kudu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ale...@apache.org
Subject kudu git commit: security: only lookup hostname if _HOST substitution is required
Date Fri, 18 Aug 2017 19:25:27 GMT
Repository: kudu
Updated Branches:
  refs/heads/master ecfcb3121 -> f9a8cd909


security: only lookup hostname if _HOST substitution is required

The Kerberos principal configuration uses the special token '_HOST' to
indicate that the FQDN of the host should be specified. Previously we
would always lookup the FQDN even if the substitution was not required,
which might mean that startup would fail if there was no FQDN available,
even if no _HOST substitution was required.

Now, we only lookup the FQDN if FLAGS_principal contains the
substitution token. This provides the possibility of a workaround of
explicit principal configuration on machines with no FQDN.

Change-Id: I5de8647d6cf63ea70d880fa530fa289e8bae24fe
Reviewed-on: http://gerrit.cloudera.org:8080/7694
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <aserbin@cloudera.com>


Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/f9a8cd90
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/f9a8cd90
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/f9a8cd90

Branch: refs/heads/master
Commit: f9a8cd9098e3fa753ebef26305e7f803b5198ac6
Parents: ecfcb31
Author: Todd Lipcon <todd@apache.org>
Authored: Wed Aug 16 19:12:44 2017 -0700
Committer: Alexey Serbin <aserbin@cloudera.com>
Committed: Fri Aug 18 19:23:38 2017 +0000

----------------------------------------------------------------------
 src/kudu/security/init.cc | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kudu/blob/f9a8cd90/src/kudu/security/init.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/init.cc b/src/kudu/security/init.cc
index 7306b69..721c16f 100644
--- a/src/kudu/security/init.cc
+++ b/src/kudu/security/init.cc
@@ -389,14 +389,17 @@ Status KinitContext::Kinit(const string& keytab_path, const string&
principal) {
 
 Status GetConfiguredPrincipal(string* principal) {
   string p = FLAGS_principal;
-  string hostname;
-  // Try to fill in either the FQDN or hostname.
-  if (!GetFQDN(&hostname).ok()) {
-    RETURN_NOT_OK(GetHostname(&hostname));
+  const auto& kHostToken = "_HOST";
+  if (p.find(kHostToken) != string::npos) {
+    string hostname;
+    // Try to fill in either the FQDN or hostname.
+    if (!GetFQDN(&hostname).ok()) {
+      RETURN_NOT_OK(GetHostname(&hostname));
+    }
+    // Hosts in principal names are canonicalized to lower-case.
+    std::transform(hostname.begin(), hostname.end(), hostname.begin(), tolower);
+    GlobalReplaceSubstring(kHostToken, hostname, &p);
   }
-  // Hosts in principal names are canonicalized to lower-case.
-  std::transform(hostname.begin(), hostname.end(), hostname.begin(), tolower);
-  GlobalReplaceSubstring("_HOST", hostname, &p);
   *principal = p;
   return Status::OK();
 }


Mime
View raw message