You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Na Li (JIRA)" <ji...@apache.org> on 2019/01/13 05:29:00 UTC

[jira] [Created] (SENTRY-2486) Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode

Na Li created SENTRY-2486:
-----------------------------

             Summary: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
                 Key: SENTRY-2486
                 URL: https://issues.apache.org/jira/browse/SENTRY-2486
             Project: Sentry
          Issue Type: Bug
          Components: Sentry
    Affects Versions: 2.2.0
            Reporter: Na Li
            Assignee: Na Li


In insecure mode, the current login user name is passed from Sentry to HMS server when sentry HMSFollower gets full snapshot from HMS. 

The user name should be "sentry" instead of current login user.

The followiong code shows how current login user name is used when subject is null.

In UserGroupInformation, if the context does not have subject, the getLoginUser()

  @Public
  @Evolving
  public static UserGroupInformation getCurrentUser() throws IOException {
    AccessControlContext context = AccessController.getContext();
    Subject subject = Subject.getSubject(context);
    return subject != null && !subject.getPrincipals(User.class).isEmpty() ? new UserGroupInformation(subject) : getLoginUser();
  }

This issue should not happen in production because secure mode is always used. Insecure mode is only used in test.




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)