[SENTRY-2486] Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.0
Fix Version/s: 2.2.0
Component/s: Sentry
Labels:
None

Description

In insecure mode, the current login user name is passed from Sentry to HMS server when sentry HMSFollower gets full snapshot from HMS.

The user name should be "sentry" instead of current login user.

The followiong code shows how current login user name is used when subject is null.

In UserGroupInformation, if the context does not have subject, the getLoginUser() is used as user name

@Public
@Evolving
public static UserGroupInformation getCurrentUser() throws IOException

{ AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); return subject != null && !subject.getPrincipals(User.class).isEmpty() ? new UserGroupInformation(subject) : getLoginUser(); }

This issue should not happen in production because secure mode is always used. Insecure mode is only used in test.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-2486.002.patch
28/Jan/19 18:21
7 kB
Na Li
SENTRY-2486.001.patch
25/Jan/19 20:25
8 kB
Na Li
SENTRY-2486.001.patch
25/Jan/19 21:12
8 kB
Na Li

Issue Links

links to

Review Link for this case

Activity

People

Assignee:: Na Li

Reporter:: Na Li

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Jan/19 05:28

Updated:: 02/Jan/20 17:08

Resolved:: 30/Jan/19 16:31