From 45380749482518f567577e43d94d1831bda8b4f4 Mon Sep 17 00:00:00 2001
From: Sukhwinder Dhillon <sukhwinder33445@gmail.com>
Date: Tue, 23 Jan 2024 16:51:17 +0100
Subject: [PATCH] LdapConnection: Fix ldap return type issues

ldap_connect() in php >= 8.1 returns `LDAP\Connection` instead of `resource` and all ldap_*() methods expects the returned type. But function defined return type and $ds type confuses phpstan, so i removed the hardcoded type hint.
---
 .../Icinga/Protocol/Ldap/LdapConnection.php   | 38 ++++++++++++++-----
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/library/Icinga/Protocol/Ldap/LdapConnection.php b/library/Icinga/Protocol/Ldap/LdapConnection.php
index a620e6de677..e372845a33b 100644
--- a/library/Icinga/Protocol/Ldap/LdapConnection.php
+++ b/library/Icinga/Protocol/Ldap/LdapConnection.php
@@ -89,8 +89,6 @@ class LdapConnection implements Selectable, Inspectable
 
     /**
      * The LDAP link identifier being used
-     *
-     * @var resource
      */
     protected $ds;
 
@@ -248,7 +246,7 @@ public function root()
      *
      * Establishes a connection if necessary.
      *
-     * @return  resource
+     * @throws LdapException
      */
     public function getConnection()
     {
@@ -617,9 +615,11 @@ public function testCredentials($bindDn, $bindPw)
     /**
      * Return whether an entry identified by the given distinguished name exists
      *
-     * @param   string  $dn
+     * @param string $dn
      *
      * @return  bool
+     *
+     * @throws LdapException
      */
     public function hasDn($dn)
     {
@@ -627,6 +627,10 @@ public function hasDn($dn)
         $this->bind();
 
         $result = ldap_read($ds, $dn, '(objectClass=*)', array('objectClass'));
+        if ($result === false) {
+            throw new LdapException('Failed to read %s dn', $dn);
+        }
+
         return ldap_count_entries($ds, $result) > 0;
     }
 
@@ -654,6 +658,10 @@ public function deleteRecursively($dn)
         }
 
         $children = ldap_get_entries($ds, $result);
+        if ($children === false) {
+            throw new LdapException('LDAP: failed to get entries');
+        }
+
         for ($i = 0; $i < $children['count']; $i++) {
             $result = $this->deleteRecursively($children[$i]['dn']);
             if (! $result) {
@@ -785,6 +793,9 @@ protected function runQuery(LdapQuery $query, array $fields = null)
         $count = 0;
         $entries = array();
         $entry = ldap_first_entry($ds, $results);
+        if ($entry === false) {
+            throw new LdapException('Failed to fetch first id');
+        }
         do {
             if ($unfoldAttribute) {
                 $rows = $this->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields, $unfoldAttribute);
@@ -952,6 +963,9 @@ protected function runPagedQuery(LdapQuery $query, array $fields = null, $pageSi
             }
 
             $entry = ldap_first_entry($ds, $results);
+            if ($entry === false) {
+                throw new LdapException('Failed to fetch first id');
+            }
             do {
                 if ($unfoldAttribute) {
                     $rows = $this->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields, $unfoldAttribute);
@@ -1184,9 +1198,7 @@ protected function encodeSortRules(array $sortRules)
     /**
      * Prepare and establish a connection with the LDAP server
      *
-     * @param   Inspection  $info   Optional inspection to fill with diagnostic info
-     *
-     * @return  resource            A LDAP link identifier
+     * @param   ?Inspection  $info   Optional inspection to fill with diagnostic info
      *
      * @throws  LdapException       In case the connection is not possible
      */
@@ -1199,6 +1211,9 @@ protected function prepareNewConnection(Inspection $info = null)
         $hostname = $this->normalizeHostname($this->hostname);
 
         $ds = ldap_connect($hostname);
+        if ($ds === false) {
+            throw new LdapException('Failed to connect to LDAP');
+        }
 
         // Set a proper timeout for each connection
         ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, $this->timeout);
@@ -1228,7 +1243,7 @@ protected function prepareNewConnection(Inspection $info = null)
     }
 
     /**
-     * Perform a LDAP search and return the result
+     * Perform a LDAP search and return the result or false on error
      *
      * @param   LdapQuery   $query
      * @param   array       $attributes     An array of the required attributes
@@ -1238,8 +1253,6 @@ protected function prepareNewConnection(Inspection $info = null)
      * @param   int         $deref
      * @param   array       $controls       LDAP Controls to send with the request (Only supported with PHP v7.3+)
      *
-     * @return  resource|bool               A search result identifier or false on error
-     *
      * @throws  LogicException              If the LDAP query search scope is unsupported
      */
     public function ldapSearch(
@@ -1553,6 +1566,11 @@ public function inspect()
         return $insp;
     }
 
+    /**
+     * @param string $hostname
+     *
+     * @return string
+     */
     protected function normalizeHostname($hostname)
     {
         $scheme = $this->encryption === static::LDAPS ? 'ldaps://' : 'ldap://';