4 files changed, 78 insertions, 88 deletions

diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 4d12b90a..a7999b7e 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -1147,51 +1147,6 @@ done:
 
 }
 
-static char * get_ccache_name_by_principal(TALLOC_CTX *mem_ctx,
-                                           krb5_context ctx,
-                                           krb5_principal principal,
-                                           const char *ccname)
-{
-    krb5_error_code kerr;
-    krb5_ccache tmp_cc = NULL;
-    char *tmp_ccname = NULL;
-    char *ret_ccname = NULL;
-
-    kerr = krb5_cc_set_default_name(ctx, ccname);
-    if (kerr != 0) {
-        KRB5_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr);
-        return NULL;
-    }
-
-    kerr = krb5_cc_cache_match(ctx, principal, &tmp_cc);
-    if (kerr != 0) {
-        KRB5_CHILD_DEBUG(SSSDBG_TRACE_INTERNAL, kerr);
-        return NULL;
-    }
-
-    kerr = krb5_cc_get_full_name(ctx, tmp_cc, &tmp_ccname);
-    if (kerr !=0) {
-        KRB5_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr);
-        goto done;
-    }
-
-    ret_ccname = talloc_strdup(mem_ctx, tmp_ccname);
-    if (ret_ccname == NULL) {
-        DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed (ENOMEM).\n"));
-    }
-
-done:
-    if (tmp_cc != NULL) {
-        kerr = krb5_cc_close(ctx, tmp_cc);
-        if (kerr != 0) {
-            KRB5_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr);
-        }
-    }
-    krb5_free_string(ctx, tmp_ccname);
-
-    return ret_ccname;
-}
-
 static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
                                         const char *password)
 {
@@ -1250,8 +1205,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
      * directly with file ccache (DIR::/...), but cache collection
      * should be returned back to back end.
      */
-    cc_name = get_ccache_name_by_principal(kr->pd, kr->ctx, principal,
-                                           kr->ccname);
+    cc_name = sss_get_ccache_name_for_principal(kr->pd, kr->ctx, principal,
+                                                kr->ccname);
     if (cc_name == NULL) {
         cc_name = kr->ccname;
     }
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index 860c71b0..1b6d57c6 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -969,32 +969,6 @@ cc_dir_create(const char *location, pcre *illegal_re,
     return create_ccache_dir_head(dir_name, illegal_re, uid, gid, private_path);
 }
 
-static krb5_error_code
-get_ccache_for_princ(krb5_context context, const char *location,
-                     const char *princ, krb5_ccache *_ccache)
-{
-    krb5_error_code krberr;
-    krb5_principal client_principal = NULL;
-
-    krberr = krb5_cc_set_default_name(context, location);
-    if (krberr != 0) {
-        KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr);
-        DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_cc_resolve failed.\n"));
-        return krberr;
-    }
-
-    krberr = krb5_parse_name(context, princ, &client_principal);
-    if (krberr != 0) {
-        KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr);
-        DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_parse_name failed.\n"));
-        return krberr;
-    }
-
-    krberr = krb5_cc_cache_match(context, client_principal, _ccache);
-    krb5_free_principal(context, client_principal);
-    return krberr;
-}
-
 errno_t
 cc_dir_check_existing(const char *location, uid_t uid,
                       const char *realm, const char *princ,
@@ -1138,9 +1112,9 @@ cc_dir_cache_for_princ(TALLOC_CTX *mem_ctx, const char *location,
 {
     krb5_context context = NULL;
     krb5_error_code krberr;
-    krb5_ccache ccache = NULL;
-    char *name;
+    char *name = NULL;
     const char *ccname;
+    krb5_principal client_principal = NULL;
 
     ccname = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_DIR);
     if (!ccname) {
@@ -1160,27 +1134,32 @@ cc_dir_cache_for_princ(TALLOC_CTX *mem_ctx, const char *location,
         return NULL;
     }
 
-    krberr = get_ccache_for_princ(context, location, princ, &ccache);
-    if (krberr) {
-        DEBUG(SSSDBG_TRACE_FUNC, ("No principal for %s in %s\n",
-              princ, location));
-        krb5_free_context(context);
-        return NULL;
+    krberr = krb5_parse_name(context, princ, &client_principal);
+    if (krberr != 0) {
+        KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr);
+        DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_parse_name failed.\n"));
+        goto done;
     }
 
     /* This function is called only as a way to validate that,
      * we have the right cache
      */
-    krberr = krb5_cc_get_full_name(context, ccache, &name);
-    if (ccache) krb5_cc_close(context, ccache);
-    krb5_free_context(context);
-    if (krberr) {
-        KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr);
+    name = sss_get_ccache_name_for_principal(mem_ctx, context,
+                                             client_principal, location);
+    if (name == NULL) {
         DEBUG(SSSDBG_CRIT_FAILURE, ("Could not get full name of ccache\n"));
-        return NULL;
+        goto done;
     }
 
-    return talloc_strdup(mem_ctx, location);
+    talloc_zfree(name);
+    /* everytime return location for dir_cache */
+    name = talloc_strdup(mem_ctx, location);
+
+done:
+    krb5_free_principal(context, client_principal);
+    krb5_free_context(context);
+
+    return name;
 }
 
 errno_t
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 7d42e97f..204e0c2a 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -1179,3 +1179,55 @@ done:
     return ENOTSUP;
 #endif
 }
+
+char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx,
+                                         krb5_context ctx,
+                                         krb5_principal principal,
+                                         const char *location)
+{
+#ifdef HAVE_KRB5_DIRCACHE
+    krb5_error_code kerr;
+    krb5_ccache tmp_cc = NULL;
+    char *tmp_ccname = NULL;
+    char *ret_ccname = NULL;
+
+    kerr = krb5_cc_set_default_name(ctx, location);
+    if (kerr != 0) {
+        KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
+        return NULL;
+    }
+
+    kerr = krb5_cc_cache_match(ctx, principal, &tmp_cc);
+    if (kerr != 0) {
+        const char *err_msg = sss_krb5_get_error_message(ctx, kerr);
+        DEBUG(SSSDBG_TRACE_INTERNAL,
+              ("krb5_cc_cache_match failed: [%d][%s]\n", kerr, err_msg));
+        sss_krb5_free_error_message(ctx, err_msg);
+        return NULL;
+    }
+
+    kerr = krb5_cc_get_full_name(ctx, tmp_cc, &tmp_ccname);
+    if (kerr != 0) {
+        KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
+        goto done;
+    }
+
+    ret_ccname = talloc_strdup(mem_ctx, tmp_ccname);
+    if (ret_ccname == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed (ENOMEM).\n"));
+    }
+
+done:
+    if (tmp_cc != NULL) {
+        kerr = krb5_cc_close(ctx, tmp_cc);
+        if (kerr != 0) {
+            KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
+        }
+    }
+    krb5_free_string(ctx, tmp_ccname);
+
+    return ret_ccname;
+#else
+    return NULL;
+#endif /* HAVE_KRB5_DIRCACHE */
+}
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 4d3b9f7e..601a8acf 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -192,4 +192,8 @@ krb5_error_code sss_extract_pac(krb5_context ctx,
                                 krb5_keytab keytab,
                                 krb5_authdata ***_pac_authdata);
 
+char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx,
+                                         krb5_context ctx,
+                                         krb5_principal principal,
+                                         const char *location);
 #endif /* __SSS_KRB5_H__ */