|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-09-14 01:00 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 14:01:32 2024 UTC |
Description: ------------ For whatever reason, the php4 and php5 from FreeBSD ports refuses to properly configure SSL/TLS support for the LDAP module. This breaks the TLS/SSL functionality in net/phpldapadmin and sysutils/ldap-account-manager (CC'ing maintainers) I've got two current i386/RELENG_5_3 boxes. Both with Apache apache-2.0.54_2 and openldap-client-2.2.27. The ldap client binaries are linked to SSL fine and can talk both ldaps:// and Start_TLS over ldap://. That's out of the question. One with php4-4.4.0, one with php5-5.0.3_2 (see below). Both have the LDAP and SSL php extension modules installed: $ egrep -i "ldap|ssl" /usr/local/etc/php/extensions.ini extension=openssl.so extension=ldap.so # ldd /usr/local/lib/php/20020429/ldap.so /usr/local/lib/php/20020429/ldap.so: libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x28174000) liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x281a7000) libcrypto.so.3 => /lib/libcrypto.so.3 (0x281b4000) libssl.so.3 => /usr/lib/libssl.so.3 (0x282c8000) The php5 box is as well: $ ldd /usr/local/lib/php/20041030/ldap.so /usr/local/lib/php/20041030/ldap.so: libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x28173000) liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x281a6000) libcrypto.so.3 => /lib/libcrypto.so.3 (0x281b3000) libssl.so.3 => /usr/lib/libssl.so.3 (0x282c7000) The problem is that ldap_start_tls() is an unregistered/invalid function. When i run the functions.php at http://www.sitepoint.com/article/php-command-line-2 ldap_start_tls() isn't listed on either machine (see below). # pkg_info |grep -i php libmcrypt-2.5.7_1 Multi-cipher cryptographic library (used in PHP) pear-XML_RPC-1.4.0 PHP implementation of the XML-RPC protocol php4-4.4.0 PHP Scripting Language (Apache Module and CLI) php4-ctype-4.4.0 The ctype shared extension for php php4-dba-4.4.0 The dba shared extension for php php4-extensions-1.0 A "meta-port" to install PHP extensions php4-gettext-4.4.0 The gettext shared extension for php php4-ldap-4.4.0 The ldap shared extension for php php4-mcrypt-4.4.0 The mcrypt shared extension for php php4-mysql-4.4.0 The mysql shared extension for php php4-openssl-4.4.0 The openssl shared extension for php php4-overload-4.4.0 The overload shared extension for php php4-pcre-4.4.0 The pcre shared extension for php php4-pear-4.4.0 PEAR framework for PHP php4-pgsql-4.4.0 The pgsql shared extension for php php4-posix-4.4.0 The posix shared extension for php php4-session-4.4.0 The session shared extension for php php4-tokenizer-4.4.0 The tokenizer shared extension for php php4-xml-4.4.0 The xml shared extension for php php4-zlib-4.4.0 The zlib shared extension for php phpldapadmin-0.9.7.a6,1 A set of PHP-scripts to administer LDAP servers $ pkg_info |grep -i php5 php5-5.0.4_1 PHP Scripting Language (Apache Module and CLI) php5-bz2-5.0.3_2 The bz2 shared extension for php php5-calendar-5.0.3_2 The calendar shared extension for php php5-ctype-5.0.3_2 The ctype shared extension for php php5-curl-5.0.4_2 The curl shared extension for php php5-dom-5.0.3_2 The dom shared extension for php php5-exif-5.0.3_2 The exif shared extension for php php5-extensions-1.0 A "meta-port" to install PHP extensions php5-ftp-5.0.3_2 The ftp shared extension for php php5-gd-5.0.3_2 The gd shared extension for php php5-gettext-5.0.3_2 The gettext shared extension for php php5-iconv-5.0.3_2 The iconv shared extension for php php5-imap-5.0.3_2 The imap shared extension for php php5-ldap-5.0.4_2 The ldap shared extension for php php5-mcrypt-5.0.3_2 The mcrypt shared extension for php php5-mhash-5.0.3_2 The mhash shared extension for php php5-mysql-5.0.3_2 The mysql shared extension for php php5-odbc-5.0.4_2 The odbc shared extension for php php5-openssl-5.0.3_2 The openssl shared extension for php php5-pcre-5.0.3_2 The pcre shared extension for php php5-pear-5.0.3_2 PEAR framework for PHP php5-pgsql-5.0.3_2 The pgsql shared extension for php php5-posix-5.0.3_2 The posix shared extension for php php5-session-5.0.3_2 The session shared extension for php php5-simplexml-5.0.3_2 The simplexml shared extension for php php5-soap-5.0.3_2 The soap shared extension for php php5-sqlite-5.0.3_2 The sqlite shared extension for php php5-sysvmsg-5.0.3_2 The sysvmsg shared extension for php php5-sysvsem-5.0.3_2 The sysvsem shared extension for php php5-sysvshm-5.0.3_2 The sysvshm shared extension for php php5-tokenizer-5.0.3_2 The tokenizer shared extension for php php5-xml-5.0.3_2 The xml shared extension for php php5-zlib-5.0.3_2 The zlib shared extension for php php4box# php public_html/functions.php -e ldap ldap_connect ldap_close ldap_bind ldap_unbind ldap_read ldap_list ldap_search ldap_free_result ldap_count_entries ldap_first_entry ldap_next_entry ldap_get_entries ldap_first_attribute ldap_next_attribute ldap_get_attributes ldap_get_values ldap_get_values_len ldap_get_dn ldap_explode_dn ldap_dn2ufn ldap_add ldap_delete ldap_modify ldap_mod_add ldap_mod_replace ldap_mod_del ldap_errno ldap_err2str ldap_error ldap_compare ldap_sort ldap_rename ldap_get_option ldap_set_option ldap_first_reference ldap_next_reference ldap_set_rebind_proc php5 box$ php functions.php -e ldap ldap_connect ldap_close ldap_bind ldap_unbind ldap_read ldap_list ldap_search ldap_free_result ldap_count_entries ldap_first_entry ldap_next_entry ldap_get_entries ldap_first_attribute ldap_next_attribute ldap_get_attributes ldap_get_values ldap_get_values_len ldap_get_dn ldap_explode_dn ldap_dn2ufn ldap_add ldap_delete ldap_modify ldap_mod_add ldap_mod_replace ldap_mod_del ldap_errno ldap_err2str ldap_error ldap_compare ldap_sort ldap_get_option ldap_set_option ldap_parse_result ldap_first_reference ldap_next_reference ldap_rename ldap_set_rebind_proc Reproduce code: --------------- I traced it down: in /usr/ports/net/php5-ldap/work/php-5.0.4/ext/ldap/configure -> conftest -> ldap_start_tls_s(); ldap_start_tls_s return false -> ac_cv_func_ldap_start_tls_s=no in config.log config.log -> ldap.h -> #undef HAVE_LDAP_START_TLS_S config.c -> HAVE_LDAP_START_TLS_S -> PHP_FE(ldap_start_tls, NULL) ...therefore ldap_start_tls isn't registered. The question is why the conftest.c in GNU autoconf is failing with: configure:5048: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5 /var/tmp//cc63HySI.o(.text+0x12): In function `main': : undefined reference to `ldap_start_tls_s' ...Which is odd since: php4$ grep -ir ldap_start_tls_s lib/* Binary file lib/libldap-2.2.so matches Binary file lib/libldap-2.2.so.7 matches Binary file lib/libldap.a matches Binary file lib/libldap.so matches Binary file lib/libldap_r-2.2.so matches Binary file lib/libldap_r-2.2.so.7 matches Binary file lib/libldap_r.a matches Binary file lib/libldap_r.so matches Binary file lib/pam_ldap.so matches php4$ grep -ir ldap_start_tls_s include/* include/ldap.h:ldap_start_tls_s LDAP_P(( include/php/main/php_config.h:/* Define if you have the ldap_start_tls_s function. */ include/php/main/php_config.h:/* #undef HAVE_LDAP_START_TLS_S */ $ nm lib/libldap-2.2.so.7|grep -i start_tls 0002b770 T ldap_start_tls_s and... php5$ grep -ir ldap_start_tls_s lib/* Binary file lib/libldap-2.2.so matches Binary file lib/libldap-2.2.so.7 matches Binary file lib/libldap.a matches Binary file lib/libldap.so matches Binary file lib/libldap_r-2.2.so matches Binary file lib/libldap_r-2.2.so.7 matches Binary file lib/libldap_r.a matches Binary file lib/libldap_r.so matches php5$ grep -ir ldap_start_tls_s include/* include/ldap.h:ldap_start_tls_s LDAP_P(( include/php/main/php_config.h:/* Define if you have the ldap_start_tls_s function. */ include/php/main/php_config.h:/* #undef HAVE_LDAP_START_TLS_S */ $ nm lib/libldap-2.2.so.7|grep -i start_tls 0002b770 T ldap_start_tls_s ..from 'make configure' in ports/net/php5-ldap/ checking for LDAP support... yes, shared checking for LDAP Cyrus SASL support... no checking for 3 arg ldap_set_rebind_proc... yes checking for ldap_parse_reference... no checking for ldap_start_tls_s... no checking for ldap_bind_s... yes ...from config.log: configure:5048: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5 /var/tmp//cc63HySI.o(.text+0x12): In function `main': : undefined reference to `ldap_start_tls_s' configure:5051: $? = 1 configure: failed program was: Expected result: ---------------- ... Actual result: -------------- I don't dable in GNU Autoconf, and I recommend everyine else do the same, but if someone actually wants to fix the autoconf ascpet of this so that a Patch on the Free/NetBSD side isn't required forever, then god speed. My temporary solution is: 1) cd /usr/{ports,pkgsrc}/{net/php5-ldap,databases/php-ldap} on {Free,Net}BSD respectively 2) sudo make configure 3) sudo vim On FreeBSD work/php-5.0.4/ext/ldap/config.h or.. work/php-4.4.0/ext/ldap/config.h on NetBSD: work/php-5.0.4/ext/ldap/config.h 4) Change: /* Define to 1 if you have the `ldap_start_tls_s' function. */ /* #undef HAVE_LDAP_START_TLS_S */ To: #define HAVE_LDAP_START_TLS_S 1 5) sudo make install 6) carry on pretending that your employee data is secure $ cat ~/public_html/testtls.php <? if (function_exists('ldap_start_tls')) echo "I see it!\n"; ?> [0] seklecki@blah:/$ php ~/public_html/testtls.php I see it! 7) ...sit around on your day off and try to determine how the following piece of code from configure.sh was [ever] supposed to determine if ldap_start_tls_s() was a valid function w/o including arguments -I/usr/local/include, -L/usr/local/lib to gcc(1) or #including ldap.h or lber.h, and wonder who is responsible >:} *cough* http://chora.php.net/diff.php/php-src/ext/ldap/config.m4?php=3c934ff67902f7c5ce419c901b82c77e&r 1=1.23&r2=1.24&ty=h&num=10 *cough* ... 8-) ...i dunno, maybe it "just works(r)" on Linux >:}