You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Pavan Lanka (Jira)" <ji...@apache.org> on 2022/09/08 23:14:00 UTC

[jira] [Updated] (HIVE-26522) Test for HIVE-22033 and backport to 3.1 and 2.3

     [ https://issues.apache.org/jira/browse/HIVE-26522?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pavan Lanka updated HIVE-26522:
-------------------------------
    Summary: Test for HIVE-22033 and backport to 3.1 and 2.3  (was: Test for )

> Test for HIVE-22033 and backport to 3.1 and 2.3
> -----------------------------------------------
>
>                 Key: HIVE-26522
>                 URL: https://issues.apache.org/jira/browse/HIVE-26522
>             Project: Hive
>          Issue Type: Bug
>          Components: Standalone Metastore
>    Affects Versions: 2.3.8, 3.1.3
>            Reporter: Pavan Lanka
>            Assignee: Pavan Lanka
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The HMS currently exposes method to renew an obtained delegation token
> {code:java}
> @Override
> public long renewDelegationToken(String tokenStrForm) throws MetaException, TException {
>   if (localMetaStore) {
>     return 0;
>   }
>   return client.renew_delegation_token(tokenStrForm);
> }{code}
> However on the server side, the renewal of the delegation token does not result in the update of the token information with the updated expiry
> {code:java}
> @Override
> public long renewToken(Token<DelegationTokenIdentifier> token, String renewer) throws IOException {
>   // since renewal is KERBEROS authenticated token may not be cached
>   final DelegationTokenIdentifier id = getTokenIdentifier(token);
>   DelegationTokenInformation tokenInfo = this.tokenStore.getToken(id);
>   if (tokenInfo == null) {
>       throw new InvalidToken("token does not exist: " + id); // no token found
>   }
>   // ensure associated master key is available
>   if (!super.allKeys.containsKey(id.getMasterKeyId())) {
>     LOGGER.info("Unknown master key (id={}), (re)loading keys from token store.",
>       id.getMasterKeyId());
>     reloadKeys();
>   }
>   // reuse super renewal logic
>   synchronized (this) {
> --> super.currentTokens.put(id,  tokenInfo);
>     try {
> -->   return super.renewToken(token, renewer);
>     } finally {
> -->   super.currentTokens.remove(id);
>     }
>   }
> } {code}
> Here you can see that we populate the `super.currentTokens` perform the renewal and then remove the token without updating the `tokenStore`
>  
> As a result of this even though the call for renewal is successful the renewal time is not updated for the token and the token is invalidated based on the initial expiry time i.e based on when the token was created.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)