From b55b53b633d985638cd980109fd682b5bfa17df5 Mon Sep 17 00:00:00 2001 From: Dilli Dorai Arumugam Date: Tue, 1 Apr 2014 13:38:01 -0700 Subject: [PATCH] HIVE-6799: HiveServer2 needs to map kerberos name to local name before proxy check --- .../java/org/apache/hive/service/auth/HiveAuthFactory.java | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java b/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java index d8f4822..12803a5 100644 --- a/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java +++ b/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java @@ -313,7 +313,7 @@ public static void verifyProxyAccess(String realUser, String proxyUser, String i try { if (ShimLoader.getHadoopShims().isSecurityEnabled()) { - sessionUgi = ShimLoader.getHadoopShims().createProxyUser(realUser); + sessionUgi = ShimLoader.getHadoopShims().createProxyUser(getShortPrincipalName(realUser)); } else { sessionUgi = ShimLoader.getHadoopShims().createRemoteUser(realUser, null); } @@ -327,4 +327,16 @@ public static void verifyProxyAccess(String realUser, String proxyUser, String i } } + private static String getShortPrincipalName(String principalName) { + if (principalName == null) { + return principalName; + } + String[] namehostRealm = principalName.split("[@]"); + String[] nameHost = namehostRealm[0].split("/"); + String shortName = nameHost[0]; + LOG.debug("HiveAuthFactory.getShortPrincipalName(): principalName: " + principalName + + " , shortName: " + shortName); + return nameHost[0]; + } + } -- 1.7.12.4 (Apple Git-37)