Search in sources :

Example 1 with KerberosNameShim

use of org.apache.hadoop.hive.shims.HadoopShims.KerberosNameShim in project hive by apache.

the class HiveAuthFactory method verifyProxyAccess.

public static void verifyProxyAccess(String realUser, String proxyUser, String ipAddress, HiveConf hiveConf) throws HiveSQLException {
    try {
        UserGroupInformation sessionUgi;
        if (UserGroupInformation.isSecurityEnabled()) {
            KerberosNameShim kerbName = ShimLoader.getHadoopShims().getKerberosNameShim(realUser);
            sessionUgi = UserGroupInformation.createProxyUser(kerbName.getServiceName(), UserGroupInformation.getLoginUser());
        } else {
            sessionUgi = UserGroupInformation.createRemoteUser(realUser);
        }
        if (!proxyUser.equalsIgnoreCase(realUser)) {
            ProxyUsers.refreshSuperUserGroupsConfiguration(hiveConf);
            ProxyUsers.authorize(UserGroupInformation.createProxyUser(proxyUser, sessionUgi), ipAddress, hiveConf);
        }
    } catch (IOException e) {
        throw new HiveSQLException("Failed to validate proxy privilege of " + realUser + " for " + proxyUser, "08S01", e);
    }
}
Also used : KerberosNameShim(org.apache.hadoop.hive.shims.HadoopShims.KerberosNameShim) HiveSQLException(org.apache.hive.service.cli.HiveSQLException) IOException(java.io.IOException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 2 with KerberosNameShim

use of org.apache.hadoop.hive.shims.HadoopShims.KerberosNameShim in project hive by apache.

the class ThriftCLIService method getShortName.

private String getShortName(String userName) throws IOException {
    String ret = null;
    if (userName != null) {
        if (hiveAuthFactory != null && hiveAuthFactory.isSASLKerberosUser()) {
            // KerberosName.getShorName can only be used for kerberos user, but not for the user
            // logged in via other authentications such as LDAP
            KerberosNameShim fullKerberosName = ShimLoader.getHadoopShims().getKerberosNameShim(userName);
            ret = fullKerberosName.getShortName();
        } else {
            int indexOfDomainMatch = ServiceUtils.indexOfDomainMatch(userName);
            ret = (indexOfDomainMatch <= 0) ? userName : userName.substring(0, indexOfDomainMatch);
        }
    }
    return ret;
}
Also used : KerberosNameShim(org.apache.hadoop.hive.shims.HadoopShims.KerberosNameShim)

Aggregations

KerberosNameShim (org.apache.hadoop.hive.shims.HadoopShims.KerberosNameShim)2 IOException (java.io.IOException)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 HiveSQLException (org.apache.hive.service.cli.HiveSQLException)1