Skip to content

[fix](auth)Fix arrow flight client ip auth#63506

Merged
CalvinKirs merged 3 commits into
apache:masterfrom
CalvinKirs:fix-arrow-flight-client-ip-auth
May 25, 2026
Merged

[fix](auth)Fix arrow flight client ip auth#63506
CalvinKirs merged 3 commits into
apache:masterfrom
CalvinKirs:fix-arrow-flight-client-ip-auth

Conversation

@CalvinKirs
Copy link
Copy Markdown
Member

@CalvinKirs CalvinKirs commented May 22, 2026
edited
Loading

Changes

In Doris 4.1.0, Arrow Flight SQL authentication may fail for users created with a specific host/IP.

Example input:

CREATE USER 'read_user'@'192.0.2.10' IDENTIFIED BY '12345';
GRANT SELECT_PRIV ON *.* TO 'read_user'@'192.0.2.10';

Then connect through Arrow Flight SQL with the same username and password, for example by ADBC/Python or Arrow Flight JDBC.

Actual wrong output:

  UNAUTHENTICATED: [FlightSQL] Unable to authenticate user read_user,
  exception: errCode = 2, detailMessage = Access denied for user
  'read_user@0.0.0.0' (using password: YES)

Expected output:

  The user should be authenticated as the real remote client identity, for example:

  read_user@192.0.2.10

  and the connection should succeed when the password and privileges match that user@host.

Root cause:

Arrow Flight SQL previously used hardcoded remote IP 0.0.0.0 during username/password authentication. As a result, Doris matched the wrong user@host entry
instead of using the actual client IP from the gRPC connection.

This PR fixes Arrow Flight SQL authentication to use the real gRPC peer IP when validating credentials.

@CalvinKirs CalvinKirs marked this pull request as ready for review May 22, 2026 02:35
@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 22, 2026

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

  1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
  2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
  3. What features were added. Why was this function added?
  4. Which code was refactored and why was this part of the code refactored?
  5. Which functions were optimized and what is the difference before and after the optimization?

@CalvinKirs
Copy link
Copy Markdown
Member Author

CalvinKirs commented May 22, 2026

run buildall

@CalvinKirs
Copy link
Copy Markdown
Member Author

CalvinKirs commented May 22, 2026

/review

github-actions[bot]
github-actions Bot reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed PR 63506 against the Doris code-review checklist and threat model.

Critical checkpoint conclusions:

  • Goal/test coverage: The PR fixes Arrow Flight SQL password authentication to use the real gRPC peer IP instead of always using 0.0.0.0. The unit test covers tracer extraction/fallback and the regression test exercises host-qualified authentication through Arrow Flight SQL.
  • Scope/focus: The implementation is small and focused on FE Arrow Flight auth plus tests.
  • Concurrency/lifecycle: The gRPC Context holder is per-call; no shared mutable cross-call state was introduced. The holder value is only used during call authentication and token creation.
  • Configuration/compatibility: No new config, storage format, or FE-BE protocol compatibility concern.
  • Parallel paths: This aligns Arrow Flight credential auth with existing MySQL-style remote-host password checks; bearer-token session creation continues to use the remote IP captured at initial credential authentication.
  • Error handling: Authentication failures continue through the existing Arrow Flight UNAUTHENTICATED path.
  • Observability: Existing auth failure logging remains; no additional observability appears required for this focused fix.
  • Security/threat model: FE Arrow Flight is an in-scope client-facing endpoint. The change improves RBAC/auth host matching and does not add reverse-proxy header trust or broaden the boundary.
  • User focus: No additional user-provided review focus was specified.

No blocking issues found.

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 22, 2026

TPC-H: Total hot run time: 31606 ms 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit 6d90d8fec831866d45f171290386f4e049ace7d1, data reload: false

------ Round 1 ----------------------------------
orders	Doris	NULL	NULL	0	0	0	NULL	0	NULL	NULL	2023-12-26 18:27:23	2023-12-26 18:42:55	NULL	utf-8	NULL	NULL	
============================================
q1	17790	4011	4012	4011
q2	q3	10809	1356	802	802
q4	4683	473	344	344
q5	7555	2348	2075	2075
q6	241	188	142	142
q7	938	769	623	623
q8	9380	1723	1644	1644
q9	5215	4964	4916	4916
q10	6406	2123	1809	1809
q11	437	274	246	246
q12	636	436	308	308
q13	18094	3428	2708	2708
q14	267	263	236	236
q15	q16	821	768	719	719
q17	1002	1003	1011	1003
q18	6947	5683	5470	5470
q19	1364	1352	1147	1147
q20	576	544	296	296
q21	6529	2858	2785	2785
q22	463	369	322	322
Total cold run time: 100153 ms
Total hot run time: 31606 ms

----- Round 2, with runtime_filter_mode=off -----
orders	Doris	NULL	NULL	150000000	42	6422171781	NULL	22778155	NULL	NULL	2023-12-26 18:27:23	2023-12-26 18:42:55	NULL	utf-8	NULL	NULL	
============================================
q1	4843	4706	4688	4688
q2	q3	4884	5190	4657	4657
q4	2144	2195	1448	1448
q5	4894	4688	4679	4679
q6	236	178	139	139
q7	1955	1723	1521	1521
q8	2411	2121	2098	2098
q9	7720	7460	7281	7281
q10	4476	4394	4000	4000
q11	529	374	342	342
q12	722	717	519	519
q13	3025	3412	2777	2777
q14	270	282	246	246
q15	q16	691	698	617	617
q17	1269	1240	1257	1240
q18	7210	6735	6785	6735
q19	1129	1087	1088	1087
q20	2206	2215	1940	1940
q21	5372	4617	4552	4552
q22	516	460	425	425
Total cold run time: 56502 ms
Total hot run time: 50991 ms

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 22, 2026

TPC-DS: Total hot run time: 169467 ms 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit 6d90d8fec831866d45f171290386f4e049ace7d1, data reload: false

query5	4328	664	520	520
query6	344	220	201	201
query7	4264	593	307	307
query8	350	230	216	216
query9	8836	3946	3996	3946
query10	455	340	296	296
query11	5778	2414	2231	2231
query12	180	129	126	126
query13	1278	598	414	414
query14	6085	5476	5074	5074
query14_1	4384	4379	4388	4379
query15	218	205	183	183
query16	979	459	447	447
query17	1172	745	614	614
query18	2495	494	364	364
query19	222	210	174	174
query20	143	132	131	131
query21	221	147	124	124
query22	13696	13586	13313	13313
query23	17246	16384	16051	16051
query23_1	16238	16161	16142	16142
query24	7552	1785	1305	1305
query24_1	1341	1298	1307	1298
query25	590	515	412	412
query26	1347	321	167	167
query27	2659	578	334	334
query28	4408	1978	1961	1961
query29	1034	625	495	495
query30	301	238	200	200
query31	1118	1055	926	926
query32	86	76	75	75
query33	530	347	289	289
query34	1221	1167	660	660
query35	761	782	672	672
query36	1329	1391	1143	1143
query37	152	107	92	92
query38	3222	3162	3076	3076
query39	938	937	903	903
query39_1	864	881	869	869
query40	240	149	127	127
query41	67	66	62	62
query42	110	113	109	109
query43	322	337	288	288
query44	
query45	215	203	197	197
query46	1092	1206	748	748
query47	2278	2249	2164	2164
query48	408	405	289	289
query49	635	493	395	395
query50	988	361	253	253
query51	4289	4248	4210	4210
query52	102	108	95	95
query53	253	287	199	199
query54	313	276	275	275
query55	93	90	87	87
query56	302	306	290	290
query57	1420	1395	1281	1281
query58	305	273	268	268
query59	1601	1622	1384	1384
query60	316	331	305	305
query61	159	152	158	152
query62	679	626	563	563
query63	252	198	197	197
query64	2431	773	608	608
query65	
query66	1715	509	361	361
query67	30170	30032	29938	29938
query68	
query69	470	358	303	303
query70	1014	1005	989	989
query71	317	278	266	266
query72	3043	2743	2412	2412
query73	795	772	449	449
query74	5096	4933	4744	4744
query75	2687	2610	2271	2271
query76	2287	1155	804	804
query77	400	415	345	345
query78	12164	12243	11672	11672
query79	1324	1079	763	763
query80	632	587	490	490
query81	479	284	237	237
query82	248	167	124	124
query83	279	278	257	257
query84	268	152	116	116
query85	905	522	451	451
query86	367	318	323	318
query87	3376	3395	3215	3215
query88	3592	2685	2649	2649
query89	429	382	334	334
query90	2166	184	184	184
query91	175	170	143	143
query92	81	80	71	71
query93	1390	1521	851	851
query94	536	364	323	323
query95	672	400	440	400
query96	1031	821	326	326
query97	2673	2711	2537	2537
query98	236	231	229	229
query99	1139	1104	992	992
Total cold run time: 252271 ms
Total hot run time: 169467 ms

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 22, 2026

FE Regression Coverage Report

Increment line coverage 44.00% (22/50) 🎉
Increment coverage report
Complete coverage report

@CalvinKirs
[fix](regression) Grant compute group in Arrow Flight auth test
c555dbc 
### What problem does this PR solve?

Issue Number: None

Related PR: None

Problem Summary: The Arrow Flight remote IP authentication regression creates host-specific users and grants only SELECT_PRIV. In cloud mode those authenticated users also need compute group usage privilege before SELECT 1 can execute.

### Release note

None

### Check List (For Author)

- Test: Manual test
    - Ran `git diff --check`
    - Attempted regression test with `timeout 45 ./run-regression-test.sh --run -d arrow_flight_sql_p0 -s test_auth_remote_ip`, but the local cluster failed before the Arrow Flight query because BE nodes were not alive: `No backend available as scan node`
- Behavior changed: No
- Does this need documentation: No
@CalvinKirs
Copy link
Copy Markdown
Member Author

CalvinKirs commented May 22, 2026

run buildall

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 22, 2026

TPC-H: Total hot run time: 31258 ms 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit 6d90d8fec831866d45f171290386f4e049ace7d1, data reload: false

------ Round 1 ----------------------------------
orders	Doris	NULL	NULL	0	0	0	NULL	0	NULL	NULL	2023-12-26 18:27:23	2023-12-26 18:42:55	NULL	utf-8	NULL	NULL	
============================================
q1	17625	3863	3887	3863
q2	q3	10781	1401	783	783
q4	4685	474	344	344
q5	7563	2454	2105	2105
q6	230	176	136	136
q7	945	780	634	634
q8	9382	1785	1594	1594
q9	5182	4868	4901	4868
q10	6407	2089	1787	1787
q11	436	265	236	236
q12	628	422	283	283
q13	18111	3401	2820	2820
q14	255	257	231	231
q15	q16	814	766	721	721
q17	868	880	899	880
q18	6925	5715	5609	5609
q19	1365	1202	1059	1059
q20	519	397	266	266
q21	6254	2835	2716	2716
q22	474	378	323	323
Total cold run time: 99449 ms
Total hot run time: 31258 ms

----- Round 2, with runtime_filter_mode=off -----
orders	Doris	NULL	NULL	150000000	42	6422171781	NULL	22778155	NULL	NULL	2023-12-26 18:27:23	2023-12-26 18:42:55	NULL	utf-8	NULL	NULL	
============================================
q1	4789	4674	4600	4600
q2	q3	4856	5298	4568	4568
q4	2131	2183	1383	1383
q5	4893	4592	4600	4592
q6	243	200	132	132
q7	1913	1718	1512	1512
q8	2364	2054	2058	2054
q9	7698	7188	7165	7165
q10	4469	4375	3971	3971
q11	527	372	339	339
q12	705	727	508	508
q13	3010	3358	2812	2812
q14	263	269	252	252
q15	q16	678	686	621	621
q17	1256	1227	1212	1212
q18	7385	6718	6659	6659
q19	1092	1121	1103	1103
q20	2208	2222	1931	1931
q21	5291	4565	4500	4500
q22	520	453	414	414
Total cold run time: 56291 ms
Total hot run time: 50328 ms

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 22, 2026

TPC-DS: Total hot run time: 169080 ms 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit 6d90d8fec831866d45f171290386f4e049ace7d1, data reload: false

query5	4322	653	507	507
query6	334	215	201	201
query7	4251	552	307	307
query8	334	236	219	219
query9	8828	4039	4027	4027
query10	455	344	300	300
query11	5818	2546	2263	2263
query12	186	131	128	128
query13	1278	614	449	449
query14	6069	5293	5012	5012
query14_1	4385	4332	4322	4322
query15	209	203	191	191
query16	1000	447	434	434
query17	1011	721	615	615
query18	2481	491	366	366
query19	208	197	158	158
query20	130	127	124	124
query21	209	135	117	117
query22	13697	13636	13431	13431
query23	17208	16293	15972	15972
query23_1	16223	16116	16171	16116
query24	7406	1770	1277	1277
query24_1	1314	1307	1333	1307
query25	583	512	445	445
query26	1314	318	173	173
query27	2733	546	371	371
query28	4548	1955	1958	1955
query29	988	621	490	490
query30	303	232	197	197
query31	1126	1059	940	940
query32	88	78	71	71
query33	530	345	289	289
query34	1158	1115	637	637
query35	773	779	679	679
query36	1305	1345	1164	1164
query37	168	102	88	88
query38	3222	3141	3052	3052
query39	922	910	891	891
query39_1	860	907	864	864
query40	229	149	123	123
query41	68	65	67	65
query42	110	110	109	109
query43	330	329	284	284
query44	
query45	212	197	194	194
query46	1093	1223	732	732
query47	2271	2289	2201	2201
query48	397	406	292	292
query49	622	498	371	371
query50	1034	360	249	249
query51	4327	4295	4281	4281
query52	103	104	94	94
query53	256	287	212	212
query54	308	268	258	258
query55	94	92	88	88
query56	289	304	296	296
query57	1391	1339	1276	1276
query58	294	265	266	265
query59	1562	1627	1403	1403
query60	320	330	311	311
query61	159	179	179	179
query62	683	627	562	562
query63	247	203	213	203
query64	2501	830	631	631
query65	
query66	1732	469	346	346
query67	30207	29954	29331	29331
query68	
query69	454	337	296	296
query70	1012	963	942	942
query71	304	273	272	272
query72	3024	2682	2535	2535
query73	838	783	411	411
query74	5089	4956	4767	4767
query75	2679	2590	2233	2233
query76	2268	1138	811	811
query77	405	397	335	335
query78	12088	12209	11545	11545
query79	1355	1012	726	726
query80	667	564	484	484
query81	453	282	252	252
query82	1376	163	128	128
query83	365	276	253	253
query84	302	145	117	117
query85	987	614	537	537
query86	386	323	310	310
query87	3405	3409	3229	3229
query88	3590	2700	2686	2686
query89	436	392	339	339
query90	1908	199	192	192
query91	229	178	147	147
query92	80	80	79	79
query93	1533	1505	839	839
query94	535	361	319	319
query95	669	382	433	382
query96	1026	778	321	321
query97	2723	2688	2554	2554
query98	245	227	232	227
query99	1110	1131	990	990
Total cold run time: 253117 ms
Total hot run time: 169080 ms

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 22, 2026

FE UT Coverage Report

Increment line coverage 60.00% (21/35) 🎉
Increment coverage report
Complete coverage report

@CalvinKirs
Copy link
Copy Markdown
Member Author

CalvinKirs commented May 22, 2026

run buildall

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 22, 2026

TPC-H: Total hot run time: 31003 ms 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit c555dbc2d8d8368db3d65491017b8f731ad313f4, data reload: false

------ Round 1 ----------------------------------
orders	Doris	NULL	NULL	0	0	0	NULL	0	NULL	NULL	2023-12-26 18:27:23	2023-12-26 18:42:55	NULL	utf-8	NULL	NULL	
============================================
q1	17630	4000	3858	3858
q2	q3	10750	1370	805	805
q4	4688	479	349	349
q5	7604	2305	2082	2082
q6	239	176	139	139
q7	956	775	628	628
q8	9407	1700	1569	1569
q9	5231	4930	4902	4902
q10	6405	2073	1800	1800
q11	428	269	239	239
q12	622	418	293	293
q13	18097	3389	2771	2771
q14	260	249	234	234
q15	q16	816	778	712	712
q17	956	926	974	926
q18	6960	5711	5512	5512
q19	1281	1252	1031	1031
q20	523	398	252	252
q21	6413	2819	2582	2582
q22	467	389	319	319
Total cold run time: 99733 ms
Total hot run time: 31003 ms

----- Round 2, with runtime_filter_mode=off -----
orders	Doris	NULL	NULL	150000000	42	6422171781	NULL	22778155	NULL	NULL	2023-12-26 18:27:23	2023-12-26 18:42:55	NULL	utf-8	NULL	NULL	
============================================
q1	4803	4415	4535	4415
q2	q3	4856	5269	4661	4661
q4	2153	2196	1428	1428
q5	4769	4850	4669	4669
q6	240	173	130	130
q7	1835	1710	1597	1597
q8	2373	2067	2028	2028
q9	7765	7640	7323	7323
q10	4453	4407	3990	3990
q11	526	386	351	351
q12	719	724	514	514
q13	2962	3299	2768	2768
q14	280	282	252	252
q15	q16	680	704	605	605
q17	1278	1236	1234	1234
q18	7106	6825	6749	6749
q19	1136	1111	1091	1091
q20	2222	2217	1931	1931
q21	5337	4668	4564	4564
q22	519	463	425	425
Total cold run time: 56012 ms
Total hot run time: 50725 ms

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 22, 2026

TPC-DS: Total hot run time: 168666 ms 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit c555dbc2d8d8368db3d65491017b8f731ad313f4, data reload: false

query5	4341	652	510	510
query6	350	222	196	196
query7	4258	540	332	332
query8	334	230	231	230
query9	8849	3968	3951	3951
query10	436	347	301	301
query11	5690	2617	2215	2215
query12	179	127	123	123
query13	1261	611	431	431
query14	5919	5337	5044	5044
query14_1	4356	4297	4361	4297
query15	210	203	177	177
query16	1000	453	447	447
query17	1118	715	574	574
query18	2492	477	348	348
query19	217	205	160	160
query20	132	130	127	127
query21	238	142	119	119
query22	13696	13575	13348	13348
query23	17384	16426	16129	16129
query23_1	16080	16077	16144	16077
query24	7503	1742	1279	1279
query24_1	1327	1281	1297	1281
query25	547	473	406	406
query26	1313	316	174	174
query27	2704	566	348	348
query28	4421	1956	1936	1936
query29	988	603	493	493
query30	301	237	198	198
query31	1141	1098	943	943
query32	88	75	70	70
query33	537	377	314	314
query34	1167	1220	650	650
query35	778	785	682	682
query36	1331	1333	1228	1228
query37	154	107	95	95
query38	3214	3136	3070	3070
query39	937	916	884	884
query39_1	893	870	888	870
query40	239	152	129	129
query41	72	86	70	70
query42	116	116	112	112
query43	327	333	294	294
query44	
query45	217	204	201	201
query46	1077	1190	731	731
query47	2312	2295	2196	2196
query48	406	423	317	317
query49	657	507	413	413
query50	1033	345	253	253
query51	4283	4237	4205	4205
query52	106	104	97	97
query53	263	277	204	204
query54	324	288	289	288
query55	95	94	90	90
query56	320	323	333	323
query57	1442	1404	1312	1312
query58	306	280	286	280
query59	1546	1603	1412	1412
query60	345	340	325	325
query61	183	184	184	184
query62	690	618	569	569
query63	246	210	208	208
query64	2475	863	681	681
query65	
query66	1743	500	386	386
query67	30075	29929	29825	29825
query68	
query69	475	337	312	312
query70	1011	1027	1001	1001
query71	354	274	264	264
query72	3063	2704	2386	2386
query73	869	727	404	404
query74	5074	4957	4769	4769
query75	2660	2584	2252	2252
query76	2313	1134	740	740
query77	388	405	329	329
query78	12157	12083	11540	11540
query79	1431	1028	719	719
query80	644	538	449	449
query81	452	279	237	237
query82	1368	154	124	124
query83	362	289	251	251
query84	257	141	116	116
query85	906	565	458	458
query86	394	324	326	324
query87	3401	3387	3193	3193
query88	3527	2628	2621	2621
query89	454	380	338	338
query90	1969	182	176	176
query91	178	168	141	141
query92	83	76	71	71
query93	1472	1346	857	857
query94	558	329	314	314
query95	658	382	349	349
query96	1023	810	320	320
query97	2702	2678	2573	2573
query98	236	234	231	231
query99	1135	1102	979	979
Total cold run time: 253390 ms
Total hot run time: 168666 ms

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 22, 2026

FE Regression Coverage Report

Increment line coverage 62.86% (22/35) 🎉
Increment coverage report
Complete coverage report

@CalvinKirs
Copy link
Copy Markdown
Member Author

CalvinKirs commented May 25, 2026

/review

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 25, 2026

OpenCode automated review failed and did not complete.

Error: Review step was failure (possibly timeout or cancelled)
Workflow run: https://github.com/apache/doris/actions/runs/26380530843

Please inspect the workflow logs and rerun the review after the underlying issue is resolved.

@github-actions github-actions Bot added the approved Indicates a PR has been approved by one committer. label May 25, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 25, 2026

PR approved by at least one committer and no changes requested.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 25, 2026

PR approved by anyone and no changes requested.

github-actions[bot]
github-actions Bot reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. I did not find a blocking issue in the live PR diff. The implementation uses a gRPC ServerStreamTracer to capture the peer address before Arrow Flight header authentication and passes that IP into Doris password/user@host matching; the token/session path then preserves the authenticated remote IP. The regression test covers fallback from the old hardcoded 0.0.0.0 behavior by creating that host entry with a wrong password and creating likely local/private remote host patterns with the valid password.\n\nCritical checkpoint conclusions:\n- Goal/test: The code addresses the stated Arrow Flight user@host auth issue and includes unit plus regression coverage.\n- Scope: The live PR is focused on Arrow Flight auth remote IP and its test.\n- Concurrency: The tracer is per stream; shared state is only a gRPC Context key with a per-call holder, so no cross-call state issue found.\n- Lifecycle/static init: No static initialization-order or special lifecycle issue found.\n- Config: No new config items.\n- Compatibility: No storage/protocol compatibility issue found; default fallback remains 0.0.0.0 when no peer address is available.\n- Parallel paths: Basic credential auth is the relevant path; bearer token/session creation consumes the captured IP through existing token details.\n- Conditional checks: Fallback handling for missing/non-INET peer address is reasonable.\n- Tests: Coverage is adequate for the changed behavior; I did not run tests in this review environment.\n- Observability: Existing auth errors/logging remain sufficient.\n- Transaction/persistence/data writes: Not applicable.\n- FE/BE variable passing: Not applicable.\n- Performance: No meaningful overhead beyond per-call tracer allocation/address extraction.\n\nThreat-model/user focus: FE Arrow Flight authentication is an in-scope client-facing auth path; no additional user-provided review focus was supplied.

@CalvinKirs CalvinKirs merged commit 01bf2d9 into apache:master May 25, 2026
34 checks passed
github-actions Bot pushed a commit that referenced this pull request May 25, 2026
@CalvinKirs
[fix](auth)Fix arrow flight client ip auth (#63506)
2728315 
## Changes  
In Doris 4.1.0, Arrow Flight SQL authentication may fail for users
created with a specific host/IP.

  Example input:


  ```sql
  CREATE USER 'read_user'@'192.0.2.10' IDENTIFIED BY '12345';
  GRANT SELECT_PRIV ON *.* TO 'read_user'@'192.0.2.10';
```
  Then connect through Arrow Flight SQL with the same username and password, for example by ADBC/Python or Arrow Flight JDBC.

  Actual wrong output:
```
  UNAUTHENTICATED: [FlightSQL] Unable to authenticate user read_user,
  exception: errCode = 2, detailMessage = Access denied for user
  'read_user@0.0.0.0' (using password: YES)
```
  Expected output:
```
The user should be authenticated as the real remote client identity, for
example:

  read_user@192.0.2.10

and the connection should succeed when the password and privileges match
that user@host.
```


  Root cause:

  Arrow Flight SQL previously used hardcoded remote IP 0.0.0.0 during username/password authentication. As a result, Doris matched the wrong user@host entry
  instead of using the actual client IP from the gRPC connection.

  This PR fixes Arrow Flight SQL authentication to use the real gRPC peer IP when validating credentials.
This was referenced May 25, 2026
Merged
Merged
github-actions Bot pushed a commit that referenced this pull request May 25, 2026
@CalvinKirs
[fix](auth)Fix arrow flight client ip auth (#63506)
a6659ca 
## Changes  
In Doris 4.1.0, Arrow Flight SQL authentication may fail for users
created with a specific host/IP.

  Example input:


  ```sql
  CREATE USER 'read_user'@'192.0.2.10' IDENTIFIED BY '12345';
  GRANT SELECT_PRIV ON *.* TO 'read_user'@'192.0.2.10';
```
  Then connect through Arrow Flight SQL with the same username and password, for example by ADBC/Python or Arrow Flight JDBC.

  Actual wrong output:
```
  UNAUTHENTICATED: [FlightSQL] Unable to authenticate user read_user,
  exception: errCode = 2, detailMessage = Access denied for user
  'read_user@0.0.0.0' (using password: YES)
```
  Expected output:
```
The user should be authenticated as the real remote client identity, for
example:

  read_user@192.0.2.10

and the connection should succeed when the password and privileges match
that user@host.
```


  Root cause:

  Arrow Flight SQL previously used hardcoded remote IP 0.0.0.0 during username/password authentication. As a result, Doris matched the wrong user@host entry
  instead of using the actual client IP from the gRPC connection.

  This PR fixes Arrow Flight SQL authentication to use the real gRPC peer IP when validating credentials.
yiguolei pushed a commit that referenced this pull request May 25, 2026
@github-actions @CalvinKirs
branch-4.0: [fix](auth)Fix arrow flight client ip auth #63506 (#63591)
b4d810c 
Cherry-picked from #63506

Co-authored-by: Calvin Kirs <guoqiang@selectdb.com>
yiguolei pushed a commit that referenced this pull request May 25, 2026
@github-actions @CalvinKirs
branch-4.1: [fix](auth)Fix arrow flight client ip auth #63506 (#63592)
b672f27 
Cherry-picked from #63506

Co-authored-by: Calvin Kirs <guoqiang@selectdb.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@morrySnow morrySnow morrySnow approved these changes

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by one committer. dev/3.1.x dev/4.0.6-merged dev/4.1.2-merged reviewed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CalvinKirs @hello-stephen @morrySnow @yiguolei