From fe04743b2b5cae3ed45fb1212a1bed484203d3be Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 7 Jul 2025 18:09:17 -0400 Subject: [PATCH] Fix ccache config entry updating krb5_cc_set_config() originally tried to allow overwriting of existing config keys, but after commit c0a51fe0c8051e27c6cee4f4f0c705356a715e1e and 7783054742ddd807f7b2f7157d6ed81b7fb614eb it no longer calls remove_cred. Add a call back in, as we rely on config entry updating for refresh_time in the GSS library. ticket: 9178 --- src/lib/krb5/ccache/ccfns.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/lib/krb5/ccache/ccfns.c b/src/lib/krb5/ccache/ccfns.c index 9b755f0e36..1b5b2f1d10 100644 --- a/src/lib/krb5/ccache/ccfns.c +++ b/src/lib/krb5/ccache/ccfns.c @@ -247,9 +247,12 @@ krb5_cc_set_config(krb5_context context, krb5_ccache id, if (ret) goto out; - if (data == NULL) { - ret = krb5_cc_remove_cred(context, id, 0, &cred); - } else { + /* Try to clear any existing value for key. Avoid trace logging. */ + ret = id->ops->remove_cred(context, id, 0, &cred); + + if (data != NULL) { + /* Ignore remove_cred errors if we are setting a value. */ + krb5_clear_error_message(context); ret = krb5int_copy_data_contents(context, data, &cred.ticket); if (ret) goto out; -- 2.47.2