Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDFS-7386. Replace check "port number < 1024" with shared isPrivilegedPort method. Contributed by Yongjun Zhang.

This commit is contained in:
cnauroth 2014-11-14 16:43:09 -08:00
parent 4fb96dbe3b
commit 1925e2a4ae
5 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
View File

@ -621,4 +621,19 @@ public static void setAuthenticationMethod(
conf.set(HADOOP_SECURITY_AUTHENTICATION,
authenticationMethod.toString().toLowerCase(Locale.ENGLISH));
}
/*
* Check if a given port is privileged.
* The ports with number smaller than 1024 are treated as privileged ports in
* unix/linux system. For other operating systems, use this method with care.
* For example, Windows doesn't have the concept of privileged ports.
* However, it may be used at Windows client to check port of linux server.
*
* @param port the port number
* @return true for privileged ports, false otherwise
*
*/
public static boolean isPrivilegedPort(final int port) {
return port < 1024;
}
}

3
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
View File

@ -356,6 +356,9 @@ Release 2.7.0 - UNRELEASED
HDFS-7375. Move FSClusterStats to o.a.h.h.hdfs.server.blockmanagement.
(wheat9)
HDFS-7386. Replace check "port number < 1024" with shared isPrivilegedPort
method. (Yongjun Zhang via cnauroth)
OPTIMIZATIONS
BUG FIXES

3
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
View File

@ -52,6 +52,7 @@
import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey;
import org.apache.hadoop.security.SaslPropertiesResolver;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.slf4j.Logger;
@ -245,7 +246,7 @@ private IOStreamPair send(InetAddress addr, OutputStream underlyingOut,
"SASL client skipping handshake in unsecured configuration for "
+ "addr = {}, datanodeId = {}", addr, datanodeId);
return null;
} else if (datanodeId.getXferPort() < 1024) {
} else if (SecurityUtil.isPrivilegedPort(datanodeId.getXferPort())) {
LOG.debug(
"SASL client skipping handshake in secured configuration with "
+ "privileged port for addr = {}, datanodeId = {}", addr, datanodeId);

3
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
View File

@ -50,6 +50,7 @@
import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
import org.apache.hadoop.hdfs.server.datanode.DNConf;
import org.apache.hadoop.security.SaslPropertiesResolver;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -112,7 +113,7 @@ public IOStreamPair receive(Peer peer, OutputStream underlyingOut,
"SASL server skipping handshake in unsecured configuration for "
+ "peer = {}, datanodeId = {}", peer, datanodeId);
return new IOStreamPair(underlyingIn, underlyingOut);
} else if (xferPort < 1024) {
} else if (SecurityUtil.isPrivilegedPort(xferPort)) {
LOG.debug(
"SASL server skipping handshake in secured configuration for "
+ "peer = {}, datanodeId = {}", peer, datanodeId);

3
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
View File

@ -29,6 +29,7 @@
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.http.HttpServer2;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.mortbay.jetty.Connector;
@ -110,7 +111,7 @@ public static SecureResources getSecureResources(Configuration conf)
+ ss.getLocalPort());
}
if (ss.getLocalPort() > 1023 && isSecure) {
if (!SecurityUtil.isPrivilegedPort(ss.getLocalPort()) && isSecure) {
throw new RuntimeException(
"Cannot start secure datanode with unprivileged RPC ports");
}