diff --git common/src/java/org/apache/hadoop/hive/conf/HiveConf.java common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index 2e2bf5a..bf7d1c4 100644 --- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -1784,7 +1784,7 @@ " With negative value, it's checked for all of the operations regardless of state."), HIVE_CONF_RESTRICTED_LIST("hive.conf.restricted.list", - "hive.security.authenticator.manager,hive.security.authorization.manager,hive.users.in.admin.role", + "hive.security.authenticator.manager,hive.security.authorization.manager,hive.users.in.admin.role,javax.jdo.option.ConnectionPassword", "Comma separated list of configuration options which are immutable at runtime"), // If this is set all move tasks at the end of a multi-insert query will only begin once all @@ -2179,6 +2179,16 @@ private static synchronized InputStream getConfVarInputStream() { return new LoopingByteArrayInputStream(confVarByteArray); } + public boolean isRestricted(String name) throws IllegalArgumentException { + if (modWhiteListPattern != null) { + Matcher wlMatcher = modWhiteListPattern.matcher(name); + if (!wlMatcher.matches()) { + return true; + } + } + return restrictList.contains(name); + } + public void verifyAndSet(String name, String value) throws IllegalArgumentException { if (modWhiteListPattern != null) { Matcher wlMatcher = modWhiteListPattern.matcher(name); diff --git common/src/test/org/apache/hadoop/hive/conf/TestHiveConfRestrictList.java common/src/test/org/apache/hadoop/hive/conf/TestHiveConfRestrictList.java index 980fa76..e698614 100644 --- common/src/test/org/apache/hadoop/hive/conf/TestHiveConfRestrictList.java +++ common/src/test/org/apache/hadoop/hive/conf/TestHiveConfRestrictList.java @@ -81,6 +81,8 @@ public void testAppendRestriction() throws Exception { } private void verifyRestriction(String varName, String newVal) { + assertTrue("config property " + varName + "should be restricted", + conf.isRestricted(varName)); try { conf.verifyAndSet(varName, newVal); fail("Setting config property " + varName + " should fail"); diff --git ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java index bc9254c..2789517 100644 --- ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java +++ ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java @@ -21,7 +21,6 @@ import static org.apache.hadoop.hive.serde.serdeConstants.SERIALIZATION_NULL_FORMAT; import static org.apache.hadoop.hive.serde.serdeConstants.STRING_TYPE_NAME; import static org.apache.hadoop.hive.serde2.MetadataTypedColumnsetSerDe.defaultNullString; - import static org.apache.hadoop.hive.conf.SystemVariables.*; import java.util.Map; @@ -55,12 +54,15 @@ public static boolean getBoolean(String value) { + "' is not a boolean"); } - private void dumpOptions(Properties p) { + private void dumpOptions(Properties p, HiveConf conf) { SessionState ss = SessionState.get(); SortedMap sortedMap = new TreeMap(); sortedMap.put("silent", (ss.getIsSilent() ? "on" : "off")); for (Object one : p.keySet()) { String oneProp = (String) one; + if (conf.isRestricted(oneProp)) { + continue; + } String oneValue = p.getProperty(oneProp); sortedMap.put(oneProp, oneValue); } @@ -89,7 +91,11 @@ private void dumpOption(String s) { SessionState ss = SessionState.get(); if (ss.getConf().get(s) != null) { - ss.out.println(s + "=" + ss.getConf().get(s)); + if (!ss.getConf().isRestricted(s)) { + ss.out.println(s + "=" + ss.getConf().get(s)); + } else { + throw new IllegalArgumentException("hiveconf " + s + "is restricted"); + } } else if (ss.getHiveVariables().containsKey(s)) { ss.out.println(s + "=" + ss.getHiveVariables().get(s)); } else { @@ -254,12 +260,12 @@ public CommandProcessorResponse run(String command) { String nwcmd = command.trim(); if (nwcmd.equals("")) { - dumpOptions(ss.getConf().getChangedProperties()); + dumpOptions(ss.getConf().getChangedProperties(), ss.getConf()); return createProcessorSuccessResponse(); } if (nwcmd.equals("-v")) { - dumpOptions(ss.getConf().getAllProperties()); + dumpOptions(ss.getConf().getAllProperties(), ss.getConf()); return createProcessorSuccessResponse(); }