Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7504

ParseKerberosPrincipal() should use krb5_parse_name() instead

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • Impala 3.0, Impala 2.12.0
    • Impala 3.4.0
    • Security

    Description

      tlipcon pointed out during code review that we should be using krb5_parse_name() to parse the principal instead of creating our own

      I wonder whether we should just be using krb5_parse_name here instead of implementing our own parsing? According to http://web.mit.edu/kerberos/krb5-1.15/doc/appdev/refs/api/krb5_parse_name.html there are various escapings, etc, that this function isn't currently supporting.

      We currently do the following to parse the principal:

        vector<string> names;

  split(names, principal, is_any_of("/"));
  if (names.size() != 2) return Status(TErrorCode::BAD_PRINCIPAL_FORMAT, principal);
  *service_name = names[0];

  string remaining_principal = names[1];
  split(names, remaining_principal, is_any_of("@"));
  if (names.size() != 2) return Status(TErrorCode::BAD_PRINCIPAL_FORMAT, principal);

      Attachments

        Activity

          People

            Xiaomeng Zhang Xiaomeng Zhang
            kwho Michael Ho
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: