When log_warnings is set to 2 or greater, most login failures are logged to the error log.
One exception currently seems to be the case where, if a database is selected during the login and if the user can't actually select that database, then their login will fail, but no warning will be printed to the log.
To reproduce, simply create a user account with no privileges:
And ensure that log_warnings is set to 2 or above:
Then try to login as this user while selecting a database that they can't use:
No warning will be printed to the log.
The root cause seems to be that if this section of code encounters an error:
Then it does not call the login_failed_error function:
This case actually has its own error code:
- Error code, 1044, error ID: ER_DBACCESS_DENIED_ERROR, error message: Access denied for user '%s'@'%s' to database '%s'
We might need to update the login_failed_error and access_denied_error_code functions to support this error code as well.
The only way to currently see a warning in the error log in this case is to set log_warnings=4. At that point, you'll see a warning like this:
But I think it should actually log a warning like this when log_warnings=2 is set instead: