Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:40052
Return-Path: <alexis.robert@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 81399 invoked from network); 21 Aug 2008 13:56:50 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Aug 2008 13:56:50 -0000
Authentication-Results: pb1.pair.com smtp.mail=alexis.robert@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=alexis.robert@gmail.com; sender-id=pass; domainkeys=bad
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 66.249.92.170 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: alexis.robert@gmail.com
X-Host-Fingerprint: 66.249.92.170 ug-out-1314.google.com  
Received: from [66.249.92.170] ([66.249.92.170:19237] helo=ug-out-1314.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 30/A3-06543-1247DA84 for <internals@lists.php.net>; Thu, 21 Aug 2008 09:56:50 -0400
Received: by ug-out-1314.google.com with SMTP id c2so1035611ugf.37
        for <internals@lists.php.net>; Thu, 21 Aug 2008 06:56:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:content-type;
        bh=63j+UGHsMMNk+S9r4y65hoIRddxkAu4zlNGKvYhoUQI=;
        b=NmPT0PA2h027mOtFBpI40LohWCqVuxaVEpX1M0rXxg+RLtn9yvxhstmTfWt+vnRmF2
         uNBd/KfkYDyC4RY2/fpBHs/I8BzEkkKgW0Z5lgsTSwpjoj6PEwk4IUjgRR84KGmtkRzo
         cx5VpzwpUeH6qZWikIt2lMifGy5HB5+E4BJ4U=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject
         :content-type;
        b=L/aS4w/0FfrAvRC70JKwUETrNx0S51IKCzkCS15HSiJpFBdenkubRdC8JlXhzUXG3X
         3X3+VkpfHK2M108Z7L/HicNHB/62DaMGXEZVhja1T3TNZv8LjifHugakqHa0cLxyuhfx
         iwsPsKe9uYXjMfnHFmwoN9LXdarnsZX6gifOY=
Received: by 10.210.48.14 with SMTP id v14mr1962166ebv.196.1219327006881;
        Thu, 21 Aug 2008 06:56:46 -0700 (PDT)
Received: from ?10.0.2.1? ( [81.57.34.8])
        by mx.google.com with ESMTPS id 5sm1206880eyh.2.2008.08.21.06.56.45
        (version=SSLv3 cipher=RC4-MD5);
        Thu, 21 Aug 2008 06:56:46 -0700 (PDT)
Message-ID: <48AD741C.7050102@gmail.com>
Date: Thu, 21 Aug 2008 15:56:44 +0200
User-Agent: Thunderbird 2.0.0.16 (X11/20080724)
MIME-Version: 1.0
To: internals@lists.php.net
Content-Type: multipart/mixed;
 boundary="------------070806040701090905010600"
Subject: [PATCH] Bug #45477: changing passwords on MS Active Directory/Novell
 Directory Server (LDAP)
From: alexis.robert@gmail.com (Alexis ROBERT)

--------------070806040701090905010600
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

As explained in http://bugs.php.net/bug.php?id=45477 it's not possible 
to change the userPassword attribute using PHP on NDS/AD because these 
LDAP servers require to perform the deleteAttribute and addAttribute 
operations in the same LDAP request.

Currently working at Hachette-Livre (Paris, France), we're experiencing 
this bug and the developer who wrote the app I'm working on was forced 
to use a BIG hack to perform an password changing request : he calls a 
Java app who does the LDAP request by using a system(). Admit it, it's ugly.

So i've made a patch which fixes the bug. It creates a 
ldap_mod_deleteadd function which delete an attribute and adding it in 
the same LDAP request.

Some parts of the code is imported from pam_ldap.

The syntax is pretty obvious (but not very clean asap, i wanted to know 
if you like my function before making it as pretty as ldap_mod_replace) :

ldap_mod_deleteadd(resource link, string dn, string attr, string old, 
string new[, boolean binary = false])

The boolean binary attribute is here for AD which uses an unicode 
encoded password (and so needs LDAP_MOD_BVALUES).

Currently waiting for your insults :)

Alexis ROBERT
alexis.robert@gmail.com

--------------070806040701090905010600
Content-Type: text/x-diff;
 name="001-ldap_php-add-mod_deleteadd.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="001-ldap_php-add-mod_deleteadd.diff"

Index: ext/ldap/ldap.c
===================================================================
RCS file: /repository/php-src/ext/ldap/ldap.c,v
retrieving revision 1.161.2.3.2.13
diff -r1.161.2.3.2.13 ldap.c
136a137,140
> /* additional functions for changing passwords (NDS/AD), Alexis Robert */
> 	PHP_FE(ldap_mod_deleteadd,							NULL)
> /* end deleteadd */
> 
1537a1542,1596
> /* {{{ proto bool ldap_mod_deleteadd(resource link, string dn, string attr, string old, string new[, boolean binary = false])
>    Delete and add an attribute in the same LDAP request (used for NDS/AD password changing)
>    Alexis Robert <alexis.robert@gmail.com> (Hachette-Livre)
> */
> PHP_FUNCTION(ldap_mod_deleteadd)
> {
> 	zval *link;
> 	char *dn, *attr, *old, *new;
> 	int dn_len, attr_len, old_len, new_len;
> 	zend_bool binary = 0;
> 	
> 	ldap_linkdata *ld;
> 	char *strvalsold[2];
> 	char *strvalsnew[2];
> 	LDAPMod mod, mod2;
> 	LDAPMod *mods[3];
> 	int rc;
> 	
> 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zssss|b", &link, &dn, &dn_len, &attr, &attr_len, &old, &old_len, &new, &new_len, &binary) == FAILURE) {
> 		WRONG_PARAM_COUNT;
> 	}
> 	
> 	ZEND_FETCH_RESOURCE(ld, ldap_linkdata*, &link, -1, "ldap link", le_link);
> 
> 	// Ported from pam_ldap
> 	strvalsold[0] = old;
> 	strvalsold[1] = NULL;
> 	strvalsnew[0] = new;
> 	strvalsnew[1] = NULL;
> 	
> 	mod.mod_vals.modv_strvals = strvalsold;
> 	mod.mod_type = attr;
> 	mod.mod_op = LDAP_MOD_DELETE;
> 	if (binary)
> 		mod.mod_op = mod.mod_op | LDAP_MOD_BVALUES;
> 	
> 	mod2.mod_vals.modv_strvals = strvalsnew;
> 	mod2.mod_type = attr;
> 	mod2.mod_op = LDAP_MOD_ADD;
> 	if (binary)
> 		mod.mod_op = mod.mod_op | LDAP_MOD_BVALUES;
> 
> 	mods[0] = &mod;
> 	mods[1] = &mod2;
> 	mods[2] = NULL;
> 
> 	if ((rc = ldap_modify_s(ld->link, dn, mods)) != LDAP_SUCCESS) {
> 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "mod_deleteadd: %s", ldap_err2string(rc));
> 		RETURN_FALSE;	
> 	}
> 
> 	RETURN_TRUE;
> }
> /* }}} */
> 
Index: ext/ldap/php_ldap.h
===================================================================
RCS file: /repository/php-src/ext/ldap/php_ldap.h,v
retrieving revision 1.32.2.1.2.3
diff -r1.32.2.1.2.3 php_ldap.h
65a66
> PHP_FUNCTION(ldap_mod_deleteadd);

--------------070806040701090905010600--