Patch replaced-calls-to-deprecated-openldap-functions for LDAP related Bug #69471

Patch version 2015-04-16 17:06 UTC

• 2015-04-16 17:06 UTC [diff to current]

Developer: come.bernigaud@laposte.net

From bfdfe07d800ce95a5fd048a2f1ae504aea3d5191 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Bernigaud?= <come.bernigaud@opensides.be>
Date: Thu, 16 Apr 2015 17:11:38 +0200
Subject: [PATCH] Replaced calls to deprecated openldap functions

ldap_unbind_s   -> ldap_unbind_ext
389             -> LDAP_PORT
ldap_init       -> ldap_initialize
ldap_bind_s     -> ldap_sasl_bind_s
ldap_value_free -> ber_memvfree
Also added ldap_is_ldap_url check
---
 ext/ldap/ldap.c |   70 +++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 60 insertions(+), 10 deletions(-)

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index f9e41ff..e8e76fa 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -96,13 +96,21 @@ static void _close_ldap_link(zend_rsrc_list_entry *rsrc TSRMLS_DC) /* {{{ */
 {
 	ldap_linkdata *ld = (ldap_linkdata *)rsrc->ptr;
 
-	ldap_unbind_s(ld->link);
-#if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
+	/* ldap_unbind_s() is deprecated;
+	 * the distinction between ldap_unbind() and ldap_unbind_s() is moot */
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+	ldap_unbind_ext(ld->link, NULL, NULL);
+#ifdef HAVE_3ARG_SETREBINDPROC
+
 	if (ld->rebindproc != NULL) {
 		zval_dtor(ld->rebindproc);
 		FREE_ZVAL(ld->rebindproc);
 	}
 #endif
+#else /* ! LDAP_API_FEATURE_X_OPENLDAP */
+	ldap_unbind_s(ld->link);
+#endif /* ! LDAP_API_FEATURE_X_OPENLDAP */
+
 	efree(ld);
 	LDAPG(num_links)--;
 }
@@ -298,7 +306,13 @@ PHP_FUNCTION(ldap_connect)
 {
 	char *host = NULL;
 	int hostlen;
-	long port = 389; /* Default port */
+	long port =
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+	LDAP_PORT
+#else /* ! LDAP_API_FEATURE_X_OPENLDAP */
+	389 /* Default port */
+#endif /* ! LDAP_API_FEATURE_X_OPENLDAP */
+	;
 #ifdef HAVE_ORALDAP
 	char *wallet = NULL, *walletpasswd = NULL;
 	int walletlen = 0, walletpasswdlen = 0;
@@ -334,21 +348,38 @@ PHP_FUNCTION(ldap_connect)
 	ld = ecalloc(1, sizeof(ldap_linkdata));
 
 #ifdef LDAP_API_FEATURE_X_OPENLDAP
-	if (host != NULL && strchr(host, '/')) {
+	/* OpenLDAP provides a specific call to detect valid LDAP URIs;
+	 * ldap_init()/ldap_open() is deprecated, use ldap_initialize() instead.
+	 */
+	{
 		int rc;
+		char	*url = host;
+		if (!ldap_is_ldap_url(url)) {
+			int	urllen = hostlen + sizeof( "ldap://:65535" );
+
+			if (port <= 0 || port > 65535) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "invalid port number: %ld", port);
+				RETURN_FALSE;
+			}
+
+			url = emalloc(urllen);
+			snprintf( url, urllen, "ldap://%s:%d", host ? host : "", port );
+		}
 		
-		rc = ldap_initialize(&ldap, host);
+		rc = ldap_initialize(&ldap, url);
 		if (rc != LDAP_SUCCESS) {
 			efree(ld);
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not create session handle: %s", ldap_err2string(rc));
 			RETURN_FALSE;
 		}
-	} else {
-		ldap = ldap_init(host, port);
+
+		if (url != host) {
+			efree(url);
+		}
 	}
-#else
+#else /* ! LDAP_API_FEATURE_X_OPENLDAP */
 	ldap = ldap_open(host, port);
-#endif
+#endif /* ! LDAP_API_FEATURE_X_OPENLDAP */
 	
 	if (ldap == NULL) {
 		efree(ld);
@@ -436,7 +467,21 @@ PHP_FUNCTION(ldap_bind)
 		RETURN_FALSE;
 	}
 
-	if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+	{
+		struct berval   cred;
+
+		/* ldap_bind_s() is deprecated; use ldap_sasl_bind_s() instead */
+		cred.bv_val = ldap_bind_pw;
+		cred.bv_len = ldap_bind_pw ? ldap_bind_pwlen : 0;
+		rc = ldap_sasl_bind_s(ld->link, ldap_bind_dn, LDAP_SASL_SIMPLE, &cred,
+				NULL, NULL,     /* no controls right now */
+				NULL);	  /* we don't care about the server's credentials */
+	}
+#else
+	rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE);
+#endif
+	if ( rc != LDAP_SUCCESS) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to bind to server: %s", ldap_err2string(rc));
 		RETURN_FALSE;
 	} else {
@@ -1266,7 +1311,12 @@ PHP_FUNCTION(ldap_explode_dn)
 		add_index_string(return_value, i, ldap_value[i], 1);
 	}
 
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+	/* ldap_value_free() is deprecated */
+	ber_memvfree((void **)ldap_value);
+#else /* ! LDAP_API_FEATURE_X_OPENLDAP */
 	ldap_value_free(ldap_value);
+#endif /* ! LDAP_API_FEATURE_X_OPENLDAP */
 }
 /* }}} */
 
-- 
1.7.10.4