Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7585

Always set user credentials after creating a KRPC proxy

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • Impala 3.0, Impala 2.12.0
    • Impala 3.1.0
    • Distributed Exec
    • None

    Description

      kudu::rpc::Proxy ctor may fail in GetLoggedInUser() for various reason:

      Error calling getpwuid_r(): No such file or directory (error 2).

      This resulted in an empty user name being used in kudu::rpc::ConnectionId. With plaintext SASL (e.g. in an insecure Impala cluster), this may result in the following error:

      Not authorized: Client connection negotiation failed: client connection to 127.0.0.1:27000: SASL(-1): generic failure: All-whitespace username.

      While one can argue that Kudu should fall back to some default username (e.g. "cpp-client") when GetLoggedInUserName() fails, it may have non-trivial consequence (e.g. generating an authn token with some random username on one machine while using the real user name on another machine). Therefore, it's best for Impala to explicitly set the user credentials (impala/<some-hostname>) after creating the proxy.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. KUDU-2579 Failure in GetLoggedInUser() may cause a RPC client to fail negotiation

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Activity

            People

              kwho Michael Ho
              kwho Michael Ho
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: