MDEV-19276 during connect, write error log warning for ER_DBACCESS_DENIED_ERROR,

if log_warnings > 1.

This makes ER_DBACCESS_DENIED_ERROR handling the same as we do for other
"access denied"

3 files changed, 34 insertions, 18 deletions

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 83526532bdd..6448f65a2cd 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -11295,7 +11295,7 @@ struct MPVIO_EXT :public MYSQL_PLUGIN_VIO
 };
 
 /**
-  a helper function to report an access denied error in all the proper places
+  a helper function to report an access denied error in most proper places
 */
 static void login_failed_error(THD *thd)
 {
@@ -12715,10 +12715,26 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
   /* Change a database if necessary */
   if (mpvio.db.length)
   {
-    if (mysql_change_db(thd, &mpvio.db, FALSE))
+    uint err = mysql_change_db(thd, &mpvio.db, FALSE);
+    if(err)
     {
-      /* mysql_change_db() has pushed the error message. */
-      status_var_increment(thd->status_var.access_denied_errors);
+      if (err == ER_DBACCESS_DENIED_ERROR)
+      {
+        /*
+          Got an "access denied" error, which must be handled
+          other access denied errors (see login_failed_error()).
+          mysql_change_db() already sent error to client, and
+          wrote to general log, we only need to increment the counter
+          and maybe write a warning to error log.
+        */
+        status_var_increment(thd->status_var.access_denied_errors);
+        if (global_system_variables.log_warnings > 1)
+        {
+          Security_context* sctx = thd->security_ctx;
+          sql_print_warning(ER_THD(thd, err),
+            sctx->priv_user, sctx->priv_host, mpvio.db.str);
+        }
+      }
       DBUG_RETURN(1);
     }
   }
diff --git a/sql/sql_db.cc b/sql/sql_db.cc
index d7ed82a2ef3..7b83332ea62 100644
--- a/sql/sql_db.cc
+++ b/sql/sql_db.cc
@@ -1451,12 +1451,12 @@ static void backup_current_db_name(THD *thd,
   a stack pointer set by Stored Procedures was used by replication after
   the stack address was long gone.
 
-  @return Operation status
-    @retval FALSE Success
-    @retval TRUE  Error
+  @return error code (ER_XXX)
+    @retval 0 Success
+    @retval >0  Error
 */
 
-bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
+uint mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
 {
   LEX_STRING new_db_file_name;
 
@@ -1480,13 +1480,13 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
 
       mysql_change_db_impl(thd, NULL, 0, thd->variables.collation_server);
 
-      DBUG_RETURN(FALSE);
+      DBUG_RETURN(0);
     }
     else
     {
       my_message(ER_NO_DB_ERROR, ER_THD(thd, ER_NO_DB_ERROR), MYF(0));
 
-      DBUG_RETURN(TRUE);
+      DBUG_RETURN(ER_NO_DB_ERROR);
     }
   }
   DBUG_PRINT("enter",("name: '%s'", new_db_name->str));
@@ -1498,7 +1498,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
     mysql_change_db_impl(thd, &INFORMATION_SCHEMA_NAME, SELECT_ACL,
                          system_charset_info);
 
-    DBUG_RETURN(FALSE);
+    DBUG_RETURN(0);
   }
 
   /*
@@ -1513,7 +1513,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
   new_db_file_name.length= new_db_name->length;
 
   if (new_db_file_name.str == NULL)
-    DBUG_RETURN(TRUE);                             /* the error is set */
+    DBUG_RETURN(ER_OUT_OF_RESOURCES);                             /* the error is set */
 
   /*
     NOTE: if check_db_name() fails, we should throw an error in any case,
@@ -1532,7 +1532,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
     if (force_switch)
       mysql_change_db_impl(thd, NULL, 0, thd->variables.collation_server);
 
-    DBUG_RETURN(TRUE);
+    DBUG_RETURN(ER_WRONG_DB_NAME);
   }
 
   DBUG_PRINT("info",("Use database: %s", new_db_file_name.str));
@@ -1562,7 +1562,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
     general_log_print(thd, COM_INIT_DB, ER_THD(thd, ER_DBACCESS_DENIED_ERROR),
                       sctx->priv_user, sctx->priv_host, new_db_file_name.str);
     my_free(new_db_file_name.str);
-    DBUG_RETURN(TRUE);
+    DBUG_RETURN(ER_DBACCESS_DENIED_ERROR);
   }
 #endif
 
@@ -1586,7 +1586,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
 
       /* The operation succeed. */
 
-      DBUG_RETURN(FALSE);
+      DBUG_RETURN(0);
     }
     else
     {
@@ -1597,7 +1597,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
 
       /* The operation failed. */
 
-      DBUG_RETURN(TRUE);
+      DBUG_RETURN(ER_BAD_DB_ERROR);
     }
   }
 
@@ -1610,7 +1610,7 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
 
   mysql_change_db_impl(thd, &new_db_file_name, db_access, db_default_cl);
 
-  DBUG_RETURN(FALSE);
+  DBUG_RETURN(0);
 }
 
 
diff --git a/sql/sql_db.h b/sql/sql_db.h
index ed8417a7793..b778e42645a 100644
--- a/sql/sql_db.h
+++ b/sql/sql_db.h
@@ -26,7 +26,7 @@ bool mysql_alter_db(THD *thd, const char *db,
                     const Schema_specification_st *create);
 bool mysql_rm_db(THD *thd, char *db, bool if_exists);
 bool mysql_upgrade_db(THD *thd, LEX_STRING *old_db);
-bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name,
+uint mysql_change_db(THD *thd, const LEX_STRING *new_db_name,
                      bool force_switch);
 
 bool mysql_opt_change_db(THD *thd,