MDEV-19277: Add status variable that gets incremented if connection is aborted prior to authentication

MDEV-19282: Log more specific warning with log_warnings=2 if connection is aborted prior to authentication
2019-05-13 21:34:16 +02:00 · 2019-05-13 21:34:16 +02:00 · 29a0f5acf3
commit 29a0f5acf3
parent c3ea52c92a
6 changed files with 108 additions and 6 deletions
--- a/mysql-test/main/connect.result
+++ b/mysql-test/main/connect.result
@ -408,3 +408,36 @@ test
 test
 drop procedure p1;
 SET global secure_auth=default;
+#
+# MDEV-19282: Log more specific warning with log_warnings=2 if
+# connection is aborted prior to authentication
+# MDEV-19277: Add status variable that gets incremented if
+# connection is aborted prior to authentication
+#
+flush status;
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+Variable_name	Value
+Aborted_clients	0
+Aborted_connects	0
+Aborted_connects_preauth	0
+SET GLOBAL log_warnings=2;
+NOT FOUND /This connection closed normally without authentication/ in mysqld.1.err
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+Variable_name	Value
+Aborted_clients	0
+Aborted_connects	1
+Aborted_connects_preauth	1
+FOUND 1 /This connection closed normally without authentication/ in mysqld.1.err
+FOUND 52 /unauthenticated/ in mysqld.1.err
+SET @save_connect_timeout= @@connect_timeout;
+SET GLOBAL connect_timeout=2;
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+Variable_name	Value
+Aborted_clients	0
+Aborted_connects	2
+Aborted_connects_preauth	2
+FOUND 2 /This connection closed normally without authentication/ in mysqld.1.err
+FOUND 53 /unauthenticated/ in mysqld.1.err
+SET GLOBAL log_warnings=default;
+SET GLOBAL connect_timeout= @save_connect_timeout;
+# End of 10.4 tests
--- a/mysql-test/main/connect.test
+++ b/mysql-test/main/connect.test
@ -453,3 +453,58 @@ call p1(2);
 drop procedure p1;

 SET global secure_auth=default;
+
+--echo #
+--echo # MDEV-19282: Log more specific warning with log_warnings=2 if
+--echo # connection is aborted prior to authentication
+--echo # MDEV-19277: Add status variable that gets incremented if
+--echo # connection is aborted prior to authentication
+--echo #
+
+flush status;
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+
+SET GLOBAL log_warnings=2;
+--let SEARCH_FILE=$MYSQLTEST_VARDIR/log/mysqld.1.err
+--let SEARCH_PATTERN= This connection closed normally without authentication
+--source include/search_pattern_in_file.inc
+
+--perl
+use Socket;
+use autodie;
+socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
+connect(SOCK, pack_sockaddr_in($ENV{MASTER_MYPORT}, inet_aton("localhost")));
+exit(0);
+EOF
+
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+
+--let SEARCH_PATTERN= This connection closed normally without authentication
+--source include/search_pattern_in_file.inc
+
+--let SEARCH_PATTERN= unauthenticated
+--source include/search_pattern_in_file.inc
+
+SET @save_connect_timeout= @@connect_timeout;
+SET GLOBAL connect_timeout=2;
+
+--perl
+use Socket;
+use autodie;
+socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
+connect(SOCK, pack_sockaddr_in($ENV{MASTER_MYPORT}, inet_aton("localhost")));
+sleep 3;
+exit(0);
+EOF
+
+SHOW GLOBAL STATUS LIKE 'Aborted%';
+
+--let SEARCH_PATTERN= This connection closed normally without authentication
+--source include/search_pattern_in_file.inc
+
+--let SEARCH_PATTERN= unauthenticated
+--source include/search_pattern_in_file.inc
+SET GLOBAL log_warnings=default;
+SET GLOBAL connect_timeout= @save_connect_timeout;
+
+--echo # End of 10.4 tests
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@ -492,7 +492,7 @@ ulonglong query_cache_size=0;
 ulong query_cache_limit=0;
 ulong executed_events=0;
 query_id_t global_query_id;
-ulong aborted_threads, aborted_connects;
+ulong aborted_threads, aborted_connects, aborted_connects_preauth;
 ulong delayed_insert_timeout, delayed_insert_limit, delayed_queue_size;
 ulong delayed_insert_threads, delayed_insert_writes, delayed_rows_in_use;
 ulong delayed_insert_errors,flush_time;
@ -2560,13 +2560,19 @@ static void network_init(void)

 void close_connection(THD *thd, uint sql_errno)
 {
+  int lvl= (thd->main_security_ctx.user ? 3 : 1);
  DBUG_ENTER("close_connection");

  if (sql_errno)
+  {
    net_send_error(thd, sql_errno, ER_DEFAULT(sql_errno), NULL);
-
-  thd->print_aborted_warning(3, sql_errno ? ER_DEFAULT(sql_errno)
-                                          : "CLOSE_CONNECTION");
+    thd->print_aborted_warning(lvl, ER_DEFAULT(sql_errno));
+  }
+  else
+    thd->print_aborted_warning(lvl, (thd->main_security_ctx.user ?
+                                     "This connection closed normally" :
+                                     "This connection closed normally without"
+                                      " authentication"));

  thd->disconnect();

@ -7615,6 +7621,7 @@ int show_threadpool_idle_threads(THD *thd, SHOW_VAR *var, char *buff,
 SHOW_VAR status_vars[]= {
  {"Aborted_clients",          (char*) &aborted_threads,        SHOW_LONG},
  {"Aborted_connects",         (char*) &aborted_connects,       SHOW_LONG},
+  {"Aborted_connects_preauth", (char*) &aborted_connects_preauth, SHOW_LONG},
  {"Acl",                      (char*) acl_statistics,          SHOW_ARRAY},
  {"Access_denied_errors",     (char*) offsetof(STATUS_VAR, access_denied_errors), SHOW_LONG_STATUS},
  {"Binlog_bytes_written",     (char*) offsetof(STATUS_VAR, binlog_bytes_written), SHOW_LONGLONG_STATUS},
@ -8026,7 +8033,7 @@ static int mysql_init_variables(void)
  opt_using_transactions= 0;
  abort_loop= select_thread_in_use= signal_thread_in_use= 0;
  grant_option= 0;
-  aborted_threads= aborted_connects= 0;
+  aborted_threads= aborted_connects= aborted_connects_preauth= 0;
  subquery_cache_miss= subquery_cache_hit= 0;
  delayed_insert_threads= delayed_insert_writes= delayed_rows_in_use= 0;
  delayed_insert_errors= thread_created= 0;
--- a/sql/mysqld.h
+++ b/sql/mysqld.h
@ -215,7 +215,7 @@ extern ulonglong thd_startup_options;
 extern my_thread_id global_thread_id;
 extern ulong binlog_cache_use, binlog_cache_disk_use;
 extern ulong binlog_stmt_cache_use, binlog_stmt_cache_disk_use;
-extern ulong aborted_threads,aborted_connects;
+extern ulong aborted_threads, aborted_connects, aborted_connects_preauth;
 extern ulong delayed_insert_timeout;
 extern ulong delayed_insert_limit, delayed_queue_size;
 extern ulong delayed_insert_threads, delayed_insert_writes;
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -13718,6 +13718,8 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)

  Security_context * const sctx= thd->security_ctx;
  const ACL_USER * acl_user= mpvio.acl_user;
+  if (!acl_user)
+    statistic_increment(aborted_connects_preauth, &LOCK_status);

  if (acl_user)
  {
--- a/sql/sql_connect.cc
+++ b/sql/sql_connect.cc
@ -1036,13 +1036,17 @@ static int check_connection(THD *thd)
      */
      statistic_increment(connection_errors_peer_addr, &LOCK_status);
      my_error(ER_BAD_HOST_ERROR, MYF(0));
+      statistic_increment(aborted_connects_preauth, &LOCK_status);
      return 1;
    }

    if (thd_set_peer_addr(thd, &net->vio->remote, ip, peer_port,
                          true, &connect_errors))
+    {
+      statistic_increment(aborted_connects_preauth, &LOCK_status);
      return 1;
    }
+  }
  else /* Hostname given means that the connection was on a socket */
  {
    DBUG_PRINT("info",("Host: %s", thd->main_security_ctx.host));
@ -1069,6 +1073,7 @@ static int check_connection(THD *thd)
    */
    statistic_increment(aborted_connects,&LOCK_status);
    statistic_increment(connection_errors_internal, &LOCK_status);
+    statistic_increment(aborted_connects_preauth, &LOCK_status);
    return 1; /* The error is set by alloc(). */
  }