Author: brandonli Date: Wed Jun 18 20:50:05 2014 New Revision: 1603624 URL: http://svn.apache.org/r1603624 Log: HDFS-6439. Merging change r1603622 from trunk
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/nfs/nfs3/Nfs3Interface.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/RpcProgram.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/test/java/org/apache/hadoop/oncrpc/TestFrameDecoder.java Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/nfs/nfs3/Nfs3Interface.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/nfs/nfs3/Nfs3Interface.java?rev=1603624&r1=1603623&r2=1603624&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/nfs/nfs3/Nfs3Interface.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/nfs/nfs3/Nfs3Interface.java Wed Jun 18 20:50:05 2014 @@ -17,12 +17,9 @@ */ package org.apache.hadoop.nfs.nfs3; -import java.net.InetAddress; - import org.apache.hadoop.nfs.nfs3.response.NFS3Response; +import org.apache.hadoop.oncrpc.RpcInfo; import org.apache.hadoop.oncrpc.XDR; -import org.apache.hadoop.oncrpc.security.SecurityHandler; -import org.jboss.netty.channel.Channel; /** * RPC procedures as defined in RFC 1813. @@ -33,70 +30,65 @@ public interface Nfs3Interface { public NFS3Response nullProcedure(); /** GETATTR: Get file attributes */ - public NFS3Response getattr(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response getattr(XDR xdr, RpcInfo info); /** SETATTR: Set file attributes */ - public NFS3Response setattr(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response setattr(XDR xdr, RpcInfo info); /** LOOKUP: Lookup filename */ - public NFS3Response lookup(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response lookup(XDR xdr, RpcInfo info); /** ACCESS: Check access permission */ - public NFS3Response access(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response access(XDR xdr, RpcInfo info); + + /** READLINK: Read from symbolic link */ + public NFS3Response readlink(XDR xdr, RpcInfo info); /** READ: Read from file */ - public NFS3Response read(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response read(XDR xdr, RpcInfo info); /** WRITE: Write to file */ - public NFS3Response write(XDR xdr, Channel channel, int xid, - SecurityHandler securityHandler, InetAddress client); + public NFS3Response write(XDR xdr, RpcInfo info); /** CREATE: Create a file */ - public NFS3Response create(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response create(XDR xdr, RpcInfo info); /** MKDIR: Create a directory */ - public NFS3Response mkdir(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response mkdir(XDR xdr, RpcInfo info); + + /** SYMLINK: Create a symbolic link */ + public NFS3Response symlink(XDR xdr, RpcInfo info); + + /** MKNOD: Create a special device */ + public NFS3Response mknod(XDR xdr, RpcInfo info); /** REMOVE: Remove a file */ - public NFS3Response remove(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response remove(XDR xdr, RpcInfo info); /** RMDIR: Remove a directory */ - public NFS3Response rmdir(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response rmdir(XDR xdr, RpcInfo info); /** RENAME: Rename a file or directory */ - public NFS3Response rename(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response rename(XDR xdr, RpcInfo info); - /** SYMLINK: Create a symbolic link */ - public NFS3Response symlink(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + /** LINK: create link to an object */ + public NFS3Response link(XDR xdr, RpcInfo info); /** READDIR: Read From directory */ - public NFS3Response readdir(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response readdir(XDR xdr, RpcInfo info); + /** READDIRPLUS: Extended read from directory */ + public NFS3Response readdirplus(XDR xdr, RpcInfo info); + /** FSSTAT: Get dynamic file system information */ - public NFS3Response fsstat(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response fsstat(XDR xdr, RpcInfo info); /** FSINFO: Get static file system information */ - public NFS3Response fsinfo(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response fsinfo(XDR xdr, RpcInfo info); /** PATHCONF: Retrieve POSIX information */ - public NFS3Response pathconf(XDR xdr, SecurityHandler securityHandler, - InetAddress client); + public NFS3Response pathconf(XDR xdr, RpcInfo info); /** COMMIT: Commit cached data on a server to stable storage */ - public NFS3Response commit(XDR xdr, Channel channel, int xid, - SecurityHandler securityHandler, InetAddress client); + public NFS3Response commit(XDR xdr, RpcInfo info); } Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/RpcProgram.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/RpcProgram.java?rev=1603624&r1=1603623&r2=1603624&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/RpcProgram.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/RpcProgram.java Wed Jun 18 20:50:05 2014 @@ -48,7 +48,7 @@ public abstract class RpcProgram extends private final int progNumber; private final int lowProgVersion; private final int highProgVersion; - private final boolean allowInsecurePorts; + protected final boolean allowInsecurePorts; /** * If not null, this will be used as the socket to use to connect to the @@ -146,31 +146,6 @@ public abstract class RpcProgram extends RpcCall call = (RpcCall) info.header(); SocketAddress remoteAddress = info.remoteAddress(); - if (!allowInsecurePorts) { - if (LOG.isDebugEnabled()) { - LOG.debug("Will not allow connections from unprivileged ports. " + - "Checking for valid client port..."); - } - if (remoteAddress instanceof InetSocketAddress) { - InetSocketAddress inetRemoteAddress = (InetSocketAddress) remoteAddress; - if (inetRemoteAddress.getPort() > 1023) { - LOG.warn("Connection attempted from '" + inetRemoteAddress + "' " - + "which is an unprivileged port. Rejecting connection."); - sendRejectedReply(call, remoteAddress, ctx); - return; - } else { - if (LOG.isDebugEnabled()) { - LOG.debug("Accepting connection from '" + remoteAddress + "'"); - } - } - } else { - LOG.warn("Could not determine remote port of socket address '" + - remoteAddress + "'. Rejecting connection."); - sendRejectedReply(call, remoteAddress, ctx); - return; - } - } - if (LOG.isTraceEnabled()) { LOG.trace(program + " procedure #" + call.getProcedure()); } @@ -191,6 +166,29 @@ public abstract class RpcProgram extends handleInternal(ctx, info); } + public boolean doPortMonitoring(SocketAddress remoteAddress) { + if (!allowInsecurePorts) { + if (LOG.isTraceEnabled()) { + LOG.trace("Will not allow connections from unprivileged ports. " + + "Checking for valid client port..."); + } + + if (remoteAddress instanceof InetSocketAddress) { + InetSocketAddress inetRemoteAddress = (InetSocketAddress) remoteAddress; + if (inetRemoteAddress.getPort() > 1023) { + LOG.warn("Connection attempted from '" + inetRemoteAddress + "' " + + "which is an unprivileged port. Rejecting connection."); + return false; + } + } else { + LOG.warn("Could not determine remote port of socket address '" + + remoteAddress + "'. Rejecting connection."); + return false; + } + } + return true; + } + private void sendAcceptedReply(RpcCall call, SocketAddress remoteAddress, AcceptState acceptState, ChannelHandlerContext ctx) { RpcAcceptedReply reply = RpcAcceptedReply.getInstance(call.getXid(), @@ -208,7 +206,7 @@ public abstract class RpcProgram extends RpcUtil.sendRpcResponse(ctx, rsp); } - private static void sendRejectedReply(RpcCall call, + protected static void sendRejectedReply(RpcCall call, SocketAddress remoteAddress, ChannelHandlerContext ctx) { XDR out = new XDR(); RpcDeniedReply reply = new RpcDeniedReply(call.getXid(), Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/test/java/org/apache/hadoop/oncrpc/TestFrameDecoder.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/test/java/org/apache/hadoop/oncrpc/TestFrameDecoder.java?rev=1603624&r1=1603623&r2=1603624&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/test/java/org/apache/hadoop/oncrpc/TestFrameDecoder.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/test/java/org/apache/hadoop/oncrpc/TestFrameDecoder.java Wed Jun 18 20:50:05 2014 @@ -66,6 +66,18 @@ public class TestFrameDecoder { @Override protected void handleInternal(ChannelHandlerContext ctx, RpcInfo info) { + // This is just like what's done in RpcProgramMountd#handleInternal and + // RpcProgramNfs3#handleInternal. + RpcCall rpcCall = (RpcCall) info.header(); + final int procedure = rpcCall.getProcedure(); + if (procedure != 0) { + boolean portMonitorSuccess = doPortMonitoring(info.remoteAddress()); + if (!portMonitorSuccess) { + sendRejectedReply(rpcCall, info.remoteAddress(), ctx); + return; + } + } + resultSize = info.data().readableBytes(); RpcAcceptedReply reply = RpcAcceptedReply.getAcceptInstance(1234, new VerifierNone()); @@ -190,6 +202,20 @@ public class TestFrameDecoder { // Verify the server rejected the request. assertEquals(0, resultSize); + + // Ensure that the NULL procedure does in fact succeed. + xdrOut = new XDR(); + createPortmapXDRheader(xdrOut, 0); + int headerSize = xdrOut.size(); + buffer = new byte[bufsize]; + xdrOut.writeFixedOpaque(buffer); + int requestSize = xdrOut.size() - headerSize; + + // Send the request to the server + testRequest(xdrOut, serverPort); + + // Verify the server did not reject the request. + assertEquals(requestSize, resultSize); } private static int startRpcServer(boolean allowInsecurePorts) {