WL#15524 Patch #2 TLS-safe upgrade of mgm socket to transporter

jdduncan · jdduncan · commit 93fe0a09cd40 · 2023-07-21T10:00:36.000-07:00
This changes TransporterRegistry::connect_ndb_mgmd() to return
NdbSocket rather than ndb_socket_t.

It extends the StartTls test in testMgmd to test upgrading the
TLS MGM protocol socket to a transporter.

Change-Id: Ic3b9ccf39ec78ed25705a4bbbdc5ac2953a35611
diff --git a/storage/ndb/include/transporter/TransporterRegistry.hpp b/storage/ndb/include/transporter/TransporterRegistry.hpp
@@ -262,26 +262,20 @@ class TransporterRegistry
                       bool& close_with_reset,
                       bool& log_failure);
 
-  bool connect_server(ndb_socket_t sockfd, BaseString & msg,
-                      bool & close_with_reset, bool & log_failure) {
-    NdbSocket sock(sockfd, NdbSocket::From::Existing);
-    return connect_server(sock, msg, close_with_reset, log_failure);
-  }
-
   bool connect_client(NdbMgmHandle *h);
 
   /**
    * Given a hostname and port, creates a NdbMgmHandle, turns it into
    * a transporter, and returns the socket.
    */
-  ndb_socket_t connect_ndb_mgmd(const char* server_name,
-                                unsigned short server_port);
+  NdbSocket connect_ndb_mgmd(const char* server_name,
+                             unsigned short server_port);
 
   /**
    * Given a connected NdbMgmHandle, turns it into a transporter
    * and returns the socket.
    */
-  ndb_socket_t connect_ndb_mgmd(NdbMgmHandle *h);
+  NdbSocket connect_ndb_mgmd(NdbMgmHandle *h);
 
   /**
    * Manage allTransporters and theNodeIdTransporters when using
diff --git a/storage/ndb/src/common/transporter/Transporter.cpp b/storage/ndb/src/common/transporter/Transporter.cpp
@@ -277,11 +277,20 @@ tls_error(int code)
   g_eventLogger->error("TLS error %d '%s'", code, TlsKeyError::message(code));
 }
 
+bool
+Transporter::connect_client_mgm(int port)
+{
+  require(!isPartOfMultiTransporter());
+  NdbSocket secureSocket =
+    m_transporter_registry.connect_ndb_mgmd(remoteHostName, port);
+  return connect_client(secureSocket);
+}
+
+
 bool
 Transporter::connect_client()
 {
   NdbSocket secureSocket;
-  ndb_socket_t sockfd;
   DBUG_ENTER("Transporter::connect_client");
 
   require(!isMultiTransporter());
@@ -302,9 +311,7 @@ Transporter::connect_client()
 
   if(isMgmConnection)
   {
-    require(!isPartOfMultiTransporter());
-    sockfd= m_transporter_registry.connect_ndb_mgmd(remoteHostName, port);
-    secureSocket.init_from_new(sockfd);
+    return connect_client_mgm(port);
   }
   else
   {
diff --git a/storage/ndb/src/common/transporter/Transporter.hpp b/storage/ndb/src/common/transporter/Transporter.hpp
@@ -133,6 +133,7 @@ class Transporter {
     NdbSocket socket(fd, NdbSocket::From::Existing);
     return connect_client(socket);
   }
+  bool connect_client_mgm(int);
   bool connect_server(NdbSocket & socket, BaseString& errormsg);
 
   /**
diff --git a/storage/ndb/src/common/transporter/TransporterRegistry.cpp b/storage/ndb/src/common/transporter/TransporterRegistry.cpp
@@ -3784,7 +3784,8 @@ bool TransporterRegistry::connect_client(NdbMgmHandle *h)
   }
   require(!t->isMultiTransporter());
   require(!t->isPartOfMultiTransporter());
-  bool res = t->connect_client(connect_ndb_mgmd(h));
+  NdbSocket secureSocket = connect_ndb_mgmd(h);
+  bool res = t->connect_client(secureSocket);
   if (res == true)
   {
     DEBUG_FPRINTF((stderr, "(%u)performStates[%u] = DISCONNECTING,"
@@ -3836,55 +3837,53 @@ bool TransporterRegistry::report_dynamic_ports(NdbMgmHandle h) const
  * Given a connected NdbMgmHandle, turns it into a transporter
  * and returns the socket.
  */
-ndb_socket_t TransporterRegistry::connect_ndb_mgmd(NdbMgmHandle *h)
+NdbSocket TransporterRegistry::connect_ndb_mgmd(NdbMgmHandle *h)
 {
-  ndb_socket_t sockfd;
-
   DBUG_ENTER("TransporterRegistry::connect_ndb_mgmd(NdbMgmHandle)");
 
   if ( h==nullptr || *h == nullptr )
   {
     g_eventLogger->error("Mgm handle is NULL (%s:%d)", __FILE__, __LINE__);
-    DBUG_RETURN(sockfd);
+    DBUG_RETURN(NdbSocket());  // an invalid socket, newly created on the stack
   }
 
   if (!report_dynamic_ports(*h))
   {
     ndb_mgm_destroy_handle(h);
-    DBUG_RETURN(sockfd);
+    DBUG_RETURN(NdbSocket());  // an invalid socket, newly created on the stack
   }
 
   /**
    * convert_to_transporter also disposes of the handle (i.e. we don't leak
-   * memory here.
+   * memory here).
    */
   DBUG_PRINT("info", ("Converting handle to transporter"));
-  sockfd= ndb_mgm_convert_to_transporter(h);
-  if (!ndb_socket_valid(sockfd))
+  NdbSocket socket;
+  ndb_mgm_convert_to_transporter(h, &socket);
+  if (! socket.is_valid())
   {
     g_eventLogger->error("Failed to convert to transporter (%s: %d)",
                          __FILE__, __LINE__);
     ndb_mgm_destroy_handle(h);
   }
-  DBUG_RETURN(sockfd);
+  DBUG_RETURN(NdbSocket::copy(socket));
 }
 
 /**
  * Given a SocketClient, creates a NdbMgmHandle, turns it into a transporter
  * and returns the socket.
  */
-ndb_socket_t
+NdbSocket
 TransporterRegistry::connect_ndb_mgmd(const char* server_name,
                                       unsigned short server_port)
 {
   NdbMgmHandle h= ndb_mgm_create_handle();
-  ndb_socket_t s;
 
   DBUG_ENTER("TransporterRegistry::connect_ndb_mgmd(SocketClient)");
 
   if ( h == nullptr )
   {
-    DBUG_RETURN(s);
+    DBUG_RETURN(NdbSocket());
   }
 
   /**
@@ -3900,7 +3899,7 @@ TransporterRegistry::connect_ndb_mgmd(const char* server_name,
   {
     DBUG_PRINT("info", ("connection to mgmd failed"));
     ndb_mgm_destroy_handle(&h);
-    DBUG_RETURN(s);
+    DBUG_RETURN(NdbSocket());
   }
 
   DBUG_RETURN(connect_ndb_mgmd(&h));
diff --git a/storage/ndb/src/mgmapi/mgmapi.cpp b/storage/ndb/src/mgmapi/mgmapi.cpp
@@ -3743,36 +3743,28 @@ ndb_mgm_get_connection_int_parameter(NdbMgmHandle handle,
   DBUG_RETURN(res);
 }
 
-ndb_socket_t
-ndb_mgm_convert_to_transporter(NdbMgmHandle *handle)
+void
+ndb_mgm_convert_to_transporter(NdbMgmHandle *handle, NdbSocket *s)
 {
-  DBUG_ENTER("ndb_mgm_convert_to_transporter");
-  ndb_socket_t s;
-
   if(handle == nullptr)
   {
     SET_ERROR(*handle, NDB_MGM_ILLEGAL_SERVER_HANDLE, "");
-    ndb_socket_invalidate(&s);
-    DBUG_RETURN(s);
+    return;
   }
 
   if ((*handle)->connected != 1)
   {
     SET_ERROR(*handle, NDB_MGM_SERVER_NOT_CONNECTED , "");
-    ndb_socket_invalidate(&s);
-    DBUG_RETURN(s);
+    return;
   }
 
-  (*handle)->connected= 0;   // we pretend we're disconnected
-  s= (*handle)->socket.ndb_socket();
-
-  SocketOutputStream s_output(s, (*handle)->timeout);
+  NdbSocket::transfer(*s, (*handle)->socket);
+  SecureSocketOutputStream s_output(*s, (*handle)->timeout);
   s_output.println("transporter connect");
   s_output.println("%s", "");
 
+  (*handle)->connected= 0;   // The handle no longer owns the connection
   ndb_mgm_destroy_handle(handle); // set connected=0, so won't disconnect
-
-  DBUG_RETURN(s);
 }
 
 extern "C"
diff --git a/storage/ndb/src/mgmapi/mgmapi_internal.h b/storage/ndb/src/mgmapi/mgmapi_internal.h
@@ -85,12 +85,12 @@ int ndb_mgm_get_connection_int_parameter(NdbMgmHandle handle,
 /**
  * Convert connection to transporter
  * @param   handle    NDB management handle.
- *
- * @return socket
+ * @param   s         Transporter socket.
  *
  * @note the socket is now able to be used as a transporter connection
+ * @note the management handle is no longer valid after this call
  */
-ndb_socket_t ndb_mgm_convert_to_transporter(NdbMgmHandle *handle);
+void ndb_mgm_convert_to_transporter(NdbMgmHandle *handle, class NdbSocket * s);
 
 int ndb_mgm_disconnect_quiet(NdbMgmHandle handle);
 
diff --git a/storage/ndb/src/mgmsrv/MgmtSrvr.cpp b/storage/ndb/src/mgmsrv/MgmtSrvr.cpp
@@ -5121,14 +5121,14 @@ MgmtSrvr::getConnectionDbParameter(int node1, int node2,
 
 
 bool
-MgmtSrvr::transporter_connect(ndb_socket_t sockfd,
+MgmtSrvr::transporter_connect(NdbSocket & socket,
                               BaseString& msg,
                               bool& close_with_reset,
                               bool& log_failure)
 {
   DBUG_ENTER("MgmtSrvr::transporter_connect");
   TransporterRegistry* tr= theFacade->get_registry();
-  if (!tr->connect_server(sockfd, msg, close_with_reset, log_failure))
+  if (!tr->connect_server(socket, msg, close_with_reset, log_failure))
     DBUG_RETURN(false);
 
   /**
diff --git a/storage/ndb/src/mgmsrv/MgmtSrvr.hpp b/storage/ndb/src/mgmsrv/MgmtSrvr.hpp
@@ -359,7 +359,7 @@ class MgmtSrvr : private ConfigSubscriber, public trp_client {
   int getConnectionDbParameter(int node1, int node2, int param,
 			       int *value, BaseString& msg);
 
-  bool transporter_connect(ndb_socket_t sockfd,
+  bool transporter_connect(NdbSocket & socket,
                            BaseString& errormsg,
                            bool& close_with_reset,
                            bool& log_failure);
diff --git a/storage/ndb/src/mgmsrv/Services.cpp b/storage/ndb/src/mgmsrv/Services.cpp
@@ -1930,8 +1930,8 @@ MgmApiSession::transporter_connect(Parser_t::Context &ctx,
   bool close_with_reset = true;
   bool log_failure = false;
   BaseString errormsg;
-  if (!m_mgmsrv.transporter_connect(m_secure_socket.ndb_socket(), errormsg,
-                                    close_with_reset, log_failure))
+  if (!m_mgmsrv.transporter_connect(m_secure_socket,
+                                    errormsg, close_with_reset, log_failure))
   {
     // Connection not allowed or failed
     if (log_failure)
@@ -1953,7 +1953,7 @@ MgmApiSession::transporter_connect(Parser_t::Context &ctx,
       but don't close the socket, it's been taken over
       by the transporter
     */
-    m_secure_socket.invalidate();  // so nobody closes it
+    NdbSocket s = NdbSocket::transfer(m_secure_socket);
   }
 
   m_stop= true; // Stop the session
diff --git a/storage/ndb/test/include/NdbMgmd.hpp b/storage/ndb/test/include/NdbMgmd.hpp
@@ -104,6 +104,10 @@ class NdbMgmd {
     return m_handle;
   }
 
+  void convert_to_transporter(NdbSocket * s) {
+    ndb_mgm_convert_to_transporter(& m_handle, s);
+  }
+
   ndb_socket_t socket(void) const {
     return _ndb_mgm_get_socket(m_handle);
   }
diff --git a/storage/ndb/test/ndbapi/testMgmd.cpp b/storage/ndb/test/ndbapi/testMgmd.cpp
@@ -342,6 +342,10 @@ class Mgmd
 
   NdbMgmHandle handle() { return m_mgmd_client.handle(); }
 
+  void convert_to_transporter(NdbSocket * sock) {
+    m_mgmd_client.convert_to_transporter(sock);
+  }
+
 private:
 
   bool get_section_string(const Properties& config,
@@ -2024,6 +2028,7 @@ runTestNdbdWithCert(NDBT_Context* ctx, NDBT_Step* step)
   CHECK(ndbd.wait_started(handle));
 
   CHECK(mgmd.stop());
+  CHECK(ndbd.stop());
   return NDBT_OK;
 }
 
@@ -2082,6 +2087,11 @@ int runTestStartTls(NDBT_Context* ctx, NDBT_Step* step)
   struct ndb_mgm_cluster_state *state = ndb_mgm_get_status(mgmd.handle());
   CHECK(state != nullptr);
 
+  /* Now convert the socket to a transporter */
+  NdbSocket s;
+  mgmd.convert_to_transporter(&s);
+  CHECK(s.is_valid());
+
   return NDBT_OK;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -277,11 +277,20 @@ tls_error(int code)`
`277`	`277`	`g_eventLogger->error("TLS error %d '%s'", code, TlsKeyError::message(code));`
`278`	`278`	`}`
`279`	`279`
	`280`	`+bool`
	`281`	`+Transporter::connect_client_mgm(int port)`
	`282`	`+{`
	`283`	`+ require(!isPartOfMultiTransporter());`
	`284`	`+ NdbSocket secureSocket =`
	`285`	`+ m_transporter_registry.connect_ndb_mgmd(remoteHostName, port);`
	`286`	`+ return connect_client(secureSocket);`
	`287`	`+}`
	`288`	`+`
	`289`	`+`
`280`	`290`	`bool`
`281`	`291`	`Transporter::connect_client()`
`282`	`292`	`{`
`283`	`293`	`NdbSocket secureSocket;`
`284`		`- ndb_socket_t sockfd;`
`285`	`294`	`DBUG_ENTER("Transporter::connect_client");`
`286`	`295`
`287`	`296`	`require(!isMultiTransporter());`
`@@ -302,9 +311,7 @@ Transporter::connect_client()`
`302`	`311`
`303`	`312`	`if(isMgmConnection)`
`304`	`313`	`{`
`305`		`- require(!isPartOfMultiTransporter());`
`306`		`- sockfd= m_transporter_registry.connect_ndb_mgmd(remoteHostName, port);`
`307`		`- secureSocket.init_from_new(sockfd);`
	`314`	`+ return connect_client_mgm(port);`
`308`	`315`	`}`
`309`	`316`	`else`
`310`	`317`	`{`
Original file line number	Diff line number	Diff line change
`@@ -133,6 +133,7 @@ class Transporter {`
`133`	`133`	`NdbSocket socket(fd, NdbSocket::From::Existing);`
`134`	`134`	`return connect_client(socket);`
`135`	`135`	`}`
	`136`	`+ bool connect_client_mgm(int);`
`136`	`137`	`bool connect_server(NdbSocket & socket, BaseString& errormsg);`
`137`	`138`
`138`	`139`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -3784,7 +3784,8 @@ bool TransporterRegistry::connect_client(NdbMgmHandle *h)`
`3784`	`3784`	`}`
`3785`	`3785`	`require(!t->isMultiTransporter());`
`3786`	`3786`	`require(!t->isPartOfMultiTransporter());`
`3787`		`- bool res = t->connect_client(connect_ndb_mgmd(h));`
	`3787`	`+ NdbSocket secureSocket = connect_ndb_mgmd(h);`
	`3788`	`+ bool res = t->connect_client(secureSocket);`
`3788`	`3789`	`if (res == true)`
`3789`	`3790`	`{`
`3790`	`3791`	`DEBUG_FPRINTF((stderr, "(%u)performStates[%u] = DISCONNECTING,"`
`@@ -3836,55 +3837,53 @@ bool TransporterRegistry::report_dynamic_ports(NdbMgmHandle h) const`
`3836`	`3837`	`* Given a connected NdbMgmHandle, turns it into a transporter`
`3837`	`3838`	`* and returns the socket.`
`3838`	`3839`	`*/`
`3839`		`-ndb_socket_t TransporterRegistry::connect_ndb_mgmd(NdbMgmHandle *h)`
	`3840`	`+NdbSocket TransporterRegistry::connect_ndb_mgmd(NdbMgmHandle *h)`
`3840`	`3841`	`{`
`3841`		`- ndb_socket_t sockfd;`
`3842`		`-`
`3843`	`3842`	`DBUG_ENTER("TransporterRegistry::connect_ndb_mgmd(NdbMgmHandle)");`
`3844`	`3843`
`3845`	`3844`	`if ( h==nullptr \|\| *h == nullptr )`
`3846`	`3845`	`{`
`3847`	`3846`	`g_eventLogger->error("Mgm handle is NULL (%s:%d)", __FILE__, __LINE__);`
`3848`		`- DBUG_RETURN(sockfd);`
	`3847`	`+ DBUG_RETURN(NdbSocket()); // an invalid socket, newly created on the stack`
`3849`	`3848`	`}`
`3850`	`3849`
`3851`	`3850`	`if (!report_dynamic_ports(*h))`
`3852`	`3851`	`{`
`3853`	`3852`	`ndb_mgm_destroy_handle(h);`
`3854`		`- DBUG_RETURN(sockfd);`
	`3853`	`+ DBUG_RETURN(NdbSocket()); // an invalid socket, newly created on the stack`
`3855`	`3854`	`}`
`3856`	`3855`
`3857`	`3856`	`/**`
`3858`	`3857`	`* convert_to_transporter also disposes of the handle (i.e. we don't leak`
`3859`		`- * memory here.`
	`3858`	`+ * memory here).`
`3860`	`3859`	`*/`
`3861`	`3860`	`DBUG_PRINT("info", ("Converting handle to transporter"));`
`3862`		`- sockfd= ndb_mgm_convert_to_transporter(h);`
`3863`		`- if (!ndb_socket_valid(sockfd))`
	`3861`	`+ NdbSocket socket;`
	`3862`	`+ ndb_mgm_convert_to_transporter(h, &socket);`
	`3863`	`+ if (! socket.is_valid())`
`3864`	`3864`	`{`
`3865`	`3865`	`g_eventLogger->error("Failed to convert to transporter (%s: %d)",`
`3866`	`3866`	`__FILE__, __LINE__);`
`3867`	`3867`	`ndb_mgm_destroy_handle(h);`
`3868`	`3868`	`}`
`3869`		`- DBUG_RETURN(sockfd);`
	`3869`	`+ DBUG_RETURN(NdbSocket::copy(socket));`
`3870`	`3870`	`}`
`3871`	`3871`
`3872`	`3872`	`/**`
`3873`	`3873`	`* Given a SocketClient, creates a NdbMgmHandle, turns it into a transporter`
`3874`	`3874`	`* and returns the socket.`
`3875`	`3875`	`*/`
`3876`		`-ndb_socket_t`
	`3876`	`+NdbSocket`
`3877`	`3877`	`TransporterRegistry::connect_ndb_mgmd(const char* server_name,`
`3878`	`3878`	`unsigned short server_port)`
`3879`	`3879`	`{`
`3880`	`3880`	`NdbMgmHandle h= ndb_mgm_create_handle();`
`3881`		`- ndb_socket_t s;`
`3882`	`3881`
`3883`	`3882`	`DBUG_ENTER("TransporterRegistry::connect_ndb_mgmd(SocketClient)");`
`3884`	`3883`
`3885`	`3884`	`if ( h == nullptr )`
`3886`	`3885`	`{`
`3887`		`- DBUG_RETURN(s);`
	`3886`	`+ DBUG_RETURN(NdbSocket());`
`3888`	`3887`	`}`
`3889`	`3888`
`3890`	`3889`	`/**`
`@@ -3900,7 +3899,7 @@ TransporterRegistry::connect_ndb_mgmd(const char* server_name,`
`3900`	`3899`	`{`
`3901`	`3900`	`DBUG_PRINT("info", ("connection to mgmd failed"));`
`3902`	`3901`	`ndb_mgm_destroy_handle(&h);`
`3903`		`- DBUG_RETURN(s);`
	`3902`	`+ DBUG_RETURN(NdbSocket());`
`3904`	`3903`	`}`
`3905`	`3904`
`3906`	`3905`	`DBUG_RETURN(connect_ndb_mgmd(&h));`
Original file line number	Diff line number	Diff line change
`@@ -3743,36 +3743,28 @@ ndb_mgm_get_connection_int_parameter(NdbMgmHandle handle,`
`3743`	`3743`	`DBUG_RETURN(res);`
`3744`	`3744`	`}`
`3745`	`3745`
`3746`		`-ndb_socket_t`
`3747`		`-ndb_mgm_convert_to_transporter(NdbMgmHandle *handle)`
	`3746`	`+void`
	`3747`	`+ndb_mgm_convert_to_transporter(NdbMgmHandle handle, NdbSocket s)`
`3748`	`3748`	`{`
`3749`		`- DBUG_ENTER("ndb_mgm_convert_to_transporter");`
`3750`		`- ndb_socket_t s;`
`3751`		`-`
`3752`	`3749`	`if(handle == nullptr)`
`3753`	`3750`	`{`
`3754`	`3751`	`SET_ERROR(*handle, NDB_MGM_ILLEGAL_SERVER_HANDLE, "");`
`3755`		`- ndb_socket_invalidate(&s);`
`3756`		`- DBUG_RETURN(s);`
	`3752`	`+ return;`
`3757`	`3753`	`}`
`3758`	`3754`
`3759`	`3755`	`if ((*handle)->connected != 1)`
`3760`	`3756`	`{`
`3761`	`3757`	`SET_ERROR(*handle, NDB_MGM_SERVER_NOT_CONNECTED , "");`
`3762`		`- ndb_socket_invalidate(&s);`
`3763`		`- DBUG_RETURN(s);`
	`3758`	`+ return;`
`3764`	`3759`	`}`
`3765`	`3760`
`3766`		`- (*handle)->connected= 0; // we pretend we're disconnected`
`3767`		`- s= (*handle)->socket.ndb_socket();`
`3768`		`-`
`3769`		`- SocketOutputStream s_output(s, (*handle)->timeout);`
	`3761`	`+ NdbSocket::transfer(s, (handle)->socket);`
	`3762`	`+ SecureSocketOutputStream s_output(s, (handle)->timeout);`
`3770`	`3763`	`s_output.println("transporter connect");`
`3771`	`3764`	`s_output.println("%s", "");`
`3772`	`3765`
	`3766`	`+ (*handle)->connected= 0; // The handle no longer owns the connection`
`3773`	`3767`	`ndb_mgm_destroy_handle(handle); // set connected=0, so won't disconnect`
`3774`		`-`
`3775`		`- DBUG_RETURN(s);`
`3776`	`3768`	`}`
`3777`	`3769`
`3778`	`3770`	`extern "C"`
Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,10 @@ class NdbMgmd {`
`104`	`104`	`return m_handle;`
`105`	`105`	`}`
`106`	`106`
	`107`	`+ void convert_to_transporter(NdbSocket * s) {`
	`108`	`+ ndb_mgm_convert_to_transporter(& m_handle, s);`
	`109`	`+ }`
	`110`	`+`
`107`	`111`	`ndb_socket_t socket(void) const {`
`108`	`112`	`return _ndb_mgm_get_socket(m_handle);`
`109`	`113`	`}`