ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [ranger] tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin
Date Thu, 05 Mar 2020 10:40:32 GMT
tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin
URL: https://github.com/apache/ranger/pull/36#issuecomment-570348580
   some fixes:
change checkCanSetSystemSessionProperty to have a dummy IF condition that always results in
false so that session properties are never denied
change checkCanSetUser to have an IF condition (principal does not equal userName) then accessDenied.
This is critical so that users can't impersonate the privileges of another user
   public void checkCanSetUser(final Optional<Principal> principal, final String userName)
           final String loweruserName = userName.toLowerCase();
           RangerSystemAccessControl.LOG.info("==> RangerSystemAccessControl.checkCanSetUser(userName="
+ loweruserName + ")");
           if (principal.isPresent()) {
               final String principalName = principal.get().getName().toLowerCase();
               RangerSystemAccessControl.LOG.info("==> RangerSystemAccessControl.checkCanSetUser(principalName="
+ principalName + ")");
               if (!loweruserName.equals(principalName)) {
                   AccessDeniedException.denySetUser((Optional)principal, userName);
   https://github.com/prestodb/presto/issues/13394 remove deny in presto code

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

With regards,
Apache Git Services

View raw message