[dev] [commits] Horde branch master updated. e2bb4297227910132c9cdc90dfa7af73e5def8db
Ralf Lang
lang at b1-systems.de
Thu Jan 10 22:36:04 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 10.01.2013 21:13, schrieb Michael M Slusarz:
> Quoting Michael M Slusarz <slusarz at horde.org>:
>
>> Quoting Jan Schneider <jan at horde.org>:
>>
>>
>> It's either that or remove completely from code base. Or
>> someone could provide a patch to fix the pass-by-reference in
>> PECL, and then we require a minimum version of the module.
>> Sigh... I guess I will give my best 15 minute shot at fixing in
>> the C source.
>
> Upon further inspection... this SHOULD work just fine. The PECL
> pam code isn't doing anything different than, say,
> stream_socket_client() which has a function definition of:
>
> resource stream_socket_client ( string $remote_socket [, int
> &$errno [, string &$errstr [, float $timeout =
> ini_get("default_socket_timeout") [, int $flags =
> STREAM_CLIENT_CONNECT [, resource $context ]]]]] )
>
> As the doc example shows, there is no need to pass
> call-by-reference:
>
> $fp = stream_socket_client("tcp://www.example.com:80", $errno,
> $errstr, 30);
>
>
> Within the C source, stream_socket_clients() arguments are parsed
> by:
>
> zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|zzdlr", &host,
> &host_len, &zerrno, &zerrstr, &timeout, &flags, &zcontext)
>
> The key thing to point out is the "s|zzdlr". This defines the list
> of parameters. For our purposes (analyzing the $errstr parameter),
> what is important is that this parameter is defined as 'z', meaning
> a direct access to the underlying Zend variable. It is linked to
> &zerrstr by zend_parse_parameters(). Later in that method, zerrstr
> is (potentially) set via:
>
> zval_dtor(zerrstr); ZVAL_STRING(zerrstr, "", 1);
>
> I'm going to assume this code destroys the current value of zerrst
> and then sets it to a new value ('looks like the empty string) via
> the ZVAL_STRING function/macro.
>
>
> So looking at the pam_auth() code, it is parsing parameters via:
>
> zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss|zb",
> &username, &username_len, &password, &password_len, &status,
> &checkacctmgmt)
>
> So &status is a pointer to the variable in PHP userland. This
> variable is modified by:
>
> spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh,
> result), "pam_start"); zval_dtor(status); ZVAL_STRING(status,
> error_msg, 0);
>
> In other words... identical to socket_stream_client().
>
>
> Thus, removing the call-time pass-by-reference is appropriate and
> doesn't break anything (at least with the PECL PAM extension). So
> we should be good with the change.
>
> And now my head hurts. C? Bleh.
Hi Michael, nice effort. But now that you've inspected all that stuff:
What exactly is the pam_auth PHP extension doing?
Is it just communicating with the pam through a socket? Then it's
probably implementable in userland code if somebody asks/pays for it.
I'm asking because I think this library will break or stop being
packaged by most distributions again and I don't like to read 10k of c
code just to find out when you did this now. ;)
Ralf
- --
Ralf Lang
Linux Consultant / Developer
Tel.: +49-170-6381563
Mail: lang at b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDvQlQACgkQCs1dsHJ/X7DdiACdFUHQ5BhE1oR7ndbRFGlN8nxo
AcwAn2dRlY+yyr3AAfjPN3O9Z1Fg/7DD
=CpQA
-----END PGP SIGNATURE-----
More information about the dev
mailing list