From 6756b0fc5f25b2127c4cd9a4d4fe1ce6cd0bfc41 Mon Sep 17 00:00:00 2001 From: Alexander Nozdrin Date: Wed, 21 Oct 2009 18:00:58 +0400 Subject: Backporting WL#3953 from 6.0. Original revision: ------------------------------------------------------------ revno: 2476.714.9 committer: markleith@medusa.mysql.com timestamp: Mon 2007-09-03 23:18:50 +0100 message: Bug#25822 / WL#3953 - Log Access Denied errors for bad passwords in the error log Added logging of Access Denied messages on failed new connections to the error log when log-warnings = 2. This allows a user to log these messages without having to incur the overhead of using the general query log on production systems. ------------------------------------------------------------ --- sql/sql_connect.cc | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'sql/sql_connect.cc') diff --git a/sql/sql_connect.cc b/sql/sql_connect.cc index 4ae267a880c..cfcf2af3d09 100644 --- a/sql/sql_connect.cc +++ b/sql/sql_connect.cc @@ -486,6 +486,18 @@ check_user(THD *thd, enum enum_server_command command, thd->main_security_ctx.user, thd->main_security_ctx.host_or_ip, passwd_len ? ER(ER_YES) : ER(ER_NO)); + /* + log access denied messages to the error log when log-warnings = 2 + so that the overhead of the general query log is not required to track + failed connections + */ + if (global_system_variables.log_warnings > 1) + { + sql_print_warning(ER(ER_ACCESS_DENIED_ERROR), + thd->main_security_ctx.user, + thd->main_security_ctx.host_or_ip, + passwd_len ? ER(ER_YES) : ER(ER_NO)); + } DBUG_RETURN(1); #endif /* NO_EMBEDDED_ACCESS_CHECKS */ } -- cgit v1.2.1