MDEV-19276 during connect, write error log warning for ER_DBACCESS_DENIED_ERROR,

if log_warnings > 1. This makes ER_DBACCESS_DENIED_ERROR handling the same as we do for other "access denied"

MDEV-19276 during connect, write error log warning for ER_DBACCESS_DENIED_ERROR,
if log_warnings > 1. This makes ER_DBACCESS_DENIED_ERROR handling the same as we do for other "access denied"
75908617 · Vladislav Vaintroub · 6c9a6bad · 75908617 · 75908617 · 75908617
Commit 75908617 authored Apr 24, 2019 by Vladislav Vaintroub
5 changed files
--- a/mysql-test/r/mdev_19276.result
+++ b/mysql-test/r/mdev_19276.result
+CREATE DATABASE db1;
+CREATE USER u@localhost IDENTIFIED BY 'pw';
+set global log_warnings=2;
+connect(localhost,u,pw,db1,MASTER_PORT,MASTER_SOCKET);
+ERROR 42000: Access denied for user 'u'@'localhost' to database 'db1'
+FOUND /Access denied for user 'u'@'localhost' to database 'db1'/ in mysqld.1.err
+set global log_warnings=@@log_warnings;
+DROP DATABASE db1;
+DROP USER u@localhost;
--- a/mysql-test/t/mdev_19276.test
+++ b/mysql-test/t/mdev_19276.test
+source include/not_embedded.inc;
+CREATE DATABASE db1;
+CREATE USER u@localhost IDENTIFIED BY 'pw';
+set global log_warnings=2;
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error ER_DBACCESS_DENIED_ERROR
+--connect(con1,localhost,u,pw,db1)
+--connection default
+let SEARCH_FILE=$MYSQLTEST_VARDIR/log/mysqld.1.err;
+let SEARCH_RANGE= -50;
+let SEARCH_PATTERN=Access denied for user 'u'@'localhost' to database 'db1';
+source include/search_pattern_in_file.inc;
+set global log_warnings=@@log_warnings;
+DROP DATABASE db1;
+DROP USER u@localhost;
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -11295,7 +11295,7 @@ struct MPVIO_EXT :public MYSQL_PLUGIN_VIO
 };
 /**
-  a helper function to report an access denied error in all the proper places
+  a helper function to report an access denied error in most proper places
 */
 static void login_failed_error(THD *thd)
 {
@@ -12715,10 +12715,26 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
  /* Change a database if necessary */
  if (mpvio.db.length)
  {
-    if (mysql_change_db(thd, &mpvio.db, FALSE))
+    uint err = mysql_change_db(thd, &mpvio.db, FALSE);
+    if(err)
    {
-      /* mysql_change_db() has pushed the error message. */
+      if (err == ER_DBACCESS_DENIED_ERROR)
-      status_var_increment(thd->status_var.access_denied_errors);
+      {
+        /*
+          Got an "access denied" error, which must be handled
+          other access denied errors (see login_failed_error()).
+          mysql_change_db() already sent error to client, and
+          wrote to general log, we only need to increment the counter
+          and maybe write a warning to error log.
+        */
+        status_var_increment(thd->status_var.access_denied_errors);
+        if (global_system_variables.log_warnings > 1)
+        {
+          Security_context* sctx = thd->security_ctx;
+          sql_print_warning(ER_THD(thd, err),
+            sctx->priv_user, sctx->priv_host, mpvio.db.str);
+        }
+      }
      DBUG_RETURN(1);
    }
  }

--- a/sql/sql_db.cc
+++ b/sql/sql_db.cc
@@ -1451,12 +1451,12 @@ static void backup_current_db_name(THD *thd,
  a stack pointer set by Stored Procedures was used by replication after
  the stack address was long gone.
-  @return Operation status
+  @return error code (ER_XXX)
-    @retval FALSE Success
+    @retval 0 Success
-    @retval TRUE  Error
+    @retval >0  Error
 */
-bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
+uint mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
 {
  LEX_STRING new_db_file_name;
@@ -1480,13 +1480,13 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
      mysql_change_db_impl(thd, NULL, 0, thd->variables.collation_server);
-      DBUG_RETURN(FALSE);
+      DBUG_RETURN(0);
    }
    else
    {
      my_message(ER_NO_DB_ERROR, ER_THD(thd, ER_NO_DB_ERROR), MYF(0));
-      DBUG_RETURN(TRUE);
+      DBUG_RETURN(ER_NO_DB_ERROR);
    }
  }
  DBUG_PRINT("enter",("name: '%s'", new_db_name->str));
@@ -1498,7 +1498,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
    mysql_change_db_impl(thd, &INFORMATION_SCHEMA_NAME, SELECT_ACL,
                         system_charset_info);
-    DBUG_RETURN(FALSE);
+    DBUG_RETURN(0);
  }
  /*
@@ -1513,7 +1513,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
  new_db_file_name.length= new_db_name->length;
  if (new_db_file_name.str == NULL)
-    DBUG_RETURN(TRUE);                             /* the error is set */
+    DBUG_RETURN(ER_OUT_OF_RESOURCES);                             /* the error is set */
  /*
    NOTE: if check_db_name() fails, we should throw an error in any case,
@@ -1532,7 +1532,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
    if (force_switch)
      mysql_change_db_impl(thd, NULL, 0, thd->variables.collation_server);
-    DBUG_RETURN(TRUE);
+    DBUG_RETURN(ER_WRONG_DB_NAME);
  }
  DBUG_PRINT("info",("Use database: %s", new_db_file_name.str));
@@ -1562,7 +1562,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
    general_log_print(thd, COM_INIT_DB, ER_THD(thd, ER_DBACCESS_DENIED_ERROR),
                      sctx->priv_user, sctx->priv_host, new_db_file_name.str);
    my_free(new_db_file_name.str);
-    DBUG_RETURN(TRUE);
+    DBUG_RETURN(ER_DBACCESS_DENIED_ERROR);
  }
 #endif
@@ -1586,7 +1586,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
      /* The operation succeed. */
-      DBUG_RETURN(FALSE);
+      DBUG_RETURN(0);
    }
    else
    {
@@ -1597,7 +1597,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
      /* The operation failed. */
-      DBUG_RETURN(TRUE);
+      DBUG_RETURN(ER_BAD_DB_ERROR);
    }
  }
@@ -1610,7 +1610,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
  mysql_change_db_impl(thd, &new_db_file_name, db_access, db_default_cl);
-  DBUG_RETURN(FALSE);
+  DBUG_RETURN(0);
 }

--- a/sql/sql_db.h
+++ b/sql/sql_db.h
@@ -26,7 +26,7 @@ bool mysql_alter_db(THD *thd, const char *db,
                    const Schema_specification_st *create);
 bool mysql_rm_db(THD *thd, char *db, bool if_exists);
 bool mysql_upgrade_db(THD *thd, LEX_STRING *old_db);
-bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name,
+uint mysql_change_db(THD *thd, const LEX_STRING *new_db_name,
                     bool force_switch);
 bool mysql_opt_change_db(THD *thd,