You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2014/02/25 23:55:33 UTC
svn commit: r1571854 - in /hive/trunk: ./
common/src/java/org/apache/hadoop/hive/conf/ service/
service/src/java/org/apache/hive/service/auth/
Author: thejas
Date: Tue Feb 25 22:55:32 2014
New Revision: 1571854
URL: http://svn.apache.org/r1571854
Log:
HIVE-6466 : Add support for pluggable authentication modules (PAM) in Hive (Vaibhav Gumashta via Thejas Nair)
Added:
hive/trunk/service/src/java/org/apache/hive/service/auth/PamAuthenticationProviderImpl.java
Modified:
hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
hive/trunk/pom.xml
hive/trunk/service/pom.xml
hive/trunk/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java
Modified: hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
URL: http://svn.apache.org/viewvc/hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java?rev=1571854&r1=1571853&r2=1571854&view=diff
==============================================================================
--- hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (original)
+++ hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java Tue Feb 25 22:55:32 2014
@@ -822,13 +822,16 @@ public class HiveConf extends Configurat
// HiveServer2 auth configuration
HIVE_SERVER2_AUTHENTICATION("hive.server2.authentication", "NONE",
- new StringsValidator("NOSASL", "NONE", "LDAP", "KERBEROS", "CUSTOM")),
+ new StringsValidator("NOSASL", "NONE", "LDAP", "KERBEROS", "PAM", "CUSTOM")),
HIVE_SERVER2_KERBEROS_KEYTAB("hive.server2.authentication.kerberos.keytab", ""),
HIVE_SERVER2_KERBEROS_PRINCIPAL("hive.server2.authentication.kerberos.principal", ""),
HIVE_SERVER2_PLAIN_LDAP_URL("hive.server2.authentication.ldap.url", null),
HIVE_SERVER2_PLAIN_LDAP_BASEDN("hive.server2.authentication.ldap.baseDN", null),
HIVE_SERVER2_PLAIN_LDAP_DOMAIN("hive.server2.authentication.ldap.Domain", null),
HIVE_SERVER2_CUSTOM_AUTHENTICATION_CLASS("hive.server2.custom.authentication.class", null),
+ // List of the underlying pam services that should be used when auth type is PAM
+ // A file with the same name must exist in /etc/pam.d
+ HIVE_SERVER2_PAM_SERVICES("hive.server2.authentication.pam.services", null),
HIVE_SERVER2_ENABLE_DOAS("hive.server2.enable.doAs", true),
HIVE_SERVER2_TABLE_TYPE_MAPPING("hive.server2.table.type.mapping", "CLASSIC",
new StringsValidator("CLASSIC", "HIVE")),
Modified: hive/trunk/pom.xml
URL: http://svn.apache.org/viewvc/hive/trunk/pom.xml?rev=1571854&r1=1571853&r2=1571854&view=diff
==============================================================================
--- hive/trunk/pom.xml (original)
+++ hive/trunk/pom.xml Tue Feb 25 22:55:32 2014
@@ -141,6 +141,7 @@
<velocity.version>1.5</velocity.version>
<xerces.version>2.9.1</xerces.version>
<zookeeper.version>3.4.5</zookeeper.version>
+ <jpam.version>1.1</jpam.version>
</properties>
<repositories>
Modified: hive/trunk/service/pom.xml
URL: http://svn.apache.org/viewvc/hive/trunk/service/pom.xml?rev=1571854&r1=1571853&r2=1571854&view=diff
==============================================================================
--- hive/trunk/service/pom.xml (original)
+++ hive/trunk/service/pom.xml Tue Feb 25 22:55:32 2014
@@ -55,6 +55,11 @@
<artifactId>commons-cli</artifactId>
<version>${commons-cli.version}</version>
</dependency>
+ <dependency>
+ <groupId>net.sf.jpam</groupId>
+ <artifactId>jpam</artifactId>
+ <version>${jpam.version}</version>
+ </dependency>
<!-- used by thrift generated code -->
<dependency>
<groupId>commons-lang</groupId>
Modified: hive/trunk/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java?rev=1571854&r1=1571853&r2=1571854&view=diff
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java (original)
+++ hive/trunk/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java Tue Feb 25 22:55:32 2014
@@ -23,6 +23,7 @@ public class AuthenticationProviderFacto
public static enum AuthMethods {
LDAP("LDAP"),
+ PAM("PAM"),
CUSTOM("CUSTOM"),
NONE("NONE");
@@ -50,14 +51,20 @@ public class AuthenticationProviderFacto
}
public static PasswdAuthenticationProvider getAuthenticationProvider(AuthMethods authMethod)
- throws AuthenticationException {
+ throws AuthenticationException {
if (authMethod.equals(AuthMethods.LDAP)) {
return new LdapAuthenticationProviderImpl();
- } else if (authMethod.equals(AuthMethods.CUSTOM)) {
+ }
+ else if (authMethod.equals(AuthMethods.PAM)) {
+ return new PamAuthenticationProviderImpl();
+ }
+ else if (authMethod.equals(AuthMethods.CUSTOM)) {
return new CustomAuthenticationProviderImpl();
- } else if (authMethod.equals(AuthMethods.NONE)) {
+ }
+ else if (authMethod.equals(AuthMethods.NONE)) {
return new AnonymousAuthenticationProviderImpl();
- } else {
+ }
+ else {
throw new AuthenticationException("Unsupported authentication method");
}
}
Added: hive/trunk/service/src/java/org/apache/hive/service/auth/PamAuthenticationProviderImpl.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/auth/PamAuthenticationProviderImpl.java?rev=1571854&view=auto
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/auth/PamAuthenticationProviderImpl.java (added)
+++ hive/trunk/service/src/java/org/apache/hive/service/auth/PamAuthenticationProviderImpl.java Tue Feb 25 22:55:32 2014
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hive.service.auth;
+
+import javax.security.sasl.AuthenticationException;
+
+import net.sf.jpam.Pam;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+
+public class PamAuthenticationProviderImpl implements PasswdAuthenticationProvider {
+
+ private final String pamServiceNames;
+
+ PamAuthenticationProviderImpl () {
+ HiveConf conf = new HiveConf();
+ this.pamServiceNames = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PAM_SERVICES);
+ }
+
+ @Override
+ public void Authenticate(String user, String password)
+ throws AuthenticationException {
+
+ if (pamServiceNames == null || pamServiceNames.trim().isEmpty()) {
+ throw new AuthenticationException("No PAM services are set.");
+ }
+
+ String pamServices[] = pamServiceNames.split(",");
+ for (String pamService : pamServices) {
+ Pam pam = new Pam(pamService);
+ boolean isAuthenticated = pam.authenticateSuccessful(user, password);
+ if (!isAuthenticated) {
+ throw new AuthenticationException("Error authenticating with the PAM service: " + pamService);
+ }
+ }
+ }
+}
\ No newline at end of file