Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7585

Always set user credentials after creating a KRPC proxy

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Impala 3.0, Impala 2.12.0
    • Fix Version/s: Impala 3.1.0
    • Component/s: Distributed Exec
    • Labels:
      None

      Description

      kudu::rpc::Proxy ctor may fail in GetLoggedInUser() for various reason:

      Error calling getpwuid_r(): No such file or directory (error 2). 
      

      This resulted in an empty user name being used in kudu::rpc::ConnectionId. With plaintext SASL (e.g. in an insecure Impala cluster), this may result in the following error:

      Not authorized: Client connection negotiation failed: client connection to 127.0.0.1:27000: SASL(-1): generic failure: All-whitespace username.
      

      While one can argue that Kudu should fall back to some default username (e.g. "cpp-client") when GetLoggedInUserName() fails, it may have non-trivial consequence (e.g. generating an authn token with some random username on one machine while using the real user name on another machine). Therefore, it's best for Impala to explicitly set the user credentials (impala/<some-hostname>) after creating the proxy.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kwho Michael Ho
                Reporter:
                kwho Michael Ho
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: