1/*
2   +----------------------------------------------------------------------+
3   | PHP Version 5                                                        |
4   +----------------------------------------------------------------------+
5   | Copyright (c) 1997-2014 The PHP Group                                |
6   +----------------------------------------------------------------------+
7   | This source file is subject to version 3.01 of the PHP license,      |
8   | that is bundled with this package in the file LICENSE, and is        |
9   | available through the world-wide-web at the following url:           |
10   | http://www.php.net/license/3_01.txt                                  |
11   | If you did not receive a copy of the PHP license and are unable to   |
12   | obtain it through the world-wide-web, please send a note to          |
13   | license@php.net so we can mail you a copy immediately.               |
14   +----------------------------------------------------------------------+
15   | Authors: Amitay Isaacs  <amitay@w-o-i.com>                           |
16   |          Eric Warnke    <ericw@albany.edu>                           |
17   |          Rasmus Lerdorf <rasmus@php.net>                             |
18   |          Gerrit Thomson <334647@swin.edu.au>                         |
19   |          Jani Taskinen  <sniper@iki.fi>                              |
20   |          Stig Venaas    <venaas@uninett.no>                          |
21   |          Doug Goldstein <cardoe@cardoe.com>                          |
22   | PHP 4.0 updates:  Zeev Suraski <zeev@zend.com>                       |
23   +----------------------------------------------------------------------+
24 */
25
26/* $Id: 6de334df54b2b9be6a633c353cfcc7412b9a37cd $ */
27#define IS_EXT_MODULE
28
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33/* Additional headers for NetWare */
34#if defined(NETWARE) && (NEW_LIBC)
35#include <sys/select.h>
36#include <sys/timeval.h>
37#endif
38
39#include "php.h"
40#include "php_ini.h"
41
42#include <stddef.h>
43
44#include "ext/standard/dl.h"
45#include "php_ldap.h"
46
47#ifdef PHP_WIN32
48#include <string.h>
49#include "config.w32.h"
50#if HAVE_NSLDAP
51#include <winsock2.h>
52#endif
53#define strdup _strdup
54#undef WINDOWS
55#undef strcasecmp
56#undef strncasecmp
57#define WINSOCK 1
58#define __STDC__ 1
59#endif
60
61#include "ext/standard/php_string.h"
62#include "ext/standard/info.h"
63
64#ifdef HAVE_LDAP_SASL_H
65#include <sasl.h>
66#elif defined(HAVE_LDAP_SASL_SASL_H)
67#include <sasl/sasl.h>
68#endif
69
70typedef struct {
71    LDAP *link;
72#if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
73    zval *rebindproc;
74#endif
75} ldap_linkdata;
76
77typedef struct {
78    LDAPMessage *data;
79    BerElement *ber;
80    int id;
81} ldap_resultentry;
82
83ZEND_DECLARE_MODULE_GLOBALS(ldap)
84static PHP_GINIT_FUNCTION(ldap);
85
86static int le_link, le_result, le_result_entry;
87
88#ifdef COMPILE_DL_LDAP
89ZEND_GET_MODULE(ldap)
90#endif
91
92static void _close_ldap_link(zend_rsrc_list_entry *rsrc TSRMLS_DC) /* {{{ */
93{
94    ldap_linkdata *ld = (ldap_linkdata *)rsrc->ptr;
95
96    ldap_unbind_s(ld->link);
97#if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
98    if (ld->rebindproc != NULL) {
99        zval_dtor(ld->rebindproc);
100        FREE_ZVAL(ld->rebindproc);
101    }
102#endif
103    efree(ld);
104    LDAPG(num_links)--;
105}
106/* }}} */
107
108static void _free_ldap_result(zend_rsrc_list_entry *rsrc TSRMLS_DC) /* {{{ */
109{
110    LDAPMessage *result = (LDAPMessage *)rsrc->ptr;
111    ldap_msgfree(result);
112}
113/* }}} */
114
115static void _free_ldap_result_entry(zend_rsrc_list_entry *rsrc TSRMLS_DC) /* {{{ */
116{
117    ldap_resultentry *entry = (ldap_resultentry *)rsrc->ptr;
118
119    if (entry->ber != NULL) {
120        ber_free(entry->ber, 0);
121        entry->ber = NULL;
122    }
123    zend_list_delete(entry->id);
124    efree(entry);
125}
126/* }}} */
127
128/* {{{ PHP_INI_BEGIN
129 */
130PHP_INI_BEGIN()
131    STD_PHP_INI_ENTRY_EX("ldap.max_links", "-1", PHP_INI_SYSTEM, OnUpdateLong, max_links, zend_ldap_globals, ldap_globals, display_link_numbers)
132PHP_INI_END()
133/* }}} */
134
135/* {{{ PHP_GINIT_FUNCTION
136 */
137static PHP_GINIT_FUNCTION(ldap)
138{
139    ldap_globals->num_links = 0;
140}
141/* }}} */
142
143/* {{{ PHP_MINIT_FUNCTION
144 */
145PHP_MINIT_FUNCTION(ldap)
146{
147    REGISTER_INI_ENTRIES();
148
149    /* Constants to be used with deref-parameter in php_ldap_do_search() */
150    REGISTER_LONG_CONSTANT("LDAP_DEREF_NEVER", LDAP_DEREF_NEVER, CONST_PERSISTENT | CONST_CS);
151    REGISTER_LONG_CONSTANT("LDAP_DEREF_SEARCHING", LDAP_DEREF_SEARCHING, CONST_PERSISTENT | CONST_CS);
152    REGISTER_LONG_CONSTANT("LDAP_DEREF_FINDING", LDAP_DEREF_FINDING, CONST_PERSISTENT | CONST_CS);
153    REGISTER_LONG_CONSTANT("LDAP_DEREF_ALWAYS", LDAP_DEREF_ALWAYS, CONST_PERSISTENT | CONST_CS);
154
155    /* Constants to be used with ldap_modify_batch() */
156    REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_ADD", LDAP_MODIFY_BATCH_ADD, CONST_PERSISTENT | CONST_CS);
157    REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REMOVE", LDAP_MODIFY_BATCH_REMOVE, CONST_PERSISTENT | CONST_CS);
158    REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REMOVE_ALL", LDAP_MODIFY_BATCH_REMOVE_ALL, CONST_PERSISTENT | CONST_CS);
159    REGISTER_LONG_CONSTANT("LDAP_MODIFY_BATCH_REPLACE", LDAP_MODIFY_BATCH_REPLACE, CONST_PERSISTENT | CONST_CS);
160    REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_ATTRIB", LDAP_MODIFY_BATCH_ATTRIB, CONST_PERSISTENT | CONST_CS);
161    REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_MODTYPE", LDAP_MODIFY_BATCH_MODTYPE, CONST_PERSISTENT | CONST_CS);
162    REGISTER_STRING_CONSTANT("LDAP_MODIFY_BATCH_VALUES", LDAP_MODIFY_BATCH_VALUES, CONST_PERSISTENT | CONST_CS);
163
164#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP
165    /* LDAP options */
166    REGISTER_LONG_CONSTANT("LDAP_OPT_DEREF", LDAP_OPT_DEREF, CONST_PERSISTENT | CONST_CS);
167    REGISTER_LONG_CONSTANT("LDAP_OPT_SIZELIMIT", LDAP_OPT_SIZELIMIT, CONST_PERSISTENT | CONST_CS);
168    REGISTER_LONG_CONSTANT("LDAP_OPT_TIMELIMIT", LDAP_OPT_TIMELIMIT, CONST_PERSISTENT | CONST_CS);
169#ifdef LDAP_OPT_NETWORK_TIMEOUT
170    REGISTER_LONG_CONSTANT("LDAP_OPT_NETWORK_TIMEOUT", LDAP_OPT_NETWORK_TIMEOUT, CONST_PERSISTENT | CONST_CS);
171#elif defined (LDAP_X_OPT_CONNECT_TIMEOUT)
172    REGISTER_LONG_CONSTANT("LDAP_OPT_NETWORK_TIMEOUT", LDAP_X_OPT_CONNECT_TIMEOUT, CONST_PERSISTENT | CONST_CS);
173#endif
174    REGISTER_LONG_CONSTANT("LDAP_OPT_PROTOCOL_VERSION", LDAP_OPT_PROTOCOL_VERSION, CONST_PERSISTENT | CONST_CS);
175    REGISTER_LONG_CONSTANT("LDAP_OPT_ERROR_NUMBER", LDAP_OPT_ERROR_NUMBER, CONST_PERSISTENT | CONST_CS);
176    REGISTER_LONG_CONSTANT("LDAP_OPT_REFERRALS", LDAP_OPT_REFERRALS, CONST_PERSISTENT | CONST_CS);
177#ifdef LDAP_OPT_RESTART
178    REGISTER_LONG_CONSTANT("LDAP_OPT_RESTART", LDAP_OPT_RESTART, CONST_PERSISTENT | CONST_CS);
179#endif
180#ifdef LDAP_OPT_HOST_NAME
181    REGISTER_LONG_CONSTANT("LDAP_OPT_HOST_NAME", LDAP_OPT_HOST_NAME, CONST_PERSISTENT | CONST_CS);
182#endif
183    REGISTER_LONG_CONSTANT("LDAP_OPT_ERROR_STRING", LDAP_OPT_ERROR_STRING, CONST_PERSISTENT | CONST_CS);
184#ifdef LDAP_OPT_MATCHED_DN
185    REGISTER_LONG_CONSTANT("LDAP_OPT_MATCHED_DN", LDAP_OPT_MATCHED_DN, CONST_PERSISTENT | CONST_CS);
186#endif
187    REGISTER_LONG_CONSTANT("LDAP_OPT_SERVER_CONTROLS", LDAP_OPT_SERVER_CONTROLS, CONST_PERSISTENT | CONST_CS);
188    REGISTER_LONG_CONSTANT("LDAP_OPT_CLIENT_CONTROLS", LDAP_OPT_CLIENT_CONTROLS, CONST_PERSISTENT | CONST_CS);
189#endif
190#ifdef LDAP_OPT_DEBUG_LEVEL
191    REGISTER_LONG_CONSTANT("LDAP_OPT_DEBUG_LEVEL", LDAP_OPT_DEBUG_LEVEL, CONST_PERSISTENT | CONST_CS);
192#endif
193
194#ifdef HAVE_LDAP_SASL
195    REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_MECH", LDAP_OPT_X_SASL_MECH, CONST_PERSISTENT | CONST_CS);
196    REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_REALM", LDAP_OPT_X_SASL_REALM, CONST_PERSISTENT | CONST_CS);
197    REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_AUTHCID", LDAP_OPT_X_SASL_AUTHCID, CONST_PERSISTENT | CONST_CS);
198    REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_AUTHZID", LDAP_OPT_X_SASL_AUTHZID, CONST_PERSISTENT | CONST_CS);
199#endif
200
201#ifdef ORALDAP
202    REGISTER_LONG_CONSTANT("GSLC_SSL_NO_AUTH", GSLC_SSL_NO_AUTH, CONST_PERSISTENT | CONST_CS);
203    REGISTER_LONG_CONSTANT("GSLC_SSL_ONEWAY_AUTH", GSLC_SSL_ONEWAY_AUTH, CONST_PERSISTENT | CONST_CS);
204    REGISTER_LONG_CONSTANT("GSLC_SSL_TWOWAY_AUTH", GSLC_SSL_TWOWAY_AUTH, CONST_PERSISTENT | CONST_CS);
205#endif
206
207    le_link = zend_register_list_destructors_ex(_close_ldap_link, NULL, "ldap link", module_number);
208    le_result = zend_register_list_destructors_ex(_free_ldap_result, NULL, "ldap result", module_number);
209    le_result_entry = zend_register_list_destructors_ex(_free_ldap_result_entry, NULL, "ldap result entry", module_number);
210
211    Z_TYPE(ldap_module_entry) = type;
212
213    return SUCCESS;
214}
215/* }}} */
216
217/* {{{ PHP_MSHUTDOWN_FUNCTION
218 */
219PHP_MSHUTDOWN_FUNCTION(ldap)
220{
221    UNREGISTER_INI_ENTRIES();
222    return SUCCESS;
223}
224/* }}} */
225
226/* {{{ PHP_MINFO_FUNCTION
227 */
228PHP_MINFO_FUNCTION(ldap)
229{
230    char tmp[32];
231#if HAVE_NSLDAP
232    LDAPVersion ver;
233    double SDKVersion;
234#endif
235
236    php_info_print_table_start();
237    php_info_print_table_row(2, "LDAP Support", "enabled");
238    php_info_print_table_row(2, "RCS Version", "$Id: 6de334df54b2b9be6a633c353cfcc7412b9a37cd $");
239
240    if (LDAPG(max_links) == -1) {
241        snprintf(tmp, 31, "%ld/unlimited", LDAPG(num_links));
242    } else {
243        snprintf(tmp, 31, "%ld/%ld", LDAPG(num_links), LDAPG(max_links));
244    }
245    php_info_print_table_row(2, "Total Links", tmp);
246
247#ifdef LDAP_API_VERSION
248    snprintf(tmp, 31, "%d", LDAP_API_VERSION);
249    php_info_print_table_row(2, "API Version", tmp);
250#endif
251
252#ifdef LDAP_VENDOR_NAME
253    php_info_print_table_row(2, "Vendor Name", LDAP_VENDOR_NAME);
254#endif
255
256#ifdef LDAP_VENDOR_VERSION
257    snprintf(tmp, 31, "%d", LDAP_VENDOR_VERSION);
258    php_info_print_table_row(2, "Vendor Version", tmp);
259#endif
260
261#if HAVE_NSLDAP
262    SDKVersion = ldap_version(&ver);
263    snprintf(tmp, 31, "%F", SDKVersion/100.0);
264    php_info_print_table_row(2, "SDK Version", tmp);
265
266    snprintf(tmp, 31, "%F", ver.protocol_version/100.0);
267    php_info_print_table_row(2, "Highest LDAP Protocol Supported", tmp);
268
269    snprintf(tmp, 31, "%F", ver.SSL_version/100.0);
270    php_info_print_table_row(2, "SSL Level Supported", tmp);
271
272    if (ver.security_level != LDAP_SECURITY_NONE) {
273        snprintf(tmp, 31, "%d", ver.security_level);
274    } else {
275        strcpy(tmp, "SSL not enabled");
276    }
277    php_info_print_table_row(2, "Level of Encryption", tmp);
278#endif
279
280#ifdef HAVE_LDAP_SASL
281    php_info_print_table_row(2, "SASL Support", "Enabled");
282#endif
283
284    php_info_print_table_end();
285    DISPLAY_INI_ENTRIES();
286}
287/* }}} */
288
289/* {{{ proto resource ldap_connect([string host [, int port [, string wallet [, string wallet_passwd [, int authmode]]]]])
290   Connect to an LDAP server */
291PHP_FUNCTION(ldap_connect)
292{
293    char *host = NULL;
294    int hostlen;
295    long port = 389; /* Default port */
296#ifdef HAVE_ORALDAP
297    char *wallet = NULL, *walletpasswd = NULL;
298    int walletlen = 0, walletpasswdlen = 0;
299    long authmode = GSLC_SSL_NO_AUTH;
300    int ssl=0;
301#endif
302    ldap_linkdata *ld;
303    LDAP *ldap;
304
305#ifdef HAVE_ORALDAP
306    if (ZEND_NUM_ARGS() == 3 || ZEND_NUM_ARGS() == 4) {
307        WRONG_PARAM_COUNT;
308    }
309
310    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|slssl", &host, &hostlen, &port, &wallet, &walletlen, &walletpasswd, &walletpasswdlen, &authmode) != SUCCESS) {
311        RETURN_FALSE;
312    }
313
314    if (ZEND_NUM_ARGS() == 5) {
315        ssl = 1;
316    }
317#else
318    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sl", &host, &hostlen, &port) != SUCCESS) {
319        RETURN_FALSE;
320    }
321#endif
322
323    if (LDAPG(max_links) != -1 && LDAPG(num_links) >= LDAPG(max_links)) {
324        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Too many open links (%ld)", LDAPG(num_links));
325        RETURN_FALSE;
326    }
327
328    ld = ecalloc(1, sizeof(ldap_linkdata));
329
330#ifdef LDAP_API_FEATURE_X_OPENLDAP
331    if (host != NULL && strchr(host, '/')) {
332        int rc;
333
334        rc = ldap_initialize(&ldap, host);
335        if (rc != LDAP_SUCCESS) {
336            efree(ld);
337            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not create session handle: %s", ldap_err2string(rc));
338            RETURN_FALSE;
339        }
340    } else {
341        ldap = ldap_init(host, port);
342    }
343#else
344    ldap = ldap_open(host, port);
345#endif
346
347    if (ldap == NULL) {
348        efree(ld);
349        RETURN_FALSE;
350    } else {
351#ifdef HAVE_ORALDAP
352        if (ssl) {
353            if (ldap_init_SSL(&ldap->ld_sb, wallet, walletpasswd, authmode)) {
354                efree(ld);
355                php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL init failed");
356                RETURN_FALSE;
357            }
358        }
359#endif
360        LDAPG(num_links)++;
361        ld->link = ldap;
362        ZEND_REGISTER_RESOURCE(return_value, ld, le_link);
363    }
364
365}
366/* }}} */
367
368/* {{{ _get_lderrno
369 */
370static int _get_lderrno(LDAP *ldap)
371{
372#if !HAVE_NSLDAP
373#if LDAP_API_VERSION > 2000 || HAVE_ORALDAP
374    int lderr;
375
376    /* New versions of OpenLDAP do it this way */
377    ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &lderr);
378    return lderr;
379#else
380    return ldap->ld_errno;
381#endif
382#else
383    return ldap_get_lderrno(ldap, NULL, NULL);
384#endif
385}
386/* }}} */
387
388/* {{{ _set_lderrno
389 */
390static void _set_lderrno(LDAP *ldap, int lderr)
391{
392#if !HAVE_NSLDAP
393#if LDAP_API_VERSION > 2000 || HAVE_ORALDAP
394    /* New versions of OpenLDAP do it this way */
395    ldap_set_option(ldap, LDAP_OPT_ERROR_NUMBER, &lderr);
396#else
397    ldap->ld_errno = lderr;
398#endif
399#else
400    ldap_set_lderrno(ldap, lderr, NULL, NULL);
401#endif
402}
403/* }}} */
404
405/* {{{ proto bool ldap_bind(resource link [, string dn [, string password]])
406   Bind to LDAP directory */
407PHP_FUNCTION(ldap_bind)
408{
409    zval *link;
410    char *ldap_bind_dn = NULL, *ldap_bind_pw = NULL;
411    int ldap_bind_dnlen, ldap_bind_pwlen;
412    ldap_linkdata *ld;
413    int rc;
414
415    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|ss", &link, &ldap_bind_dn, &ldap_bind_dnlen, &ldap_bind_pw, &ldap_bind_pwlen) != SUCCESS) {
416        RETURN_FALSE;
417    }
418
419    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
420
421    if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
422        _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
423        php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
424        RETURN_FALSE;
425    }
426
427    if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
428        _set_lderrno(ld->link, LDAP_INVALID_CREDENTIALS);
429        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
430        RETURN_FALSE;
431    }
432
433    if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {
434        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to bind to server: %s", ldap_err2string(rc));
435        RETURN_FALSE;
436    } else {
437        RETURN_TRUE;
438    }
439}
440/* }}} */
441
442#ifdef HAVE_LDAP_SASL
443typedef struct {
444    char *mech;
445    char *realm;
446    char *authcid;
447    char *passwd;
448    char *authzid;
449} php_ldap_bictx;
450
451/* {{{ _php_sasl_setdefs
452 */
453static php_ldap_bictx *_php_sasl_setdefs(LDAP *ld, char *sasl_mech, char *sasl_realm, char *sasl_authc_id, char *passwd, char *sasl_authz_id)
454{
455    php_ldap_bictx *ctx;
456
457    ctx = ber_memalloc(sizeof(php_ldap_bictx));
458    ctx->mech    = (sasl_mech) ? ber_strdup(sasl_mech) : NULL;
459    ctx->realm   = (sasl_realm) ? ber_strdup(sasl_realm) : NULL;
460    ctx->authcid = (sasl_authc_id) ? ber_strdup(sasl_authc_id) : NULL;
461    ctx->passwd  = (passwd) ? ber_strdup(passwd) : NULL;
462    ctx->authzid = (sasl_authz_id) ? ber_strdup(sasl_authz_id) : NULL;
463
464    if (ctx->mech == NULL) {
465        ldap_get_option(ld, LDAP_OPT_X_SASL_MECH, &ctx->mech);
466    }
467    if (ctx->realm == NULL) {
468        ldap_get_option(ld, LDAP_OPT_X_SASL_REALM, &ctx->realm);
469    }
470    if (ctx->authcid == NULL) {
471        ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHCID, &ctx->authcid);
472    }
473    if (ctx->authzid == NULL) {
474        ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHZID, &ctx->authzid);
475    }
476
477    return ctx;
478}
479/* }}} */
480
481/* {{{ _php_sasl_freedefs
482 */
483static void _php_sasl_freedefs(php_ldap_bictx *ctx)
484{
485    if (ctx->mech) ber_memfree(ctx->mech);
486    if (ctx->realm) ber_memfree(ctx->realm);
487    if (ctx->authcid) ber_memfree(ctx->authcid);
488    if (ctx->passwd) ber_memfree(ctx->passwd);
489    if (ctx->authzid) ber_memfree(ctx->authzid);
490    ber_memfree(ctx);
491}
492/* }}} */
493
494/* {{{ _php_sasl_interact
495   Internal interact function for SASL */
496static int _php_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *in)
497{
498    sasl_interact_t *interact = in;
499    const char *p;
500    php_ldap_bictx *ctx = defaults;
501
502    for (;interact->id != SASL_CB_LIST_END;interact++) {
503        p = NULL;
504        switch(interact->id) {
505            case SASL_CB_GETREALM:
506                p = ctx->realm;
507                break;
508            case SASL_CB_AUTHNAME:
509                p = ctx->authcid;
510                break;
511            case SASL_CB_USER:
512                p = ctx->authzid;
513                break;
514            case SASL_CB_PASS:
515                p = ctx->passwd;
516                break;
517        }
518        if (p) {
519            interact->result = p;
520            interact->len = strlen(interact->result);
521        }
522    }
523    return LDAP_SUCCESS;
524}
525/* }}} */
526
527/* {{{ proto bool ldap_sasl_bind(resource link [, string binddn [, string password [, string sasl_mech [, string sasl_realm [, string sasl_authc_id [, string sasl_authz_id [, string props]]]]]]])
528   Bind to LDAP directory using SASL */
529PHP_FUNCTION(ldap_sasl_bind)
530{
531    zval *link;
532    ldap_linkdata *ld;
533    char *binddn = NULL;
534    char *passwd = NULL;
535    char *sasl_mech = NULL;
536    char *sasl_realm = NULL;
537    char *sasl_authz_id = NULL;
538    char *sasl_authc_id = NULL;
539    char *props = NULL;
540    int rc, dn_len, passwd_len, mech_len, realm_len, authc_id_len, authz_id_len, props_len;
541    php_ldap_bictx *ctx;
542
543    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|sssssss", &link, &binddn, &dn_len, &passwd, &passwd_len, &sasl_mech, &mech_len, &sasl_realm, &realm_len, &sasl_authc_id, &authc_id_len, &sasl_authz_id, &authz_id_len, &props, &props_len) != SUCCESS) {
544        RETURN_FALSE;
545    }
546
547    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
548
549    ctx = _php_sasl_setdefs(ld->link, sasl_mech, sasl_realm, sasl_authc_id, passwd, sasl_authz_id);
550
551    if (props) {
552        ldap_set_option(ld->link, LDAP_OPT_X_SASL_SECPROPS, props);
553    }
554
555    rc = ldap_sasl_interactive_bind_s(ld->link, binddn, ctx->mech, NULL, NULL, LDAP_SASL_QUIET, _php_sasl_interact, ctx);
556    if (rc != LDAP_SUCCESS) {
557        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to bind to server: %s", ldap_err2string(rc));
558        RETVAL_FALSE;
559    } else {
560        RETVAL_TRUE;
561    }
562    _php_sasl_freedefs(ctx);
563}
564/* }}} */
565#endif /* HAVE_LDAP_SASL */
566
567/* {{{ proto bool ldap_unbind(resource link)
568   Unbind from LDAP directory */
569PHP_FUNCTION(ldap_unbind)
570{
571    zval *link;
572    ldap_linkdata *ld;
573
574    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &link) != SUCCESS) {
575        RETURN_FALSE;
576    }
577
578    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
579
580    zend_list_delete(Z_LVAL_P(link));
581    RETURN_TRUE;
582}
583/* }}} */
584
585/* {{{ php_set_opts
586 */
587static void php_set_opts(LDAP *ldap, int sizelimit, int timelimit, int deref, int *old_sizelimit, int *old_timelimit, int *old_deref)
588{
589    /* sizelimit */
590    if (sizelimit > -1) {
591#if (LDAP_API_VERSION >= 2004) || HAVE_NSLDAP || HAVE_ORALDAP
592        ldap_get_option(ldap, LDAP_OPT_SIZELIMIT, old_sizelimit);
593        ldap_set_option(ldap, LDAP_OPT_SIZELIMIT, &sizelimit);
594#else
595        *old_sizelimit = ldap->ld_sizelimit;
596        ldap->ld_sizelimit = sizelimit;
597#endif
598    }
599
600    /* timelimit */
601    if (timelimit > -1) {
602#if (LDAP_API_VERSION >= 2004) || HAVE_NSLDAP || HAVE_ORALDAP
603        ldap_get_option(ldap, LDAP_OPT_SIZELIMIT, old_timelimit);
604        ldap_set_option(ldap, LDAP_OPT_TIMELIMIT, &timelimit);
605#else
606        *old_timelimit = ldap->ld_timelimit;
607        ldap->ld_timelimit = timelimit;
608#endif
609    }
610
611    /* deref */
612    if (deref > -1) {
613#if (LDAP_API_VERSION >= 2004) || HAVE_NSLDAP || HAVE_ORALDAP
614        ldap_get_option(ldap, LDAP_OPT_SIZELIMIT, old_deref);
615        ldap_set_option(ldap, LDAP_OPT_DEREF, &deref);
616#else
617        *old_deref = ldap->ld_deref;
618        ldap->ld_deref = deref;
619#endif
620    }
621}
622/* }}} */
623
624/* {{{ php_ldap_do_search
625 */
626static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
627{
628    zval *link, *base_dn, **filter, *attrs = NULL, **attr;
629    long attrsonly, sizelimit, timelimit, deref;
630    char *ldap_base_dn = NULL, *ldap_filter = NULL, **ldap_attrs = NULL;
631    ldap_linkdata *ld = NULL;
632    LDAPMessage *ldap_res;
633    int ldap_attrsonly = 0, ldap_sizelimit = -1, ldap_timelimit = -1, ldap_deref = -1;
634    int old_ldap_sizelimit = -1, old_ldap_timelimit = -1, old_ldap_deref = -1;
635    int num_attribs = 0, ret = 1, i, errno, argcount = ZEND_NUM_ARGS();
636
637    if (zend_parse_parameters(argcount TSRMLS_CC, "zzZ|allll", &link, &base_dn, &filter, &attrs, &attrsonly,
638        &sizelimit, &timelimit, &deref) == FAILURE) {
639        return;
640    }
641
642    /* Reverse -> fall through */
643    switch (argcount) {
644        case 8:
645            ldap_deref = deref;
646        case 7:
647            ldap_timelimit = timelimit;
648        case 6:
649            ldap_sizelimit = sizelimit;
650        case 5:
651            ldap_attrsonly = attrsonly;
652        case 4:
653            num_attribs = zend_hash_num_elements(Z_ARRVAL_P(attrs));
654            ldap_attrs = safe_emalloc((num_attribs+1), sizeof(char *), 0);
655
656            for (i = 0; i<num_attribs; i++) {
657                if (zend_hash_index_find(Z_ARRVAL_P(attrs), i, (void **) &attr) != SUCCESS) {
658                    php_error_docref(NULL TSRMLS_CC, E_WARNING, "Array initialization wrong");
659                    ret = 0;
660                    goto cleanup;
661                }
662
663                SEPARATE_ZVAL(attr);
664                convert_to_string_ex(attr);
665                ldap_attrs[i] = Z_STRVAL_PP(attr);
666            }
667            ldap_attrs[num_attribs] = NULL;
668        default:
669            break;
670    }
671
672    /* parallel search? */
673    if (Z_TYPE_P(link) == IS_ARRAY) {
674        int i, nlinks, nbases, nfilters, *rcs;
675        ldap_linkdata **lds;
676        zval **entry, *resource;
677
678        nlinks = zend_hash_num_elements(Z_ARRVAL_P(link));
679        if (nlinks == 0) {
680            php_error_docref(NULL TSRMLS_CC, E_WARNING, "No links in link array");
681            ret = 0;
682            goto cleanup;
683        }
684
685        if (Z_TYPE_P(base_dn) == IS_ARRAY) {
686            nbases = zend_hash_num_elements(Z_ARRVAL_P(base_dn));
687            if (nbases != nlinks) {
688                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Base must either be a string, or an array with the same number of elements as the links array");
689                ret = 0;
690                goto cleanup;
691            }
692            zend_hash_internal_pointer_reset(Z_ARRVAL_P(base_dn));
693        } else {
694            nbases = 0; /* this means string, not array */
695            /* If anything else than string is passed, ldap_base_dn = NULL */
696            if (Z_TYPE_P(base_dn) == IS_STRING) {
697                ldap_base_dn = Z_STRVAL_P(base_dn);
698            } else {
699                ldap_base_dn = NULL;
700            }
701        }
702
703        if (Z_TYPE_PP(filter) == IS_ARRAY) {
704            nfilters = zend_hash_num_elements(Z_ARRVAL_PP(filter));
705            if (nfilters != nlinks) {
706                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filter must either be a string, or an array with the same number of elements as the links array");
707                ret = 0;
708                goto cleanup;
709            }
710            zend_hash_internal_pointer_reset(Z_ARRVAL_PP(filter));
711        } else {
712            nfilters = 0; /* this means string, not array */
713            convert_to_string_ex(filter);
714            ldap_filter = Z_STRVAL_PP(filter);
715        }
716
717        lds = safe_emalloc(nlinks, sizeof(ldap_linkdata), 0);
718        rcs = safe_emalloc(nlinks, sizeof(*rcs), 0);
719
720        zend_hash_internal_pointer_reset(Z_ARRVAL_P(link));
721        for (i=0; i<nlinks; i++) {
722            zend_hash_get_current_data(Z_ARRVAL_P(link), (void **)&entry);
723
724            ld = (ldap_linkdata *) zend_fetch_resource(entry TSRMLS_CC, -1, "ldap link", NULL, 1, le_link);
725            if (ld == NULL) {
726                ret = 0;
727                goto cleanup_parallel;
728            }
729            if (nbases != 0) { /* base_dn an array? */
730                zend_hash_get_current_data(Z_ARRVAL_P(base_dn), (void **)&entry);
731                zend_hash_move_forward(Z_ARRVAL_P(base_dn));
732
733                /* If anything else than string is passed, ldap_base_dn = NULL */
734                if (Z_TYPE_PP(entry) == IS_STRING) {
735                    ldap_base_dn = Z_STRVAL_PP(entry);
736                } else {
737                    ldap_base_dn = NULL;
738                }
739            }
740            if (nfilters != 0) { /* filter an array? */
741                zend_hash_get_current_data(Z_ARRVAL_PP(filter), (void **)&entry);
742                zend_hash_move_forward(Z_ARRVAL_PP(filter));
743                convert_to_string_ex(entry);
744                ldap_filter = Z_STRVAL_PP(entry);
745            }
746
747            php_set_opts(ld->link, ldap_sizelimit, ldap_timelimit, ldap_deref, &old_ldap_sizelimit, &old_ldap_timelimit, &old_ldap_deref);
748
749            /* Run the actual search */
750            rcs[i] = ldap_search(ld->link, ldap_base_dn, scope, ldap_filter, ldap_attrs, ldap_attrsonly);
751            lds[i] = ld;
752            zend_hash_move_forward(Z_ARRVAL_P(link));
753        }
754
755        array_init(return_value);
756
757        /* Collect results from the searches */
758        for (i=0; i<nlinks; i++) {
759            MAKE_STD_ZVAL(resource);
760            if (rcs[i] != -1) {
761                rcs[i] = ldap_result(lds[i]->link, LDAP_RES_ANY, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
762            }
763            if (rcs[i] != -1) {
764                ZEND_REGISTER_RESOURCE(resource, ldap_res, le_result);
765                add_next_index_zval(return_value, resource);
766            } else {
767                add_next_index_bool(return_value, 0);
768            }
769        }
770
771cleanup_parallel:
772        efree(lds);
773        efree(rcs);
774    } else {
775        convert_to_string_ex(filter);
776        ldap_filter = Z_STRVAL_PP(filter);
777
778        /* If anything else than string is passed, ldap_base_dn = NULL */
779        if (Z_TYPE_P(base_dn) == IS_STRING) {
780            ldap_base_dn = Z_STRVAL_P(base_dn);
781        }
782
783        ld = (ldap_linkdata *) zend_fetch_resource(&link TSRMLS_CC, -1, "ldap link", NULL, 1, le_link);
784        if (ld == NULL) {
785            ret = 0;
786            goto cleanup;
787        }
788
789        php_set_opts(ld->link, ldap_sizelimit, ldap_timelimit, ldap_deref, &old_ldap_sizelimit, &old_ldap_timelimit, &old_ldap_deref);
790
791        /* Run the actual search */
792        errno = ldap_search_s(ld->link, ldap_base_dn, scope, ldap_filter, ldap_attrs, ldap_attrsonly, &ldap_res);
793
794        if (errno != LDAP_SUCCESS
795            && errno != LDAP_SIZELIMIT_EXCEEDED
796#ifdef LDAP_ADMINLIMIT_EXCEEDED
797            && errno != LDAP_ADMINLIMIT_EXCEEDED
798#endif
799#ifdef LDAP_REFERRAL
800            && errno != LDAP_REFERRAL
801#endif
802        ) {
803            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Search: %s", ldap_err2string(errno));
804            ret = 0;
805        } else {
806            if (errno == LDAP_SIZELIMIT_EXCEEDED) {
807                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Partial search results returned: Sizelimit exceeded");
808            }
809#ifdef LDAP_ADMINLIMIT_EXCEEDED
810            else if (errno == LDAP_ADMINLIMIT_EXCEEDED) {
811                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Partial search results returned: Adminlimit exceeded");
812            }
813#endif
814
815            ZEND_REGISTER_RESOURCE(return_value, ldap_res, le_result);
816        }
817    }
818
819cleanup:
820    if (ld) {
821        /* Restoring previous options */
822        php_set_opts(ld->link, old_ldap_sizelimit, old_ldap_timelimit, old_ldap_deref, &ldap_sizelimit, &ldap_timelimit, &ldap_deref);
823    }
824    if (ldap_attrs != NULL) {
825        efree(ldap_attrs);
826    }
827    if (!ret) {
828        RETVAL_BOOL(ret);
829    }
830}
831/* }}} */
832
833/* {{{ proto resource ldap_read(resource|array link, string base_dn, string filter [, array attrs [, int attrsonly [, int sizelimit [, int timelimit [, int deref]]]]])
834   Read an entry */
835PHP_FUNCTION(ldap_read)
836{
837    php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_BASE);
838}
839/* }}} */
840
841/* {{{ proto resource ldap_list(resource|array link, string base_dn, string filter [, array attrs [, int attrsonly [, int sizelimit [, int timelimit [, int deref]]]]])
842   Single-level search */
843PHP_FUNCTION(ldap_list)
844{
845    php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_ONELEVEL);
846}
847/* }}} */
848
849/* {{{ proto resource ldap_search(resource|array link, string base_dn, string filter [, array attrs [, int attrsonly [, int sizelimit [, int timelimit [, int deref]]]]])
850   Search LDAP tree under base_dn */
851PHP_FUNCTION(ldap_search)
852{
853    php_ldap_do_search(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_SCOPE_SUBTREE);
854}
855/* }}} */
856
857/* {{{ proto bool ldap_free_result(resource result)
858   Free result memory */
859PHP_FUNCTION(ldap_free_result)
860{
861    zval *result;
862    LDAPMessage *ldap_result;
863
864    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &result) != SUCCESS) {
865        return;
866    }
867
868    ZEND_FETCH_RESOURCE(ldap_result, LDAPMessage *, &result, -1, "ldap result", le_result);
869
870    zend_list_delete(Z_LVAL_P(result));  /* Delete list entry */
871    RETVAL_TRUE;
872}
873/* }}} */
874
875/* {{{ proto int ldap_count_entries(resource link, resource result)
876   Count the number of entries in a search result */
877PHP_FUNCTION(ldap_count_entries)
878{
879    zval *link, *result;
880    ldap_linkdata *ld;
881    LDAPMessage *ldap_result;
882
883    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr", &link, &result) != SUCCESS) {
884        return;
885    }
886
887    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
888    ZEND_FETCH_RESOURCE(ldap_result, LDAPMessage *, &result, -1, "ldap result", le_result);
889
890    RETURN_LONG(ldap_count_entries(ld->link, ldap_result));
891}
892/* }}} */
893
894/* {{{ proto resource ldap_first_entry(resource link, resource result)
895   Return first result id */
896PHP_FUNCTION(ldap_first_entry)
897{
898    zval *link, *result;
899    ldap_linkdata *ld;
900    ldap_resultentry *resultentry;
901    LDAPMessage *ldap_result, *entry;
902
903    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr", &link, &result) != SUCCESS) {
904        return;
905    }
906
907    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
908    ZEND_FETCH_RESOURCE(ldap_result, LDAPMessage *, &result, -1, "ldap result", le_result);
909
910    if ((entry = ldap_first_entry(ld->link, ldap_result)) == NULL) {
911        RETVAL_FALSE;
912    } else {
913        resultentry = emalloc(sizeof(ldap_resultentry));
914        ZEND_REGISTER_RESOURCE(return_value, resultentry, le_result_entry);
915        resultentry->id = Z_LVAL_P(result);
916        zend_list_addref(resultentry->id);
917        resultentry->data = entry;
918        resultentry->ber = NULL;
919    }
920}
921/* }}} */
922
923/* {{{ proto resource ldap_next_entry(resource link, resource result_entry)
924   Get next result entry */
925PHP_FUNCTION(ldap_next_entry)
926{
927    zval *link, *result_entry;
928    ldap_linkdata *ld;
929    ldap_resultentry *resultentry, *resultentry_next;
930    LDAPMessage *entry_next;
931
932    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr", &link, &result_entry) != SUCCESS) {
933        return;
934    }
935
936    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
937    ZEND_FETCH_RESOURCE(resultentry, ldap_resultentry *, &result_entry, -1, "ldap result entry", le_result_entry);
938
939    if ((entry_next = ldap_next_entry(ld->link, resultentry->data)) == NULL) {
940        RETVAL_FALSE;
941    } else {
942        resultentry_next = emalloc(sizeof(ldap_resultentry));
943        ZEND_REGISTER_RESOURCE(return_value, resultentry_next, le_result_entry);
944        resultentry_next->id = resultentry->id;
945        zend_list_addref(resultentry->id);
946        resultentry_next->data = entry_next;
947        resultentry_next->ber = NULL;
948    }
949}
950/* }}} */
951
952/* {{{ proto array ldap_get_entries(resource link, resource result)
953   Get all result entries */
954PHP_FUNCTION(ldap_get_entries)
955{
956    zval *link, *result;
957    LDAPMessage *ldap_result, *ldap_result_entry;
958    zval *tmp1, *tmp2;
959    ldap_linkdata *ld;
960    LDAP *ldap;
961    int num_entries, num_attrib, num_values, i;
962    BerElement *ber;
963    char *attribute;
964    size_t attr_len;
965    struct berval **ldap_value;
966    char *dn;
967
968    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr", &link, &result) != SUCCESS) {
969        return;
970    }
971
972    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
973    ZEND_FETCH_RESOURCE(ldap_result, LDAPMessage *, &result, -1, "ldap result", le_result);
974
975    ldap = ld->link;
976    num_entries = ldap_count_entries(ldap, ldap_result);
977
978    array_init(return_value);
979    add_assoc_long(return_value, "count", num_entries);
980
981    if (num_entries == 0) {
982        return;
983    }
984
985    ldap_result_entry = ldap_first_entry(ldap, ldap_result);
986    if (ldap_result_entry == NULL) {
987        zval_dtor(return_value);
988        RETURN_FALSE;
989    }
990
991    num_entries = 0;
992    while (ldap_result_entry != NULL) {
993        MAKE_STD_ZVAL(tmp1);
994        array_init(tmp1);
995
996        num_attrib = 0;
997        attribute = ldap_first_attribute(ldap, ldap_result_entry, &ber);
998
999        while (attribute != NULL) {
1000            ldap_value = ldap_get_values_len(ldap, ldap_result_entry, attribute);
1001            num_values = ldap_count_values_len(ldap_value);
1002
1003            MAKE_STD_ZVAL(tmp2);
1004            array_init(tmp2);
1005            add_assoc_long(tmp2, "count", num_values);
1006            for (i = 0; i < num_values; i++) {
1007                add_index_stringl(tmp2, i, ldap_value[i]->bv_val, ldap_value[i]->bv_len, 1);
1008            }
1009            ldap_value_free_len(ldap_value);
1010
1011            attr_len = strlen(attribute);
1012            zend_hash_update(Z_ARRVAL_P(tmp1), php_strtolower(attribute, attr_len), attr_len+1, (void *) &tmp2, sizeof(zval *), NULL);
1013            add_index_string(tmp1, num_attrib, attribute, 1);
1014
1015            num_attrib++;
1016#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
1017            ldap_memfree(attribute);
1018#endif
1019            attribute = ldap_next_attribute(ldap, ldap_result_entry, ber);
1020        }
1021#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
1022        if (ber != NULL) {
1023            ber_free(ber, 0);
1024        }
1025#endif
1026
1027        add_assoc_long(tmp1, "count", num_attrib);
1028        dn = ldap_get_dn(ldap, ldap_result_entry);
1029        add_assoc_string(tmp1, "dn", dn, 1);
1030#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
1031        ldap_memfree(dn);
1032#else
1033        free(dn);
1034#endif
1035
1036        zend_hash_index_update(Z_ARRVAL_P(return_value), num_entries, (void *) &tmp1, sizeof(zval *), NULL);
1037
1038        num_entries++;
1039        ldap_result_entry = ldap_next_entry(ldap, ldap_result_entry);
1040    }
1041
1042    add_assoc_long(return_value, "count", num_entries);
1043
1044}
1045/* }}} */
1046
1047/* {{{ proto string ldap_first_attribute(resource link, resource result_entry)
1048   Return first attribute */
1049PHP_FUNCTION(ldap_first_attribute)
1050{
1051    zval *link, *result_entry;
1052    ldap_linkdata *ld;
1053    ldap_resultentry *resultentry;
1054    char *attribute;
1055    long dummy_ber;
1056
1057    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr|l", &link, &result_entry, &dummy_ber) != SUCCESS) {
1058        return;
1059    }
1060
1061    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1062    ZEND_FETCH_RESOURCE(resultentry, ldap_resultentry *, &result_entry, -1, "ldap result entry", le_result_entry);
1063
1064    if ((attribute = ldap_first_attribute(ld->link, resultentry->data, &resultentry->ber)) == NULL) {
1065        RETURN_FALSE;
1066    } else {
1067        RETVAL_STRING(attribute, 1);
1068#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
1069        ldap_memfree(attribute);
1070#endif
1071    }
1072}
1073/* }}} */
1074
1075/* {{{ proto string ldap_next_attribute(resource link, resource result_entry)
1076   Get the next attribute in result */
1077PHP_FUNCTION(ldap_next_attribute)
1078{
1079    zval *link, *result_entry;
1080    ldap_linkdata *ld;
1081    ldap_resultentry *resultentry;
1082    char *attribute;
1083    long dummy_ber;
1084
1085    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr|l", &link, &result_entry, &dummy_ber) != SUCCESS) {
1086        return;
1087    }
1088
1089    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1090    ZEND_FETCH_RESOURCE(resultentry, ldap_resultentry *, &result_entry, -1, "ldap result entry", le_result_entry);
1091
1092    if (resultentry->ber == NULL) {
1093        php_error_docref(NULL TSRMLS_CC, E_WARNING, "called before calling ldap_first_attribute() or no attributes found in result entry");
1094        RETURN_FALSE;
1095    }
1096
1097    if ((attribute = ldap_next_attribute(ld->link, resultentry->data, resultentry->ber)) == NULL) {
1098#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
1099        if (resultentry->ber != NULL) {
1100            ber_free(resultentry->ber, 0);
1101            resultentry->ber = NULL;
1102        }
1103#endif
1104        RETURN_FALSE;
1105    } else {
1106        RETVAL_STRING(attribute, 1);
1107#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
1108        ldap_memfree(attribute);
1109#endif
1110    }
1111}
1112/* }}} */
1113
1114/* {{{ proto array ldap_get_attributes(resource link, resource result_entry)
1115   Get attributes from a search result entry */
1116PHP_FUNCTION(ldap_get_attributes)
1117{
1118    zval *link, *result_entry;
1119    zval *tmp;
1120    ldap_linkdata *ld;
1121    ldap_resultentry *resultentry;
1122    char *attribute;
1123    struct berval **ldap_value;
1124    int i, num_values, num_attrib;
1125    BerElement *ber;
1126
1127    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr", &link, &result_entry) != SUCCESS) {
1128        return;
1129    }
1130
1131    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1132    ZEND_FETCH_RESOURCE(resultentry, ldap_resultentry *, &result_entry, -1, "ldap result entry", le_result_entry);
1133
1134    array_init(return_value);
1135    num_attrib = 0;
1136
1137    attribute = ldap_first_attribute(ld->link, resultentry->data, &ber);
1138    while (attribute != NULL) {
1139        ldap_value = ldap_get_values_len(ld->link, resultentry->data, attribute);
1140        num_values = ldap_count_values_len(ldap_value);
1141
1142        MAKE_STD_ZVAL(tmp);
1143        array_init(tmp);
1144        add_assoc_long(tmp, "count", num_values);
1145        for (i = 0; i < num_values; i++) {
1146            add_index_stringl(tmp, i, ldap_value[i]->bv_val, ldap_value[i]->bv_len, 1);
1147        }
1148        ldap_value_free_len(ldap_value);
1149
1150        zend_hash_update(Z_ARRVAL_P(return_value), attribute, strlen(attribute)+1, (void *) &tmp, sizeof(zval *), NULL);
1151        add_index_string(return_value, num_attrib, attribute, 1);
1152
1153        num_attrib++;
1154#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
1155        ldap_memfree(attribute);
1156#endif
1157        attribute = ldap_next_attribute(ld->link, resultentry->data, ber);
1158    }
1159#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
1160    if (ber != NULL) {
1161        ber_free(ber, 0);
1162    }
1163#endif
1164
1165    add_assoc_long(return_value, "count", num_attrib);
1166}
1167/* }}} */
1168
1169/* {{{ proto array ldap_get_values_len(resource link, resource result_entry, string attribute)
1170   Get all values with lengths from a result entry */
1171PHP_FUNCTION(ldap_get_values_len)
1172{
1173    zval *link, *result_entry;
1174    ldap_linkdata *ld;
1175    ldap_resultentry *resultentry;
1176    char *attr;
1177    struct berval **ldap_value_len;
1178    int i, num_values, attr_len;
1179
1180    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rrs", &link, &result_entry, &attr, &attr_len) != SUCCESS) {
1181        return;
1182    }
1183
1184    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1185    ZEND_FETCH_RESOURCE(resultentry, ldap_resultentry *, &result_entry, -1, "ldap result entry", le_result_entry);
1186
1187    if ((ldap_value_len = ldap_get_values_len(ld->link, resultentry->data, attr)) == NULL) {
1188        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot get the value(s) of attribute %s", ldap_err2string(_get_lderrno(ld->link)));
1189        RETURN_FALSE;
1190    }
1191
1192    num_values = ldap_count_values_len(ldap_value_len);
1193    array_init(return_value);
1194
1195    for (i=0; i<num_values; i++) {
1196        add_next_index_stringl(return_value, ldap_value_len[i]->bv_val, ldap_value_len[i]->bv_len, 1);
1197    }
1198
1199    add_assoc_long(return_value, "count", num_values);
1200    ldap_value_free_len(ldap_value_len);
1201
1202}
1203/* }}} */
1204
1205/* {{{ proto string ldap_get_dn(resource link, resource result_entry)
1206   Get the DN of a result entry */
1207PHP_FUNCTION(ldap_get_dn)
1208{
1209    zval *link, *result_entry;
1210    ldap_linkdata *ld;
1211    ldap_resultentry *resultentry;
1212    char *text;
1213
1214    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr", &link, &result_entry) != SUCCESS) {
1215        return;
1216    }
1217
1218    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1219    ZEND_FETCH_RESOURCE(resultentry, ldap_resultentry *, &result_entry, -1, "ldap result entry", le_result_entry);
1220
1221    text = ldap_get_dn(ld->link, resultentry->data);
1222    if (text != NULL) {
1223        RETVAL_STRING(text, 1);
1224#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
1225        ldap_memfree(text);
1226#else
1227        free(text);
1228#endif
1229    } else {
1230        RETURN_FALSE;
1231    }
1232}
1233/* }}} */
1234
1235/* {{{ proto array ldap_explode_dn(string dn, int with_attrib)
1236   Splits DN into its component parts */
1237PHP_FUNCTION(ldap_explode_dn)
1238{
1239    long with_attrib;
1240    char *dn, **ldap_value;
1241    int i, count, dn_len;
1242
1243    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl", &dn, &dn_len, &with_attrib) != SUCCESS) {
1244        return;
1245    }
1246
1247    if (!(ldap_value = ldap_explode_dn(dn, with_attrib))) {
1248        /* Invalid parameters were passed to ldap_explode_dn */
1249        RETURN_FALSE;
1250    }
1251
1252    i=0;
1253    while (ldap_value[i] != NULL) i++;
1254    count = i;
1255
1256    array_init(return_value);
1257
1258    add_assoc_long(return_value, "count", count);
1259    for (i = 0; i<count; i++) {
1260        add_index_string(return_value, i, ldap_value[i], 1);
1261    }
1262
1263    ldap_value_free(ldap_value);
1264}
1265/* }}} */
1266
1267/* {{{ proto string ldap_dn2ufn(string dn)
1268   Convert DN to User Friendly Naming format */
1269PHP_FUNCTION(ldap_dn2ufn)
1270{
1271    char *dn, *ufn;
1272    int dn_len;
1273
1274    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &dn, &dn_len) != SUCCESS) {
1275        return;
1276    }
1277
1278    ufn = ldap_dn2ufn(dn);
1279
1280    if (ufn != NULL) {
1281        RETVAL_STRING(ufn, 1);
1282#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
1283        ldap_memfree(ufn);
1284#endif
1285    } else {
1286        RETURN_FALSE;
1287    }
1288}
1289/* }}} */
1290
1291
1292/* added to fix use of ldap_modify_add for doing an ldap_add, gerrit thomson. */
1293#define PHP_LD_FULL_ADD 0xff
1294/* {{{ php_ldap_do_modify
1295 */
1296static void php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS, int oper)
1297{
1298    zval *link, *entry, **value, **ivalue;
1299    ldap_linkdata *ld;
1300    char *dn;
1301    LDAPMod **ldap_mods;
1302    int i, j, num_attribs, num_values, dn_len;
1303    int *num_berval;
1304    char *attribute;
1305    ulong index;
1306    int is_full_add=0; /* flag for full add operation so ldap_mod_add can be put back into oper, gerrit THomson */
1307
1308    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsa", &link, &dn, &dn_len, &entry) != SUCCESS) {
1309        return;
1310    }
1311
1312    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1313
1314    num_attribs = zend_hash_num_elements(Z_ARRVAL_P(entry));
1315    ldap_mods = safe_emalloc((num_attribs+1), sizeof(LDAPMod *), 0);
1316    num_berval = safe_emalloc(num_attribs, sizeof(int), 0);
1317    zend_hash_internal_pointer_reset(Z_ARRVAL_P(entry));
1318
1319    /* added by gerrit thomson to fix ldap_add using ldap_mod_add */
1320    if (oper == PHP_LD_FULL_ADD) {
1321        oper = LDAP_MOD_ADD;
1322        is_full_add = 1;
1323    }
1324    /* end additional , gerrit thomson */
1325
1326    for (i = 0; i < num_attribs; i++) {
1327        ldap_mods[i] = emalloc(sizeof(LDAPMod));
1328        ldap_mods[i]->mod_op = oper | LDAP_MOD_BVALUES;
1329        ldap_mods[i]->mod_type = NULL;
1330
1331        if (zend_hash_get_current_key(Z_ARRVAL_P(entry), &attribute, &index, 0) == HASH_KEY_IS_STRING) {
1332            ldap_mods[i]->mod_type = estrdup(attribute);
1333        } else {
1334            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown attribute in the data");
1335            /* Free allocated memory */
1336            while (i >= 0) {
1337                if (ldap_mods[i]->mod_type) {
1338                    efree(ldap_mods[i]->mod_type);
1339                }
1340                efree(ldap_mods[i]);
1341                i--;
1342            }
1343            efree(num_berval);
1344            efree(ldap_mods);
1345            RETURN_FALSE;
1346        }
1347
1348        zend_hash_get_current_data(Z_ARRVAL_P(entry), (void **)&value);
1349
1350        if (Z_TYPE_PP(value) != IS_ARRAY) {
1351            num_values = 1;
1352        } else {
1353            num_values = zend_hash_num_elements(Z_ARRVAL_PP(value));
1354        }
1355
1356        num_berval[i] = num_values;
1357        ldap_mods[i]->mod_bvalues = safe_emalloc((num_values + 1), sizeof(struct berval *), 0);
1358
1359/* allow for arrays with one element, no allowance for arrays with none but probably not required, gerrit thomson. */
1360        if ((num_values == 1) && (Z_TYPE_PP(value) != IS_ARRAY)) {
1361            convert_to_string_ex(value);
1362            ldap_mods[i]->mod_bvalues[0] = (struct berval *) emalloc (sizeof(struct berval));
1363            ldap_mods[i]->mod_bvalues[0]->bv_len = Z_STRLEN_PP(value);
1364            ldap_mods[i]->mod_bvalues[0]->bv_val = Z_STRVAL_PP(value);
1365        } else {
1366            for (j = 0; j < num_values; j++) {
1367                if (zend_hash_index_find(Z_ARRVAL_PP(value), j, (void **) &ivalue) != SUCCESS) {
1368                    php_error_docref(NULL TSRMLS_CC, E_WARNING, "Value array must have consecutive indices 0, 1, ...");
1369                    num_berval[i] = j;
1370                    num_attribs = i + 1;
1371                    RETVAL_FALSE;
1372                    goto errexit;
1373                }
1374                convert_to_string_ex(ivalue);
1375                ldap_mods[i]->mod_bvalues[j] = (struct berval *) emalloc (sizeof(struct berval));
1376                ldap_mods[i]->mod_bvalues[j]->bv_len = Z_STRLEN_PP(ivalue);
1377                ldap_mods[i]->mod_bvalues[j]->bv_val = Z_STRVAL_PP(ivalue);
1378            }
1379        }
1380        ldap_mods[i]->mod_bvalues[num_values] = NULL;
1381        zend_hash_move_forward(Z_ARRVAL_P(entry));
1382    }
1383    ldap_mods[num_attribs] = NULL;
1384
1385/* check flag to see if do_mod was called to perform full add , gerrit thomson */
1386    if (is_full_add == 1) {
1387        if ((i = ldap_add_s(ld->link, dn, ldap_mods)) != LDAP_SUCCESS) {
1388            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Add: %s", ldap_err2string(i));
1389            RETVAL_FALSE;
1390        } else RETVAL_TRUE;
1391    } else {
1392        if ((i = ldap_modify_ext_s(ld->link, dn, ldap_mods, NULL, NULL)) != LDAP_SUCCESS) {
1393            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Modify: %s", ldap_err2string(i));
1394            RETVAL_FALSE;
1395        } else RETVAL_TRUE;
1396    }
1397
1398errexit:
1399    for (i = 0; i < num_attribs; i++) {
1400        efree(ldap_mods[i]->mod_type);
1401        for (j = 0; j < num_berval[i]; j++) {
1402            efree(ldap_mods[i]->mod_bvalues[j]);
1403        }
1404        efree(ldap_mods[i]->mod_bvalues);
1405        efree(ldap_mods[i]);
1406    }
1407    efree(num_berval);
1408    efree(ldap_mods);
1409
1410    return;
1411}
1412/* }}} */
1413
1414/* {{{ proto bool ldap_add(resource link, string dn, array entry)
1415   Add entries to LDAP directory */
1416PHP_FUNCTION(ldap_add)
1417{
1418    /* use a newly define parameter into the do_modify so ldap_mod_add can be used the way it is supposed to be used , Gerrit THomson */
1419    php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_LD_FULL_ADD);
1420}
1421/* }}} */
1422
1423/* three functions for attribute base modifications, gerrit Thomson */
1424
1425/* {{{ proto bool ldap_mod_replace(resource link, string dn, array entry)
1426   Replace attribute values with new ones */
1427PHP_FUNCTION(ldap_mod_replace)
1428{
1429    php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_REPLACE);
1430}
1431/* }}} */
1432
1433/* {{{ proto bool ldap_mod_add(resource link, string dn, array entry)
1434   Add attribute values to current */
1435PHP_FUNCTION(ldap_mod_add)
1436{
1437    php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_ADD);
1438}
1439/* }}} */
1440
1441/* {{{ proto bool ldap_mod_del(resource link, string dn, array entry)
1442   Delete attribute values */
1443PHP_FUNCTION(ldap_mod_del)
1444{
1445    php_ldap_do_modify(INTERNAL_FUNCTION_PARAM_PASSTHRU, LDAP_MOD_DELETE);
1446}
1447/* }}} */
1448
1449/* {{{ proto bool ldap_delete(resource link, string dn)
1450   Delete an entry from a directory */
1451PHP_FUNCTION(ldap_delete)
1452{
1453    zval *link;
1454    ldap_linkdata *ld;
1455    char *dn;
1456    int rc, dn_len;
1457
1458    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs", &link, &dn, &dn_len) != SUCCESS) {
1459        return;
1460    }
1461
1462    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1463
1464    if ((rc = ldap_delete_s(ld->link, dn)) != LDAP_SUCCESS) {
1465        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Delete: %s", ldap_err2string(rc));
1466        RETURN_FALSE;
1467    }
1468
1469    RETURN_TRUE;
1470}
1471/* }}} */
1472
1473/* {{{ _ldap_str_equal_to_const
1474 */
1475static int _ldap_str_equal_to_const(const char *str, uint str_len, const char *cstr)
1476{
1477    int i;
1478
1479    if (strlen(cstr) != str_len)
1480        return 0;
1481
1482    for (i = 0; i < str_len; ++i) {
1483        if (str[i] != cstr[i]) {
1484            return 0;
1485        }
1486    }
1487
1488    return 1;
1489}
1490/* }}} */
1491
1492/* {{{ _ldap_strlen_max
1493 */
1494static int _ldap_strlen_max(const char *str, uint max_len)
1495{
1496    int i;
1497
1498    for (i = 0; i < max_len; ++i) {
1499        if (str[i] == '\0') {
1500            return i;
1501        }
1502    }
1503
1504    return max_len;
1505}
1506/* }}} */
1507
1508/* {{{ _ldap_hash_fetch
1509 */
1510static void _ldap_hash_fetch(zval *hashTbl, const char *key, zval **out)
1511{
1512    zval **fetched;
1513    if (zend_hash_find(Z_ARRVAL_P(hashTbl), key, strlen(key)+1, (void **) &fetched) == SUCCESS) {
1514        *out = *fetched;
1515    }
1516    else {
1517        *out = NULL;
1518    }
1519}
1520/* }}} */
1521
1522/* {{{ proto bool ldap_modify_batch(resource link, string dn, array modifs)
1523   Perform multiple modifications as part of one operation */
1524PHP_FUNCTION(ldap_modify_batch)
1525{
1526    ldap_linkdata *ld;
1527    zval *link, *mods, *mod, *modinfo, *modval;
1528    zval *attrib, *modtype, *vals;
1529    zval **fetched;
1530    char *dn;
1531    int dn_len;
1532    int i, j, k;
1533    int num_mods, num_modprops, num_modvals;
1534    LDAPMod **ldap_mods;
1535    uint oper;
1536
1537    /*
1538    $mods = array(
1539        array(
1540            "attrib" => "unicodePwd",
1541            "modtype" => LDAP_MODIFY_BATCH_REMOVE,
1542            "values" => array($oldpw)
1543        ),
1544        array(
1545            "attrib" => "unicodePwd",
1546            "modtype" => LDAP_MODIFY_BATCH_ADD,
1547            "values" => array($newpw)
1548        ),
1549        array(
1550            "attrib" => "userPrincipalName",
1551            "modtype" => LDAP_MODIFY_BATCH_REPLACE,
1552            "values" => array("janitor@corp.contoso.com")
1553        ),
1554        array(
1555            "attrib" => "userCert",
1556            "modtype" => LDAP_MODIFY_BATCH_REMOVE_ALL
1557        )
1558    );
1559    */
1560
1561    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsa", &link, &dn, &dn_len, &mods) != SUCCESS) {
1562        return;
1563    }
1564
1565    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1566
1567    /* perform validation */
1568    {
1569        char *modkey;
1570        uint modkeylen;
1571        long modtype;
1572
1573        /* to store the wrongly-typed keys */
1574        ulong tmpUlong;
1575
1576        /* make sure the DN contains no NUL bytes */
1577        if (_ldap_strlen_max(dn, dn_len) != dn_len) {
1578            php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN must not contain NUL bytes");
1579            RETURN_FALSE;
1580        }
1581
1582        /* make sure the top level is a normal array */
1583        zend_hash_internal_pointer_reset(Z_ARRVAL_P(mods));
1584        if (zend_hash_get_current_key_type(Z_ARRVAL_P(mods)) != HASH_KEY_IS_LONG) {
1585            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Modifications array must not be string-indexed");
1586            RETURN_FALSE;
1587        }
1588
1589        num_mods = zend_hash_num_elements(Z_ARRVAL_P(mods));
1590
1591        for (i = 0; i < num_mods; i++) {
1592            /* is the numbering consecutive? */
1593            if (zend_hash_index_find(Z_ARRVAL_P(mods), i, (void **) &fetched) != SUCCESS) {
1594                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Modifications array must have consecutive indices 0, 1, ...");
1595                RETURN_FALSE;
1596            }
1597            mod = *fetched;
1598
1599            /* is it an array? */
1600            if (Z_TYPE_P(mod) != IS_ARRAY) {
1601                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Each entry of modifications array must be an array itself");
1602                RETURN_FALSE;
1603            }
1604
1605            /* for the modification hashtable... */
1606            zend_hash_internal_pointer_reset(Z_ARRVAL_P(mod));
1607            num_modprops = zend_hash_num_elements(Z_ARRVAL_P(mod));
1608
1609            for (j = 0; j < num_modprops; j++) {
1610                /* are the keys strings? */
1611                if (zend_hash_get_current_key_ex(Z_ARRVAL_P(mod), &modkey, &modkeylen, &tmpUlong, 0, NULL) != HASH_KEY_IS_STRING) {
1612                    php_error_docref(NULL TSRMLS_CC, E_WARNING, "Each entry of modifications array must be string-indexed");
1613                    RETURN_FALSE;
1614                }
1615
1616                /* modkeylen includes the terminating NUL byte; remove that */
1617                --modkeylen;
1618
1619                /* is this a valid entry? */
1620                if (
1621                    !_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_ATTRIB) &&
1622                    !_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_MODTYPE) &&
1623                    !_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_VALUES)
1624                ) {
1625                    php_error_docref(NULL TSRMLS_CC, E_WARNING, "The only allowed keys in entries of the modifications array are '" LDAP_MODIFY_BATCH_ATTRIB "', '" LDAP_MODIFY_BATCH_MODTYPE "' and '" LDAP_MODIFY_BATCH_VALUES "'");
1626                    RETURN_FALSE;
1627                }
1628
1629                zend_hash_get_current_data(Z_ARRVAL_P(mod), (void **) &fetched);
1630                modinfo = *fetched;
1631
1632                /* does the value type match the key? */
1633                if (_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_ATTRIB)) {
1634                    if (Z_TYPE_P(modinfo) != IS_STRING) {
1635                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_ATTRIB "' value must be a string");
1636                        RETURN_FALSE;
1637                    }
1638
1639                    if (Z_STRLEN_P(modinfo) != _ldap_strlen_max(Z_STRVAL_P(modinfo), Z_STRLEN_P(modinfo))) {
1640                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_ATTRIB "' value must not contain NUL bytes");
1641                        RETURN_FALSE;
1642                    }
1643                }
1644                else if (_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_MODTYPE)) {
1645                    if (Z_TYPE_P(modinfo) != IS_LONG) {
1646                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_MODTYPE "' value must be a long");
1647                        RETURN_FALSE;
1648                    }
1649
1650                    /* is the value in range? */
1651                    modtype = Z_LVAL_P(modinfo);
1652                    if (
1653                        modtype != LDAP_MODIFY_BATCH_ADD &&
1654                        modtype != LDAP_MODIFY_BATCH_REMOVE &&
1655                        modtype != LDAP_MODIFY_BATCH_REPLACE &&
1656                        modtype != LDAP_MODIFY_BATCH_REMOVE_ALL
1657                    ) {
1658                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "The '" LDAP_MODIFY_BATCH_MODTYPE "' value must match one of the LDAP_MODIFY_BATCH_* constants");
1659                        RETURN_FALSE;
1660                    }
1661
1662                    /* if it's REMOVE_ALL, there must not be a values array; otherwise, there must */
1663                    if (modtype == LDAP_MODIFY_BATCH_REMOVE_ALL) {
1664                        if (zend_hash_exists(Z_ARRVAL_P(mod), LDAP_MODIFY_BATCH_VALUES, strlen(LDAP_MODIFY_BATCH_VALUES) + 1)) {
1665                            php_error_docref(NULL TSRMLS_CC, E_WARNING, "If '" LDAP_MODIFY_BATCH_MODTYPE "' is LDAP_MODIFY_BATCH_REMOVE_ALL, a '" LDAP_MODIFY_BATCH_VALUES "' array must not be provided");
1666                            RETURN_FALSE;
1667                        }
1668                    }
1669                    else {
1670                        if (!zend_hash_exists(Z_ARRVAL_P(mod), LDAP_MODIFY_BATCH_VALUES, strlen(LDAP_MODIFY_BATCH_VALUES) + 1)) {
1671                            php_error_docref(NULL TSRMLS_CC, E_WARNING, "If '" LDAP_MODIFY_BATCH_MODTYPE "' is not LDAP_MODIFY_BATCH_REMOVE_ALL, a '" LDAP_MODIFY_BATCH_VALUES "' array must be provided");
1672                            RETURN_FALSE;
1673                        }
1674                    }
1675                }
1676                else if (_ldap_str_equal_to_const(modkey, modkeylen, LDAP_MODIFY_BATCH_VALUES)) {
1677                    if (Z_TYPE_P(modinfo) != IS_ARRAY) {
1678                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_VALUES "' value must be an array");
1679                        RETURN_FALSE;
1680                    }
1681
1682                    /* is the array not empty? */
1683                    zend_hash_internal_pointer_reset(Z_ARRVAL_P(modinfo));
1684                    num_modvals = zend_hash_num_elements(Z_ARRVAL_P(modinfo));
1685                    if (num_modvals == 0) {
1686                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_VALUES "' array must have at least one element");
1687                        RETURN_FALSE;
1688                    }
1689
1690                    /* are its keys integers? */
1691                    if (zend_hash_get_current_key_type(Z_ARRVAL_P(modinfo)) != HASH_KEY_IS_LONG) {
1692                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_VALUES "' array must not be string-indexed");
1693                        RETURN_FALSE;
1694                    }
1695
1696                    /* are the keys consecutive? */
1697                    for (k = 0; k < num_modvals; k++) {
1698                        if (zend_hash_index_find(Z_ARRVAL_P(modinfo), k, (void **) &fetched) != SUCCESS) {
1699                            php_error_docref(NULL TSRMLS_CC, E_WARNING, "A '" LDAP_MODIFY_BATCH_VALUES "' array must have consecutive indices 0, 1, ...");
1700                            RETURN_FALSE;
1701                        }
1702                        modval = *fetched;
1703
1704                        /* is the data element a string? */
1705                        if (Z_TYPE_P(modval) != IS_STRING) {
1706                            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Each element of a '" LDAP_MODIFY_BATCH_VALUES "' array must be a string");
1707                            RETURN_FALSE;
1708                        }
1709                    }
1710                }
1711
1712                zend_hash_move_forward(Z_ARRVAL_P(mod));
1713            }
1714        }
1715    }
1716    /* validation was successful */
1717
1718    /* allocate array of modifications */
1719    ldap_mods = safe_emalloc((num_mods+1), sizeof(LDAPMod *), 0);
1720
1721    /* for each modification */
1722    for (i = 0; i < num_mods; i++) {
1723        /* allocate the modification struct */
1724        ldap_mods[i] = safe_emalloc(1, sizeof(LDAPMod), 0);
1725
1726        /* fetch the relevant data */
1727        zend_hash_index_find(Z_ARRVAL_P(mods), i, (void **) &fetched);
1728        mod = *fetched;
1729
1730        _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_ATTRIB, &attrib);
1731        _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_MODTYPE, &modtype);
1732        _ldap_hash_fetch(mod, LDAP_MODIFY_BATCH_VALUES, &vals);
1733
1734        /* map the modification type */
1735        switch (Z_LVAL_P(modtype)) {
1736            case LDAP_MODIFY_BATCH_ADD:
1737                oper = LDAP_MOD_ADD;
1738                break;
1739            case LDAP_MODIFY_BATCH_REMOVE:
1740            case LDAP_MODIFY_BATCH_REMOVE_ALL:
1741                oper = LDAP_MOD_DELETE;
1742                break;
1743            case LDAP_MODIFY_BATCH_REPLACE:
1744                oper = LDAP_MOD_REPLACE;
1745                break;
1746            default:
1747                php_error_docref(NULL TSRMLS_CC, E_ERROR, "Unknown and uncaught modification type.");
1748                RETURN_FALSE;
1749        }
1750
1751        /* fill in the basic info */
1752        ldap_mods[i]->mod_op = oper | LDAP_MOD_BVALUES;
1753        ldap_mods[i]->mod_type = estrndup(Z_STRVAL_P(attrib), Z_STRLEN_P(attrib));
1754
1755        if (Z_LVAL_P(modtype) == LDAP_MODIFY_BATCH_REMOVE_ALL) {
1756            /* no values */
1757            ldap_mods[i]->mod_bvalues = NULL;
1758        }
1759        else {
1760            /* allocate space for the values as part of this modification */
1761            num_modvals = zend_hash_num_elements(Z_ARRVAL_P(vals));
1762            ldap_mods[i]->mod_bvalues = safe_emalloc((num_modvals+1), sizeof(struct berval *), 0);
1763
1764            /* for each value */
1765            for (j = 0; j < num_modvals; j++) {
1766                /* fetch it */
1767                zend_hash_index_find(Z_ARRVAL_P(vals), j, (void **) &fetched);
1768                modval = *fetched;
1769
1770                /* allocate the data struct */
1771                ldap_mods[i]->mod_bvalues[j] = safe_emalloc(1, sizeof(struct berval), 0);
1772
1773                /* fill it */
1774                ldap_mods[i]->mod_bvalues[j]->bv_len = Z_STRLEN_P(modval);
1775                ldap_mods[i]->mod_bvalues[j]->bv_val = estrndup(Z_STRVAL_P(modval), Z_STRLEN_P(modval));
1776            }
1777
1778            /* NULL-terminate values */
1779            ldap_mods[i]->mod_bvalues[num_modvals] = NULL;
1780        }
1781    }
1782
1783    /* NULL-terminate modifications */
1784    ldap_mods[num_mods] = NULL;
1785
1786    /* perform (finally) */
1787    if ((i = ldap_modify_ext_s(ld->link, dn, ldap_mods, NULL, NULL)) != LDAP_SUCCESS) {
1788        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Batch Modify: %s", ldap_err2string(i));
1789        RETVAL_FALSE;
1790    } else RETVAL_TRUE;
1791
1792    /* clean up */
1793    {
1794        for (i = 0; i < num_mods; i++) {
1795            /* attribute */
1796            efree(ldap_mods[i]->mod_type);
1797
1798            if (ldap_mods[i]->mod_bvalues != NULL) {
1799                /* each BER value */
1800                for (j = 0; ldap_mods[i]->mod_bvalues[j] != NULL; j++) {
1801                    /* free the data bytes */
1802                    efree(ldap_mods[i]->mod_bvalues[j]->bv_val);
1803
1804                    /* free the bvalue struct */
1805                    efree(ldap_mods[i]->mod_bvalues[j]);
1806                }
1807
1808                /* the BER value array */
1809                efree(ldap_mods[i]->mod_bvalues);
1810            }
1811
1812            /* the modification */
1813            efree(ldap_mods[i]);
1814        }
1815
1816        /* the modifications array */
1817        efree(ldap_mods);
1818    }
1819}
1820/* }}} */
1821
1822/* {{{ proto int ldap_errno(resource link)
1823   Get the current ldap error number */
1824PHP_FUNCTION(ldap_errno)
1825{
1826    zval *link;
1827    ldap_linkdata *ld;
1828
1829    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &link) != SUCCESS) {
1830        return;
1831    }
1832
1833    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1834
1835    RETURN_LONG(_get_lderrno(ld->link));
1836}
1837/* }}} */
1838
1839/* {{{ proto string ldap_err2str(int errno)
1840   Convert error number to error string */
1841PHP_FUNCTION(ldap_err2str)
1842{
1843    long perrno;
1844
1845    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &perrno) != SUCCESS) {
1846        return;
1847    }
1848
1849    RETURN_STRING(ldap_err2string(perrno), 1);
1850}
1851/* }}} */
1852
1853/* {{{ proto string ldap_error(resource link)
1854   Get the current ldap error string */
1855PHP_FUNCTION(ldap_error)
1856{
1857    zval *link;
1858    ldap_linkdata *ld;
1859    int ld_errno;
1860
1861    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &link) != SUCCESS) {
1862        return;
1863    }
1864
1865    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1866
1867    ld_errno = _get_lderrno(ld->link);
1868
1869    RETURN_STRING(ldap_err2string(ld_errno), 1);
1870}
1871/* }}} */
1872
1873/* {{{ proto bool ldap_compare(resource link, string dn, string attr, string value)
1874   Determine if an entry has a specific value for one of its attributes */
1875PHP_FUNCTION(ldap_compare)
1876{
1877    zval *link;
1878    char *dn, *attr, *value;
1879    int dn_len, attr_len, value_len;
1880    ldap_linkdata *ld;
1881    int errno;
1882
1883    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsss", &link, &dn, &dn_len, &attr, &attr_len, &value, &value_len) != SUCCESS) {
1884        return;
1885    }
1886
1887    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1888
1889    errno = ldap_compare_s(ld->link, dn, attr, value);
1890
1891    switch (errno) {
1892        case LDAP_COMPARE_TRUE:
1893            RETURN_TRUE;
1894            break;
1895
1896        case LDAP_COMPARE_FALSE:
1897            RETURN_FALSE;
1898            break;
1899    }
1900
1901    php_error_docref(NULL TSRMLS_CC, E_WARNING, "Compare: %s", ldap_err2string(errno));
1902    RETURN_LONG(-1);
1903}
1904/* }}} */
1905
1906/* {{{ proto bool ldap_sort(resource link, resource result, string sortfilter)
1907   Sort LDAP result entries */
1908PHP_FUNCTION(ldap_sort)
1909{
1910    zval *link, *result;
1911    ldap_linkdata *ld;
1912    char *sortfilter;
1913    int sflen;
1914    zend_rsrc_list_entry *le;
1915
1916    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rrs", &link, &result, &sortfilter, &sflen) != SUCCESS) {
1917        RETURN_FALSE;
1918    }
1919
1920    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1921
1922    if (zend_hash_index_find(&EG(regular_list), Z_LVAL_P(result), (void **) &le) != SUCCESS || le->type != le_result) {
1923        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied resource is not a valid ldap result resource");
1924        RETURN_FALSE;
1925    }
1926
1927    if (ldap_sort_entries(ld->link, (LDAPMessage **) &le->ptr, sflen ? sortfilter : NULL, strcmp) != LDAP_SUCCESS) {
1928        php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", ldap_err2string(errno));
1929        RETURN_FALSE;
1930    }
1931
1932    RETURN_TRUE;
1933}
1934/* }}} */
1935
1936#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP
1937/* {{{ proto bool ldap_get_option(resource link, int option, mixed retval)
1938   Get the current value of various session-wide parameters */
1939PHP_FUNCTION(ldap_get_option)
1940{
1941    zval *link, *retval;
1942    ldap_linkdata *ld;
1943    long option;
1944
1945    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rlz", &link, &option, &retval) != SUCCESS) {
1946        return;
1947    }
1948
1949    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
1950
1951    switch (option) {
1952    /* options with int value */
1953    case LDAP_OPT_DEREF:
1954    case LDAP_OPT_SIZELIMIT:
1955    case LDAP_OPT_TIMELIMIT:
1956    case LDAP_OPT_PROTOCOL_VERSION:
1957    case LDAP_OPT_ERROR_NUMBER:
1958    case LDAP_OPT_REFERRALS:
1959#ifdef LDAP_OPT_RESTART
1960    case LDAP_OPT_RESTART:
1961#endif
1962        {
1963            int val;
1964
1965            if (ldap_get_option(ld->link, option, &val)) {
1966                RETURN_FALSE;
1967            }
1968            zval_dtor(retval);
1969            ZVAL_LONG(retval, val);
1970        } break;
1971#ifdef LDAP_OPT_NETWORK_TIMEOUT
1972    case LDAP_OPT_NETWORK_TIMEOUT:
1973        {
1974            struct timeval *timeout = NULL;
1975
1976            if (ldap_get_option(ld->link, LDAP_OPT_NETWORK_TIMEOUT, (void *) &timeout)) {
1977                if (timeout) {
1978                    ldap_memfree(timeout);
1979                }
1980                RETURN_FALSE;
1981            }
1982            if (!timeout) {
1983                RETURN_FALSE;
1984            }
1985            zval_dtor(retval);
1986            ZVAL_LONG(retval, timeout->tv_sec);
1987            ldap_memfree(timeout);
1988        } break;
1989#elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
1990    case LDAP_X_OPT_CONNECT_TIMEOUT:
1991        {
1992            int timeout;
1993
1994            if (ldap_get_option(ld->link, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout)) {
1995                RETURN_FALSE;
1996            }
1997            zval_dtor(retval);
1998            ZVAL_LONG(retval, (timeout / 1000));
1999        } break;
2000#endif
2001    /* options with string value */
2002    case LDAP_OPT_ERROR_STRING:
2003#ifdef LDAP_OPT_HOST_NAME
2004    case LDAP_OPT_HOST_NAME:
2005#endif
2006#ifdef HAVE_LDAP_SASL
2007    case LDAP_OPT_X_SASL_MECH:
2008    case LDAP_OPT_X_SASL_REALM:
2009    case LDAP_OPT_X_SASL_AUTHCID:
2010    case LDAP_OPT_X_SASL_AUTHZID:
2011#endif
2012#ifdef LDAP_OPT_MATCHED_DN
2013    case LDAP_OPT_MATCHED_DN:
2014#endif
2015        {
2016            char *val = NULL;
2017
2018            if (ldap_get_option(ld->link, option, &val) || val == NULL || *val == '\0') {
2019                if (val) {
2020                    ldap_memfree(val);
2021                }
2022                RETURN_FALSE;
2023            }
2024            zval_dtor(retval);
2025            ZVAL_STRING(retval, val, 1);
2026            ldap_memfree(val);
2027        } break;
2028/* options not implemented
2029    case LDAP_OPT_SERVER_CONTROLS:
2030    case LDAP_OPT_CLIENT_CONTROLS:
2031    case LDAP_OPT_API_INFO:
2032    case LDAP_OPT_API_FEATURE_INFO:
2033*/
2034    default:
2035        RETURN_FALSE;
2036    }
2037    RETURN_TRUE;
2038}
2039/* }}} */
2040
2041/* {{{ proto bool ldap_set_option(resource link, int option, mixed newval)
2042   Set the value of various session-wide parameters */
2043PHP_FUNCTION(ldap_set_option)
2044{
2045    zval *link, **newval;
2046    ldap_linkdata *ld;
2047    LDAP *ldap;
2048    long option;
2049
2050    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zlZ", &link, &option, &newval) != SUCCESS) {
2051        return;
2052    }
2053
2054    if (Z_TYPE_P(link) == IS_NULL) {
2055        ldap = NULL;
2056    } else {
2057        ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
2058        ldap = ld->link;
2059    }
2060
2061    switch (option) {
2062    /* options with int value */
2063    case LDAP_OPT_DEREF:
2064    case LDAP_OPT_SIZELIMIT:
2065    case LDAP_OPT_TIMELIMIT:
2066    case LDAP_OPT_PROTOCOL_VERSION:
2067    case LDAP_OPT_ERROR_NUMBER:
2068#ifdef LDAP_OPT_DEBUG_LEVEL
2069    case LDAP_OPT_DEBUG_LEVEL:
2070#endif
2071        {
2072            int val;
2073
2074            convert_to_long_ex(newval);
2075            val = Z_LVAL_PP(newval);
2076            if (ldap_set_option(ldap, option, &val)) {
2077                RETURN_FALSE;
2078            }
2079        } break;
2080#ifdef LDAP_OPT_NETWORK_TIMEOUT
2081    case LDAP_OPT_NETWORK_TIMEOUT:
2082        {
2083            struct timeval timeout;
2084
2085            convert_to_long_ex(newval);
2086            timeout.tv_sec = Z_LVAL_PP(newval);
2087            timeout.tv_usec = 0;
2088            if (ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, (void *) &timeout)) {
2089                RETURN_FALSE;
2090            }
2091        } break;
2092#elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
2093    case LDAP_X_OPT_CONNECT_TIMEOUT:
2094        {
2095            int timeout;
2096
2097            convert_to_long_ex(newval);
2098            timeout = 1000 * Z_LVAL_PP(newval); /* Convert to milliseconds */
2099            if (ldap_set_option(ldap, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout)) {
2100                RETURN_FALSE;
2101            }
2102        } break;
2103#endif
2104        /* options with string value */
2105    case LDAP_OPT_ERROR_STRING:
2106#ifdef LDAP_OPT_HOST_NAME
2107    case LDAP_OPT_HOST_NAME:
2108#endif
2109#ifdef HAVE_LDAP_SASL
2110    case LDAP_OPT_X_SASL_MECH:
2111    case LDAP_OPT_X_SASL_REALM:
2112    case LDAP_OPT_X_SASL_AUTHCID:
2113    case LDAP_OPT_X_SASL_AUTHZID:
2114#endif
2115#ifdef LDAP_OPT_MATCHED_DN
2116    case LDAP_OPT_MATCHED_DN:
2117#endif
2118        {
2119            char *val;
2120            convert_to_string_ex(newval);
2121            val = Z_STRVAL_PP(newval);
2122            if (ldap_set_option(ldap, option, val)) {
2123                RETURN_FALSE;
2124            }
2125        } break;
2126        /* options with boolean value */
2127    case LDAP_OPT_REFERRALS:
2128#ifdef LDAP_OPT_RESTART
2129    case LDAP_OPT_RESTART:
2130#endif
2131        {
2132            void *val;
2133            convert_to_boolean_ex(newval);
2134            val = Z_LVAL_PP(newval)
2135                ? LDAP_OPT_ON : LDAP_OPT_OFF;
2136            if (ldap_set_option(ldap, option, val)) {
2137                RETURN_FALSE;
2138            }
2139        } break;
2140        /* options with control list value */
2141    case LDAP_OPT_SERVER_CONTROLS:
2142    case LDAP_OPT_CLIENT_CONTROLS:
2143        {
2144            LDAPControl *ctrl, **ctrls, **ctrlp;
2145            zval **ctrlval, **val;
2146            int ncontrols;
2147            char error=0;
2148
2149            if ((Z_TYPE_PP(newval) != IS_ARRAY) || !(ncontrols = zend_hash_num_elements(Z_ARRVAL_PP(newval)))) {
2150                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Expected non-empty array value for this option");
2151                RETURN_FALSE;
2152            }
2153            ctrls = safe_emalloc((1 + ncontrols), sizeof(*ctrls), 0);
2154            *ctrls = NULL;
2155            ctrlp = ctrls;
2156            zend_hash_internal_pointer_reset(Z_ARRVAL_PP(newval));
2157            while (zend_hash_get_current_data(Z_ARRVAL_PP(newval), (void**)&ctrlval) == SUCCESS) {
2158                if (Z_TYPE_PP(ctrlval) != IS_ARRAY) {
2159                    php_error_docref(NULL TSRMLS_CC, E_WARNING, "The array value must contain only arrays, where each array is a control");
2160                    error = 1;
2161                    break;
2162                }
2163                if (zend_hash_find(Z_ARRVAL_PP(ctrlval), "oid", sizeof("oid"), (void **) &val) != SUCCESS) {
2164                    php_error_docref(NULL TSRMLS_CC, E_WARNING, "Control must have an oid key");
2165                    error = 1;
2166                    break;
2167                }
2168                ctrl = *ctrlp = emalloc(sizeof(**ctrlp));
2169                convert_to_string_ex(val);
2170                ctrl->ldctl_oid = Z_STRVAL_PP(val);
2171                if (zend_hash_find(Z_ARRVAL_PP(ctrlval), "value", sizeof("value"), (void **) &val) == SUCCESS) {
2172                    convert_to_string_ex(val);
2173                    ctrl->ldctl_value.bv_val = Z_STRVAL_PP(val);
2174                    ctrl->ldctl_value.bv_len = Z_STRLEN_PP(val);
2175                } else {
2176                    ctrl->ldctl_value.bv_val = NULL;
2177                    ctrl->ldctl_value.bv_len = 0;
2178                }
2179                if (zend_hash_find(Z_ARRVAL_PP(ctrlval), "iscritical", sizeof("iscritical"), (void **) &val) == SUCCESS) {
2180                    convert_to_boolean_ex(val);
2181                    ctrl->ldctl_iscritical = Z_BVAL_PP(val);
2182                } else {
2183                    ctrl->ldctl_iscritical = 0;
2184                }
2185
2186                ++ctrlp;
2187                *ctrlp = NULL;
2188                zend_hash_move_forward(Z_ARRVAL_PP(newval));
2189            }
2190            if (!error) {
2191                error = ldap_set_option(ldap, option, ctrls);
2192            }
2193            ctrlp = ctrls;
2194            while (*ctrlp) {
2195                efree(*ctrlp);
2196                ctrlp++;
2197            }
2198            efree(ctrls);
2199            if (error) {
2200                RETURN_FALSE;
2201            }
2202        } break;
2203    default:
2204        RETURN_FALSE;
2205    }
2206    RETURN_TRUE;
2207}
2208/* }}} */
2209
2210#ifdef HAVE_LDAP_PARSE_RESULT
2211/* {{{ proto bool ldap_parse_result(resource link, resource result, int errcode, string matcheddn, string errmsg, array referrals)
2212   Extract information from result */
2213PHP_FUNCTION(ldap_parse_result)
2214{
2215    zval *link, *result, *errcode, *matcheddn, *errmsg, *referrals;
2216    ldap_linkdata *ld;
2217    LDAPMessage *ldap_result;
2218    char **lreferrals, **refp;
2219    char *lmatcheddn, *lerrmsg;
2220    int rc, lerrcode, myargcount = ZEND_NUM_ARGS();
2221
2222    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rrz|zzz", &link, &result, &errcode, &matcheddn, &errmsg, &referrals) != SUCCESS) {
2223        return;
2224    }
2225
2226    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
2227    ZEND_FETCH_RESOURCE(ldap_result, LDAPMessage *, &result, -1, "ldap result", le_result);
2228
2229    rc = ldap_parse_result(ld->link, ldap_result, &lerrcode,
2230                myargcount > 3 ? &lmatcheddn : NULL,
2231                myargcount > 4 ? &lerrmsg : NULL,
2232                myargcount > 5 ? &lreferrals : NULL,
2233                NULL /* &serverctrls */,
2234                0);
2235    if (rc != LDAP_SUCCESS) {
2236        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to parse result: %s", ldap_err2string(rc));
2237        RETURN_FALSE;
2238    }
2239
2240    zval_dtor(errcode);
2241    ZVAL_LONG(errcode, lerrcode);
2242
2243    /* Reverse -> fall through */
2244    switch (myargcount) {
2245        case 6:
2246            zval_dtor(referrals);
2247            array_init(referrals);
2248            if (lreferrals != NULL) {
2249                refp = lreferrals;
2250                while (*refp) {
2251                    add_next_index_string(referrals, *refp, 1);
2252                    refp++;
2253                }
2254                ldap_value_free(lreferrals);
2255            }
2256        case 5:
2257            zval_dtor(errmsg);
2258            if (lerrmsg == NULL) {
2259                ZVAL_EMPTY_STRING(errmsg);
2260            } else {
2261                ZVAL_STRING(errmsg, lerrmsg, 1);
2262                ldap_memfree(lerrmsg);
2263            }
2264        case 4:
2265            zval_dtor(matcheddn);
2266            if (lmatcheddn == NULL) {
2267                ZVAL_EMPTY_STRING(matcheddn);
2268            } else {
2269                ZVAL_STRING(matcheddn, lmatcheddn, 1);
2270                ldap_memfree(lmatcheddn);
2271            }
2272    }
2273    RETURN_TRUE;
2274}
2275/* }}} */
2276#endif
2277
2278/* {{{ proto resource ldap_first_reference(resource link, resource result)
2279   Return first reference */
2280PHP_FUNCTION(ldap_first_reference)
2281{
2282    zval *link, *result;
2283    ldap_linkdata *ld;
2284    ldap_resultentry *resultentry;
2285    LDAPMessage *ldap_result, *entry;
2286
2287    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr", &link, &result) != SUCCESS) {
2288        return;
2289    }
2290
2291    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
2292    ZEND_FETCH_RESOURCE(ldap_result, LDAPMessage *, &result, -1, "ldap result", le_result);
2293
2294    if ((entry = ldap_first_reference(ld->link, ldap_result)) == NULL) {
2295        RETVAL_FALSE;
2296    } else {
2297        resultentry = emalloc(sizeof(ldap_resultentry));
2298        ZEND_REGISTER_RESOURCE(return_value, resultentry, le_result_entry);
2299        resultentry->id = Z_LVAL_P(result);
2300        zend_list_addref(resultentry->id);
2301        resultentry->data = entry;
2302        resultentry->ber = NULL;
2303    }
2304}
2305/* }}} */
2306
2307/* {{{ proto resource ldap_next_reference(resource link, resource reference_entry)
2308   Get next reference */
2309PHP_FUNCTION(ldap_next_reference)
2310{
2311    zval *link, *result_entry;
2312    ldap_linkdata *ld;
2313    ldap_resultentry *resultentry, *resultentry_next;
2314    LDAPMessage *entry_next;
2315
2316    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr", &link, &result_entry) != SUCCESS) {
2317        return;
2318    }
2319
2320    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
2321    ZEND_FETCH_RESOURCE(resultentry, ldap_resultentry *, &result_entry, -1, "ldap result entry", le_result_entry);
2322
2323    if ((entry_next = ldap_next_reference(ld->link, resultentry->data)) == NULL) {
2324        RETVAL_FALSE;
2325    } else {
2326        resultentry_next = emalloc(sizeof(ldap_resultentry));
2327        ZEND_REGISTER_RESOURCE(return_value, resultentry_next, le_result_entry);
2328        resultentry_next->id = resultentry->id;
2329        zend_list_addref(resultentry->id);
2330        resultentry_next->data = entry_next;
2331        resultentry_next->ber = NULL;
2332    }
2333}
2334/* }}} */
2335
2336#ifdef HAVE_LDAP_PARSE_REFERENCE
2337/* {{{ proto bool ldap_parse_reference(resource link, resource reference_entry, array referrals)
2338   Extract information from reference entry */
2339PHP_FUNCTION(ldap_parse_reference)
2340{
2341    zval *link, *result_entry, *referrals;
2342    ldap_linkdata *ld;
2343    ldap_resultentry *resultentry;
2344    char **lreferrals, **refp;
2345
2346    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rrz", &link, &result_entry, &referrals) != SUCCESS) {
2347        return;
2348    }
2349
2350    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
2351    ZEND_FETCH_RESOURCE(resultentry, ldap_resultentry *, &result_entry, -1, "ldap result entry", le_result_entry);
2352
2353    if (ldap_parse_reference(ld->link, resultentry->data, &lreferrals, NULL /* &serverctrls */, 0) != LDAP_SUCCESS) {
2354        RETURN_FALSE;
2355    }
2356
2357    zval_dtor(referrals);
2358    array_init(referrals);
2359    if (lreferrals != NULL) {
2360        refp = lreferrals;
2361        while (*refp) {
2362            add_next_index_string(referrals, *refp, 1);
2363            refp++;
2364        }
2365        ldap_value_free(lreferrals);
2366    }
2367    RETURN_TRUE;
2368}
2369/* }}} */
2370#endif
2371
2372/* {{{ proto bool ldap_rename(resource link, string dn, string newrdn, string newparent, bool deleteoldrdn);
2373   Modify the name of an entry */
2374PHP_FUNCTION(ldap_rename)
2375{
2376    zval *link;
2377    ldap_linkdata *ld;
2378    int rc;
2379    char *dn, *newrdn, *newparent;
2380    int dn_len, newrdn_len, newparent_len;
2381    zend_bool deleteoldrdn;
2382
2383    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsssb", &link, &dn, &dn_len, &newrdn, &newrdn_len, &newparent, &newparent_len, &deleteoldrdn) != SUCCESS) {
2384        return;
2385    }
2386
2387    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
2388
2389    if (newparent_len == 0) {
2390        newparent = NULL;
2391    }
2392
2393#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP
2394    rc = ldap_rename_s(ld->link, dn, newrdn, newparent, deleteoldrdn, NULL, NULL);
2395#else
2396    if (newparent_len != 0) {
2397        php_error_docref(NULL TSRMLS_CC, E_WARNING, "You are using old LDAP API, newparent must be the empty string, can only modify RDN");
2398        RETURN_FALSE;
2399    }
2400/* could support old APIs but need check for ldap_modrdn2()/ldap_modrdn() */
2401    rc = ldap_modrdn2_s(ld->link, dn, newrdn, deleteoldrdn);
2402#endif
2403
2404    if (rc == LDAP_SUCCESS) {
2405        RETURN_TRUE;
2406    }
2407    RETURN_FALSE;
2408}
2409/* }}} */
2410
2411#ifdef HAVE_LDAP_START_TLS_S
2412/* {{{ proto bool ldap_start_tls(resource link)
2413   Start TLS */
2414PHP_FUNCTION(ldap_start_tls)
2415{
2416    zval *link;
2417    ldap_linkdata *ld;
2418    int rc, protocol = LDAP_VERSION3;
2419
2420    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &link) != SUCCESS) {
2421        return;
2422    }
2423
2424    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
2425
2426    if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &protocol)) != LDAP_SUCCESS) ||
2427        ((rc = ldap_start_tls_s(ld->link, NULL, NULL)) != LDAP_SUCCESS)
2428    ) {
2429        php_error_docref(NULL TSRMLS_CC, E_WARNING,"Unable to start TLS: %s", ldap_err2string(rc));
2430        RETURN_FALSE;
2431    } else {
2432        RETURN_TRUE;
2433    }
2434}
2435/* }}} */
2436#endif
2437#endif /* (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP */
2438
2439#if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
2440/* {{{ _ldap_rebind_proc()
2441*/
2442int _ldap_rebind_proc(LDAP *ldap, const char *url, ber_tag_t req, ber_int_t msgid, void *params)
2443{
2444    ldap_linkdata *ld;
2445    int retval;
2446    zval *cb_url;
2447    zval **cb_args[2];
2448    zval *cb_retval;
2449    zval *cb_link = (zval *) params;
2450    TSRMLS_FETCH();
2451
2452    ld = (ldap_linkdata *) zend_fetch_resource(&cb_link TSRMLS_CC, -1, "ldap link", NULL, 1, le_link);
2453
2454    /* link exists and callback set? */
2455    if (ld == NULL || ld->rebindproc == NULL) {
2456        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Link not found or no callback set");
2457        return LDAP_OTHER;
2458    }
2459
2460    /* callback */
2461    MAKE_STD_ZVAL(cb_url);
2462    ZVAL_STRING(cb_url, estrdup(url), 0);
2463    cb_args[0] = &cb_link;
2464    cb_args[1] = &cb_url;
2465    if (call_user_function_ex(EG(function_table), NULL, ld->rebindproc, &cb_retval, 2, cb_args, 0, NULL TSRMLS_CC) == SUCCESS && cb_retval) {
2466        convert_to_long_ex(&cb_retval);
2467        retval = Z_LVAL_P(cb_retval);
2468        zval_ptr_dtor(&cb_retval);
2469    } else {
2470        php_error_docref(NULL TSRMLS_CC, E_WARNING, "rebind_proc PHP callback failed");
2471        retval = LDAP_OTHER;
2472    }
2473    zval_dtor(cb_url);
2474    FREE_ZVAL(cb_url);
2475    return retval;
2476}
2477/* }}} */
2478
2479/* {{{ proto bool ldap_set_rebind_proc(resource link, string callback)
2480   Set a callback function to do re-binds on referral chasing. */
2481PHP_FUNCTION(ldap_set_rebind_proc)
2482{
2483    zval *link, *callback;
2484    ldap_linkdata *ld;
2485    char *callback_name;
2486
2487    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz", &link, &callback) != SUCCESS) {
2488        RETURN_FALSE;
2489    }
2490
2491    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
2492
2493    if (Z_TYPE_P(callback) == IS_STRING && Z_STRLEN_P(callback) == 0) {
2494        /* unregister rebind procedure */
2495        if (ld->rebindproc != NULL) {
2496            zval_dtor(ld->rebindproc);
2497            FREE_ZVAL(ld->rebindproc);
2498            ld->rebindproc = NULL;
2499            ldap_set_rebind_proc(ld->link, NULL, NULL);
2500        }
2501        RETURN_TRUE;
2502    }
2503
2504    /* callable? */
2505    if (!zend_is_callable(callback, 0, &callback_name TSRMLS_CC)) {
2506        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Two arguments expected for '%s' to be a valid callback", callback_name);
2507        efree(callback_name);
2508        RETURN_FALSE;
2509    }
2510    efree(callback_name);
2511
2512    /* register rebind procedure */
2513    if (ld->rebindproc == NULL) {
2514        ldap_set_rebind_proc(ld->link, _ldap_rebind_proc, (void *) link);
2515    } else {
2516        zval_dtor(ld->rebindproc);
2517    }
2518
2519    ALLOC_ZVAL(ld->rebindproc);
2520    *ld->rebindproc = *callback;
2521    zval_copy_ctor(ld->rebindproc);
2522    RETURN_TRUE;
2523}
2524/* }}} */
2525#endif
2526
2527#ifdef STR_TRANSLATION
2528/* {{{ php_ldap_do_translate
2529 */
2530static void php_ldap_do_translate(INTERNAL_FUNCTION_PARAMETERS, int way)
2531{
2532    char *value;
2533    int result, ldap_len;
2534
2535    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &value, &value_len) != SUCCESS) {
2536        return;
2537    }
2538
2539    if (value_len == 0) {
2540        RETURN_FALSE;
2541    }
2542
2543    if (way == 1) {
2544        result = ldap_8859_to_t61(&value, &value_len, 0);
2545    } else {
2546        result = ldap_t61_to_8859(&value, &value_len, 0);
2547    }
2548
2549    if (result == LDAP_SUCCESS) {
2550        RETVAL_STRINGL(value, value_len, 1);
2551        free(value);
2552    } else {
2553        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Conversion from iso-8859-1 to t61 failed: %s", ldap_err2string(result));
2554        RETVAL_FALSE;
2555    }
2556}
2557/* }}} */
2558
2559/* {{{ proto string ldap_t61_to_8859(string value)
2560   Translate t61 characters to 8859 characters */
2561PHP_FUNCTION(ldap_t61_to_8859)
2562{
2563    php_ldap_do_translate(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
2564}
2565/* }}} */
2566
2567/* {{{ proto string ldap_8859_to_t61(string value)
2568   Translate 8859 characters to t61 characters */
2569PHP_FUNCTION(ldap_8859_to_t61)
2570{
2571    php_ldap_do_translate(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
2572}
2573/* }}} */
2574#endif
2575
2576#ifdef LDAP_CONTROL_PAGEDRESULTS
2577/* {{{ proto mixed ldap_control_paged_result(resource link, int pagesize [, bool iscritical [, string cookie]])
2578   Inject paged results control*/
2579PHP_FUNCTION(ldap_control_paged_result)
2580{
2581    long pagesize;
2582    zend_bool iscritical;
2583    zval *link;
2584    char *cookie = NULL;
2585    int cookie_len = 0;
2586    struct berval lcookie = { 0, NULL };
2587    ldap_linkdata *ld;
2588    LDAP *ldap;
2589    BerElement *ber = NULL;
2590    LDAPControl ctrl, *ctrlsp[2];
2591    int rc, myargcount = ZEND_NUM_ARGS();
2592
2593    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rl|bs", &link, &pagesize, &iscritical, &cookie, &cookie_len) != SUCCESS) {
2594        return;
2595    }
2596
2597    if (Z_TYPE_P(link) == IS_NULL) {
2598        ldap = NULL;
2599    } else {
2600        ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
2601        ldap = ld->link;
2602    }
2603
2604    ber = ber_alloc_t(LBER_USE_DER);
2605    if (ber == NULL) {
2606        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to alloc BER encoding resources for paged results control");
2607        RETURN_FALSE;
2608    }
2609
2610    ctrl.ldctl_iscritical = 0;
2611
2612    switch (myargcount) {
2613        case 4:
2614            lcookie.bv_val = cookie;
2615            lcookie.bv_len = cookie_len;
2616            /* fallthru */
2617        case 3:
2618            ctrl.ldctl_iscritical = (int)iscritical;
2619            /* fallthru */
2620    }
2621
2622    if (ber_printf(ber, "{iO}", (int)pagesize, &lcookie) == LBER_ERROR) {
2623        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to BER printf paged results control");
2624        RETVAL_FALSE;
2625        goto lcpr_error_out;
2626    }
2627    rc = ber_flatten2(ber, &ctrl.ldctl_value, 0);
2628    if (rc == LBER_ERROR) {
2629        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to BER encode paged results control");
2630        RETVAL_FALSE;
2631        goto lcpr_error_out;
2632    }
2633
2634    ctrl.ldctl_oid = LDAP_CONTROL_PAGEDRESULTS;
2635
2636    if (ldap) {
2637        /* directly set the option */
2638        ctrlsp[0] = &ctrl;
2639        ctrlsp[1] = NULL;
2640
2641        rc = ldap_set_option(ldap, LDAP_OPT_SERVER_CONTROLS, ctrlsp);
2642        if (rc != LDAP_SUCCESS) {
2643            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set paged results control: %s (%d)", ldap_err2string(rc), rc);
2644            RETVAL_FALSE;
2645            goto lcpr_error_out;
2646        }
2647        RETVAL_TRUE;
2648    } else {
2649        /* return a PHP control object */
2650        array_init(return_value);
2651
2652        add_assoc_string(return_value, "oid", ctrl.ldctl_oid, 1);
2653        if (ctrl.ldctl_value.bv_len) {
2654            add_assoc_stringl(return_value, "value", ctrl.ldctl_value.bv_val, ctrl.ldctl_value.bv_len, 1);
2655        }
2656        if (ctrl.ldctl_iscritical) {
2657            add_assoc_bool(return_value, "iscritical", ctrl.ldctl_iscritical);
2658        }
2659    }
2660
2661lcpr_error_out:
2662    if (ber != NULL) {
2663        ber_free(ber, 1);
2664    }
2665    return;
2666}
2667/* }}} */
2668
2669/* {{{ proto bool ldap_control_paged_result_response(resource link, resource result [, string &cookie [, int &estimated]])
2670   Extract paged results control response */
2671PHP_FUNCTION(ldap_control_paged_result_response)
2672{
2673    zval *link, *result, *cookie, *estimated;
2674    struct berval lcookie;
2675    int lestimated;
2676    ldap_linkdata *ld;
2677    LDAPMessage *ldap_result;
2678    LDAPControl **lserverctrls, *lctrl;
2679    BerElement *ber;
2680    ber_tag_t tag;
2681    int rc, lerrcode, myargcount = ZEND_NUM_ARGS();
2682
2683    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rr|zz", &link, &result, &cookie, &estimated) != SUCCESS) {
2684        return;
2685    }
2686
2687    ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
2688    ZEND_FETCH_RESOURCE(ldap_result, LDAPMessage *, &result, -1, "ldap result", le_result);
2689
2690    rc = ldap_parse_result(ld->link,
2691                ldap_result,
2692                &lerrcode,
2693                NULL,       /* matcheddn */
2694                NULL,       /* errmsg */
2695                NULL,       /* referrals */
2696                &lserverctrls,
2697                0);
2698
2699    if (rc != LDAP_SUCCESS) {
2700        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to parse result: %s (%d)", ldap_err2string(rc), rc);
2701        RETURN_FALSE;
2702    }
2703
2704    if (lerrcode != LDAP_SUCCESS) {
2705        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Result is: %s (%d)", ldap_err2string(lerrcode), lerrcode);
2706        RETURN_FALSE;
2707    }
2708
2709    if (lserverctrls == NULL) {
2710        php_error_docref(NULL TSRMLS_CC, E_WARNING, "No server controls in result");
2711        RETURN_FALSE;
2712    }
2713
2714    lctrl = ldap_find_control(LDAP_CONTROL_PAGEDRESULTS, lserverctrls);
2715    if (lctrl == NULL) {
2716        ldap_controls_free(lserverctrls);
2717        php_error_docref(NULL TSRMLS_CC, E_WARNING, "No paged results control response in result");
2718        RETURN_FALSE;
2719    }
2720
2721    ber = ber_init(&lctrl->ldctl_value);
2722    if (ber == NULL) {
2723        ldap_controls_free(lserverctrls);
2724        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to alloc BER decoding resources for paged results control response");
2725        RETURN_FALSE;
2726    }
2727
2728    tag = ber_scanf(ber, "{io}", &lestimated, &lcookie);
2729    (void)ber_free(ber, 1);
2730
2731    if (tag == LBER_ERROR) {
2732        ldap_controls_free(lserverctrls);
2733        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to decode paged results control response");
2734        RETURN_FALSE;
2735    }
2736
2737    if (lestimated < 0) {
2738        ldap_controls_free(lserverctrls);
2739        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid paged results control response value");
2740        RETURN_FALSE;
2741    }
2742
2743    ldap_controls_free(lserverctrls);
2744    if (myargcount == 4) {
2745        zval_dtor(estimated);
2746        ZVAL_LONG(estimated, lestimated);
2747    }
2748
2749    zval_dtor(cookie);
2750    if (lcookie.bv_len == 0) {
2751        ZVAL_EMPTY_STRING(cookie);
2752    } else {
2753        ZVAL_STRINGL(cookie, lcookie.bv_val, lcookie.bv_len, 1);
2754    }
2755    ldap_memfree(lcookie.bv_val);
2756
2757    RETURN_TRUE;
2758}
2759/* }}} */
2760#endif
2761
2762/* {{{ arginfo */
2763ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_connect, 0, 0, 0)
2764    ZEND_ARG_INFO(0, hostname)
2765    ZEND_ARG_INFO(0, port)
2766#ifdef HAVE_ORALDAP
2767    ZEND_ARG_INFO(0, wallet)
2768    ZEND_ARG_INFO(0, wallet_passwd)
2769    ZEND_ARG_INFO(0, authmode)
2770#endif
2771ZEND_END_ARG_INFO()
2772
2773ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_resource, 0, 0, 1)
2774    ZEND_ARG_INFO(0, link_identifier)
2775ZEND_END_ARG_INFO()
2776
2777ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_bind, 0, 0, 1)
2778    ZEND_ARG_INFO(0, link_identifier)
2779    ZEND_ARG_INFO(0, bind_rdn)
2780    ZEND_ARG_INFO(0, bind_password)
2781ZEND_END_ARG_INFO()
2782
2783#ifdef HAVE_LDAP_SASL
2784ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_sasl_bind, 0, 0, 1)
2785    ZEND_ARG_INFO(0, link)
2786    ZEND_ARG_INFO(0, binddn)
2787    ZEND_ARG_INFO(0, password)
2788    ZEND_ARG_INFO(0, sasl_mech)
2789    ZEND_ARG_INFO(0, sasl_realm)
2790    ZEND_ARG_INFO(0, sasl_authz_id)
2791    ZEND_ARG_INFO(0, props)
2792ZEND_END_ARG_INFO()
2793#endif
2794
2795ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_read, 0, 0, 3)
2796    ZEND_ARG_INFO(0, link_identifier)
2797    ZEND_ARG_INFO(0, base_dn)
2798    ZEND_ARG_INFO(0, filter)
2799    ZEND_ARG_INFO(0, attributes)
2800    ZEND_ARG_INFO(0, attrsonly)
2801    ZEND_ARG_INFO(0, sizelimit)
2802    ZEND_ARG_INFO(0, timelimit)
2803    ZEND_ARG_INFO(0, deref)
2804ZEND_END_ARG_INFO()
2805
2806ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_list, 0, 0, 3)
2807    ZEND_ARG_INFO(0, link_identifier)
2808    ZEND_ARG_INFO(0, base_dn)
2809    ZEND_ARG_INFO(0, filter)
2810    ZEND_ARG_INFO(0, attributes)
2811    ZEND_ARG_INFO(0, attrsonly)
2812    ZEND_ARG_INFO(0, sizelimit)
2813    ZEND_ARG_INFO(0, timelimit)
2814    ZEND_ARG_INFO(0, deref)
2815ZEND_END_ARG_INFO()
2816
2817ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_search, 0, 0, 3)
2818    ZEND_ARG_INFO(0, link_identifier)
2819    ZEND_ARG_INFO(0, base_dn)
2820    ZEND_ARG_INFO(0, filter)
2821    ZEND_ARG_INFO(0, attributes)
2822    ZEND_ARG_INFO(0, attrsonly)
2823    ZEND_ARG_INFO(0, sizelimit)
2824    ZEND_ARG_INFO(0, timelimit)
2825    ZEND_ARG_INFO(0, deref)
2826ZEND_END_ARG_INFO()
2827
2828ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_count_entries, 0, 0, 2)
2829    ZEND_ARG_INFO(0, link_identifier)
2830    ZEND_ARG_INFO(0, result_identifier)
2831ZEND_END_ARG_INFO()
2832
2833ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_first_entry, 0, 0, 2)
2834    ZEND_ARG_INFO(0, link_identifier)
2835    ZEND_ARG_INFO(0, result_identifier)
2836ZEND_END_ARG_INFO()
2837
2838ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_next_entry, 0, 0, 2)
2839    ZEND_ARG_INFO(0, link_identifier)
2840    ZEND_ARG_INFO(0, result_identifier)
2841ZEND_END_ARG_INFO()
2842
2843ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_get_entries, 0, 0, 2)
2844    ZEND_ARG_INFO(0, link_identifier)
2845    ZEND_ARG_INFO(0, result_identifier)
2846ZEND_END_ARG_INFO()
2847
2848ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_first_attribute, 0, 0, 2)
2849    ZEND_ARG_INFO(0, link_identifier)
2850    ZEND_ARG_INFO(0, result_entry_identifier)
2851ZEND_END_ARG_INFO()
2852
2853ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_next_attribute, 0, 0, 2)
2854    ZEND_ARG_INFO(0, link_identifier)
2855    ZEND_ARG_INFO(0, result_entry_identifier)
2856ZEND_END_ARG_INFO()
2857
2858ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_get_attributes, 0, 0, 2)
2859    ZEND_ARG_INFO(0, link_identifier)
2860    ZEND_ARG_INFO(0, result_entry_identifier)
2861ZEND_END_ARG_INFO()
2862
2863ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_get_values, 0, 0, 3)
2864    ZEND_ARG_INFO(0, link_identifier)
2865    ZEND_ARG_INFO(0, result_entry_identifier)
2866    ZEND_ARG_INFO(0, attribute)
2867ZEND_END_ARG_INFO()
2868
2869ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_get_values_len, 0, 0, 3)
2870    ZEND_ARG_INFO(0, link_identifier)
2871    ZEND_ARG_INFO(0, result_entry_identifier)
2872    ZEND_ARG_INFO(0, attribute)
2873ZEND_END_ARG_INFO()
2874
2875ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_get_dn, 0, 0, 2)
2876    ZEND_ARG_INFO(0, link_identifier)
2877    ZEND_ARG_INFO(0, result_entry_identifier)
2878ZEND_END_ARG_INFO()
2879
2880ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_explode_dn, 0, 0, 2)
2881    ZEND_ARG_INFO(0, dn)
2882    ZEND_ARG_INFO(0, with_attrib)
2883ZEND_END_ARG_INFO()
2884
2885ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_dn2ufn, 0, 0, 1)
2886    ZEND_ARG_INFO(0, dn)
2887ZEND_END_ARG_INFO()
2888
2889ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_add, 0, 0, 3)
2890    ZEND_ARG_INFO(0, link_identifier)
2891    ZEND_ARG_INFO(0, dn)
2892    ZEND_ARG_INFO(0, entry)
2893ZEND_END_ARG_INFO()
2894
2895ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_delete, 0, 0, 2)
2896    ZEND_ARG_INFO(0, link_identifier)
2897    ZEND_ARG_INFO(0, dn)
2898ZEND_END_ARG_INFO()
2899
2900ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_modify, 0, 0, 3)
2901    ZEND_ARG_INFO(0, link_identifier)
2902    ZEND_ARG_INFO(0, dn)
2903    ZEND_ARG_INFO(0, entry)
2904ZEND_END_ARG_INFO()
2905
2906ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_modify_batch, 0, 0, 3)
2907    ZEND_ARG_INFO(0, link_identifier)
2908    ZEND_ARG_INFO(0, dn)
2909    ZEND_ARG_ARRAY_INFO(0, modifications_info, 0)
2910ZEND_END_ARG_INFO()
2911
2912ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_mod_add, 0, 0, 3)
2913    ZEND_ARG_INFO(0, link_identifier)
2914    ZEND_ARG_INFO(0, dn)
2915    ZEND_ARG_INFO(0, entry)
2916ZEND_END_ARG_INFO()
2917
2918ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_mod_replace, 0, 0, 3)
2919    ZEND_ARG_INFO(0, link_identifier)
2920    ZEND_ARG_INFO(0, dn)
2921    ZEND_ARG_INFO(0, entry)
2922ZEND_END_ARG_INFO()
2923
2924ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_mod_del, 0, 0, 3)
2925    ZEND_ARG_INFO(0, link_identifier)
2926    ZEND_ARG_INFO(0, dn)
2927    ZEND_ARG_INFO(0, entry)
2928ZEND_END_ARG_INFO()
2929
2930ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_err2str, 0, 0, 1)
2931    ZEND_ARG_INFO(0, errno)
2932ZEND_END_ARG_INFO()
2933
2934ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_compare, 0, 0, 4)
2935    ZEND_ARG_INFO(0, link_identifier)
2936    ZEND_ARG_INFO(0, dn)
2937    ZEND_ARG_INFO(0, attribute)
2938    ZEND_ARG_INFO(0, value)
2939ZEND_END_ARG_INFO()
2940
2941ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_sort, 0, 0, 3)
2942    ZEND_ARG_INFO(0, link)
2943    ZEND_ARG_INFO(0, result)
2944    ZEND_ARG_INFO(0, sortfilter)
2945ZEND_END_ARG_INFO()
2946
2947#ifdef LDAP_CONTROL_PAGEDRESULTS
2948ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_control_paged_result, 0, 0, 2)
2949    ZEND_ARG_INFO(0, link)
2950    ZEND_ARG_INFO(0, pagesize)
2951    ZEND_ARG_INFO(0, iscritical)
2952    ZEND_ARG_INFO(0, cookie)
2953ZEND_END_ARG_INFO();
2954
2955ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_control_paged_result_response, 0, 0, 2)
2956    ZEND_ARG_INFO(0, link)
2957    ZEND_ARG_INFO(0, result)
2958    ZEND_ARG_INFO(1, cookie)
2959    ZEND_ARG_INFO(1, estimated)
2960ZEND_END_ARG_INFO();
2961#endif
2962
2963#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP
2964ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_rename, 0, 0, 5)
2965    ZEND_ARG_INFO(0, link_identifier)
2966    ZEND_ARG_INFO(0, dn)
2967    ZEND_ARG_INFO(0, newrdn)
2968    ZEND_ARG_INFO(0, newparent)
2969    ZEND_ARG_INFO(0, deleteoldrdn)
2970ZEND_END_ARG_INFO()
2971
2972ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_get_option, 0, 0, 3)
2973    ZEND_ARG_INFO(0, link_identifier)
2974    ZEND_ARG_INFO(0, option)
2975    ZEND_ARG_INFO(1, retval)
2976ZEND_END_ARG_INFO()
2977
2978ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_set_option, 0, 0, 3)
2979    ZEND_ARG_INFO(0, link_identifier)
2980    ZEND_ARG_INFO(0, option)
2981    ZEND_ARG_INFO(0, newval)
2982ZEND_END_ARG_INFO()
2983
2984ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_first_reference, 0, 0, 2)
2985    ZEND_ARG_INFO(0, link)
2986    ZEND_ARG_INFO(0, result)
2987ZEND_END_ARG_INFO()
2988
2989ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_next_reference, 0, 0, 2)
2990    ZEND_ARG_INFO(0, link)
2991    ZEND_ARG_INFO(0, entry)
2992ZEND_END_ARG_INFO()
2993
2994#ifdef HAVE_LDAP_PARSE_REFERENCE
2995ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_parse_reference, 0, 0, 3)
2996    ZEND_ARG_INFO(0, link)
2997    ZEND_ARG_INFO(0, entry)
2998    ZEND_ARG_INFO(1, referrals)
2999ZEND_END_ARG_INFO()
3000#endif
3001
3002
3003#ifdef HAVE_LDAP_PARSE_RESULT
3004ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_parse_result, 0, 0, 3)
3005    ZEND_ARG_INFO(0, link)
3006    ZEND_ARG_INFO(0, result)
3007    ZEND_ARG_INFO(1, errcode)
3008    ZEND_ARG_INFO(1, matcheddn)
3009    ZEND_ARG_INFO(1, errmsg)
3010    ZEND_ARG_INFO(1, referrals)
3011ZEND_END_ARG_INFO()
3012#endif
3013#endif
3014
3015#if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
3016ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_set_rebind_proc, 0, 0, 2)
3017    ZEND_ARG_INFO(0, link)
3018    ZEND_ARG_INFO(0, callback)
3019ZEND_END_ARG_INFO()
3020#endif
3021
3022#ifdef STR_TRANSLATION
3023ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_t61_to_8859, 0, 0, 1)
3024    ZEND_ARG_INFO(0, value)
3025ZEND_END_ARG_INFO()
3026
3027ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_8859_to_t61, 0, 0, 1)
3028    ZEND_ARG_INFO(0, value)
3029ZEND_END_ARG_INFO()
3030#endif
3031/* }}} */
3032
3033/*
3034    This is just a small subset of the functionality provided by the LDAP library. All the
3035    operations are synchronous. Referrals are not handled automatically.
3036*/
3037/* {{{ ldap_functions[]
3038 */
3039const zend_function_entry ldap_functions[] = {
3040    PHP_FE(ldap_connect,                                arginfo_ldap_connect)
3041    PHP_FALIAS(ldap_close,      ldap_unbind,            arginfo_ldap_resource)
3042    PHP_FE(ldap_bind,                                   arginfo_ldap_bind)
3043#ifdef HAVE_LDAP_SASL
3044    PHP_FE(ldap_sasl_bind,                              arginfo_ldap_sasl_bind)
3045#endif
3046    PHP_FE(ldap_unbind,                                 arginfo_ldap_resource)
3047    PHP_FE(ldap_read,                                   arginfo_ldap_read)
3048    PHP_FE(ldap_list,                                   arginfo_ldap_list)
3049    PHP_FE(ldap_search,                                 arginfo_ldap_search)
3050    PHP_FE(ldap_free_result,                            arginfo_ldap_resource)
3051    PHP_FE(ldap_count_entries,                          arginfo_ldap_count_entries)
3052    PHP_FE(ldap_first_entry,                            arginfo_ldap_first_entry)
3053    PHP_FE(ldap_next_entry,                             arginfo_ldap_next_entry)
3054    PHP_FE(ldap_get_entries,                            arginfo_ldap_get_entries)
3055    PHP_FE(ldap_first_attribute,                        arginfo_ldap_first_attribute)
3056    PHP_FE(ldap_next_attribute,                         arginfo_ldap_next_attribute)
3057    PHP_FE(ldap_get_attributes,                         arginfo_ldap_get_attributes)
3058    PHP_FALIAS(ldap_get_values, ldap_get_values_len,    arginfo_ldap_get_values)
3059    PHP_FE(ldap_get_values_len,                         arginfo_ldap_get_values_len)
3060    PHP_FE(ldap_get_dn,                                 arginfo_ldap_get_dn)
3061    PHP_FE(ldap_explode_dn,                             arginfo_ldap_explode_dn)
3062    PHP_FE(ldap_dn2ufn,                                 arginfo_ldap_dn2ufn)
3063    PHP_FE(ldap_add,                                    arginfo_ldap_add)
3064    PHP_FE(ldap_delete,                                 arginfo_ldap_delete)
3065    PHP_FE(ldap_modify_batch,                           arginfo_ldap_modify_batch)
3066    PHP_FALIAS(ldap_modify,     ldap_mod_replace,       arginfo_ldap_modify)
3067
3068/* additional functions for attribute based modifications, Gerrit Thomson */
3069    PHP_FE(ldap_mod_add,                                arginfo_ldap_mod_add)
3070    PHP_FE(ldap_mod_replace,                            arginfo_ldap_mod_replace)
3071    PHP_FE(ldap_mod_del,                                arginfo_ldap_mod_del)
3072/* end gjt mod */
3073
3074    PHP_FE(ldap_errno,                                  arginfo_ldap_resource)
3075    PHP_FE(ldap_err2str,                                arginfo_ldap_err2str)
3076    PHP_FE(ldap_error,                                  arginfo_ldap_resource)
3077    PHP_FE(ldap_compare,                                arginfo_ldap_compare)
3078    PHP_FE(ldap_sort,                                   arginfo_ldap_sort)
3079
3080#if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP
3081    PHP_FE(ldap_rename,                                 arginfo_ldap_rename)
3082    PHP_FE(ldap_get_option,                             arginfo_ldap_get_option)
3083    PHP_FE(ldap_set_option,                             arginfo_ldap_set_option)
3084    PHP_FE(ldap_first_reference,                        arginfo_ldap_first_reference)
3085    PHP_FE(ldap_next_reference,                         arginfo_ldap_next_reference)
3086#ifdef HAVE_LDAP_PARSE_REFERENCE
3087    PHP_FE(ldap_parse_reference,                        arginfo_ldap_parse_reference)
3088#endif
3089#ifdef HAVE_LDAP_PARSE_RESULT
3090    PHP_FE(ldap_parse_result,                           arginfo_ldap_parse_result)
3091#endif
3092#ifdef HAVE_LDAP_START_TLS_S
3093    PHP_FE(ldap_start_tls,                              arginfo_ldap_resource)
3094#endif
3095#endif
3096
3097#if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)
3098    PHP_FE(ldap_set_rebind_proc,                        arginfo_ldap_set_rebind_proc)
3099#endif
3100
3101#ifdef STR_TRANSLATION
3102    PHP_FE(ldap_t61_to_8859,                            arginfo_ldap_t61_to_8859)
3103    PHP_FE(ldap_8859_to_t61,                            arginfo_ldap_8859_to_t61)
3104#endif
3105
3106#ifdef LDAP_CONTROL_PAGEDRESULTS
3107    PHP_FE(ldap_control_paged_result,                           arginfo_ldap_control_paged_result)
3108    PHP_FE(ldap_control_paged_result_response,      arginfo_ldap_control_paged_result_response)
3109#endif
3110    PHP_FE_END
3111};
3112/* }}} */
3113
3114zend_module_entry ldap_module_entry = { /* {{{ */
3115    STANDARD_MODULE_HEADER,
3116    "ldap",
3117    ldap_functions,
3118    PHP_MINIT(ldap),
3119    PHP_MSHUTDOWN(ldap),
3120    NULL,
3121    NULL,
3122    PHP_MINFO(ldap),
3123    NO_VERSION_YET,
3124    PHP_MODULE_GLOBALS(ldap),
3125    PHP_GINIT(ldap),
3126    NULL,
3127    NULL,
3128    STANDARD_MODULE_PROPERTIES_EX
3129};
3130/* }}} */
3131
3132/*
3133 * Local variables:
3134 * tab-width: 4
3135 * c-basic-offset: 4
3136 * End:
3137 * vim600: sw=4 ts=4 fdm=marker
3138 * vim<600: sw=4 ts=4
3139 */
3140