Michael Ho created IMPALA-7504:
----------------------------------
Summary: ParseKerberosPrincipal() should use krb5_parse_name()
instead
Key: IMPALA-7504
URL: https://issues.apache.org/jira/browse/IMPALA-7504
Project: IMPALA
Issue Type: Improvement
Components: Security
Affects Versions: Impala 2.12.0, Impala 3.0
Reporter: Michael Ho
Assignee: Michael Ho
[~tlipcon] pointed out during code review that we should be using
krb5_parse_name() to parse the principal instead of creating our own
bq. I wonder whether we should just be using krb5_parse_name here instead of
implementing our own parsing? According to
[http://web.mit.edu/kerberos/krb5-1.15/doc/appdev/refs/api/krb5_parse_name.html]
there are various escapings, etc, that this function isn't currently
supporting.
We currently do the following to parse the principal:
{noformat}
vector<string> names;
split(names, principal, is_any_of("/"));
if (names.size() != 2) return Status(TErrorCode::BAD_PRINCIPAL_FORMAT,
principal);
*service_name = names[0];
string remaining_principal = names[1];
split(names, remaining_principal, is_any_of("@"));
if (names.size() != 2) return Status(TErrorCode::BAD_PRINCIPAL_FORMAT,
principal);
{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
