From fda846b4af2fdb78a9c347650a51931ce499f351 Mon Sep 17 00:00:00 2001
From: Oleksandr Byelkin <sanja@mariadb.com>
Date: Mon, 13 May 2019 21:34:16 +0200
Subject: MDEV-19277: Add status variable that gets incremented if connection
 is aborted prior to authentication MDEV-19282: Log more specific warning with
 log_warnings=2 if connection is aborted prior to authentication

---
 mysql-test/main/connect.result | 22 ++++++++++++++++++++++
 mysql-test/main/connect.test   | 34 ++++++++++++++++++++++++++++++++++
 sql/mysqld.cc                  | 17 ++++++++++++-----
 sql/mysqld.h                   |  2 +-
 sql/sql_acl.cc                 |  2 ++
 sql/sql_connect.cc             |  5 +++++
 6 files changed, 76 insertions(+), 6 deletions(-)

diff --git a/mysql-test/main/connect.result b/mysql-test/main/connect.result
index 89e10d221d2..8fa7724cff0 100644
--- a/mysql-test/main/connect.result
+++ b/mysql-test/main/connect.result
@@ -408,3 +408,25 @@ test
 test
 drop procedure p1;
 SET global secure_auth=default;
+#
+# MDEV-19282: Log more specific warning with log_warnings=2 if
+# connection is aborted prior to authentication
+# MDEV-19277: Add status variable that gets incremented if
+# connection is aborted prior to authentication
+#
+flush status;
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+Variable_name	Value
+Aborted_clients	0
+Aborted_connects	0
+Aborted_connects_preauth	0
+SET GLOBAL log_warnings=2;
+NOT FOUND /This connection closed normally without authentication/ in mysqld.1.err
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+Variable_name	Value
+Aborted_clients	0
+Aborted_connects	1
+Aborted_connects_preauth	1
+FOUND 1 /This connection closed normally without authentication/ in mysqld.1.err
+SET GLOBAL log_warnings=default;
+# End of 10.4 tests
diff --git a/mysql-test/main/connect.test b/mysql-test/main/connect.test
index b0461a5afac..1b804c2b0bb 100644
--- a/mysql-test/main/connect.test
+++ b/mysql-test/main/connect.test
@@ -453,3 +453,37 @@ call p1(2);
 drop procedure p1;
 
 SET global secure_auth=default;
+
+--echo #
+--echo # MDEV-19282: Log more specific warning with log_warnings=2 if
+--echo # connection is aborted prior to authentication
+--echo # MDEV-19277: Add status variable that gets incremented if
+--echo # connection is aborted prior to authentication
+--echo #
+
+flush status;
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+
+SET GLOBAL log_warnings=2;
+--let SEARCH_FILE=$MYSQLTEST_VARDIR/log/mysqld.1.err
+--let SEARCH_PATTERN= This connection closed normally without authentication
+--source include/search_pattern_in_file.inc
+
+--perl
+use Socket;
+use autodie;
+socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
+connect(SOCK, pack_sockaddr_in($ENV{MASTER_MYPORT}, inet_aton("localhost")));
+exit(0);
+EOF
+
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+
+--let SEARCH_FILE=$MYSQLTEST_VARDIR/log/mysqld.1.err
+--let SEARCH_PATTERN= This connection closed normally without authentication
+--source include/search_pattern_in_file.inc
+
+SET GLOBAL log_warnings=default;
+
+
+--echo # End of 10.4 tests
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index dbe6055d387..dec23535551 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -492,7 +492,7 @@ ulonglong query_cache_size=0;
 ulong query_cache_limit=0;
 ulong executed_events=0;
 query_id_t global_query_id;
-ulong aborted_threads, aborted_connects;
+ulong aborted_threads, aborted_connects, aborted_connects_preauth;
 ulong delayed_insert_timeout, delayed_insert_limit, delayed_queue_size;
 ulong delayed_insert_threads, delayed_insert_writes, delayed_rows_in_use;
 ulong delayed_insert_errors,flush_time;
@@ -2560,13 +2560,19 @@ static void network_init(void)
 
 void close_connection(THD *thd, uint sql_errno)
 {
+  int lvl= (thd->main_security_ctx.user ? 3 : 1);
   DBUG_ENTER("close_connection");
 
   if (sql_errno)
+  {
     net_send_error(thd, sql_errno, ER_DEFAULT(sql_errno), NULL);
-
-  thd->print_aborted_warning(3, sql_errno ? ER_DEFAULT(sql_errno)
-                                          : "CLOSE_CONNECTION");
+    thd->print_aborted_warning(lvl, ER_DEFAULT(sql_errno));
+  }
+  else
+    thd->print_aborted_warning(lvl, (thd->main_security_ctx.user ?
+                                     "This connection closed normally" :
+                                     "This connection closed normally without"
+                                      " authentication"));
 
   thd->disconnect();
 
@@ -7615,6 +7621,7 @@ int show_threadpool_idle_threads(THD *thd, SHOW_VAR *var, char *buff,
 SHOW_VAR status_vars[]= {
   {"Aborted_clients",          (char*) &aborted_threads,        SHOW_LONG},
   {"Aborted_connects",         (char*) &aborted_connects,       SHOW_LONG},
+  {"Aborted_connects_preauth", (char*) &aborted_connects_preauth, SHOW_LONG},
   {"Acl",                      (char*) acl_statistics,          SHOW_ARRAY},
   {"Access_denied_errors",     (char*) offsetof(STATUS_VAR, access_denied_errors), SHOW_LONG_STATUS},
   {"Binlog_bytes_written",     (char*) offsetof(STATUS_VAR, binlog_bytes_written), SHOW_LONGLONG_STATUS},
@@ -8026,7 +8033,7 @@ static int mysql_init_variables(void)
   opt_using_transactions= 0;
   abort_loop= select_thread_in_use= signal_thread_in_use= 0;
   grant_option= 0;
-  aborted_threads= aborted_connects= 0;
+  aborted_threads= aborted_connects= aborted_connects_preauth= 0;
   subquery_cache_miss= subquery_cache_hit= 0;
   delayed_insert_threads= delayed_insert_writes= delayed_rows_in_use= 0;
   delayed_insert_errors= thread_created= 0;
diff --git a/sql/mysqld.h b/sql/mysqld.h
index ddb3f23bcd0..f404b11b7b4 100644
--- a/sql/mysqld.h
+++ b/sql/mysqld.h
@@ -215,7 +215,7 @@ extern ulonglong thd_startup_options;
 extern my_thread_id global_thread_id;
 extern ulong binlog_cache_use, binlog_cache_disk_use;
 extern ulong binlog_stmt_cache_use, binlog_stmt_cache_disk_use;
-extern ulong aborted_threads,aborted_connects;
+extern ulong aborted_threads, aborted_connects, aborted_connects_preauth;
 extern ulong delayed_insert_timeout;
 extern ulong delayed_insert_limit, delayed_queue_size;
 extern ulong delayed_insert_threads, delayed_insert_writes;
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 87cfb2b95bb..27f2a985931 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -13718,6 +13718,8 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
 
   Security_context * const sctx= thd->security_ctx;
   const ACL_USER * acl_user= mpvio.acl_user;
+  if (!acl_user)
+    statistic_increment(aborted_connects_preauth, &LOCK_status);
 
   if (acl_user)
   {
diff --git a/sql/sql_connect.cc b/sql/sql_connect.cc
index 6ce2aeb095c..1d1057cf6c2 100644
--- a/sql/sql_connect.cc
+++ b/sql/sql_connect.cc
@@ -1036,12 +1036,16 @@ static int check_connection(THD *thd)
       */
       statistic_increment(connection_errors_peer_addr, &LOCK_status);
       my_error(ER_BAD_HOST_ERROR, MYF(0));
+      statistic_increment(aborted_connects_preauth, &LOCK_status);
       return 1;
     }
 
     if (thd_set_peer_addr(thd, &net->vio->remote, ip, peer_port,
                           true, &connect_errors))
+    {
+      statistic_increment(aborted_connects_preauth, &LOCK_status);
       return 1;
+    }
   }
   else /* Hostname given means that the connection was on a socket */
   {
@@ -1069,6 +1073,7 @@ static int check_connection(THD *thd)
     */
     statistic_increment(aborted_connects,&LOCK_status);
     statistic_increment(connection_errors_internal, &LOCK_status);
+    statistic_increment(aborted_connects_preauth, &LOCK_status);
     return 1; /* The error is set by alloc(). */
   }
 
-- 
cgit v1.2.1