You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by gr...@apache.org on 2019/11/01 16:24:52 UTC

[kudu] branch master updated: KUDU-2989. Work around SASL bug when FQDN is >=64 characters

This is an automated email from the ASF dual-hosted git repository.

granthenke pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/master by this push:
     new 111b137  KUDU-2989. Work around SASL bug when FQDN is >=64 characters
111b137 is described below

commit 111b13775193820b3e3551368fe00a8f00387007
Author: Todd Lipcon <to...@apache.org>
AuthorDate: Thu Oct 31 22:24:10 2019 -0700

    KUDU-2989. Work around SASL bug when FQDN is >=64 characters
    
    This adds a workaround for an upstream SASL bug which is triggered when
    the FQDN has more than 64 characters. In this case, SASL would truncate
    the FQDN and not be able to find the relevant keytab.
    
    The workaround simply uses our own code to determine the FQDN.
    
    Change-Id: I4898814f2f7ab87151798336414dde7078d28a4a
    Reviewed-on: http://gerrit.cloudera.org:8080/14609
    Reviewed-by: Anurag Mantripragada <an...@cloudera.com>
    Reviewed-by: Adar Dembo <ad...@cloudera.com>
    Tested-by: Kudu Jenkins
---
 src/kudu/rpc/server_negotiation.cc | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/kudu/rpc/server_negotiation.cc b/src/kudu/rpc/server_negotiation.cc
index 04e08b1..d56282f 100644
--- a/src/kudu/rpc/server_negotiation.cc
+++ b/src/kudu/rpc/server_negotiation.cc
@@ -388,12 +388,25 @@ Status ServerNegotiation::InitSaslServer() {
   unsigned secflags = 0;
 
   sasl_conn_t* sasl_conn = nullptr;
+
+  const char* server_fqdn = helper_.server_fqdn();
+  // If not explicitly set, use the host's FQDN here.
+  // SASL handles this itself if we pass null, but in a buggy way[1] that fails
+  // if the FQDN is >64 characters.
+  //
+  // [1] https://github.com/cyrusimap/cyrus-sasl/issues/583
+  string default_server_fqdn;
+  if (!server_fqdn) {
+    RETURN_NOT_OK_PREPEND(GetFQDN(&default_server_fqdn), "could not determine own FQDN");
+    server_fqdn = default_server_fqdn.c_str();
+  }
+
   RETURN_NOT_OK_PREPEND(WrapSaslCall(nullptr /* no conn */, [&]() {
       return sasl_server_new(
           // Registered name of the service using SASL. Required.
           sasl_proto_name_.c_str(),
           // The fully qualified domain name of this server.
-          helper_.server_fqdn(),
+          server_fqdn,
           // Permits multiple user realms on server. NULL == use default.
           nullptr,
           // Local and remote IP address strings. We don't use any mechanisms