protected boolean authorizeUserPriv(Privilege[] inputRequiredPriv, boolean[] inputCheck, Privilege[] outputRequiredPriv, boolean[] outputCheck) throws HiveException { PrincipalPrivilegeSet privileges = hive_db.get_privilege_set( HiveObjectType.GLOBAL, null, null, null, null, this.getAuthenticator() .getUserName(), this.getAuthenticator().getGroupNames()); return authorizePrivileges(privileges, inputRequiredPriv, inputCheck, outputRequiredPriv, outputCheck); }
@Override public List<HivePrivilegeObject> filterListCmdObjects(List<HivePrivilegeObject> listObjs, HiveAuthzContext context) { if (LOG.isDebugEnabled()) { String msg = "Obtained following objects in filterListCmdObjects " + listObjs + " for user " + authenticator.getUserName() + ". Context Info: " + context; LOG.debug(msg); } return listObjs; }
private List<String> getGroupNames() { SessionState ss = SessionState.get(); if (ss != null && ss.getAuthenticator() != null) { return ss.getAuthenticator().getGroupNames(); } return null; }
authenticator = HiveUtils.getAuthenticator(sessionConf, HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER); authenticator.setSessionState(this);
@Override public List<HivePrivilegeObject> filterListCmdObjects(List<HivePrivilegeObject> listObjs, HiveAuthzContext context) { if (LOG.isDebugEnabled()) { String msg = "Obtained following objects in filterListCmdObjects " + listObjs + " for user " + authenticator.getUserName() + ". Context Info: " + context; LOG.debug(msg); } return listObjs; }
private List<String> getGroupNames() { SessionState ss = SessionState.get(); if (ss != null && ss.getAuthenticator() != null) { return ss.getAuthenticator().getGroupNames(); } return null; }
authenticator = HiveUtils.getAuthenticator(sessionConf, HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER); authenticator.setSessionState(this);
protected boolean authorizeUserPriv(Privilege[] inputRequiredPriv, boolean[] inputCheck, Privilege[] outputRequiredPriv, boolean[] outputCheck) throws HiveException { PrincipalPrivilegeSet privileges = hive_db.get_privilege_set( HiveObjectType.GLOBAL, null, null, null, null, this.getAuthenticator() .getUserName(), this.getAuthenticator().getGroupNames()); return authorizePrivileges(privileges, inputRequiredPriv, inputCheck, outputRequiredPriv, outputCheck); }
/** * (Re-)initialize currentRoleNames if necessary. * @throws HiveAuthzPluginException */ private void initUserRoles() throws HiveAuthzPluginException { //to aid in testing through .q files, authenticator is passed as argument to // the interface. this helps in being able to switch the user within a session. // so we need to check if the user has changed String newUserName = authenticator.getUserName(); if (Objects.equals(currentUserName, newUserName)) { //no need to (re-)initialize the currentUserName, currentRoles fields return; } this.currentUserName = newUserName; this.currentRoles = getRolesFromMS(); LOG.info("Current user : " + currentUserName + ", Current Roles : " + currentRoles); }
public static List<String> getGroupsFromAuthenticator() { if (SessionState.get() != null && SessionState.get().getAuthenticator() != null) { return SessionState.get().getAuthenticator().getGroupNames(); } return null; }
SessionState.start(ss); authenticator.setSessionState(ss);
.getAuthenticator().getUserName(), this.getAuthenticator() .getGroupNames());
/** * (Re-)initialize currentRoleNames if necessary. * @throws HiveAuthzPluginException */ private void initUserRoles() throws HiveAuthzPluginException { //to aid in testing through .q files, authenticator is passed as argument to // the interface. this helps in being able to switch the user within a session. // so we need to check if the user has changed String newUserName = authenticator.getUserName(); if(currentUserName == newUserName){ //no need to (re-)initialize the currentUserName, currentRoles fields return; } this.currentUserName = newUserName; this.currentRoles = getRolesFromMS(); LOG.info("Current user : " + currentUserName + ", Current Roles : " + currentRoles); }
/** * Test that the groupNames are retrieved properly from UGI * @throws Exception */ @Test public void testSessionGetGroupNames() throws Exception { final String testUser = "authtestuser"; final List<String> testGroups = Arrays.asList("group1", "group2"); UserGroupInformation.createUserForTesting(testUser, testGroups.toArray(new String[0])); SessionState ss = new SessionState(getAuthV2HiveConf(), testUser); setupDataNucleusFreeHive(ss.getConf()); assertEquals("check groups", testGroups, ss.getAuthenticator().getGroupNames()); }
HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER); SessionState ss = new SessionState(hiveConfCopy, user); authenticator.setSessionState(ss);
.getAuthenticator().getUserName(), this.getAuthenticator() .getGroupNames());
/** * Checks the permissions for the given path and current user on Hadoop FS. * If the given path does not exists, it checks for its parent folder. */ protected void checkPermissions(final Configuration conf, final Path path, final EnumSet<FsAction> actions) throws IOException, LoginException, HiveException { if (path == null) { throw new IllegalArgumentException("path is null"); } final FileSystem fs = path.getFileSystem(conf); FileStatus pathStatus = FileUtils.getFileStatusOrNull(fs, path); if (pathStatus != null) { checkPermissions(fs, pathStatus, actions, authenticator.getUserName()); } else if (path.getParent() != null) { // find the ancestor which exists to check its permissions Path par = path.getParent(); FileStatus parStatus = null; while (par != null) { parStatus = FileUtils.getFileStatusOrNull(fs, par); if (parStatus != null) { break; } par = par.getParent(); } checkPermissions(fs, parStatus, actions, authenticator.getUserName()); } }
/** * Test that the groupNames returned is null, when the user name is null. The user name is null * in the case of embedded HS2 and we assert that we don't throw an NPE in that case. * @throws Exception */ @Test public void testSessionNullUser() throws Exception { SessionState ss = new SessionState(getAuthV2HiveConf(), null); setupDataNucleusFreeHive(ss.getConf()); SessionState.start(ss); assertNull("getGroupNames when userName == null", ss.getAuthenticator().getGroupNames()); }
authenticator = HiveUtils.getAuthenticator(conf, HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER); authenticator.setSessionState(this);
/** * Check privileges on User, DB and table objects. * * @param table * @param inputRequiredPriv * @param outputRequiredPriv * @param inputCheck * @param outputCheck * @return true if the check passed * @throws HiveException */ private boolean authorizeUserDBAndTable(Table table, Privilege[] inputRequiredPriv, Privilege[] outputRequiredPriv, boolean[] inputCheck, boolean[] outputCheck) throws HiveException { if (authorizeUserAndDBPriv(hive_db.getDatabase(table.getCatName(), table.getDbName()), inputRequiredPriv, outputRequiredPriv, inputCheck, outputCheck)) { return true; } PrincipalPrivilegeSet tablePrivileges = hive_db.get_privilege_set( HiveObjectType.TABLE, table.getDbName(), table.getTableName(), null, null, this.getAuthenticator().getUserName(), this.getAuthenticator() .getGroupNames()); if (authorizePrivileges(tablePrivileges, inputRequiredPriv, inputCheck, outputRequiredPriv, outputCheck)) { return true; } return false; }