[Impala-ASF-CR] IMPALA-7585: Always set user credentials after creating RPC proxy

Wed, 19 Sep 2018 13:18:02 -0700 

Michael Ho has uploaded this change for review. ( 
http://gerrit.cloudera.org:8080/11477


Change subject: IMPALA-7585: Always set user credentials after creating RPC 
proxy
......................................................................

IMPALA-7585: Always set user credentials after creating RPC proxy

kudu::rpc::Proxy() ctor may fail in GetLoggedInUser() for various reasons
(e.g. missing certain libraries). This resulted in an empty username being
used in kudu::rpc::ConnectionId. With plaintext SASL (e.g. in an insecure
Impala cluster), this may result in the following error during connection
negotiation:

Not authorized: Client connection negotiation failed: client connection to 
127.0.0.1:27000: SASL(-1): generic failure: All-whitespace username.

In Impala, we don't consider failing GetLoggedInUser() a fatal error.
This change fixes the issue above by always explicitly setting the
username after creating the proxy. The username is "impala". Please
note that this username is not really used anywhere for authorization
for RPC services. Authorization is only done when authentication is
enabled with Kerberos. With Kerberos enabled, the username is derived
from the Kerberos principal instead of the user credentials set in
the ConnectionId. It's there mostly to satisfy the SASL plaintext case.

rpc-mgr-test has been updated to test for this string when Kerberos is
disabled.

Testing done: core test; rpc-mgr-test; rpc-mgr-kerberized-test

Change-Id: I75059f55bcdb8f95916610100cad4d8280daf3f6
---
M be/src/exec/kudu-util.h
M be/src/rpc/rpc-mgr-test.h
M be/src/rpc/rpc-mgr.inline.h
3 files changed, 16 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/77/11477/1
--
To view, visit http://gerrit.cloudera.org:8080/11477
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I75059f55bcdb8f95916610100cad4d8280daf3f6
Gerrit-Change-Number: 11477
Gerrit-PatchSet: 1
Gerrit-Owner: Michael Ho <[email protected]>

Reply via email to