You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by da...@apache.org on 2017/03/10 21:56:39 UTC

kudu git commit: [macOS] fix security test failures

Repository: kudu
Updated Branches:
  refs/heads/master 5759a08d3 -> c5ec0ddb0


[macOS] fix security test failures

Change-Id: I5c4d464edc09f41151f95ad2f0e694f2bc00b0f0
Reviewed-on: http://gerrit.cloudera.org:8080/6346
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <as...@cloudera.com>


Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/c5ec0ddb
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/c5ec0ddb
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/c5ec0ddb

Branch: refs/heads/master
Commit: c5ec0ddb01da87de4a037a4879a4ef92c434930f
Parents: 5759a08
Author: Dan Burkert <da...@apache.org>
Authored: Fri Mar 10 12:46:18 2017 -0800
Committer: Dan Burkert <da...@apache.org>
Committed: Fri Mar 10 21:56:19 2017 +0000

----------------------------------------------------------------------
 src/kudu/rpc/client_negotiation.cc |  2 +-
 src/kudu/rpc/connection.cc         |  2 +-
 src/kudu/rpc/rpc-test.cc           |  8 +++++++-
 src/kudu/security/init.cc          | 28 ++++------------------------
 4 files changed, 13 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kudu/blob/c5ec0ddb/src/kudu/rpc/client_negotiation.cc
----------------------------------------------------------------------
diff --git a/src/kudu/rpc/client_negotiation.cc b/src/kudu/rpc/client_negotiation.cc
index 1a8906f..35bafd6 100644
--- a/src/kudu/rpc/client_negotiation.cc
+++ b/src/kudu/rpc/client_negotiation.cc
@@ -527,7 +527,7 @@ Status ClientNegotiation::AuthenticateByToken(faststring* recv_buf) {
 }
 
 Status ClientNegotiation::SendSaslInitiate() {
-  TRACE("Initiating SASL $0 handshake", negotiated_mech_);
+  TRACE("Initiating SASL $0 handshake", SaslMechanism::name_of(negotiated_mech_));
 
   // At this point we've already chosen the SASL mechanism to use
   // (negotiated_mech_), but we need to let the SASL library know. SASL likes to

http://git-wip-us.apache.org/repos/asf/kudu/blob/c5ec0ddb/src/kudu/rpc/connection.cc
----------------------------------------------------------------------
diff --git a/src/kudu/rpc/connection.cc b/src/kudu/rpc/connection.cc
index 809abe5..66aecd2 100644
--- a/src/kudu/rpc/connection.cc
+++ b/src/kudu/rpc/connection.cc
@@ -143,7 +143,7 @@ void Connection::Shutdown(const Status &status) {
   if (inbound_ && inbound_->TransferStarted()) {
     double secs_since_active =
         (reactor_thread_->cur_time() - last_activity_time_).ToSeconds();
-    LOG(WARNING) << "Shutting down connection " << ToString() << " with pending inbound data ("
+    LOG(WARNING) << "Shutting down " << ToString() << " with pending inbound data ("
                  << inbound_->StatusAsString() << ", last active "
                  << HumanReadableElapsedTime::ToShortString(secs_since_active)
                  << " ago, status=" << status.ToString() << ")";

http://git-wip-us.apache.org/repos/asf/kudu/blob/c5ec0ddb/src/kudu/rpc/rpc-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/rpc/rpc-test.cc b/src/kudu/rpc/rpc-test.cc
index d707a50..f1b9a3a 100644
--- a/src/kudu/rpc/rpc-test.cc
+++ b/src/kudu/rpc/rpc-test.cc
@@ -337,7 +337,13 @@ TEST_P(TestRpc, TestRpcSidecarLimits) {
         request, &resp, &controller);
     ASSERT_TRUE(status.IsNetworkError()) << "Unexpected error: " << status.ToString();
     // Remote responds to extra-large payloads by closing the connection.
-    ASSERT_STR_CONTAINS(status.ToString(), "Connection reset by peer");
+    ASSERT_STR_MATCHES(status.ToString(),
+                       // Linux
+                       "Connection reset by peer"
+                       // macOS, while reading from socket.
+                       "|got EOF from remote"
+                       // macOS, while writing to socket.
+                       "|Protocol wrong type for socket");
   }
 }
 

http://git-wip-us.apache.org/repos/asf/kudu/blob/c5ec0ddb/src/kudu/security/init.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/init.cc b/src/kudu/security/init.cc
index fb27f40..294a96b 100644
--- a/src/kudu/security/init.cc
+++ b/src/kudu/security/init.cc
@@ -364,29 +364,6 @@ Status GetConfiguredPrincipal(string* principal) {
   *principal = p;
   return Status::OK();
 }
-
-// macOS's Heimdal library has a no-op implementation of
-// krb5_aname_to_localname, so instead this does a crude approximation by
-// grabbing the username from the principal.
-#ifdef __APPLE__
-// Grabs the username from a krb5 principal, and writes it to the provided
-// buffer with a null terminator.
-krb5_error_code principal_to_username(krb5_const_principal princ,
-                                      int len,
-                                      char* buf) {
-  if (princ->length == 0) {
-    return KRB5_LNAME_NOTRANS;
-  }
-  auto username = princ->data[0];
-  if (username.length + 1 > len) {
-    return KRB5_CONFIG_NOTENUFSPACE;
-  }
-  // Copy username and a trailing null byte.
-  memcpy(buf, username.data, username.length);
-  username.data[username.length + 1] = 0;
-  return 0;
-}
-#endif
 } // anonymous namespace
 
 
@@ -420,7 +397,10 @@ Status MapPrincipalToLocalName(const std::string& principal, std::string* local_
 #ifndef __APPLE__
   rc = krb5_aname_to_localname(g_krb5_ctx, princ, arraysize(buf), buf);
 #else
-  rc = principal_to_username(princ, arraysize(buf), buf);
+  // macOS's Heimdal library has a no-op implementation of
+  // krb5_aname_to_localname, so instead we fall down to below and grab the
+  // first component of the principal.
+  rc = KRB5_LNAME_NOTRANS;
 #endif
   if (rc == KRB5_LNAME_NOTRANS) {
     // No name mapping specified. We fall back to simply taking the first component