Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id E8E95200C81 for ; Fri, 26 May 2017 18:27:08 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id E78D3160BC8; Fri, 26 May 2017 16:27:08 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 39CCF160BAF for ; Fri, 26 May 2017 18:27:08 +0200 (CEST) Received: (qmail 19612 invoked by uid 500); 26 May 2017 16:27:07 -0000 Mailing-List: contact dev-help@phoenix.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@phoenix.apache.org Delivered-To: mailing list dev@phoenix.apache.org Received: (qmail 19600 invoked by uid 99); 26 May 2017 16:27:07 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 26 May 2017 16:27:07 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 071851AF9F3 for ; Fri, 26 May 2017 16:27:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id j-CDAimyB6O8 for ; Fri, 26 May 2017 16:27:06 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 99A9960D67 for ; Fri, 26 May 2017 16:27:05 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id CEF3EE0DAF for ; Fri, 26 May 2017 16:27:04 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 3CDCB21B5E for ; Fri, 26 May 2017 16:27:04 +0000 (UTC) Date: Fri, 26 May 2017 16:27:04 +0000 (UTC) From: "Josh Elser (JIRA)" To: dev@phoenix.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (PHOENIX-3891) ConnectionQueryServices leak on auto-Kerberos-login without REALM in URL MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 26 May 2017 16:27:09 -0000 Josh Elser created PHOENIX-3891: ----------------------------------- Summary: ConnectionQueryServices leak on auto-Kerberos-login without REALM in URL Key: PHOENIX-3891 URL: https://issues.apache.org/jira/browse/PHOENIX-3891 Project: Phoenix Issue Type: Bug Reporter: Josh Elser Assignee: Josh Elser Priority: Critical Fix For: 4.11.0 PHOENIX-3189 fixed some logic in construction of a {{ConnectionInfo}} to, when requested by the user, perform the Kerberos login and then construct and cache the ConnectionInfo->ConnectionQueryServices pair. This approach only works when the principal that the user provides in the JDBC url is exactly what UGI returns as the short name. Logically equivalent principals will result in re-logging in each time and leaking ConnectionQueryService instances (and thus HConnection and ZooKeeper objects). For example, with Kerberos principals there is a default realm which is implied by krb5.conf when not explicitly provided. Thus: {{elserj}} and {{elserj@APACHE}} would be considered logically equivalent (when the default realm is "APACHE"). We should expand the {{isSameName}} check in ConnectionInfo to be a bit smarter. -- This message was sent by Atlassian JIRA (v6.3.15#6346)