Peter Toth created SPARK-57882:
----------------------------------

             Summary: Enforce AuthV2 metadata authorization on GetPrimaryKeys 
and GetCrossReference operations
                 Key: SPARK-57882
                 URL: https://issues.apache.org/jira/browse/SPARK-57882
             Project: Spark
          Issue Type: Bug
          Components: SQL
    Affects Versions: 5.0.0
            Reporter: Peter Toth


In the Hive Thrift server, metadata operations authorize metastore access 
through Hive's
AuthV2 plugin (isAuthV2Enabled() / authorizeMetaGets()) when authorization is 
enabled
(hive.security.authorization.manager set to a HiveAuthorizerFactory). All 
MetadataOperation
subclasses apply this gate -- GetTablesOperation, GetColumnsOperation, 
GetSchemasOperation,
GetFunctionsOperation, etc. -- as do Spark's own SparkGet*Operation classes.

GetPrimaryKeysOperation and GetCrossReferenceOperation are the only metadata 
operations that
omit the gate, and SparkSQLOperationManager does not override them, so the 
ungated Hive base
implementations run. As a result, when AuthV2 is configured, an authenticated 
Thrift/JDBC
client can read primary-key and foreign-key schema metadata (table, column, and 
key names,
and inter-table FK relationships) for tables that an AuthV2 policy denies via
getTables()/getColumns().

Fix: add the same isAuthV2Enabled()/authorizeMetaGets() gate used by the 
sibling operations
to GetPrimaryKeysOperation.runInternal() and 
GetCrossReferenceOperation.runInternal(), scoped
to the referenced table(s) (TABLE_OR_VIEW privilege objects). With 
authorization disabled
(the default), behavior is unchanged.




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to