diff options
| author | Simo Sorce <simo@redhat.com> | 2017-03-06 18:47:56 -0500 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2017-03-09 08:43:49 -0500 |
| commit | c1ae93acad645c7725041cc10bf14b10fb94533c (patch) | |
| tree | 45e7775ae4eccdcd038362619a963d00c9fe152c /ipalib | |
| parent | 5cb98496aa2e1e190219cf2f4a6208a38fa368d5 (diff) | |
| download | freeipa-ccachesess.tar.gz freeipa-ccachesess.tar.xz freeipa-ccachesess.zip | |
Store session cookie in a ccache optionccachesess
Instead of using the kernel keyring, store the session cookie within the
ccache. This way kdestroy will really wipe away all credentials.
Ticket: https://pagure.io/freeipa/issue/6661
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/rpc.py | 27 |
1 files changed, 5 insertions, 22 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 8d1bba5a8..3a589cb52 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -56,7 +56,7 @@ from ipalib import errors, capabilities from ipalib.request import context, Connection from ipapython.ipa_log_manager import root_logger from ipapython import ipautil -from ipapython import kernel_keyring +from ipapython import session_storage from ipapython.cookie import Cookie from ipapython.dnsutil import DNSName from ipalib.text import _ @@ -84,19 +84,11 @@ if six.PY3: unicode = str COOKIE_NAME = 'ipa_session' -KEYRING_COOKIE_NAME = '%s_cookie:%%s' % COOKIE_NAME +CCACHE_COOKIE_KEY = 'X-IPA-Session-Cookie' errors_by_code = dict((e.errno, e) for e in public_errors) -def client_session_keyring_keyname(principal): - ''' - Return the key name used for storing the client session data for - the given principal. - ''' - - return KEYRING_COOKIE_NAME % principal - def update_persistent_client_session_data(principal, data): ''' Given a principal create or update the session data for that @@ -106,13 +98,10 @@ def update_persistent_client_session_data(principal, data): ''' try: - keyname = client_session_keyring_keyname(principal) + session_storage.store_data(principal, CCACHE_COOKIE_KEY, data) except Exception as e: raise ValueError(str(e)) - # kernel_keyring only raises ValueError (why??) - kernel_keyring.update_key(keyname, data) - def read_persistent_client_session_data(principal): ''' Given a principal return the stored session data for that @@ -122,13 +111,10 @@ def read_persistent_client_session_data(principal): ''' try: - keyname = client_session_keyring_keyname(principal) + return session_storage.get_data(principal, CCACHE_COOKIE_KEY) except Exception as e: raise ValueError(str(e)) - # kernel_keyring only raises ValueError (why??) - return kernel_keyring.read_key(keyname) - def delete_persistent_client_session_data(principal): ''' Given a principal remove the session data for that @@ -138,13 +124,10 @@ def delete_persistent_client_session_data(principal): ''' try: - keyname = client_session_keyring_keyname(principal) + session_storage.remove_data(principal, CCACHE_COOKIE_KEY) except Exception as e: raise ValueError(str(e)) - # kernel_keyring only raises ValueError (why??) - kernel_keyring.del_key(keyname) - def xml_wrap(value, version): """ Wrap all ``str`` in ``xmlrpc.client.Binary``. |