Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7504

ParseKerberosPrincipal() should use krb5_parse_name() instead

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: Impala 3.0, Impala 2.12.0
    • Fix Version/s: Impala 3.4.0
    • Component/s: Security
    • Labels:

      Description

      Todd Lipcon pointed out during code review that we should be using krb5_parse_name() to parse the principal instead of creating our own

      I wonder whether we should just be using krb5_parse_name here instead of implementing our own parsing? According to http://web.mit.edu/kerberos/krb5-1.15/doc/appdev/refs/api/krb5_parse_name.html there are various escapings, etc, that this function isn't currently supporting.

      We currently do the following to parse the principal:

        vector<string> names;
      
        split(names, principal, is_any_of("/"));
        if (names.size() != 2) return Status(TErrorCode::BAD_PRINCIPAL_FORMAT, principal);
        *service_name = names[0];
      
        string remaining_principal = names[1];
        split(names, remaining_principal, is_any_of("@"));
        if (names.size() != 2) return Status(TErrorCode::BAD_PRINCIPAL_FORMAT, principal);
      

        Attachments

          Activity

            People

            • Assignee:
              Xiaomeng Zhang Xiaomeng Zhang
              Reporter:
              kwho Michael Ho
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: