diff options
author | Simo Sorce <simo@redhat.com> | 2017-02-20 12:38:11 -0500 |
---|---|---|
committer | Martin Babinsky <mbabinsk@redhat.com> | 2017-02-22 10:15:50 +0100 |
commit | 908d2eaba46f5f123b49af400a8b696545c62b54 (patch) | |
tree | fc7898af1531691edcc1d45f3bb6a15080d4d47a | |
parent | fe6f2b6f6effcf9f3c58e1e3f6d0874609c10c25 (diff) | |
download | freeipa-908d2eaba46f5f123b49af400a8b696545c62b54.tar.gz freeipa-908d2eaba46f5f123b49af400a8b696545c62b54.tar.xz freeipa-908d2eaba46f5f123b49af400a8b696545c62b54.zip |
Fix session logout
There were 2 issues with session logouts, one is that the logout_cookie
was checked and acted on in the wrong place, the other is that the wrong
value was set in the IPASESSION header.
Fixes https://fedorahosted.org/freeipa/ticket/6685
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
-rw-r--r-- | ipaserver/plugins/session.py | 2 | ||||
-rw-r--r-- | ipaserver/rpcserver.py | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/ipaserver/plugins/session.py b/ipaserver/plugins/session.py index 8e480ed7d..a049cd946 100644 --- a/ipaserver/plugins/session.py +++ b/ipaserver/plugins/session.py @@ -23,6 +23,6 @@ class session_logout(Command): else: delattr(context, 'ccache_name') - setattr(context, 'logout_cookie', '') + setattr(context, 'logout_cookie', 'MagBearerToken=') return dict(result=None) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index f5c520f28..25f2740ea 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -434,6 +434,10 @@ class WSGIExecutioner(Executioner): response = status.encode('utf-8') headers = [('Content-Type', 'text/plain; charset=utf-8')] + logout_cookie = getattr(context, 'logout_cookie', None) + if logout_cookie is not None: + headers.append(('IPASESSION', logout_cookie)) + start_response(status, headers) return [response] @@ -639,10 +643,6 @@ class KerberosWSGIExecutioner(WSGIExecutioner, KerberosSession): return self.marshal(None, CCacheError()) - logout_cookie = getattr(context, 'logout_cookie', None) - if logout_cookie: - self.headers.append(('IPASESSION', logout_cookie)) - try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__( |