Peter Toth created SPARK-57882:
----------------------------------
Summary: Enforce AuthV2 metadata authorization on GetPrimaryKeys
and GetCrossReference operations
Key: SPARK-57882
URL: https://issues.apache.org/jira/browse/SPARK-57882
Project: Spark
Issue Type: Bug
Components: SQL
Affects Versions: 5.0.0
Reporter: Peter Toth
In the Hive Thrift server, metadata operations authorize metastore access
through Hive's
AuthV2 plugin (isAuthV2Enabled() / authorizeMetaGets()) when authorization is
enabled
(hive.security.authorization.manager set to a HiveAuthorizerFactory). All
MetadataOperation
subclasses apply this gate -- GetTablesOperation, GetColumnsOperation,
GetSchemasOperation,
GetFunctionsOperation, etc. -- as do Spark's own SparkGet*Operation classes.
GetPrimaryKeysOperation and GetCrossReferenceOperation are the only metadata
operations that
omit the gate, and SparkSQLOperationManager does not override them, so the
ungated Hive base
implementations run. As a result, when AuthV2 is configured, an authenticated
Thrift/JDBC
client can read primary-key and foreign-key schema metadata (table, column, and
key names,
and inter-table FK relationships) for tables that an AuthV2 policy denies via
getTables()/getColumns().
Fix: add the same isAuthV2Enabled()/authorizeMetaGets() gate used by the
sibling operations
to GetPrimaryKeysOperation.runInternal() and
GetCrossReferenceOperation.runInternal(), scoped
to the referenced table(s) (TABLE_OR_VIEW privilege objects). With
authorization disabled
(the default), behavior is unchanged.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]