Repository: hive Updated Branches: refs/heads/branch-3.0 cbd6ffb7a -> acfd2099a
HIVE-19558 HiveAuthorizationProviderBase gets catalog name from config rather than db object (Alan Gates reviewed by Daniel Dai). Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/acfd2099 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/acfd2099 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/acfd2099 Branch: refs/heads/branch-3.0 Commit: acfd2099ac1a04a80f401a86755b77ac46c5b470 Parents: cbd6ffb Author: Alan Gates <[email protected]> Authored: Wed Jun 6 11:37:00 2018 -0700 Committer: Alan Gates <[email protected]> Committed: Wed Jun 6 11:37:00 2018 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/hive/ql/metadata/Hive.java | 17 +++++++++++++++++ .../org/apache/hadoop/hive/ql/metadata/Table.java | 4 ++++ .../BitSetCheckedAuthorizationProvider.java | 7 +++---- .../HiveAuthorizationProviderBase.java | 15 ++++++++++++--- .../StorageBasedAuthorizationProvider.java | 2 +- 5 files changed, 37 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/acfd2099/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java b/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java index 64b3f83..f8a6f54 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java @@ -1607,6 +1607,23 @@ public class Hive { } /** + * Get the database by name. + * @param catName catalog name + * @param dbName the name of the database. + * @return a Database object if this database exists, null otherwise. + * @throws HiveException + */ + public Database getDatabase(String catName, String dbName) throws HiveException { + try { + return getMSC().getDatabase(catName, dbName); + } catch (NoSuchObjectException e) { + return null; + } catch (Exception e) { + throw new HiveException(e); + } + } + + /** * Get the Database object for current database * @return a Database object if this database exists, null otherwise. * @throws HiveException http://git-wip-us.apache.org/repos/asf/hive/blob/acfd2099/ql/src/java/org/apache/hadoop/hive/ql/metadata/Table.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/metadata/Table.java b/ql/src/java/org/apache/hadoop/hive/ql/metadata/Table.java index ba16f84..f0061c0 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/metadata/Table.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/metadata/Table.java @@ -685,6 +685,10 @@ public class Table implements Serializable { tTable.setPartitionKeys(partCols); } + public String getCatName() { + return tTable.getCatName(); + } + public String getDbName() { return tTable.getDbName(); } http://git-wip-us.apache.org/repos/asf/hive/blob/acfd2099/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.java index 4e6e2b6..7c8affb 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.java @@ -258,7 +258,7 @@ public abstract class BitSetCheckedAuthorizationProvider extends Privilege[] inputRequiredPriv, Privilege[] outputRequiredPriv, boolean[] inputCheck, boolean[] outputCheck) throws HiveException { - if (authorizeUserAndDBPriv(hive_db.getDatabase(table.getDbName()), + if (authorizeUserAndDBPriv(hive_db.getDatabase(table.getCatName(), table.getDbName()), inputRequiredPriv, outputRequiredPriv, inputCheck, outputCheck)) { return true; } @@ -292,8 +292,8 @@ public abstract class BitSetCheckedAuthorizationProvider extends boolean[] inputCheck, boolean[] outputCheck) throws HiveException { if (authorizeUserAndDBPriv( - hive_db.getDatabase(part.getTable().getDbName()), inputRequiredPriv, - outputRequiredPriv, inputCheck, outputCheck)) { + hive_db.getDatabase(part.getTable().getCatName(), part.getTable().getDbName()), + inputRequiredPriv, outputRequiredPriv, inputCheck, outputCheck)) { return true; } @@ -330,7 +330,6 @@ public abstract class BitSetCheckedAuthorizationProvider extends /** * try to match an array of privileges from user/groups/roles grants. * - * @param container */ private boolean matchPrivs(Privilege[] inputPriv, PrincipalPrivilegeSet privileges, boolean[] check) { http://git-wip-us.apache.org/repos/asf/hive/blob/acfd2099/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java index 8a7c06d..be857fd 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java @@ -86,12 +86,21 @@ public abstract class HiveAuthorizationProviderBase implements } } - public Database getDatabase(String dbName) throws HiveException { + /** + * Get the database object + * @param catName catalog name. If null, the default will be pulled from the conf. This + * means the caller does not have to check isCatNameSet() + * @param dbName database name. + * @return + * @throws HiveException + */ + public Database getDatabase(String catName, String dbName) throws HiveException { + catName = catName == null ? MetaStoreUtils.getDefaultCatalog(conf) : catName; if (!isRunFromMetaStore()) { - return Hive.getWithFastCheck(conf).getDatabase(dbName); + return Hive.getWithFastCheck(conf).getDatabase(catName, dbName); } else { try { - return handler.get_database_core(MetaStoreUtils.getDefaultCatalog(conf), dbName); + return handler.get_database_core(catName, dbName); } catch (NoSuchObjectException e) { throw new HiveException(e); } catch (MetaException e) { http://git-wip-us.apache.org/repos/asf/hive/blob/acfd2099/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java index b66d188..6e9bb39 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java @@ -171,7 +171,7 @@ public class StorageBasedAuthorizationProvider extends HiveAuthorizationProvider // the database directory if (privExtractor.hasDropPrivilege || requireCreatePrivilege(readRequiredPriv) || requireCreatePrivilege(writeRequiredPriv)) { - authorize(hive_db.getDatabase(table.getDbName()), new Privilege[] {}, + authorize(hive_db.getDatabase(table.getCatName(), table.getDbName()), new Privilege[] {}, new Privilege[] { Privilege.ALTER_DATA }); }
