diff --git a/common/src/java/org/apache/hadoop/hive/common/FileUtils.java b/common/src/java/org/apache/hadoop/hive/common/FileUtils.java index d755798..7df17a5 100644 --- a/common/src/java/org/apache/hadoop/hive/common/FileUtils.java +++ b/common/src/java/org/apache/hadoop/hive/common/FileUtils.java @@ -413,7 +413,12 @@ public Object run() throws Exception { * @throws IOException */ public static boolean isActionPermittedForFileHierarchy(FileSystem fs, FileStatus fileStatus, - String userName, FsAction action) throws Exception { + String userName, FsAction action) throws Exception { + return isActionPermittedForFileHierarchy(fs,fileStatus,userName, action, true); + } + + public static boolean isActionPermittedForFileHierarchy(FileSystem fs, FileStatus fileStatus, + String userName, FsAction action, boolean recurse) throws Exception { boolean isDir = fileStatus.isDir(); FsAction dirActionNeeded = action; @@ -429,15 +434,15 @@ public static boolean isActionPermittedForFileHierarchy(FileSystem fs, FileStatu return false; } - if (!isDir) { + if ((!isDir) || (!recurse)) { // no sub dirs to be checked return true; } // check all children FileStatus[] childStatuses = fs.listStatus(fileStatus.getPath()); for (FileStatus childStatus : childStatuses) { - // check children recursively - if (!isActionPermittedForFileHierarchy(fs, childStatus, userName, action)) { + // check children recursively - recurse is true if we're here. + if (!isActionPermittedForFileHierarchy(fs, childStatus, userName, action, true)) { return false; } } @@ -476,22 +481,27 @@ public static boolean isLocalFile(HiveConf conf, URI fileUri) { } return false; } - public static boolean isOwnerOfFileHierarchy(FileSystem fs, FileStatus fileStatus, String userName) throws IOException { + return isOwnerOfFileHierarchy(fs, fileStatus, userName, true); + } + + public static boolean isOwnerOfFileHierarchy(FileSystem fs, FileStatus fileStatus, + String userName, boolean recurse) + throws IOException { if (!fileStatus.getOwner().equals(userName)) { return false; } - if (!fileStatus.isDir()) { + if ((!fileStatus.isDir()) || (!recurse)) { // no sub dirs to be checked return true; } // check all children FileStatus[] childStatuses = fs.listStatus(fileStatus.getPath()); for (FileStatus childStatus : childStatuses) { - // check children recursively - if (!isOwnerOfFileHierarchy(fs, childStatus, userName)) { + // check children recursively - recurse is true if we're here. + if (!isOwnerOfFileHierarchy(fs, childStatus, userName, true)) { return false; } } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java index b6b2699..3281817 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java @@ -29,6 +29,7 @@ import java.util.Map; import java.util.Set; +import com.google.common.base.Strings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.apache.hadoop.fs.FileStatus; @@ -386,14 +387,20 @@ public static RequiredPrivileges getPrivilegesFromFS(Path filePath, HiveConf con try { fs = FileSystem.get(filePath.toUri(), conf); FileStatus fileStatus = FileUtils.getPathOrParentThatExists(fs, filePath); - if (FileUtils.isOwnerOfFileHierarchy(fs, fileStatus, userName)) { + Path path = fileStatus.getPath(); + boolean recurse = true; + // avoid recursive check if the path is a parent and not the actual file + if (!Strings.isNullOrEmpty(path.toString()) && !path.equals(filePath)) { + recurse = false; + } + if (FileUtils.isOwnerOfFileHierarchy(fs, fileStatus, userName, recurse)) { availPrivs.addPrivilege(SQLPrivTypeGrant.OWNER_PRIV); } - if (FileUtils.isActionPermittedForFileHierarchy(fs, fileStatus, userName, FsAction.WRITE)) { + if (FileUtils.isActionPermittedForFileHierarchy(fs, fileStatus, userName, FsAction.WRITE, recurse)) { availPrivs.addPrivilege(SQLPrivTypeGrant.INSERT_NOGRANT); availPrivs.addPrivilege(SQLPrivTypeGrant.DELETE_NOGRANT); } - if (FileUtils.isActionPermittedForFileHierarchy(fs, fileStatus, userName, FsAction.READ)) { + if (FileUtils.isActionPermittedForFileHierarchy(fs, fileStatus, userName, FsAction.READ, recurse)) { availPrivs.addPrivilege(SQLPrivTypeGrant.SELECT_NOGRANT); } } catch (Exception e) {