hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vinayakum...@apache.org
Subject [41/45] hadoop git commit: HDFS-7386. Replace check "port number < 1024" with shared isPrivilegedPort method. Contributed by Yongjun Zhang.
Date Mon, 17 Nov 2014 06:30:43 GMT
HDFS-7386. Replace check "port number < 1024" with shared isPrivilegedPort method. Contributed
by Yongjun Zhang.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/1925e2a4
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/1925e2a4
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/1925e2a4

Branch: refs/heads/HDFS-EC
Commit: 1925e2a4ae78ef4178393848b4d1d71b0f4a4709
Parents: 4fb96db
Author: cnauroth <cnauroth@apache.org>
Authored: Fri Nov 14 16:43:09 2014 -0800
Committer: cnauroth <cnauroth@apache.org>
Committed: Fri Nov 14 16:43:09 2014 -0800

----------------------------------------------------------------------
 .../org/apache/hadoop/security/SecurityUtil.java     | 15 +++++++++++++++
 hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt          |  3 +++
 .../datatransfer/sasl/SaslDataTransferClient.java    |  3 ++-
 .../datatransfer/sasl/SaslDataTransferServer.java    |  3 ++-
 .../hdfs/server/datanode/SecureDataNodeStarter.java  |  3 ++-
 5 files changed, 24 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/1925e2a4/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
index 27870c3..7cbee26 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
@@ -621,4 +621,19 @@ public class SecurityUtil {
     conf.set(HADOOP_SECURITY_AUTHENTICATION,
              authenticationMethod.toString().toLowerCase(Locale.ENGLISH));
   }
+
+  /*
+   * Check if a given port is privileged.
+   * The ports with number smaller than 1024 are treated as privileged ports in
+   * unix/linux system. For other operating systems, use this method with care.
+   * For example, Windows doesn't have the concept of privileged ports.
+   * However, it may be used at Windows client to check port of linux server.
+   * 
+   * @param port the port number
+   * @return true for privileged ports, false otherwise
+   * 
+   */
+  public static boolean isPrivilegedPort(final int port) {
+    return port < 1024;
+  }
 }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/1925e2a4/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index 957d7ae..2917ea9 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -356,6 +356,9 @@ Release 2.7.0 - UNRELEASED
     HDFS-7375. Move FSClusterStats to o.a.h.h.hdfs.server.blockmanagement.
     (wheat9)
 
+    HDFS-7386. Replace check "port number < 1024" with shared isPrivilegedPort
+    method. (Yongjun Zhang via cnauroth)
+
   OPTIMIZATIONS
 
   BUG FIXES

http://git-wip-us.apache.org/repos/asf/hadoop/blob/1925e2a4/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
index 98cdcfe..00b131f 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
@@ -52,6 +52,7 @@ import org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver;
 import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
 import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey;
 import org.apache.hadoop.security.SaslPropertiesResolver;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.slf4j.Logger;
@@ -245,7 +246,7 @@ public class SaslDataTransferClient {
         "SASL client skipping handshake in unsecured configuration for "
         + "addr = {}, datanodeId = {}", addr, datanodeId);
       return null;
-    } else if (datanodeId.getXferPort() < 1024) {
+    } else if (SecurityUtil.isPrivilegedPort(datanodeId.getXferPort())) {
       LOG.debug(
         "SASL client skipping handshake in secured configuration with "
         + "privileged port for addr = {}, datanodeId = {}", addr, datanodeId);

http://git-wip-us.apache.org/repos/asf/hadoop/blob/1925e2a4/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
index 3fa7727..1d2b30b 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
@@ -50,6 +50,7 @@ import org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager;
 import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
 import org.apache.hadoop.hdfs.server.datanode.DNConf;
 import org.apache.hadoop.security.SaslPropertiesResolver;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -112,7 +113,7 @@ public class SaslDataTransferServer {
         "SASL server skipping handshake in unsecured configuration for "
         + "peer = {}, datanodeId = {}", peer, datanodeId);
       return new IOStreamPair(underlyingIn, underlyingOut);
-    } else if (xferPort < 1024) {
+    } else if (SecurityUtil.isPrivilegedPort(xferPort)) {
       LOG.debug(
         "SASL server skipping handshake in secured configuration for "
         + "peer = {}, datanodeId = {}", peer, datanodeId);

http://git-wip-us.apache.org/repos/asf/hadoop/blob/1925e2a4/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
index 477b7f6..f0f83e4 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
@@ -29,6 +29,7 @@ import org.apache.hadoop.hdfs.HdfsConfiguration;
 import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
 import org.apache.hadoop.http.HttpConfig;
 import org.apache.hadoop.http.HttpServer2;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.mortbay.jetty.Connector;
 
@@ -110,7 +111,7 @@ public class SecureDataNodeStarter implements Daemon {
               + ss.getLocalPort());
     }
 
-    if (ss.getLocalPort() > 1023 && isSecure) {
+    if (!SecurityUtil.isPrivilegedPort(ss.getLocalPort()) && isSecure) {
       throw new RuntimeException(
         "Cannot start secure datanode with unprivileged RPC ports");
     }


Mime
View raw message