MDEV-19277: Add status variable that gets incremented if connection is aborted prior to authentication

MDEV-19282: Log more specific warning with log_warnings=2 if connection is aborted prior to authentication

mysql-test/main/connect.result

@@ -408,3 +408,36 @@ test
 test
 drop procedure p1;
 SET global secure_auth=default;
+#
+# MDEV-19282: Log more specific warning with log_warnings=2 if
+# connection is aborted prior to authentication
+# MDEV-19277: Add status variable that gets incremented if
+# connection is aborted prior to authentication
+#
+flush status;
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+Variable_name	Value
+Aborted_clients	0
+Aborted_connects	0
+Aborted_connects_preauth	0
+SET GLOBAL log_warnings=2;
+NOT FOUND /This connection closed normally without authentication/ in mysqld.1.err
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+Variable_name	Value
+Aborted_clients	0
+Aborted_connects	1
+Aborted_connects_preauth	1
+FOUND 1 /This connection closed normally without authentication/ in mysqld.1.err
+FOUND 52 /unauthenticated/ in mysqld.1.err
+SET @save_connect_timeout= @@connect_timeout;
+SET GLOBAL connect_timeout=2;
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+Variable_name	Value
+Aborted_clients	0
+Aborted_connects	2
+Aborted_connects_preauth	2
+FOUND 2 /This connection closed normally without authentication/ in mysqld.1.err
+FOUND 53 /unauthenticated/ in mysqld.1.err
+SET GLOBAL log_warnings=default;
+SET GLOBAL connect_timeout= @save_connect_timeout;
+# End of 10.4 tests

mysql-test/main/connect.test

@@ -453,3 +453,58 @@ call p1(2);
 drop procedure p1;
 
 SET global secure_auth=default;
+
+--echo #
+--echo # MDEV-19282: Log more specific warning with log_warnings=2 if
+--echo # connection is aborted prior to authentication
+--echo # MDEV-19277: Add status variable that gets incremented if
+--echo # connection is aborted prior to authentication
+--echo #
+
+flush status;
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+
+SET GLOBAL log_warnings=2;
+--let SEARCH_FILE=$MYSQLTEST_VARDIR/log/mysqld.1.err
+--let SEARCH_PATTERN= This connection closed normally without authentication
+--source include/search_pattern_in_file.inc
+
+--perl
+use Socket;
+use autodie;
+socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
+connect(SOCK, pack_sockaddr_in($ENV{MASTER_MYPORT}, inet_aton("localhost")));
+exit(0);
+EOF
+
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+
+--let SEARCH_PATTERN= This connection closed normally without authentication
+--source include/search_pattern_in_file.inc
+
+--let SEARCH_PATTERN= unauthenticated
+--source include/search_pattern_in_file.inc
+
+SET @save_connect_timeout= @@connect_timeout;
+SET GLOBAL connect_timeout=2;
+
+--perl
+use Socket;
+use autodie;
+socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
+connect(SOCK, pack_sockaddr_in($ENV{MASTER_MYPORT}, inet_aton("localhost")));
+sleep 3;
+exit(0);
+EOF
+
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+
+--let SEARCH_PATTERN= This connection closed normally without authentication
+--source include/search_pattern_in_file.inc
+
+--let SEARCH_PATTERN= unauthenticated
+--source include/search_pattern_in_file.inc
+SET GLOBAL log_warnings=default;
+SET GLOBAL connect_timeout= @save_connect_timeout;
+
+--echo # End of 10.4 tests

sql/mysqld.cc

@@ -492,7 +492,7 @@ ulonglong query_cache_size=0;
 ulong query_cache_limit=0;
 ulong executed_events=0;
 query_id_t global_query_id;
-ulong aborted_threads, aborted_connects;
+ulong aborted_threads, aborted_connects, aborted_connects_preauth;
 ulong delayed_insert_timeout, delayed_insert_limit, delayed_queue_size;
 ulong delayed_insert_threads, delayed_insert_writes, delayed_rows_in_use;
 ulong delayed_insert_errors,flush_time;
@@ -2560,13 +2560,19 @@ static void network_init(void)
 
 void close_connection(THD *thd, uint sql_errno)
 {
+  int lvl= (thd->main_security_ctx.user ? 3 : 1);
   DBUG_ENTER("close_connection");
 
   if (sql_errno)
+  {
     net_send_error(thd, sql_errno, ER_DEFAULT(sql_errno), NULL);
-
+    thd->print_aborted_warning(lvl, ER_DEFAULT(sql_errno));
-  thd->print_aborted_warning(3, sql_errno ? ER_DEFAULT(sql_errno)
+  }
-                                          : "CLOSE_CONNECTION");
+  else
+    thd->print_aborted_warning(lvl, (thd->main_security_ctx.user ?
+                                     "This connection closed normally" :
+                                     "This connection closed normally without"
+                                      " authentication"));
 
   thd->disconnect();
 
@@ -7615,6 +7621,7 @@ int show_threadpool_idle_threads(THD *thd, SHOW_VAR *var, char *buff,
 SHOW_VAR status_vars[]= {
   {"Aborted_clients",          (char*) &aborted_threads,        SHOW_LONG},
   {"Aborted_connects",         (char*) &aborted_connects,       SHOW_LONG},
+  {"Aborted_connects_preauth", (char*) &aborted_connects_preauth, SHOW_LONG},
   {"Acl",                      (char*) acl_statistics,          SHOW_ARRAY},
   {"Access_denied_errors",     (char*) offsetof(STATUS_VAR, access_denied_errors), SHOW_LONG_STATUS},
   {"Binlog_bytes_written",     (char*) offsetof(STATUS_VAR, binlog_bytes_written), SHOW_LONGLONG_STATUS},
@@ -8026,7 +8033,7 @@ static int mysql_init_variables(void)
   opt_using_transactions= 0;
   abort_loop= select_thread_in_use= signal_thread_in_use= 0;
   grant_option= 0;
-  aborted_threads= aborted_connects= 0;
+  aborted_threads= aborted_connects= aborted_connects_preauth= 0;
   subquery_cache_miss= subquery_cache_hit= 0;
   delayed_insert_threads= delayed_insert_writes= delayed_rows_in_use= 0;
   delayed_insert_errors= thread_created= 0;

sql/mysqld.h

@@ -215,7 +215,7 @@ extern ulonglong thd_startup_options;
 extern my_thread_id global_thread_id;
 extern ulong binlog_cache_use, binlog_cache_disk_use;
 extern ulong binlog_stmt_cache_use, binlog_stmt_cache_disk_use;
-extern ulong aborted_threads,aborted_connects;
+extern ulong aborted_threads, aborted_connects, aborted_connects_preauth;
 extern ulong delayed_insert_timeout;
 extern ulong delayed_insert_limit, delayed_queue_size;
 extern ulong delayed_insert_threads, delayed_insert_writes;

sql/sql_acl.cc

@@ -13718,6 +13718,8 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
 
   Security_context * const sctx= thd->security_ctx;
   const ACL_USER * acl_user= mpvio.acl_user;
+  if (!acl_user)
+    statistic_increment(aborted_connects_preauth, &LOCK_status);
 
   if (acl_user)
   {

sql/sql_connect.cc

@@ -1036,13 +1036,17 @@ static int check_connection(THD *thd)
       */
       statistic_increment(connection_errors_peer_addr, &LOCK_status);
       my_error(ER_BAD_HOST_ERROR, MYF(0));
+      statistic_increment(aborted_connects_preauth, &LOCK_status);
       return 1;
     }
 
     if (thd_set_peer_addr(thd, &net->vio->remote, ip, peer_port,
                           true, &connect_errors))
+    {
+      statistic_increment(aborted_connects_preauth, &LOCK_status);
       return 1;
     }
+  }
   else /* Hostname given means that the connection was on a socket */
   {
     DBUG_PRINT("info",("Host: %s", thd->main_security_ctx.host));
@@ -1069,6 +1073,7 @@ static int check_connection(THD *thd)
     */
     statistic_increment(aborted_connects,&LOCK_status);
     statistic_increment(connection_errors_internal, &LOCK_status);
+    statistic_increment(aborted_connects_preauth, &LOCK_status);
     return 1; /* The error is set by alloc(). */
   }