diff --git ql/src/java/org/apache/hadoop/hive/ql/Driver.java ql/src/java/org/apache/hadoop/hive/ql/Driver.java index 395a5f5..f887020 100644 --- ql/src/java/org/apache/hadoop/hive/ql/Driver.java +++ ql/src/java/org/apache/hadoop/hive/ql/Driver.java @@ -114,7 +114,6 @@ import org.apache.hadoop.hive.ql.session.SessionState; import org.apache.hadoop.hive.ql.session.SessionState.LogHelper; import org.apache.hadoop.hive.serde2.ByteStream; -import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hadoop.hive.shims.Utils; import org.apache.hadoop.mapred.ClusterStatus; import org.apache.hadoop.mapred.JobClient; @@ -1335,7 +1334,8 @@ public int execute() throws CommandNeedRetryException { resStream = null; SessionState ss = SessionState.get(); - HookContext hookContext = new HookContext(plan, conf, ctx.getPathToCS(), ss.getUserName(), ss.getUserIpAddress()); + HookContext hookContext = new HookContext(plan, conf, ctx.getPathToCS(), + ss.getAuthenticatedUserName(), ss.getUserIpAddress()); hookContext.setHookType(HookContext.HookType.PRE_EXEC_HOOK); for (Hook peh : getHooks(HiveConf.ConfVars.PREEXECHOOKS)) { diff --git ql/src/java/org/apache/hadoop/hive/ql/exec/FunctionTask.java ql/src/java/org/apache/hadoop/hive/ql/exec/FunctionTask.java index 569c125..e43491b 100644 --- ql/src/java/org/apache/hadoop/hive/ql/exec/FunctionTask.java +++ ql/src/java/org/apache/hadoop/hive/ql/exec/FunctionTask.java @@ -26,7 +26,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.fs.FileSystem; -import org.apache.hadoop.hive.common.JavaUtils; import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.metastore.api.Function; import org.apache.hadoop.hive.metastore.api.PrincipalType; @@ -148,7 +147,7 @@ private int createPermanentFunction(Hive db, CreateFunctionDesc createFunctionDe funcName, dbName, className, - SessionState.get().getUserName(), + SessionState.getUserFromAuthenticator(), PrincipalType.USER, (int) (System.currentTimeMillis() / 1000), org.apache.hadoop.hive.metastore.api.FunctionType.JAVA, diff --git ql/src/java/org/apache/hadoop/hive/ql/security/HadoopDefaultAuthenticator.java ql/src/java/org/apache/hadoop/hive/ql/security/HadoopDefaultAuthenticator.java index 18e4e00..3a5c7c2 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/HadoopDefaultAuthenticator.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/HadoopDefaultAuthenticator.java @@ -24,7 +24,6 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.session.SessionState; -import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hadoop.hive.shims.Utils; import org.apache.hadoop.security.UserGroupInformation; @@ -47,23 +46,26 @@ public String getUserName() { @Override public void setConf(Configuration conf) { + UserGroupInformation ugi = getUGIForConf(conf); this.conf = conf; - UserGroupInformation ugi = null; + this.userName = ugi.getShortUserName(); + if (ugi.getGroupNames() != null) { + this.groupNames = Arrays.asList(ugi.getGroupNames()); + } + } + + public static UserGroupInformation getUGIForConf(Configuration conf) { + UserGroupInformation ugi; try { ugi = Utils.getUGI(); } catch (Exception e) { throw new RuntimeException(e); } - if (ugi == null) { throw new RuntimeException( "Can not initialize HadoopDefaultAuthenticator."); } - - this.userName = ugi.getShortUserName(); - if (ugi.getGroupNames() != null) { - this.groupNames = Arrays.asList(ugi.getGroupNames()); - } + return ugi; } @Override diff --git ql/src/java/org/apache/hadoop/hive/ql/security/SessionStateUserAuthenticator.java ql/src/java/org/apache/hadoop/hive/ql/security/SessionStateUserAuthenticator.java index a77e93f..0a9ffbe 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/SessionStateUserAuthenticator.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/SessionStateUserAuthenticator.java @@ -43,7 +43,12 @@ @Override public String getUserName() { - return sessionState.getUserName(); + String username = sessionState.getUserName(); + if (username == null) { + // use login user instead + return HadoopDefaultAuthenticator.getUGIForConf(sessionState.getConf()).getUserName(); + } + return username; } @Override diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java index ac1cc47..06477a8 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java @@ -21,7 +21,6 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; -import java.util.Set; import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.metastore.Warehouse; @@ -350,21 +349,14 @@ public void setCurrentRole(String roleName) throws HiveAccessControlException, H @Override public List getCurrentRoleNames() throws HiveAuthzPluginException { - - String userName = SessionState.get().getUserName(); - if (userName == null) { - userName = SessionState.getUserFromAuthenticator(); - } - if (userName == null) { - throw new HiveAuthzPluginException("Cannot resolve current user name"); - } try { + String userName = SessionState.getUserFromAuthenticator(); List roleNames = new ArrayList(); for (Role role : hive.listRoles(userName, PrincipalType.USER)) { roleNames.add(role.getRoleName()); } return roleNames; - } catch (HiveException e) { + } catch (Exception e) { throw new HiveAuthzPluginException(e); } } diff --git ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java index 1b5864e..65f957d 100644 --- ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java +++ ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java @@ -64,7 +64,6 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactoryImpl; import org.apache.hadoop.hive.ql.util.DosToUnix; -import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hadoop.hive.shims.Utils; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.ReflectionUtils; @@ -855,10 +854,13 @@ public static LogHelper getConsole() { * null. */ public static String getUserFromAuthenticator() { - if (SessionState.get() != null && SessionState.get().getAuthenticator() != null) { - return SessionState.get().getAuthenticator().getUserName(); - } - return null; + SessionState sessionState = SessionState.get(); + return sessionState == null ? null : sessionState.getAuthenticatedUserName(); + } + + public String getAuthenticatedUserName() { + HiveAuthenticationProvider authenticator = getAuthenticator(); + return authenticator == null ? getUserName() : authenticator.getUserName(); } static void validateFiles(List newFiles) throws IllegalArgumentException { @@ -1308,6 +1310,7 @@ public void setTezSession(TezSessionState session) { this.tezSessionState = session; } + // possibly not authenticated. use getAuthenticatedUserName instead public String getUserName() { return userName; }