From 3b22db143a13e0e12538df848013838532e08b33 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Fri, 12 Sep 2025 06:45:32 +0100
Subject: [PATCH] ext/ldap: [RFC] Deprecate build with Oracle Instance Client
 version.

---
 UPGRADING               | 10 +++++++++
 ext/ldap/config.m4      |  7 ++++--
 ext/ldap/ldap.c         |  3 +--
 ext/ldap/ldap.stub.php  |  5 +++++
 ext/ldap/ldap_arginfo.h | 49 ++++++++++++++++++++++++++++++++++++-----
 5 files changed, 64 insertions(+), 10 deletions(-)

diff --git a/UPGRADING b/UPGRADING
index e561b2b44a309..915cda999fc97 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -435,6 +435,16 @@ PHP 8.5 UPGRADE NOTES
     by using the intl.use_exceptions INI setting.
     RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_intlerror_level_ini_setting
 
+- LDAP:
+  - Specific Oracle Instant Client calls and constants have been deprecated.
+    List of affected calls:
+        ldap_connect with wallet support
+        ldap_connect_wallet
+    List of affected constants:
+        GSLC_SSL_NO_UATH
+        GSLC_SSL_ONEWAY_UATH
+        GSLC_SSL_TWOWAY_UATH
+
 - MySQLi:
   . The mysqli_execute() alias function has been deprecated.
     Use mysqli_stmt_execute() instead.
diff --git a/ext/ldap/config.m4 b/ext/ldap/config.m4
index ae0ae7fba9598..022d501453ec9 100644
--- a/ext/ldap/config.m4
+++ b/ext/ldap/config.m4
@@ -91,14 +91,17 @@ if test "$PHP_LDAP" != "no"; then
     elif test -f $LDAP_LIBDIR/libclntsh.$SHLIB_SUFFIX_NAME.12.1 || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/libclntsh.$SHLIB_SUFFIX_NAME.12.1; then
       PHP_ADD_LIBRARY_WITH_PATH([clntsh], [$LDAP_LIBDIR], [LDAP_SHARED_LIBADD])
       AC_DEFINE([HAVE_ORALDAP], [1])
+      AC_MSG_WARN([Build with Oracle Instant Client is deprecated])
 
     elif test -f $LDAP_LIBDIR/libclntsh.$SHLIB_SUFFIX_NAME.11.1 || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/libclntsh.$SHLIB_SUFFIX_NAME.11.1; then
       PHP_ADD_LIBRARY_WITH_PATH([clntsh], [$LDAP_LIBDIR], [LDAP_SHARED_LIBADD])
       AC_DEFINE([HAVE_ORALDAP], [1])
+      AC_MSG_WARN([Build with Oracle Instant Client is deprecated])
 
     elif test -f $LDAP_LIBDIR/libclntsh.$SHLIB_SUFFIX_NAME || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/libclntsh.$SHLIB_SUFFIX_NAME; then
-       PHP_ADD_LIBRARY_WITH_PATH([clntsh], [$LDAP_LIBDIR], [LDAP_SHARED_LIBADD])
-       AC_DEFINE([HAVE_ORALDAP], [1])
+      PHP_ADD_LIBRARY_WITH_PATH([clntsh], [$LDAP_LIBDIR], [LDAP_SHARED_LIBADD])
+      AC_DEFINE([HAVE_ORALDAP], [1])
+      AC_MSG_WARN([Build with Oracle Instant Client is deprecated])
 
     else
       AC_MSG_ERROR([Cannot find ldap libraries in $LDAP_LIBDIR.])
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 42b9249721e79..9878374bbe26a 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -973,8 +973,7 @@ PHP_FUNCTION(ldap_connect)
 	LDAP *ldap = NULL;
 
 	if (ZEND_NUM_ARGS() > 2) {
-	    zend_error(E_DEPRECATED, "Calling ldap_connect() with Oracle-specific arguments is deprecated, "
-			"use ldap_connect_wallet() instead");
+	    zend_error(E_DEPRECATED, "Calling ldap_connect() with Oracle-specific arguments is deprecated");
 	} else if (ZEND_NUM_ARGS() == 2) {
 		zend_error(E_DEPRECATED, "Usage of ldap_connect with two arguments is deprecated");
 	}
diff --git a/ext/ldap/ldap.stub.php b/ext/ldap/ldap.stub.php
index f9f2aab85c40b..84befe3f43f8e 100644
--- a/ext/ldap/ldap.stub.php
+++ b/ext/ldap/ldap.stub.php
@@ -208,16 +208,19 @@
      * @var int
      * @cvalue GSLC_SSL_NO_AUTH
      */
+    #[\Deprecated(since: "8.5", message: "as it is broken since PHP 8.0")]
     const GSLC_SSL_NO_AUTH = UNKNOWN;
     /**
      * @var int
      * @cvalue GSLC_SSL_ONEWAY_AUTH
      */
+    #[\Deprecated(since: "8.5", message: "as it is broken since PHP 8.0")]
     const GSLC_SSL_ONEWAY_AUTH = UNKNOWN;
     /**
      * @var int
      * @cvalue GSLC_SSL_TWOWAY_AUTH
      */
+    #[\Deprecated(since: "8.5", message: "as it is broken since PHP 8.0")]
     const GSLC_SSL_TWOWAY_AUTH = UNKNOWN;
 #endif
 
@@ -624,8 +627,10 @@
 #endif
 
 #ifdef HAVE_ORALDAP
+    #[\Deprecated(since: "8.5", message: "as it is broken since PHP 8.0")]
     function ldap_connect(?string $uri = null, int $port = 389, string $wallet = UNKNOWN, #[\SensitiveParameter] string $password = UNKNOWN, int $auth_mode = GSLC_SSL_NO_AUTH): LDAP\Connection|false {}
 #ifdef LDAP_API_FEATURE_X_OPENLDAP
+    #[\Deprecated(since: "8.5", message: "as it is broken since PHP 8.0")]
     function ldap_connect_wallet(?string $uri = null, string $wallet, #[\SensitiveParameter] string $password, int $auth_mode = GSLC_SSL_NO_AUTH): LDAP\Connection|false {}
 #endif
 #else
diff --git a/ext/ldap/ldap_arginfo.h b/ext/ldap/ldap_arginfo.h
index 3341b736bb2f1..25aa03343ace0 100644
--- a/ext/ldap/ldap_arginfo.h
+++ b/ext/ldap/ldap_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: edd31d6c19c01bee6ddb04c747640c97f0bacba6 */
+ * Stub hash: 9e47a0d85336f0e149abbdf56468513c5d31780f */
 
 #if defined(HAVE_ORALDAP)
 ZEND_BEGIN_ARG_WITH_RETURN_OBJ_TYPE_MASK_EX(arginfo_ldap_connect, 0, 0, LDAP\\Connection, MAY_BE_FALSE)
@@ -434,10 +434,10 @@ ZEND_FUNCTION(ldap_parse_exop);
 
 static const zend_function_entry ext_functions[] = {
 #if defined(HAVE_ORALDAP)
-	ZEND_FE(ldap_connect, arginfo_ldap_connect)
+	ZEND_RAW_FENTRY("ldap_connect", zif_ldap_connect, arginfo_ldap_connect, ZEND_ACC_DEPRECATED, NULL, NULL)
 #endif
 #if defined(HAVE_ORALDAP) && defined(LDAP_API_FEATURE_X_OPENLDAP)
-	ZEND_FE(ldap_connect_wallet, arginfo_ldap_connect_wallet)
+	ZEND_RAW_FENTRY("ldap_connect_wallet", zif_ldap_connect_wallet, arginfo_ldap_connect_wallet, ZEND_ACC_DEPRECATED, NULL, NULL)
 #endif
 #if !(defined(HAVE_ORALDAP))
 	ZEND_FE(ldap_connect, arginfo_ldap_connect)
@@ -593,9 +593,9 @@ static void register_ldap_symbols(int module_number)
 	REGISTER_LONG_CONSTANT("LDAP_OPT_X_SASL_USERNAME", LDAP_OPT_X_SASL_USERNAME, CONST_PERSISTENT);
 #endif
 #if defined(HAVE_ORALDAP)
-	REGISTER_LONG_CONSTANT("GSLC_SSL_NO_AUTH", GSLC_SSL_NO_AUTH, CONST_PERSISTENT);
-	REGISTER_LONG_CONSTANT("GSLC_SSL_ONEWAY_AUTH", GSLC_SSL_ONEWAY_AUTH, CONST_PERSISTENT);
-	REGISTER_LONG_CONSTANT("GSLC_SSL_TWOWAY_AUTH", GSLC_SSL_TWOWAY_AUTH, CONST_PERSISTENT);
+	zend_constant *const_GSLC_SSL_NO_AUTH = REGISTER_LONG_CONSTANT("GSLC_SSL_NO_AUTH", GSLC_SSL_NO_AUTH, CONST_PERSISTENT | CONST_DEPRECATED);
+	zend_constant *const_GSLC_SSL_ONEWAY_AUTH = REGISTER_LONG_CONSTANT("GSLC_SSL_ONEWAY_AUTH", GSLC_SSL_ONEWAY_AUTH, CONST_PERSISTENT | CONST_DEPRECATED);
+	zend_constant *const_GSLC_SSL_TWOWAY_AUTH = REGISTER_LONG_CONSTANT("GSLC_SSL_TWOWAY_AUTH", GSLC_SSL_TWOWAY_AUTH, CONST_PERSISTENT | CONST_DEPRECATED);
 #endif
 #if (LDAP_API_VERSION > 2000)
 	REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_REQUIRE_CERT", LDAP_OPT_X_TLS_REQUIRE_CERT, CONST_PERSISTENT);
@@ -709,10 +709,24 @@ static void register_ldap_symbols(int module_number)
 
 #if defined(HAVE_ORALDAP)
 
+	zend_attribute *attribute_Deprecated_func_ldap_connect_0 = zend_add_function_attribute(zend_hash_str_find_ptr(CG(function_table), "ldap_connect", sizeof("ldap_connect") - 1), ZSTR_KNOWN(ZEND_STR_DEPRECATED_CAPITALIZED), 2);
+	ZVAL_STR(&attribute_Deprecated_func_ldap_connect_0->args[0].value, ZSTR_KNOWN(ZEND_STR_8_DOT_5));
+	attribute_Deprecated_func_ldap_connect_0->args[0].name = ZSTR_KNOWN(ZEND_STR_SINCE);
+	zend_string *attribute_Deprecated_func_ldap_connect_0_arg1_str = zend_string_init("as it is broken since PHP 8.0", strlen("as it is broken since PHP 8.0"), 1);
+	ZVAL_STR(&attribute_Deprecated_func_ldap_connect_0->args[1].value, attribute_Deprecated_func_ldap_connect_0_arg1_str);
+	attribute_Deprecated_func_ldap_connect_0->args[1].name = ZSTR_KNOWN(ZEND_STR_MESSAGE);
+
 	zend_add_parameter_attribute(zend_hash_str_find_ptr(CG(function_table), "ldap_connect", sizeof("ldap_connect") - 1), 3, ZSTR_KNOWN(ZEND_STR_SENSITIVEPARAMETER), 0);
 #endif
 #if defined(HAVE_ORALDAP) && defined(LDAP_API_FEATURE_X_OPENLDAP)
 
+	zend_attribute *attribute_Deprecated_func_ldap_connect_wallet_0 = zend_add_function_attribute(zend_hash_str_find_ptr(CG(function_table), "ldap_connect_wallet", sizeof("ldap_connect_wallet") - 1), ZSTR_KNOWN(ZEND_STR_DEPRECATED_CAPITALIZED), 2);
+	ZVAL_STR(&attribute_Deprecated_func_ldap_connect_wallet_0->args[0].value, ZSTR_KNOWN(ZEND_STR_8_DOT_5));
+	attribute_Deprecated_func_ldap_connect_wallet_0->args[0].name = ZSTR_KNOWN(ZEND_STR_SINCE);
+	zend_string *attribute_Deprecated_func_ldap_connect_wallet_0_arg1_str = zend_string_init("as it is broken since PHP 8.0", strlen("as it is broken since PHP 8.0"), 1);
+	ZVAL_STR(&attribute_Deprecated_func_ldap_connect_wallet_0->args[1].value, attribute_Deprecated_func_ldap_connect_wallet_0_arg1_str);
+	attribute_Deprecated_func_ldap_connect_wallet_0->args[1].name = ZSTR_KNOWN(ZEND_STR_MESSAGE);
+
 	zend_add_parameter_attribute(zend_hash_str_find_ptr(CG(function_table), "ldap_connect_wallet", sizeof("ldap_connect_wallet") - 1), 2, ZSTR_KNOWN(ZEND_STR_SENSITIVEPARAMETER), 0);
 #endif
 
@@ -729,6 +743,29 @@ static void register_ldap_symbols(int module_number)
 
 	zend_add_parameter_attribute(zend_hash_str_find_ptr(CG(function_table), "ldap_exop_passwd", sizeof("ldap_exop_passwd") - 1), 3, ZSTR_KNOWN(ZEND_STR_SENSITIVEPARAMETER), 0);
 #endif
+#if defined(HAVE_ORALDAP)
+
+	zend_attribute *attribute_Deprecated_const_GSLC_SSL_NO_AUTH_0 = zend_add_global_constant_attribute(const_GSLC_SSL_NO_AUTH, ZSTR_KNOWN(ZEND_STR_DEPRECATED_CAPITALIZED), 2);
+	ZVAL_STR(&attribute_Deprecated_const_GSLC_SSL_NO_AUTH_0->args[0].value, ZSTR_KNOWN(ZEND_STR_8_DOT_5));
+	attribute_Deprecated_const_GSLC_SSL_NO_AUTH_0->args[0].name = ZSTR_KNOWN(ZEND_STR_SINCE);
+	zend_string *attribute_Deprecated_const_GSLC_SSL_NO_AUTH_0_arg1_str = zend_string_init("as it is broken since PHP 8.0", strlen("as it is broken since PHP 8.0"), 1);
+	ZVAL_STR(&attribute_Deprecated_const_GSLC_SSL_NO_AUTH_0->args[1].value, attribute_Deprecated_const_GSLC_SSL_NO_AUTH_0_arg1_str);
+	attribute_Deprecated_const_GSLC_SSL_NO_AUTH_0->args[1].name = ZSTR_KNOWN(ZEND_STR_MESSAGE);
+
+	zend_attribute *attribute_Deprecated_const_GSLC_SSL_ONEWAY_AUTH_0 = zend_add_global_constant_attribute(const_GSLC_SSL_ONEWAY_AUTH, ZSTR_KNOWN(ZEND_STR_DEPRECATED_CAPITALIZED), 2);
+	ZVAL_STR(&attribute_Deprecated_const_GSLC_SSL_ONEWAY_AUTH_0->args[0].value, ZSTR_KNOWN(ZEND_STR_8_DOT_5));
+	attribute_Deprecated_const_GSLC_SSL_ONEWAY_AUTH_0->args[0].name = ZSTR_KNOWN(ZEND_STR_SINCE);
+	zend_string *attribute_Deprecated_const_GSLC_SSL_ONEWAY_AUTH_0_arg1_str = zend_string_init("as it is broken since PHP 8.0", strlen("as it is broken since PHP 8.0"), 1);
+	ZVAL_STR(&attribute_Deprecated_const_GSLC_SSL_ONEWAY_AUTH_0->args[1].value, attribute_Deprecated_const_GSLC_SSL_ONEWAY_AUTH_0_arg1_str);
+	attribute_Deprecated_const_GSLC_SSL_ONEWAY_AUTH_0->args[1].name = ZSTR_KNOWN(ZEND_STR_MESSAGE);
+
+	zend_attribute *attribute_Deprecated_const_GSLC_SSL_TWOWAY_AUTH_0 = zend_add_global_constant_attribute(const_GSLC_SSL_TWOWAY_AUTH, ZSTR_KNOWN(ZEND_STR_DEPRECATED_CAPITALIZED), 2);
+	ZVAL_STR(&attribute_Deprecated_const_GSLC_SSL_TWOWAY_AUTH_0->args[0].value, ZSTR_KNOWN(ZEND_STR_8_DOT_5));
+	attribute_Deprecated_const_GSLC_SSL_TWOWAY_AUTH_0->args[0].name = ZSTR_KNOWN(ZEND_STR_SINCE);
+	zend_string *attribute_Deprecated_const_GSLC_SSL_TWOWAY_AUTH_0_arg1_str = zend_string_init("as it is broken since PHP 8.0", strlen("as it is broken since PHP 8.0"), 1);
+	ZVAL_STR(&attribute_Deprecated_const_GSLC_SSL_TWOWAY_AUTH_0->args[1].value, attribute_Deprecated_const_GSLC_SSL_TWOWAY_AUTH_0_arg1_str);
+	attribute_Deprecated_const_GSLC_SSL_TWOWAY_AUTH_0->args[1].name = ZSTR_KNOWN(ZEND_STR_MESSAGE);
+#endif
 }
 
 static zend_class_entry *register_class_LDAP_Connection(void)