From b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Feb 17 2017 08:57:23 +0000 Subject: Change session logout to kill only the cookie Removing the ccache goes too far as it will cause unrelated sessions to fail as well, this is a problem for accounts used to do unattended operations and that may operate in parallel. Fixes https://fedorahosted.org/freeipa/ticket/6682 Signed-off-by: Simo Sorce Reviewed-By: Alexander Bokovoy --- diff --git a/ipaserver/plugins/session.py b/ipaserver/plugins/session.py index c700ab9..8e480ed 100644 --- a/ipaserver/plugins/session.py +++ b/ipaserver/plugins/session.py @@ -5,7 +5,6 @@ from ipalib import Command from ipalib.request import context from ipalib.plugable import Registry -from ipaserver.session import logout register = Registry() @@ -21,7 +20,9 @@ class session_logout(Command): ccache_name = getattr(context, 'ccache_name', None) if ccache_name is None: self.debug('session logout command: no ccache_name found') + else: + delattr(context, 'ccache_name') - logout(ccache_name) + setattr(context, 'logout_cookie', '') return dict(result=None) diff --git a/ipaserver/session.py b/ipaserver/session.py deleted file mode 100644 index 6957feb..0000000 --- a/ipaserver/session.py +++ /dev/null @@ -1,34 +0,0 @@ -# Authors: John Dennis -# -# Copyright (C) 2011 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import os - -from ipalib.request import context -from ipalib.krb_utils import ( - krb5_parse_ccache, -) - - -def logout(ccache_name=None): - if ccache_name is None: - ccache_name = getattr(context, 'ccache_name', None) - if ccache_name is not None: - scheme, name = krb5_parse_ccache(ccache_name) - if scheme == 'FILE': - os.unlink(name) - setattr(context, 'logout_cookie', '')