diff options
author | Jan Cholasta <jcholast@redhat.com> | 2016-06-29 15:53:52 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-30 14:09:24 +0200 |
commit | a901ec1ce988b0b3d0c8e7a063de260eb9ede7e8 (patch) | |
tree | a3fd4d1086e75d989b901fda0205f2075782a9fd /ipaserver | |
parent | dcf8b47471a1795eb00f3aee09ba48b5c4847923 (diff) | |
download | freeipa-a901ec1ce988b0b3d0c8e7a063de260eb9ede7e8.tar.gz freeipa-a901ec1ce988b0b3d0c8e7a063de260eb9ede7e8.tar.xz freeipa-a901ec1ce988b0b3d0c8e7a063de260eb9ede7e8.zip |
session: do not initialize session manager on import
Removes the side effect of attempting to connect to memcached when the
session module is imported, which caused user visible warnings and/or
SELinux AVC denials.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/plugins/session.py | 7 | ||||
-rw-r--r-- | ipaserver/rpcserver.py | 9 | ||||
-rw-r--r-- | ipaserver/session.py | 9 |
3 files changed, 19 insertions, 6 deletions
diff --git a/ipaserver/plugins/session.py b/ipaserver/plugins/session.py index 9daa1426b..0efb53c88 100644 --- a/ipaserver/plugins/session.py +++ b/ipaserver/plugins/session.py @@ -2,12 +2,10 @@ # Copyright (C) 2015 FreeIPA Contributors see COPYING for license # -from ipalib import api, Command +from ipalib import Command from ipalib.request import context from ipalib.plugable import Registry - -if api.env.in_server: - from ipaserver.session import session_mgr +from ipaserver.session import get_session_mgr register = Registry() @@ -28,6 +26,7 @@ class session_logout(Command): self.debug('session logout command: session_id=%s', session_id) # Notifiy registered listeners + session_mgr = get_session_mgr() session_mgr.auth_mgr.logout(session_data) return dict(result=None) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index ac27ae7f6..676149748 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -51,7 +51,7 @@ from ipalib.util import parse_time_duration, normalize_name from ipapython.dn import DN from ipaserver.plugins.ldap2 import ldap2 from ipaserver.session import ( - session_mgr, AuthManager, get_ipa_ccache_name, + get_session_mgr, AuthManager, get_ipa_ccache_name, load_ccache_data, bind_ipa_ccache, release_ipa_ccache, fmt_time, default_max_session_duration, krbccache_dir, krbccache_prefix) from ipalib.backend import Backend @@ -415,6 +415,7 @@ class WSGIExecutioner(Executioner): if session_data is not None: # Send session cookie back and store session data # FIXME: the URL path should be retreived from somewhere (but where?), not hardcoded + session_mgr = get_session_mgr() session_cookie = session_mgr.generate_cookie('/ipa', session_data['session_id'], session_data['session_expiration_timestamp']) headers.append(('Set-Cookie', session_cookie)) @@ -576,6 +577,7 @@ class KerberosSession(object): krb_expiration = krb_endtime - krb_ticket_expiration_threshold # Set the session expiration time + session_mgr = get_session_mgr() session_mgr.set_session_expiration_time(session_data, duration=self.session_auth_duration, max_age=krb_expiration, @@ -587,6 +589,7 @@ class KerberosSession(object): headers = [] # Retrieve the session data (or newly create) + session_mgr = get_session_mgr() session_data = session_mgr.load_session_data(environ.get('HTTP_COOKIE')) session_id = session_data['session_id'] @@ -752,6 +755,7 @@ class jsonserver_session(jsonserver, KerberosSession): super(jsonserver_session, self).__init__(api) name = '{0}_{1}'.format(self.__class__.__name__, id(self)) auth_mgr = AuthManagerKerb(name) + session_mgr = get_session_mgr() session_mgr.auth_mgr.register(auth_mgr.name, auth_mgr) def _on_finalize(self): @@ -775,6 +779,7 @@ class jsonserver_session(jsonserver, KerberosSession): self.debug('WSGI jsonserver_session.__call__:') # Load the session data + session_mgr = get_session_mgr() session_data = session_mgr.load_session_data(environ.get('HTTP_COOKIE')) session_id = session_data['session_id'] @@ -1211,6 +1216,7 @@ class xmlserver_session(xmlserver, KerberosSession): super(xmlserver_session, self).__init__(api) name = '{0}_{1}'.format(self.__class__.__name__, id(self)) auth_mgr = AuthManagerKerb(name) + session_mgr = get_session_mgr() session_mgr.auth_mgr.register(auth_mgr.name, auth_mgr) def _on_finalize(self): @@ -1234,6 +1240,7 @@ class xmlserver_session(xmlserver, KerberosSession): self.debug('WSGI xmlserver_session.__call__:') # Load the session data + session_mgr = get_session_mgr() session_data = session_mgr.load_session_data(environ.get('HTTP_COOKIE')) session_id = session_data['session_id'] diff --git a/ipaserver/session.py b/ipaserver/session.py index 35eb554b4..11cc39f73 100644 --- a/ipaserver/session.py +++ b/ipaserver/session.py @@ -1275,4 +1275,11 @@ def release_ipa_ccache(ccache_name): else: raise ValueError('ccache scheme "%s" unsupported (%s)', scheme, ccache_name) -session_mgr = MemcacheSessionManager() +_session_mgr = None + + +def get_session_mgr(): + global _session_mgr + if _session_mgr is None: + _session_mgr = MemcacheSessionManager() + return _session_mgr |