From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 26 Mar 2025 16:49:01 +0000 (+0000)
Subject: daemon: Remove any previous credentials
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=da05a099678b7a207654afb1f6216923c83dff7c;p=pakfire.git

daemon: Remove any previous credentials

Otherwise krb5 will append all credentials, but Heimdal only seems to
read the first (eventually) expired ticket.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/pakfire/daemon.c b/src/pakfire/daemon.c
index 3e76ad1f..4d10005c 100644
--- a/src/pakfire/daemon.c
+++ b/src/pakfire/daemon.c
@@ -1009,6 +1009,15 @@ static int pakfire_daemon_auth(sd_event_source* s, uint64_t usec, void* data) {
 	DEBUG(daemon->ctx, "Successfully fetched credentials\n");
 	DEBUG(daemon->ctx, "  Expires: %s\n", time);
 
+	// Remove any previous credentials
+	r = krb5_cc_remove_cred(daemon->krb5.ctx, daemon->krb5.ccache, 0, &creds);
+	if (r) {
+		error = krb5_get_error_message(daemon->krb5.ctx, r);
+
+		ERROR(daemon->ctx, "Failed to remove credentials: %s\n", error);
+		goto ERROR;
+	}
+
 	// Store the credentials in the cache
 	r = krb5_cc_store_cred(daemon->krb5.ctx, daemon->krb5.ccache, &creds);
 	if (r) {