diff options
author | Simo Sorce <simo@redhat.com> | 2017-02-14 07:16:54 -0500 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-02-15 07:13:37 +0100 |
commit | e4d462ad53597fd5410aa4e94a57bb15b92a3f13 (patch) | |
tree | ae7dfabc2090e36a09b259e8afa1f18c11a31653 | |
parent | 09c92e2bc1ca9db5b73d5ab8483b42dbd6b9a0e9 (diff) | |
download | freeipa-e4d462ad53597fd5410aa4e94a57bb15b92a3f13.tar.gz freeipa-e4d462ad53597fd5410aa4e94a57bb15b92a3f13.tar.xz freeipa-e4d462ad53597fd5410aa4e94a57bb15b92a3f13.zip |
Insure removal of session on identity change
If we are changing identiy (different principal) insure we remove the
session cookie stored on the rpc context so that we do not mistakenly
connect with the previous identity credentials.
https://fedorahosted.org/freeipa/ticket/6543
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
-rw-r--r-- | ipalib/rpc.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py index c8a67a104..31ed64e24 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -903,6 +903,12 @@ class RPCClient(Connectible): try: rpc_uri = self.env[self.env_rpc_uri_key] principal = get_principal(ccache_name=ccache) + stored_principal = getattr(context, 'principal', None) + if principal != stored_principal: + try: + delattr(context, 'session_cookie') + except AttributeError: + pass setattr(context, 'principal', principal) # We have a session cookie, try using the session URI to see if it # is still valid |