Backporting WL#3953 from 6.0. Original revision:

------------------------------------------------------------
revno: 2476.714.9
committer: markleith@medusa.mysql.com
timestamp: Mon 2007-09-03 23:18:50 +0100
message:
  Bug#25822 / WL#3953 - Log Access Denied errors for bad passwords in the error log
  
  Added logging of Access Denied messages on failed new connections to the 
  error log when log-warnings = 2.
  
  This allows a user to log these messages without having to incur the overhead
  of using the general query log on production systems.
------------------------------------------------------------

1 files changed, 12 insertions, 0 deletions

diff --git a/sql/sql_connect.cc b/sql/sql_connect.cc
index 4ae267a880c..cfcf2af3d09 100644
--- a/sql/sql_connect.cc
+++ b/sql/sql_connect.cc
@@ -486,6 +486,18 @@ check_user(THD *thd, enum enum_server_command command,
                     thd->main_security_ctx.user,
                     thd->main_security_ctx.host_or_ip,
                     passwd_len ? ER(ER_YES) : ER(ER_NO));
+  /*
+    log access denied messages to the error log when log-warnings = 2
+    so that the overhead of the general query log is not required to track
+    failed connections
+  */
+  if (global_system_variables.log_warnings > 1)
+  {
+    sql_print_warning(ER(ER_ACCESS_DENIED_ERROR),
+                      thd->main_security_ctx.user,
+                      thd->main_security_ctx.host_or_ip,
+                      passwd_len ? ER(ER_YES) : ER(ER_NO));
+  }
   DBUG_RETURN(1);
 #endif /* NO_EMBEDDED_ACCESS_CHECKS */
 }