You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Michael Ho (JIRA)" <ji...@apache.org> on 2018/08/28 23:52:00 UTC

[jira] [Created] (IMPALA-7504) ParseKerberosPrincipal() should use krb5_parse_name() instead

Michael Ho created IMPALA-7504:
----------------------------------

             Summary: ParseKerberosPrincipal() should use krb5_parse_name() instead
                 Key: IMPALA-7504
                 URL: https://issues.apache.org/jira/browse/IMPALA-7504
             Project: IMPALA
          Issue Type: Improvement
          Components: Security
    Affects Versions: Impala 2.12.0, Impala 3.0
            Reporter: Michael Ho
            Assignee: Michael Ho


[~tlipcon] pointed out during code review that we should be using krb5_parse_name() to parse the principal instead of creating our own

bq. I wonder whether we should just be using krb5_parse_name here instead of implementing our own parsing? According to [http://web.mit.edu/kerberos/krb5-1.15/doc/appdev/refs/api/krb5_parse_name.html] there are various escapings, etc, that this function isn't currently supporting.

We currently do the following to parse the principal:

{noformat}
  vector<string> names;

  split(names, principal, is_any_of("/"));
  if (names.size() != 2) return Status(TErrorCode::BAD_PRINCIPAL_FORMAT, principal);
  *service_name = names[0];

  string remaining_principal = names[1];
  split(names, remaining_principal, is_any_of("@"));
  if (names.size() != 2) return Status(TErrorCode::BAD_PRINCIPAL_FORMAT, principal);
{noformat}




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org