From: Côme Chilliet <mcmic@php.net>
Date: Tue, 20 Jun 2017 13:18:16 +0000 (+0200)
Subject: Fixed ldap_exop_passwd and added tests for it
X-Git-Tag: php-7.2.0beta1~144^2~13
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ae76c8ba2c41a3883672f3ddc6d93fd65aaa3b4e;p=php

Fixed ldap_exop_passwd and added tests for it
---

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 15dcee20fd..c5a80f9680 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -3405,7 +3405,7 @@ PHP_FUNCTION(ldap_exop_passwd)
 	LDAPMessage *ldap_res;
 	int rc, msgid, myargcount = ZEND_NUM_ARGS();
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|zzzz", &link, &user, &oldpw, &newpw, &newpasswd) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|zzzz/", &link, &user, &oldpw, &newpw, &newpasswd) == FAILURE) {
 		WRONG_PARAM_COUNT;
 	}
 
@@ -3439,7 +3439,6 @@ PHP_FUNCTION(ldap_exop_passwd)
 		/* synchronous call */
 		rc = ldap_passwd_s(ld->link, &luser,
 			loldpw.bv_len > 0 ? &loldpw : NULL,
-			/* loldpw.bv_len > 0 ? &loldpw : NULL, */
 			lnewpw.bv_len > 0 ? &lnewpw : NULL,
 			&lnewpasswd, NULL, NULL);
 		if (rc != LDAP_SUCCESS ) {
@@ -3887,9 +3886,9 @@ ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_exop_passwd, 0, 0, 5)
 	ZEND_ARG_INFO(0, link)
-	ZEND_ARG_INFO(1, user)
-	ZEND_ARG_INFO(1, oldpw)
-	ZEND_ARG_INFO(1, newpw)
+	ZEND_ARG_INFO(0, user)
+	ZEND_ARG_INFO(0, oldpw)
+	ZEND_ARG_INFO(0, newpw)
 	ZEND_ARG_INFO(1, newpasswd)
 ZEND_END_ARG_INFO()
 
@@ -3903,7 +3902,7 @@ ZEND_END_ARG_INFO()
 ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_refresh, 0, 0, 4)
 	ZEND_ARG_INFO(0, link)
 	ZEND_ARG_INFO(0, dn)
-	ZEND_ARG_INFO(1, ttl)
+	ZEND_ARG_INFO(0, ttl)
 	ZEND_ARG_INFO(0, newttl)
 ZEND_END_ARG_INFO()
 #endif
diff --git a/ext/ldap/tests/connect.inc b/ext/ldap/tests/connect.inc
index f7379ac954..1c2205056e 100644
--- a/ext/ldap/tests/connect.inc
+++ b/ext/ldap/tests/connect.inc
@@ -21,6 +21,12 @@ function ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version)
 	return $link;
 }
 
+function test_bind($host, $port, $user, $passwd, $protocol_version) {
+	$link = ldap_connect($host, $port);
+	ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
+	return ldap_bind($link, $user, $passwd);
+}
+
 function insert_dummy_data($link, $base) {
 	// Create root if not there
 	$testBase = ldap_read($link, $base, '(objectClass=*)', array('objectClass'));
diff --git a/ext/ldap/tests/ldap_exop_passwd.phpt b/ext/ldap/tests/ldap_exop_passwd.phpt
new file mode 100644
index 0000000000..5ab926eb4a
--- /dev/null
+++ b/ext/ldap/tests/ldap_exop_passwd.phpt
@@ -0,0 +1,41 @@
+--TEST--
+ldap_exop_passwd() - Changing password through EXOP
+--CREDITS--
+CÃ´me Chilliet <mcmic@php.net>
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+<?php require_once('skipifbindfailure.inc'); ?>
+--FILE--
+<?php
+require "connect.inc";
+
+$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
+insert_dummy_data($link, $base);
+
+// ldap_exop_passwd() allows to pass the DN, OLD and NEW passwords,
+// and optionally returns the NEW password if none was passed.
+// ldap_exop_passwd(resource link [, string user [, string oldpw [, string newpw [, string newpasswd ]]]])
+var_dump(
+  ldap_exop_passwd($link, "cn=userA,$base", "oops", "", $genpw),
+  $genpw,
+  test_bind($host, $port, "cn=userA,$base", $genpw, $protocol_version),
+  ldap_exop_passwd($link, "cn=userA,$base", $genpw, "newPassword"),
+  test_bind($host, $port, "cn=userA,$base", "newPassword", $protocol_version)
+);
+?>
+===DONE===
+--CLEAN--
+<?php
+require "connect.inc";
+
+$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
+
+remove_dummy_data($link, $base);
+?>
+--EXPECTF--
+bool(true)
+string(%d) "%s"
+bool(true)
+bool(true)
+bool(true)
+===DONE===
diff --git a/ext/ldap/tests/ldap_exop_passwd_error.phpt b/ext/ldap/tests/ldap_exop_passwd_error.phpt
new file mode 100644
index 0000000000..0476cb5a89
--- /dev/null
+++ b/ext/ldap/tests/ldap_exop_passwd_error.phpt
@@ -0,0 +1,33 @@
+--TEST--
+ldap_exop_passwd() - Giving wrong value for old password
+--CREDITS--
+CÃ´me Chilliet <mcmic@php.net>
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+<?php require_once('skipifbindfailure.inc'); ?>
+--FILE--
+<?php
+require "connect.inc";
+
+$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
+insert_dummy_data($link, $base);
+
+var_dump(ldap_exop_passwd($link, "cn=userA,$base", "wrongPassword", "newPassword"));
+var_dump(test_bind($host, $port, "cn=userA,$base", "newPassword", $protocol_version));
+?>
+===DONE===
+--CLEAN--
+<?php
+require "connect.inc";
+
+$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
+
+remove_dummy_data($link, $base);
+?>
+--EXPECTF--
+Warning: ldap_exop_passwd(): Passwd modify extended operation failed: Server is unwilling to perform (53) in %s on line %d
+bool(false)
+
+Warning: ldap_bind(): Unable to bind to server: Invalid credentials in %s on line %d
+bool(false)
+===DONE===