hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From do...@apache.org
Subject hive git commit: HIVE-11498: HIVE Authorization v2 should not check permission for dummy entity (Dapeng Sun via Dong Chen)
Date Tue, 11 Aug 2015 03:17:26 GMT
Repository: hive
Updated Branches:
  refs/heads/branch-1.2 abb308617 -> 7ad22e164


HIVE-11498: HIVE Authorization v2 should not check permission for dummy entity (Dapeng Sun
via Dong Chen)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/7ad22e16
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/7ad22e16
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/7ad22e16

Branch: refs/heads/branch-1.2
Commit: 7ad22e16432f12134dbbe87c12281f7bfa445005
Parents: abb3086
Author: Dapeng Sun <sdp@apache.org>
Authored: Tue Aug 11 00:56:13 2015 -0400
Committer: Dong Chen <dong1.chen@intel.com>
Committed: Tue Aug 11 01:46:02 2015 -0400

----------------------------------------------------------------------
 ql/src/java/org/apache/hadoop/hive/ql/Driver.java        |  5 ++++-
 .../queries/clientpositive/authorization_1_sql_std.q     |  4 ++++
 .../results/clientpositive/authorization_1_sql_std.q.out | 11 +++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/7ad22e16/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
index 847d9a1..50af8ff 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
@@ -788,7 +788,10 @@ public class Driver implements CommandProcessor {
     for(Entity privObject : privObjects){
       HivePrivilegeObjectType privObjType =
           AuthorizationUtils.getHivePrivilegeObjectType(privObject.getType());
-
+      if(privObject.isDummy()) {
+        //do not authorize dummy readEntity or writeEntity
+        continue;
+      }
       if(privObject instanceof ReadEntity && !((ReadEntity)privObject).isDirect()){
         // In case of views, the underlying views or tables are not direct dependencies
         // and are not used for authorization checks.

http://git-wip-us.apache.org/repos/asf/hive/blob/7ad22e16/ql/src/test/queries/clientpositive/authorization_1_sql_std.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_1_sql_std.q b/ql/src/test/queries/clientpositive/authorization_1_sql_std.q
index 82896a4..b7b6710 100644
--- a/ql/src/test/queries/clientpositive/authorization_1_sql_std.q
+++ b/ql/src/test/queries/clientpositive/authorization_1_sql_std.q
@@ -6,6 +6,10 @@ set user.name=hive_admin_user;
 create table src_autho_test (key STRING, value STRING) ;
 
 set hive.security.authorization.enabled=true;
+
+--select dummy table
+select 1;
+
 set  role ADMIN; 
 --table grant to user
 

http://git-wip-us.apache.org/repos/asf/hive/blob/7ad22e16/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out b/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out
index 44c2fbd..2315fd4 100644
--- a/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out
+++ b/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out
@@ -6,6 +6,17 @@ POSTHOOK: query: create table src_autho_test (key STRING, value STRING)
 POSTHOOK: type: CREATETABLE
 POSTHOOK: Output: database:default
 POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: --select dummy table
+select 1
+PREHOOK: type: QUERY
+PREHOOK: Input: _dummy_database@_dummy_table
+#### A masked pattern was here ####
+POSTHOOK: query: --select dummy table
+select 1
+POSTHOOK: type: QUERY
+POSTHOOK: Input: _dummy_database@_dummy_table
+#### A masked pattern was here ####
+1
 PREHOOK: query: set  role ADMIN
 PREHOOK: type: SHOW_ROLES
 POSTHOOK: query: set  role ADMIN


Mime
View raw message