Commit a57f582

committed

Merge branch 'PHP-8.3' into PHP-8.4

2 parents 4647dfc + eade5c1 commit a57f582Copy full SHA for a57f582

File tree

6 files changed

+109

-5

lines changed

.github/scripts
- setup-slapd.sh
NEWS
ext/ldap
- ldap.c
- tests

6 files changed

+109

-5

lines changed

`‎.github/scripts/setup-slapd.sh‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,9 @@ olcTLSCertificateKeyFile: /etc/ldap/ssl/server.key`
`72`	`72`	`add: olcTLSVerifyClient`
`73`	`73`	`olcTLSVerifyClient: never`
`74`	`74`	`-`
	`75`	`+add: olcTLSProtocolMin`
	`76`	`+olcTLSProtocolMin: 3.3`
	`77`	`+-`
`75`	`78`	`add: olcAuthzRegexp`
`76`	`79`	`olcAuthzRegexp: uid=usera,cn=digest-md5,cn=auth cn=usera,dc=my-domain,dc=com`
`77`	`80`	`-`

`‎NEWS‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,10 @@ PHP NEWS`
`5`	`5`	`- Intl:`
`6`	`6`	`. Fix memleak on failure in collator_get_sort_key(). (nielsdos)`
`7`	`7`
	`8`	`+- LDAP:`
	`9`	`+ . Fixed bug GH-18529 (additional inheriting of TLS int options).`
	`10`	`+ (Jakub Zelenka)`
	`11`	`+`
`8`	`12`	`- OpenSSL:`
`9`	`13`	`. Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file()`
`10`	`14`	`return value check). (nielsdos, botovq)`

`‎ext/ldap/ldap.c‎`

Lines changed: 27 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -3740,7 +3740,8 @@ PHP_FUNCTION(ldap_rename_ext)`
`3740`	`3740`	`*/`
`3741`	`3741`	`static int _php_ldap_tls_newctx(LDAP *ld)`
`3742`	`3742`	`{`
`3743`		`- int val = 0, i, opts[] = {`
	`3743`	`+ int val = 0, i;`
	`3744`	`+ int str_opts[] = {`
`3744`	`3745`	`#if (LDAP_API_VERSION > 2000)`
`3745`	`3746`	`LDAP_OPT_X_TLS_CACERTDIR,`
`3746`	`3747`	`LDAP_OPT_X_TLS_CACERTFILE,`
`@@ -3760,21 +3761,42 @@ static int _php_ldap_tls_newctx(LDAP *ld)`
`3760`	`3761`	`#endif`
`3761`	`3762`	`0};`
`3762`	`3763`
`3763`		`- for (i=0 ; opts[i] ; i++) {`
	`3764`	`+ for (i=0 ; str_opts[i] ; i++) {`
`3764`	`3765`	`char *path = NULL;`
`3765`	`3766`
`3766`		`- ldap_get_option(ld, opts[i], &path);`
	`3767`	`+ ldap_get_option(ld, str_opts[i], &path);`
`3767`	`3768`	`if (path) { /* already set locally */`
`3768`	`3769`	`ldap_memfree(path);`
`3769`	`3770`	`} else {`
`3770`		`- ldap_get_option(NULL, opts[i], &path);`
	`3771`	`+ ldap_get_option(NULL, str_opts[i], &path);`
`3771`	`3772`	`if (path) { /* set globally, inherit */`
`3772`		`- ldap_set_option(ld, opts[i], path);`
	`3773`	`+ ldap_set_option(ld, str_opts[i], path);`
`3773`	`3774`	`ldap_memfree(path);`
`3774`	`3775`	`}`
`3775`	`3776`	`}`
`3776`	`3777`	`}`
`3777`	`3778`
	`3779`	`+#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN`
	`3780`	`+ int int_opts[] = {`
	`3781`	`+ LDAP_OPT_X_TLS_PROTOCOL_MIN,`
	`3782`	`+#ifdef LDAP_OPT_X_TLS_PROTOCOL_MAX`
	`3783`	`+ LDAP_OPT_X_TLS_PROTOCOL_MAX,`
	`3784`	`+#endif`
	`3785`	`+ 0`
	`3786`	`+ };`
	`3787`	`+ for (i=0 ; int_opts[i] ; i++) {`
	`3788`	`+ int value = 0;`
	`3789`	`+`
	`3790`	`+ ldap_get_option(ld, int_opts[i], &value);`
	`3791`	`+ if (value <= 0) { /* if value is not set already */`
	`3792`	`+ ldap_get_option(NULL, int_opts[i], &value);`
	`3793`	`+ if (value > 0) { /* set globally, inherit */`
	`3794`	`+ ldap_set_option(ld, int_opts[i], &value);`
	`3795`	`+ }`
	`3796`	`+ }`
	`3797`	`+ }`
	`3798`	`+#endif`
	`3799`	`+`
`3778`	`3800`	`return ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &val);`
`3779`	`3801`	`}`
`3780`	`3802`

`‎ext/ldap/tests/ldap_start_tls_rc_max_version.conf‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+TLS_PROTOCOL_MAX 3.2`

`‎ext/ldap/tests/ldap_start_tls_rc_max_version.phpt‎`

Lines changed: 41 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,41 @@`
	`1`	`+--TEST--`
	`2`	`+ldap_start_tls() - Basic ldap_start_tls test`
	`3`	`+--EXTENSIONS--`
	`4`	`+ldap`
	`5`	`+--ENV--`
	`6`	`+LDAPCONF={PWD}/ldap_start_tls_rc_max_version.conf`
	`7`	`+--SKIPIF--`
	`8`	`+<?php`
	`9`	`+$require_vendor = [`
	`10`	`+ "name" => "OpenLDAP",`
	`11`	`+ "min_version" => 20600,`
	`12`	`+];`
	`13`	`+require_once __DIR__ .'/skipifbindfailure.inc';`
	`14`	`+?>`
	`15`	`+--FILE--`
	`16`	`+<?php`
	`17`	`+require_once "connect.inc";`
	`18`	`+`
	`19`	`+// CI uses self signed certificate`
	`20`	`+`
	`21`	`+// No cert option - fails`
	`22`	`+$link = ldap_connect($uri);`
	`23`	`+ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);`
	`24`	`+var_dump(@ldap_start_tls($link));`
	`25`	`+`
	`26`	`+// No cert check - should pass but due to ldaps check, it fails as well`
	`27`	`+$link = ldap_connect($uri);`
	`28`	`+ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);`
	`29`	`+ldap_set_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);`
	`30`	`+var_dump(@ldap_start_tls($link));`
	`31`	`+`
	`32`	`+// With cert check - fails`
	`33`	`+$link = ldap_connect($uri);`
	`34`	`+ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);`
	`35`	`+ldap_set_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_DEMAND);`
	`36`	`+var_dump(@ldap_start_tls($link));`
	`37`	`+?>`
	`38`	`+--EXPECT--`
	`39`	`+bool(false)`
	`40`	`+bool(false)`
	`41`	`+bool(false)`

`‎ext/ldap/tests/skipifbindfailure.inc‎`

Lines changed: 33 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,4 +10,37 @@ if ($skip_on_bind_failure) {`
`10`	`10`
`11`	`11`	`ldap_unbind($link);`
`12`	`12`	`}`
	`13`	`+`
	`14`	`+if (isset($require_vendor)) {`
	`15`	`+ ob_start();`
	`16`	`+ phpinfo(INFO_MODULES);`
	`17`	`+ $phpinfo = ob_get_clean();`
	`18`	`+`
	`19`	`+ // Extract the LDAP section specifically`
	`20`	`+ if (preg_match('/^ldap\s$(.?)^[a-z_]+\s*$/ims', $phpinfo, $ldap_section_match)) {`
	`21`	`+ $ldap_section = $ldap_section_match[1];`
	`22`	`+`
	`23`	`+ // Extract vendor info from the LDAP section only`
	`24`	`+ if (preg_match('/Vendor Name\s=>\s(.+)/i', $ldap_section, $name_match) &&`
	`25`	`+ preg_match('/Vendor Version\s=>\s(\d+)/i', $ldap_section, $version_match)) {`
	`26`	`+`
	`27`	`+ $vendor_name = trim($name_match[1]);`
	`28`	`+ $vendor_version = (int)$version_match[1];`
	`29`	`+`
	`30`	`+ // Check vendor name if specified`
	`31`	`+ if (isset($require_vendor['name']) && $vendor_name !== $require_vendor['name']) {`
	`32`	`+ die("skip Requires {$require_vendor['name']} (detected: $vendor_name)");`
	`33`	`+ }`
	`34`	`+`
	`35`	`+ // Check minimum version if specified`
	`36`	`+ if (isset($require_vendor['min_version']) && $vendor_version < $require_vendor['min_version']) {`
	`37`	`+ die("skip Requires minimum version {$require_vendor['min_version']} (detected: $vendor_version)");`
	`38`	`+ }`
	`39`	`+ } else {`
	`40`	`+ die("skip Cannot determine LDAP vendor information");`
	`41`	`+ }`
	`42`	`+ } else {`
	`43`	`+ die("skip LDAP extension information not found");`
	`44`	`+ }`
	`45`	`+}`
`13`	`46`	`?>`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit a57f582

File tree

6 files changed

6 files changed

`‎.github/scripts/setup-slapd.sh‎`

`‎NEWS‎`

`‎ext/ldap/ldap.c‎`

`‎ext/ldap/tests/ldap_start_tls_rc_max_version.conf‎`

`‎ext/ldap/tests/ldap_start_tls_rc_max_version.phpt‎`

`‎ext/ldap/tests/skipifbindfailure.inc‎`

0 commit comments