You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@livy.apache.org by GitBox <gi...@apache.org> on 2019/01/23 14:41:32 UTC

[GitHub] risdenk commented on a change in pull request #141: [LIVY-551] Add "doAs" impersonation support

risdenk commented on a change in pull request #141: [LIVY-551] Add "doAs" impersonation support
URL: https://github.com/apache/incubator-livy/pull/141#discussion_r250221878
 
 

 ##########
 File path: server/src/main/scala/org/apache/livy/server/AccessManager.scala
 ##########
 @@ -97,47 +99,71 @@ private[livy] class AccessManager(conf: LivyConf) extends Logging {
    */
   def isAccessControlOn: Boolean = aclsOn
 
+  def getRequestUser(request: HttpServletRequest): String = {
+    request.getRemoteUser
+  }
+
+  def getImpersonatedUser(request: HttpServletRequest): Option[String] = {
+    val impersonatedUser = Option(request.getParameter("doAs"))
+    impersonatedUser.filter(checkImpersonation(request, _))
+  }
+
+  def getEffectiveUser(request: HttpServletRequest): String = {
+    val requestUser = getRequestUser(request)
+    val impersonatedUser = getImpersonatedUser(request)
+    impersonatedUser.getOrElse(requestUser)
+  }
+
   /**
    * Checks that the requesting user can impersonate the target user.
    * If the user does not have permission to impersonate, then throws an `AccessControlException`.
-   *
-   * @return The user that should be impersonated. That can be the target user if defined, the
-   *         request's user - which may not be defined - otherwise, or `None` if impersonation is
-   *         disabled.
    */
-  def checkImpersonation(
-      target: Option[String],
-      requestUser: String,
-      livyConf: LivyConf): Option[String] = {
-    if (livyConf.getBoolean(LivyConf.IMPERSONATION_ENABLED)) {
-      if (!target.forall(hasSuperAccess(_, requestUser))) {
-        throw new AccessControlException(
-          s"User '$requestUser' not allowed to impersonate '$target'.")
+  def checkImpersonation(request: HttpServletRequest, impersonatedUser: String): Boolean = {
+    if (conf.getBoolean(LivyConf.IMPERSONATION_ENABLED)) {
+      if (hasSuperAccess(request, impersonatedUser) || checkProxyUser(request, impersonatedUser)) {
+        return true
       }
-      target.orElse(Option(requestUser))
-    } else {
-      None
+      val requestUser = getRequestUser(request)
+      throw new AccessControlException(
+        s"User '$requestUser' not allowed to impersonate '$impersonatedUser'.")
     }
+    false
+  }
+
+  def checkProxyUser(request: HttpServletRequest, impersonatedUser: String): Boolean = {
+    val proxyUser = getRequestUser(request)
+    val remoteHost = request.getRemoteHost
+    val allowedHosts = conf.hadoopConf.get("hadoop.proxyuser." + proxyUser + ".hosts")
 
 Review comment:
   The idea was to model after https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html#Configurations and how a bunch of other Hadoop ecosystem components work.
   
   Superusers can impersonate anyone yes. There should be a limit as to who can impersonate who. There should also be a limit from where superuser requests can come from. 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services