Re: [Freeipa-devel] [PATCH 60] Implement session support in server, Manage sessions in WSGI

[John Dennis]

This patch is self NAK'ed because it's contents have been rolled into 
the rebased patch


freeipa-jdennis-0061-1-add-session-manager-and-cache-krb-auth.patch

--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 60] Implement session support in server, Manage sessions in WSGI

[John Dennis]

On 01/12/2012 05:37 PM, Rob Crittenden wrote:

John Dennis wrote:

This patch adds the ipalib/session.py file which implements a cookie
based session cache using memcached.

It also invokes the session cookie support when a HTTP request is
received and stores the session data in the per-thread context object.



ACK.

It might be handy to have a way to get the cache stats and potentially
drop a given entry. Something to think about for the future.


It's trival to get the cache stats on the server:

import ipalib.session
print session_mgr.get_server_statistics()

Or do you mean get the stats as an ipa command?

The next patch which will follow in a little bit does include a method 
to delete a cache entry, that's used when a ticket expires.



--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 60] Implement session support in server, Manage sessions in WSGI

[Rob Crittenden]

John Dennis wrote:

This patch adds the ipalib/session.py file which implements a cookie
based session cache using memcached.

It also invokes the session cookie support when a HTTP request is
received and stores the session data in the per-thread context object.



ACK.

It might be handy to have a way to get the cache stats and potentially 
drop a given entry. Something to think about for the future.


rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH 60] Implement session support in server, Manage sessions in WSGI

[John Dennis]

This patch adds the ipalib/session.py file which implements a cookie 
based session cache using memcached.


It also invokes the session cookie support when a HTTP request is 
received and stores the session data in the per-thread context object.


--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
>From 342039e65fa4f085e7800a01d569603e99c0e9d7 Mon Sep 17 00:00:00 2001
From: John Dennis 
Date: Wed, 14 Dec 2011 15:21:25 -0500
Subject: [PATCH 60] Implement session support in server Manage sessions in
 WSGI
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

---
 ipalib/session.py  |  309 
 ipaserver/rpcserver.py |   13 ++
 make-lint  |2 +
 3 files changed, 324 insertions(+), 0 deletions(-)
 create mode 100644 ipalib/session.py

diff --git a/ipalib/session.py b/ipalib/session.py
new file mode 100644
index 000..69dc636
--- /dev/null
+++ b/ipalib/session.py
@@ -0,0 +1,309 @@
+# Authors: John Dennis 
+#
+# Copyright (C) 2011  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+
+import memcache
+import Cookie
+import random
+import errors
+import re
+from text import _
+from ipapython.ipa_log_manager import *
+
+class SessionManager(object):
+def __init__(self):
+log_mgr.get_logger(self, True)
+self.generated_session_ids = set()
+
+def generate_session_id(self, n_bits=48):
+'''
+Return a random string to be used as a session id.
+
+This implementation creates a string of hexadecimal digits.
+There is no guarantee of uniqueness, it is the caller's
+responsibility to validate the returned id is not currently in
+use.
+
+:parameters:
+  n_bits
+number of bits of random data, will be rounded to next
+highest multiple of 4 
+:returns:
+  string of random hexadecimal digits
+'''
+# round up to multiple of 4
+n_bits = (n_bits + 3) & ~3
+session_id = '%0*x' % (n_bits >> 2, random.getrandbits(n_bits))
+return session_id
+
+def new_session_id(self, max_retries=5):
+'''
+Returns a new *unique* session id. See `generate_session_id()`
+for how the session id's are formulated.
+
+The scope of the uniqueness of the id is limited to id's
+generated by this instance of the `SessionManager`.
+
+:parameters:
+  max_retries
+Maximum number of attempts to produce a unique id.
+:returns:
+  Unique session id as a string.
+'''
+n_retries = 0
+while n_retries < max_retries:
+session_id = self.generate_session_id()
+if not session_id in self.generated_session_ids:
+break
+n_retries += 1
+if n_retries >= max_retries:
+self.error('could not allocate unique new session_id, %d retries exhausted', n_retries)
+raise errors.ExecutionError(message=_('could not allocate unique new session_id'))
+self.generated_session_ids.add(session_id)
+return session_id
+
+
+class MemcacheSessionManager(SessionManager):
+memcached_socket_path = '/var/run/ipa_memcached/ipa_memcached'
+session_cookie_name = 'ipa_session'
+mc_server_stat_name_re = re.compile(r'(.+)\s+\((\d+)\)')
+
+def __init__(self):
+super(MemcacheSessionManager, self).__init__()
+self.servers = ['unix:%s' % self.memcached_socket_path]
+self.mc = memcache.Client(self.servers, debug=0)
+
+if not self.servers_running():
+self.warning("session memcached servers not running")
+
+def get_server_statistics(self):
+'''
+Return memcached server statistics.
+
+Return value is a dict whose keys are server names and whose
+value is a dict of key/value statistics as returned by the
+memcached server.
+
+:returns:
+  dict of server names, each value is dict of key/value server
+  statistics.
+
+'''
+result = {} 
+stats = self.mc.get_stats() 
+for server in stats: