Okay, problem fixed:
1) cd /usr/{ports,pkgsrc}/{net/php5-ldap,databases/php-ldap} on
{Free,Net}BSD respectively
2) sudo make configure
3) sudo vim
On FreeBSD
work/php-5.0.4/ext/ldap/config.h or..
work/php-4.4.0/ext/ldap/config.h
on NetBSD:
work/php-5.0.4/ext/ldap/config.h
4) Change:
/* Define to 1 if you have the `ldap_start_tls_s' function. */
/* #undef HAVE_LDAP_START_TLS_S */
To:
#define HAVE_LDAP_START_TLS_S 1
5) sudo make install
6) carry on pretending that your employee data is secure
$ cat ~/public_html/testtls.php
<?
if (function_exists('ldap_start_tls'))
echo "I see it!\n";
?>
[0] seklecki@blah:/$ php ~/public_html/testtls.php
I see it!
7) ...sit around on your day off and try to determine how the following
piece of code from configure.sh was [ever] supposed to determine if
ldap_start_tls_s() was a valid function w/o including arguments
-I/usr/local/include, -L/usr/local/lib to gcc(1) or #including ldap.h or
lber.h, and wonder who is responsible >:}
*cough*
http://chora.php.net/diff.php/php-src/ext/ldap/config.m4?php=3c934ff67902f7c5ce419c901b82c77e&r1=1.23&r2=1.24&ty=h&num=10
*cough* ... 8-) ...i dunno, maybe it "just works(r)" on Linux >:}
| /* confdefs.h. */
|
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define COMPILE_DL_LDAP 1
| #define HAVE_LDAP 1
| #define HAVE_3ARG_SETREBINDPROC 1
| /* end confdefs.h. */
| /* Define ldap_start_tls_s to an innocuous variant, in case <limits.h>
declares ldap_start_tls_s.
| For example, HP-UX 11i <limits.h> declares gettimeofday. */
| #define ldap_start_tls_s innocuous_ldap_start_tls_s
| /* System header to define __stub macros and hopefully few prototypes,
| which can conflict with char ldap_start_tls_s (); below.
| Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
| <limits.h> exists even on freestanding compilers. */
|
| #ifdef __STDC__
| # include <limits.h>
| #else
| # include <assert.h>
| #endif
|
| #undef ldap_start_tls_s
|
| /* Override any gcc2 internal prototype to avoid an error. */
| #ifdef __cplusplus
| extern "C"
| {
| #endif
| /* We use char because int might match the return type of a gcc2
| builtin and then its argument prototype would still apply. */
| char ldap_start_tls_s ();
| /* The GNU C library defines this for functions which it implements
| to always fail with ENOSYS. Some functions are actually named
| something starting with __ and the normal name is an alias. */
| #if defined (__stub_ldap_start_tls_s) || defined
(__stub___ldap_start_tls_s)
| choke me
| #else
| char (*f) () = ldap_start_tls_s;
| #endif
| #ifdef __cplusplus
| }
| #endif
|
| int
| main ()
| {
| return f != ldap_start_tls_s;
| ;
| return 0;
| }
~BAS
On Sat, 3 Sep 2005, Brian A. Seklecki wrote:
Rasmus / all:
I'll revert to that as path of last resort. The FreeBSD port mechanism for
installing php extensions is administratively superior to maintaining source
installations manually. Apache/PHP/LDAP/SSL/SQL cocktails on anything other
than Linux are way too convuluted to not be using Ports, especially with the
number of security advisories that come out. Without the XML vulnerability
checklist from 'portaudit', you might as well grab your ankles.
Anyway, It's not FreeBSD ports. The damn configure script in
php{4,5}???/ext/ldap/ per the following:
Update: The problem persists elsewhere than FreeBSD 5.3/i386. It's also
happening on a NetBSD/i386 host with a -current (cvs -rHEAD)
pkgsrc/databases/{,php-ldap-}openldap/
Okay, I traced it down:
in /usr/ports/net/php5-ldap/work/php-5.0.4/ext/ldap/configure ->
conftest -> ldap_start_tls_s();
ldap_start_tls_s return false -> ac_cv_func_ldap_start_tls_s=no in config.log
config.log -> ldap.h -> #undef HAVE_LDAP_START_TLS_S
config.c -> HAVE_LDAP_START_TLS_S -> PHP_FE(ldap_start_tls, NULL)
...therefore ldap_start_tls isn't registered. The question is why the
conftest.c in GNU autoconf is failing with:
configure:5048: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5
/var/tmp//cc63HySI.o(.text+0x12): In function `main':
: undefined reference to `ldap_start_tls_s'
...Which is odd since:
php4$ grep -ir ldap_start_tls_s lib/*
Binary file lib/libldap-2.2.so matches
Binary file lib/libldap-2.2.so.7 matches
Binary file lib/libldap.a matches
Binary file lib/libldap.so matches
Binary file lib/libldap_r-2.2.so matches
Binary file lib/libldap_r-2.2.so.7 matches
Binary file lib/libldap_r.a matches
Binary file lib/libldap_r.so matches
Binary file lib/pam_ldap.so matches
php4$ grep -ir ldap_start_tls_s include/*
include/ldap.h:ldap_start_tls_s LDAP_P((
include/php/main/php_config.h:/* Define if you have the ldap_start_tls_s
function. */
include/php/main/php_config.h:/* #undef HAVE_LDAP_START_TLS_S */
$ nm lib/libldap-2.2.so.7|grep -i start_tls
0002b770 T ldap_start_tls_s
and...
php5$ grep -ir ldap_start_tls_s lib/*
Binary file lib/libldap-2.2.so matches
Binary file lib/libldap-2.2.so.7 matches
Binary file lib/libldap.a matches
Binary file lib/libldap.so matches
Binary file lib/libldap_r-2.2.so matches
Binary file lib/libldap_r-2.2.so.7 matches
Binary file lib/libldap_r.a matches
Binary file lib/libldap_r.so matches
php5$ grep -ir ldap_start_tls_s include/*
include/ldap.h:ldap_start_tls_s LDAP_P((
include/php/main/php_config.h:/* Define if you have the ldap_start_tls_s
function. */
include/php/main/php_config.h:/* #undef HAVE_LDAP_START_TLS_S */
$ nm lib/libldap-2.2.so.7|grep -i start_tls
0002b770 T ldap_start_tls_s
..from 'make configure' in ports/net/php5-ldap/
checking for LDAP support... yes, shared
checking for LDAP Cyrus SASL support... no
checking for 3 arg ldap_set_rebind_proc... yes
checking for ldap_parse_reference... no
checking for ldap_start_tls_s... no
checking for ldap_bind_s... yes
...from config.log:
configure:5048: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5
/var/tmp//cc63HySI.o(.text+0x12): In function `main':
: undefined reference to `ldap_start_tls_s'
configure:5051: $? = 1
configure: failed program was:
#line 5011 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char ldap_start_tls_s (); below. */
#include <assert.h>
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char ldap_start_tls_s ();
char (*f) ();
#ifdef F77_DUMMY_MAIN
# ifdef __cplusplus
extern "C"
# endif
int F77_DUMMY_MAIN() { return 1; }
#endif
int
main ()
{
/* The GNU C library defines this for functions which it implements
to always fail with ENOSYS. Some functions are actually named
something starting with __ and the normal name is an alias. */
#if defined (__stub_ldap_start_tls_s) || defined (__stub___ldap_start_tls_s)
choke me
#else
f = ldap_start_tls_s;
#endif
;
return 0;
}
configure:5067: result: no
configure:5414: checking for ldap_bind_s
configure:5457: cc -o conftest -O -pipe -march=pentium3 -R/usr/local/lib
-L/usr/local/lib -lldap -R/usr/local/lib -
L/usr/local/lib -llber conftest.c >&5
configure:5460: $? = 0
configure:5463: test -s conftest
configure:5466: $? = 0
configure:5476: result: yes
configure:5583: checking for ld used by GCC
configure:5646: result: /usr/bin/ld
configure:5655: checking if the linker (/usr/bin/ld) is GNU ld
GNU ld version 2.15 [FreeBSD] 2004-05-23
configure:5667: result: yes
configure:5672: checking for /usr/bin/ld option to reload object files
configure:5679: result: -r
configure:5684: checking for BSD-compatible nm
configure:5720: result: nm
configure:5723: checking for a sed that does not truncate output
configure:5805: result: /usr/bin/sed
configure:5808: checking whether ln -s works
configure:5812: result: yes
configure:5819: checking how to recognise dependent libraries
configure:6001: result: pass_all
configure:6013: checking command to parse nm output
configure:6097: cc -c -O -pipe -march=pentium3 conftest.c >&5
configure:6100: $? = 0
configure:6104: nm conftest.o \| sed -n -e 's/^.*[
]\([ABCDGISTW][ABCDGISTW]*\)[ ][ ]*\(\)\([_A-Za-z][_A-
Za-z0-9]*\)$/\1 \2\3 \3/p' \> conftest.nm
configure:6107: $? = 0
configure:6159: cc -o conftest -O -pipe -march=pentium3 conftest.c
conftstm.o >&5
configure:6162: $? = 0
configure:6206: result: ok
configure:6215: checking how to run the C preprocessor
configure:6241: cc -E conftest.c
configure:6247: $? = 0
configure:6274: cc -E conftest.c
configure:6271:28: ac_nonexistent.h: No such file or directory
configure:6280: $? = 1
configure: failed program was:
#line 6270 "configure"
#include "confdefs.h"
#include <ac_nonexistent.h>
configure:6317: result: cc -E
configure:6332: cc -E conftest.c
configure:6338: $? = 0
configure:6365: cc -E conftest.c
configure:6362:28: ac_nonexistent.h: No such file or directory
configure:6371: $? = 1
configure: failed program was:
#line 6361 "configure"
#include "confdefs.h"
#include <ac_nonexistent.h>
configure:6411: checking for ANSI C header files
configure:6425: cc -E conftest.c
configure:6431: $? = 0
configure:6518: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5
configure:6521: $? = 0
ac_cv_func_ldap_start_tls_s=no
From php_ldap.h:
#if LDAP_API_VERSION > 2000
PHP_FUNCTION(ldap_start_tls);
#endif
From ldap.c:
#ifdef HAVE_LDAP_START_TLS_S
PHP_FE(ldap_start_tls, NULL)
#endif
#ifdef HAVE_LDAP_START_TLS_S
/* {{{ proto bool ldap_start_tls(resource link)
Start TLS */
PHP_FUNCTION(ldap_start_tls)
{
zval **link;
ldap_linkdata *ld;
int rc, protocol = LDAP_VERSION3;
if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &link) ==
FAILURE) {
WRONG_PARAM_COUNT;
}
ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, link, -1, "ldap link",
le_link);
if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION,
&protocol)) != LDAP_SUCCESS) ||
((rc = ldap_start_tls_s(ld->link, NULL, NULL)) !=
LDAP_SUCCESS)
) {
php_error_docref(NULL TSRMLS_CC, E_WARNING,"Unable to start
TLS: %s", ldap_err2string(rc));
RETURN_FALSE;
} else {
RETURN_TRUE;
}
}
/* }}} */
#endif
On Fri, 2 Sep 2005, Rasmus Lerdorf wrote:
Brian A. Seklecki wrote:
Firstly, sorry if this is the wrong list. There are thousands of forums
and PHP5 related MLs, but nothing FBSD specific.
Second, I wouldn't post if this wasn't happening on two completely
different FBSD boxes.
For whatever reason, the php4 and php5 from FreeBSD ports refuses to
properly configure SSL/TLS support for the LDAP module.
Can't you just build from the PHP tarball instead? Seems like a messed
up port to me. I use FreeBSD all day, every day and haven't seen this
problem. But I also don't use the ports.
-Rasmus
l8*
-lava
x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
l8*
-lava
x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php