Skip to content
Permalink
Browse files
MDEV-19276 during connect, write error log warning for ER_DBACCESS_DE… 
…NIED_ERROR,

if log_warnings > 1.

This makes ER_DBACCESS_DENIED_ERROR handling the same as we do for other
"access denied"
  • Loading branch information
@vaintroub
vaintroub committed Apr 28, 2019
1 parent 6c9a6ba commit 7590861
Show file tree
Hide file tree
Showing 5 changed files with 60 additions and 18 deletions.
9 mysql-test/r/mdev_19276.result
View file
@@ -0,0 +1,9 @@
CREATE DATABASE db1;
CREATE USER u@localhost IDENTIFIED BY 'pw';
set global log_warnings=2;
connect(localhost,u,pw,db1,MASTER_PORT,MASTER_SOCKET);
ERROR 42000: Access denied for user 'u'@'localhost' to database 'db1'
FOUND /Access denied for user 'u'@'localhost' to database 'db1'/ in mysqld.1.err
set global log_warnings=@@log_warnings;
DROP DATABASE db1;
DROP USER u@localhost;
17 mysql-test/t/mdev_19276.test
View file
@@ -0,0 +1,17 @@
source include/not_embedded.inc;

CREATE DATABASE db1;
CREATE USER u@localhost IDENTIFIED BY 'pw';
set global log_warnings=2;

--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_DBACCESS_DENIED_ERROR
--connect(con1,localhost,u,pw,db1)
--connection default
let SEARCH_FILE=$MYSQLTEST_VARDIR/log/mysqld.1.err;
let SEARCH_RANGE= -50;
let SEARCH_PATTERN=Access denied for user 'u'@'localhost' to database 'db1';
source include/search_pattern_in_file.inc;
set global log_warnings=@@log_warnings;
DROP DATABASE db1;
DROP USER u@localhost;
24 sql/sql_acl.cc
View file
@@ -11295,7 +11295,7 @@ struct MPVIO_EXT :public MYSQL_PLUGIN_VIO
};

/**
a helper function to report an access denied error in all the proper places
a helper function to report an access denied error in most proper places
*/
static void login_failed_error(THD *thd)
{
@@ -12715,10 +12715,26 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
/* Change a database if necessary */
if (mpvio.db.length)
{
if (mysql_change_db(thd, &mpvio.db, FALSE))
uint err = mysql_change_db(thd, &mpvio.db, FALSE);
if(err)
{
/* mysql_change_db() has pushed the error message. */
status_var_increment(thd->status_var.access_denied_errors);
if (err == ER_DBACCESS_DENIED_ERROR)
{
/*
Got an "access denied" error, which must be handled
other access denied errors (see login_failed_error()).
mysql_change_db() already sent error to client, and
wrote to general log, we only need to increment the counter
and maybe write a warning to error log.
*/
status_var_increment(thd->status_var.access_denied_errors);
if (global_system_variables.log_warnings > 1)
{
Security_context* sctx = thd->security_ctx;
sql_print_warning(ER_THD(thd, err),
sctx->priv_user, sctx->priv_host, mpvio.db.str);
}
}
DBUG_RETURN(1);
}
}
26 sql/sql_db.cc
View file
@@ -1451,12 +1451,12 @@ static void backup_current_db_name(THD *thd,
a stack pointer set by Stored Procedures was used by replication after
the stack address was long gone.
@return Operation status
@retval FALSE Success
@retval TRUE Error
@return error code (ER_XXX)
@retval 0 Success
@retval >0 Error
*/

bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
uint mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
{
LEX_STRING new_db_file_name;

@@ -1480,13 +1480,13 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)

mysql_change_db_impl(thd, NULL, 0, thd->variables.collation_server);

DBUG_RETURN(FALSE);
DBUG_RETURN(0);
}
else
{
my_message(ER_NO_DB_ERROR, ER_THD(thd, ER_NO_DB_ERROR), MYF(0));

DBUG_RETURN(TRUE);
DBUG_RETURN(ER_NO_DB_ERROR);
}
}
DBUG_PRINT("enter",("name: '%s'", new_db_name->str));
@@ -1498,7 +1498,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
mysql_change_db_impl(thd, &INFORMATION_SCHEMA_NAME, SELECT_ACL,
system_charset_info);

DBUG_RETURN(FALSE);
DBUG_RETURN(0);
}

/*
@@ -1513,7 +1513,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
new_db_file_name.length= new_db_name->length;

if (new_db_file_name.str == NULL)
DBUG_RETURN(TRUE); /* the error is set */
DBUG_RETURN(ER_OUT_OF_RESOURCES); /* the error is set */

/*
NOTE: if check_db_name() fails, we should throw an error in any case,
@@ -1532,7 +1532,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
if (force_switch)
mysql_change_db_impl(thd, NULL, 0, thd->variables.collation_server);

DBUG_RETURN(TRUE);
DBUG_RETURN(ER_WRONG_DB_NAME);
}

DBUG_PRINT("info",("Use database: %s", new_db_file_name.str));
@@ -1562,7 +1562,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
general_log_print(thd, COM_INIT_DB, ER_THD(thd, ER_DBACCESS_DENIED_ERROR),
sctx->priv_user, sctx->priv_host, new_db_file_name.str);
my_free(new_db_file_name.str);
DBUG_RETURN(TRUE);
DBUG_RETURN(ER_DBACCESS_DENIED_ERROR);
}
#endif

@@ -1586,7 +1586,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)

/* The operation succeed. */

DBUG_RETURN(FALSE);
DBUG_RETURN(0);
}
else
{
@@ -1597,7 +1597,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)

/* The operation failed. */

DBUG_RETURN(TRUE);
DBUG_RETURN(ER_BAD_DB_ERROR);
}
}

@@ -1610,7 +1610,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)

mysql_change_db_impl(thd, &new_db_file_name, db_access, db_default_cl);

DBUG_RETURN(FALSE);
DBUG_RETURN(0);
}


2 sql/sql_db.h
View file
@@ -26,7 +26,7 @@ bool mysql_alter_db(THD *thd, const char *db,
const Schema_specification_st *create);
bool mysql_rm_db(THD *thd, char *db, bool if_exists);
bool mysql_upgrade_db(THD *thd, LEX_STRING *old_db);
bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name,
uint mysql_change_db(THD *thd, const LEX_STRING *new_db_name,
bool force_switch);

bool mysql_opt_change_db(THD *thd,

0 comments on commit 7590861

Please sign in to comment.