;
3565 LDAPControl **lserverctrls = NULL;
3566 LDAPMessage *ldap_res;
3567 int rc, msgid;
3568 char *dn, *newrdn, *newparent;
3569 size_t dn_len, newrdn_len, newparent_len;
3570 zend_bool deleteoldrdn;
3571
3572 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rsssb|a!", &link, &dn, &dn_len, &newrdn, &newrdn_len, &newparent, &newparent_len, &deleteoldrdn, &serverctrls) != SUCCESS) {
3573 RETURN_THROWS();
3574 }
3575
3576 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
3577 RETURN_THROWS();
3578 }
3579
3580 if (newparent_len == 0) {
3581 newparent = NULL;
3582 }
3583
3584 #if (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP)
3585 if (serverctrls) {
3586 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 6);
3587 if (lserverctrls == NULL) {
3588 RETVAL_FALSE;
3589 goto cleanup;
3590 }
3591 }
3592
3593 if (ext) {
3594 rc = ldap_rename(ld->link, dn, newrdn, newparent, deleteoldrdn, lserverctrls, NULL, &msgid);
3595 } else {
3596 rc = ldap_rename_s(ld->link, dn, newrdn, newparent, deleteoldrdn, lserverctrls, NULL);
3597 }
3598 #else
3599 if (newparent_len != 0) {
3600 php_error_docref(NULL, E_WARNING, "You are using old LDAP API, newparent must be the empty string, can only modify RDN");
3601 RETURN_FALSE;
3602 }
3603 if (serverctrls) {
3604 php_error_docref(NULL, E_WARNING, "You are using old LDAP API, controls are not supported");
3605 RETURN_FALSE;
3606 }
3607 if (ext) {
3608 php_error_docref(NULL, E_WARNING, "You are using old LDAP API, ldap_rename_ext is not supported");
3609 RETURN_FALSE;
3610 }
3611 /* could support old APIs but need check for ldap_modrdn2()/ldap_modrdn() */
3612 rc = ldap_modrdn2_s(ld->link, dn, newrdn, deleteoldrdn);
3613 #endif
3614
3615 if (rc != LDAP_SUCCESS) {
3616 RETVAL_FALSE;
3617 } else if (ext) {
3618 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
3619 if (rc == -1) {
3620 php_error_docref(NULL, E_WARNING, "Rename operation failed");
3621 RETVAL_FALSE;
3622 goto cleanup;
3623 }
3624
3625 /* return a PHP control object */
3626 RETVAL_RES(zend_register_resource(ldap_res, le_result));
3627 } else {
3628 RETVAL_TRUE;
3629 }
3630
3631 cleanup:
3632 if (lserverctrls) {
3633 _php_ldap_controls_free(&lserverctrls);
3634 }
3635
3636 return;
3637 }
3638 /* }}} */
3639
3640 /* {{{ Modify the name of an entry */
PHP_FUNCTION(ldap_rename)3641 PHP_FUNCTION(ldap_rename)
3642 {
3643 php_ldap_do_rename(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
3644 }
3645 /* }}} */
3646
3647 /* {{{ Modify the name of an entry */
PHP_FUNCTION(ldap_rename_ext)3648 PHP_FUNCTION(ldap_rename_ext)
3649 {
3650 php_ldap_do_rename(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
3651 }
3652 /* }}} */
3653
3654 #ifdef HAVE_LDAP_START_TLS_S
3655 /* {{{ Start TLS */
PHP_FUNCTION(ldap_start_tls)3656 PHP_FUNCTION(ldap_start_tls)
3657 {
3658 zval *link;
3659 ldap_linkdata *ld;
3660 int rc, protocol = LDAP_VERSION3;
3661
3662 if (zend_parse_parameters(ZEND_NUM_ARGS(), "r", &link) != SUCCESS) {
3663 RETURN_THROWS();
3664 }
3665
3666 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
3667 RETURN_THROWS();
3668 }
3669
3670 if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &protocol)) != LDAP_SUCCESS) ||
3671 ((rc = ldap_start_tls_s(ld->link, NULL, NULL)) != LDAP_SUCCESS)
3672 ) {
3673 php_error_docref(NULL, E_WARNING,"Unable to start TLS: %s", ldap_err2string(rc));
3674 RETURN_FALSE;
3675 } else {
3676 RETURN_TRUE;
3677 }
3678 }
3679 /* }}} */
3680 #endif
3681 #endif /* (LDAP_API_VERSION > 2000) || defined(HAVE_ORALDAP) */
3682
3683 #if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
3684 /* {{{ _ldap_rebind_proc() */
_ldap_rebind_proc(LDAP * ldap,const char * url,ber_tag_t req,ber_int_t msgid,void * params)3685 int _ldap_rebind_proc(LDAP *ldap, const char *url, ber_tag_t req, ber_int_t msgid, void *params)
3686 {
3687 ldap_linkdata *ld;
3688 int retval;
3689 zval cb_args[2];
3690 zval cb_retval;
3691 zval *cb_link = (zval *) params;
3692
3693 ld = (ldap_linkdata *) zend_fetch_resource_ex(cb_link, "ldap link", le_link);
3694
3695 /* link exists and callback set? */
3696 if (ld == NULL || Z_ISUNDEF(ld->rebindproc)) {
3697 php_error_docref(NULL, E_WARNING, "Link not found or no callback set");
3698 return LDAP_OTHER;
3699 }
3700
3701 /* callback */
3702 ZVAL_COPY_VALUE(&cb_args[0], cb_link);
3703 ZVAL_STRING(&cb_args[1], url);
3704 if (call_user_function(EG(function_table), NULL, &ld->rebindproc, &cb_retval, 2, cb_args) == SUCCESS && !Z_ISUNDEF(cb_retval)) {
3705 retval = zval_get_long(&cb_retval);
3706 zval_ptr_dtor(&cb_retval);
3707 } else {
3708 php_error_docref(NULL, E_WARNING, "rebind_proc PHP callback failed");
3709 retval = LDAP_OTHER;
3710 }
3711 zval_ptr_dtor(&cb_args[1]);
3712 return retval;
3713 }
3714 /* }}} */
3715
3716 /* {{{ Set a callback function to do re-binds on referral chasing. */
PHP_FUNCTION(ldap_set_rebind_proc)3717 PHP_FUNCTION(ldap_set_rebind_proc)
3718 {
3719 zval *link;
3720 zend_fcall_info fci;
3721 zend_fcall_info_cache fcc;
3722 ldap_linkdata *ld;
3723
3724 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rf!", &link, &fci, &fcc) == FAILURE) {
3725 RETURN_THROWS();
3726 }
3727
3728 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
3729 RETURN_THROWS();
3730 }
3731
3732 if (!ZEND_FCI_INITIALIZED(fci)) {
3733 /* unregister rebind procedure */
3734 if (!Z_ISUNDEF(ld->rebindproc)) {
3735 zval_ptr_dtor(&ld->rebindproc);
3736 ZVAL_UNDEF(&ld->rebindproc);
3737 ldap_set_rebind_proc(ld->link, NULL, NULL);
3738 }
3739 RETURN_TRUE;
3740 }
3741
3742 /* register rebind procedure */
3743 if (Z_ISUNDEF(ld->rebindproc)) {
3744 ldap_set_rebind_proc(ld->link, _ldap_rebind_proc, (void *) link);
3745 } else {
3746 zval_ptr_dtor(&ld->rebindproc);
3747 }
3748
3749 ZVAL_COPY(&ld->rebindproc, &fci.function_name);
3750 RETURN_TRUE;
3751 }
3752 /* }}} */
3753 #endif
3754
php_ldap_do_escape(const zend_bool * map,const char * value,size_t valuelen,zend_long flags)3755 static zend_string* php_ldap_do_escape(const zend_bool *map, const char *value, size_t valuelen, zend_long flags)
3756 {
3757 char hex[] = "0123456789abcdef";
3758 size_t i, p = 0;
3759 size_t len = 0;
3760 zend_string *ret;
3761
3762 for (i = 0; i < valuelen; i++) {
3763 len += (map[(unsigned char) value[i]]) ? 3 : 1;
3764 }
3765 /* Per RFC 4514, a leading and trailing space must be escaped */
3766 if ((flags & PHP_LDAP_ESCAPE_DN) && (value[0] == ' ')) {
3767 len += 2;
3768 }
3769 if ((flags & PHP_LDAP_ESCAPE_DN) && ((valuelen > 1) && (value[valuelen - 1] == ' '))) {
3770 len += 2;
3771 }
3772
3773 ret = zend_string_alloc(len, 0);
3774
3775 for (i = 0; i < valuelen; i++) {
3776 unsigned char v = (unsigned char) value[i];
3777
3778 if (map[v] || ((flags & PHP_LDAP_ESCAPE_DN) && ((i == 0) || (i + 1 == valuelen)) && (v == ' '))) {
3779 ZSTR_VAL(ret)[p++] = '\\';
3780 ZSTR_VAL(ret)[p++] = hex[v >> 4];
3781 ZSTR_VAL(ret)[p++] = hex[v & 0x0f];
3782 } else {
3783 ZSTR_VAL(ret)[p++] = v;
3784 }
3785 }
3786
3787 ZSTR_VAL(ret)[p] = '\0';
3788 ZSTR_LEN(ret) = p;
3789 return ret;
3790 }
3791
php_ldap_escape_map_set_chars(zend_bool * map,const char * chars,const size_t charslen,char escape)3792 static void php_ldap_escape_map_set_chars(zend_bool *map, const char *chars, const size_t charslen, char escape)
3793 {
3794 size_t i = 0;
3795 while (i < charslen) {
3796 map[(unsigned char) chars[i++]] = escape;
3797 }
3798 }
3799
PHP_FUNCTION(ldap_escape)3800 PHP_FUNCTION(ldap_escape)
3801 {
3802 char *value, *ignores;
3803 size_t valuelen = 0, ignoreslen = 0;
3804 int i;
3805 zend_long flags = 0;
3806 zend_bool map[256] = {0}, havecharlist = 0;
3807
3808 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|sl", &value, &valuelen, &ignores, &ignoreslen, &flags) != SUCCESS) {
3809 RETURN_THROWS();
3810 }
3811
3812 if (!valuelen) {
3813 RETURN_EMPTY_STRING();
3814 }
3815
3816 if (flags & PHP_LDAP_ESCAPE_FILTER) {
3817 havecharlist = 1;
3818 php_ldap_escape_map_set_chars(map, "\\*()\0", sizeof("\\*()\0") - 1, 1);
3819 }
3820
3821 if (flags & PHP_LDAP_ESCAPE_DN) {
3822 havecharlist = 1;
3823 php_ldap_escape_map_set_chars(map, "\\,=+<>;\"#\r", sizeof("\\,=+<>;\"#\r") - 1, 1);
3824 }
3825
3826 if (!havecharlist) {
3827 for (i = 0; i < 256; i++) {
3828 map[i] = 1;
3829 }
3830 }
3831
3832 if (ignoreslen) {
3833 php_ldap_escape_map_set_chars(map, ignores, ignoreslen, 0);
3834 }
3835
3836 RETURN_NEW_STR(php_ldap_do_escape(map, value, valuelen, flags));
3837 }
3838
3839 #ifdef STR_TRANSLATION
3840 /* {{{ php_ldap_do_translate */
php_ldap_do_translate(INTERNAL_FUNCTION_PARAMETERS,int way)3841 static void php_ldap_do_translate(INTERNAL_FUNCTION_PARAMETERS, int way)
3842 {
3843 char *value;
3844 size_t value_len;
3845 int result;
3846
3847 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &value, &value_len) != SUCCESS) {
3848 RETURN_THROWS();
3849 }
3850
3851 if (value_len == 0) {
3852 RETURN_FALSE;
3853 }
3854
3855 if (way == 1) {
3856 result = ldap_8859_to_t61(&value, &value_len, 0);
3857 } else {
3858 result = ldap_t61_to_8859(&value, &value_len, 0);
3859 }
3860
3861 if (result == LDAP_SUCCESS) {
3862 RETVAL_STRINGL(value, value_len);
3863 free(value);
3864 } else {
3865 php_error_docref(NULL, E_WARNING, "Conversion from ISO-8859-1 to t61 failed: %s", ldap_err2string(result));
3866 RETVAL_FALSE;
3867 }
3868 }
3869 /* }}} */
3870
3871 /* {{{ Translate t61 characters to 8859 characters */
PHP_FUNCTION(ldap_t61_to_8859)3872 PHP_FUNCTION(ldap_t61_to_8859)
3873 {
3874 php_ldap_do_translate(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
3875 }
3876 /* }}} */
3877
3878 /* {{{ Translate 8859 characters to t61 characters */
PHP_FUNCTION(ldap_8859_to_t61)3879 PHP_FUNCTION(ldap_8859_to_t61)
3880 {
3881 php_ldap_do_translate(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
3882 }
3883 /* }}} */
3884 #endif
3885
3886 /* {{{ Extended operations, Pierangelo Masarati */
3887 #ifdef HAVE_LDAP_EXTENDED_OPERATION_S
3888 /* {{{ Extended operation */
PHP_FUNCTION(ldap_exop)3889 PHP_FUNCTION(ldap_exop)
3890 {
3891 zval *serverctrls = NULL;
3892 zval *link, *retdata = NULL, *retoid = NULL;
3893 char *lretoid = NULL;
3894 zend_string *reqoid, *reqdata = NULL;
3895 struct berval lreqdata, *lretdata = NULL;
3896 ldap_linkdata *ld;
3897 LDAPMessage *ldap_res;
3898 LDAPControl **lserverctrls = NULL;
3899 int rc, msgid;
3900
3901 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rS|S!a!zz", &link, &reqoid, &reqdata, &serverctrls, &retdata, &retoid) != SUCCESS) {
3902 RETURN_THROWS();
3903 }
3904
3905 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
3906 RETURN_THROWS();
3907 }
3908
3909 if (reqdata) {
3910 lreqdata.bv_val = ZSTR_VAL(reqdata);
3911 lreqdata.bv_len = ZSTR_LEN(reqdata);
3912 } else {
3913 lreqdata.bv_len = 0;
3914 }
3915
3916 if (serverctrls) {
3917 lserverctrls = _php_ldap_controls_from_array(ld->link, serverctrls, 4);
3918 if (lserverctrls == NULL) {
3919 RETVAL_FALSE;
3920 goto cleanup;
3921 }
3922 }
3923
3924 if (retdata) {
3925 /* synchronous call */
3926 rc = ldap_extended_operation_s(ld->link, ZSTR_VAL(reqoid),
3927 lreqdata.bv_len > 0 ? &lreqdata: NULL,
3928 lserverctrls,
3929 NULL,
3930 retoid ? &lretoid : NULL,
3931 &lretdata );
3932 if (rc != LDAP_SUCCESS ) {
3933 php_error_docref(NULL, E_WARNING, "Extended operation %s failed: %s (%d)", ZSTR_VAL(reqoid), ldap_err2string(rc), rc);
3934 RETVAL_FALSE;
3935 goto cleanup;
3936 }
3937
3938 if (retoid) {
3939 if (lretoid) {
3940 ZEND_TRY_ASSIGN_REF_STRING(retoid, lretoid);
3941 ldap_memfree(lretoid);
3942 } else {
3943 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retoid);
3944 }
3945 }
3946
3947 if (lretdata) {
3948 ZEND_TRY_ASSIGN_REF_STRINGL(retdata, lretdata->bv_val, lretdata->bv_len);
3949 ldap_memfree(lretdata->bv_val);
3950 ldap_memfree(lretdata);
3951 } else {
3952 ZEND_TRY_ASSIGN_REF_EMPTY_STRING(retdata);
3953 }
3954
3955 RETVAL_TRUE;
3956 goto cleanup;
3957 }
3958
3959 /* asynchronous call */
3960 rc = ldap_extended_operation(ld->link, ZSTR_VAL(reqoid),
3961 lreqdata.bv_len > 0 ? &lreqdata: NULL,
3962 lserverctrls,
3963 NULL,
3964 &msgid);
3965 if (rc != LDAP_SUCCESS ) {
3966 php_error_docref(NULL, E_WARNING, "Extended operation %s failed: %s (%d)", ZSTR_VAL(reqoid), ldap_err2string(rc), rc);
3967 RETVAL_FALSE;
3968 goto cleanup;
3969 }
3970
3971 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
3972 if (rc == -1) {
3973 php_error_docref(NULL, E_WARNING, "Extended operation %s failed", ZSTR_VAL(reqoid));
3974 RETVAL_FALSE;
3975 goto cleanup;
3976 }
3977
3978 /* return a PHP control object */
3979 RETVAL_RES(zend_register_resource(ldap_res, le_result));
3980
3981 cleanup:
3982 if (lserverctrls) {
3983 _php_ldap_controls_free(&lserverctrls);
3984 }
3985 }
3986 /* }}} */
3987 #endif
3988
3989 #ifdef HAVE_LDAP_PASSWD
3990 /* {{{ Passwd modify extended operation */
PHP_FUNCTION(ldap_exop_passwd)3991 PHP_FUNCTION(ldap_exop_passwd)
3992 {
3993 zval *link, *serverctrls;
3994 struct berval luser = { 0L, NULL };
3995 struct berval loldpw = { 0L, NULL };
3996 struct berval lnewpw = { 0L, NULL };
3997 struct berval lgenpasswd = { 0L, NULL };
3998 LDAPControl *ctrl, **lserverctrls = NULL, *requestctrls[2] = { NULL, NULL };
3999 LDAPMessage* ldap_res = NULL;
4000 ldap_linkdata *ld;
4001 int rc, myargcount = ZEND_NUM_ARGS(), msgid, err;
4002 char* errmsg = NULL;
4003
4004 if (zend_parse_parameters(myargcount, "r|sssz/", &link, &luser.bv_val, &luser.bv_len, &loldpw.bv_val, &loldpw.bv_len, &lnewpw.bv_val, &lnewpw.bv_len, &serverctrls) == FAILURE) {
4005 RETURN_THROWS();
4006 }
4007
4008 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
4009 RETURN_THROWS();
4010 }
4011
4012 switch (myargcount) {
4013 case 5:
4014 /* ldap_create_passwordpolicy_control() allocates ctrl */
4015 if (ldap_create_passwordpolicy_control(ld->link, &ctrl) == LDAP_SUCCESS) {
4016 requestctrls[0] = ctrl;
4017 }
4018 }
4019
4020 /* asynchronous call to get result and controls */
4021 rc = ldap_passwd(ld->link, &luser,
4022 loldpw.bv_len > 0 ? &loldpw : NULL,
4023 lnewpw.bv_len > 0 ? &lnewpw : NULL,
4024 requestctrls,
4025 NULL, &msgid);
4026
4027 if (requestctrls[0] != NULL) {
4028 ldap_control_free(requestctrls[0]);
4029 }
4030
4031 if (rc != LDAP_SUCCESS ) {
4032 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4033 RETVAL_FALSE;
4034 goto cleanup;
4035 }
4036
4037 rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
4038 if ((rc < 0) || !ldap_res) {
4039 rc = _get_lderrno(ld->link);
4040 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4041 RETVAL_FALSE;
4042 goto cleanup;
4043 }
4044
4045 rc = ldap_parse_passwd(ld->link, ldap_res, &lgenpasswd);
4046 if( rc != LDAP_SUCCESS ) {
4047 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4048 RETVAL_FALSE;
4049 goto cleanup;
4050 }
4051
4052 rc = ldap_parse_result(ld->link, ldap_res, &err, NULL, &errmsg, NULL, (myargcount > 4 ? &lserverctrls : NULL), 0);
4053 if( rc != LDAP_SUCCESS ) {
4054 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4055 RETVAL_FALSE;
4056 goto cleanup;
4057 }
4058
4059 if (myargcount > 4) {
4060 _php_ldap_controls_to_array(ld->link, lserverctrls, serverctrls, 0);
4061 }
4062
4063 /* return */
4064 if (lnewpw.bv_len == 0) {
4065 if (lgenpasswd.bv_len == 0) {
4066 RETVAL_EMPTY_STRING();
4067 } else {
4068 RETVAL_STRINGL(lgenpasswd.bv_val, lgenpasswd.bv_len);
4069 }
4070 } else if (err == LDAP_SUCCESS) {
4071 RETVAL_TRUE;
4072 } else {
4073 php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", (errmsg ? errmsg : ldap_err2string(err)), err);
4074 RETVAL_FALSE;
4075 }
4076
4077 cleanup:
4078 if (lgenpasswd.bv_val != NULL) {
4079 ldap_memfree(lgenpasswd.bv_val);
4080 }
4081 if (ldap_res != NULL) {
4082 ldap_msgfree(ldap_res);
4083 }
4084 if (errmsg != NULL) {
4085 ldap_memfree(errmsg);
4086 }
4087 }
4088 /* }}} */
4089 #endif
4090
4091 #ifdef HAVE_LDAP_WHOAMI_S
4092 /* {{{ Whoami extended operation */
PHP_FUNCTION(ldap_exop_whoami)4093 PHP_FUNCTION(ldap_exop_whoami)
4094 {
4095 zval *link;
4096 struct berval *lauthzid;
4097 ldap_linkdata *ld;
4098 int rc;
4099
4100 if (zend_parse_parameters(ZEND_NUM_ARGS(), "r", &link) == FAILURE) {
4101 RETURN_THROWS();
4102 }
4103
4104 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
4105 RETURN_THROWS();
4106 }
4107
4108 /* synchronous call */
4109 rc = ldap_whoami_s(ld->link, &lauthzid, NULL, NULL);
4110 if (rc != LDAP_SUCCESS ) {
4111 php_error_docref(NULL, E_WARNING, "Whoami extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4112 RETURN_FALSE;
4113 }
4114
4115 if (lauthzid == NULL) {
4116 RETVAL_EMPTY_STRING();
4117 } else {
4118 RETVAL_STRINGL(lauthzid->bv_val, lauthzid->bv_len);
4119 ldap_memfree(lauthzid->bv_val);
4120 ldap_memfree(lauthzid);
4121 }
4122 }
4123 /* }}} */
4124 #endif
4125
4126 #ifdef HAVE_LDAP_REFRESH_S
4127 /* {{{ DDS refresh extended operation */
PHP_FUNCTION(ldap_exop_refresh)4128 PHP_FUNCTION(ldap_exop_refresh)
4129 {
4130 zval *link;
4131 zend_long ttl;
4132 struct berval ldn;
4133 ber_int_t lttl;
4134 ber_int_t newttl;
4135 ldap_linkdata *ld;
4136 int rc;
4137
4138 if (zend_parse_parameters(ZEND_NUM_ARGS(), "rsl", &link, &ldn.bv_val, &ldn.bv_len, &ttl) != SUCCESS) {
4139 RETURN_THROWS();
4140 }
4141
4142 if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
4143 RETURN_THROWS();
4144 }
4145
4146 lttl = (ber_int_t) ttl;
4147
4148 rc = ldap_refresh_s(ld->link, &ldn, lttl, &newttl, NULL, NULL);
4149 if (rc != LDAP_SUCCESS ) {
4150 php_error_docref(NULL, E_WARNING, "Refresh extended operation failed: %s (%d)", ldap_err2string(rc), rc);
4151 RETURN_FALSE;
4152 }
4153
4154 RETURN_LONG(newttl);
4155 }
4156 /* }}} */
4157 #endif
4158
4159 zend_module_entry ldap_module_entry = { /* {{{ */
4160 STANDARD_MODULE_HEADER,
4161 "ldap",
4162 ext_functions,
4163 PHP_MINIT(ldap),
4164 PHP_MSHUTDOWN(ldap),
4165 NULL,
4166 NULL,
4167 PHP_MINFO(ldap),
4168 PHP_LDAP_VERSION,
4169 PHP_MODULE_GLOBALS(ldap),
4170 PHP_GINIT(ldap),
4171 NULL,
4172 NULL,
4173 STANDARD_MODULE_PROPERTIES_EX
4174 };
4175 /* }}} */
4176