Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19276

If login fails when selecting a database, no warning is printed to the log with log_warnings=2

    Details

      Description

      When log_warnings is set to 2 or greater, most login failures are logged to the error log.

      One exception currently seems to be the case where, if a database is selected during the login and if the user can't actually select that database, then their login will fail, but no warning will be printed to the log.

      To reproduce, simply create a user account with no privileges:

      CREATE USER 'bob'@'localhost' IDENTIFIED BY 'password';
      

      And ensure that log_warnings is set to 2 or above:

      SET GLOBAL log_warnings=2;
      

      Then try to login as this user while selecting a database that they can't use:

      $ mysql -u bob -ppassword db1
      ERROR 1044 (42000): Access denied for user 'bob'@'localhost' to database 'db1'
      

      No warning will be printed to the log.

      The root cause seems to be that if this section of code encounters an error:

      https://github.com/MariaDB/server/blob/mariadb-10.1.38/sql/sql_acl.cc#L12687

      Then it does not call the login_failed_error function:

      https://github.com/MariaDB/server/blob/mariadb-10.1.38/sql/sql_acl.cc#L11272

      This case actually has its own error code:

      • Error code, 1044, error ID: ER_DBACCESS_DENIED_ERROR, error message: Access denied for user '%s'@'%s' to database '%s'

      https://mariadb.com/kb/en/library/mariadb-error-codes/

      We might need to update the login_failed_error and access_denied_error_code functions to support this error code as well.

      https://github.com/MariaDB/server/blob/mariadb-10.1.38/sql/sql_acl.h#L190

      The only way to currently see a warning in the error log in this case is to set log_warnings=4. At that point, you'll see a warning like this:

      2019-04-18 18:25:03 140535201905408 [Warning] Aborted connection 334 to db: 'unconnected' user: 'bob' host: 'localhost' (CLOSE_CONNECTION)
      

      But I think it should actually log a warning like this when log_warnings=2 is set instead:

      2019-04-18 18:25:03 140535201905408 [Warning] Access denied for user 'bob'@'localhost' to database 'db1' (using password: YES)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                wlad Vladislav Vaintroub
                Reporter:
                GeoffMontee Geoff Montee
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: