From 2a897cbab75522019e62e289b68fd5f48a49eb2a Mon Sep 17 00:00:00 2001 From: Mario Fetka Date: Mon, 20 Apr 2026 00:08:32 +0200 Subject: [PATCH] readd php auth module --- net-fs/ncpfs/Manifest | 6 +- .../files/ncpfs-2.2.6-php-install-root.patch | 16 + net-fs/ncpfs/files/ncpfs-2.2.6-php5x.patch | 11 + net-fs/ncpfs/files/php_auth_nds-php8.patch | 332 ++++++ net-fs/ncpfs/files/php_auth_nds.fixed.c | 1057 +++++++++++++++++ net-fs/ncpfs/ncpfs-2.2.6-r5.ebuild | 27 +- 6 files changed, 1442 insertions(+), 7 deletions(-) create mode 100644 net-fs/ncpfs/files/ncpfs-2.2.6-php-install-root.patch create mode 100644 net-fs/ncpfs/files/ncpfs-2.2.6-php5x.patch create mode 100644 net-fs/ncpfs/files/php_auth_nds-php8.patch create mode 100644 net-fs/ncpfs/files/php_auth_nds.fixed.c diff --git a/net-fs/ncpfs/Manifest b/net-fs/ncpfs/Manifest index 15661c74..2490a85b 100644 --- a/net-fs/ncpfs/Manifest +++ b/net-fs/ncpfs/Manifest @@ -13,10 +13,14 @@ AUX ncpfs-2.2.6-missing-includes.patch 758 BLAKE2B dd250f53198444500f15faad84b2a AUX ncpfs-2.2.6-multiple-vulns.patch 14138 BLAKE2B 6f612b14d194b595a8c5baa5cd1e5a6af9e43873a3b437d004c212934ac2f0bbc638abe8bf0d7aef91c8d5084e2514f03bb9c0999e57dcc6bf210b7bf1cc3a8e SHA512 a58a3d5f4ff7540a880e064bfe7602d38671ddd737bc8e4a9e48ef52f0864de8e0ae51f0fea2ae0be82cc6910d4a47ff8562f9a730dd1930a37fd870bc2823c9 AUX ncpfs-2.2.6-no-suid-root.patch 544 BLAKE2B 7e5b15d524cba691cd5266d2eaaf579c2180d870235254c8a77caa07e9c72dee36b6215a5681eef16e1a30274862d6bab01b2ca824571de3ac39ecd863c84364 SHA512 697d577aab12c94cbdb36c2f9f2cd51b82e3ab5efb4a9e8246a7c93b7004d004e7d4fdb1ec003585daf1a11f9f559fd65ea86fe8933f2a7d89b0ce810f21c975 AUX ncpfs-2.2.6-pam_ncp_auth-fix.patch 556 BLAKE2B 66289abdd6b8adc0a53538365c03f30eda980c3eaeaf2c6d7105757b3bdb69c3a53d7b12bc7a06dc9d1f91bcdfbcdd81b4e027fdd5054979aaf872851ac8b148 SHA512 3c20c36bb2b8c72440e359bb3f66d5a91bc91132accc518bae8db0fbc77aaf966e676f494c8add959178e315513aaddc9f627a05b9e0c376cf7ece5bba0b0dde +AUX ncpfs-2.2.6-php-install-root.patch 494 BLAKE2B 6010f85cabef7b6f736cc9512147c42fce3be53d66ce2885a8f9cf1450fe5aeaecc1e5528f3028b1052c3b173b9e6275b10643ac6e5ae53d94bd8fc85dce652e SHA512 e867d2782166b49226ab4377d9a8ab251e0b69db832d47d0a634c1c1e0850d3a651d92aece95494552635a22548c515972b03ab6ff52ab821a113257ba128e34 +AUX ncpfs-2.2.6-php5x.patch 400 BLAKE2B 14147adf99435c144f3d1ed221e9d6796a2ce493423556ff8abe34e6527e5d3b86f5cfc14de1a97dc26732c88fa3705e4fa50649ad6c885f635617360266df4f SHA512 893d90e60b3ace99080ba0ae343c6dcab2ecaad9e2b6bb1082b63190833e1b3b3aa398efc204d5161517b6737b2b6fe8407e148da01ecb0a5f5c71ce3b83d35e AUX ncpfs-2.2.6-remove-libncp_atomic-header.patch 572 BLAKE2B 17d8bf08a9cfa63a0ace4f9f3a7983ec70a7c5ed3ad5d83a61383408c8b350a0f25368bb271658a4ac7e26ed0f2ea62d82322a55d4e02f6f0d8d3b6e995367cf SHA512 07689c979e8e6a40aca410ac8211c6af9fa640679c34ab3431e70c849e9f3c42d26b204310a697ef1494f33b5296e642b977dfc56453f680527ee54d697abe1c AUX ncpfs-2.2.6-remove-packed-attrib.patch 10312 BLAKE2B 9fe98d402ec9e4435128ff903c6cf6eec7144cfa5ba75b1732707e5f50bcdd12ce693cb156d6a1d7c90b947ab52380bd1ff6d1ba44b282cb0f68319838030aa7 SHA512 efd11c2cf08f3b7b1458b836ee863f31e3ae470986a02a3d2db0ec6fbb7a984e2d33643765d7223b797732d80187412a907a9ca971233eb0f95ed4744ef6f44a AUX ncpfs-2.2.6-servername-array-fix.patch 523 BLAKE2B 6cf9c27ae7bda17722a74f550beb8a2f027517db264a4f895977c05b78609cf818d88fa79e2264a99e99ea09e6de626eb209c394d286b9cae84fd4636db3de47 SHA512 10c8a0b7c6d715018acf77ea3bcca2e50add48d479cc0ee07035f3f8fb910069c2c508a25ab3de945ef19c78add6d8192f0cb484e756d9a15ceb3afcd8195a69 AUX ncpfs-2.2.6-usr-merge.patch 514 BLAKE2B 44873b8731d062b2fe802f9ecc145509d12625be4e62b1025738a6076cb003d5577c2d5c21e338ff5fade6e0bea844a254509287a82aabc0bb92db20b0c7ec5d SHA512 cf05a0b2e41c45a8215bf1b150b79a16cdaa040c4e41ab6f361fffaa2a937fb792b464b1a9b49ecde18ae5df8e58e1887b1e965ff39adf1f05a2418f89efca11 AUX ncpfs-2.2.6-zend_function_entry.patch 296 BLAKE2B 3bb6db87517e0fb086e95462e9b567628ede7fbeef77b5d6e101dec8a316f2a5185cad8846bbaf37dada789acfedf6f6bbc75dafa92f3eb140cfde4eb038e1eb SHA512 c96723a840cb1b0cdddb91ebe74620b87a32350be084f21b741bda4e399a7648fd00522e9f2ec8404d5a98835d3f5a343dd588f4279848cc031de5bed01680e0 +AUX php_auth_nds-php8.patch 9935 BLAKE2B 22e0105a8d09713dd054cebcaa1455d01433aa5176b7a21757aaec3a4902e888a1b9d1e25561530a93cf43e0efe7824c4439a9191011ff037ba5bfd639b1c655 SHA512 5430eb4162bc1c46ed41ec6185c4934ae0fb67387a3c2f4f3080cb8a457903366259180715fe720ec562b792864de6706bf10160e9f5de4a357c6e1c95bad800 +AUX php_auth_nds.fixed.c 29651 BLAKE2B 6b0e6b56547d152c6e9cc327374d1b492c912bca85e87fca6b5e244d61cb09f71cb0e8dcaf0f9bb6d7224132842c3a2cfe4170c67d0035c0e0ddd5e80e7ec83f SHA512 78dbe6b636281ac6540cce996b8983fdd9d689781c984555eb09b95f479467326f82d8d164618f5a210a89c817ac8cbd13ca79afa1b11be3ea721703eceba62c DIST ncpfs-2.2.6.tar.gz 2100545 BLAKE2B b95c8c0b097227c7b9e526e978efdca2234cdd0833468be99abaa68b0feba09794be26ebcb3a1c3371bc99f6c9d007eee164fa5f918aaee3eca44aeb1420211f SHA512 51f85eaae85deb66cea2ff434974699f6aa45ed1ed75217ef6176ac0b7d0f9f1c4fb186afc64c1b495474d5bad9ac7614033128c0bec39c05de723a9b29c8602 -EBUILD ncpfs-2.2.6-r5.ebuild 2519 BLAKE2B 769617416f31343574ae17ffd08b8ff3e287a88a223dcaa3438e4e42b918eb86629dc4fd897bb6968a2a4145e80155eff2e9135d6e03a934c79ba9cdab7e4588 SHA512 935c021739ab21e6767c686c4ef550dc5836d7f70e1ec945403b4936ee6ee235d1876c4650cf8bc490e405c057ef7281ecee94856d21d7f9acd725da64b054b5 +EBUILD ncpfs-2.2.6-r5.ebuild 2981 BLAKE2B 5f95c7ba00a5deea0db38569ddbdffb56707839495ebcb3d5e3266518fd2453a0569e3a4dd4b6997b436db0d0a69cd24c89278f756316eafbbdecbfe5eb98429 SHA512 e9d9661465509a9864e93581eec8126d1000db94c5661f6337bb5716d154e39ebe9815327dcb9a578ec764c6b81bd526e73332ea1b1a68446d60652618b6b8c8 diff --git a/net-fs/ncpfs/files/ncpfs-2.2.6-php-install-root.patch b/net-fs/ncpfs/files/ncpfs-2.2.6-php-install-root.patch new file mode 100644 index 00000000..79b380e2 --- /dev/null +++ b/net-fs/ncpfs/files/ncpfs-2.2.6-php-install-root.patch @@ -0,0 +1,16 @@ +--- a/contrib/php/build/rules.mk ++++ b/contrib/php/build/rules.mk +@@ -63,10 +63,10 @@ + + install-modules: + @test -d modules && \ +- $(mkinstalldirs) $(moduledir) && \ +- echo "installing shared modules into $(moduledir)" && \ ++ $(mkinstalldirs) $(INSTALL_ROOT)$(moduledir) && \ ++ echo "installing shared modules into $(INSTALL_ROOT)$(moduledir)" && \ + rm -f modules/*.la && \ +- cp modules/* $(moduledir) || true ++ cp modules/* $(INSTALL_ROOT)$(moduledir) || true + + include $(builddir)/.deps + diff --git a/net-fs/ncpfs/files/ncpfs-2.2.6-php5x.patch b/net-fs/ncpfs/files/ncpfs-2.2.6-php5x.patch new file mode 100644 index 00000000..129ecc1f --- /dev/null +++ b/net-fs/ncpfs/files/ncpfs-2.2.6-php5x.patch @@ -0,0 +1,11 @@ +--- ncpfs-2.2.6/contrib/php/php_auth_nds.c.orig 2014-07-10 21:08:33.943715018 +0200 ++++ ncpfs-2.2.6/contrib/php/php_auth_nds.c 2014-07-10 22:19:01.596870933 +0200 +@@ -1100,7 +1100,7 @@ + php_info_print_table_end(); + } + +-function_entry auth_nds_functions[] = { ++static zend_function_entry auth_nds_functions[] = { + PHP_FE(auth_bindery, NULL) + PHP_FE(auth_nds, NULL) + PHP_FE(auth_tree, NULL) diff --git a/net-fs/ncpfs/files/php_auth_nds-php8.patch b/net-fs/ncpfs/files/php_auth_nds-php8.patch new file mode 100644 index 00000000..a16995b7 --- /dev/null +++ b/net-fs/ncpfs/files/php_auth_nds-php8.patch @@ -0,0 +1,332 @@ +--- /mnt/data/php_auth_nds.c 2026-04-19 21:36:13.625852545 +0000 ++++ ncpfs-2.2.6/contrib/php/php_auth_nds.c 2026-04-19 21:38:56.781480418 +0000 +@@ -816,47 +816,34 @@ + PHP_FUNCTION (read_nds_string) + { + int res; /* fcn result code */ +- const char *treen, *objectn, *attributen; ++ char *treen, *objectn, *attributen; ++ size_t treen_len, objectn_len, attributen_len; + char errstr[512]; + char local_buffer [8192]; + char * buffer; // returned by NWCXGetMultiStringAttributeValue + +- int argc = ZEND_NUM_ARGS(); +- zval **tree, **object, **attribute; +- +- if (argc != 3 || zend_get_parameters_ex(argc, &tree, &object, &attribute)) { +- WRONG_PARAM_COUNT; ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss", &treen, &treen_len, ++ &objectn, &objectn_len, ++ &attributen, &attributen_len) == FAILURE) { ++ RETURN_THROWS(); + } + + sprintf(errstr, "Wrong parameters values"); +- if (!tree || !object || !attribute) { +- RETURN_STRING(errstr,1); +- } +- +- convert_to_string_ex(tree); +- convert_to_string_ex(object); +- convert_to_string_ex(attribute); +- +- treen = (*tree)->value.str.val; +- objectn = (*object)->value.str.val; +- attributen = (*attribute)->value.str.val; +- + if (!treen || !objectn || !attributen) { +- RETURN_STRING(errstr,1); ++ RETURN_STRING(errstr); + } + + sprintf(errstr, "failure"); + res=nds_read_string_fn(errstr,treen,objectn,attributen,&buffer); + if (res) { +- RETURN_STRING(errstr,1); ++ RETURN_STRING(errstr); + } + if (strlen(buffer) >=sizeof(local_buffer)) { + buffer[sizeof(local_buffer)-1]=0; +- + } + strcpy(local_buffer,buffer); + free(buffer); +- RETURN_STRING(local_buffer,1); ++ RETURN_STRING(local_buffer); + + } + +@@ -864,78 +851,53 @@ + //use a servername instaed of a tree name + { + int res; /* fcn result code */ +- const char *servern, *objectn, *attributen; ++ char *servern, *objectn, *attributen; ++ size_t servern_len, objectn_len, attributen_len; + char errstr[512]; + char local_buffer [8192]; + char * buffer; // returned by NWCXGetMultiStringAttributeValue + +- int argc = ZEND_NUM_ARGS(); +- zval **server, **object, **attribute; +- +- if (argc != 3 || zend_get_parameters_ex(argc, &server, &object, &attribute)) { +- WRONG_PARAM_COUNT; ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss", &servern, &servern_len, ++ &objectn, &objectn_len, ++ &attributen, &attributen_len) == FAILURE) { ++ RETURN_THROWS(); + } + + sprintf(errstr, "Wrong parameters values"); +- if (!server || !object || !attribute) { +- RETURN_STRING(errstr,1); +- } +- +- convert_to_string_ex(server); +- convert_to_string_ex(object); +- convert_to_string_ex(attribute); +- +- servern = (*server)->value.str.val; +- objectn = (*object)->value.str.val; +- attributen = (*attribute)->value.str.val; +- + if (!servern || !objectn || !attributen) { +- RETURN_STRING(errstr,1); ++ RETURN_STRING(errstr); + } + + sprintf(errstr, "failure"); + res=nds_read_string_fn2(errstr,servern,objectn,attributen,&buffer); + if (res) { +- RETURN_STRING(errstr,1); ++ RETURN_STRING(errstr); + } + if (strlen(buffer) >=sizeof(local_buffer)) { + buffer[sizeof(local_buffer)-1]=0; +- + } + strcpy(local_buffer,buffer); + free(buffer); +- RETURN_STRING(local_buffer,1); ++ RETURN_STRING(local_buffer); + + } + + PHP_FUNCTION (read_nds_int) + { + int res; /* fcn result code */ +- const char *treen, *objectn, *attributen; ++ char *treen, *objectn, *attributen; ++ size_t treen_len, objectn_len, attributen_len; + char errstr[512]; + +- int argc = ZEND_NUM_ARGS(); +- zval **tree, **object, **attribute; +- +- if (argc != 3 || zend_get_parameters_ex(argc, &tree, &object, &attribute)) { +- WRONG_PARAM_COUNT; ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss", &treen, &treen_len, ++ &objectn, &objectn_len, ++ &attributen, &attributen_len) == FAILURE) { ++ RETURN_THROWS(); + } + + sprintf(errstr, "Wrong parameters values"); +- if (!tree || !object || !attribute) { +- RETURN_STRING(errstr,1); +- } +- +- convert_to_string_ex(tree); +- convert_to_string_ex(object); +- convert_to_string_ex(attribute); +- +- treen = (*tree)->value.str.val; +- objectn = (*object)->value.str.val; +- attributen = (*attribute)->value.str.val; +- + if (!treen || !objectn || !attributen) { +- RETURN_STRING(errstr,1); ++ RETURN_STRING(errstr); + } + sprintf(errstr, "failure"); + { +@@ -945,7 +907,7 @@ + sprintf(errstr, "%d", result); + } + } +- RETURN_STRING(errstr, 1); ++ RETURN_STRING(errstr); + } + + +@@ -953,31 +915,19 @@ + // use a servername instead of a tree name as first argument + { + int res; /* fcn result code */ +- const char *servern, *objectn, *attributen; ++ char *servern, *objectn, *attributen; ++ size_t servern_len, objectn_len, attributen_len; + char errstr[512]; + +- int argc = ZEND_NUM_ARGS(); +- zval **server, **object, **attribute; +- +- if (argc != 3 || zend_get_parameters_ex(argc, &server, &object, &attribute)) { +- WRONG_PARAM_COUNT; ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss", &servern, &servern_len, ++ &objectn, &objectn_len, ++ &attributen, &attributen_len) == FAILURE) { ++ RETURN_THROWS(); + } + + sprintf(errstr, "Wrong parameters values"); +- if (!server || !object || !attribute) { +- RETURN_STRING(errstr,1); +- } +- +- convert_to_string_ex(server); +- convert_to_string_ex(object); +- convert_to_string_ex(attribute); +- +- servern = (*server)->value.str.val; +- objectn = (*object)->value.str.val; +- attributen = (*attribute)->value.str.val; +- + if (!servern || !objectn || !attributen) { +- RETURN_STRING(errstr,1); ++ RETURN_STRING(errstr); + } + sprintf(errstr, "failure"); + { +@@ -988,37 +938,28 @@ + sprintf(errstr, "%d", result); + } + } +- RETURN_STRING(errstr, 1); ++ RETURN_STRING(errstr); + } + + + PHP_FUNCTION(auth_bindery) + { + int res; /* fcn result code */ +- const char *servern, *usern, *sent_pw, *groupn; ++ char *servern, *usern, *sent_pw, *groupn; ++ size_t servern_len, usern_len, sent_pw_len, groupn_len; + char errstr[512]; + +- int argc = ZEND_NUM_ARGS(); +- zval **server, **user, **password, ** group; +- +- if (argc != 4 || zend_get_parameters_ex(argc, &server, &user, &password, &group)) { +- WRONG_PARAM_COUNT; ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss", &servern, &servern_len, ++ &usern, &usern_len, ++ &sent_pw, &sent_pw_len, ++ &groupn, &groupn_len) == FAILURE) { ++ RETURN_THROWS(); + } +- convert_to_string_ex(server); +- convert_to_string_ex(user); +- convert_to_string_ex(password); +- convert_to_string_ex(group); +- +- servern = (*server)->value.str.val; +- usern = (*user)->value.str.val; +- sent_pw = (*password)->value.str.val; +- groupn = (*group)->value.str.val; +- + /* do they know the magic word? */ + sprintf(errstr, "failure"); + res = bindery_auth(errstr, servern, usern, sent_pw, groupn ); + if (res) { +- RETURN_STRING(errstr,1); ++ RETURN_STRING(errstr); + } + RETURN_FALSE; + } +@@ -1026,64 +967,46 @@ + PHP_FUNCTION(auth_tree) + { + int res; /* fcn result code */ +- const char *servern, *ctxs,*usern, *sent_pw, *groupn; ++ char *servern, *ctxs,*usern, *sent_pw, *groupn; ++ size_t servern_len, ctxs_len, usern_len, sent_pw_len, groupn_len; + char errstr[512]; + char fqdn[MAX_DN_CHARS+5]; // to get 'DN=' plus the FQDN used +- int argc = ZEND_NUM_ARGS(); +- zval **server, **user, **contexts, **password, **group; + +- if (argc != 5 || zend_get_parameters_ex(argc, &server, &user, &contexts,&password, &group)) { +- WRONG_PARAM_COUNT; ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "sssss", &servern, &servern_len, ++ &usern, &usern_len, ++ &ctxs, &ctxs_len, ++ &sent_pw, &sent_pw_len, ++ &groupn, &groupn_len) == FAILURE) { ++ RETURN_THROWS(); + } +- convert_to_string_ex(server); +- convert_to_string_ex(user); +- convert_to_string_ex(contexts); +- convert_to_string_ex(password); +- convert_to_string_ex(group); +- +- servern = (*server)->value.str.val; +- usern = (*user)->value.str.val; +- ctxs = (*contexts)->value.str.val ; +- sent_pw = (*password)->value.str.val; +- groupn = (*group)->value.str.val; +- + /* do they know the magic word? */ + sprintf(errstr, "failure"); + strcpy(fqdn, "DN="); + res = tree_auth_fn(errstr, servern, usern, ctxs,sent_pw, groupn, fqdn + 3); + if (res) { +- RETURN_STRING(errstr, 1); ++ RETURN_STRING(errstr); + } +- RETURN_STRING(fqdn, 1); ++ RETURN_STRING(fqdn); + } + + PHP_FUNCTION(auth_nds) + { + int res; /* fcn result code */ +- const char *servern, *usern, *sent_pw, *groupn; ++ char *servern, *usern, *sent_pw, *groupn; ++ size_t servern_len, usern_len, sent_pw_len, groupn_len; + char errstr[512]; + +- int argc = ZEND_NUM_ARGS(); +- zval **server, **user, **password, **group; +- +- if (argc != 4 || zend_get_parameters_ex(argc, &server, &user, &password, &group)) { +- WRONG_PARAM_COUNT; ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss", &servern, &servern_len, ++ &usern, &usern_len, ++ &sent_pw, &sent_pw_len, ++ &groupn, &groupn_len) == FAILURE) { ++ RETURN_THROWS(); + } +- convert_to_string_ex(server); +- convert_to_string_ex(user); +- convert_to_string_ex(password); +- convert_to_string_ex(group); +- +- servern = (*server)->value.str.val; +- usern = (*user)->value.str.val; +- sent_pw = (*password)->value.str.val; +- groupn = (*group)->value.str.val; +- + /* do they know the magic word? */ + sprintf(errstr, "failure"); + res = nds_auth_fn(errstr, servern, usern, sent_pw, groupn); + if (res) { +- RETURN_STRING(errstr,1); ++ RETURN_STRING(errstr); + } + RETURN_FALSE; + } diff --git a/net-fs/ncpfs/files/php_auth_nds.fixed.c b/net-fs/ncpfs/files/php_auth_nds.fixed.c new file mode 100644 index 00000000..6eaff239 --- /dev/null +++ b/net-fs/ncpfs/files/php_auth_nds.fixed.c @@ -0,0 +1,1057 @@ +/* + php_auth_nds.c - User verification for ncpfs + Copyright (C) 2000, 2001 Petr Vandrovec + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + + Revision history: + + 1.00 2000, September 30 Petr Vandrovec + Initial revision, used on dialog.cvut.cz. + + 1.01 2001, January 10 Petr Vandrovec + Further polishing, used on cdonline.cvut.cz. + + 1.01 2001, February 19 Petr Vandrovec + Added license, polished for release, added sample code. + + 1.02 2001, March 25 Patrick Pollet + Added some NWDSFreeContext in case of errors + Added group parameter (NDS name or bindery) + + 1.03 2001, March 28 Patrick Pollet + Added NDS reading attribute functions + string read_nds_string (tree, object, attribute) + string read_nds_num (tree, object, attribute) + + 1.04 2001, October 27 Patrick Pollet + Added nds_tree_auth allowing a tree name and a list of context + to be searched + Simplified code by adding internal CreateCtx and CreateCtxAndConn + (called by all NDS related functions) + + 1.05 2002, May 17 Patrick Pollet + Added contextless login when authenticating to NDS tree + + 1.06 2003, Feb 20 Patrick Pollet + Use NWCCOpenConnByName instead of ncp_open in nds_auth_fn + (auth against a NDS server) + Corrected the code of nds_read_int_fn that **was** returning + the value converted to string (!) so boolean returned + true/false and time stamp were converted to localized + time... Now it return the numeric value (still in a PHP + string). + + 1.07 2003, July 22 Patrick Pollet + Added read_nds_string2 and read_nds_int2 to fetch NDS data against + a server in a pure IP environnment where NWCXAttachTotreeByName + usually fails with err 0x8847 + */ + +/* + +Original example: + +Expects uid as username, srv as server name and pwd as password. If server name +is FDNET or ST, it uses NDS username $uid.FADOP resp. $uid.STUDENT.CVUT-FSV. For +other servers it uses simple bindery login... If password verification passes, +$ss_username and $valid_user are set to $srv/$uid - you can use session_register +on one of them. + +if ($HTTP_POST_VARS["uid"] == "") + break; +if ($HTTP_POST_VARS["srv"] == "") { + $auth_err = "Wrong URL"; +} else if ($HTTP_POST_VARS["pwd"] == "") { + $auth_err = "Invalid password"; +} else { + $uu = strtoupper($HTTP_POST_VARS["uid"]); + if ($HTTP_POST_VARS["srv"] == "FDNET") { + $auth_err = auth_nds($HTTP_POST_VARS["srv"], $uu . ".FADOP", strtoupper($HTTP_POST_VARS["pwd"])); + } else if ($HTTP_POST_VARS["srv"] == "ST") { + $auth_err = auth_nds($HTTP_POST_VARS["srv"], $uu . ".STUDENT.CVUT-FSV", strtoupper($HTTP_POST_VARS["pwd"])); + } else { + $auth_err = auth_bindery($HTTP_POST_VARS["srv"], $uu, $HTTP_POST_VARS["pwd"]); + } + if ($auth_err == "") { + $valid_user = $HTTP_POST_VARS["srv"] . "/" . $uu; + $ss_username = $valid_user; + } +} + +for more examples see /contrib/php/site +*/ + + +//#include "config.h" +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#define _(X) gettext(X) + +static int is_member_of_group_bind( char* errstr,NWCONN_HANDLE conn,const char* user,const char* group) { + int err; + + err = NWIsObjectInSet(conn, user, NCP_BINDERY_USER, "GROUPS_I'M_IN", group, NCP_BINDERY_UGROUP); + if (!err) { + err= NWIsObjectInSet(conn, group, NCP_BINDERY_UGROUP, "GROUP_MEMBERS", user, NCP_BINDERY_USER); + if (!err) + return 0; + else { + sprintf(errstr, "inconsistent bindery database for user %s and group %s: %s", + user, group, strnwerror(err)); + } + } else { + sprintf (errstr,"user %s is not member of %s: %s", user, group, strnwerror(err)); + } + return -1; +} + +static int is_member_of_group_nds( char* errstr,NWDSContextHandle ctx,NWCONN_HANDLE conn,NWObjectID oid,const char* group) { + int eval = 0; + Buf_T* buf=NULL; + NWDSCCODE dserr; + nbool8 match; + + dserr = NWDSAllocBuf(DEFAULT_MESSAGE_LEN, &buf); + if (dserr) { + sprintf(errstr, "NWDSAllocBuf() failed with %s\n", strnwerror(dserr)); + eval = 120; + goto bailout; + } + dserr = NWDSInitBuf(ctx, DSV_COMPARE, buf); + if (dserr) { + sprintf(errstr, "NWDSInitBuf() failed with %s\n", strnwerror(dserr)); + eval = 121; + goto bailout; + } + dserr = NWDSPutAttrName(ctx, buf, "Group Membership"); + if (dserr) { + sprintf(errstr, "NWDSPutAttrName() failed with %s\n", strnwerror(dserr)); + eval = 122; + goto bailout; + } + dserr = NWDSPutAttrVal(ctx, buf, SYN_DIST_NAME, group); + if (dserr) { + sprintf(errstr, "NWDSPutAttrVal() failed with %s\n", strnwerror(dserr)); + eval = 123; + goto bailout; + } + dserr = __NWDSCompare(ctx, conn, oid, buf, &match); + if (dserr) { + sprintf(errstr, "__NWDSCompare() failed with %s(oid=%x)\n", strnwerror(dserr), oid); + eval = 124; + goto bailout; + } + if (!match) { + sprintf(errstr, "Not member of NDS group %s\n", group); + eval=125; + } +bailout: + if (buf) + NWDSFreeBuf(buf); + return eval; +} + +/* internal; called by all functions requiring a context */ +static int _createCtx ( char * errstr, NWDSContextHandle *ctx) { + + NWDSCCODE dserr; + u_int32_t ctxflag = 0; + u_int32_t confidence = 0; + int eval = 0; + + dserr = NWDSCreateContextHandle(ctx); + if (dserr) { + sprintf(errstr, "NWDSCreateContextHandle failed with %s\n", strnwerror(dserr)); + return 100; + } + + ctxflag = DCV_XLATE_STRINGS | DCV_DEREF_ALIASES | DCV_TYPELESS_NAMES; + + dserr = NWDSSetContext(*ctx, DCK_FLAGS, &ctxflag); + if (dserr) { + sprintf(errstr, "NWDSSetContext(DCK_FLAGS) failed: %s\n", strnwerror(dserr)); + eval=101; + goto bailout; + } + dserr = NWDSSetContext(*ctx, DCK_NAME_CONTEXT, ""); + if (dserr) { + sprintf(errstr, "NWDSSetContext(DCK_NAME_CONTEXT) failed: %s\n",strnwerror(dserr)); + eval=102; + goto bailout; + } + dserr = NWDSSetContext(*ctx, DCK_CONFIDENCE, &confidence); + if (dserr) { + sprintf(errstr, "NWDSSetContext(DCK_CONFIDENCE) failed: %s\n",strnwerror(dserr)); + eval=103; + goto bailout; + } + /* success */ + return 0; + /*failure */ +bailout: + dserr = NWDSFreeContext(*ctx); + if (dserr) { + sprintf(errstr, "NWDSFreeContext failed with %s\n", strnwerror(dserr)); + eval=105; + } + return eval; +} + +/* internnal; called by all functions requiring a connection to a tree */ +static int _createCtxAndConn (char * errstr, const char* treename, NWDSContextHandle *ctx, NWCONN_HANDLE *conn) { + + NWDSCCODE dserr; + int eval = 0; + + eval=_createCtx (errstr,ctx); + if (eval) + return eval; + dserr= NWCXAttachToTreeByName(conn, treename); + if (dserr) { + sprintf(errstr, "NWCXAttachToTreeByName failed with %s\n", strnwerror(dserr)); + eval =99; + goto bailout; + } + + dserr = NWDSAddConnection(*ctx, *conn); + if (dserr) { + sprintf(errstr, "Cannot bind connection to context: %s\n",strnwerror(dserr)); + eval=104; + goto bailout; + } + /* success */ + //sprintf (errstr,"tout va bien\n"); + return 0; + /*failure */ +bailout: + if (conn) NWCCCloseConn(*conn); + dserr = NWDSFreeContext(*ctx); + if (dserr) { + sprintf(errstr, "NWDSFreeContext failed with %s\n", strnwerror(dserr)); + eval=105; + } + return eval; +} + + + +static int bindery_auth (char* errstr, const char* server, const char* user, const char* pwd, + const char * group) +{ + struct ncp_conn *conn; + struct ncp_conn_spec spec; + long err; + char upperpw[256]; + int i; + + if (strlen(pwd) > 255) { + sprintf(errstr, "Specified password is too long"); + return 1; + } + for (i = 0; pwd[i]; i++) { + upperpw[i] = toupper(pwd[i]); + } + upperpw[i] = 0; + spec.uid = ~0; /* ensure that ncp_open will not use permanent connection */ + spec.server[0] = 0; + spec.user[0] = 0; + strcpy(spec.server, server); + + if ((conn = ncp_open(&spec, &err)) == NULL) { + sprintf(errstr, "Cannot connect to server: %s", strnwerror(err)); + return 1; + } +/* useless code ??? + { + NWCONN_NUM num; + err=NWGetConnectionNumber(conn, &num); + } +*/ + /* Bindery authorization */ + err = NWVerifyObjectPassword(conn, user, OT_USER, upperpw); + + if (err) { + sprintf(errstr, "Wrong credentials: %s", strnwerror(err)); + + }else { + if (group[0]) { + err=is_member_of_group_bind(errstr,conn,user,group); + } + } + NWCCCloseConn(conn); + return err; +} + + +/* authenticate to a NDS server */ +static int nds_auth_fn(char* errstr, const char* server, const char* objectname, const char* pwd, + const char * group) +{ + NWDSCCODE dserr; + NWDSContextHandle ctx=NULL; + NWCONN_HANDLE conn=NULL; + int eval = 0; + NWObjectID oid; + + eval=_createCtx (errstr,&ctx); + if (eval) + return eval; + + if (server[0] == '/') { + dserr = ncp_open_mount(server, &conn); + if (dserr) { + sprintf(errstr, "ncp_open_mount failed with %s\n", strnwerror(dserr)); + eval=104; + goto bailout; + } + } else { + dserr = NWCCOpenConnByName(NULL,server, NWCC_NAME_FORMAT_BIND, 0, 0, &conn); + if (dserr) { + sprintf(errstr, "ncp_open failed with %s\n",strnwerror(dserr)); + eval=105; + goto bailout; + } + } + dserr = NWDSAddConnection(ctx, conn); + if (dserr) { + sprintf(errstr, "Cannot bind connection to context: %s\n",strnwerror(dserr)); + eval=106; + goto bailout; + } + + dserr = NWDSVerifyObjectPassword(ctx, NDS_PASSWORD, objectname, pwd); + if (dserr) { + sprintf(errstr, "Verify password failed: %s\n", + strnwerror(dserr)); + eval = 110; + + } else { + if (group[0]) { + dserr=NWDSMapNameToID(ctx, conn,objectname,&oid); + if (dserr) { + sprintf(errstr, "%s when retrieving object ID\n", strnwerror(dserr)); + eval =119; + goto bailout; + } + eval=is_member_of_group_nds(errstr,ctx,conn,oid,group); + } + } +bailout: + + if (conn) NWCCCloseConn(conn); + if (ctx) { + dserr = NWDSFreeContext(ctx); + if (dserr) { + sprintf(errstr, "NWDSFreeContext failed with %s\n", strnwerror(dserr)); + eval=111; + } + } + return eval; +} + + +// this code was contributed by Jean Francois Burdet +// in the pam authentication module +// to implement a contextless login if a list of context to serach is not provided in the command line +// ported to this php module by PP +// ctx and a conn have been set by caller and conn added to ctx +static NWDSCCODE nw_ctx_search( + char * errstr, + NWDSContextHandle context, + const char * user_cn, + char * contexts, + size_t maxsize) { + + NWDSCCODE ccode; + nuint32 iterationHandle = NO_MORE_ITERATIONS; + nint32 countObjectsSearched; + nuint32 objCntr; + nuint32 objCount; + char objectName[MAX_DN_CHARS+1]; + size_t ctxp=0; + int cnt=0; + + + // buffers + pBuf_T searchFilter=NULL; // search filter + pBuf_T retBuf=NULL; // result buffer for NWDSSearch + Filter_Cursor_T* cur=NULL; // search expression tree temporary buffer + + + + if (!contexts || maxsize < MAX_DN_CHARS+1) + return EINVAL; + + /******************************************************************* + In order to search, we need: + A Filter Cursor (to build the search expression) + A Filter Buffer (to store the expression; used by NWDSSearch) + A Buffer to store which attributes we need information on + A Result Buffer (to store the search results) + */ + + /******************************************************************* + ** Allocate Filter buffer and Cursor and populate + */ + ccode = NWDSAllocBuf(DEFAULT_MESSAGE_LEN,&searchFilter); + if (ccode ) { + sprintf(errstr,"nw_ctx_search:NWDSAllocBuf returned: %d\n", ccode); + goto Exit4; + } + + // Initialize the searchFilter buffer + ccode = NWDSInitBuf(context,DSV_SEARCH_FILTER,searchFilter); + if (ccode) { + sprintf(errstr,"nw_ctx_search:NWDSInitBuf returned: %d\n", ccode); + goto Exit4; + } + + // Allocate a filter cursor to put the search expression + ccode = NWDSAllocFilter(&cur); + if (ccode) { + sprintf(errstr,"nw_ctx_search:NWDSAllocFilter returned: %d\n", ccode); + goto Exit4; + } + + // Build the expression tree in cur, then place into searchFilter + // Object Class = User AND CN = user_cn + ccode = NWDSAddFilterToken(cur,FTOK_ANAME,"Object Class",SYN_CLASS_NAME); + ccode = NWDSAddFilterToken(cur,FTOK_EQ,NULL,0); + ccode = NWDSAddFilterToken(cur,FTOK_AVAL,"User",SYN_CLASS_NAME); + ccode = NWDSAddFilterToken(cur,FTOK_AND,NULL,0); + ccode = NWDSAddFilterToken(cur,FTOK_ANAME,"CN",SYN_CI_STRING); + ccode = NWDSAddFilterToken(cur,FTOK_EQ,NULL,0); + ccode = NWDSAddFilterToken(cur,FTOK_AVAL,(char *)user_cn,SYN_CI_STRING); + ccode = NWDSAddFilterToken(cur,FTOK_END,NULL,0); + + ccode = NWDSPutFilter(context,searchFilter,cur,NULL); + if (ccode ) { + sprintf(errstr,"nw_ctx_search:NWDSPutFilter returned: %d\n", ccode); + goto Exit4; + } + else + cur=NULL; + + + ccode = NWDSAllocBuf(DEFAULT_MESSAGE_LEN,&retBuf); + if (ccode ) { + sprintf(errstr,"nw_ctx_search:NWDSAllocBuf returned: %d\n", ccode); + goto Exit4; + } + + iterationHandle = NO_MORE_ITERATIONS; + ctxp = 0; + //syslog(LOG_NOTICE, "debut de recherche\n"); + // while NWDSSearch still can get some objects... + do { + + ccode = NWDSSearch(context, + "[Root]", + DS_SEARCH_SUBTREE, + 0, // don't dereference aliases + searchFilter, + 0, // we want attributes and values + 0, // only want information in attrNames + NULL, + &iterationHandle, + 0, // reserved + &countObjectsSearched, + retBuf); + if (ccode) { + sprintf(errstr,"nw_ctx_search:NWDSSearch returned: %s\n", strnwerror(ccode)); + goto Exit4; + } + syslog(LOG_NOTICE, "passe de recherche %d \n",cnt); + // count the object returned in the buffer + ccode = NWDSGetObjectCount(context,retBuf,&objCount); + if (ccode) { + sprintf(errstr,"nw_ctx_search:NWDSGetObjectCount returned: %d\n", ccode); + goto Exit4; + } + + // for the number of objects returned... + syslog(LOG_NOTICE, "trouvé %d \n",objCount); + + for (objCntr=0;objCntr= maxsize) { + break; + } + if (ctxp) { + *contexts++ = ','; + maxsize--; + } + memcpy(contexts, p + 1, ln); + contexts += ln; + maxsize -= ln; + ctxp = 1; + } // objCntr + } while (iterationHandle != NO_MORE_ITERATIONS); + if (iterationHandle != NO_MORE_ITERATIONS) { + // let's keep the final dserr as the 'out of memory error' from ptr->getval() + NWDSCloseIteration(context, DSV_SEARCH_FILTER, iterationHandle); + } + //lets remove trailing ',' + if (ctxp) + *contexts = 0; + else { + ccode=109; // not found... + sprintf(errstr,"Failure of contextless login: unknown user"); + + } + +Exit4: + if (retBuf) + NWDSFreeBuf(retBuf); + if (cur) + NWDSFreeFilter(cur, NULL); + if (searchFilter) + NWDSFreeBuf(searchFilter); + syslog(LOG_NOTICE, "fin de ctxless login err= %d :%s\n",ccode,contexts); + return ccode; + +} + + +/* authenticate to a NDS tree and return FQDN of found user */ +static int tree_auth_fn(char* errstr, const char* treename, const char* objectname, const char* contexts,const char* pwd, + const char * group, char * fqdn) +{ + NWDSCCODE dserr; + NWDSContextHandle ctx=NULL; + NWCONN_HANDLE conn=NULL; + int eval = 0; + const char * ctxStart; + const char* ctxEnd; + NWObjectID oid; + char ctxbuf[4096]; // buffer to hold possible matches in a contexless login + + eval=_createCtxAndConn (errstr,treename, &ctx, &conn); + if (eval) + return eval; + openlog("pph_ncp_auth", LOG_PID, LOG_AUTHPRIV); + if (!contexts[0]) { + //if (!contexts) { + ctxbuf[0]=0; + if (nw_ctx_search(errstr,ctx,objectname,ctxbuf,sizeof(ctxbuf))) { + eval =109; + goto bailout; + } + ctxStart=ctxbuf; + } + else + ctxStart=contexts; + + /* scan the search contexts list */ + + syslog(LOG_NOTICE, "début de recherche %s :%s\n",ctxStart,contexts); + do { + strcpy(fqdn,objectname); + if (ctxStart) { + char ctxBuffer[MAX_DN_CHARS]; + strcat(fqdn,"."); + ctxEnd=strchr(ctxStart,','); + if (ctxEnd) { + memcpy(ctxBuffer,ctxStart,ctxEnd - ctxStart); + ctxBuffer[ctxEnd-ctxStart]=0; + ctxEnd++; + strcat(fqdn,ctxBuffer); + } else + strcat(fqdn,ctxStart); + ctxStart=ctxEnd; + } + eval=109; // don't forget to reset it !!!! + + dserr=NWDSMapNameToID(ctx,conn,fqdn,&oid); + //dserr=0; + syslog(LOG_NOTICE, "essai avec %s %x %d\n",fqdn,oid,dserr); + if (!dserr) { //found a matching user + dserr = NWDSVerifyObjectPassword(ctx, NDS_PASSWORD, fqdn, pwd); + if (dserr) { //password makes the difference + syslog(LOG_NOTICE,"Verify password failed: %s\n", strnwerror(dserr)); + sprintf(errstr, "Verify password failed: %s\n", strnwerror(dserr)); + eval = 110; + } else { + eval=0; // got him + break; + } + } + } while (ctxStart); + + if (!dserr) { + if (group[0]) + eval=is_member_of_group_nds(errstr,ctx,conn,oid,group); + + } +bailout: + NWCCCloseConn(conn); + dserr = NWDSFreeContext(ctx); + if (dserr) { + sprintf(errstr, "NWDSFreeContext failed with %s\n", strnwerror(dserr)); + eval=111; + } + closelog(); + return eval; +} + + +static int nds_read_string_fn(char* errstr, const char* treename, const char* objectname, const char* attrname, char** buffer) { +/* return single or multi string attributes */ + NWDSCCODE dserr; + NWDSContextHandle ctx=NULL; + NWCONN_HANDLE conn=NULL; + int eval = 0; + + if (!treename || !objectname || !attrname ) { + sprintf (errstr," invalid parameters."); + return 98; + } + eval=_createCtxAndConn (errstr,treename, &ctx, &conn); + if (eval) + return eval; + + dserr= NWCXGetMultiStringAttributeValue (ctx,objectname,attrname,buffer); + if (dserr) { + sprintf(errstr, "NWCXGetAttribute failed : %s\n",strnwerror(dserr)); + eval=106; + } + NWCCCloseConn(conn); + dserr = NWDSFreeContext(ctx); + if (dserr) { + sprintf(errstr, "NWDSFreeContext failed with %s\n", strnwerror(dserr)); + eval=107; + } + return eval; +} + + +static int nds_read_string_fn2(char* errstr, const char* servername, const char* objectname, const char* attrname, char** buffer) { +/* return single or multi string attributes using a servername instead of a treename*/ + + NWDSCCODE dserr; + NWDSContextHandle ctx=NULL; + NWCONN_HANDLE conn=NULL; + int eval = 0; + + if (!servername || !objectname || !attrname ) { + sprintf (errstr," invalid parameters."); + return 98; + } + + eval=_createCtx (errstr,&ctx); + if (eval) + return eval; + + if (servername[0] == '/') { + dserr = ncp_open_mount(servername, &conn); + if (dserr) { + sprintf(errstr, "ncp_open_mount failed with %s\n", strnwerror(dserr)); + eval=104; + goto bailout; + } + } else { + dserr = NWCCOpenConnByName(NULL,servername, NWCC_NAME_FORMAT_BIND, 0, 0, &conn); + if (dserr) { + sprintf(errstr, "ncp_open failed with %s\n",strnwerror(dserr)); + eval=105; + goto bailout; + } + } + dserr = NWDSAddConnection(ctx, conn); + if (dserr) { + sprintf(errstr, "Cannot bind connection to context: %s\n",strnwerror(dserr)); + eval=106; + goto bailout; + } + + + dserr= NWCXGetMultiStringAttributeValue (ctx,objectname,attrname,buffer); + if (dserr) { + sprintf(errstr, "NWCXGetAttribute failed : %s\n",strnwerror(dserr)); + eval=106; + } +bailout: + if (conn) NWCCCloseConn(conn); + if (ctx) { + dserr = NWDSFreeContext(ctx); + if (dserr) { + sprintf(errstr, "NWDSFreeContext failed with %s\n", strnwerror(dserr)); + eval=107; + } + } + return eval; +} + + +static int nds_read_int_fn(char* errstr, const char* treename, const char* objectname, const char* attrname, int* result) { +/* return single numeric NDS (include time and boolean attributes)*/ + + NWDSCCODE dserr; + NWDSContextHandle ctx=NULL; + NWCONN_HANDLE conn=NULL; + int eval = 0; + + if (!treename || !objectname || !attrname ) { + sprintf (errstr," invalid parameters."); + return 98; + } + + eval=_createCtxAndConn (errstr,treename, &ctx, &conn); + if (eval) + return eval; + + dserr=NWCXGetIntAttributeValue (ctx,objectname,attrname,result); + if (dserr) { + sprintf(errstr, "NWCXGetAttribute failed : %s\n",strnwerror(dserr)); + eval=106; + } + NWCCCloseConn(conn); + dserr = NWDSFreeContext(ctx); + if (dserr) { + sprintf(errstr, "NWDSFreeContext failed with %s\n", strnwerror(dserr)); + eval=107; + } + return eval; +} + +static int nds_read_int_fn2(char* errstr, const char* servername, const char* objectname, const char* attrname,int* result) +{ +/* return single numeric NDS (include time and boolean attributes)*/ + NWDSCCODE dserr; + NWDSContextHandle ctx=NULL; + NWCONN_HANDLE conn=NULL; + int eval = 0; + + if (!servername || !objectname || !attrname ) { + sprintf (errstr," invalid parameters."); + return 98; + } + + eval=_createCtx (errstr,&ctx); + if (eval) + return eval; + + if (servername[0] == '/') { + dserr = ncp_open_mount(servername, &conn); + if (dserr) { + sprintf(errstr, "ncp_open_mount failed with %s\n", strnwerror(dserr)); + eval=104; + goto bailout; + } + } else { + dserr = NWCCOpenConnByName(NULL,servername, NWCC_NAME_FORMAT_BIND, 0, 0, &conn); + if (dserr) { + sprintf(errstr, "ncp_open failed with %s\n",strnwerror(dserr)); + eval=105; + goto bailout; + } + } + dserr = NWDSAddConnection(ctx, conn); + if (dserr) { + sprintf(errstr, "Cannot bind connection to context: %s\n",strnwerror(dserr)); + eval=106; + goto bailout; + } + + dserr=NWCXGetIntAttributeValue(ctx, objectname, attrname, result); + if (dserr) { + sprintf(errstr, "NWCXGetAttribute failed : %s\n",strnwerror(dserr)); + eval=106; + } + +bailout: + if (conn) NWCCCloseConn(conn); + if (ctx) { + dserr = NWDSFreeContext(ctx); + if (dserr) { + sprintf(errstr, "NWDSFreeContext failed with %s\n", strnwerror(dserr)); + eval=107; + } + } + return eval; + +} + + +PHP_FUNCTION (read_nds_string) +{ + int res; /* fcn result code */ + char *treen, *objectn, *attributen; + size_t treen_len, objectn_len, attributen_len; + char errstr[512]; + char local_buffer [8192]; + char * buffer; // returned by NWCXGetMultiStringAttributeValue + + if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss", &treen, &treen_len, + &objectn, &objectn_len, + &attributen, &attributen_len) == FAILURE) { + RETURN_THROWS(); + } + + sprintf(errstr, "Wrong parameters values"); + if (!treen || !objectn || !attributen) { + RETURN_STRING(errstr); + } + + sprintf(errstr, "failure"); + res=nds_read_string_fn(errstr,treen,objectn,attributen,&buffer); + if (res) { + RETURN_STRING(errstr); + } + if (strlen(buffer) >=sizeof(local_buffer)) { + buffer[sizeof(local_buffer)-1]=0; + } + strcpy(local_buffer,buffer); + free(buffer); + RETURN_STRING(local_buffer); + +} + +PHP_FUNCTION (read_nds_string2) +//use a servername instaed of a tree name +{ + int res; /* fcn result code */ + char *servern, *objectn, *attributen; + size_t servern_len, objectn_len, attributen_len; + char errstr[512]; + char local_buffer [8192]; + char * buffer; // returned by NWCXGetMultiStringAttributeValue + + if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss", &servern, &servern_len, + &objectn, &objectn_len, + &attributen, &attributen_len) == FAILURE) { + RETURN_THROWS(); + } + + sprintf(errstr, "Wrong parameters values"); + if (!servern || !objectn || !attributen) { + RETURN_STRING(errstr); + } + + sprintf(errstr, "failure"); + res=nds_read_string_fn2(errstr,servern,objectn,attributen,&buffer); + if (res) { + RETURN_STRING(errstr); + } + if (strlen(buffer) >=sizeof(local_buffer)) { + buffer[sizeof(local_buffer)-1]=0; + } + strcpy(local_buffer,buffer); + free(buffer); + RETURN_STRING(local_buffer); + +} + +PHP_FUNCTION (read_nds_int) +{ + int res; /* fcn result code */ + char *treen, *objectn, *attributen; + size_t treen_len, objectn_len, attributen_len; + char errstr[512]; + + if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss", &treen, &treen_len, + &objectn, &objectn_len, + &attributen, &attributen_len) == FAILURE) { + RETURN_THROWS(); + } + + sprintf(errstr, "Wrong parameters values"); + if (!treen || !objectn || !attributen) { + RETURN_STRING(errstr); + } + sprintf(errstr, "failure"); + { + int result; + res = nds_read_int_fn(errstr, treen, objectn, attributen, &result); + if (!res) { + sprintf(errstr, "%d", result); + } + } + RETURN_STRING(errstr); +} + + +PHP_FUNCTION (read_nds_int2) +// use a servername instead of a tree name as first argument +{ + int res; /* fcn result code */ + char *servern, *objectn, *attributen; + size_t servern_len, objectn_len, attributen_len; + char errstr[512]; + + if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss", &servern, &servern_len, + &objectn, &objectn_len, + &attributen, &attributen_len) == FAILURE) { + RETURN_THROWS(); + } + + sprintf(errstr, "Wrong parameters values"); + if (!servern || !objectn || !attributen) { + RETURN_STRING(errstr); + } + sprintf(errstr, "failure"); + { + int result; + + res = nds_read_int_fn2(errstr, servern, objectn, attributen, &result); + if (!res) { + sprintf(errstr, "%d", result); + } + } + RETURN_STRING(errstr); +} + + +PHP_FUNCTION(auth_bindery) +{ + int res; /* fcn result code */ + char *servern, *usern, *sent_pw, *groupn; + size_t servern_len, usern_len, sent_pw_len, groupn_len; + char errstr[512]; + + if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss", &servern, &servern_len, + &usern, &usern_len, + &sent_pw, &sent_pw_len, + &groupn, &groupn_len) == FAILURE) { + RETURN_THROWS(); + } + /* do they know the magic word? */ + sprintf(errstr, "failure"); + res = bindery_auth(errstr, servern, usern, sent_pw, groupn ); + if (res) { + RETURN_STRING(errstr); + } + RETURN_FALSE; +} + +PHP_FUNCTION(auth_tree) +{ + int res; /* fcn result code */ + char *servern, *ctxs,*usern, *sent_pw, *groupn; + size_t servern_len, ctxs_len, usern_len, sent_pw_len, groupn_len; + char errstr[512]; + char fqdn[MAX_DN_CHARS+5]; // to get 'DN=' plus the FQDN used + + if (zend_parse_parameters(ZEND_NUM_ARGS(), "sssss", &servern, &servern_len, + &usern, &usern_len, + &ctxs, &ctxs_len, + &sent_pw, &sent_pw_len, + &groupn, &groupn_len) == FAILURE) { + RETURN_THROWS(); + } + /* do they know the magic word? */ + sprintf(errstr, "failure"); + strcpy(fqdn, "DN="); + res = tree_auth_fn(errstr, servern, usern, ctxs,sent_pw, groupn, fqdn + 3); + if (res) { + RETURN_STRING(errstr); + } + RETURN_STRING(fqdn); +} + +PHP_FUNCTION(auth_nds) +{ + int res; /* fcn result code */ + char *servern, *usern, *sent_pw, *groupn; + size_t servern_len, usern_len, sent_pw_len, groupn_len; + char errstr[512]; + + if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssss", &servern, &servern_len, + &usern, &usern_len, + &sent_pw, &sent_pw_len, + &groupn, &groupn_len) == FAILURE) { + RETURN_THROWS(); + } + /* do they know the magic word? */ + sprintf(errstr, "failure"); + res = nds_auth_fn(errstr, servern, usern, sent_pw, groupn); + if (res) { + RETURN_STRING(errstr); + } + RETURN_FALSE; +} + + +PHP_MINIT_FUNCTION(auth_nds) +{ + return SUCCESS; +} + +PHP_MINFO_FUNCTION(auth_nds) +{ + php_info_print_table_start(); + php_info_print_table_row(3, "NDS/Bindery authentication support", "enabled", "(c) 2000-2001 by P.Vandrovec and P.Pollet"); + php_info_print_table_row(3, "NDS reading properties support", "enabled", "(c) 2001 by P.Pollet"); + php_info_print_table_end(); +} + +static zend_function_entry auth_nds_functions[] = { + PHP_FE(auth_bindery, NULL) + PHP_FE(auth_nds, NULL) + PHP_FE(auth_tree, NULL) + PHP_FE(read_nds_string, NULL) + PHP_FE(read_nds_int, NULL) + PHP_FE(read_nds_string2, NULL) + PHP_FE(read_nds_int2, NULL) + {NULL, NULL, NULL} +}; + +zend_module_entry auth_nds_module_entry = { +#if ZEND_MODULE_API_NO >= 20010901 + STANDARD_MODULE_HEADER, +#endif + "auth_nds", + auth_nds_functions, + PHP_MINIT(auth_nds), + NULL, + NULL, + NULL, + PHP_MINFO(auth_nds), +#if ZEND_MODULE_API_NO >= 20010901 + NCPFS_VERSION, /* extension version number (string) */ +#endif + STANDARD_MODULE_PROPERTIES +}; + +ZEND_GET_MODULE(auth_nds) + diff --git a/net-fs/ncpfs/ncpfs-2.2.6-r5.ebuild b/net-fs/ncpfs/ncpfs-2.2.6-r5.ebuild index 23535ce5..0a040efb 100644 --- a/net-fs/ncpfs/ncpfs-2.2.6-r5.ebuild +++ b/net-fs/ncpfs/ncpfs-2.2.6-r5.ebuild @@ -13,11 +13,12 @@ SRC_URI="ftp://platan.vc.cvut.cz/pub/linux/${PN}/${P}.tar.gz LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~mips ~ppc ~ppc64 ~x86" -IUSE="nls pam" +IUSE="nls pam php" DEPEND=" nls? ( sys-devel/gettext ) - pam? ( sys-libs/pam )" + pam? ( sys-libs/pam ) + php? ( dev-lang/php:* )" RDEPEND="${DEPEND} net-fs/ncpfs-modules @@ -64,6 +65,11 @@ PATCHES=( "${FILESDIR}"/${P}-usr-merge.patch "${FILESDIR}"/${P}-fix-build-with-gcc14.patch + + "${FILESDIR}"/${P}-php5x.patch + + "${FILESDIR}"/php_auth_nds-php8.patch + "${FILESDIR}"/${P}-php-install-root.patch ) DOCS=( FAQ README ) @@ -82,16 +88,25 @@ src_configure() { --prefix="${EPREFIX}/usr" \ $(use_enable nls) \ $(use_enable pam pam "$(getpam_mod_dir)") \ - --disable-php \ - --disable-ipx-tools + $(use_enable php) \ + --disable-ipx-tools \ + --enable-ipx } src_install() { dodir $(getpam_mod_dir) /usr/sbin # Install main software and headers. - emake DESTDIR="${D}" install - emake DESTDIR="${D}" install-dev + emake DESTDIR="${D}" INSTALL_ROOT="${D}" install + emake DESTDIR="${D}" INSTALL_ROOT="${D}" install-dev einstalldocs } + +pkg_postinst() { + if use php; then + elog "The bundled PHP extension php_auth_nds was built and installed." + elog "Make sure the matching PHP slot is installed and selected so that" + elog "the built module path matches your active php-config." + fi +}