From: Mark Leith Date: September 3 2007 10:19pm Subject: bk commit into 5.2 tree (markleith:1.2598) BUG#25822 List-Archive: http://lists.mysql.com/commits/33602 X-Bug: 25822 Message-Id: <20070903221907.854EC654994@medusa.localhost> Below is the list of changes that have just been committed into a local 5.2 repository of markleith. When markleith does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet@stripped, 2007-09-03 23:18:50+01:00, markleith@stripped +1 -0 Bug#25822 / WL#3953 - Log Access Denied errors for bad passwords in the error log Added logging of Access Denied messages on failed new connections to the error log when log-warnings = 2. This allows a user to log these messages without having to incur the overhead of using the general query log on production systems. sql/sql_connect.cc@stripped, 2007-09-03 23:18:44+01:00, markleith@stripped +12 -0 Added logging of Access Denied messages to error log when log-warnings=2 diff -Nrup a/sql/sql_connect.cc b/sql/sql_connect.cc --- a/sql/sql_connect.cc 2007-07-30 09:33:44 +01:00 +++ b/sql/sql_connect.cc 2007-09-03 23:18:44 +01:00 @@ -502,6 +502,18 @@ int check_user(THD *thd, enum enum_serve thd->main_security_ctx.user, thd->main_security_ctx.host_or_ip, passwd_len ? ER(ER_YES) : ER(ER_NO)); + /* + log access denied messages to the error log when log-warnings = 2 + so that the overhead of the general query log is not required to track + failed connections + */ + if (global_system_variables.log_warnings > 1) + { + sql_print_warning(ER(ER_ACCESS_DENIED_ERROR), + thd->main_security_ctx.user, + thd->main_security_ctx.host_or_ip, + passwd_len ? ER(ER_YES) : ER(ER_NO)); + } DBUG_RETURN(-1); #endif /* NO_EMBEDDED_ACCESS_CHECKS */ }