WL#15524 Patch #14 Add MGM TLS support to all remaining tools

Change-Id: Icc067d6e624dc6673f184919bdb58e161f68a8f7

Author: jdduncan

mysql-test/suite/ndb_tls/no_path.cnf

@@ -1,14 +1,4 @@
 !include suite/ndb_tls/my.cnf
 
-[ndb_mgmd.1.1]
+[mysql_cluster]
 ndb-tls-search-path=
-
-[ndbd.1.1]
-ndb-tls-search-path=
-
-[ndbd.2.1]
-ndb-tls-search-path=
-
-[mysqld]
-ndb-tls-search-path=
-

mysql-test/suite/ndb_tls/tls_off_certs.cnf

@@ -1,16 +1,5 @@
 !include suite/ndb_tls/my.cnf
 
-[ndbd.1.1]
+[mysql_cluster]
 ndb-tls-search-path=$MYSQLTEST_VARDIR/std_data/ndb-tls/active
 
-[ndbd.2.1]
-ndb-tls-search-path=$MYSQLTEST_VARDIR/std_data/ndb-tls/active
-
-[ndb_mgmd.1.1]
-ndb-tls-search-path=$MYSQLTEST_VARDIR/std_data/ndb-tls/active
-
-[mysqld.1.1]
-ndb-tls-search-path=$MYSQLTEST_VARDIR/std_data/ndb-tls/active
-
-
-

mysql-test/suite/ndb_tls/tls_required.cnf

@@ -6,17 +6,10 @@ RequireTls=true
 [cluster_config.ndbd.2.1]
 RequireTls=true
 
-[ndbd.1.1]
-ndb-tls-search-path=$MYSQLTEST_VARDIR/std_data/ndb-tls/active
-
-[ndbd.2.1]
-ndb-tls-search-path=$MYSQLTEST_VARDIR/std_data/ndb-tls/active
-
-[ndb_mgmd.1.1]
+[mysql_cluster]
 ndb-tls-search-path=$MYSQLTEST_VARDIR/std_data/ndb-tls/active
 
 [mysqld.1.1]
-ndb-tls-search-path=$MYSQLTEST_VARDIR/std_data/ndb-tls/active
 ndb-cluster-connection-pool=2
 ndb-cluster-connection-pool-nodeids=51,52
 

storage/ndb/include/portlib/ssl_applink.h

@@ -0,0 +1,33 @@
+/*
+   Copyright (c) 2023, Oracle and/or its affiliates.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License, version 2.0,
+   as published by the Free Software Foundation.
+
+   This program is also distributed with certain software (including
+   but not limited to OpenSSL) that is licensed under separate terms,
+   as designated in a particular file or component or in included license
+   documentation.  The authors of MySQL hereby grant you an additional
+   permission to link the program and your derivative works with the
+   separately licensed software that they have included with MySQL.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License, version 2.0, for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
+*/
+
+#ifndef NDB_PORTLIB_SSL_APPLINK_H
+#define NDB_PORTLIB_SSL_APPLINK_H
+
+#ifdef _WIN32
+#include "openssl/applink.c"
+#endif
+
+#endif
+

storage/ndb/src/kernel/main.cpp

@@ -26,6 +26,7 @@
 #include <ndb_opts.h>
 #include <kernel/NodeBitmask.hpp>
 #include <portlib/ndb_daemon.h>
+#include "portlib/ssl_applink.h"
 #include "util/ndb_openssl_evp.h"
 
 #include "my_alloc.h"
@@ -37,11 +38,6 @@
 
 #include <EventLogger.hpp>
 
-/* On Win32 applink.c must be included in one compilation unit */
-#ifdef _WIN32
-#include <openssl/applink.c>
-#endif
-
 #define JAM_FILE_ID 485
 
 #if defined VM_TRACE

storage/ndb/src/mgmclient/main.cpp

@@ -25,6 +25,7 @@
 #include <ndb_global.h>
 #include <ndb_opts.h>
 #include "my_getopt.h"
+#include "portlib/ssl_applink.h"
 
 #include "my_alloc.h"
 

storage/ndb/src/mgmsrv/main.cpp

@@ -36,6 +36,7 @@
 #include <NdbConfig.h>
 #include <NdbSleep.h>
 #include <portlib/NdbDir.hpp>
+#include "portlib/ssl_applink.h"
 #include <ndb_version.h>
 #include <mgmapi_config_parameters.h>
 #include <NdbAutoPtr.hpp>
@@ -45,11 +46,6 @@
 #include <LogBuffer.hpp>
 #include <OutputStream.hpp>
 
-/* On Win32 applink.c must be included in one compilation unit */
-#ifdef _WIN32
-#include <openssl/applink.c>
-#endif
-
 #if defined VM_TRACE || defined ERROR_INSERT
 extern int g_errorInsert;
 #endif

storage/ndb/test/tools/connect.cpp

@@ -43,6 +43,8 @@ static struct my_option my_long_options[] =
   NdbStdOpt::ndb_connectstring,
   NdbStdOpt::connectstring,
   NdbStdOpt::ndb_nodeid,
+  NdbStdOpt::tls_search_path,
+  NdbStdOpt::mgm_tls,
   NDB_STD_OPT_DEBUG
   { "loop", 'l', "loops",
     &opt_loop, &opt_loop, 0,
@@ -77,6 +79,7 @@ int main(int argc, char** argv){
   for (int i = 0; i<opt_loop; i++)
   {
     Ndb_cluster_connection con(opt_ndb_connectstring, opt_ndb_nodeid);
+    con.configure_tls(opt_tls_search_path, opt_mgm_tls);
     if(con.connect(12, 5, 1) != 0)
     {
       ndbout << "Unable to connect to management server."

storage/ndb/test/tools/hugoJoin.cpp

@@ -57,6 +57,8 @@ static struct my_option my_long_options[] =
   NdbStdOpt::ndb_nodeid,
   NdbStdOpt::connect_retry_delay,
   NdbStdOpt::connect_retries,
+  NdbStdOpt::tls_search_path,
+  NdbStdOpt::mgm_tls,
   NDB_STD_OPT_DEBUG
   { "database", 'd', "Database",
     &_db, &_db,
@@ -109,6 +111,7 @@ int main(int argc, char** argv){
 
   // Connect to Ndb
   Ndb_cluster_connection con;
+  con.configure_tls(opt_tls_search_path, opt_mgm_tls);
   if(con.connect(12, 5, 1) != 0)
   {
     return NDBT_ProgramExit(NDBT_FAILED);

storage/ndb/tools/NdbImportImpl.cpp

@@ -25,9 +25,12 @@
 #include "util/ndb_math.h"
 #include "util/require.h"
 #include "NdbImportImpl.hpp"
+#include "util/TlsKeyManager.hpp"
 #include <inttypes.h>
 #include <new>
 
+TlsKeyManager g_tlsKeyManager;
+
 NdbImportImpl::NdbImportImpl(NdbImport& facade) :
   NdbImport(*this),
   m_facade(&facade),
@@ -36,6 +39,7 @@ NdbImportImpl::NdbImportImpl(NdbImport& facade) :
 {
   c_connectionindex = 0;
   log_debug(1, "ctor");
+  g_tlsKeyManager.init_mgm_client(opt_tls_search_path);
 }
 
 NdbImportImpl::~NdbImportImpl()
@@ -86,7 +90,8 @@ NdbImportImpl::Mgm::do_connect()
   ndb_mgm_set_connectstring(m_handle, opt_ndb_connectstring);
   int retries = opt_connect_retries;
   int delay = opt_connect_retry_delay;
-  if (ndb_mgm_connect(m_handle, retries, delay, 0) == -1)
+  ndb_mgm_set_ssl_ctx(m_handle, g_tlsKeyManager.ctx());
+  if (ndb_mgm_connect_tls(m_handle, retries, delay, 0, opt_mgm_tls) == -1)
   {
     m_util.set_error_mgm(m_error, __LINE__, m_handle);
     return -1;
@@ -230,6 +235,7 @@ NdbImportImpl::do_connect()
         new Ndb_cluster_connection(opt_ndb_connectstring,
                                    c.m_mainconnection,
                                    nodeid);
+      c.m_connections[i]->configure_tls(opt_tls_search_path, opt_mgm_tls);
       if (i == 0)
         c.m_mainconnection = c.m_connections[i];
     }

storage/ndb/tools/delete_all.cpp

@@ -32,6 +32,7 @@
 #include <NdbToolsProgramExitCodes.hpp>
 
 #include "my_alloc.h"
+#include "portlib/ssl_applink.h"
 
 static int clear_table(Ndb* pNdb, const NdbDictionary::Table* pTab,
                        bool fetch_across_commit, int parallelism = 240);
@@ -52,6 +53,8 @@ static struct my_option my_long_options[] =
   NdbStdOpt::ndb_nodeid,
   NdbStdOpt::connect_retry_delay,
   NdbStdOpt::connect_retries,
+  NdbStdOpt::tls_search_path,
+  NdbStdOpt::mgm_tls,
   NDB_STD_OPT_DEBUG
   { "database", 'd', "Name of database table is in",
     &_dbname, nullptr, nullptr, GET_STR, REQUIRED_ARG,
@@ -81,6 +84,7 @@ int main(int argc, char** argv)
   }
 
   Ndb_cluster_connection con(opt_ndb_connectstring, opt_ndb_nodeid);
+  con.configure_tls(opt_tls_search_path, opt_mgm_tls);
   con.set_name("ndb_delete_all");
   if (con.connect(opt_connect_retries - 1, opt_connect_retry_delay, 1) != 0)
   {

storage/ndb/tools/desc.cpp

@@ -30,6 +30,7 @@
 #include <NdbSleep.h>
 
 #include "my_alloc.h"
+#include "portlib/ssl_applink.h"
 
 void desc_AutoGrowSpecification(struct NdbDictionary::AutoGrowSpecification ags);
 int desc_logfilegroup(Ndb *myndb, char const* name);
@@ -63,6 +64,8 @@ static struct my_option my_long_options[] =
   NdbStdOpt::ndb_nodeid,
   NdbStdOpt::connect_retry_delay,
   NdbStdOpt::connect_retries,
+  NdbStdOpt::tls_search_path,
+  NdbStdOpt::mgm_tls,
   NDB_STD_OPT_DEBUG
   { "database", 'd', "Name of database table is in",
     &_dbname, nullptr, nullptr, GET_STR, REQUIRED_ARG,
@@ -112,6 +115,7 @@ int main(int argc, char** argv){
 
   Ndb_cluster_connection con(opt_ndb_connectstring, opt_ndb_nodeid);
   con.set_name("ndb_desc");
+  con.configure_tls(opt_tls_search_path, opt_mgm_tls);
   if(con.connect(opt_connect_retries - 1, opt_connect_retry_delay, 1) != 0)
   {
     ndbout << "Unable to connect to management server." << endl;

storage/ndb/tools/drop_index.cpp

@@ -30,6 +30,7 @@
 #include <NDBT.hpp>
 
 #include "my_alloc.h"
+#include "portlib/ssl_applink.h"
 
 static const char* _dbname = "TEST_DB";
 
@@ -44,6 +45,8 @@ static struct my_option my_long_options[] =
   NdbStdOpt::ndb_nodeid,
   NdbStdOpt::connect_retry_delay,
   NdbStdOpt::connect_retries,
+  NdbStdOpt::tls_search_path,
+  NdbStdOpt::mgm_tls,
   NDB_STD_OPT_DEBUG
   { "database", 'd', "Name of database table is in",
     &_dbname, nullptr, nullptr, GET_STR, REQUIRED_ARG,
@@ -63,6 +66,7 @@ int main(int argc, char** argv){
 
   Ndb_cluster_connection con(opt_ndb_connectstring, opt_ndb_nodeid);
   con.set_name("ndb_drop_index");
+  con.configure_tls(opt_tls_search_path, opt_mgm_tls);
   if(con.connect(opt_connect_retries - 1, opt_connect_retry_delay, 1) != 0)
   {
     return NDBT_ProgramExit(NDBT_FAILED);

storage/ndb/tools/drop_tab.cpp

@@ -30,6 +30,7 @@
 #include <NDBT.hpp>
 
 #include "my_alloc.h"
+#include "portlib/ssl_applink.h"
 
 static const char* _dbname = "TEST_DB";
 
@@ -44,6 +45,8 @@ static struct my_option my_long_options[] =
   NdbStdOpt::ndb_nodeid,
   NdbStdOpt::connect_retry_delay,
   NdbStdOpt::connect_retries,
+  NdbStdOpt::tls_search_path,
+  NdbStdOpt::mgm_tls,
   NDB_STD_OPT_DEBUG
   { "database", 'd', "Name of database table is in",
     &_dbname, nullptr, nullptr, GET_STR, REQUIRED_ARG,
@@ -68,6 +71,7 @@ int main(int argc, char** argv){
 
   Ndb_cluster_connection con(opt_ndb_connectstring, opt_ndb_nodeid);
   con.set_name("ndb_drop_table");
+  con.configure_tls(opt_tls_search_path, opt_mgm_tls);
   if(con.connect(opt_connect_retries - 1, opt_connect_retry_delay, 1) != 0)
   {
     ndbout << "Unable to connect to management server." << endl;

storage/ndb/tools/listTables.cpp

@@ -39,6 +39,7 @@
 #include <NdbOut.hpp>
 
 #include <NdbToolsProgramExitCodes.hpp>
+#include "portlib/ssl_applink.h"
 
 static int _fully_qualified = 0;
 static int _parsable = 0;
@@ -276,6 +277,8 @@ static struct my_option my_long_options[] =
   NdbStdOpt::ndb_nodeid,
   NdbStdOpt::connect_retry_delay,
   NdbStdOpt::connect_retries,
+  NdbStdOpt::tls_search_path,
+  NdbStdOpt::mgm_tls,
   NDB_STD_OPT_DEBUG
   { "database", 'd',
     "Name of database table is in. Requires table-name in argument",
@@ -335,6 +338,7 @@ int main(int argc, char** argv) {
   }
 
   ndb_cluster_connection->set_name("ndb_show_tables");
+  ndb_cluster_connection->configure_tls(opt_tls_search_path, opt_mgm_tls);
 
   if (ndb_cluster_connection->connect(opt_connect_retries - 1,
                                       opt_connect_retry_delay, 1)) {

storage/ndb/tools/ndb_blob_tool.cpp

@@ -24,6 +24,7 @@
 #include <ndb_global.h>
 #include <ndb_opts.h>
 #include <ndb_limits.h>
+#include "portlib/ssl_applink.h"
 
 #include <NdbSleep.h>
 #include <NdbOut.hpp>
@@ -141,6 +142,7 @@ doconnect()
   do
   {
     g_ncc = new Ndb_cluster_connection(opt_ndb_connectstring);
+    g_ncc->configure_tls(opt_tls_search_path, opt_mgm_tls);
     CHK2(g_ncc->connect(opt_connect_retries - 1, opt_connect_retry_delay) == 0, getNdbError(g_ncc));
     CHK2(g_ncc->wait_until_ready(30, 10) == 0, getNdbError(g_ncc));
 
@@ -1055,6 +1057,8 @@ my_long_options[] =
   NdbStdOpt::ndb_nodeid,
   NdbStdOpt::connect_retry_delay,
   NdbStdOpt::connect_retries,
+  NdbStdOpt::tls_search_path,
+  NdbStdOpt::mgm_tls,
   NDB_STD_OPT_DEBUG
   { "database", 'd', "Name of database table is in",
     &opt_dbname, nullptr, nullptr, GET_STR, REQUIRED_ARG,

storage/ndb/tools/ndb_config.cpp

@@ -84,6 +84,7 @@
 #include "util/cstrbuf.h"
 #include "mgmcommon/ConfigRetriever.hpp"
 #include "mgmcommon/Config.hpp"
+#include "portlib/ssl_applink.h"
 
 #include "my_alloc.h"
 
@@ -119,6 +120,8 @@ static struct my_option my_long_options[] =
   NdbStdOpt::connectstring,
   NdbStdOpt::connect_retry_delay,
   NdbStdOpt::connect_retries,
+  NdbStdOpt::tls_search_path,
+  NdbStdOpt::mgm_tls,
   NDB_STD_OPT_DEBUG
   { "nodes", NDB_OPT_NOSHORT, "Print nodes",
     &g_nodes, nullptr, nullptr, GET_BOOL, NO_ARG,
@@ -907,6 +910,8 @@ ConnectionTypeApply::apply(const ndb_mgm_configuration_iterator& iter)
 static ndb_mgm_configuration*
 fetch_configuration(int from_node)
 {
+  TlsKeyManager tlsKeyManager;
+  tlsKeyManager.init_mgm_client(opt_tls_search_path);
   ndb_mgm_configuration* conf = 0;
   NdbMgmHandle mgm = ndb_mgm_create_handle();
   if(mgm == NULL) {
@@ -926,7 +931,9 @@ fetch_configuration(int from_node)
     goto noconnect;
   }
 
-  if(ndb_mgm_connect(mgm, opt_connect_retries - 1, opt_connect_retry_delay, 1))
+  ndb_mgm_set_ssl_ctx(mgm, tlsKeyManager.ctx());
+  if(ndb_mgm_connect_tls(mgm, opt_connect_retries - 1, opt_connect_retry_delay,
+                         1, opt_mgm_tls))
   {
     fprintf(stderr, "Connect failed");
     fprintf(stderr, " code: %d, msg: %s\n",