diff --git service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java index 15b1675..5c00dd7 100644 --- service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java +++ service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java @@ -97,20 +97,17 @@ public void handle(Callback[] callbacks) private static class SQLPlainProcessorFactory extends TProcessorFactory { private final ThriftCLIService service; private final HiveConf conf; - private final boolean doAsEnabled; public SQLPlainProcessorFactory(ThriftCLIService service) { super(null); this.service = service; this.conf = service.getHiveConf(); - this.doAsEnabled = conf.getBoolVar(HiveConf.ConfVars.HIVE_SERVER2_ENABLE_DOAS); } @Override public TProcessor getProcessor(TTransport trans) { TProcessor baseProcessor = new TCLIService.Processor(service); - return doAsEnabled ? new TUGIContainingProcessor(baseProcessor, conf) : - new TSetIpAddressProcessor(service); + return new TSetIpAddressProcessor(service); } } diff --git service/src/java/org/apache/hive/service/auth/TSetIpAddressProcessor.java service/src/java/org/apache/hive/service/auth/TSetIpAddressProcessor.java index 0bf34ce..3be4b4b 100644 --- service/src/java/org/apache/hive/service/auth/TSetIpAddressProcessor.java +++ service/src/java/org/apache/hive/service/auth/TSetIpAddressProcessor.java @@ -18,10 +18,7 @@ package org.apache.hive.service.auth; -import java.net.Socket; - import org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore.Processor; -import org.apache.hive.service.cli.session.SessionManager; import org.apache.hive.service.cli.thrift.TCLIService; import org.apache.hive.service.cli.thrift.TCLIService.Iface; import org.apache.thrift.TException; @@ -54,14 +51,19 @@ public TSetIpAddressProcessor(Iface iface) { public boolean process(final TProtocol in, final TProtocol out) throws TException { setIpAddress(in); setUserName(in); - return super.process(in, out); + try { + return super.process(in, out); + } finally { + threadLocalUserName.remove(); + threadLocalIpAddress.remove(); + } } private void setUserName(final TProtocol in) { TTransport transport = in.getTransport(); if (transport instanceof TSaslServerTransport) { String userName = ((TSaslServerTransport)transport).getSaslServer().getAuthorizationID(); - SessionManager.setUserName(userName); + threadLocalUserName.set(userName); } } @@ -69,16 +71,12 @@ protected void setIpAddress(final TProtocol in) { TTransport transport = in.getTransport(); TSocket tSocket = getUnderlyingSocketFromTransport(transport); if (tSocket != null) { - setIpAddress(tSocket.getSocket()); + threadLocalIpAddress.set(tSocket.getSocket().getInetAddress().toString()); } else { LOGGER.warn("Unknown Transport, cannot determine ipAddress"); } } - private void setIpAddress(Socket socket) { - SessionManager.setIpAddress(socket.getInetAddress().toString()); - } - private TSocket getUnderlyingSocketFromTransport(TTransport transport) { while (transport != null) { if (transport instanceof TSaslServerTransport) { @@ -93,4 +91,26 @@ private TSocket getUnderlyingSocketFromTransport(TTransport transport) { } return null; } + + private static ThreadLocal threadLocalIpAddress = new ThreadLocal() { + @Override + protected synchronized String initialValue() { + return null; + } + }; + + private static ThreadLocal threadLocalUserName = new ThreadLocal(){ + @Override + protected synchronized String initialValue() { + return null; + } + }; + + public static String getUserIpAddress() { + return threadLocalIpAddress.get(); + } + + public static String getUserName() { + return threadLocalUserName.get(); + } } \ No newline at end of file diff --git service/src/java/org/apache/hive/service/cli/session/HiveSession.java service/src/java/org/apache/hive/service/cli/session/HiveSession.java index c8fb8ec..22a176f 100644 --- service/src/java/org/apache/hive/service/cli/session/HiveSession.java +++ service/src/java/org/apache/hive/service/cli/session/HiveSession.java @@ -18,51 +18,21 @@ package org.apache.hive.service.cli.session; -import java.util.List; -import java.util.Map; - -import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.metastore.IMetaStoreClient; -import org.apache.hadoop.hive.ql.session.SessionState; import org.apache.hive.service.cli.FetchOrientation; import org.apache.hive.service.cli.GetInfoType; import org.apache.hive.service.cli.GetInfoValue; import org.apache.hive.service.cli.HiveSQLException; import org.apache.hive.service.cli.OperationHandle; import org.apache.hive.service.cli.RowSet; -import org.apache.hive.service.cli.SessionHandle; import org.apache.hive.service.cli.TableSchema; -import org.apache.hive.service.cli.operation.OperationManager; -import org.apache.hive.service.cli.thrift.TProtocolVersion; - -public interface HiveSession { - - TProtocolVersion getProtocolVersion(); - - /** - * Set the session manager for the session - * @param sessionManager - */ - public void setSessionManager(SessionManager sessionManager); - - /** - * Get the session manager for the session - */ - public SessionManager getSessionManager(); - - /** - * Set operation manager for the session - * @param operationManager - */ - public void setOperationManager(OperationManager operationManager); - - public SessionHandle getSessionHandle(); - public String getUsername(); +import java.util.List; +import java.util.Map; - public String getPassword(); +public interface HiveSession extends HiveSessionBase { - public HiveConf getHiveConf(); + public void open(); public IMetaStoreClient getMetaStoreClient() throws HiveSQLException; @@ -177,10 +147,4 @@ public RowSet fetchResults(OperationHandle opHandle, FetchOrientation orientatio throws HiveSQLException; public RowSet fetchResults(OperationHandle opHandle) throws HiveSQLException; - - public SessionState getSessionState(); - - public String getUserName(); - - public void setUserName(String userName); } diff --git service/src/java/org/apache/hive/service/cli/session/HiveSessionBase.java service/src/java/org/apache/hive/service/cli/session/HiveSessionBase.java new file mode 100644 index 0000000..cec01a2 --- /dev/null +++ service/src/java/org/apache/hive/service/cli/session/HiveSessionBase.java @@ -0,0 +1,61 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hive.service.cli.session; + +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.ql.session.SessionState; +import org.apache.hive.service.cli.SessionHandle; +import org.apache.hive.service.cli.operation.OperationManager; +import org.apache.hive.service.cli.thrift.TProtocolVersion; + +public interface HiveSessionBase { + + TProtocolVersion getProtocolVersion(); + + /** + * Set the session manager for the session + * @param sessionManager + */ + public void setSessionManager(SessionManager sessionManager); + + /** + * Get the session manager for the session + */ + public SessionManager getSessionManager(); + + /** + * Set operation manager for the session + * @param operationManager + */ + public void setOperationManager(OperationManager operationManager); + + public SessionHandle getSessionHandle(); + + public String getUsername(); + + public String getPassword(); + + public HiveConf getHiveConf(); + + public SessionState getSessionState(); + + public String getUserName(); + + public void setUserName(String userName); +} diff --git service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java index 445c858..dc1b034 100644 --- service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java +++ service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java @@ -99,7 +99,6 @@ public HiveSessionImpl(TProtocolVersion protocol, String username, String passwo FetchFormatter.ThriftFormatter.class.getName()); hiveConf.setInt(ListSinkOperator.OUTPUT_PROTOCOL, protocol.getValue()); sessionState = new SessionState(hiveConf); - SessionState.start(sessionState); } public TProtocolVersion getProtocolVersion() { @@ -122,6 +121,10 @@ public void setOperationManager(OperationManager operationManager) { this.operationManager = operationManager; } + public void open() { + SessionState.start(sessionState); + } + protected synchronized void acquire() throws HiveSQLException { // need to make sure that the this connections session state is // stored in the thread local for sessions. diff --git service/src/java/org/apache/hive/service/cli/session/HiveSessionProxy.java service/src/java/org/apache/hive/service/cli/session/HiveSessionProxy.java index 76f18a9..0e6ea63 100644 --- service/src/java/org/apache/hive/service/cli/session/HiveSessionProxy.java +++ service/src/java/org/apache/hive/service/cli/session/HiveSessionProxy.java @@ -54,23 +54,14 @@ public static HiveSession getProxy(HiveSession hiveSession, UserGroupInformation public Object invoke(Object arg0, final Method method, final Object[] args) throws Throwable { try { + if (method.getDeclaringClass() == HiveSessionBase.class) { + return invoke(method, args); + } return ShimLoader.getHadoopShims().doAs(ugi, new PrivilegedExceptionAction () { @Override public Object run() throws HiveSQLException { - try { - return method.invoke(base, args); - } catch (InvocationTargetException e) { - if (e.getCause() instanceof HiveSQLException) { - throw (HiveSQLException)e.getCause(); - } else { - throw new RuntimeException(e.getCause()); - } - } catch (IllegalArgumentException e) { - throw new RuntimeException(e); - } catch (IllegalAccessException e) { - throw new RuntimeException(e); - } + return invoke(method, args); } }); } catch (UndeclaredThrowableException e) { @@ -83,5 +74,19 @@ public Object run() throws HiveSQLException { } } + private Object invoke(final Method method, final Object[] args) throws HiveSQLException { + try { + return method.invoke(base, args); + } catch (InvocationTargetException e) { + if (e.getCause() instanceof HiveSQLException) { + throw (HiveSQLException)e.getCause(); + } + throw new RuntimeException(e.getCause()); + } catch (IllegalArgumentException e) { + throw new RuntimeException(e); + } catch (IllegalAccessException e) { + throw new RuntimeException(e); + } + } } diff --git service/src/java/org/apache/hive/service/cli/session/SessionManager.java service/src/java/org/apache/hive/service/cli/session/SessionManager.java index bfe0e7b..1e4992c 100644 --- service/src/java/org/apache/hive/service/cli/session/SessionManager.java +++ service/src/java/org/apache/hive/service/cli/session/SessionManager.java @@ -101,9 +101,6 @@ public SessionHandle openSession(TProtocolVersion protocol, String username, Str public SessionHandle openSession(TProtocolVersion protocol, String username, String password, Map sessionConf, boolean withImpersonation, String delegationToken) throws HiveSQLException { - if (username == null) { - username = threadLocalUserName.get(); - } HiveSession session; if (withImpersonation) { HiveSessionImplwithUGI hiveSessionUgi = new HiveSessionImplwithUGI(protocol, username, password, @@ -116,6 +113,8 @@ public SessionHandle openSession(TProtocolVersion protocol, String username, Str session.setSessionManager(this); session.setOperationManager(operationManager); + session.open(); + handleToSession.put(session.getSessionHandle(), session); try { @@ -146,36 +145,6 @@ public OperationManager getOperationManager() { return operationManager; } - private static ThreadLocal threadLocalIpAddress = new ThreadLocal() { - @Override - protected synchronized String initialValue() { - return null; - } - }; - - public static void setIpAddress(String ipAddress) { - threadLocalIpAddress.set(ipAddress); - } - - private void clearIpAddress() { - threadLocalIpAddress.remove(); - } - - private static ThreadLocal threadLocalUserName = new ThreadLocal(){ - @Override - protected synchronized String initialValue() { - return null; - } - }; - - public static void setUserName(String userName) { - threadLocalUserName.set(userName); - } - - private void clearUserName() { - threadLocalUserName.remove(); - } - // execute session hooks private void executeSessionHooks(HiveSession session) throws Exception { List sessionHooks = HookUtils.getHooks(hiveConf, diff --git service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java index b5a6138..6538eea 100644 --- service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java +++ service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java @@ -31,6 +31,7 @@ import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hive.service.AbstractService; import org.apache.hive.service.auth.HiveAuthFactory; +import org.apache.hive.service.auth.TSetIpAddressProcessor; import org.apache.hive.service.cli.CLIService; import org.apache.hive.service.cli.FetchOrientation; import org.apache.hive.service.cli.GetInfoType; @@ -111,7 +112,6 @@ public synchronized void stop() { super.stop(); } - @Override public TOpenSessionResp OpenSession(TOpenSessionReq req) throws TException { LOG.info("Client protocol version: " + req.getClient_protocol()); @@ -130,12 +130,14 @@ public TOpenSessionResp OpenSession(TOpenSessionReq req) throws TException { } private String getUserName(TOpenSessionReq req) { - if (hiveAuthFactory != null - && hiveAuthFactory.getRemoteUser() != null) { - return hiveAuthFactory.getRemoteUser(); - } else { - return req.getUsername(); + String userName = null; + if (hiveAuthFactory != null) { + userName = hiveAuthFactory.getRemoteUser(); // kerberos + } + if (userName == null) { + userName = TSetIpAddressProcessor.getUserName(); // except kerberos, nosasl } + return userName != null ? userName : req.getUsername(); } SessionHandle getSessionHandle(TOpenSessionReq req, TOpenSessionResp res) @@ -145,25 +147,33 @@ SessionHandle getSessionHandle(TOpenSessionReq req, TOpenSessionResp res) TProtocolVersion protocol = getMinVersion(CLIService.SERVER_VERSION, req.getClient_protocol()); SessionHandle sessionHandle; - if (cliService.getHiveConf().getVar(ConfVars.HIVE_SERVER2_AUTHENTICATION) - .equals(HiveAuthFactory.AuthTypes.KERBEROS.toString()) && + if (userName != null && cliService.getHiveConf().getBoolVar(ConfVars.HIVE_SERVER2_ENABLE_DOAS)) { - String delegationTokenStr = null; - try { - delegationTokenStr = cliService.getDelegationTokenFromMetaStore(userName); - } catch (UnsupportedOperationException e) { - // The delegation token is not applicable in the given deployment mode - } - sessionHandle = cliService.openSessionWithImpersonation(protocol, userName, - req.getPassword(), req.getConfiguration(), delegationTokenStr); + String delegationTokenStr = getDelegationToken(userName); + sessionHandle = cliService.openSessionWithImpersonation( + protocol, userName, req.getPassword(), req.getConfiguration(), delegationTokenStr); } else { - sessionHandle = cliService.openSession(protocol, userName, req.getPassword(), - req.getConfiguration()); + sessionHandle = cliService.openSession( + protocol, userName, req.getPassword(), req.getConfiguration()); } res.setServerProtocolVersion(protocol); return sessionHandle; } + private String getDelegationToken(String userName) + throws HiveSQLException, LoginException, IOException { + if (userName == null || !cliService.getHiveConf().getVar(ConfVars.HIVE_SERVER2_AUTHENTICATION) + .equals(HiveAuthFactory.AuthTypes.KERBEROS.toString())) { + return null; + } + try { + return cliService.getDelegationTokenFromMetaStore(userName); + } catch (UnsupportedOperationException e) { + // The delegation token is not applicable in the given deployment mode + } + return null; + } + private TProtocolVersion getMinVersion(TProtocolVersion... versions) { TProtocolVersion[] values = TProtocolVersion.values(); int current = values[values.length - 1].getValue(); diff --git service/src/test/org/apache/hive/service/auth/TestPlainSaslHelper.java service/src/test/org/apache/hive/service/auth/TestPlainSaslHelper.java index 8fa4afd..fb784aa 100644 --- service/src/test/org/apache/hive/service/auth/TestPlainSaslHelper.java +++ service/src/test/org/apache/hive/service/auth/TestPlainSaslHelper.java @@ -45,6 +45,6 @@ public void testDoAsSetting(){ tcliService.init(hconf); TProcessorFactory procFactory = PlainSaslHelper.getPlainProcessorFactory(tcliService); assertEquals("doAs enabled processor for unsecure mode", - procFactory.getProcessor(null).getClass(), TUGIContainingProcessor.class); + procFactory.getProcessor(null).getClass(), TSetIpAddressProcessor.class); } }