diff --git metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index 01c2626..9b16c61 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -110,6 +110,8 @@ import org.apache.hadoop.hive.metastore.events.PreDropPartitionEvent; import org.apache.hadoop.hive.metastore.events.PreDropTableEvent; import org.apache.hadoop.hive.metastore.events.PreEventContext; +import org.apache.hadoop.hive.metastore.events.PreGetDatabasesEvent; +import org.apache.hadoop.hive.metastore.events.PreGetTablesEvent; import org.apache.hadoop.hive.metastore.events.PreLoadPartitionDoneEvent; import org.apache.hadoop.hive.metastore.model.MDBPrivilege; import org.apache.hadoop.hive.metastore.model.MGlobalPrivilege; @@ -824,6 +826,9 @@ public void drop_database(final String dbName, final boolean deleteData, final b Exception ex = null; try { ret = getMS().getDatabases(pattern); + if (!ret.isEmpty()) { + firePreEvent(new PreGetDatabasesEvent(ret, this)); + } } catch (Exception e) { ex = e; if (e instanceof MetaException) { @@ -846,6 +851,9 @@ public void drop_database(final String dbName, final boolean deleteData, final b Exception ex = null; try { ret = getMS().getAllDatabases(); + if (!ret.isEmpty()) { + firePreEvent(new PreGetDatabasesEvent(ret, this)); + } } catch (Exception e) { ex = e; if (e instanceof MetaException) { @@ -2453,6 +2461,9 @@ public void alter_table_with_environment_context(final String dbname, Exception ex = null; try { ret = getMS().getTables(dbname, pattern); + if (!ret.isEmpty()) { + firePreEvent(new PreGetTablesEvent(dbname, ret, this)); + } } catch (Exception e) { ex = e; if (e instanceof MetaException) { @@ -2475,6 +2486,9 @@ public void alter_table_with_environment_context(final String dbname, Exception ex = null; try { ret = getMS().getAllTables(dbname); + if (!ret.isEmpty()) { + firePreEvent(new PreGetTablesEvent(dbname, ret, this)); + } } catch (Exception e) { ex = e; if (e instanceof MetaException) { diff --git metastore/src/java/org/apache/hadoop/hive/metastore/events/PreEventContext.java metastore/src/java/org/apache/hadoop/hive/metastore/events/PreEventContext.java index 5021a73..dbfbf04 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/events/PreEventContext.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/events/PreEventContext.java @@ -36,7 +36,9 @@ ALTER_PARTITION, CREATE_DATABASE, DROP_DATABASE, - LOAD_PARTITION_DONE + LOAD_PARTITION_DONE, + GET_DATABASES, + GET_TABLES } private final PreEventType eventType; diff --git metastore/src/java/org/apache/hadoop/hive/metastore/events/PreGetDatabasesEvent.java metastore/src/java/org/apache/hadoop/hive/metastore/events/PreGetDatabasesEvent.java new file mode 100644 index 0000000..5175ef9 --- /dev/null +++ metastore/src/java/org/apache/hadoop/hive/metastore/events/PreGetDatabasesEvent.java @@ -0,0 +1,37 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.metastore.events; + +import java.util.List; + +import org.apache.hadoop.hive.metastore.HiveMetaStore; + +public class PreGetDatabasesEvent extends PreEventContext { + + private final List databases; + + public PreGetDatabasesEvent(List databases, HiveMetaStore.HMSHandler handler) { + super(PreEventType.GET_DATABASES, handler); + this.databases = databases; + } + + public List getDatabases() { + return databases; + } +} diff --git metastore/src/java/org/apache/hadoop/hive/metastore/events/PreGetTablesEvent.java metastore/src/java/org/apache/hadoop/hive/metastore/events/PreGetTablesEvent.java new file mode 100644 index 0000000..00adf47 --- /dev/null +++ metastore/src/java/org/apache/hadoop/hive/metastore/events/PreGetTablesEvent.java @@ -0,0 +1,43 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.metastore.events; + +import java.util.List; + +import org.apache.hadoop.hive.metastore.HiveMetaStore; + +public class PreGetTablesEvent extends PreEventContext { + + private final String database; + private final List tables; + + public PreGetTablesEvent(String database, List tables, HiveMetaStore.HMSHandler handler) { + super(PreEventType.GET_TABLES, handler); + this.database = database; + this.tables = tables; + } + + public String getDatabase() { + return database; + } + + public List getTables() { + return tables; + } +} diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener.java index 9a90549..27c3ef6 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener.java @@ -18,6 +18,8 @@ package org.apache.hadoop.hive.ql.security.authorization; +import java.util.Iterator; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; @@ -38,6 +40,8 @@ import org.apache.hadoop.hive.metastore.events.PreDropPartitionEvent; import org.apache.hadoop.hive.metastore.events.PreDropTableEvent; import org.apache.hadoop.hive.metastore.events.PreEventContext; +import org.apache.hadoop.hive.metastore.events.PreGetDatabasesEvent; +import org.apache.hadoop.hive.metastore.events.PreGetTablesEvent; import org.apache.hadoop.hive.ql.metadata.AuthorizationException; import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.metadata.HiveUtils; @@ -107,6 +111,12 @@ public void onEvent(PreEventContext context) throws MetaException, NoSuchObjectE case LOAD_PARTITION_DONE: // noop for now break; + case GET_DATABASES: + authorizeGetDatabase((PreGetDatabasesEvent)context); + break; + case GET_TABLES: + authorizeGetTables((PreGetTablesEvent) context); + break; default: break; } @@ -226,6 +236,39 @@ private void authorizeAlterPartition(PreAlterPartitionEvent context) } } + private void authorizeGetDatabase(PreGetDatabasesEvent context) throws MetaException { + Iterator databases = context.getDatabases().iterator(); + while (databases.hasNext()) { + try { + Database database = context.getHandler().get_database(databases.next()); + authorizer.authorize(database, new Privilege[] {Privilege.SHOW_DATABASE}, null); + } catch (AuthorizationException e) { + databases.remove(); + } catch (NoSuchObjectException e) { + databases.remove(); + } catch (HiveException e) { + throw metaException(e); + } + } + } + + private void authorizeGetTables(PreGetTablesEvent context) throws MetaException { + Iterator tables = context.getTables().iterator(); + while (tables.hasNext()) { + try { + Table table = getTableFromApiTable( + context.getHandler().get_table(context.getDatabase(), tables.next())); + authorizer.authorize(table, new Privilege[] {Privilege.SELECT}, null); + } catch (AuthorizationException e) { + tables.remove(); + } catch (NoSuchObjectException e) { + tables.remove(); + } catch (HiveException e) { + throw metaException(e); + } + } + } + private Table getTableFromApiTable(org.apache.hadoop.hive.metastore.api.Table apiTable) { org.apache.hadoop.hive.metastore.api.Table tTable = apiTable.deepCopy(); if (tTable.getTableType() == null){