svn commit: r1584403 - in /hive/trunk/ql/src: java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java test/queries/clientnegative/authorization_addjar.q test/results/clientnegative/authorization_addjar.q.out

Thu, 03 Apr 2014 14:28:15 -0700 

Author: hashutosh
Date: Thu Apr  3 21:27:05 2014
New Revision: 1584403

URL: http://svn.apache.org/r1584403
Log:
HIVE-6827 : Disable insecure commands with std sql auth (Ashutosh Chauhan via 
Thejas Nair)

Added:
    hive/trunk/ql/src/test/queries/clientnegative/authorization_addjar.q
    hive/trunk/ql/src/test/results/clientnegative/authorization_addjar.q.out
Modified:
    
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java

Modified: 
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java
URL: 
http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java?rev=1584403&r1=1584402&r2=1584403&view=diff
==============================================================================
--- 
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java
 (original)
+++ 
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java
 Thu Apr  3 21:27:05 2014
@@ -28,7 +28,12 @@ import java.util.Map;
 import java.util.Set;
 
 import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
 import org.apache.hadoop.hive.ql.Driver;
+import org.apache.hadoop.hive.ql.metadata.HiveException;
+import org.apache.hadoop.hive.ql.metadata.HiveUtils;
+import 
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
 import org.apache.hadoop.hive.ql.session.SessionState;
 
 /**
@@ -58,8 +63,18 @@ public final class CommandProcessorFacto
       conf = new HiveConf();
     }
     Set<String> availableCommands = new HashSet<String>();
-    for (String availableCommand : 
conf.getVar(HiveConf.ConfVars.HIVE_SECURITY_COMMAND_WHITELIST).split(",")) {
-      availableCommands.add(availableCommand.toLowerCase().trim());
+    if (!HiveAuthorizerFactory.class.isAssignableFrom
+      
(conf.getClass(ConfVars.HIVE_AUTHORIZATION_MANAGER.varname,DefaultHiveAuthorizationProvider.class)))
 {
+      // we are not on authV2, add processors.
+      for (String availableCommand : 
conf.getVar(HiveConf.ConfVars.HIVE_SECURITY_COMMAND_WHITELIST).split(",")) {
+        availableCommands.add(availableCommand.toLowerCase().trim());
+      }
+    }
+
+    if (conf.getBoolVar(ConfVars.HIVE_IN_TEST)) {
+      // because test case uses these.
+      availableCommands.add("set");
+      availableCommands.add("dfs");
     }
     if (!availableCommands.contains(cmd[0].trim().toLowerCase())) {
       throw new SQLException("Insufficient privileges to execute " + cmd[0], 
"42000");

Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_addjar.q
URL: 
http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_addjar.q?rev=1584403&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_addjar.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_addjar.q Thu 
Apr  3 21:27:05 2014
@@ -0,0 +1,3 @@
+set hive.security.authorization.enabled=true;
+set 
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+add jar 
${system:maven.local.repository}/org/apache/hive/hcatalog/hive-hcatalog-core/${system:hive.version}/hive-hcatalog-core-${system:hive.version}.jar;

Added: hive/trunk/ql/src/test/results/clientnegative/authorization_addjar.q.out
URL: 
http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_addjar.q.out?rev=1584403&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_addjar.q.out 
(added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_addjar.q.out 
Thu Apr  3 21:27:05 2014
@@ -0,0 +1 @@
+Failed processing command add Insufficient privileges to execute add

Reply via email to