svn commit: r1629117 - /hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java

Thu, 02 Oct 2014 22:48:07 -0700 

Author: vgumashta
Date: Fri Oct  3 05:47:28 2014
New Revision: 1629117

URL: http://svn.apache.org/r1629117
Log:
HIVE-6799: HiveServer2 needs to map kerberos name to local name before proxy 
check (Dilli Arumugam reviewed by Vaibhav Gumashta)

Modified:
    
hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java

Modified: 
hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
URL: 
http://svn.apache.org/viewvc/hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java?rev=1629117&r1=1629116&r2=1629117&view=diff
==============================================================================
--- 
hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
 (original)
+++ 
hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
 Fri Oct  3 05:47:28 2014
@@ -23,6 +23,7 @@ import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
 import java.util.HashMap;
 import java.util.Map;
+
 import javax.security.auth.login.LoginException;
 import javax.security.sasl.Sasl;
 
@@ -31,6 +32,7 @@ import org.apache.hadoop.hive.conf.HiveC
 import org.apache.hadoop.hive.shims.ShimLoader;
 import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge;
 import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authentication.util.KerberosName;
 import org.apache.hive.service.cli.HiveSQLException;
 import org.apache.hive.service.cli.thrift.ThriftCLIService;
 import org.apache.thrift.TProcessorFactory;
@@ -289,7 +291,9 @@ public class HiveAuthFactory {
     try {
       UserGroupInformation sessionUgi;
       if (ShimLoader.getHadoopShims().isSecurityEnabled()) {
-        sessionUgi = ShimLoader.getHadoopShims().createProxyUser(realUser);
+       KerberosName kerbName = new KerberosName(realUser);
+       String shortPrincipalName = kerbName.getServiceName();
+        sessionUgi = 
ShimLoader.getHadoopShims().createProxyUser(shortPrincipalName);
       } else {
         sessionUgi = ShimLoader.getHadoopShims().createRemoteUser(realUser, 
null);
       }
@@ -302,5 +306,5 @@ public class HiveAuthFactory {
         "Failed to validate proxy privilege of " + realUser + " for " + 
proxyUser, e);
     }
   }
-
+  
 }

Reply via email to