You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@impala.apache.org by "Tamas Mate (Code Review)" <ge...@cloudera.org> on 2021/12/07 15:14:40 UTC

[Impala-ASF-CR] IMPALA-11042: Escape special characters in LDAP filters

Tamas Mate has uploaded a new patch set (#5). ( http://gerrit.cloudera.org:8080/18068 )

Change subject: IMPALA-11042: Escape special characters in LDAP filters
......................................................................

IMPALA-11042: Escape special characters in LDAP filters

The LDAP filter specification assigns special meaning to the following
characters: '*', '(', ')', '\', 'NUL'. These 5 characters should be
represented with their ASCII characters in LDAP filters. (RFC 4516)
Impala allows '{0}' and '{1}' notations, these patterns will be replaced
dynamically during runtime, the '{0}' is replaced with the login
username, while '{1}' is replaced with the DN of the login user. This DN
is obtained through an LDAP Search.

This commit handles the escaping of the dynamically obtained properties
(username/DN) in LDAP filters according to RFC-4516. Impala should be
configured with a properly escaped filters apart from these properties.

Example DN in directory service:
  cn=Ldap\, (Test6*),ou=Users2,dc=myorg,dc=com
Example DN used in filter:
  cn=Ldap\5C, \28Test6\2A\29,ou=Users2,dc=myorg,dc=com

Testing:
 - Added a custom cluster unti test
 - Tested the behaviour manually with OpenLDAP and Active Directory

Change-Id: Ic82e8fc0ff8bbe687632db177385f467dd200dbb
---
M be/src/util/ldap-search-bind.cc
M be/src/util/ldap-search-bind.h
M fe/src/test/java/org/apache/impala/customcluster/LdapSearchBindImpalaShellTest.java
M fe/src/test/java/org/apache/impala/testutil/LdapUtil.java
M fe/src/test/resources/users.ldif
5 files changed, 78 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/68/18068/5
-- 
To view, visit http://gerrit.cloudera.org:8080/18068
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ic82e8fc0ff8bbe687632db177385f467dd200dbb
Gerrit-Change-Number: 18068
Gerrit-PatchSet: 5
Gerrit-Owner: Tamas Mate <tm...@cloudera.com>
Gerrit-Reviewer: Csaba Ringhofer <cs...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Reviewer: Laszlo Gaal <la...@cloudera.com>
Gerrit-Reviewer: Tamas Mate <tm...@cloudera.com>