Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HDFS-7386. Replace check "port number < 1024" with shared isPrivilegedPort method. Contributed by Yongjun Zhang.

(cherry picked from commit 1925e2a4ae78ef4178393848b4d1d71b0f4a4709)
cnauroth 10 years ago
parent
8e524e8d60
commit
72207f65aa
5 changed files with 24 additions and 3 deletions
Split View Show Diff Stats
  1. 15 0
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
  2. 3 0
      hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
  3. 2 1
      hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
  4. 2 1
      hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
  5. 2 1
      hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java

+ 15 - 0
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
View File 

@@ -621,4 +621,19 @@ public class SecurityUtil {
 
     conf.set(HADOOP_SECURITY_AUTHENTICATION,
 
              authenticationMethod.toString().toLowerCase(Locale.ENGLISH));
 
   }
 
+
 
+  /*
 
+   * Check if a given port is privileged.
 
+   * The ports with number smaller than 1024 are treated as privileged ports in
 
+   * unix/linux system. For other operating systems, use this method with care.
 
+   * For example, Windows doesn't have the concept of privileged ports.
 
+   * However, it may be used at Windows client to check port of linux server.
 
+   * 
+   * @param port the port number
 
+   * @return true for privileged ports, false otherwise
 
+   * 
+   */
 
+  public static boolean isPrivilegedPort(final int port) {
 
+    return port < 1024;
 
+  }
 
 }

+ 3 - 0
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
View File 

@@ -101,6 +101,9 @@ Release 2.7.0 - UNRELEASED
 
     HDFS-7375. Move FSClusterStats to o.a.h.h.hdfs.server.blockmanagement.
 
     (wheat9)
 
 
+    HDFS-7386. Replace check "port number < 1024" with shared isPrivilegedPort
 
+    method. (Yongjun Zhang via cnauroth)
 
+
 
   OPTIMIZATIONS
 
 
   BUG FIXES

+ 2 - 1
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
View File 

@@ -52,6 +52,7 @@ import org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver;
 
 import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
 
 import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey;
 
 import org.apache.hadoop.security.SaslPropertiesResolver;
 
+import org.apache.hadoop.security.SecurityUtil;
 
 import org.apache.hadoop.security.UserGroupInformation;
 
 import org.apache.hadoop.security.token.Token;
 
 import org.slf4j.Logger;
 
@@ -245,7 +246,7 @@ public class SaslDataTransferClient {
 
         "SASL client skipping handshake in unsecured configuration for "
 
         + "addr = {}, datanodeId = {}", addr, datanodeId);
 
       return null;
 
-    } else if (datanodeId.getXferPort() < 1024) {
 
+    } else if (SecurityUtil.isPrivilegedPort(datanodeId.getXferPort())) {
 
       LOG.debug(
 
         "SASL client skipping handshake in secured configuration with "
 
         + "privileged port for addr = {}, datanodeId = {}", addr, datanodeId);

+ 2 - 1
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
View File 

@@ -50,6 +50,7 @@ import org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager;
 
 import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
 
 import org.apache.hadoop.hdfs.server.datanode.DNConf;
 
 import org.apache.hadoop.security.SaslPropertiesResolver;
 
+import org.apache.hadoop.security.SecurityUtil;
 
 import org.apache.hadoop.security.UserGroupInformation;
 
 import org.slf4j.Logger;
 
 import org.slf4j.LoggerFactory;
 
@@ -112,7 +113,7 @@ public class SaslDataTransferServer {
 
         "SASL server skipping handshake in unsecured configuration for "
 
         + "peer = {}, datanodeId = {}", peer, datanodeId);
 
       return new IOStreamPair(underlyingIn, underlyingOut);
 
-    } else if (xferPort < 1024) {
 
+    } else if (SecurityUtil.isPrivilegedPort(xferPort)) {
 
       LOG.debug(
 
         "SASL server skipping handshake in secured configuration for "
 
         + "peer = {}, datanodeId = {}", peer, datanodeId);

+ 2 - 1
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
View File 

@@ -29,6 +29,7 @@ import org.apache.hadoop.hdfs.HdfsConfiguration;
 
 import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
 
 import org.apache.hadoop.http.HttpConfig;
 
 import org.apache.hadoop.http.HttpServer2;
 
+import org.apache.hadoop.security.SecurityUtil;
 
 import org.apache.hadoop.security.UserGroupInformation;
 
 import org.mortbay.jetty.Connector;
 
 
@@ -110,7 +111,7 @@ public class SecureDataNodeStarter implements Daemon {
 
               + ss.getLocalPort());
 
     }
 
 
-    if (ss.getLocalPort() > 1023 && isSecure) {
 
+    if (!SecurityUtil.isPrivilegedPort(ss.getLocalPort()) && isSecure) {
 
       throw new RuntimeException(
 
         "Cannot start secure datanode with unprivileged RPC ports");
 
     }