hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas Nair" <the...@hortonworks.com>
Subject Re: Review Request 20578: HIVE-6957 - SQL authorization does not work with HS2 binary mode and Kerberos auth
Date Fri, 25 Apr 2014 00:36:10 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/20578/
-----------------------------------------------------------

(Updated April 25, 2014, 12:36 a.m.)


Review request for hive, Ashutosh Chauhan and Vaibhav Gumashta.


Changes
-------

HIVE-6957.4.patch - rename the abstract base test class to *Test.java


Bugs: HIVE-6957
    https://issues.apache.org/jira/browse/HIVE-6957


Repository: hive-git


Description
-------

In HiveServer2, when Kerberos auth and binary transport modes are used, the user name that
gets passed on to authorization is the long kerberos username.
The username that is used in grant/revoke statements tend to be the short usernames.
This also fails in authorizing statements that involve URI, as the authorization mode checks
the file system permissions for given user. It does not recognize that the given long username
actually owns the file or belongs to the group that owns the file.


Diffs (updated)
-----

  itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/JdbcWithMiniKdcSQLAuthTest.java
PRE-CREATION 
  itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/MiniHiveKdc.java f7ec93d 
  itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java 62bfa1e

  itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdcSQLAuthBinary.java
PRE-CREATION 
  itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdcSQLAuthHttp.java
PRE-CREATION 
  itests/hive-unit/src/main/java/org/apache/hive/jdbc/miniHS2/MiniHS2.java d08bfde 
  itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestSSL.java 7b85b97 
  shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
9e296de 

Diff: https://reviews.apache.org/r/20578/diff/


Testing
-------

Unit test included.


Thanks,

Thejas Nair


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message