Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-1195

SASL authorizedID being incorrectly set: should use getHostName() rather than getServiceName()

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.4.0
    • 3.4.0
    • None
    • None
    • One-line fix for bug identified by Tom Klonikowski

    Description

      Tom Klonikowski writes:

      Hello developers,

      the SaslServerCallbackHandler in trunk changes the principal name
      service/host@REALM to service/service@REALM (i guess unintentionally).

      lines 131-133:
      if (!removeHost() && (kerberosName.getHostName() != null))

      { userName += "/" + kerberosName.getServiceName(); }

      Server Log:

      SaslServerCallbackHandler@115] - Successfully authenticated client:
      authenticationID=fetcher/ubook@QUINZOO;
      authorizationID=fetcher/ubook@QUINZOO.

      SaslServerCallbackHandler@137] - Setting authorizedID:
      fetcher/fetcher@QUINZOO

      Attachments

        1. SaslAuthNamingTest.java
          4 kB
          Tom Klonikowski
        2. ZOOKEEPER-1195.patch
          1 kB
          Eugene Joseph Koontz

        Issue Links

          Activity

            People

              ekoontz Eugene Joseph Koontz
              ekoontz Eugene Joseph Koontz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: