Skip to content

branch-4.1: [fix](auth)Fix arrow flight client ip auth #63506#63592

Merged
yiguolei merged 1 commit into
branch-4.1from
auto-pick-63506-branch-4.1
May 25, 2026
Merged

branch-4.1: [fix](auth)Fix arrow flight client ip auth #63506#63592
yiguolei merged 1 commit into
branch-4.1from
auto-pick-63506-branch-4.1

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented May 25, 2026

Cherry-picked from #63506

@CalvinKirs
[fix](auth)Fix arrow flight client ip auth (#63506)
a6659ca 
## Changes  
In Doris 4.1.0, Arrow Flight SQL authentication may fail for users
created with a specific host/IP.

  Example input:


  ```sql
  CREATE USER 'read_user'@'192.0.2.10' IDENTIFIED BY '12345';
  GRANT SELECT_PRIV ON *.* TO 'read_user'@'192.0.2.10';
```
  Then connect through Arrow Flight SQL with the same username and password, for example by ADBC/Python or Arrow Flight JDBC.

  Actual wrong output:
```
  UNAUTHENTICATED: [FlightSQL] Unable to authenticate user read_user,
  exception: errCode = 2, detailMessage = Access denied for user
  'read_user@0.0.0.0' (using password: YES)
```
  Expected output:
```
The user should be authenticated as the real remote client identity, for
example:

  read_user@192.0.2.10

and the connection should succeed when the password and privileges match
that user@host.
```


  Root cause:

  Arrow Flight SQL previously used hardcoded remote IP 0.0.0.0 during username/password authentication. As a result, Doris matched the wrong user@host entry
  instead of using the actual client IP from the gRPC connection.

  This PR fixes Arrow Flight SQL authentication to use the real gRPC peer IP when validating credentials.
@github-actions github-actions Bot requested a review from yiguolei as a code owner May 25, 2026 07:00
@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 25, 2026

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

  1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
  2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
  3. What features were added. Why was this function added?
  4. Which code was refactored and why was this part of the code refactored?
  5. Which functions were optimized and what is the difference before and after the optimization?

@hello-stephen hello-stephen reopened this May 25, 2026
@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 25, 2026

run buildall

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 25, 2026

FE UT Coverage Report

Increment line coverage 60.00% (21/35) 🎉
Increment coverage report
Complete coverage report

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 25, 2026

FE Regression Coverage Report

Increment line coverage 62.86% (22/35) 🎉
Increment coverage report
Complete coverage report

@yiguolei
Copy link
Copy Markdown
Contributor

yiguolei commented May 25, 2026

skip buildall

@github-actions github-actions Bot added the approved Indicates a PR has been approved by one committer. label May 25, 2026
@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented May 25, 2026

PR approved by at least one committer and no changes requested.

@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented May 25, 2026

PR approved by anyone and no changes requested.

@yiguolei yiguolei merged commit b672f27 into branch-4.1 May 25, 2026
32 of 34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yiguolei yiguolei yiguolei approved these changes

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by one committer. reviewed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hello-stephen @yiguolei @CalvinKirs