diff --git ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java index 70c76b1..e7a56b4 100644 --- ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java +++ ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java @@ -28,7 +28,12 @@ import java.util.Set; import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hadoop.hive.ql.Driver; +import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.metadata.HiveUtils; +import org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory; import org.apache.hadoop.hive.ql.session.SessionState; /** @@ -58,8 +63,18 @@ public static CommandProcessor getForHiveCommand(String[] cmd, HiveConf conf) conf = new HiveConf(); } Set availableCommands = new HashSet(); - for (String availableCommand : conf.getVar(HiveConf.ConfVars.HIVE_SECURITY_COMMAND_WHITELIST).split(",")) { - availableCommands.add(availableCommand.toLowerCase().trim()); + if (!HiveAuthorizerFactory.class.isAssignableFrom + (conf.getClass(ConfVars.HIVE_AUTHORIZATION_MANAGER.varname,DefaultHiveAuthorizationProvider.class))) { + // we are not on authV2, add processors. + for (String availableCommand : conf.getVar(HiveConf.ConfVars.HIVE_SECURITY_COMMAND_WHITELIST).split(",")) { + availableCommands.add(availableCommand.toLowerCase().trim()); + } + } + + if (conf.getBoolVar(ConfVars.HIVE_IN_TEST)) { + // because test case uses these. + availableCommands.add("set"); + availableCommands.add("dfs"); } if (!availableCommands.contains(cmd[0].trim().toLowerCase())) { throw new SQLException("Insufficient privileges to execute " + cmd[0], "42000"); diff --git ql/src/test/queries/clientnegative/authorization_addjar.q ql/src/test/queries/clientnegative/authorization_addjar.q new file mode 100644 index 0000000..024d878 --- /dev/null +++ ql/src/test/queries/clientnegative/authorization_addjar.q @@ -0,0 +1,3 @@ +set hive.security.authorization.enabled=true; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +add jar ${system:maven.local.repository}/org/apache/hive/hcatalog/hive-hcatalog-core/${system:hive.version}/hive-hcatalog-core-${system:hive.version}.jar; diff --git ql/src/test/results/clientnegative/authorization_addjar.q.out ql/src/test/results/clientnegative/authorization_addjar.q.out new file mode 100644 index 0000000..47be882 --- /dev/null +++ ql/src/test/results/clientnegative/authorization_addjar.q.out @@ -0,0 +1 @@ +Failed processing command add Insufficient privileges to execute add