[Impala-ASF-CR] IMPALA-11942: Restrict trusted domain=localhost to 127.0.0.1 by default

Wed, 15 Mar 2023 16:25:55 -0700 

Hello Impala Public Jenkins,

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/19607

to look at the new patch set (#3).

Change subject: IMPALA-11942: Restrict trusted_domain=localhost to 127.0.0.1 by 
default
......................................................................

IMPALA-11942: Restrict trusted_domain=localhost to 127.0.0.1 by default

The trusted_domain startup parameter uses reverse DNS to determine
if a connection is coming from a trusted domain. For
trusted_domain=localhost, reverse DNS can be unreliable, because
some non-local IP ranges map to localhost. This can also cause
issues with our test cases. In some test environments (Ubuntu 20.04
on AWS), IP addresses like 127.23.0.1 resolve to localhost.

This adds a new startup option trusted_domain_strict_localhost,
which defaults to true. When true, Impala does not do a reverse
DNS request to determine if an IP address is localhost. Instead,
it compares to 127.0.0.1 directly. When false, localhost uses
the same reverse DNS logic as before.

Testing:
 - Modified the existing trusted_domain tests to test with
   trusted_domain_strict_localhost=true and false.
 - Ubuntu 20.04 tests pass on an AWS machine.

Change-Id: I5915cdd812d461366a421a739c18afecef44fb5b
---
M be/src/rpc/authentication-util.cc
M be/src/rpc/authentication-util.h
M be/src/rpc/authentication.cc
M be/src/util/webserver.cc
M fe/src/test/java/org/apache/impala/customcluster/LdapHS2Test.java
M fe/src/test/java/org/apache/impala/customcluster/LdapWebserverTest.java
6 files changed, 82 insertions(+), 18 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/07/19607/3
--
To view, visit http://gerrit.cloudera.org:8080/19607
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I5915cdd812d461366a421a739c18afecef44fb5b
Gerrit-Change-Number: 19607
Gerrit-PatchSet: 3
Gerrit-Owner: Joe McDonnell <joemcdonn...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com>

Reply via email to