|
Posted by Rasmus Lerdorf on 09/03/05 23:43
File a bug at http://bugs.php.net and someone will take a look.
Brian A. Seklecki wrote:
>
> Okay, problem fixed:
>
> 1) cd /usr/{ports,pkgsrc}/{net/php5-ldap,databases/php-ldap} on
> {Free,Net}BSD respectively
>
> 2) sudo make configure
>
> 3) sudo vim
> On FreeBSD
> work/php-5.0.4/ext/ldap/config.h or..
> work/php-4.4.0/ext/ldap/config.h
>
> on NetBSD:
> work/php-5.0.4/ext/ldap/config.h
>
> 4) Change:
> /* Define to 1 if you have the `ldap_start_tls_s' function. */
> /* #undef HAVE_LDAP_START_TLS_S */
>
> To:
>
> #define HAVE_LDAP_START_TLS_S 1
>
> 5) sudo make install
>
> 6) carry on pretending that your employee data is secure
>
> $ cat ~/public_html/testtls.php
> <?
>
> if (function_exists('ldap_start_tls'))
> echo "I see it!\n";
>
> ?>
>
> [0] seklecki@blah:/$ php ~/public_html/testtls.php
> I see it!
>
> 7) ...sit around on your day off and try to determine how the following
> piece of code from configure.sh was [ever] supposed to determine if
> ldap_start_tls_s() was a valid function w/o including arguments
> -I/usr/local/include, -L/usr/local/lib to gcc(1) or #including ldap.h or
> lber.h, and wonder who is responsible >:}
>
> *cough*
>
> http://chora.php.net/diff.php/php-src/ext/ldap/config.m4?php=3c934ff67902f7c5ce419c901b82c77e&r1=1.23&r2=1.24&ty=h&num=10
>
>
> *cough* ... 8-) ...i dunno, maybe it "just works(r)" on Linux >:}
>
>
> | /* confdefs.h. */
> |
> | #define PACKAGE_NAME ""
> | #define PACKAGE_TARNAME ""
> | #define PACKAGE_VERSION ""
> | #define PACKAGE_STRING ""
> | #define PACKAGE_BUGREPORT ""
> | #define COMPILE_DL_LDAP 1
> | #define HAVE_LDAP 1
> | #define HAVE_3ARG_SETREBINDPROC 1
> | /* end confdefs.h. */
> | /* Define ldap_start_tls_s to an innocuous variant, in case <limits.h>
> declares ldap_start_tls_s.
> | For example, HP-UX 11i <limits.h> declares gettimeofday. */
> | #define ldap_start_tls_s innocuous_ldap_start_tls_s
> | /* System header to define __stub macros and hopefully few prototypes,
> | which can conflict with char ldap_start_tls_s (); below.
> | Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
> | <limits.h> exists even on freestanding compilers. */
> |
> | #ifdef __STDC__
> | # include <limits.h>
> | #else
> | # include <assert.h>
> | #endif
> |
> | #undef ldap_start_tls_s
> |
> | /* Override any gcc2 internal prototype to avoid an error. */
> | #ifdef __cplusplus
> | extern "C"
> | {
> | #endif
> | /* We use char because int might match the return type of a gcc2
> | builtin and then its argument prototype would still apply. */
> | char ldap_start_tls_s ();
> | /* The GNU C library defines this for functions which it implements
> | to always fail with ENOSYS. Some functions are actually named
> | something starting with __ and the normal name is an alias. */
> | #if defined (__stub_ldap_start_tls_s) || defined
> (__stub___ldap_start_tls_s)
> | choke me
> | #else
> | char (*f) () = ldap_start_tls_s;
> | #endif
> | #ifdef __cplusplus
> | }
> | #endif
> |
> | int
> | main ()
> | {
> | return f != ldap_start_tls_s;
> | ;
> | return 0;
> | }
>
>
>
> ~BAS
>
> On Sat, 3 Sep 2005, Brian A. Seklecki wrote:
>
>>
>> Rasmus / all:
>>
>> I'll revert to that as path of last resort. The FreeBSD port
>> mechanism for installing php extensions is administratively superior
>> to maintaining source installations manually. Apache/PHP/LDAP/SSL/SQL
>> cocktails on anything other than Linux are way too convuluted to not
>> be using Ports, especially with the number of security advisories that
>> come out. Without the XML vulnerability checklist from 'portaudit',
>> you might as well grab your ankles.
>>
>> Anyway, It's not FreeBSD ports. The damn configure script in
>> php{4,5}???/ext/ldap/ per the following:
>>
>> Update: The problem persists elsewhere than FreeBSD 5.3/i386. It's also
>> happening on a NetBSD/i386 host with a -current (cvs -rHEAD)
>> pkgsrc/databases/{,php-ldap-}openldap/
>>
>> Okay, I traced it down:
>>
>> in /usr/ports/net/php5-ldap/work/php-5.0.4/ext/ldap/configure ->
>> conftest -> ldap_start_tls_s();
>> ldap_start_tls_s return false -> ac_cv_func_ldap_start_tls_s=no in
>> config.log
>> config.log -> ldap.h -> #undef HAVE_LDAP_START_TLS_S
>> config.c -> HAVE_LDAP_START_TLS_S -> PHP_FE(ldap_start_tls, NULL)
>>
>> ...therefore ldap_start_tls isn't registered. The question is why the
>> conftest.c in GNU autoconf is failing with:
>>
>> configure:5048: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5
>> /var/tmp//cc63HySI.o(.text+0x12): In function `main':
>> : undefined reference to `ldap_start_tls_s'
>>
>> ...Which is odd since:
>>
>>
>> php4$ grep -ir ldap_start_tls_s lib/*
>> Binary file lib/libldap-2.2.so matches
>> Binary file lib/libldap-2.2.so.7 matches
>> Binary file lib/libldap.a matches
>> Binary file lib/libldap.so matches
>> Binary file lib/libldap_r-2.2.so matches
>> Binary file lib/libldap_r-2.2.so.7 matches
>> Binary file lib/libldap_r.a matches
>> Binary file lib/libldap_r.so matches
>> Binary file lib/pam_ldap.so matches
>>
>> php4$ grep -ir ldap_start_tls_s include/*
>> include/ldap.h:ldap_start_tls_s LDAP_P((
>> include/php/main/php_config.h:/* Define if you have the
>> ldap_start_tls_s function. */
>> include/php/main/php_config.h:/* #undef HAVE_LDAP_START_TLS_S */
>>
>>
>> $ nm lib/libldap-2.2.so.7|grep -i start_tls
>> 0002b770 T ldap_start_tls_s
>>
>> and...
>>
>> php5$ grep -ir ldap_start_tls_s lib/*
>> Binary file lib/libldap-2.2.so matches
>> Binary file lib/libldap-2.2.so.7 matches
>> Binary file lib/libldap.a matches
>> Binary file lib/libldap.so matches
>> Binary file lib/libldap_r-2.2.so matches
>> Binary file lib/libldap_r-2.2.so.7 matches
>> Binary file lib/libldap_r.a matches
>> Binary file lib/libldap_r.so matches
>>
>> php5$ grep -ir ldap_start_tls_s include/*
>> include/ldap.h:ldap_start_tls_s LDAP_P((
>> include/php/main/php_config.h:/* Define if you have the
>> ldap_start_tls_s function. */
>> include/php/main/php_config.h:/* #undef HAVE_LDAP_START_TLS_S */
>>
>> $ nm lib/libldap-2.2.so.7|grep -i start_tls
>> 0002b770 T ldap_start_tls_s
>>
>> ..from 'make configure' in ports/net/php5-ldap/
>>
>> checking for LDAP support... yes, shared
>> checking for LDAP Cyrus SASL support... no
>> checking for 3 arg ldap_set_rebind_proc... yes
>> checking for ldap_parse_reference... no
>> checking for ldap_start_tls_s... no
>> checking for ldap_bind_s... yes
>>
>>
>> ...from config.log:
>>
>> configure:5048: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5
>> /var/tmp//cc63HySI.o(.text+0x12): In function `main':
>> : undefined reference to `ldap_start_tls_s'
>> configure:5051: $? = 1
>> configure: failed program was:
>> #line 5011 "configure"
>> #include "confdefs.h"
>> /* System header to define __stub macros and hopefully few prototypes,
>> which can conflict with char ldap_start_tls_s (); below. */
>> #include <assert.h>
>> /* Override any gcc2 internal prototype to avoid an error. */
>> #ifdef __cplusplus
>> extern "C"
>> #endif
>> /* We use char because int might match the return type of a gcc2
>> builtin and then its argument prototype would still apply. */
>> char ldap_start_tls_s ();
>> char (*f) ();
>> #ifdef F77_DUMMY_MAIN
>> # ifdef __cplusplus
>> extern "C"
>> # endif
>> int F77_DUMMY_MAIN() { return 1; }
>> #endif
>> int
>> main ()
>> {
>> /* The GNU C library defines this for functions which it implements
>> to always fail with ENOSYS. Some functions are actually named
>> something starting with __ and the normal name is an alias. */
>> #if defined (__stub_ldap_start_tls_s) || defined
>> (__stub___ldap_start_tls_s)
>> choke me
>> #else
>> f = ldap_start_tls_s;
>> #endif
>>
>> ;
>> return 0;
>> }
>> configure:5067: result: no
>> configure:5414: checking for ldap_bind_s
>> configure:5457: cc -o conftest -O -pipe -march=pentium3
>> -R/usr/local/lib -L/usr/local/lib -lldap -R/usr/local/lib -
>> L/usr/local/lib -llber conftest.c >&5
>> configure:5460: $? = 0
>> configure:5463: test -s conftest
>> configure:5466: $? = 0
>> configure:5476: result: yes
>> configure:5583: checking for ld used by GCC
>> configure:5646: result: /usr/bin/ld
>> configure:5655: checking if the linker (/usr/bin/ld) is GNU ld
>> GNU ld version 2.15 [FreeBSD] 2004-05-23
>> configure:5667: result: yes
>> configure:5672: checking for /usr/bin/ld option to reload object files
>> configure:5679: result: -r
>> configure:5684: checking for BSD-compatible nm
>> configure:5720: result: nm
>> configure:5723: checking for a sed that does not truncate output
>> configure:5805: result: /usr/bin/sed
>> configure:5808: checking whether ln -s works
>> configure:5812: result: yes
>> configure:5819: checking how to recognise dependent libraries
>> configure:6001: result: pass_all
>> configure:6013: checking command to parse nm output
>> configure:6097: cc -c -O -pipe -march=pentium3 conftest.c >&5
>> configure:6100: $? = 0
>> configure:6104: nm conftest.o \| sed -n -e 's/^.*[
>> ]\([ABCDGISTW][ABCDGISTW]*\)[ ][ ]*\(\)\([_A-Za-z][_A-
>> Za-z0-9]*\)$/\1 \2\3 \3/p' \> conftest.nm
>> configure:6107: $? = 0
>> configure:6159: cc -o conftest -O -pipe -march=pentium3 conftest.c
>> conftstm.o >&5
>> configure:6162: $? = 0
>> configure:6206: result: ok
>> configure:6215: checking how to run the C preprocessor
>> configure:6241: cc -E conftest.c
>> configure:6247: $? = 0
>> configure:6274: cc -E conftest.c
>> configure:6271:28: ac_nonexistent.h: No such file or directory
>> configure:6280: $? = 1
>> configure: failed program was:
>> #line 6270 "configure"
>> #include "confdefs.h"
>> #include <ac_nonexistent.h>
>> configure:6317: result: cc -E
>> configure:6332: cc -E conftest.c
>> configure:6338: $? = 0
>> configure:6365: cc -E conftest.c
>> configure:6362:28: ac_nonexistent.h: No such file or directory
>> configure:6371: $? = 1
>> configure: failed program was:
>> #line 6361 "configure"
>> #include "confdefs.h"
>> #include <ac_nonexistent.h>
>> configure:6411: checking for ANSI C header files
>> configure:6425: cc -E conftest.c
>> configure:6431: $? = 0
>> configure:6518: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5
>> configure:6521: $? = 0
>>
>> ac_cv_func_ldap_start_tls_s=no
>>
>>
>> From php_ldap.h:
>>
>> #if LDAP_API_VERSION > 2000
>> PHP_FUNCTION(ldap_start_tls);
>> #endif
>>
>> From ldap.c:
>>
>> #ifdef HAVE_LDAP_START_TLS_S
>> PHP_FE(ldap_start_tls, NULL)
>> #endif
>>
>>
>>
>> #ifdef HAVE_LDAP_START_TLS_S
>> /* {{{ proto bool ldap_start_tls(resource link)
>> Start TLS */
>> PHP_FUNCTION(ldap_start_tls)
>> {
>> zval **link;
>> ldap_linkdata *ld;
>> int rc, protocol = LDAP_VERSION3;
>>
>> if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &link) ==
>> FAILURE) {
>> WRONG_PARAM_COUNT;
>> }
>>
>> ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, link, -1, "ldap link",
>> le_link);
>>
>> if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION,
>> &protocol)) != LDAP_SUCCESS) ||
>> ((rc = ldap_start_tls_s(ld->link, NULL, NULL)) !=
>> LDAP_SUCCESS)
>> ) {
>> php_error_docref(NULL TSRMLS_CC, E_WARNING,"Unable to
>> start TLS: %s", ldap_err2string(rc));
>> RETURN_FALSE;
>> } else {
>> RETURN_TRUE;
>> }
>> }
>> /* }}} */
>> #endif
>>
>>
>>
>> On Fri, 2 Sep 2005, Rasmus Lerdorf wrote:
>>
>>> Brian A. Seklecki wrote:
>>>
>>>> Firstly, sorry if this is the wrong list. There are thousands of
>>>> forums
>>>> and PHP5 related MLs, but nothing FBSD specific.
>>>>
>>>> Second, I wouldn't post if this wasn't happening on two completely
>>>> different FBSD boxes.
>>>>
>>>> For whatever reason, the php4 and php5 from FreeBSD ports refuses to
>>>> properly configure SSL/TLS support for the LDAP module.
>>>
>>>
>>> Can't you just build from the PHP tarball instead? Seems like a messed
>>> up port to me. I use FreeBSD all day, every day and haven't seen this
>>> problem. But I also don't use the ports.
>>>
>>> -Rasmus
>>>
>>
>> l8*
>> -lava
>>
>> x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
> l8*
> -lava
>
> x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
[Back to original message]
|