PageRenderTime 230ms CodeModel.GetById 16ms RepoModel.GetById 1ms app.codeStats 0ms

/hphp/runtime/ext/ext_ldap.cpp

http://github.com/facebook/hiphop-php
C++ | 1250 lines | 1029 code | 159 blank | 62 comment | 196 complexity | f88268ca39c84b281f5b58139a890885 MD5 | raw file
Possible License(s): LGPL-2.1, BSD-2-Clause, BSD-3-Clause, MPL-2.0-no-copyleft-exception, MIT, LGPL-2.0, Apache-2.0 
    

  1. /*
    2. 

  2.    +----------------------------------------------------------------------+
    3. 

  3.    | HipHop for PHP                                                       |
    4. 

  4.    +----------------------------------------------------------------------+
    5. 

  5.    | Copyright (c) 2010-2013 Facebook, Inc. (http://www.facebook.com)     |
    6. 

  6.    | Copyright (c) 1997-2010 The PHP Group                                |
    7. 

  7.    +----------------------------------------------------------------------+
    8. 

  8.    | This source file is subject to version 3.01 of the PHP license,      |
    9. 

  9.    | that is bundled with this package in the file LICENSE, and is        |
    10. 

  10.    | available through the world-wide-web at the following url:           |
    11. 

  11.    | http://www.php.net/license/3_01.txt                                  |
    12. 

  12.    | If you did not receive a copy of the PHP license and are unable to   |
    13. 

  13.    | obtain it through the world-wide-web, please send a note to          |
    14. 

  14.    | license@php.net so we can mail you a copy immediately.               |
    15. 

  15.    +----------------------------------------------------------------------+
    16. 

  16. */
    17. 

  17. 

  18. #include "hphp/runtime/ext/ext_ldap.h"
    19. 

  19. #include "hphp/runtime/ext/ext_function.h"
    20. 

  20. #include "hphp/runtime/base/builtin-functions.h"
    21. 

  21. #include "hphp/util/thread-local.h"
    22. 

  22. #include "folly/String.h"
    23. 

  23. #include <lber.h>
    24. 

  24. 

  25. #define LDAP_DEPRECATED 1
    26. 

  26. #include <ldap.h>
    27. 

  27. 

  28. #define PHP_LD_FULL_ADD 0xff
    29. 

  29. 

  30. namespace HPHP {
    31. 

  31. IMPLEMENT_DEFAULT_EXTENSION(ldap);
    32. 

  32. ///////////////////////////////////////////////////////////////////////////////
    33. 

  33. 

  34. class LdapRequestData {
    35. 

  35. public:
    36. 

  36.   LdapRequestData() : m_num_links(0), m_max_links(-1) {
    37. 

  37.   }
    38. 

  38. 

  39.   long m_num_links;
    40. 

  40.   long m_max_links;
    41. 

  41. };
    42. 

  42. static IMPLEMENT_THREAD_LOCAL(LdapRequestData, s_ldap_data);
    43. 

  43. #define LDAPG(name) s_ldap_data->m_ ## name
    44. 

  44. 

  45. class LdapLink : public SweepableResourceData {
    46. 

  46. public:
    47. 

  47.   DECLARE_RESOURCE_ALLOCATION(LdapLink)
    48. 

  48. 

  49.   LdapLink() : link(NULL) {}
    50. 

  50.   ~LdapLink() { close();}
    51. 

  51. 

  52.   void close() {
    53. 

  53.     if (link) {
    54. 

  54.       ldap_unbind_s(link);
    55. 

  55.       link = NULL;
    56. 

  56.       LDAPG(num_links)--;
    57. 

  57.     }
    58. 

  58.     rebindproc.reset();
    59. 

  59.   }
    60. 

  60. 

  61.   CLASSNAME_IS("ldap link");
    62. 

  62.   // overriding ResourceData
    63. 

  63.   virtual const String& o_getClassNameHook() const { return classnameof(); }
    64. 

  64. 

  65.   LDAP *link;
    66. 

  66.   Variant rebindproc;
    67. 

  67. };
    68. 

  68. IMPLEMENT_OBJECT_ALLOCATION(LdapLink)
    69. 

  69. 

  70. class LdapResult : public SweepableResourceData {
    71. 

  71. public:
    72. 

  72.   DECLARE_RESOURCE_ALLOCATION(LdapResult)
    73. 

  73. 

  74.   LdapResult(LDAPMessage *res) : data(res) {}
    75. 

  75.   ~LdapResult() { close();}
    76. 

  76. 

  77.   void close() {
    78. 

  78.     if (data) {
    79. 

  79.       ldap_msgfree(data);
    80. 

  80.       data = NULL;
    81. 

  81.     }
    82. 

  82.   }
    83. 

  83. 

  84.   CLASSNAME_IS("ldap result");
    85. 

  85.   // overriding ResourceData
    86. 

  86.   virtual const String& o_getClassNameHook() const { return classnameof();}
    87. 

  87. 

  88.   LDAPMessage *data;
    89. 

  89. };
    90. 

  90. IMPLEMENT_OBJECT_ALLOCATION(LdapResult)
    91. 

  91. 

  92. class LdapResultEntry : public SweepableResourceData {
    93. 

  93. public:
    94. 

  94.   DECLARE_RESOURCE_ALLOCATION(LdapResultEntry)
    95. 

  95. 

  96.   LdapResultEntry(LDAPMessage *entry, ResourceData *res)
    97. 

  97.     : data(entry), ber(NULL), result(res) {}
    98. 

  98.   ~LdapResultEntry() { close();}
    99. 

  99. 

  100.   void close() {
    101. 

  101.     if (ber != NULL) {
    102. 

  102.       ber_free(ber, 0);
    103. 

  103.       ber = NULL;
    104. 

  104.     }
    105. 

  105.     data = NULL;
    106. 

  106.   }
    107. 

  107. 

  108.   CLASSNAME_IS("ldap result entry");
    109. 

  109.   // overriding ResourceData
    110. 

  110.   virtual const String& o_getClassNameHook() const { return classnameof(); }
    111. 

  111. 

  112.   LDAPMessage *data;
    113. 

  113.   BerElement *ber;
    114. 

  114.   Resource result; // Reference to LdapResult to avoid premature deallocation
    115. 

  115. };
    116. 

  116. 

  117. void LdapResultEntry::sweep() {
    118. 

  118.   close();
    119. 

  119. }
    120. 

  120. 

  121. ///////////////////////////////////////////////////////////////////////////////
    122. 

  122. 

  123. static int _get_lderrno(LDAP *ldap) {
    124. 

  124.   int lderr;
    125. 

  125.   ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &lderr);
    126. 

  126.   return lderr;
    127. 

  127. }
    128. 

  128. 

  129. static bool php_ldap_do_modify(CResRef link, const String& dn, CArrRef entry,
    130. 

  130.                                int oper) {
    131. 

  131.   bool is_full_add = false; /* flag for full add operation so ldap_mod_add
    132. 

  132.                                can be put back into oper, gerrit THomson */
    133. 

  133. 

  134.   LdapLink *ld = link.getTyped<LdapLink>();
    135. 

  135. 

  136.   int num_attribs = entry.size();
    137. 

  137.   LDAPMod **ldap_mods =
    138. 

  138.     (LDAPMod **)malloc((num_attribs+1) * sizeof(LDAPMod *));
    139. 

  139.   int *num_berval = (int*)malloc(num_attribs * sizeof(int));
    140. 

  140. 

  141.   ArrayIter iter(entry);
    142. 

  142.   int num_values;
    143. 

  143. 

  144.   /* added by gerrit thomson to fix ldap_add using ldap_mod_add */
    145. 

  145.   if (oper == PHP_LD_FULL_ADD) {
    146. 

  146.     oper = LDAP_MOD_ADD;
    147. 

  147.     is_full_add = true;
    148. 

  148.   }
    149. 

  149.   /* end additional , gerrit thomson */
    150. 

  150. 

  151.   bool ret = false;
    152. 

  152.   Array stringHolder;
    153. 

  153.   for (int i = 0; i < num_attribs; i++) {
    154. 

  154.     ldap_mods[i] = (LDAPMod*)malloc(sizeof(LDAPMod));
    155. 

  155.     ldap_mods[i]->mod_op = oper | LDAP_MOD_BVALUES;
    156. 

  156.     ldap_mods[i]->mod_type = NULL;
    157. 

  157. 

  158.     Variant key = iter.first();
    159. 

  159.     Variant value = iter.second();
    160. 

  160.     if (key.isString()) {
    161. 

  161.       ldap_mods[i]->mod_type = strdup(key.toString().data());
    162. 

  162.     } else {
    163. 

  163.       raise_warning("Unknown attribute in the data");
    164. 

  164.       /* Free allocated memory */
    165. 

  165.       while (i >= 0) {
    166. 

  166.         if (ldap_mods[i]->mod_type) {
    167. 

  167.           free(ldap_mods[i]->mod_type);
    168. 

  168.         }
    169. 

  169.         free(ldap_mods[i]);
    170. 

  170.         i--;
    171. 

  171.       }
    172. 

  172.       free(num_berval);
    173. 

  173.       free(ldap_mods);
    174. 

  174.       return false;
    175. 

  175.     }
    176. 

  176. 

  177.     if (!value.isArray()) {
    178. 

  178.       num_values = 1;
    179. 

  179.     } else {
    180. 

  180.       num_values = value.toArray().size();
    181. 

  181.     }
    182. 

  182. 

  183.     num_berval[i] = num_values;
    184. 

  184.     ldap_mods[i]->mod_bvalues =
    185. 

  185.       (struct berval**)malloc((num_values + 1) * sizeof(struct berval *));
    186. 

  186. 

  187.     /* allow for arrays with one element, no allowance for arrays with
    188. 

  188.        none but probably not required, gerrit thomson. */
    189. 

  189.     if (num_values == 1 && !value.isArray()) {
    190. 

  190.       String svalue = value.toString();
    191. 

  191.       stringHolder.append(svalue);
    192. 

  192.       ldap_mods[i]->mod_bvalues[0] = (berval *)malloc(sizeof(struct berval));
    193. 

  193.       ldap_mods[i]->mod_bvalues[0]->bv_len = svalue.size();
    194. 

  194.       ldap_mods[i]->mod_bvalues[0]->bv_val = (char*)svalue.data();
    195. 

  195.     } else {
    196. 

  196.       Array arr = value.toArray();
    197. 

  197.       for (int j = 0; j < num_values; j++) {
    198. 

  198.         if (!arr.exists(j)) {
    199. 

  199.           raise_warning("Value array must have consecutive indices 0, 1, ...");
    200. 

  200.           num_berval[i] = j;
    201. 

  201.           num_attribs = i + 1;
    202. 

  202.           goto errexit;
    203. 

  203.         }
    204. 

  204.         String ivalue = arr[j].toString();
    205. 

  205.         ldap_mods[i]->mod_bvalues[j] = (berval *)malloc(sizeof(struct berval));
    206. 

  206.         ldap_mods[i]->mod_bvalues[j]->bv_len = ivalue.size();
    207. 

  207.         ldap_mods[i]->mod_bvalues[j]->bv_val = (char*)ivalue.data();
    208. 

  208.       }
    209. 

  209.     }
    210. 

  210.     ldap_mods[i]->mod_bvalues[num_values] = NULL;
    211. 

  211.     ++iter;
    212. 

  212.   }
    213. 

  213.   ldap_mods[num_attribs] = NULL;
    214. 

  214. 

  215.   /* check flag to see if do_mod was called to perform full add,
    216. 

  216.      gerrit thomson */
    217. 

  217.   int rc;
    218. 

  218.   if (is_full_add) {
    219. 

  219.     if ((rc = ldap_add_s(ld->link, (char*)dn.data(), ldap_mods))
    220. 

  220.         != LDAP_SUCCESS) {
    221. 

  221.       raise_warning("Add: %s", ldap_err2string(rc));
    222. 

  222.     } else {
    223. 

  223.       ret = true;
    224. 

  224.     }
    225. 

  225.   } else {
    226. 

  226.     if ((rc = ldap_modify_s(ld->link, (char*)dn.data(), ldap_mods))
    227. 

  227.         != LDAP_SUCCESS) {
    228. 

  228.       raise_warning("Modify: %s", ldap_err2string(rc));
    229. 

  229.     } else {
    230. 

  230.       ret = true;
    231. 

  231.     }
    232. 

  232.   }
    233. 

  233. 

  234. errexit:
    235. 

  235.   for (int i = 0; i < num_attribs; i++) {
    236. 

  236.     free(ldap_mods[i]->mod_type);
    237. 

  237.     for (int j = 0; j < num_berval[i]; j++) {
    238. 

  238.       free(ldap_mods[i]->mod_bvalues[j]);
    239. 

  239.     }
    240. 

  240.     free(ldap_mods[i]->mod_bvalues);
    241. 

  241.     free(ldap_mods[i]);
    242. 

  242.   }
    243. 

  243.   free(num_berval);
    244. 

  244.   free(ldap_mods);
    245. 

  245. 

  246.   return ret;
    247. 

  247. }
    248. 

  248. 

  249. static void php_set_opts(LDAP *ldap, int sizelimit, int timelimit, int deref,
    250. 

  250.                          int *old_sizelimit, int *old_timelimit,
    251. 

  251.                          int *old_deref) {
    252. 

  252.   /* sizelimit */
    253. 

  253.   if (sizelimit > -1) {
    254. 

  254.     ldap_get_option(ldap, LDAP_OPT_SIZELIMIT, old_sizelimit);
    255. 

  255.     ldap_set_option(ldap, LDAP_OPT_SIZELIMIT, &sizelimit);
    256. 

  256.   }
    257. 

  257. 

  258.   /* timelimit */
    259. 

  259.   if (timelimit > -1) {
    260. 

  260.     ldap_get_option(ldap, LDAP_OPT_SIZELIMIT, old_timelimit);
    261. 

  261.     ldap_set_option(ldap, LDAP_OPT_TIMELIMIT, &timelimit);
    262. 

  262.   }
    263. 

  263. 

  264.   /* deref */
    265. 

  265.   if (deref > -1) {
    266. 

  266.     ldap_get_option(ldap, LDAP_OPT_SIZELIMIT, old_deref);
    267. 

  267.     ldap_set_option(ldap, LDAP_OPT_DEREF, &deref);
    268. 

  268.   }
    269. 

  269. }
    270. 

  270. 

  271. static Variant php_ldap_do_search(CVarRef link, CVarRef base_dn,
    272. 

  272.                                   CVarRef filter, CArrRef attributes,
    273. 

  273.                                   int attrsonly, int sizelimit, int timelimit,
    274. 

  274.                                   int deref, int scope) {
    275. 

  275.   int num_attribs = attributes.size();
    276. 

  276.   int old_sizelimit = -1, old_timelimit = -1, old_deref = -1;
    277. 

  277.   int ldap_err = 1, parallel_search = 1;
    278. 

  278.   char **ldap_attrs = (char**)malloc((num_attribs+1) * sizeof(char *));
    279. 

  279.   Array stringHolder;
    280. 

  280.   Array ret = Array::Create();
    281. 

  281. 

  282.   char *ldap_base_dn = NULL;
    283. 

  283.   char *ldap_filter = NULL;
    284. 

  284.   LdapLink *ld = NULL;
    285. 

  285. 

  286. 

  287.   for (int i = 0; i < num_attribs; i++) {
    288. 

  288.     if (!attributes.exists(i)) {
    289. 

  289.       raise_warning("Array initialization wrong");
    290. 

  290.       ldap_err = 0;
    291. 

  291.       goto cleanup;
    292. 

  292.     }
    293. 

  293.     String attr = attributes[i].toString();
    294. 

  294.     stringHolder.append(attr);
    295. 

  295.     ldap_attrs[i] = (char*)attr.data();
    296. 

  296.   }
    297. 

  297.   ldap_attrs[num_attribs] = NULL;
    298. 

  298. 

  299.   /* parallel search? */
    300. 

  300.   if (link.isArray()) {
    301. 

  301.     int nlinks = link.toArray().size();
    302. 

  302.     if (nlinks == 0) {
    303. 

  303.       raise_warning("No links in link array");
    304. 

  304.       ldap_err = 0;
    305. 

  305.       goto cleanup;
    306. 

  306.     }
    307. 

  307. 

  308.     int nbases;
    309. 

  309.     if (base_dn.isArray()) {
    310. 

  310.       nbases = base_dn.toArray().size();
    311. 

  311.       if (nbases != nlinks) {
    312. 

  312.         raise_warning("Base must either be a string, or an array with the "
    313. 

  313.                       "same number of elements as the links array");
    314. 

  314.         ldap_err = 0;
    315. 

  315.         goto cleanup;
    316. 

  316.       }
    317. 

  317.     } else {
    318. 

  318.       nbases = 0; /* this means string, not array */
    319. 

  319.       /* If anything else than string is passed, ldap_base_dn = NULL */
    320. 

  320.       if (base_dn.isString()) {
    321. 

  321.         ldap_base_dn = (char*)base_dn.toString().data();
    322. 

  322.       } else {
    323. 

  323.         ldap_base_dn = NULL;
    324. 

  324.       }
    325. 

  325.     }
    326. 

  326. 

  327.     int nfilters;
    328. 

  328.     if (filter.isArray()) {
    329. 

  329.       nfilters = filter.toArray().size();
    330. 

  330.       if (nfilters != nlinks) {
    331. 

  331.         raise_warning("Filter must either be a string, or an array with the "
    332. 

  332.                       "same number of elements as the links array");
    333. 

  333.         ldap_err = 0;
    334. 

  334.         goto cleanup;
    335. 

  335.       }
    336. 

  336.     } else {
    337. 

  337.       nfilters = 0; /* this means string, not array */
    338. 

  338.       String sfilter = filter.toString();
    339. 

  339.       stringHolder.append(sfilter);
    340. 

  340.       ldap_filter = (char*)sfilter.data();
    341. 

  341.     }
    342. 

  342. 

  343.     LdapLink **lds = (LdapLink**)malloc(nlinks * sizeof(LdapLink*));
    344. 

  344.     int *rcs = (int*)malloc(nlinks * sizeof(int));
    345. 

  345. 

  346.     ArrayIter iter(link.toArray());
    347. 

  347.     ArrayIter iterdn(base_dn.toArray());
    348. 

  348.     ArrayIter iterfilter(filter.toArray());
    349. 

  349.     for (int i = 0; i < nlinks; i++) {
    350. 

  350.       ld = iter.second().toResource().getTyped<LdapLink>(true, true);
    351. 

  351.       if (ld == NULL) {
    352. 

  352.         ldap_err = 0;
    353. 

  353.         goto cleanup_parallel;
    354. 

  354.       }
    355. 

  355.       if (nbases != 0) { /* base_dn an array? */
    356. 

  356.         Variant entry = iterdn.second();
    357. 

  357.         ++iterdn;
    358. 

  358. 

  359.         /* If anything else than string is passed, ldap_base_dn = NULL */
    360. 

  360.         if (entry.isString()) {
    361. 

  361.           ldap_base_dn = (char*)entry.toString().data();
    362. 

  362.         } else {
    363. 

  363.           ldap_base_dn = NULL;
    364. 

  364.         }
    365. 

  365.       }
    366. 

  366.       if (nfilters != 0) { /* filter an array? */
    367. 

  367.         Variant entry = iterfilter.second();
    368. 

  368.         ++iterfilter;
    369. 

  369.         String sentry = entry.toString();
    370. 

  370.         stringHolder.append(sentry);
    371. 

  371.         ldap_filter = (char*)sentry.data();
    372. 

  372.       }
    373. 

  373. 

  374.       php_set_opts(ld->link, sizelimit, timelimit, deref, &old_sizelimit,
    375. 

  375.                    &old_timelimit, &old_deref);
    376. 

  376. 

  377.       /* Run the actual search */
    378. 

  378.       rcs[i] = ldap_search(ld->link, ldap_base_dn, scope, ldap_filter,
    379. 

  379.                            ldap_attrs, attrsonly);
    380. 

  380.       lds[i] = ld;
    381. 

  381.       ++iter;
    382. 

  382.     }
    383. 

  383. 

  384.     /* Collect results from the searches */
    385. 

  385.     for (int i = 0; i < nlinks; i++) {
    386. 

  386.       LDAPMessage *ldap_res;
    387. 

  387.       if (rcs[i] != -1) {
    388. 

  388.         rcs[i] = ldap_result(lds[i]->link, LDAP_RES_ANY, 1 /* LDAP_MSG_ALL */,
    389. 

  389.                              NULL, &ldap_res);
    390. 

  390.       }
    391. 

  391.       if (rcs[i] != -1) {
    392. 

  392.         ret.append(Resource(NEWOBJ(LdapResult)(ldap_res)));
    393. 

  393.       } else {
    394. 

  394.         ret.append(false);
    395. 

  395.       }
    396. 

  396.     }
    397. 

  397. 

  398. cleanup_parallel:
    399. 

  399.     free(lds);
    400. 

  400.     free(rcs);
    401. 

  401.   } else {
    402. 

  402.     /* parallel search? */
    403. 

  403.     String sfilter = filter.toString();
    404. 

  404.     ldap_filter = (char*)sfilter.data();
    405. 

  405. 

  406.     /* If anything else than string is passed, ldap_base_dn = NULL */
    407. 

  407.     if (base_dn.isString()) {
    408. 

  408.       ldap_base_dn = (char*)base_dn.toString().data();
    409. 

  409.     }
    410. 

  410. 

  411.     ld = link.toResource().getTyped<LdapLink>(true, true);
    412. 

  412.     if (ld == NULL) {
    413. 

  413.       ldap_err = 0;
    414. 

  414.       goto cleanup;
    415. 

  415.     }
    416. 

  416. 

  417.     php_set_opts(ld->link, sizelimit, timelimit, deref, &old_sizelimit,
    418. 

  418.                  &old_timelimit, &old_deref);
    419. 

  419. 

  420.     /* Run the actual search */
    421. 

  421.     LDAPMessage *ldap_res;
    422. 

  422.     int rc = ldap_search_s(ld->link, ldap_base_dn, scope, ldap_filter,
    423. 

  423.                            ldap_attrs, attrsonly, &ldap_res);
    424. 

  424. 

  425.     if (rc != LDAP_SUCCESS && rc != LDAP_SIZELIMIT_EXCEEDED
    426. 

  426.   #ifdef LDAP_ADMINLIMIT_EXCEEDED
    427. 

  427.         && rc != LDAP_ADMINLIMIT_EXCEEDED
    428. 

  428.   #endif
    429. 

  429.   #ifdef LDAP_REFERRAL
    430. 

  430.         && rc != LDAP_REFERRAL
    431. 

  431.   #endif
    432. 

  432.     ) {
    433. 

  433.       raise_warning("Search: %s", ldap_err2string(rc));
    434. 

  434.       ldap_err = 0;
    435. 

  435.     } else {
    436. 

  436.       if (rc == LDAP_SIZELIMIT_EXCEEDED) {
    437. 

  437.         raise_warning("Partial search results returned: Sizelimit exceeded");
    438. 

  438.       }
    439. 

  439. #ifdef LDAP_ADMINLIMIT_EXCEEDED
    440. 

  440.       else if (rc == LDAP_ADMINLIMIT_EXCEEDED) {
    441. 

  441.         raise_warning("Partial search results returned: Adminlimit exceeded");
    442. 

  442.       }
    443. 

  443. #endif
    444. 

  444.       parallel_search = 0;
    445. 

  445.       ret.append(Resource(NEWOBJ(LdapResult)(ldap_res)));
    446. 

  446.     }
    447. 

  447.   }
    448. 

  448. cleanup:
    449. 

  449.   if (ld) {
    450. 

  450.     /* Restoring previous options */
    451. 

  451.     php_set_opts(ld->link, old_sizelimit, old_timelimit, old_deref, &sizelimit,
    452. 

  452.                  &timelimit, &deref);
    453. 

  453.   }
    454. 

  454.   if (ldap_attrs != NULL) {
    455. 

  455.     free(ldap_attrs);
    456. 

  456.   }
    457. 

  457. 

  458.   if (!ldap_err) {
    459. 

  459.     return false;
    460. 

  460.   }
    461. 

  461. 

  462.   if (!parallel_search) {
    463. 

  463.     return ret.dequeue();
    464. 

  464.   } else {
    465. 

  465.     return ret;
    466. 

  466.   }
    467. 

  467. }
    468. 

  468. 

  469. static int _ldap_rebind_proc(LDAP *ldap, const char *url, ber_tag_t req,
    470. 

  470.                              ber_int_t msgid, void *params) {
    471. 

  471.   LdapLink *ld = (LdapLink*)params;
    472. 

  472. 

  473.   /* link exists and callback set? */
    474. 

  474.   if (ld == NULL || ld->rebindproc.isNull()) {
    475. 

  475.     raise_warning("Link not found or no callback set");
    476. 

  476.     return LDAP_OTHER;
    477. 

  477.   }
    478. 

  478. 

  479.   /* callback */
    480. 

  480.   Variant ret = vm_call_user_func
    481. 

  481.     (ld->rebindproc, make_packed_array(Resource(ld), String(url, CopyString)));
    482. 

  482.   return ret.toInt64();
    483. 

  483. }
    484. 

  484. 

  485. const StaticString
    486. 

  486.   s_count("count"),
    487. 

  487.   s_dn("dn");
    488. 

  488. 

  489. static void get_attributes(Array &ret, LDAP *ldap,
    490. 

  490.                            LDAPMessage *ldap_result_entry, bool to_lower) {
    491. 

  491.   int num_attrib = 0;
    492. 

  492.   BerElement *ber;
    493. 

  493.   char *attribute = ldap_first_attribute(ldap, ldap_result_entry, &ber);
    494. 

  494. 

  495.   while (attribute != NULL) {
    496. 

  496.     struct berval **ldap_value =
    497. 

  497.       ldap_get_values_len(ldap, ldap_result_entry, attribute);
    498. 

  498.     int num_values = ldap_count_values_len(ldap_value);
    499. 

  499. 

  500.     Array tmp;
    501. 

  501.     tmp.set(s_count, num_values);
    502. 

  502.     for (int i = 0; i < num_values; i++) {
    503. 

  503.       tmp.append(String(ldap_value[i]->bv_val, ldap_value[i]->bv_len,
    504. 

  504.                         CopyString));
    505. 

  505.     }
    506. 

  506.     ldap_value_free_len(ldap_value);
    507. 

  507. 

  508.     String sAttribute(attribute, CopyString);
    509. 

  509.     ret.set(to_lower ? String(Util::toLower(attribute)) : sAttribute, tmp);
    510. 

  510.     ret.set(num_attrib, sAttribute);
    511. 

  511. 

  512.     num_attrib++;
    513. 

  513.     ldap_memfree(attribute);
    514. 

  514.     attribute = ldap_next_attribute(ldap, ldap_result_entry, ber);
    515. 

  515.   }
    516. 

  516. 

  517.   if (ber != NULL) {
    518. 

  518.     ber_free(ber, 0);
    519. 

  519.   }
    520. 

  520. 

  521.   ret.set(s_count, num_attrib);
    522. 

  522. }
    523. 

  523. 

  524. ///////////////////////////////////////////////////////////////////////////////
    525. 

  525. 

  526. Variant f_ldap_connect(const String& hostname /* = null_string */,
    527. 

  527.                        int port /* = 389 */) {
    528. 

  528.   if (LDAPG(max_links) != -1 && LDAPG(num_links) >= LDAPG(max_links)) {
    529. 

  529.     raise_warning("Too many open links (%ld)", LDAPG(num_links));
    530. 

  530.     return false;
    531. 

  531.   }
    532. 

  532. 

  533.   LdapLink *ld = NEWOBJ(LdapLink)();
    534. 

  534.   Resource ret(ld);
    535. 

  535. 

  536.   LDAP *ldap = NULL;
    537. 

  537.   if (!hostname.empty() && hostname.find('/') >= 0) {
    538. 

  538.     int rc = ldap_initialize(&ldap, hostname.data());
    539. 

  539.     if (rc != LDAP_SUCCESS) {
    540. 

  540.       raise_warning("Could not create session handle: %s",
    541. 

  541.                     ldap_err2string(rc));
    542. 

  542.       return false;
    543. 

  543.     }
    544. 

  544.   } else {
    545. 

  545.     ldap = ldap_init((char*)hostname.data(), port);
    546. 

  546.   }
    547. 

  547. 

  548.   if (ldap) {
    549. 

  549.     LDAPG(num_links)++;
    550. 

  550.     ld->link = ldap;
    551. 

  551.     return ret;
    552. 

  552.   }
    553. 

  553.   raise_warning("Unable to initialize LDAP: %s",
    554. 

  554.                 folly::errnoStr(errno).c_str());
    555. 

  555.   return false;
    556. 

  556. }
    557. 

  557. 

  558. Variant f_ldap_explode_dn(const String& dn, int with_attrib) {
    559. 

  559.   char **ldap_value;
    560. 

  560.   if (!(ldap_value = ldap_explode_dn((char*)dn.data(), with_attrib))) {
    561. 

  561.     /* Invalid parameters were passed to ldap_explode_dn */
    562. 

  562.     return false;
    563. 

  563.   }
    564. 

  564. 

  565.   int i = 0;
    566. 

  566.   while (ldap_value[i] != NULL) i++;
    567. 

  567.   int count = i;
    568. 

  568. 

  569.   Array ret;
    570. 

  570.   ret.set(s_count, count);
    571. 

  571.   for (i = 0; i < count; i++) {
    572. 

  572.     ret.append(String(ldap_value[i], CopyString));
    573. 

  573.   }
    574. 

  574. 

  575.   ldap_value_free(ldap_value);
    576. 

  576.   return ret;
    577. 

  577. }
    578. 

  578. 

  579. Variant f_ldap_dn2ufn(const String& db) {
    580. 

  580.   char *ufn = ldap_dn2ufn((char*)db.data());
    581. 

  581.   if (ufn) {
    582. 

  582.     String ret(ufn, CopyString);
    583. 

  583.     ldap_memfree(ufn);
    584. 

  584.     return ret;
    585. 

  585.   }
    586. 

  586.   return false;
    587. 

  587. }
    588. 

  588. 

  589. String f_ldap_err2str(int errnum) {
    590. 

  590.   return String(ldap_err2string(errnum), CopyString);
    591. 

  591. }
    592. 

  592. 

  593. bool f_ldap_add(CResRef link, const String& dn, CArrRef entry) {
    594. 

  594.   return php_ldap_do_modify(link, dn, entry, PHP_LD_FULL_ADD);
    595. 

  595. }
    596. 

  596. 

  597. bool f_ldap_mod_add(CResRef link, const String& dn, CArrRef entry) {
    598. 

  598.   return php_ldap_do_modify(link, dn, entry, LDAP_MOD_ADD);
    599. 

  599. }
    600. 

  600. 

  601. bool f_ldap_mod_del(CResRef link, const String& dn, CArrRef entry) {
    602. 

  602.   return php_ldap_do_modify(link, dn, entry, LDAP_MOD_DELETE);
    603. 

  603. }
    604. 

  604. 

  605. bool f_ldap_mod_replace(CResRef link, const String& dn, CArrRef entry) {
    606. 

  606.   return php_ldap_do_modify(link, dn, entry, LDAP_MOD_REPLACE);
    607. 

  607. }
    608. 

  608. 

  609. bool f_ldap_modify(CResRef link, const String& dn, CArrRef entry) {
    610. 

  610.   return php_ldap_do_modify(link, dn, entry, LDAP_MOD_REPLACE);
    611. 

  611. }
    612. 

  612. 

  613. bool f_ldap_bind(CResRef link, const String& bind_rdn /* = null_string */,
    614. 

  614.                  const String& bind_password /* = null_string */) {
    615. 

  615.   int rc;
    616. 

  616.   LdapLink *ld = link.getTyped<LdapLink>();
    617. 

  617.   if ((rc = ldap_bind_s(ld->link, (char*)bind_rdn.data(),
    618. 

  618.                         (char*)bind_password.data(),
    619. 

  619.                         LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {
    620. 

  620.     raise_warning("Unable to bind to server: %s", ldap_err2string(rc));
    621. 

  621.     return false;
    622. 

  622.   }
    623. 

  623.   return true;
    624. 

  624. }
    625. 

  625. 

  626. bool f_ldap_set_rebind_proc(CResRef link, CVarRef callback) {
    627. 

  627.   LdapLink *ld = link.getTyped<LdapLink>();
    628. 

  628. 

  629.   if (callback.isString() && callback.toString().empty()) {
    630. 

  630.     /* unregister rebind procedure */
    631. 

  631.     if (!ld->rebindproc.isNull()) {
    632. 

  632.       ld->rebindproc.reset();
    633. 

  633.       ldap_set_rebind_proc(ld->link, NULL, NULL);
    634. 

  634.     }
    635. 

  635.     return true;
    636. 

  636.   }
    637. 

  637. 

  638.   /* callable? */
    639. 

  639.   if (!f_is_callable(callback)) {
    640. 

  640.     raise_warning("Callback argument is not a valid callback");
    641. 

  641.     return false;
    642. 

  642.   }
    643. 

  643. 

  644.   /* register rebind procedure */
    645. 

  645.   if (ld->rebindproc.isNull()) {
    646. 

  646.     ldap_set_rebind_proc(ld->link, _ldap_rebind_proc, (void *)link.get());
    647. 

  647.   } else {
    648. 

  648.     ld->rebindproc.reset();
    649. 

  649.   }
    650. 

  650. 

  651.   ld->rebindproc = callback;
    652. 

  652.   return true;
    653. 

  653. }
    654. 

  654. 

  655. bool f_ldap_sort(CResRef link, CResRef result, const String& sortfilter) {
    656. 

  656.   LdapLink *ld = link.getTyped<LdapLink>();
    657. 

  657.   LdapResult *res = result.getTyped<LdapResult>();
    658. 

  658. 

  659.   if (ldap_sort_entries(ld->link, &res->data,
    660. 

  660.                         !sortfilter.empty() ? (char*)sortfilter.data() : NULL,
    661. 

  661.                         strcmp) != LDAP_SUCCESS) {
    662. 

  662.     raise_warning("%s", ldap_err2string(_get_lderrno(ld->link)));
    663. 

  663.     return false;
    664. 

  664.   }
    665. 

  665.   return true;
    666. 

  666. }
    667. 

  667. 

  668. bool f_ldap_start_tls(CResRef link) {
    669. 

  669.   LdapLink *ld = link.getTyped<LdapLink>();
    670. 

  670.   int rc, protocol = LDAP_VERSION3;
    671. 

  671.   if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &protocol))
    672. 

  672.        != LDAP_SUCCESS) ||
    673. 

  673.       ((rc = ldap_start_tls_s(ld->link, NULL, NULL)) != LDAP_SUCCESS)) {
    674. 

  674.     raise_warning("Unable to start TLS: %s", ldap_err2string(rc));
    675. 

  675.     return false;
    676. 

  676.   }
    677. 

  677.   return true;
    678. 

  678. }
    679. 

  679. 

  680. bool f_ldap_unbind(CResRef link) {
    681. 

  681.   LdapLink *ld = link.getTyped<LdapLink>();
    682. 

  682.   ld->close();
    683. 

  683.   return true;
    684. 

  684. }
    685. 

  685. 

  686. bool f_ldap_get_option(CResRef link, int option, VRefParam retval) {
    687. 

  687.   LdapLink *ld = link.getTyped<LdapLink>();
    688. 

  688. 

  689.   switch (option) {
    690. 

  690.   /* options with int value */
    691. 

  691.   case LDAP_OPT_DEREF:
    692. 

  692.   case LDAP_OPT_SIZELIMIT:
    693. 

  693.   case LDAP_OPT_TIMELIMIT:
    694. 

  694.   case LDAP_OPT_PROTOCOL_VERSION:
    695. 

  695.   case LDAP_OPT_ERROR_NUMBER:
    696. 

  696.   case LDAP_OPT_REFERRALS:
    697. 

  697. #ifdef LDAP_OPT_RESTART
    698. 

  698.   case LDAP_OPT_RESTART:
    699. 

  699. #endif
    700. 

  700.     {
    701. 

  701.       int val;
    702. 

  702.       if (ldap_get_option(ld->link, option, &val)) {
    703. 

  703.         return false;
    704. 

  704.       }
    705. 

  705.       retval = (int64_t)val;
    706. 

  706.     } break;
    707. 

  707. #ifdef LDAP_OPT_NETWORK_TIMEOUT
    708. 

  708.   case LDAP_OPT_NETWORK_TIMEOUT:
    709. 

  709.     {
    710. 

  710.       struct timeval *timeout;
    711. 

  711.       if (ldap_get_option(ld->link, LDAP_OPT_NETWORK_TIMEOUT,
    712. 

  712.                           (void *) &timeout)) {
    713. 

  713.         if (timeout) {
    714. 

  714.           ldap_memfree(timeout);
    715. 

  715.         }
    716. 

  716.         return false;
    717. 

  717.       }
    718. 

  718.       retval = (int64_t)timeout->tv_sec;
    719. 

  719.       ldap_memfree(timeout);
    720. 

  720.     } break;
    721. 

  721. #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
    722. 

  722.   case LDAP_X_OPT_CONNECT_TIMEOUT:
    723. 

  723.     {
    724. 

  724.       int timeout;
    725. 

  725.       if (ldap_get_option(ld->link, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout)) {
    726. 

  726.         return false;
    727. 

  727.       }
    728. 

  728.       retval = (int64_t)(timeout / 1000);
    729. 

  729.     } break;
    730. 

  730. #endif
    731. 

  731.   /* options with string value */
    732. 

  732.   case LDAP_OPT_ERROR_STRING:
    733. 

  733. #ifdef LDAP_OPT_HOST_NAME
    734. 

  734.   case LDAP_OPT_HOST_NAME:
    735. 

  735. #endif
    736. 

  736. #ifdef HAVE_LDAP_SASL
    737. 

  737.   case LDAP_OPT_X_SASL_MECH:
    738. 

  738.   case LDAP_OPT_X_SASL_REALM:
    739. 

  739.   case LDAP_OPT_X_SASL_AUTHCID:
    740. 

  740.   case LDAP_OPT_X_SASL_AUTHZID:
    741. 

  741. #endif
    742. 

  742. #ifdef LDAP_OPT_MATCHED_DN
    743. 

  743.   case LDAP_OPT_MATCHED_DN:
    744. 

  744. #endif
    745. 

  745.     {
    746. 

  746.       char *val = NULL;
    747. 

  747.       if (ldap_get_option(ld->link, option, &val) || val == NULL ||
    748. 

  748.           *val == '\0') {
    749. 

  749.         if (val) {
    750. 

  750.           ldap_memfree(val);
    751. 

  751.         }
    752. 

  752.         return false;
    753. 

  753.       }
    754. 

  754.       retval = String(val, CopyString);
    755. 

  755.       ldap_memfree(val);
    756. 

  756.     } break;
    757. 

  757. /* options not implemented
    758. 

  758.   case LDAP_OPT_SERVER_CONTROLS:
    759. 

  759.   case LDAP_OPT_CLIENT_CONTROLS:
    760. 

  760.   case LDAP_OPT_API_INFO:
    761. 

  761.   case LDAP_OPT_API_FEATURE_INFO:
    762. 

  762. */
    763. 

  763.   default:
    764. 

  764.     return false;
    765. 

  765.   }
    766. 

  766.   return true;
    767. 

  767. }
    768. 

  768. 

  769. const StaticString
    770. 

  770.   s_oid("oid"),
    771. 

  771.   s_value("value"),
    772. 

  772.   s_iscritical("iscritical");
    773. 

  773. 

  774. bool f_ldap_set_option(CVarRef link, int option, CVarRef newval) {
    775. 

  775.   LDAP *ldap = NULL;
    776. 

  776.   if (!link.isNull()) {
    777. 

  777.     LdapLink *ld = link.toResource().getTyped<LdapLink>();
    778. 

  778.     ldap = ld->link;
    779. 

  779.   }
    780. 

  780. 

  781.   switch (option) {
    782. 

  782.   /* options with int value */
    783. 

  783.   case LDAP_OPT_DEREF:
    784. 

  784.   case LDAP_OPT_SIZELIMIT:
    785. 

  785.   case LDAP_OPT_TIMELIMIT:
    786. 

  786.   case LDAP_OPT_PROTOCOL_VERSION:
    787. 

  787.   case LDAP_OPT_ERROR_NUMBER:
    788. 

  788. #ifdef LDAP_OPT_DEBUG_LEVEL
    789. 

  789.   case LDAP_OPT_DEBUG_LEVEL:
    790. 

  790. #endif
    791. 

  791.     {
    792. 

  792.       int val = newval.toInt64();
    793. 

  793.       if (ldap_set_option(ldap, option, &val)) {
    794. 

  794.         return false;
    795. 

  795.       }
    796. 

  796.     } break;
    797. 

  797. #ifdef LDAP_OPT_NETWORK_TIMEOUT
    798. 

  798.   case LDAP_OPT_NETWORK_TIMEOUT:
    799. 

  799.     {
    800. 

  800.       struct timeval timeout;
    801. 

  801.       timeout.tv_sec = newval.toInt64();
    802. 

  802.       timeout.tv_usec = 0;
    803. 

  803.       if (ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, (void *) &timeout)) {
    804. 

  804.         return false;
    805. 

  805.       }
    806. 

  806.     } break;
    807. 

  807. #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
    808. 

  808.   case LDAP_X_OPT_CONNECT_TIMEOUT:
    809. 

  809.     {
    810. 

  810.       int timeout = 1000 * newval.toInt64(); /* Convert to milliseconds */
    811. 

  811.       if (ldap_set_option(ldap, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout)) {
    812. 

  812.         return false;
    813. 

  813.       }
    814. 

  814.     } break;
    815. 

  815. #endif
    816. 

  816.     /* options with string value */
    817. 

  817.   case LDAP_OPT_ERROR_STRING:
    818. 

  818. #ifdef LDAP_OPT_HOST_NAME
    819. 

  819.   case LDAP_OPT_HOST_NAME:
    820. 

  820. #endif
    821. 

  821. #ifdef HAVE_LDAP_SASL
    822. 

  822.   case LDAP_OPT_X_SASL_MECH:
    823. 

  823.   case LDAP_OPT_X_SASL_REALM:
    824. 

  824.   case LDAP_OPT_X_SASL_AUTHCID:
    825. 

  825.   case LDAP_OPT_X_SASL_AUTHZID:
    826. 

  826. #endif
    827. 

  827. #ifdef LDAP_OPT_MATCHED_DN
    828. 

  828.   case LDAP_OPT_MATCHED_DN:
    829. 

  829. #endif
    830. 

  830.     {
    831. 

  831.       String snewval = newval.toString();
    832. 

  832.       char *val = (char*)snewval.data();
    833. 

  833.       if (ldap_set_option(ldap, option, val)) {
    834. 

  834.         return false;
    835. 

  835.       }
    836. 

  836.     } break;
    837. 

  837.     /* options with boolean value */
    838. 

  838.   case LDAP_OPT_REFERRALS:
    839. 

  839. #ifdef LDAP_OPT_RESTART
    840. 

  840.   case LDAP_OPT_RESTART:
    841. 

  841. #endif
    842. 

  842.     {
    843. 

  843.       void *val = newval.toBoolean() ? LDAP_OPT_ON : LDAP_OPT_OFF;
    844. 

  844.       if (ldap_set_option(ldap, option, val)) {
    845. 

  845.         return false;
    846. 

  846.       }
    847. 

  847.     } break;
    848. 

  848.     /* options with control list value */
    849. 

  849.   case LDAP_OPT_SERVER_CONTROLS:
    850. 

  850.   case LDAP_OPT_CLIENT_CONTROLS:
    851. 

  851.     {
    852. 

  852.       LDAPControl *ctrl, **ctrls, **ctrlp;
    853. 

  853.       int ncontrols;
    854. 

  854.       char error=0;
    855. 

  855. 

  856.       if (!newval.isArray() || !(ncontrols = newval.toArray().size())) {
    857. 

  857.         raise_warning("Expected non-empty array value for this option");
    858. 

  858.         return false;
    859. 

  859.       }
    860. 

  860.       ctrls = (LDAPControl**)malloc((1 + ncontrols) * sizeof(*ctrls));
    861. 

  861.       *ctrls = NULL;
    862. 

  862.       ctrlp = ctrls;
    863. 

  863.       Array stringHolder;
    864. 

  864.       for (ArrayIter iter(newval.toArray()); iter; ++iter) {
    865. 

  865.         Variant vctrlval = iter.second();
    866. 

  866.         if (!vctrlval.isArray()) {
    867. 

  867.           raise_warning("The array value must contain only arrays, "
    868. 

  868.                         "where each array is a control");
    869. 

  869.           error = 1;
    870. 

  870.           break;
    871. 

  871.         }
    872. 

  872.         Array ctrlval = vctrlval.toArray();
    873. 

  873.         if (!ctrlval.exists(s_oid)) {
    874. 

  874.           raise_warning("Control must have an oid key");
    875. 

  875.           error = 1;
    876. 

  876.           break;
    877. 

  877.         }
    878. 

  878.         String val = ctrlval[s_oid].toString();
    879. 

  879.         stringHolder.append(val);
    880. 

  880.         ctrl = *ctrlp = (LDAPControl*)malloc(sizeof(**ctrlp));
    881. 

  881.         ctrl->ldctl_oid = (char*)val.data();
    882. 

  882.         if (ctrlval.exists(s_value)) {
    883. 

  883.           val = ctrlval[s_value].toString();
    884. 

  884.           stringHolder.append(val);
    885. 

  885.           ctrl->ldctl_value.bv_val = (char*)val.data();
    886. 

  886.           ctrl->ldctl_value.bv_len = val.size();
    887. 

  887.         } else {
    888. 

  888.           ctrl->ldctl_value.bv_val = NULL;
    889. 

  889.           ctrl->ldctl_value.bv_len = 0;
    890. 

  890.         }
    891. 

  891.         if (ctrlval.exists(s_iscritical)) {
    892. 

  892.           ctrl->ldctl_iscritical = val.toBoolean() ? 1 : 0;
    893. 

  893.         } else {
    894. 

  894.           ctrl->ldctl_iscritical = 0;
    895. 

  895.         }
    896. 

  896. 

  897.         ++ctrlp;
    898. 

  898.         *ctrlp = NULL;
    899. 

  899.       }
    900. 

  900.       if (!error) {
    901. 

  901.         error = ldap_set_option(ldap, option, ctrls);
    902. 

  902.       }
    903. 

  903.       ctrlp = ctrls;
    904. 

  904.       while (*ctrlp) {
    905. 

  905.         free(*ctrlp);
    906. 

  906.         ctrlp++;
    907. 

  907.       }
    908. 

  908.       free(ctrls);
    909. 

  909.       if (error) {
    910. 

  910.         return false;
    911. 

  911.       }
    912. 

  912.     } break;
    913. 

  913.   default:
    914. 

  914.     return false;
    915. 

  915.   }
    916. 

  916.   return true;
    917. 

  917. }
    918. 

  918. 

  919. bool f_ldap_close(CResRef link) {
    920. 

  920.   return f_ldap_unbind(link);
    921. 

  921. }
    922. 

  922. 

  923. Variant f_ldap_list(CVarRef link, CVarRef base_dn, CVarRef filter,
    924. 

  924.                     CArrRef attributes /* = null_array */,
    925. 

  925.                     int attrsonly /* = 0 */, int sizelimit /* = -1 */,
    926. 

  926.                     int timelimit /* = -1 */, int deref /* = -1 */) {
    927. 

  927.   return php_ldap_do_search(link, base_dn, filter, attributes, attrsonly,
    928. 

  928.                             sizelimit, timelimit, deref, LDAP_SCOPE_ONELEVEL);
    929. 

  929. }
    930. 

  930. 

  931. Variant f_ldap_read(CVarRef link, CVarRef base_dn, CVarRef filter,
    932. 

  932.                     CArrRef attributes /* = null_array */,
    933. 

  933.                     int attrsonly /* = 0 */, int sizelimit /* = -1 */,
    934. 

  934.                     int timelimit /* = -1 */, int deref /* = -1 */) {
    935. 

  935.   return php_ldap_do_search(link, base_dn, filter, attributes, attrsonly,
    936. 

  936.                             sizelimit, timelimit, deref, LDAP_SCOPE_BASE);
    937. 

  937. }
    938. 

  938. 

  939. Variant f_ldap_search(CVarRef link, CVarRef base_dn, CVarRef filter,
    940. 

  940.                       CArrRef attributes /* = null_array */,
    941. 

  941.                       int attrsonly /* = 0 */, int sizelimit /* = -1 */,
    942. 

  942.                       int timelimit /* = -1 */, int deref /* = -1 */) {
    943. 

  943.   return php_ldap_do_search(link, base_dn, filter, attributes, attrsonly,
    944. 

  944.                             sizelimit, timelimit, deref, LDAP_SCOPE_SUBTREE);
    945. 

  945. }
    946. 

  946. 

  947. bool f_ldap_rename(CResRef link, const String& dn, const String& newrdn,
    948. 

  948.                    const String& newparent,
    949. 

  949.                    bool deleteoldrdn) {
    950. 

  950.   LdapLink *ld = link.getTyped<LdapLink>();
    951. 

  951.   int rc = ldap_rename_s(ld->link, (char*)dn.data(), (char*)newrdn.data(),
    952. 

  952.                          !newparent.empty() ? (char*)newparent.data() : NULL,
    953. 

  953.                          deleteoldrdn, NULL, NULL);
    954. 

  954.   return rc == LDAP_SUCCESS;
    955. 

  955. }
    956. 

  956. 

  957. bool f_ldap_delete(CResRef link, const String& dn) {
    958. 

  958.   LdapLink *ld = link.getTyped<LdapLink>();
    959. 

  959.   int rc;
    960. 

  960.   if ((rc = ldap_delete_s(ld->link, (char*)dn.data())) != LDAP_SUCCESS) {
    961. 

  961.     raise_warning("Delete: %s", ldap_err2string(rc));
    962. 

  962.     return false;
    963. 

  963.   }
    964. 

  964.   return true;
    965. 

  965. }
    966. 

  966. 

  967. Variant f_ldap_compare(CResRef link, const String& dn, const String& attribute,
    968. 

  968.                        const String& value) {
    969. 

  969.   LdapLink *ld = link.getTyped<LdapLink>();
    970. 

  970.   int rc = ldap_compare_s(ld->link, (char*)dn.data(), (char*)attribute.data(),
    971. 

  971.                           (char*)value.data());
    972. 

  972.   switch (rc) {
    973. 

  973.   case LDAP_COMPARE_TRUE:  return true;
    974. 

  974.   case LDAP_COMPARE_FALSE: return false;
    975. 

  975.   }
    976. 

  976.   raise_warning("Compare: %s", ldap_err2string(rc));
    977. 

  977.   return -1LL;
    978. 

  978. }
    979. 

  979. 

  980. int64_t f_ldap_errno(CResRef link) {
    981. 

  981.   LdapLink *ld = link.getTyped<LdapLink>();
    982. 

  982.   return _get_lderrno(ld->link);
    983. 

  983. }
    984. 

  984. 

  985. String f_ldap_error(CResRef link) {
    986. 

  986.   LdapLink *ld = link.getTyped<LdapLink>();
    987. 

  987.   int ld_errno = _get_lderrno(ld->link);
    988. 

  988.   return String(ldap_err2string(ld_errno), CopyString);
    989. 

  989. }
    990. 

  990. 

  991. Variant f_ldap_get_dn(CResRef link, CResRef result_entry) {
    992. 

  992.   LdapLink *ld = link.getTyped<LdapLink>();
    993. 

  993.   LdapResultEntry *entry = result_entry.getTyped<LdapResultEntry>();
    994. 

  994. 

  995.   char *text = ldap_get_dn(ld->link, entry->data);
    996. 

  996.   if (text) {
    997. 

  997.     String ret(text, CopyString);
    998. 

  998.     ldap_memfree(text);
    999. 

  999.     return ret;
    1000. 

  1000.   }
    1001. 

  1001.   return false;
    1002. 

  1002. }
    1003. 

  1003. 

  1004. int64_t f_ldap_count_entries(CResRef link, CResRef result) {
    1005. 

  1005.   LdapLink *ld = link.getTyped<LdapLink>();
    1006. 

  1006.   LdapResult *res = result.getTyped<LdapResult>();
    1007. 

  1007.   return ldap_count_entries(ld->link, res->data);
    1008. 

  1008. }
    1009. 

  1009. 

  1010. Variant f_ldap_get_entries(CResRef link, CResRef result) {
    1011. 

  1011.   LdapLink *ld = link.getTyped<LdapLink>();
    1012. 

  1012.   LdapResult *res = result.getTyped<LdapResult>();
    1013. 

  1013. 

  1014.   LDAP *ldap = ld->link;
    1015. 

  1015. 

  1016.   int num_entries = ldap_count_entries(ldap, res->data);
    1017. 

  1017.   Array ret;
    1018. 

  1018.   ret.set(s_count, num_entries);
    1019. 

  1019.   if (num_entries == 0) {
    1020. 

  1020.     return uninit_null();
    1021. 

  1021.   }
    1022. 

  1022. 

  1023.   LDAPMessage *ldap_result_entry = ldap_first_entry(ldap, res->data);
    1024. 

  1024.   if (ldap_result_entry == NULL) {
    1025. 

  1025.     return false;
    1026. 

  1026.   }
    1027. 

  1027. 

  1028.   num_entries = 0;
    1029. 

  1029.   while (ldap_result_entry != NULL) {
    1030. 

  1030.     Array tmp1 = Array::Create();
    1031. 

  1031.     get_attributes(tmp1, ldap, ldap_result_entry, true);
    1032. 

  1032. 

  1033.     char *dn = ldap_get_dn(ldap, ldap_result_entry);
    1034. 

  1034.     tmp1.set(s_dn, String(dn, CopyString));
    1035. 

  1035.     ldap_memfree(dn);
    1036. 

  1036. 

  1037.     ret.set(num_entries, tmp1);
    1038. 

  1038. 

  1039.     num_entries++;
    1040. 

  1040.     ldap_result_entry = ldap_next_entry(ldap, ldap_result_entry);
    1041. 

  1041.   }
    1042. 

  1042. 

  1043.   ret.set(s_count, num_entries);
    1044. 

  1044.   return ret;
    1045. 

  1045. }
    1046. 

  1046. 

  1047. Variant f_ldap_first_entry(CResRef link, CResRef result) {
    1048. 

  1048.   LdapLink *ld = link.getTyped<LdapLink>();
    1049. 

  1049.   LdapResult *res = result.getTyped<LdapResult>();
    1050. 

  1050. 

  1051.   LDAPMessage *entry;
    1052. 

  1052.   if ((entry = ldap_first_entry(ld->link, res->data)) == NULL) {
    1053. 

  1053.     return false;
    1054. 

  1054.   }
    1055. 

  1055. 

  1056.   return NEWOBJ(LdapResultEntry)(entry, res);
    1057. 

  1057. }
    1058. 

  1058. 

  1059. Variant f_ldap_next_entry(CResRef link, CResRef result_entry) {
    1060. 

  1060.   LdapLink *ld = link.getTyped<LdapLink>();
    1061. 

  1061.   LdapResultEntry *entry = result_entry.getTyped<LdapResultEntry>();
    1062. 

  1062. 

  1063.   LDAPMessage *msg;
    1064. 

  1064.   if ((msg = ldap_next_entry(ld->link, entry->data)) == NULL) {
    1065. 

  1065.     return false;
    1066. 

  1066.   }
    1067. 

  1067. 

  1068.   return NEWOBJ(LdapResultEntry)(msg, entry->result.get());
    1069. 

  1069. }
    1070. 

  1070. 

  1071. Array f_ldap_get_attributes(CResRef link, CResRef result_entry) {
    1072. 

  1072.   LdapLink *ld = link.getTyped<LdapLink>();
    1073. 

  1073.   LdapResultEntry *entry = result_entry.getTyped<LdapResultEntry>();
    1074. 

  1074.   Array ret = Array::Create();
    1075. 

  1075.   get_attributes(ret, ld->link, entry->data, false);
    1076. 

  1076.   return ret;
    1077. 

  1077. }
    1078. 

  1078. 

  1079. Variant f_ldap_first_attribute(CResRef link, CResRef result_entry) {
    1080. 

  1080.   LdapLink *ld = link.getTyped<LdapLink>();
    1081. 

  1081.   LdapResultEntry *entry = result_entry.getTyped<LdapResultEntry>();
    1082. 

  1082. 

  1083.   char *attribute;
    1084. 

  1084.   if ((attribute =
    1085. 

  1085.        ldap_first_attribute(ld->link, entry->data, &entry->ber)) == NULL) {
    1086. 

  1086.     return false;
    1087. 

  1087.   }
    1088. 

  1088.   String ret(attribute, CopyString);
    1089. 

  1089.   ldap_memfree(attribute);
    1090. 

  1090.   return ret;
    1091. 

  1091. }
    1092. 

  1092. 

  1093. Variant f_ldap_next_attribute(CResRef link, CResRef result_entry) {
    1094. 

  1094.   LdapLink *ld = link.getTyped<LdapLink>();
    1095. 

  1095.   LdapResultEntry *entry = result_entry.getTyped<LdapResultEntry>();
    1096. 

  1096. 

  1097.   if (entry->ber == NULL) {
    1098. 

  1098.     raise_warning("called before calling ldap_first_attribute() or "
    1099. 

  1099.                   "no attributes found in result entry");
    1100. 

  1100.     return false;
    1101. 

  1101.   }
    1102. 

  1102. 

  1103.   char *attribute;
    1104. 

  1104.   if ((attribute =
    1105. 

  1105.        ldap_next_attribute(ld->link, entry->data, entry->ber)) == NULL) {
    1106. 

  1106.     if (entry->ber != NULL) {
    1107. 

  1107.       ber_free(entry->ber, 0);
    1108. 

  1108.       entry->ber = NULL;
    1109. 

  1109.     }
    1110. 

  1110.     return false;
    1111. 

  1111.   }
    1112. 

  1112.   String ret(attribute, CopyString);
    1113. 

  1113.   ldap_memfree(attribute);
    1114. 

  1114.   return ret;
    1115. 

  1115. }
    1116. 

  1116. 

  1117. Variant f_ldap_first_reference(CResRef link, CResRef result) {
    1118. 

  1118.   LdapLink *ld = link.getTyped<LdapLink>();
    1119. 

  1119.   LdapResult *res = result.getTyped<LdapResult>();
    1120. 

  1120. 

  1121.   LDAPMessage *entry;
    1122. 

  1122.   if ((entry = ldap_first_reference(ld->link, res->data)) == NULL) {
    1123. 

  1123.     return false;
    1124. 

  1124.   }
    1125. 

  1125. 

  1126.   return NEWOBJ(LdapResultEntry)(entry, res);
    1127. 

  1127. }
    1128. 

  1128. 

  1129. Variant f_ldap_next_reference(CResRef link, CResRef result_entry) {
    1130. 

  1130.   LdapLink *ld = link.getTyped<LdapLink>();
    1131. 

  1131.   LdapResultEntry *entry = result_entry.getTyped<LdapResultEntry>();
    1132. 

  1132. 

  1133.   LDAPMessage *entry_next;
    1134. 

  1134.   if ((entry_next = ldap_next_reference(ld->link, entry->data)) == NULL) {
    1135. 

  1135.     return false;
    1136. 

  1136.   }
    1137. 

  1137. 

  1138.   return NEWOBJ(LdapResultEntry)(entry_next, entry->result.get());
    1139. 

  1139. }
    1140. 

  1140. 

  1141. bool f_ldap_parse_reference(CResRef link, CResRef result_entry,
    1142. 

  1142.                             VRefParam referrals) {
    1143. 

  1143.   LdapLink *ld = link.getTyped<LdapLink>();
    1144. 

  1144.   LdapResultEntry *entry = result_entry.getTyped<LdapResultEntry>();
    1145. 

  1145. 

  1146.   char **lreferrals, **refp;
    1147. 

  1147.   if (ldap_parse_reference(ld->link, entry->data, &lreferrals,
    1148. 

  1148.                            NULL /* &serverctrls */, 0) != LDAP_SUCCESS) {
    1149. 

  1149.     return false;
    1150. 

  1150.   }
    1151. 

  1151. 

  1152.   Array arr = Array::Create();
    1153. 

  1153.   if (lreferrals != NULL) {
    1154. 

  1154.     refp = lreferrals;
    1155. 

  1155.     while (*refp) {
    1156. 

  1156.       arr.append(String(*refp, CopyString));
    1157. 

  1157.       refp++;
    1158. 

  1158.     }
    1159. 

  1159.     ldap_value_free(lreferrals);
    1160. 

  1160.   }
    1161. 

  1161.   referrals = arr;
    1162. 

  1162.   return true;
    1163. 

  1163. }
    1164. 

  1164. 

  1165. bool f_ldap_parse_result(CResRef link, CResRef result, VRefParam errcode,
    1166. 

  1166.                          VRefParam matcheddn /* = null */,
    1167. 

  1167.                          VRefParam errmsg /* = null */,
    1168. 

  1168.                          VRefParam referrals /* = null */) {
    1169. 

  1169.   LdapLink *ld = link.getTyped<LdapLink>();
    1170. 

  1170.   LdapResult *res = result.getTyped<LdapResult>();
    1171. 

  1171. 

  1172.   int lerrcode;
    1173. 

  1173.   char **lreferrals, **refp;
    1174. 

  1174.   char *lmatcheddn, *lerrmsg;
    1175. 

  1175.   int rc = ldap_parse_result(ld->link, res->data, &lerrcode,
    1176. 

  1176.                              &lmatcheddn, &lerrmsg, &lreferrals,
    1177. 

  1177.                              NULL /* &serverctrls */, 0);
    1178. 

  1178.   if (rc != LDAP_SUCCESS) {
    1179. 

  1179.     raise_warning("Unable to parse result: %s", ldap_err2string(rc));
    1180. 

  1180.     return false;
    1181. 

  1181.   }
    1182. 

  1182. 

  1183.   errcode = lerrcode;
    1184. 

  1184. 

  1185.   /* Reverse -> fall through */
    1186. 

  1186.   Array arr = Array::Create();
    1187. 

  1187.   if (lreferrals != NULL) {
    1188. 

  1188.     refp = lreferrals;
    1189. 

  1189.     while (*refp) {
    1190. 

  1190.       arr.append(String(*refp, CopyString));
    1191. 

  1191.       refp++;
    1192. 

  1192.     }
    1193. 

  1193.     ldap_value_free(lreferrals);
    1194. 

  1194.   }
    1195. 

  1195.   referrals = arr;
    1196. 

  1196. 

  1197.   if (lerrmsg == NULL) {
    1198. 

  1198.     errmsg = String("");
    1199. 

  1199.   } else {
    1200. 

  1200.     errmsg = String(lerrmsg, CopyString);
    1201. 

  1201.     ldap_memfree(lerrmsg);
    1202. 

  1202.   }
    1203. 

  1203. 

  1204.   if (lmatcheddn == NULL) {
    1205. 

  1205.     matcheddn = String("");
    1206. 

  1206.   } else {
    1207. 

  1207.     matcheddn = String(lmatcheddn, CopyString);
    1208. 

  1208.     ldap_memfree(lmatcheddn);
    1209. 

  1209.   }
    1210. 

  1210.   return true;
    1211. 

  1211. }
    1212. 

  1212. 

  1213. bool f_ldap_free_result(CResRef result) {
    1214. 

  1214.   LdapResult *res = result.getTyped<LdapResult>();
    1215. 

  1215.   res->close();
    1216. 

  1216.   return true;
    1217. 

  1217. }
    1218. 

  1218. 

  1219. Variant f_ldap_get_values_len(CResRef link, CResRef result_entry,
    1220. 

  1220.                               const String& attribute) {
    1221. 

  1221.   LdapLink *ld = link.getTyped<LdapLink>();
    1222. 

  1222.   LdapResultEntry *entry = result_entry.getTyped<LdapResultEntry>();
    1223. 

  1223. 

  1224.   struct berval **ldap_value_len;
    1225. 

  1225.   if ((ldap_value_len =
    1226. 

  1226.        ldap_get_values_len(ld->link, entry->data,
    1227. 

  1227.                            (char*)attribute.data())) == NULL) {
    1228. 

  1228.     raise_warning("Cannot get the value(s) of attribute %s",
    1229. 

  1229.                   ldap_err2string(_get_lderrno(ld->link)));
    1230. 

  1230.     return false;
    1231. 

  1231.   }
    1232. 

  1232. 

  1233.   int num_values = ldap_count_values_len(ldap_value_len);
    1234. 

  1234.   Array ret;
    1235. 

  1235.   for (int i = 0; i < num_values; i++) {
    1236. 

  1236.     ret.append(String(ldap_value_len[i]->bv_val, ldap_value_len[i]->bv_len,
    1237. 

  1237.                       CopyString));
    1238. 

  1238.   }
    1239. 

  1239.   ret.set(s_count, num_values);
    1240. 

  1240.   ldap_value_free_len(ldap_value_len);
    1241. 

  1241.   return ret;
    1242. 

  1242. }
    1243. 

  1243. 

  1244. Variant f_ldap_get_values(CResRef link, CResRef result_entry,
    1245. 

  1245.                           const String& attribute) {
    1246. 

  1246.   return f_ldap_get_values_len(link, result_entry, attribute);
    1247. 

  1247. }
    1248. 

  1248. 

  1249. ///////////////////////////////////////////////////////////////////////////////
    1250. 

  1250. }
    1251. 

  1251.