Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.12.0
-
None
Description
SBAP causes an NPE when null is passed in as a partition for partition-level or column-level authorization.
Personally, in my opinion, this is not a SBAP bug, but incorrect usage of AuthorizationProviders - one should not be calling the column-level authorize (given that column-level is more basic than partition-level) function and pass in a null as the partition value. However, that happens on code introduced by HIVE-1887, and unless we rewrite that (and possibly a whole bunch more(will need evaluation)), we have to accommodate that null and appropriately attempt to fall back to table-level authorization in that case.
The offending code section is in Driver.java:685
678 // if we reach here, it means it needs to do a table authorization 679 // check, and the table authorization may already happened because of other 680 // partitions 681 if (tbl != null && !tableAuthChecked.contains(tbl.getTableName()) && 682 !(tableUsePartLevelAuth.get(tbl.getTableName()) == Boolean.TRUE)) { 683 List<String> cols = tab2Cols.get(tbl); 684 if (cols != null && cols.size() > 0) { 685 ss.getAuthorizer().authorize(tbl, null, cols, 686 op.getInputRequiredPrivileges(), null); 687 } else { 688 ss.getAuthorizer().authorize(tbl, op.getInputRequiredPrivileges(), 689 null); 690 } 691 tableAuthChecked.add(tbl.getTableName()); 692 }