diff options
Diffstat (limited to 'ext/ldap/ldap.c')
| -rw-r--r-- | ext/ldap/ldap.c | 365 | 
1 files changed, 365 insertions, 0 deletions
| diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c index 25d6fa1159..9d3a710b60 100644 --- a/ext/ldap/ldap.c +++ b/ext/ldap/ldap.c @@ -152,6 +152,15 @@ PHP_MINIT_FUNCTION(ldap)  	REGISTER_LONG_CONSTANT("LDAP_DEREF_FINDING", LDAP_DEREF_FINDING, CONST_PERSISTENT | CONST_CS);  	REGISTER_LONG_CONSTANT("LDAP_DEREF_ALWAYS", LDAP_DEREF_ALWAYS, CONST_PERSISTENT | CONST_CS); +	/* Constants to be used with ldap_modify_batch() */ +	REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_ADD", LDAP_MODIFY_BATCH_ADD, CONST_PERSISTENT | CONST_CS); +	REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REMOVE", LDAP_MODIFY_BATCH_REMOVE, CONST_PERSISTENT | CONST_CS); +	REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REMOVE_ALL", LDAP_MODIFY_BATCH_REMOVE_ALL, CONST_PERSISTENT | CONST_CS); +	REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REPLACE", LDAP_MODIFY_BATCH_REPLACE, CONST_PERSISTENT | CONST_CS); +	REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_ATTRIB", LDAP_MODIFY_BATCH_ATTRIB, CONST_PERSISTENT | CONST_CS); +	REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_MODTYPE", LDAP_MODIFY_BATCH_MODTYPE, CONST_PERSISTENT | CONST_CS); +	REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_VALUES", LDAP_MODIFY_BATCH_VALUES, CONST_PERSISTENT | CONST_CS); +  #if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP_10  	/* LDAP options */  	REGISTER_LONG_CONSTANT("LDAP_OPT_DEREF", LDAP_OPT_DEREF, CONST_PERSISTENT | CONST_CS); @@ -1432,6 +1441,355 @@ PHP_FUNCTION(ldap_delete)  }  /* }}} */ +/* {{{ _ldap_str_equal_to_const + */ +static int _ldap_str_equal_to_const(const char *str, uint str_len, const char *cstr) +{ +	int i; + +	if (strlen(cstr) != str_len) +		return 0; + +	for (i = 0; i < str_len; ++i) { +		if (str[i] != cstr[i]) { +			return 0; +		} +	} + +	return 1; +} +/* }}} */ + +/* {{{ _ldap_strlen_max + */ +static int _ldap_strlen_max(const char *str, uint max_len) +{ +	int i; + +	for (i = 0; i < max_len; ++i) { +		if (str[i] == '\0') { +			return i; +		} +	} + +	return max_len; +} +/* }}} */ + +/* {{{ _ldap_hash_fetch + */ +static void _ldap_hash_fetch(zval *hashTbl, const char *key, zval **out) +{ +	zval **fetched; +	if (zend_hash_find(Z_ARRVAL_P(hashTbl), key, strlen(key)+1, (void **) &fetched) == SUCCESS) { +		*out = *fetched; +	} +	else { +		*out = NULL; +	} +} +/* }}} */ + +/* {{{ proto bool ldap_modify_batch(resource link, string dn, array modifs) +   Perform multiple modifications as part of one operation */ +PHP_FUNCTION(ldap_modify_batch) +{ +	ldap_linkdata *ld; +	zval *link, *mods, *mod, *modinfo, *modval; +	zval *attrib, *modtype, *vals; +	zval **fetched; +	char *dn; +	int dn_len; +	int i, j, k; +	int num_mods, num_modprops, num_modvals; +	LDAPMod **ldap_mods; +	uint oper; + +	/* +	$mods = array( +		array( +			"attrib" => "unicodePwd", +			"modtype" => LDAP_MODIFY_BATCH_REMOVE, +			"values" => array($oldpw) +		), +		array( +			"attrib" => "unicodePwd", +			"modtype" => LDAP_MODIFY_BATCH_ADD, +			"values" => array($newpw) +		), +		array( +			"attrib" => "userPrincipalName", +			"modtype" => LDAP_MODIFY_BATCH_REPLACE, +			"values" => array("janitor@corp.contoso.com") +		), +		array( +			"attrib" => "userCert", +			"modtype" => LDAP_MODIFY_BATCH_REMOVE_ALL +		) +	); +	*/ + +	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsa", &link, &dn, &dn_len, &mods) != SUCCESS) { +		return; +	} + +	ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link); + +	/* perform validation */ +	{ +		char *modkey; +		uint modkeylen; +		long modtype; + +		/* to store the wrongly-typed keys */ +		ulong tmpUlong; + +		/* make sure the DN contains no NUL bytes */ +		if (_ldap_strlen_max(dn, dn_len) != dn_len) { +			php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN must not contain NUL bytes"); +			RETURN_FALSE; +		} + +		/* make sure the top level is a normal array */ +		zend_hash_internal_pointer_reset(Z_ARRVAL_P(mods)); +		if (zend_hash_get_current_key_type(Z_ARRVAL_P(mods)) != HASH_KEY_IS_LONG) { +			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Modifications array must not be string-indexed"); +			RETURN_FALSE; +		} + +		num_mods = zend_hash_num_elements(Z_ARRVAL_P(mods)); + +		for (i = 0; i < num_mods; i++) { +			/* is the numbering consecutive? */ +			if (zend_hash_index_find(Z_ARRVAL_P(mods), i, (void **) &fetched) != SUCCESS) { +				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Modifications array must have consecutive indices 0, 1, ..."); +				RETURN_FALSE; +			} +			mod = *fetched; + +			/* is it an array? */ +			if (Z_TYPE_P(mod) != IS_ARRAY) { +				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Each entry of modifications array must be an array itself"); +				RETURN_FALSE; +			} + +			/* for the modification hashtable... */ +			zend_hash_internal_pointer_reset(Z_ARRVAL_P(mod)); +			num_modprops = zend_hash_num_elements(Z_ARRVAL_P(mod)); + +			for (j = 0; j < num_modprops; j++) { +				/* are the keys strings? */ +				if (zend_hash_get_current_key_ex(Z_ARRVAL_P(mod), &modkey, &modkeylen, &tmpUlong, 0, NULL) != HASH_KEY_IS_STRING) { +					php_error_docref(NULL TSRMLS_CC, E_WARNING, "Each entry of modifications array must be string-indexed"); +					RETURN_FALSE; +				} + +				/* modkeylen includes the terminating NUL byte; remove that */ +				--modkeylen; + +				/* is this a valid entry? */ +				if ( +					!_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_ATTRIB) && +					!_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_MODTYPE) && +					!_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_VALUES) +				) { +					php_error_docref(NULL TSRMLS_CC, E_WARNING, "The only allowed keys in entries of the modifications array are '" LDAP_MODIFY_BATCH_ATTRIB "', '" LDAP_MODIFY_BATCH_MODTYPE "' and '" LDAP_MODIFY_BATCH_VALUES "'"); +					RETURN_FALSE; +				} + +				zend_hash_get_current_data(Z_ARRVAL_P(mod), (void **) &fetched); +				modinfo = *fetched; + +				/* does the value type match the key? */ +				if (_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_ATTRIB)) { +					if (Z_TYPE_P(modinfo) != IS_STRING) { +						php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_ATTRIB "' value must be a string"); +						RETURN_FALSE; +					} + +					if (Z_STRLEN_P(modinfo) != _ldap_strlen_max(Z_STRVAL_P(modinfo), Z_STRLEN_P(modinfo))) { +						php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_ATTRIB "' value must not contain NUL bytes"); +						RETURN_FALSE; +					} +				} +				else if (_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_MODTYPE)) { +					if (Z_TYPE_P(modinfo) != IS_LONG) { +						php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_MODTYPE "' value must be a long"); +						RETURN_FALSE; +					} + +					/* is the value in range? */ +					modtype = Z_LVAL_P(modinfo); +					if ( +						modtype != LDAP_MODIFY_BATCH_ADD && +						modtype != LDAP_MODIFY_BATCH_REMOVE && +						modtype != LDAP_MODIFY_BATCH_REPLACE && +						modtype != LDAP_MODIFY_BATCH_REMOVE_ALL +					) { +						php_error_docref(NULL TSRMLS_CC, E_WARNING, "The '" LDAP_MODIFY_BATCH_MODTYPE "' value must match one of the LDAP_MODIFY_BATCH_* constants"); +						RETURN_FALSE; +					} + +					/* if it's REMOVE_ALL, there must not be a values array; otherwise, there must */ +					if (modtype == LDAP_MODIFY_BATCH_REMOVE_ALL) { +						if (zend_hash_exists(Z_ARRVAL_P(mod), LDAP_MODIFY_BATCH_VALUES, strlen(LDAP_MODIFY_BATCH_VALUES) + 1)) { +							php_error_docref(NULL TSRMLS_CC, E_WARNING, "If '" LDAP_MODIFY_BATCH_MODTYPE "' is LDAP_MODIFY_BATCH_REMOVE_ALL, a '" LDAP_MODIFY_BATCH_VALUES "' array must not be provided"); +							RETURN_FALSE; +						} +					} +					else { +						if (!zend_hash_exists(Z_ARRVAL_P(mod), LDAP_MODIFY_BATCH_VALUES, strlen(LDAP_MODIFY_BATCH_VALUES) + 1)) { +							php_error_docref(NULL TSRMLS_CC, E_WARNING, "If '" LDAP_MODIFY_BATCH_MODTYPE "' is not LDAP_MODIFY_BATCH_REMOVE_ALL, a '" LDAP_MODIFY_BATCH_VALUES "' array must be provided"); +							RETURN_FALSE; +						} +					} +				} +				else if (_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_VALUES)) { +					if (Z_TYPE_P(modinfo) != IS_ARRAY) { +						php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_VALUES "' value must be an array"); +						RETURN_FALSE; +					} + +					/* is the array not empty? */ +					zend_hash_internal_pointer_reset(Z_ARRVAL_P(modinfo)); +					num_modvals = zend_hash_num_elements(Z_ARRVAL_P(modinfo)); +					if (num_modvals == 0) { +						php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_VALUES "' array must have at least one element"); +						RETURN_FALSE; +					} + +					/* are its keys integers? */ +					if (zend_hash_get_current_key_type(Z_ARRVAL_P(modinfo)) != HASH_KEY_IS_LONG) { +						php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_VALUES "' array must not be string-indexed"); +						RETURN_FALSE; +					} + +					/* are the keys consecutive? */ +					for (k = 0; k < num_modvals; k++) { +						if (zend_hash_index_find(Z_ARRVAL_P(modinfo), k, (void **) &fetched) != SUCCESS) { +							php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_VALUES "' array must have consecutive indices 0, 1, ..."); +							RETURN_FALSE; +						} +						modval = *fetched; + +						/* is the data element a string? */ +						if (Z_TYPE_P(modval) != IS_STRING) { +							php_error_docref(NULL TSRMLS_CC, E_WARNING, "Each element of a '" LDAP_MODIFY_BATCH_VALUES "' array must be a string"); +							RETURN_FALSE; +						} +					} +				} + +				zend_hash_move_forward(Z_ARRVAL_P(mod)); +			} +		} +	} +	/* validation was successful */ + +	/* allocate array of modifications */ +	ldap_mods = safe_emalloc((num_mods+1), sizeof(LDAPMod *), 0); + +	/* for each modification */ +	for (i = 0; i < num_mods; i++) { +		/* allocate the modification struct */ +		ldap_mods[i] = safe_emalloc(1, sizeof(LDAPMod), 0); + +		/* fetch the relevant data */ +		zend_hash_index_find(Z_ARRVAL_P(mods), i, (void **) &fetched); +		mod = *fetched; + +		_ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_ATTRIB, &attrib); +		_ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_MODTYPE, &modtype); +		_ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_VALUES, &vals); + +		/* map the modification type */ +		switch (Z_LVAL_P(modtype)) { +			case LDAP_MODIFY_BATCH_ADD: +				oper = LDAP_MOD_ADD; +				break; +			case LDAP_MODIFY_BATCH_REMOVE: +			case LDAP_MODIFY_BATCH_REMOVE_ALL: +				oper = LDAP_MOD_DELETE; +				break; +			case LDAP_MODIFY_BATCH_REPLACE: +				oper = LDAP_MOD_REPLACE; +				break; +			default: +				php_error_docref(NULL TSRMLS_CC, E_ERROR, "Unknown and uncaught modification type."); +				RETURN_FALSE; +		} + +		/* fill in the basic info */ +		ldap_mods[i]->mod_op = oper | LDAP_MOD_BVALUES; +		ldap_mods[i]->mod_type = estrndup(Z_STRVAL_P(attrib), Z_STRLEN_P(attrib)); + +		if (Z_LVAL_P(modtype) == LDAP_MODIFY_BATCH_REMOVE_ALL) { +			/* no values */ +			ldap_mods[i]->mod_bvalues = NULL; +		} +		else { +			/* allocate space for the values as part of this modification */ +			num_modvals = zend_hash_num_elements(Z_ARRVAL_P(vals)); +			ldap_mods[i]->mod_bvalues = safe_emalloc((num_modvals+1), sizeof(struct berval *), 0); + +			/* for each value */ +			for (j = 0; j < num_modvals; j++) { +				/* fetch it */ +				zend_hash_index_find(Z_ARRVAL_P(vals), j, (void **) &fetched); +				modval = *fetched; + +				/* allocate the data struct */ +				ldap_mods[i]->mod_bvalues[j] = safe_emalloc(1, sizeof(struct berval), 0); + +				/* fill it */ +				ldap_mods[i]->mod_bvalues[j]->bv_len = Z_STRLEN_P(modval); +				ldap_mods[i]->mod_bvalues[j]->bv_val = estrndup(Z_STRVAL_P(modval), Z_STRLEN_P(modval)); +			} + +			/* NULL-terminate values */ +			ldap_mods[i]->mod_bvalues[num_modvals] = NULL; +		} +	} + +	/* NULL-terminate modifications */ +	ldap_mods[num_mods] = NULL; + +	/* perform (finally) */ +	if ((i = ldap_modify_ext_s(ld->link, dn, ldap_mods, NULL, NULL)) != LDAP_SUCCESS) { +		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Batch Modify: %s", ldap_err2string(i)); +		RETVAL_FALSE; +	} else RETVAL_TRUE; + +	/* clean up */ +	{ +		for (i = 0; i < num_mods; i++) { +			/* attribute */ +			efree(ldap_mods[i]->mod_type); + +			if (ldap_mods[i]->mod_bvalues != NULL) { +				/* each BER value */ +				for (j = 0; ldap_mods[i]->mod_bvalues[j] != NULL; j++) { +					/* free the data bytes */ +					efree(ldap_mods[i]->mod_bvalues[j]->bv_val); + +					/* free the bvalue struct */ +					efree(ldap_mods[i]->mod_bvalues[j]); +				} + +				/* the BER value array */ +				efree(ldap_mods[i]->mod_bvalues); +			} + +			/* the modification */ +			efree(ldap_mods[i]); +		} + +		/* the modifications array */ +		efree(ldap_mods); +	} +} +/* }}} */ +  /* {{{ proto int ldap_errno(resource link)     Get the current ldap error number */  PHP_FUNCTION(ldap_errno) @@ -2516,6 +2874,12 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_modify, 0, 0, 3)  	ZEND_ARG_INFO(0, entry)  ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_modify_batch, 0, 0, 3) +	ZEND_ARG_INFO(0, link_identifier) +	ZEND_ARG_INFO(0, dn) +	ZEND_ARG_ARRAY_INFO(0, modifications_info, 0) +ZEND_END_ARG_INFO() +  ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_mod_add, 0, 0, 3)  	ZEND_ARG_INFO(0, link_identifier)  	ZEND_ARG_INFO(0, dn) @@ -2669,6 +3033,7 @@ const zend_function_entry ldap_functions[] = {  	PHP_FE(ldap_dn2ufn,									arginfo_ldap_dn2ufn)  	PHP_FE(ldap_add,									arginfo_ldap_add)  	PHP_FE(ldap_delete,									arginfo_ldap_delete) +	PHP_FE(ldap_modify_batch,							arginfo_ldap_modify_batch)  	PHP_FALIAS(ldap_modify,		ldap_mod_replace,		arginfo_ldap_modify)  /* additional functions for attribute based modifications, Gerrit Thomson */ | 
