Skip to content

Commit

Permalink
[Kerberos] Use canonical host name (#32588)
Browse files Browse the repository at this point in the history
The Apache Http components support for Spnego scheme
uses canonical name by default.
Also when resolving host name, on centos by default
there are other aliases so adding them to the
DelegationPermission.

Closes#32498
  • Loading branch information
bizybot authored and Yogesh Gaikwad committed Aug 6, 2018
1 parent 19ebab1 commit f102836
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 2 deletions.
2 changes: 1 addition & 1 deletion x-pack/qa/kerberos-tests/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ Object httpPrincipal = new Object() {
@Override
String toString() {
InetAddress resolvedAddress = InetAddress.getByName('127.0.0.1')
return "HTTP/" + resolvedAddress.getHostName()
return "HTTP/" + resolvedAddress.getCanonicalHostName()
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ public void testSoDoesNotFailWithNoTests() {
protected HttpHost buildHttpHost(String host, int port) {
try {
InetAddress inetAddress = InetAddress.getByName(host);
return super.buildHttpHost(inetAddress.getHostName(), port);
return super.buildHttpHost(inetAddress.getCanonicalHostName(), port);
} catch (UnknownHostException e) {
assumeNoException("failed to resolve host [" + host + "]", e);
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
grant {
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/localhost@BUILD.ELASTIC.CO\" \"krbtgt/BUILD.ELASTIC.CO@BUILD.ELASTIC.CO\"";
permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/localhost.localdomain@BUILD.ELASTIC.CO\" \"krbtgt/BUILD.ELASTIC.CO@BUILD.ELASTIC.CO\"";
permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/localhost4@BUILD.ELASTIC.CO\" \"krbtgt/BUILD.ELASTIC.CO@BUILD.ELASTIC.CO\"";
permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/localhost4.localdomain4@BUILD.ELASTIC.CO\" \"krbtgt/BUILD.ELASTIC.CO@BUILD.ELASTIC.CO\"";
};

0 comments on commit f102836

Please sign in to comment.