This is an automated email from the ASF dual-hosted git repository.
prasanthj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new 24313ab HIVE-21783: Avoid authentication for connection from the same
domain (Ashutosh Bapat reviewed by Olli Draese, Prasanth Jayachandran)
24313ab is described below
commit 24313ab962b2881317bdcb50e67e90d3da3a5cc2
Author: Prasanth Jayachandran
AuthorDate: Thu Jun 13 01:36:39 2019 -0700
HIVE-21783: Avoid authentication for connection from the same domain
(Ashutosh Bapat reviewed by Olli Draese, Prasanth Jayachandran)
---
.../java/org/apache/hadoop/hive/conf/HiveConf.java | 8 +
.../java/org/apache/hive/minikdc/MiniHiveKdc.java | 23 ++-
...estImproperTrustDomainAuthenticationBinary.java | 28 +++
.../TestImproperTrustDomainAuthenticationHttp.java | 28 +++
.../auth/TestTrustDomainAuthenticationBinary.java | 28 +++
.../auth/TestTrustDomainAuthenticationHttp.java| 28 +++
.../auth/TrustDomainAuthenticationTest.java| 192 +
.../apache/hive/service/auth/HiveAuthFactory.java | 5 +
.../apache/hive/service/auth/PlainSaslHelper.java | 54 ++
.../hive/service/cli/thrift/ThriftHttpServlet.java | 53 --
10 files changed, 422 insertions(+), 25 deletions(-)
diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index 2cea174..03a8019 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -3478,6 +3478,14 @@ public class HiveConf extends Configuration {
" (Use with property
hive.server2.custom.authentication.class)\n" +
" PAM: Pluggable authentication module\n" +
" NOSASL: Raw transport"),
+HIVE_SERVER2_TRUSTED_DOMAIN("hive.server2.trusted.domain", "",
+"Specifies the host or a domain to trust connections from.
Authentication is skipped " +
+"for any connection coming from a host whose hostname ends with the
value of this" +
+" property. If authentication is expected to be skipped for
connections from " +
+"only a given host, fully qualified hostname of that host should be
specified. By default" +
+" it is empty, which means that all the connections to HiveServer2 are
authenticated. " +
+"When it is non-empty, the client has to provide a Hive user name. Any
password, if " +
+"provided, will not be used when authentication is skipped."),
HIVE_SERVER2_ALLOW_USER_SUBSTITUTION("hive.server2.allow.user.substitution",
true,
"Allow alternate user to be specified as part of HiveServer2 open
connection request."),
HIVE_SERVER2_KERBEROS_KEYTAB("hive.server2.authentication.kerberos.keytab", "",
diff --git
a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/MiniHiveKdc.java
b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/MiniHiveKdc.java
index 7d1192a..e604f90 100644
--- a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/MiniHiveKdc.java
+++ b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/MiniHiveKdc.java
@@ -36,6 +36,7 @@ import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hive.jdbc.miniHS2.MiniHS2;
import com.google.common.io.Files;
+import org.apache.hive.service.server.HiveServer2;
/**
* Wrapper around Hadoop's MiniKdc for use in hive tests.
@@ -178,15 +179,21 @@ public class MiniHiveKdc {
* @return new MiniHS2 instance
* @throws Exception
*/
- public static MiniHS2 getMiniHS2WithKerb(MiniHiveKdc miniHiveKdc, HiveConf
hiveConf,
+ public static MiniHS2 getMiniHS2WithKerb(MiniHiveKdc miniHiveKdc, HiveConf
hiveConf,
String authType) throws Exception {
- String hivePrincipal =
-
miniHiveKdc.getFullyQualifiedServicePrincipal(MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);
- String hiveKeytab = miniHiveKdc.getKeyTabFile(
-
miniHiveKdc.getServicePrincipalForUser(MiniHiveKdc.HIVE_SERVICE_PRINCIPAL));
-
- return new MiniHS2.Builder().withConf(hiveConf).withMiniKdc(hivePrincipal,
hiveKeytab).
- withAuthenticationType(authType).build();
+String hivePrincipal =
+
miniHiveKdc.getFullyQualifiedServicePrincipal(MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);
+String hiveKeytab = miniHiveKdc.getKeyTabFile(
+
miniHiveKdc.getServicePrincipalForUser(MiniHiveKdc.HIVE_SERVICE_PRINCIPAL));
+
+MiniHS2.Builder miniHS2Builder = new MiniHS2.Builder()
+ .withConf(hiveConf)
+ .withMiniKdc(hivePrincipal,
hiveKeytab)
+
.withAuthenticationType(authType);
+if (HiveServer2.isHTTPTransportMode(hiveConf)) {
+ miniHS2Builder.withHTTPTransport();
+}
+return miniHS2Builder.build();