Update KerberosAuth.php

enable reuse of apache ticket cache
2026-06-04 01:34:07 +02:00 · 2018-07-20 15:09:33 +02:00 · 2018-07-20 15:09:33 +02:00 · 319d05e645
commit 319d05e645
parent fc9f0bd408
1 changed files with 45 additions and 0 deletions
--- a/src/KerberosAuth.php
+++ b/src/KerberosAuth.php
@ -25,6 +25,16 @@ namespace Icewind\SMB;
 * Use existing kerberos ticket to authenticate
 */
 class KerberosAuth implements IAuth {
+        
+	private $ticketPath = "";
+
+	//not working with nextcloud
+        private $saveTicketInMemory = false;
+
+	public function __construct() {
+		$this->registerApacheKerberosTicket();
+	}
+
 	public function getUsername() {
 		return 'dummy';
 	}
@ -46,4 +56,39 @@ class KerberosAuth implements IAuth {
 		smbclient_option_set($smbClientState, SMBCLIENT_OPT_FALLBACK_AFTER_KERBEROS, false);
 	}

+	private function registerApacheKerberosTicket() {
+		// inspired by https://git.typo3.org/TYPO3CMS/Extensions/fal_cifs.git
+	 
+		if (!extension_loaded("krb5")) {
+			return;
+		}
+		//read apache kerberos ticket cache
+		$cacheFile = getenv("KRB5CCNAME");
+		if(!$cacheFile) {
+			return;
+		}
+		$krb5 = new \KRB5CCache();
+		$krb5->open($cacheFile);
+		if(!$krb5->isValid()) {
+			return;
+		}
+		if($this->saveTicketInMemory) {
+			putenv("KRB5CCNAME=" . $krb5->getName());
+		}
+		else {
+			//workaround: smbclient is not working with the original apache ticket cache.
+			$tmpFilename = tempnam("/tmp", "krb5cc_php_");
+			$tmpCacheFile = "FILE:" . $tmpFilename;
+			$krb5->save($tmpCacheFile);
+			$this->ticketPath = $tmpFilename;
+			putenv("KRB5CCNAME=" . $tmpCacheFile);
+		}
+	}
+	
+	public function __destruct() {
+		if(!empty($this->ticketPath) && file_exists($this->ticketPath)  && is_file($this->ticketPath)) {
+			   unlink($this->ticketPath);
+		}
+	}
+
 }