You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by da...@apache.org on 2017/03/10 21:56:39 UTC
kudu git commit: [macOS] fix security test failures
Repository: kudu
Updated Branches:
refs/heads/master 5759a08d3 -> c5ec0ddb0
[macOS] fix security test failures
Change-Id: I5c4d464edc09f41151f95ad2f0e694f2bc00b0f0
Reviewed-on: http://gerrit.cloudera.org:8080/6346
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <as...@cloudera.com>
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/c5ec0ddb
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/c5ec0ddb
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/c5ec0ddb
Branch: refs/heads/master
Commit: c5ec0ddb01da87de4a037a4879a4ef92c434930f
Parents: 5759a08
Author: Dan Burkert <da...@apache.org>
Authored: Fri Mar 10 12:46:18 2017 -0800
Committer: Dan Burkert <da...@apache.org>
Committed: Fri Mar 10 21:56:19 2017 +0000
----------------------------------------------------------------------
src/kudu/rpc/client_negotiation.cc | 2 +-
src/kudu/rpc/connection.cc | 2 +-
src/kudu/rpc/rpc-test.cc | 8 +++++++-
src/kudu/security/init.cc | 28 ++++------------------------
4 files changed, 13 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/c5ec0ddb/src/kudu/rpc/client_negotiation.cc
----------------------------------------------------------------------
diff --git a/src/kudu/rpc/client_negotiation.cc b/src/kudu/rpc/client_negotiation.cc
index 1a8906f..35bafd6 100644
--- a/src/kudu/rpc/client_negotiation.cc
+++ b/src/kudu/rpc/client_negotiation.cc
@@ -527,7 +527,7 @@ Status ClientNegotiation::AuthenticateByToken(faststring* recv_buf) {
}
Status ClientNegotiation::SendSaslInitiate() {
- TRACE("Initiating SASL $0 handshake", negotiated_mech_);
+ TRACE("Initiating SASL $0 handshake", SaslMechanism::name_of(negotiated_mech_));
// At this point we've already chosen the SASL mechanism to use
// (negotiated_mech_), but we need to let the SASL library know. SASL likes to
http://git-wip-us.apache.org/repos/asf/kudu/blob/c5ec0ddb/src/kudu/rpc/connection.cc
----------------------------------------------------------------------
diff --git a/src/kudu/rpc/connection.cc b/src/kudu/rpc/connection.cc
index 809abe5..66aecd2 100644
--- a/src/kudu/rpc/connection.cc
+++ b/src/kudu/rpc/connection.cc
@@ -143,7 +143,7 @@ void Connection::Shutdown(const Status &status) {
if (inbound_ && inbound_->TransferStarted()) {
double secs_since_active =
(reactor_thread_->cur_time() - last_activity_time_).ToSeconds();
- LOG(WARNING) << "Shutting down connection " << ToString() << " with pending inbound data ("
+ LOG(WARNING) << "Shutting down " << ToString() << " with pending inbound data ("
<< inbound_->StatusAsString() << ", last active "
<< HumanReadableElapsedTime::ToShortString(secs_since_active)
<< " ago, status=" << status.ToString() << ")";
http://git-wip-us.apache.org/repos/asf/kudu/blob/c5ec0ddb/src/kudu/rpc/rpc-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/rpc/rpc-test.cc b/src/kudu/rpc/rpc-test.cc
index d707a50..f1b9a3a 100644
--- a/src/kudu/rpc/rpc-test.cc
+++ b/src/kudu/rpc/rpc-test.cc
@@ -337,7 +337,13 @@ TEST_P(TestRpc, TestRpcSidecarLimits) {
request, &resp, &controller);
ASSERT_TRUE(status.IsNetworkError()) << "Unexpected error: " << status.ToString();
// Remote responds to extra-large payloads by closing the connection.
- ASSERT_STR_CONTAINS(status.ToString(), "Connection reset by peer");
+ ASSERT_STR_MATCHES(status.ToString(),
+ // Linux
+ "Connection reset by peer"
+ // macOS, while reading from socket.
+ "|got EOF from remote"
+ // macOS, while writing to socket.
+ "|Protocol wrong type for socket");
}
}
http://git-wip-us.apache.org/repos/asf/kudu/blob/c5ec0ddb/src/kudu/security/init.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/init.cc b/src/kudu/security/init.cc
index fb27f40..294a96b 100644
--- a/src/kudu/security/init.cc
+++ b/src/kudu/security/init.cc
@@ -364,29 +364,6 @@ Status GetConfiguredPrincipal(string* principal) {
*principal = p;
return Status::OK();
}
-
-// macOS's Heimdal library has a no-op implementation of
-// krb5_aname_to_localname, so instead this does a crude approximation by
-// grabbing the username from the principal.
-#ifdef __APPLE__
-// Grabs the username from a krb5 principal, and writes it to the provided
-// buffer with a null terminator.
-krb5_error_code principal_to_username(krb5_const_principal princ,
- int len,
- char* buf) {
- if (princ->length == 0) {
- return KRB5_LNAME_NOTRANS;
- }
- auto username = princ->data[0];
- if (username.length + 1 > len) {
- return KRB5_CONFIG_NOTENUFSPACE;
- }
- // Copy username and a trailing null byte.
- memcpy(buf, username.data, username.length);
- username.data[username.length + 1] = 0;
- return 0;
-}
-#endif
} // anonymous namespace
@@ -420,7 +397,10 @@ Status MapPrincipalToLocalName(const std::string& principal, std::string* local_
#ifndef __APPLE__
rc = krb5_aname_to_localname(g_krb5_ctx, princ, arraysize(buf), buf);
#else
- rc = principal_to_username(princ, arraysize(buf), buf);
+ // macOS's Heimdal library has a no-op implementation of
+ // krb5_aname_to_localname, so instead we fall down to below and grab the
+ // first component of the principal.
+ rc = KRB5_LNAME_NOTRANS;
#endif
if (rc == KRB5_LNAME_NOTRANS) {
// No name mapping specified. We fall back to simply taking the first component