MDEV-13641 host errors are not reset after successful connection.

Fixed thd_set_peer_addr() to propagate host error count from
ip_to_hostname() to check_connection(), which tests this count to clear
errors affter successful authentication.

3 files changed, 37 insertions, 7 deletions

diff --git a/sql/net_serv.cc b/sql/net_serv.cc
index 82725052ab3..16b4e569565 100644
--- a/sql/net_serv.cc
+++ b/sql/net_serv.cc
@@ -882,8 +882,10 @@ static handle_proxy_header_result handle_proxy_header(NET *net)
     /* proxy header indicates LOCAL connection, no action necessary */
     return RETRY;
   /* Change peer address in THD and ACL structures.*/
+  uint host_errors;
   return (handle_proxy_header_result)thd_set_peer_addr(thd,
-                         &(peer_info.peer_addr), NULL, peer_info.port, false);
+                         &(peer_info.peer_addr), NULL, peer_info.port,
+                         false, &host_errors);
 #endif
 }
 
diff --git a/sql/sql_connect.cc b/sql/sql_connect.cc
index d76c57b7789..67bd5470799 100644
--- a/sql/sql_connect.cc
+++ b/sql/sql_connect.cc
@@ -837,10 +837,34 @@ bool init_new_connection_handler_thread()
   return 0;
 }
 
-int thd_set_peer_addr(THD *thd, sockaddr_storage *addr, const char *ip,uint port, bool check_proxy_networks)
+/**
+  Set client address during authentication.
+
+  Initializes THD::main_security_ctx and THD::peer_port.
+  Optionally does ip to hostname translation.
+
+  @param thd   current THD handle
+  @param addr  peer address (can be NULL, if 'ip' is set)
+  @param ip    peer address as string (can be NULL if 'addr' is set)
+  @param port  peer port
+  @param check_proxy_networks if true, and host is in
+               'proxy_protocol_networks' list, skip
+               "host not privileged" check
+  @param[out] host_errors - number of connect
+              errors for this host
+
+  @retval 0 ok, 1 error
+*/
+int thd_set_peer_addr(THD *thd,
+  sockaddr_storage *addr,
+  const char *ip,
+  uint port,
+  bool check_proxy_networks,
+  uint *host_errors)
 {
-  uint connect_errors;
-  thd->peer_port = port;
+  *host_errors= 0;
+
+  thd->peer_port= port;
 
   char ip_string[128];
   if (!ip)
@@ -886,7 +910,7 @@ int thd_set_peer_addr(THD *thd, sockaddr_storage *addr, const char *ip,uint port
     rc = ip_to_hostname(addr,
       thd->main_security_ctx.ip,
       &thd->main_security_ctx.host,
-      &connect_errors);
+      host_errors);
 
     /* Cut very long hostnames to avoid possible overflows */
     if (thd->main_security_ctx.host)
@@ -1027,7 +1051,8 @@ static int check_connection(THD *thd)
       return 1;
     }
 
-    if (thd_set_peer_addr(thd, &net->vio->remote, ip, peer_port, true))
+    if (thd_set_peer_addr(thd, &net->vio->remote, ip, peer_port,
+                          true, &connect_errors))
       return 1;
   }
   else /* Hostname given means that the connection was on a socket */
diff --git a/sql/sql_connect.h b/sql/sql_connect.h
index cd3650fb2b2..67950061da8 100644
--- a/sql/sql_connect.h
+++ b/sql/sql_connect.h
@@ -85,7 +85,10 @@ bool thd_init_client_charset(THD *thd, uint cs_number);
 bool setup_connection_thread_globals(THD *thd);
 bool thd_prepare_connection(THD *thd);
 bool thd_is_connection_alive(THD *thd);
-int thd_set_peer_addr(THD *thd, sockaddr_storage *addr, const char *ip, uint port, bool check_proxy_networks);
+int thd_set_peer_addr(THD *thd, sockaddr_storage *addr,
+                      const char *ip, uint port,
+                      bool check_proxy_networks,
+                      uint *host_errors);
 
 bool login_connection(THD *thd);
 void prepare_new_connection_state(THD* thd);