ZooKeeper
  1. ZooKeeper
  2. ZOOKEEPER-1195

SASL authorizedID being incorrectly set: should use getHostName() rather than getServiceName()

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.4.0
    • Fix Version/s: 3.4.0
    • Component/s: None
    • Labels:
      None
    • Release Note:
      One-line fix for bug identified by Tom Klonikowski

      Description

      Tom Klonikowski writes:

      Hello developers,

      the SaslServerCallbackHandler in trunk changes the principal name
      service/host@REALM to service/service@REALM (i guess unintentionally).

      lines 131-133:
      if (!removeHost() && (kerberosName.getHostName() != null))

      { userName += "/" + kerberosName.getServiceName(); }

      Server Log:

      SaslServerCallbackHandler@115] - Successfully authenticated client:
      authenticationID=fetcher/ubook@QUINZOO;
      authorizationID=fetcher/ubook@QUINZOO.

      SaslServerCallbackHandler@137] - Setting authorizedID:
      fetcher/fetcher@QUINZOO

      1. ZOOKEEPER-1195.patch
        1 kB
        Eugene Koontz
      2. SaslAuthNamingTest.java
        4 kB
        Tom Klonikowski

        Issue Links

          Activity

          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12495235/ZOOKEEPER-1195.patch
          against trunk revision 1172406.

          +1 @author. The patch does not contain any @author tags.

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed core unit tests.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/569//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/569//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/569//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12495235/ZOOKEEPER-1195.patch against trunk revision 1172406. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/569//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/569//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/569//console This message is automatically generated.
          Hide
          Eugene Koontz added a comment -

          Please justify why no new tests are needed for this patch.

          Please see
          https://issues.apache.org/jira/browse/ZOOKEEPER-1196

          This bug is to address the current lack of testing for Kerberos principal parsing.

          Show
          Eugene Koontz added a comment - Please justify why no new tests are needed for this patch. Please see https://issues.apache.org/jira/browse/ZOOKEEPER-1196 This bug is to address the current lack of testing for Kerberos principal parsing.
          Hide
          Tom Klonikowski added a comment -

          Proposal for a naming test

          Show
          Tom Klonikowski added a comment - Proposal for a naming test
          Hide
          Tom Klonikowski added a comment -

          I started writing a test. The attached version is missing an auth_to_local rule to become independent from/not interfere with local default krb-config. Maybe its useful though.

          Show
          Tom Klonikowski added a comment - I started writing a test. The attached version is missing an auth_to_local rule to become independent from/not interfere with local default krb-config. Maybe its useful though.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12495333/SaslAuthNamingTest.java
          against trunk revision 1172406.

          +1 @author. The patch does not contain any @author tags.

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          -1 patch. The patch command could not apply the patch.

          Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/571//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12495333/SaslAuthNamingTest.java against trunk revision 1172406. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. -1 patch. The patch command could not apply the patch. Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/571//console This message is automatically generated.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12495340/SaslAuthNamingTest.java
          against trunk revision 1172406.

          +1 @author. The patch does not contain any @author tags.

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          -1 patch. The patch command could not apply the patch.

          Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/572//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12495340/SaslAuthNamingTest.java against trunk revision 1172406. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. -1 patch. The patch command could not apply the patch. Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/572//console This message is automatically generated.
          Hide
          Eugene Koontz added a comment -

          Hi Tom,
          I tried your tests; they look good to me, but you need to submit this as a patch to the existing source tree. I can show you how to do this using Git if you want. Also I think it would be better to add these tests to https://issues.apache.org/jira/browse/ZOOKEEPER-1196.

          Show
          Eugene Koontz added a comment - Hi Tom, I tried your tests; they look good to me, but you need to submit this as a patch to the existing source tree. I can show you how to do this using Git if you want. Also I think it would be better to add these tests to https://issues.apache.org/jira/browse/ZOOKEEPER-1196 .
          Hide
          Eugene Koontz added a comment -

          Thomas Koch's cleanup fix (https://reviews.apache.org/r/2017/) incorporates this.

          Show
          Eugene Koontz added a comment - Thomas Koch's cleanup fix ( https://reviews.apache.org/r/2017/ ) incorporates this.
          Hide
          Mahadev konar added a comment -

          Eugene,
          Should we just incorporate ZOOKEEPER-1201 into 3.4? What do you think?

          Show
          Mahadev konar added a comment - Eugene, Should we just incorporate ZOOKEEPER-1201 into 3.4? What do you think?
          Hide
          Eugene Koontz added a comment -

          Hi Mahadev,
          +1!
          -Eugene

          Show
          Eugene Koontz added a comment - Hi Mahadev, +1! -Eugene
          Hide
          Mahadev konar added a comment -

          Fixed via ZOOKEEPER-1201.

          Show
          Mahadev konar added a comment - Fixed via ZOOKEEPER-1201 .

            People

            • Assignee:
              Eugene Koontz
              Reporter:
              Eugene Koontz
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development