2 files changed, 56 insertions, 0 deletions

diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 7d42e97f..204e0c2a 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -1179,3 +1179,55 @@ done:
     return ENOTSUP;
 #endif
 }
+
+char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx,
+                                         krb5_context ctx,
+                                         krb5_principal principal,
+                                         const char *location)
+{
+#ifdef HAVE_KRB5_DIRCACHE
+    krb5_error_code kerr;
+    krb5_ccache tmp_cc = NULL;
+    char *tmp_ccname = NULL;
+    char *ret_ccname = NULL;
+
+    kerr = krb5_cc_set_default_name(ctx, location);
+    if (kerr != 0) {
+        KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
+        return NULL;
+    }
+
+    kerr = krb5_cc_cache_match(ctx, principal, &tmp_cc);
+    if (kerr != 0) {
+        const char *err_msg = sss_krb5_get_error_message(ctx, kerr);
+        DEBUG(SSSDBG_TRACE_INTERNAL,
+              ("krb5_cc_cache_match failed: [%d][%s]\n", kerr, err_msg));
+        sss_krb5_free_error_message(ctx, err_msg);
+        return NULL;
+    }
+
+    kerr = krb5_cc_get_full_name(ctx, tmp_cc, &tmp_ccname);
+    if (kerr != 0) {
+        KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
+        goto done;
+    }
+
+    ret_ccname = talloc_strdup(mem_ctx, tmp_ccname);
+    if (ret_ccname == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed (ENOMEM).\n"));
+    }
+
+done:
+    if (tmp_cc != NULL) {
+        kerr = krb5_cc_close(ctx, tmp_cc);
+        if (kerr != 0) {
+            KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
+        }
+    }
+    krb5_free_string(ctx, tmp_ccname);
+
+    return ret_ccname;
+#else
+    return NULL;
+#endif /* HAVE_KRB5_DIRCACHE */
+}
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 4d3b9f7e..601a8acf 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -192,4 +192,8 @@ krb5_error_code sss_extract_pac(krb5_context ctx,
                                 krb5_keytab keytab,
                                 krb5_authdata ***_pac_authdata);
 
+char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx,
+                                         krb5_context ctx,
+                                         krb5_principal principal,
+                                         const char *location);
 #endif /* __SSS_KRB5_H__ */