[IMPALA-7504] ParseKerberosPrincipal() should use krb5_parse_name() instead - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: Impala 3.0, Impala 2.12.0
Fix Version/s: Impala 3.4.0
Component/s: Security
Labels:
- ramp-up

Target Version:

Product Backlog
Epic Color:
ghx-label-3

Description

tlipcon pointed out during code review that we should be using krb5_parse_name() to parse the principal instead of creating our own

I wonder whether we should just be using krb5_parse_name here instead of implementing our own parsing? According to http://web.mit.edu/kerberos/krb5-1.15/doc/appdev/refs/api/krb5_parse_name.html there are various escapings, etc, that this function isn't currently supporting.

We currently do the following to parse the principal:

  vector<string> names;

  split(names, principal, is_any_of("/"));
  if (names.size() != 2) return Status(TErrorCode::BAD_PRINCIPAL_FORMAT, principal);
  *service_name = names[0];

  string remaining_principal = names[1];
  split(names, remaining_principal, is_any_of("@"));
  if (names.size() != 2) return Status(TErrorCode::BAD_PRINCIPAL_FORMAT, principal);

Attachments

Activity

People

Assignee:: Xiaomeng Zhang

Reporter:: Michael Ho

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 28/Aug/18 23:51

Updated:: 30/Oct/19 18:17

Resolved:: 30/Oct/19 18:08