[
https://issues.apache.org/jira/browse/IMPALA-9021?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fang-Yu Rao updated IMPALA-9021:
--------------------------------
Description:
Currently on a Ranger-enabled Impala minicluster, Impala would produce a wrong
value for the Ranger audit field of client IP after executing a SQL statement
that triggers the check of authorization.
Specifically, if a user issues a SQL statement '{{SHOW TABLE STATS
functional.alltypes;}}', the value of the 3rd argument {{clientIp}} to the
constructor of {{RangerBufferAuditHandler}}
(https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java#L224)
would be '{{::ffff:127.0.0.1}}' (an IPv6 address) instead of '{{127.0.0.1}}'
(an IPv4 address). This could be verified by attaching a Java debugger to
{{impalad}} and observing the value of the 3rd argument {{clientIp}}.
was:
Currently on a Ranger-enabled Impala minicluster, Impala would produce a wrong
value for the Ranger audit field of client IP after executing a SQL statement
that triggers the check of authorization.
Specifically, if a user issues a SQL statement '{{SHOW TABLE STATS
functional.alltypes;}}', the value of the 3rd argument {{clientIp}} to the
constructor of {{RangerBufferAuditHandler}}
(https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java#L224)
would be '{{::ffff:127.0.0.1}}' instead of '{{127.0.0.1}}'. This could be
verified by attaching a Java debugger to {{impalad}} and observing the value of
the 3rd argument {{clientIp}}.
> Impala produces an IPv6 address for the Ranger audit field of client IP
> -----------------------------------------------------------------------
>
> Key: IMPALA-9021
> URL: https://issues.apache.org/jira/browse/IMPALA-9021
> Project: IMPALA
> Issue Type: Bug
> Reporter: Fang-Yu Rao
> Assignee: Fang-Yu Rao
> Priority: Critical
> Attachments: sessions.png
>
>
> Currently on a Ranger-enabled Impala minicluster, Impala would produce a
> wrong value for the Ranger audit field of client IP after executing a SQL
> statement that triggers the check of authorization.
> Specifically, if a user issues a SQL statement '{{SHOW TABLE STATS
> functional.alltypes;}}', the value of the 3rd argument {{clientIp}} to the
> constructor of {{RangerBufferAuditHandler}}
> (https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java#L224)
> would be '{{::ffff:127.0.0.1}}' (an IPv6 address) instead of
> '{{127.0.0.1}}' (an IPv4 address). This could be verified by attaching a Java
> debugger to {{impalad}} and observing the value of the 3rd argument
> {{clientIp}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
