[jira] [Commented] (HIVE-5485) SBAP errors on null partition being passed into partition level authorization

Sun, 13 Oct 2013 11:23:36 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13793738#comment-13793738
 ] 

Hudson commented on HIVE-5485:
------------------------------

FAILURE: Integrated in Hive-trunk-hadoop1-ptest #203 (See 
[https://builds.apache.org/job/Hive-trunk-hadoop1-ptest/203/])
HIVE-5485 : SBAP errors on null partition being passed into partition level 
authorization (Sushanth Sowmyan via Ashutosh Chauhan) (hashutosh: 
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1531707)
* 
/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java


> SBAP errors on null partition being passed into partition level authorization
> -----------------------------------------------------------------------------
>
>                 Key: HIVE-5485
>                 URL: https://issues.apache.org/jira/browse/HIVE-5485
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization
>    Affects Versions: 0.12.0
>            Reporter: Sushanth Sowmyan
>            Assignee: Sushanth Sowmyan
>             Fix For: 0.13.0
>
>         Attachments: HIVE-5485.patch
>
>
> SBAP causes an NPE when null is passed in as a partition for partition-level 
> or column-level authorization.
> Personally, in my opinion, this is not a SBAP bug, but incorrect usage of 
> AuthorizationProviders - one should not be calling the column-level authorize 
> (given that column-level is more basic than partition-level) function and 
> pass in a null as the partition value. However, that happens on code 
> introduced by HIVE-1887, and unless we rewrite that (and possibly a whole 
> bunch more(will need evaluation)), we have to accommodate that null and 
> appropriately attempt to fall back to table-level authorization in that case.
> The offending code section is in Driver.java:685
> {code}
>  678         // if we reach here, it means it needs to do a table 
> authorization
>  679         // check, and the table authorization may already happened 
> because of other
>  680         // partitions
>  681         if (tbl != null && 
> !tableAuthChecked.contains(tbl.getTableName()) &&
>  682             !(tableUsePartLevelAuth.get(tbl.getTableName()) == 
> Boolean.TRUE)) {
>  683           List<String> cols = tab2Cols.get(tbl);
>  684           if (cols != null && cols.size() > 0) {
>  685             ss.getAuthorizer().authorize(tbl, null, cols,
>  686                 op.getInputRequiredPrivileges(), null);
>  687           } else {
>  688             ss.getAuthorizer().authorize(tbl, 
> op.getInputRequiredPrivileges(),
>  689                 null);
>  690           }
>  691           tableAuthChecked.add(tbl.getTableName());
>  692         }
> {code}



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to