Insure removal of session on identity change

If we are changing identiy (different principal) insure we remove the session cookie stored on the rpc context so that we do not mistakenly connect with the previous identity credentials. https://fedorahosted.org/freeipa/ticket/6543 Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2017-02-14 07:16:54 -0500
committer: Simo Sorce <simo@redhat.com> 2017-02-14 17:38:23 -0500
commit: ea0e7cffc70099237e2de455df28953468aad679 (patch)
tree: 4e7b39d377f38cc067268bc01a7ec67f5541610c
parent: 83ff0b98c979bc3d1623209fdd228510c6eba01d (diff)
download: freeipa-ea0e7cffc70099237e2de455df28953468aad679.tar.gz
freeipa-ea0e7cffc70099237e2de455df28953468aad679.tar.xz
freeipa-ea0e7cffc70099237e2de455df28953468aad679.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index c8a67a104..31ed64e24 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -903,6 +903,12 @@ class RPCClient(Connectible):
         try:
             rpc_uri = self.env[self.env_rpc_uri_key]
             principal = get_principal(ccache_name=ccache)
+            stored_principal = getattr(context, 'principal', None)
+            if principal != stored_principal:
+                try:
+                    delattr(context, 'session_cookie')
+                except AttributeError:
+                    pass
             setattr(context, 'principal', principal)
             # We have a session cookie, try using the session URI to see if it
             # is still valid
author	Simo Sorce <simo@redhat.com>	2017-02-14 07:16:54 -0500
committer	Simo Sorce <simo@redhat.com>	2017-02-14 17:38:23 -0500
commit	ea0e7cffc70099237e2de455df28953468aad679 (patch)
tree	4e7b39d377f38cc067268bc01a7ec67f5541610c
parent	83ff0b98c979bc3d1623209fdd228510c6eba01d (diff)
download	freeipa-ea0e7cffc70099237e2de455df28953468aad679.tar.gz freeipa-ea0e7cffc70099237e2de455df28953468aad679.tar.xz freeipa-ea0e7cffc70099237e2de455df28953468aad679.zip