Skip to content

branch-4.0: [fix](auth)Fix arrow flight client ip auth #63506#63591

Merged
yiguolei merged 1 commit into
branch-4.0from
auto-pick-63506-branch-4.0
May 25, 2026
Merged

branch-4.0: [fix](auth)Fix arrow flight client ip auth #63506#63591
yiguolei merged 1 commit into
branch-4.0from
auto-pick-63506-branch-4.0

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented May 25, 2026

Cherry-picked from #63506

@CalvinKirs
[fix](auth)Fix arrow flight client ip auth (#63506)
2728315 
## Changes  
In Doris 4.1.0, Arrow Flight SQL authentication may fail for users
created with a specific host/IP.

  Example input:


  ```sql
  CREATE USER 'read_user'@'192.0.2.10' IDENTIFIED BY '12345';
  GRANT SELECT_PRIV ON *.* TO 'read_user'@'192.0.2.10';
```
  Then connect through Arrow Flight SQL with the same username and password, for example by ADBC/Python or Arrow Flight JDBC.

  Actual wrong output:
```
  UNAUTHENTICATED: [FlightSQL] Unable to authenticate user read_user,
  exception: errCode = 2, detailMessage = Access denied for user
  'read_user@0.0.0.0' (using password: YES)
```
  Expected output:
```
The user should be authenticated as the real remote client identity, for
example:

  read_user@192.0.2.10

and the connection should succeed when the password and privileges match
that user@host.
```


  Root cause:

  Arrow Flight SQL previously used hardcoded remote IP 0.0.0.0 during username/password authentication. As a result, Doris matched the wrong user@host entry
  instead of using the actual client IP from the gRPC connection.

  This PR fixes Arrow Flight SQL authentication to use the real gRPC peer IP when validating credentials.
@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 25, 2026

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

  1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
  2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
  3. What features were added. Why was this function added?
  4. Which code was refactored and why was this part of the code refactored?
  5. Which functions were optimized and what is the difference before and after the optimization?

@hello-stephen hello-stephen reopened this May 25, 2026
@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 25, 2026

run buildall

@yiguolei
Copy link
Copy Markdown
Contributor

yiguolei commented May 25, 2026

skip buildall

@github-actions github-actions Bot added the approved Indicates a PR has been approved by one committer. label May 25, 2026
@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented May 25, 2026

PR approved by at least one committer and no changes requested.

@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented May 25, 2026

PR approved by anyone and no changes requested.

@yiguolei yiguolei merged commit b4d810c into branch-4.0 May 25, 2026
31 of 33 checks passed
@github-actions github-actions Bot deleted the auto-pick-63506-branch-4.0 branch May 25, 2026 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yiguolei yiguolei yiguolei approved these changes

@morningman morningman Awaiting requested review from morningman morningman is a code owner

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by one committer. reviewed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hello-stephen @yiguolei @CalvinKirs