hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naveen Gangam (Jira)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-22874) Beeline unable to use credentials from URL.
Date Wed, 12 Feb 2020 05:50:00 GMT

     [ https://issues.apache.org/jira/browse/HIVE-22874?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Naveen Gangam updated HIVE-22874:
---------------------------------
    Status: Patch Available  (was: Open)

This issue also existed with the JDBC clients not just beeline. There was another area of
code that has an issue.
https://github.com/apache/hive/blob/master/jdbc/src/java/org/apache/hive/jdbc/Utils.java#L382

This pattern attempts to parse key value pairs in the URL. The first regex grouping is supposed
to find the key value in (key=value) format. So everything before the first "=" is the key,
then a "=" and then a value optionally followed by a ";".

So by definition, a key cannot contain a "=" in it. However, values can contain "=" (for certain
properties like passwords.

The problem with the current regex is that it matches the last "=" because of the first grouping
(any character except ";")
"([^;]*)=([^;]*)[;]?"

So if you have key/value pairs like
key=value===== (value is "value=====")
key======value (value is "=====value")
key=val==ue (value is "val==ue")

the regex groupings return (corresponding to input above)
key is "key=value====" value = ""
key is "key=====" value is "value"
key is "key=val=" value is "ue"

so instead the regex should consider everything before the first "=" as key and the rest until
the end or a ";" as the value of the key.

Attached is patch that does that.

> Beeline unable to use credentials from URL.
> -------------------------------------------
>
>                 Key: HIVE-22874
>                 URL: https://issues.apache.org/jira/browse/HIVE-22874
>             Project: Hive
>          Issue Type: Bug
>          Components: Beeline
>            Reporter: Naveen Gangam
>            Assignee: Naveen Gangam
>            Priority: Minor
>             Fix For: 4.0.0
>
>         Attachments: HIVE-22874.patch
>
>
> Beeline is not using password value from the URL. 
> Using LDAP Auth in this case, so the failure is on connect.
> bin/beeline -u "jdbc:hive2://localhost:10000/default;user=test1;password=test1" 
> On the server side in LdapAuthenticator, the principals come out to (via a special debug
logging)
> 2020-02-11T11:10:31,613  INFO [HiveServer2-Handler-Pool: Thread-67] auth.LdapAuthenticationProviderImpl:
Connecting to ldap as user/password:test1:anonymous
> This bug may have been introduced via
> https://github.com/apache/hive/commit/749e831060381a8ae4775630efb72d5cd040652f
> pass = "" ( an empty string on this line) 
> https://github.com/apache/hive/blob/master/beeline/src/java/org/apache/hive/beeline/BeeLine.java#L848
> but on this line of code, it checks to see it is null which will not be true and hence
it never picks up from the jdbc url
> https://github.com/apache/hive/blob/master/beeline/src/java/org/apache/hive/beeline/BeeLine.java#L900
> It has another chance here but pass != null will always be true and never goes into the
else condition.
> https://github.com/apache/hive/blob/master/beeline/src/java/org/apache/hive/beeline/BeeLine.java#L909



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message