FAQ
Author: brock
Date: Sat Nov 22 19:08:54 2014
New Revision: 1641102

URL: http://svn.apache.org/r1641102
Log:
HIVE-8916 - Handle user@domain username under LDAP authentication (Mohit Sabharwal via Brock)

Added:
     hive/trunk/service/src/java/org/apache/hive/service/ServiceUtils.java
Modified:
     hive/trunk/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
     hive/trunk/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java

Added: hive/trunk/service/src/java/org/apache/hive/service/ServiceUtils.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/ServiceUtils.java?rev=1641102&view=auto
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/ServiceUtils.java (added)
+++ hive/trunk/service/src/java/org/apache/hive/service/ServiceUtils.java Sat Nov 22 19:08:54 2014
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hive.service;
+
+public class ServiceUtils {
+
+ /*
+ * Get the index separating the user name from domain name (the user's name up
+ * to the first '/' or '@').
+ *
+ * @param userName full user name.
+ * @return index of domain match or -1 if not found
+ */
+ public static int indexOfDomainMatch(String userName) {
+ if (userName == null) {
+ return -1;
+ }
+
+ int idx = userName.indexOf('/');
+ int idx2 = userName.indexOf('@');
+ int endIdx = Math.min(idx, idx2); // Use the earlier match.
+ // Unless at least one of '/' or '@' was not found, in
+ // which case, user the latter match.
+ if (endIdx == -1) {
+ endIdx = Math.max(idx, idx2);
+ }
+ return endIdx;
+ }
+}
\ No newline at end of file

Modified: hive/trunk/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java?rev=1641102&r1=1641101&r2=1641102&view=diff
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java (original)
+++ hive/trunk/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java Sat Nov 22 19:08:54 2014
@@ -24,6 +24,7 @@ import javax.naming.directory.InitialDir
  import javax.security.sasl.AuthenticationException;

  import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hive.service.ServiceUtils;

  public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvider {

@@ -45,10 +46,11 @@ public class LdapAuthenticationProviderI
      env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
      env.put(Context.PROVIDER_URL, ldapURL);

- // If the domain is supplied, then append it. LDAP providers like Active Directory
- // use a fully qualified user name like foo@bar.com.
- if (ldapDomain != null) {
- user = user + "@" + ldapDomain;
+ // If the domain is available in the config, then append it unless domain is
+ // already part of the username. LDAP providers like Active Directory use a
+ // fully qualified user name like foo@bar.com.
+ if (!hasDomain(user) && ldapDomain != null) {
+ user = user + "@" + ldapDomain;
      }

      // setup the security principal
@@ -71,4 +73,7 @@ public class LdapAuthenticationProviderI
      }
    }

+ private boolean hasDomain(String userName) {
+ return (ServiceUtils.indexOfDomainMatch(userName) > 0);
+ }
  }

Modified: hive/trunk/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java?rev=1641102&r1=1641101&r2=1641102&view=diff
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java (original)
+++ hive/trunk/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java Sat Nov 22 19:08:54 2014
@@ -33,6 +33,7 @@ import org.apache.hadoop.hive.conf.HiveC
  import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
  import org.apache.hive.service.AbstractService;
  import org.apache.hive.service.ServiceException;
+import org.apache.hive.service.ServiceUtils;
  import org.apache.hive.service.auth.HiveAuthFactory;
  import org.apache.hive.service.auth.TSetIpAddressProcessor;
  import org.apache.hive.service.cli.*;
@@ -295,11 +296,24 @@ public abstract class ThriftCLIService e
      if (userName == null) {
        userName = req.getUsername();
      }
+
+ userName = getShortName(userName);
      String effectiveClientUser = getProxyUser(userName, req.getConfiguration(), getIpAddress());
      LOG.debug("Client's username: " + effectiveClientUser);
      return effectiveClientUser;
    }

+ private String getShortName(String userName) {
+ String ret = null;
+ if (userName != null) {
+ int indexOfDomainMatch = ServiceUtils.indexOfDomainMatch(userName);
+ ret = (indexOfDomainMatch <= 0) ? userName :
+ userName.substring(0, indexOfDomainMatch);
+ }
+
+ return ret;
+ }
+
    /**
     * Create a session handle
     * @param req

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcommits @
categorieshive, hadoop
postedNov 22, '14 at 7:09p
activeNov 22, '14 at 7:09p
posts1
users1
websitehive.apache.org

1 user in discussion

Brock: 1 post

People

Translate

site design / logo © 2021 Grokbase