Added authentication support

config.m4

@@ -36,6 +36,7 @@ if test "$PHP_MQSERIES" != "no"; then
   LIBNAME=mqic     # use this when connecting via the mqic (client) libraries.
   LIBSYMBOL=MQCONN
 
+  PHP_LIBDIR=lib64
   PHP_CHECK_LIBRARY($LIBNAME,$LIBSYMBOL,
   [
      PHP_ADD_LIBRARY_WITH_PATH($LIBNAME, $MQSERIES_DIR/$PHP_LIBDIR, MQSERIES_SHARED_LIBADD)

examples/connx_auth.php

@@ -0,0 +1,65 @@
+<?php
+/**
+ * Connect to MQ using authentication.
+ * If you specify SSLCipherSpec you need to specify a key repository in MQCSO.
+ * For two way ssl, specify CertificateLabel in MQCSO with version >= 5.
+ * User/pass auth is used if you use the MSCSP structure.
+ * The maximum length of a user name is 1024 bytes, for more information see
+ * https://www.ibm.com/docs/en/ibm-mq/9.2?topic=application-user-ids
+ * 
+ * Tested with php 7.4 and MQ client 9.2 on MQ Server 9.0
+ * 
+ * Author:  Al Saleh <[email protected]>
+ */
+
+if(!extension_loaded('mqseries')) {
+    exit;
+}
+
+$config = [
+    'host' => 'mqserver.domain.tld',
+    'port' => '1234',
+    'qmanager' => 'QMNAME',
+    'channel' => 'CHANNEL',
+    'queue' => 'PHPQUEUE',
+    'user' => 'phpuser',
+    'pass' => 'phppass',
+    'key_repo' => '/var/www/mqkeys/client', // https://www.ibm.com/docs/en/ibm-mq/9.2?topic=mqsco-keyrepository-mqchar256
+    'max_message_size' => 104857600, // https://www.ibm.com/docs/en/ibm-mq/9.2?topic=mqcbd-maxmsglength-mqlong
+    'cert_label' => 'mykey',  // https://www.ibm.com/docs/en/ibm-mq/9.2?topic=mqsco-certificatelabel-mqchar64
+];
+
+$mqcno = [
+    'Version' =>  MQSERIES_MQCNO_VERSION_5,
+    'Options' => MQSERIES_MQCNO_STANDARD_BINDING,
+    'MQCD' =>[
+      'Version' => 7,
+      'ChannelName' => $config['channel'],
+      'ConnectionName' => $config['host'] . '(' . $config['port'] . ')', // https://www.ibm.com/docs/en/ibm-mq/9.2?topic=order-connection-name-conname
+      'TransportType' => MQSERIES_MQXPT_TCP,
+      'SSLCipherSpec' => 'TLS_RSA_WITH_AES_128_CBC_SHA256', // Set by the server.
+      'SSLClientAuth' => MQSERIES_MQSCA_REQUIRED, // https://www.ibm.com/docs/en/ibm-mq/9.2?topic=fields-sslclientauth-mqlong
+      'MaxMsgLength' => $config['max_message_size'],
+    ],
+    'MQCSP' => [
+      'Version' => 1,
+      'AuthenticationType'=> MQSERIES_MQCSP_AUTH_USER_ID_AND_PWD, 
+      'CSPUserId' => $config['user'],
+      'CSPPassword' => $config['pass'],
+    ],
+    'MQSCO' => [                                       // SSL configuration
+      'Version' => 5,                                  // Version needs to be >= 5 to support CertificateLabel
+      'KeyRepository' => $config['key_repo'],          // https://www.ibm.com/docs/en/ibm-mq/9.2?topic=mqsco-keyrepository-mqchar256
+      'CertificateLabel' => ''                         // Required for two-way SSL, Keep empty for server-side SSL.
+    ],
+];
+
+printf("Connecting ...\n");
+mqseries_connx($config['qmanager'], $mqcno, $conn, $comp_code, $reason);
+if ($comp_code !== MQSERIES_MQCC_OK) {		
+	printf("Connx CompCode:%d Reason:%d Text:%s\n", $comp_code, $reason, mqseries_strerror($reason));
+}
+if($conn) {
+    printf("Connected, disconnecting ...\n");
+    mqseries_disc($conn, $comp_code, $reason);
+}

mqseries.c

@@ -430,12 +430,14 @@ PHP_FUNCTION(mqseries_connx)
 	MQSCO ssl_configuration     = {MQSCO_DEFAULT};
 	MQAIR authentication_information_record = {MQAIR_DEFAULT}; /* Only 1 (one) record is supported for now. */
 	MQCHAR LDAPUserName[MQ_DISTINGUISHED_NAME_LENGTH];
-
+	MQCHAR CSPUserId[MQ_CLIENT_USER_ID_LENGTH]; // https://www.ibm.com/docs/en/ibm-mq/9.2?topic=application-user-ids
+	MQCHAR CSPPassword[MQ_CSP_PASSWORD_LENGTH]; // https://www.ibm.com/docs/en/ibm-mq/9.2?topic=mqcsp-csppasswordlength-mqlong
+	MQCSP security_parms = {MQCSP_DEFAULT}; // https://www.ibm.com/docs/en/ibm-mq/9.2?topic=mqi-mqcsp-security-parameters
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "saz/z/z/", &name, &name_len, &z_connect_opts, &z_conn, &z_comp_code, &z_reason) == FAILURE) {
 		return;
 	}
 
-	_mqseries_set_mqcno_from_array(z_connect_opts, &connect_opts, &channel_definition, &ssl_configuration, &authentication_information_record, LDAPUserName);
+	_mqseries_set_mqcno_from_array(z_connect_opts, &connect_opts, &channel_definition, &ssl_configuration, &authentication_information_record, LDAPUserName, &security_parms, CSPUserId, CSPPassword);
 
 	mqdesc = (mqseries_descriptor *) emalloc(sizeof(mqseries_descriptor));
 

mqseries_helper.c

@@ -193,7 +193,7 @@ static void _mqseries_set_authentication_information_record_from_array(zval *arr
 
 	if ((tmp = zend_hash_str_find(ht, "LDAPUserName", sizeof("LDAPUserName")-1)) != NULL &&
 		Z_TYPE_P(tmp) == IS_STRING) {
-		strncpy(LDAPUserName, Z_STRVAL_P(tmp), sizeof(LDAPUserName));
+		strncpy(LDAPUserName, Z_STRVAL_P(tmp), MQ_DISTINGUISHED_NAME_LENGTH);
 		authentication_information_record->LDAPUserNamePtr = LDAPUserName;
 		authentication_information_record->LDAPUserNameLength = strlen(LDAPUserName);
 	}
@@ -208,6 +208,7 @@ static void _mqseries_set_ssl_configuration_from_array(zval *array, PMQSCO ssl_c
 	MQSERIES_SETOPT_LONG(ssl_configuration, Version);
 	MQSERIES_SETOPT_STRING(ssl_configuration, KeyRepository);
 	MQSERIES_SETOPT_STRING(ssl_configuration, CryptoHardware);
+	MQSERIES_SETOPT_STRING(ssl_configuration, CertificateLabel);	/* vaimo.stefan 2020-02-03 */
 
 	if ((tmp = zend_hash_str_find(ht, "MQAIR", sizeof("MQAIR")-1)) != NULL &&
 		Z_TYPE_P(tmp) == IS_ARRAY) {
@@ -368,7 +369,7 @@ static void _mqseries_set_channel_definition_from_array(zval *array, PMQCD chann
 }
 /* }}} */
 
-void _mqseries_set_mqcno_from_array(zval *array, PMQCNO connect_opts, PMQCD channel_definition, PMQSCO ssl_configuration, PMQAIR authentication_information_record, 	PMQCHAR LDAPUserName) /* {{{ */
+void _mqseries_set_mqcno_from_array(zval *array, PMQCNO connect_opts, PMQCD channel_definition, PMQSCO ssl_configuration, PMQAIR authentication_information_record, PMQCHAR LDAPUserName, PMQCSP security_params, PMQCHAR CSPUserId, PMQCHAR CSPPassword) /* {{{ */
 {
 	HashTable *ht = Z_ARRVAL_P(array);
 	zval *tmp;
@@ -387,9 +388,33 @@ void _mqseries_set_mqcno_from_array(zval *array, PMQCNO connect_opts, PMQCD chan
 		_mqseries_set_ssl_configuration_from_array(tmp, ssl_configuration, authentication_information_record, LDAPUserName);
 		connect_opts->SSLConfigPtr = ssl_configuration;
 	}
+	if ((tmp = zend_hash_str_find(ht, "MQCSP", sizeof("MSCSP")-1)) != NULL &&
+		Z_TYPE_P(tmp) == IS_ARRAY) {
+		_mqseries_set_mqcsp_from_array(tmp, security_params, CSPUserId, CSPPassword);
+		connect_opts->SecurityParmsPtr = security_params;
+	}
 }
 /* }}} */
 
+void _mqseries_set_mqcsp_from_array(zval *array, PMQCSP security_params, PMQCHAR CSPUserId, PMQCHAR CSPPassword) {
+	HashTable *ht = Z_ARRVAL_P(array);
+	zval *tmp;
+	MQSERIES_SETOPT_LONG(security_params, Version);
+	MQSERIES_SETOPT_LONG(security_params, AuthenticationType);
+
+	if ((tmp = zend_hash_str_find(ht, "CSPUserId", sizeof("CSPUserId")-1)) != NULL && Z_TYPE_P(tmp) == IS_STRING) {
+		strncpy(CSPUserId, Z_STRVAL_P(tmp), MQ_CLIENT_USER_ID_LENGTH);
+		security_params->CSPUserIdPtr = CSPUserId;
+		security_params->CSPUserIdLength = strlen(CSPUserId);
+	}
+
+	if ((tmp = zend_hash_str_find(ht, "CSPPassword", sizeof("CSPPassword")-1)) != NULL && Z_TYPE_P(tmp) == IS_STRING) {
+		strncpy(CSPPassword, Z_STRVAL_P(tmp), MQ_CSP_PASSWORD_LENGTH);
+		security_params->CSPPasswordPtr = CSPPassword;
+		security_params->CSPPasswordLength = strlen(CSPPassword);
+	}
+}
+
 void _mqseries_set_mqpmo_from_array(zval *array, PMQPMO put_msg_opts) /* {{{ */
 {
 	HashTable *ht = Z_ARRVAL_P(array);

mqseries_init_const.h

@@ -4084,3 +4084,19 @@ REGISTER_MQSERIES_LONG_CONSTANT(MQSTAT_TYPE_RECONNECTION);
 #ifdef MQSTAT_TYPE_RECONNECTION_ERROR
 REGISTER_MQSERIES_LONG_CONSTANT(MQSTAT_TYPE_RECONNECTION_ERROR);
 #endif /* MQSTAT_TYPE_RECONNECTION_ERROR*/
+
+ /* MQCSP Authentication type options */
+#ifdef MQCSP_AUTH_NONE
+REGISTER_MQSERIES_LONG_CONSTANT(MQCSP_AUTH_NONE);
+#endif /* MQCSP_AUTH_NONE*/
+#ifdef MQCSP_AUTH_USER_ID_AND_PWD
+REGISTER_MQSERIES_LONG_CONSTANT(MQCSP_AUTH_USER_ID_AND_PWD);
+#endif /* MQCSP_AUTH_USER_ID_AND_PWD*/
+
+ /* MQCSA SSL Client Auth */
+#ifdef MQSCA_REQUIRED
+REGISTER_MQSERIES_LONG_CONSTANT(MQSCA_REQUIRED);
+#endif /* MQSCA_REQUIRED*/
+#ifdef MQSCA_OPTIONAL
+REGISTER_MQSERIES_LONG_CONSTANT(MQSCA_OPTIONAL);
+#endif /* MQSCA_OPTIONAL*/

package.xml

@@ -26,8 +26,8 @@
   <date>2017-07-14</date>
   <time>20:00:00</time>
   <version>
-    <release>0.15.0</release>
-    <api>0.15.0</api>
+    <release>0.16.0</release>
+    <api>0.16.0</api>
   </version>
   <stability>
     <release>beta</release>
@@ -42,6 +42,7 @@
       <dir name="examples">
         <file name="conn.php" role="doc"/>
         <file name="connx.php" role="doc"/>
+        <file name="connx_auth.php" role="doc"/>
         <file name="get.php" role="doc"/>
         <file name="mput.php" role="doc"/>
         <file name="mqclient.php" role="doc"/>
@@ -83,6 +84,22 @@
   <providesextension>mqseries</providesextension>
   <extsrcrelease/>
   <changelog>
+    <release>
+      <version>
+        <release>0.16.0</release>
+        <api>0.16.0</api>
+      </version>
+      <stability>
+        <release>beta</release>
+        <api>beta</api>
+      </stability>
+      <date>2021-12-16</date>
+      <license uri="http://www.opensource.org/licenses/bsd-license.php">BSD</license>
+      <notes>
+- Added User/Password authentication support 
+- Added two way ssl connection support.
+ 	  </notes>
+    </release>
     <release>
       <version>
         <release>0.15.0</release>

php_mqseries.h

@@ -45,7 +45,7 @@ Author: Michael Bretterklieber <[email protected]>
 
 #define phpext_mqseries_ptr &mqseries_module_entry
 
-#define PHP_MQSERIES_VERSION "0.15.0"
+#define PHP_MQSERIES_VERSION "0.16.0"
 
 #ifdef PHP_WIN32
 #define PHP_MQSERIES_API __declspec(dllexport)
@@ -82,10 +82,11 @@ extern int le_mqseries_bytes;
 #define PHP_MQSERIES_BYTES_RES_NAME "mqseries_bytes"
 
 /* {{{ Helper */
-void _mqseries_set_mqcno_from_array(zval *, PMQCNO, PMQCD, PMQSCO, PMQAIR, PMQCHAR);
+void _mqseries_set_mqcno_from_array(zval *, PMQCNO, PMQCD, PMQSCO, PMQAIR, PMQCHAR, PMQCSP, PMQCHAR, PMQCHAR);
 
 void _mqseries_set_mqpmo_from_array(zval *, PMQPMO);
 void _mqseries_set_array_from_mqpmo(zval *, PMQPMO);
+void _mqseries_set_mqcsp_from_array(zval *, PMQCSP, PMQCHAR, PMQCHAR);
 
 void _mqseries_set_mqmd_from_array(zval *, PMQMD);
 void _mqseries_set_array_from_mqmd(zval *, PMQMD);