hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naveen Gangam (Jira)" <>
Subject [jira] [Updated] (HIVE-22874) Beeline unable to use credentials from URL.
Date Wed, 12 Feb 2020 05:50:00 GMT


Naveen Gangam updated HIVE-22874:
    Status: Patch Available  (was: Open)

This issue also existed with the JDBC clients not just beeline. There was another area of
code that has an issue.

This pattern attempts to parse key value pairs in the URL. The first regex grouping is supposed
to find the key value in (key=value) format. So everything before the first "=" is the key,
then a "=" and then a value optionally followed by a ";".

So by definition, a key cannot contain a "=" in it. However, values can contain "=" (for certain
properties like passwords.

The problem with the current regex is that it matches the last "=" because of the first grouping
(any character except ";")

So if you have key/value pairs like
key=value===== (value is "value=====")
key======value (value is "=====value")
key=val==ue (value is "val==ue")

the regex groupings return (corresponding to input above)
key is "key=value====" value = ""
key is "key=====" value is "value"
key is "key=val=" value is "ue"

so instead the regex should consider everything before the first "=" as key and the rest until
the end or a ";" as the value of the key.

Attached is patch that does that.

> Beeline unable to use credentials from URL.
> -------------------------------------------
>                 Key: HIVE-22874
>                 URL:
>             Project: Hive
>          Issue Type: Bug
>          Components: Beeline
>            Reporter: Naveen Gangam
>            Assignee: Naveen Gangam
>            Priority: Minor
>             Fix For: 4.0.0
>         Attachments: HIVE-22874.patch
> Beeline is not using password value from the URL. 
> Using LDAP Auth in this case, so the failure is on connect.
> bin/beeline -u "jdbc:hive2://localhost:10000/default;user=test1;password=test1" 
> On the server side in LdapAuthenticator, the principals come out to (via a special debug
> 2020-02-11T11:10:31,613  INFO [HiveServer2-Handler-Pool: Thread-67] auth.LdapAuthenticationProviderImpl:
Connecting to ldap as user/password:test1:anonymous
> This bug may have been introduced via
> pass = "" ( an empty string on this line) 
> but on this line of code, it checks to see it is null which will not be true and hence
it never picks up from the jdbc url
> It has another chance here but pass != null will always be true and never goes into the
else condition.

This message was sent by Atlassian Jira

View raw message