Fix the webgui to allocate a new IPAClient for each request.

ipa-server/ipa-gui/ipagui/subcontrollers/group.py

@@ -1,4 +1,3 @@
-import os
 from pickle import dumps, loads
 from base64 import b64encode, b64decode
 
@@ -12,15 +11,11 @@ from turbogears import identity
 
 from ipacontroller import IPAController
 import ipa.config
-import ipa.ipaclient
 import ipa.group
 from ipa.entity import utf8_encode_values
 from ipa import ipaerror
 import ipagui.forms.group
 
-ipa.config.init_config()
-client = ipa.ipaclient.IPAClient(True)
-
 group_new_form = ipagui.forms.group.GroupNewForm()
 group_edit_form = ipagui.forms.group.GroupEditForm()
 
@@ -45,7 +40,7 @@ class GroupController(IPAController):
         if tg_errors:
             turbogears.flash("There was a problem with the form!")
 
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
 
         return dict(form=group_new_form, group={})
 
@@ -54,7 +49,7 @@ class GroupController(IPAController):
     def create(self, **kw):
         """Creates a new group"""
         self.restrict_post()
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
 
         if kw.get('submit') == 'Cancel':
             turbogears.flash("Add group cancelled")
@@ -135,7 +130,8 @@ class GroupController(IPAController):
     def edit_search(self, **kw):
         """Searches for users+groups and displays list of results in a table.
            This method is used for the ajax search on the group edit page."""
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         users = []
         groups = []
         counter = 0
@@ -170,7 +166,8 @@ class GroupController(IPAController):
         if tg_errors:
             turbogears.flash("There was a problem with the form!")
 
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         try:
             group = client.get_group_by_cn(cn, group_fields)
 
@@ -216,7 +213,8 @@ class GroupController(IPAController):
     def update(self, **kw):
         """Updates an existing group"""
         self.restrict_post()
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         if kw.get('submit') == 'Cancel Edit':
             turbogears.flash("Edit group cancelled")
             raise turbogears.redirect('/group/show', cn=kw.get('cn'))
@@ -321,7 +319,8 @@ class GroupController(IPAController):
     @identity.require(identity.not_anonymous())
     def list(self, **kw):
         """Search for groups and display results"""
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         groups = None
         # counter = 0
         criteria = kw.get('criteria')
@@ -344,7 +343,8 @@ class GroupController(IPAController):
     @identity.require(identity.not_anonymous())
     def show(self, cn):
         """Retrieve a single group for display"""
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         try:
             group = client.get_group_by_cn(cn, group_fields)
             group_dict = group.toDict()

ipa-server/ipa-gui/ipagui/subcontrollers/ipacontroller.py

@@ -1,3 +1,5 @@
+import os
+
 import cherrypy
 import turbogears
 from turbogears import controllers, expose, flash
@@ -6,12 +8,22 @@ from turbogears import widgets, paginate
 from turbogears import error_handler
 from turbogears import identity
 
+import ipa.ipaclient
+import ipa.config
+
+ipa.config.init_config()
+
 class IPAController(controllers.Controller):
     def restrict_post(self):
         if cherrypy.request.method != "POST":
             turbogears.flash("This method only accepts posts")
             raise turbogears.redirect("/")
 
+    def get_ipaclient(self):
+        client = ipa.ipaclient.IPAClient(True)
+        client.set_krbccache(os.environ["KRB5CCNAME"])
+        return client
+
     def utf8_encode(self, value):
         if value != None:
             value = value.encode('utf-8')

ipa-server/ipa-gui/ipagui/subcontrollers/user.py

@@ -1,4 +1,3 @@
-import os
 import re
 import random
 from pickle import dumps, loads
@@ -13,16 +12,11 @@ from turbogears import error_handler
 from turbogears import identity
 
 from ipacontroller import IPAController
-import ipa.config
-import ipa.ipaclient
 import ipa.user
 from ipa.entity import utf8_encode_values
 from ipa import ipaerror
 import ipagui.forms.user
 
-ipa.config.init_config()
-client = ipa.ipaclient.IPAClient(True)
-
 password_chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
 
 user_new_form = ipagui.forms.user.UserNewForm()
@@ -50,7 +44,8 @@ class UserController(IPAController):
     def create(self, **kw):
         """Creates a new user"""
         self.restrict_post()
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         if kw.get('submit') == 'Cancel':
             turbogears.flash("Add user cancelled")
             raise turbogears.redirect('/user/list')
@@ -171,7 +166,8 @@ class UserController(IPAController):
     def edit_search(self, **kw):
         """Searches for groups and displays list of results in a table.
            This method is used for the ajax search on the user edit page."""
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         groups = []
         groups_counter = 0
         searchlimit = 100
@@ -196,7 +192,8 @@ class UserController(IPAController):
         if tg_errors:
             turbogears.flash("There was a problem with the form!")
 
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         try:
             user = client.get_user_by_uid(uid, user_fields)
             user_dict = user.toDict()
@@ -225,7 +222,8 @@ class UserController(IPAController):
     def update(self, **kw):
         """Updates an existing user"""
         self.restrict_post()
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         if kw.get('submit') == 'Cancel Edit':
             turbogears.flash("Edit user cancelled")
             raise turbogears.redirect('/user/show', uid=kw.get('uid'))
@@ -376,7 +374,8 @@ class UserController(IPAController):
     @identity.require(identity.not_anonymous())
     def list(self, **kw):
         """Searches for users and displays list of results"""
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         users = None
         counter = 0
         uid = kw.get('uid')
@@ -399,7 +398,8 @@ class UserController(IPAController):
     @identity.require(identity.not_anonymous())
     def show(self, uid):
         """Retrieve a single user for display"""
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         try:
             user = client.get_user_by_uid(uid, user_fields)
             user_groups = client.get_groups_by_member(user.dn, ['cn'])
@@ -453,7 +453,8 @@ class UserController(IPAController):
         if (len(givenname) == 0) or (len(sn) == 0):
             return ""
 
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         givenname = givenname.lower()
         sn = sn.lower()
 
@@ -503,7 +504,8 @@ class UserController(IPAController):
         if (len(givenname) == 0) or (len(sn) == 0):
             return ""
 
-        client.set_krbccache(os.environ["KRB5CCNAME"])
+        client = self.get_ipaclient()
+
         givenname = givenname.lower()
         sn = sn.lower()