diff --git a/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java b/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java index 70c76b1..51b5bdc 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorFactory.java @@ -28,7 +28,10 @@ import java.util.Set; import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hadoop.hive.ql.Driver; +import org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory; import org.apache.hadoop.hive.ql.session.SessionState; /** @@ -58,8 +61,18 @@ public static CommandProcessor getForHiveCommand(String[] cmd, HiveConf conf) conf = new HiveConf(); } Set availableCommands = new HashSet(); - for (String availableCommand : conf.getVar(HiveConf.ConfVars.HIVE_SECURITY_COMMAND_WHITELIST).split(",")) { - availableCommands.add(availableCommand.toLowerCase().trim()); + if (!HiveAuthorizerFactory.class.isAssignableFrom + (conf.getClass(ConfVars.HIVE_AUTHORIZATION_MANAGER.varname,DefaultHiveAuthorizationProvider.class))) { + // we are not on authV2, add processors. + for (String availableCommand : conf.getVar(HiveConf.ConfVars.HIVE_SECURITY_COMMAND_WHITELIST).split(",")) { + availableCommands.add(availableCommand.toLowerCase().trim()); + } + } + + if (conf.getBoolVar(ConfVars.HIVE_IN_TEST)) { + // because test case uses these. + availableCommands.add("set"); + availableCommands.add("dfs"); } if (!availableCommands.contains(cmd[0].trim().toLowerCase())) { throw new SQLException("Insufficient privileges to execute " + cmd[0], "42000"); diff --git a/ql/src/test/org/apache/hadoop/hive/ql/processors/TestCommandProcessorFactory.java b/ql/src/test/org/apache/hadoop/hive/ql/processors/TestCommandProcessorFactory.java index ac5053a..9c89498 100644 --- a/ql/src/test/org/apache/hadoop/hive/ql/processors/TestCommandProcessorFactory.java +++ b/ql/src/test/org/apache/hadoop/hive/ql/processors/TestCommandProcessorFactory.java @@ -23,6 +23,7 @@ import junit.framework.Assert; import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hadoop.hive.ql.session.SessionState; import org.junit.Before; import org.junit.Test; @@ -54,6 +55,7 @@ public void testAvailableCommands() throws Exception { String cmd = command.name().toLowerCase(); Assert.assertNotNull("Cmd " + cmd + " not return null", CommandProcessorFactory.getForHiveCommand(new String[]{cmd}, conf)); } + conf.setBoolVar(ConfVars.HIVE_IN_TEST, false); conf.set(HiveConf.ConfVars.HIVE_SECURITY_COMMAND_WHITELIST.toString(), ""); for (HiveCommand command : HiveCommand.values()) { String cmd = command.name(); @@ -65,5 +67,6 @@ public void testAvailableCommands() throws Exception { Assert.assertEquals("42000", e.getSQLState()); } } + conf.setBoolVar(ConfVars.HIVE_IN_TEST, true); } } diff --git a/ql/src/test/queries/clientnegative/authorization_addjar.q b/ql/src/test/queries/clientnegative/authorization_addjar.q new file mode 100644 index 0000000..024d878 --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_addjar.q @@ -0,0 +1,3 @@ +set hive.security.authorization.enabled=true; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +add jar ${system:maven.local.repository}/org/apache/hive/hcatalog/hive-hcatalog-core/${system:hive.version}/hive-hcatalog-core-${system:hive.version}.jar; diff --git a/ql/src/test/results/clientnegative/authorization_addjar.q.out b/ql/src/test/results/clientnegative/authorization_addjar.q.out new file mode 100644 index 0000000..47be882 --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_addjar.q.out @@ -0,0 +1 @@ +Failed processing command add Insufficient privileges to execute add