HDFS-7386. Replace check "port number < 1024" with shared isPrivilegedPort method. Contributed by Yongjun Zhang.

(cherry picked from commit 1925e2a4ae)

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java

@@ -621,4 +621,19 @@ public class SecurityUtil {
     conf.set(HADOOP_SECURITY_AUTHENTICATION,
              authenticationMethod.toString().toLowerCase(Locale.ENGLISH));
   }
+
+  /*
+   * Check if a given port is privileged.
+   * The ports with number smaller than 1024 are treated as privileged ports in
+   * unix/linux system. For other operating systems, use this method with care.
+   * For example, Windows doesn't have the concept of privileged ports.
+   * However, it may be used at Windows client to check port of linux server.
+   * 
+   * @param port the port number
+   * @return true for privileged ports, false otherwise
+   * 
+   */
+  public static boolean isPrivilegedPort(final int port) {
+    return port < 1024;
+  }
 }

hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

@@ -101,6 +101,9 @@ Release 2.7.0 - UNRELEASED
     HDFS-7375. Move FSClusterStats to o.a.h.h.hdfs.server.blockmanagement.
     (wheat9)
 
+    HDFS-7386. Replace check "port number < 1024" with shared isPrivilegedPort
+    method. (Yongjun Zhang via cnauroth)
+
   OPTIMIZATIONS
 
   BUG FIXES

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java

@@ -52,6 +52,7 @@ import org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver;
 import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
 import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey;
 import org.apache.hadoop.security.SaslPropertiesResolver;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.slf4j.Logger;
@@ -245,7 +246,7 @@ public class SaslDataTransferClient {
         "SASL client skipping handshake in unsecured configuration for "
         + "addr = {}, datanodeId = {}", addr, datanodeId);
       return null;
-    } else if (datanodeId.getXferPort() < 1024) {
+    } else if (SecurityUtil.isPrivilegedPort(datanodeId.getXferPort())) {
       LOG.debug(
         "SASL client skipping handshake in secured configuration with "
         + "privileged port for addr = {}, datanodeId = {}", addr, datanodeId);

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java

@@ -50,6 +50,7 @@ import org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager;
 import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
 import org.apache.hadoop.hdfs.server.datanode.DNConf;
 import org.apache.hadoop.security.SaslPropertiesResolver;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -112,7 +113,7 @@ public class SaslDataTransferServer {
         "SASL server skipping handshake in unsecured configuration for "
         + "peer = {}, datanodeId = {}", peer, datanodeId);
       return new IOStreamPair(underlyingIn, underlyingOut);
-    } else if (xferPort < 1024) {
+    } else if (SecurityUtil.isPrivilegedPort(xferPort)) {
       LOG.debug(
         "SASL server skipping handshake in secured configuration for "
         + "peer = {}, datanodeId = {}", peer, datanodeId);

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java

@@ -29,6 +29,7 @@ import org.apache.hadoop.hdfs.HdfsConfiguration;
 import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
 import org.apache.hadoop.http.HttpConfig;
 import org.apache.hadoop.http.HttpServer2;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.mortbay.jetty.Connector;
 
@@ -110,7 +111,7 @@ public class SecureDataNodeStarter implements Daemon {
               + ss.getLocalPort());
     }
 
-    if (ss.getLocalPort() > 1023 && isSecure) {
+    if (!SecurityUtil.isPrivilegedPort(ss.getLocalPort()) && isSecure) {
       throw new RuntimeException(
         "Cannot start secure datanode with unprivileged RPC ports");
     }