Merge pull request #159 from zf1s/fix-zend-ldap-openldap

[zend-ldap] php 8.1 & 8.2 compatibility fixes
zf1s · Feb 19, 2023 · efdb6ea · efdb6ea
2 parents 29758cd + 050c989
commit efdb6ea
Show file tree

Hide file tree

Showing 26 changed files with 541 additions and 85 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -37,10 +37,21 @@ jobs:
       MYSQL_PASSWORD: "zftest"
       MYSQL_DATABASE: "zftest"
       MYSQL_HOST: "127.0.0.1"
+
       POSTGRES_USER: "zftest"
       POSTGRES_PASSWORD: "zftest"
       POSTGRES_DB: "zftest"
       POSTGRES_HOST: "127.0.0.1"
+
+      # https://hub.docker.com/r/bitnami/openldap
+      LDAP_ROOT: "dc=example,dc=com"
+      LDAP_ALLOW_ANON_BINDING: false
+      LDAP_SKIP_DEFAULT_TREE: "yes"
+      LDAP_ADMIN_USERNAME: "admin"
+      LDAP_ADMIN_PASSWORD: "insecure"
+      LDAP_CONFIG_ADMIN_USERNAME: "admin"
+      LDAP_CONFIG_ADMIN_PASSWORD: "configpassword"
+
       # Default locales are: C C.UTF-8 POSIX en_US.utf8
       LOCALES: "fr_FR@euro fr_FR fr_BE.UTF-8 de en_US"
 
@@ -76,6 +87,20 @@ jobs:
           --health-timeout 5s
           --health-retries 5
 
+      openldap:
+        image: bitnami/openldap:2.5
+        ports:
+          - 1389:1389
+        env:
+          LDAP_ROOT: ${{ env.LDAP_ROOT }}
+          LDAP_ALLOW_ANON_BINDING: ${{ env.LDAP_ALLOW_ANON_BINDING }}
+          LDAP_SKIP_DEFAULT_TREE: ${{ env.LDAP_SKIP_DEFAULT_TREE }}
+          LDAP_ADMIN_USERNAME: ${{ env.LDAP_ADMIN_USERNAME }}
+          LDAP_ADMIN_PASSWORD: ${{ env.LDAP_ADMIN_PASSWORD }}
+          LDAP_CONFIG_ADMIN_ENABLED: "yes"
+          LDAP_CONFIG_ADMIN_USERNAME: ${{ env.LDAP_CONFIG_ADMIN_USERNAME }}
+          LDAP_CONFIG_ADMIN_PASSWORD: ${{ env.LDAP_CONFIG_ADMIN_PASSWORD }}
+
     steps:
       - name: Checkout Code
         uses: actions/checkout@v3
@@ -112,6 +137,11 @@ jobs:
           echo "All languages..."
           locale -a
 
+      - name: Setup LDAP
+        run: |
+          sudo apt-get install -y libnss-ldap libpam-ldap ldap-utils
+          tests/resources/openldap/docker-entrypoint-initdb.d/init.sh
+
       - name: "Run PHPUnit tests (Experimental: ${{ matrix.experimental }})"
         run: vendor/bin/phpunit --verbose
         continue-on-error: ${{ matrix.experimental }}

diff --git a/packages/zend-ldap/library/Zend/Ldap.php b/packages/zend-ldap/library/Zend/Ldap.php
@@ -147,7 +147,7 @@ public function __destruct()
      */
     public function getResource()
     {
-        if (!is_resource($this->_resource) || $this->_boundUser === false) {
+        if (!$this->isConnection($this->_resource) || $this->_boundUser === false) {
             $this->bind();
         }
         return $this->_resource;
@@ -160,6 +160,10 @@ public function getResource()
      */
     public function getLastErrorCode()
     {
+        if(!$this->isConnection($this->_resource)) {
+            return 0;
+        }
+
         $ret = @ldap_get_option($this->_resource, LDAP_OPT_ERROR_NUMBER, $err);
         if ($ret === true) {
             if ($err <= -1 && $err >= -17) {
@@ -553,10 +557,10 @@ protected function _isPossibleAuthority($dname)
         if ($accountDomainName === null && $accountDomainNameShort === null) {
             return true;
         }
-        if (strcasecmp($dname, $accountDomainName) == 0) {
+        if (strcasecmp($dname, (string)$accountDomainName) == 0) {
             return true;
         }
-        if (strcasecmp($dname, $accountDomainNameShort) == 0) {
+        if (strcasecmp($dname, (string)$accountDomainNameShort) == 0) {
             return true;
         }
         return false;
@@ -659,7 +663,7 @@ protected function _getAccount($acctname, array $attrs = null)
             throw new Zend_Ldap_Exception(null, 'Invalid account filter');
         }
 
-        if (!is_resource($this->getResource())) {
+        if (!$this->isConnection($this->getResource())) {
             $this->bind();
         }
 
@@ -697,13 +701,27 @@ protected function _getAccount($acctname, array $attrs = null)
      */
     public function disconnect()
     {
-        if (is_resource($this->_resource)) {
+        if ($this->isConnection($this->_resource)) {
             @ldap_unbind($this->_resource);
         }
         $this->_resource = null;
         $this->_boundUser = false;
         return $this;
     }
+
+    /**
+     * @param $resource
+     *
+     * @return bool
+     */
+    public function isConnection($resource)
+    {
+        if (PHP_VERSION_ID < 80100) {
+            return is_resource($resource);
+        }
+
+        return $resource instanceof \LDAP\Connection;
+    }
 
     /**
      * To connect using SSL it seems the client tries to verify the server
@@ -772,12 +790,16 @@ public function connect($host = null, $port = null, $useSsl = null, $useStartTls
 
         $this->disconnect();
 
+        if (!$port) {
+            $port = ($useSsl) ? 636 : 389;
+        }
+
         /* Only OpenLDAP 2.2 + supports URLs so if SSL is not requested, just
          * use the old form.
          */
         $resource = ($useUri) ? @ldap_connect($this->_connectString) : @ldap_connect($host, $port);
 
-        if (is_resource($resource) === true) {
+        if ($this->isConnection($resource) === true) {
             $this->_resource = $resource;
             $this->_boundUser = false;
 
@@ -816,7 +838,7 @@ public function bind($username = null, $password = null)
 
         // Security check: remove null bytes in password
         // @see https://net.educause.edu/ir/library/pdf/csd4875.pdf
-        $password = str_replace("\0", '', $password);
+        $password = str_replace("\0", '', (string)$password);
 
         if ($username === null) {
             $username = $this->_getUsername();
@@ -870,7 +892,7 @@ public function bind($username = null, $password = null)
             }
         }
 
-        if (!is_resource($this->_resource)) {
+        if (!$this->isConnection($this->_resource)) {
             $this->connect();
         }
 
@@ -990,22 +1012,17 @@ public function search($filter, $basedn = null, $scope = self::SEARCH_SCOPE_SUB,
             // require_once 'Zend/Ldap/Exception.php';
             throw new Zend_Ldap_Exception($this, 'searching: ' . $filter);
         }
-        if ($sort !== null && is_string($sort)) {
-            $isSorted = @ldap_sort($this->getResource(), $search, $sort);
-            if($isSorted === false) {
-                /**
-                 * @see Zend_Ldap_Exception
-                 */
-                // require_once 'Zend/Ldap/Exception.php';
-                throw new Zend_Ldap_Exception($this, 'sorting: ' . $sort);
-            }
-        }
 
         /**
          * Zend_Ldap_Collection_Iterator_Default
          */
         // require_once 'Zend/Ldap/Collection/Iterator/Default.php';
         $iterator = new Zend_Ldap_Collection_Iterator_Default($this, $search);
+
+        if ($sort !== null && is_string($sort)) {
+            $iterator->sort($sort);
+        }
+
         return $this->_createCollection($iterator, $collectionClass);
     }
 

diff --git a/packages/zend-ldap/library/Zend/Ldap/Collection.php b/packages/zend-ldap/library/Zend/Ldap/Collection.php
@@ -96,12 +96,12 @@ public function toArray()
      */
     public function getFirst()
     {
-        if ($this->count() > 0) {
-            $this->rewind();
-            return $this->current();
-        } else {
+        if ($this->count() < 1) {
             return null;
         }
+
+        $this->rewind();
+        return $this->current();
     }
 
     /**
@@ -136,21 +136,23 @@ public function count()
     #[ReturnTypeWillChange]
     public function current()
     {
-        if ($this->count() > 0) {
-            if ($this->_current < 0) {
-                $this->rewind();
-            }
-            if (!array_key_exists($this->_current, $this->_cache)) {
-                $current = $this->_iterator->current();
-                if ($current === null) {
-                    return null;
-                }
-                $this->_cache[$this->_current] = $this->_createEntry($current);
-            }
-            return $this->_cache[$this->_current];
-        } else {
+        if ($this->count() < 1) {
             return null;
         }
+
+        if ($this->_current < 0) {
+            $this->rewind();
+        }
+
+        if (! array_key_exists($this->_current, $this->_cache)) {
+            $current = $this->_iterator->current();
+            if ($current === null) {
+                return null;
+            }
+            $this->_cache[$this->_current] = $this->_createEntry($current);
+        }
+
+        return $this->_cache[$this->_current];
     }
 
     /**