WL#15524 Patch #1 "START TLS" for management API

Post push fix. Do not allow ndb_mgm_listen_event to return a socket that uses TLS since user can not access the corresponding SSL object thorugh the public MgmAPI. Change-Id: I2a741efe4f80db750419101ecabb03fb5e025346
inikep · Aug 22, 2023 · b604ade · b604ade
1 parent d3aea14
commit b604ade
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 8 deletions.
diff --git a/storage/ndb/src/mgmapi/mgmapi.cpp b/storage/ndb/src/mgmapi/mgmapi.cpp
@@ -2464,7 +2464,7 @@ ndb_mgm_set_loglevel_node(NdbMgmHandle handle, int nodeId,
 
 int
 ndb_mgm_listen_event_internal(NdbMgmHandle handle, const int filter[],
-                              int parsable, ndb_socket_t* sock)
+                              int parsable, ndb_socket_t* sock, bool allow_tls)
 {
   DBUG_ENTER("ndb_mgm_listen_event_internal");
   CHECK_HANDLE(handle, -1);
@@ -2561,7 +2561,7 @@ ndb_mgm_listen_event_internal(NdbMgmHandle handle, const int filter[],
     ndb_mgm::handle_ptr tmp_handle(ndb_mgm_create_handle());
     tmp_handle->socket.init_from_new(sockfd);
 
-    if(handle->ssl_ctx)
+    if(allow_tls && handle->ssl_ctx)
     {
       ndb_mgm_set_ssl_ctx(tmp_handle.get(), handle->ssl_ctx);
       ndb_mgm_start_tls(tmp_handle.get());
@@ -2588,7 +2588,8 @@ socket_t
 ndb_mgm_listen_event(NdbMgmHandle handle, const int filter[])
 {
   ndb_socket_t s;
-  if(ndb_mgm_listen_event_internal(handle,filter,0,&s)<0)
+  constexpr bool no_tls = false;
+  if(ndb_mgm_listen_event_internal(handle, filter, 0, &s, no_tls)<0)
     ndb_socket_invalidate(&s);
   return ndb_socket_get_native(s);
 }

diff --git a/storage/ndb/src/mgmapi/mgmapi_internal.h b/storage/ndb/src/mgmapi/mgmapi_internal.h
@@ -119,4 +119,7 @@ ndb_mgm_get_configuration2(NdbMgmHandle handle,
                            enum ndb_mgm_node_type nodetype,
                            int from_node = 0);
 
+int ndb_mgm_listen_event_internal(NdbMgmHandle, const int filter[], int,
+                                  ndb_socket_t*, bool allow_tls);
+
 #endif
diff --git a/storage/ndb/src/mgmapi/ndb_logevent.cpp b/storage/ndb/src/mgmapi/ndb_logevent.cpp
@@ -35,10 +35,6 @@
 
 #include "ndb_logevent.hpp"
 
-extern
-int ndb_mgm_listen_event_internal(NdbMgmHandle, const int filter[],
-                                  int, ndb_socket_t*);
-
 struct ndb_logevent_error_msg {
   enum ndb_logevent_handle_error code;
   const char *msg;
@@ -87,7 +83,8 @@ ndb_mgm_create_logevent_handle(NdbMgmHandle mh,
     return nullptr;
 
   ndb_socket_t sock;
-  if(ndb_mgm_listen_event_internal(mh, filter, 1, &sock) < 0)
+  constexpr bool allow_tls = true;
+  if(ndb_mgm_listen_event_internal(mh, filter, 1, &sock, allow_tls) < 0)
   {
     free(h);
     return nullptr;