diff --git service/src/java/org/apache/hive/service/ServiceUtils.java service/src/java/org/apache/hive/service/ServiceUtils.java new file mode 100644 index 0000000000000000000000000000000000000000..a0a94c95d7b7c883aff9f5a1c389f18727f68fa2 --- /dev/null +++ service/src/java/org/apache/hive/service/ServiceUtils.java @@ -0,0 +1,40 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hive.service; + +public class ServiceUtils { + + /* + * Get the index separating the user name from domain name (the user's name up + * to the first '/' or '@'). + * + * @param userName full user name. + * @return index of domain match or -1 if not found + */ + public static int indexOfDomainMatch(String userName) { + int idx = userName.indexOf('/'); + int idx2 = userName.indexOf('@'); + int endIdx = Math.min(idx, idx2); // Use the earlier match. + // Unless at least one of '/' or '@' was not found, in + // which case, user the latter match. + if (endIdx == -1) { + endIdx = Math.max(idx, idx2); + } + return endIdx; + } +} \ No newline at end of file diff --git service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java index d075761d079f8a18d7d317483783fe3b801e00d5..7292cd9c1fc0395ab4b985024c7d7758abf7fe3c 100644 --- service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java +++ service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java @@ -24,6 +24,7 @@ import javax.security.sasl.AuthenticationException; import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hive.service.ServiceUtils; public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvider { @@ -45,10 +46,11 @@ public void Authenticate(String user, String password) throws AuthenticationExce env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, ldapURL); - // If the domain is supplied, then append it. LDAP providers like Active Directory - // use a fully qualified user name like foo@bar.com. - if (ldapDomain != null) { - user = user + "@" + ldapDomain; + // If the domain is available in the config, then append it unless domain is + // already part of the username. LDAP providers like Active Directory use a + // fully qualified user name like foo@bar.com. + if (!hasDomain(user) && ldapDomain != null) { + user = user + "@" + ldapDomain; } // setup the security principal @@ -71,4 +73,7 @@ public void Authenticate(String user, String password) throws AuthenticationExce } } + private boolean hasDomain(String userName) { + return (ServiceUtils.indexOfDomainMatch(userName) > 0); + } } diff --git service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java index 3a8ae70d8bd31c9958ea6ae00a2d01c315c80615..64fbf707979201fc5daa687440e382eeea3f3166 100644 --- service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java +++ service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java @@ -33,6 +33,7 @@ import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hive.service.AbstractService; import org.apache.hive.service.ServiceException; +import org.apache.hive.service.ServiceUtils; import org.apache.hive.service.auth.HiveAuthFactory; import org.apache.hive.service.auth.TSetIpAddressProcessor; import org.apache.hive.service.cli.*; @@ -295,11 +296,19 @@ private String getUserName(TOpenSessionReq req) throws HiveSQLException { if (userName == null) { userName = req.getUsername(); } + + userName = getShortName(userName); String effectiveClientUser = getProxyUser(userName, req.getConfiguration(), getIpAddress()); LOG.debug("Client's username: " + effectiveClientUser); return effectiveClientUser; } + private String getShortName(String userName) { + int indexOfDomainMatch = ServiceUtils.indexOfDomainMatch(userName); + return (indexOfDomainMatch <= 0) ? userName : + userName.substring(0, indexOfDomainMatch); + } + /** * Create a session handle * @param req