WL#15130 Socket-level TLS patch mysql#9: TransporterRegistry::connect_server()

Change-Id: I1bcb50507deccf7ebd17678c333cf90b7822f9cf

Author: jdduncan

storage/ndb/include/transporter/TransporterRegistry.hpp

@@ -49,6 +49,7 @@
 #include <NdbMutex.h>
 
 #include "portlib/NdbTick.h"
+#include "util/NdbSocket.h"
 
 #ifndef _WIN32
 /*
@@ -243,16 +244,22 @@ class TransporterRegistry
 
      @returns false on failure and true on success
   */
-  bool connect_server(ndb_socket_t sockfd,
+  bool connect_server(NdbSocket & sockfd,
                       BaseString& msg,
                       bool& close_with_reset,
                       bool& log_failure);
 
+  bool connect_server(ndb_socket_t sockfd, BaseString & msg,
+                      bool & close_with_reset, bool & log_failure) {
+    NdbSocket sock(sockfd, NdbSocket::From::Existing);
+    return connect_server(sock, msg, close_with_reset, log_failure);
+  }
+
   bool connect_client(NdbMgmHandle *h);
 
   /**
-   * Given a SocketClient, creates a NdbMgmHandle, turns it into a transporter
-   * and returns the socket.
+   * Given a hostname and port, creates a NdbMgmHandle, turns it into
+   * a transporter, and returns the socket.
    */
   ndb_socket_t connect_ndb_mgmd(const char* server_name,
                                 unsigned short server_port);

storage/ndb/include/util/SocketAuthenticator.hpp

@@ -32,22 +32,10 @@ class SocketAuthenticator
 public:
   SocketAuthenticator() {}
   virtual ~SocketAuthenticator() {}
-  bool client_authenticate(ndb_socket_t);
-  bool server_authenticate(ndb_socket_t);
   virtual bool client_authenticate(NdbSocket &) = 0;
   virtual bool server_authenticate(NdbSocket &) = 0;
 };
 
-inline bool SocketAuthenticator::client_authenticate(ndb_socket_t fd) {
-  NdbSocket socket(fd, NdbSocket::From::Existing);
-  return client_authenticate(socket);
-}
-
-inline bool SocketAuthenticator::server_authenticate(ndb_socket_t fd) {
-  NdbSocket socket(fd, NdbSocket::From::Existing);
-  return server_authenticate(socket);
-}
-
 
 class SocketAuthSimple : public SocketAuthenticator
 {

storage/ndb/src/common/transporter/TransporterRegistry.cpp

@@ -46,7 +46,6 @@
 #include "NdbSpin.h"
 #include "InputStream.hpp"
 #include "OutputStream.hpp"
-#include "socket_io.h"
 #include "portlib/NdbTCP.h"
 
 #include <mgmapi/mgmapi.h>
@@ -115,25 +114,32 @@ TransporterRegistry::get_bytes_received(NodeId node_id) const
 
 SocketServer::Session * TransporterService::newSession(ndb_socket_t sockfd)
 {
+  /* The connection is currently running over a plain network socket.
+     If m_auth is a TlsAuthenticator, it might get upgraded to a TLS socket
+     in server_authenticate().
+  */
+  NdbSocket secureSocket;
+  secureSocket.init_from_new(sockfd);
+
   DBUG_ENTER("SocketServer::Session * TransporterService::newSession");
   DEBUG_FPRINTF((stderr, "New session created\n"));
-  if (m_auth && !m_auth->server_authenticate(sockfd))
+  if (m_auth && !m_auth->server_authenticate(secureSocket))
   {
     DEBUG_FPRINTF((stderr, "Failed to authenticate new session\n"));
-    ndb_socket_close_with_reset(sockfd, true); // Close with reset
+    secureSocket.close_with_reset(true); // Close with reset
     DBUG_RETURN(0);
   }
 
   BaseString msg;
   bool close_with_reset = true;
   bool log_failure = false;
-  if (!m_transporter_registry->connect_server(sockfd,
+  if (!m_transporter_registry->connect_server(secureSocket,
                                               msg,
                                               close_with_reset,
                                               log_failure))
   {
     DEBUG_FPRINTF((stderr, "New session failed in connect_server\n"));
-    ndb_socket_close_with_reset(sockfd, close_with_reset);
+    secureSocket.close_with_reset(close_with_reset);
     if (log_failure)
     {
       g_eventLogger->warning("TR : %s", msg.c_str());
@@ -469,7 +475,7 @@ TransporterRegistry::init(TransporterReceiveHandle& recvhandle)
 }
 
 bool
-TransporterRegistry::connect_server(ndb_socket_t sockfd,
+TransporterRegistry::connect_server(NdbSocket & socket,
                                     BaseString & msg,
                                     bool& close_with_reset,
                                     bool& log_failure)
@@ -480,7 +486,7 @@ TransporterRegistry::connect_server(ndb_socket_t sockfd,
 
   // Read "hello" that consists of node id and other info
   // from client
-  SocketInputStream s_input(sockfd);
+  SecureSocketInputStream s_input(socket);
   char buf[256]; // <int> <int> <int> <int> <..expansion..>
   if (s_input.gets(buf, sizeof(buf)) == nullptr) {
     /* Could be spurious connection, need not log */
@@ -741,7 +747,7 @@ TransporterRegistry::connect_server(ndb_socket_t sockfd,
     */
 
     // Avoid TIME_WAIT on server by requesting client to close connection
-    SocketOutputStream s_output(sockfd);
+    SecureSocketOutputStream s_output(socket);
     if (s_output.println("BYE") < 0)
     {
       // Failed to request client close
@@ -751,8 +757,7 @@ TransporterRegistry::connect_server(ndb_socket_t sockfd,
 
     // Wait for to close connection by reading EOF(i.e read returns 0)
     const int read_eof_timeout = 1000; // Fairly short timeout
-    if (read_socket(sockfd, read_eof_timeout,
-                    buf, sizeof(buf)) == 0)
+    if (socket.read(read_eof_timeout, buf, sizeof(buf)) == 0)
     {
       // Client gracefully closed connection, turn off close_with_reset
       close_with_reset = false;
@@ -764,7 +769,7 @@ TransporterRegistry::connect_server(ndb_socket_t sockfd,
   }
 
   // Send reply to client
-  SocketOutputStream s_output(sockfd);
+  SecureSocketOutputStream s_output(socket);
   if (s_output.println("%d %d", t->getLocalNodeId(), t->m_type) < 0)
   {
     /* Strange, log it */
@@ -778,7 +783,7 @@ TransporterRegistry::connect_server(ndb_socket_t sockfd,
   // Setup transporter (transporter responsible for closing sockfd)
   DEBUG_FPRINTF((stderr, "connect_server for trp_id %u\n",
                  t->getTransporterIndex()));
-  DBUG_RETURN(t->connect_server(sockfd, msg));
+  DBUG_RETURN(t->connect_server(socket.ndb_socket(), msg)); // WL#15130 fix me soon
 }
 
 void