fix #126

f35407a4 · martianzhang · c944ccd0 · f35407a4 · f35407a4 · f35407a4
Showing with 167 addition and 22 deletion

cmd/soar/tool.go cmd/soar/tool.go +10 -0

database/privilege.go database/privilege.go +104 -0

database/privilege_test.go database/privilege_test.go +31 -0

vendor/vendor.json vendor/vendor.json +22 -22

未找到文件。
--- a/cmd/soar/tool.go
+++ b/cmd/soar/tool.go
@@ -86,6 +86,11 @@ func checkConfig() int {
 			fmt.Println("test-dsn", common.Config.TestDSN)
 		}
 	}
+
+	if !testConn.HasAllPrivilege() {
+		fmt.Printf("test-dsn: %s, need all privileges", common.FormatDSN(common.Config.TestDSN))
+		return 1
+	}
 	// OnlineDSN connection check
 	onlineConn := &database.Connector{
 		Addr:     common.Config.OnlineDSN.Addr,
@@ -106,6 +111,11 @@ func checkConfig() int {
 			fmt.Println("online-dsn", common.Config.OnlineDSN)
 		}
 	}
+
+	if !onlineConn.HasSelectPrivilege() {
+		fmt.Printf("online-dsn: %s, need all privileges", common.FormatDSN(common.Config.OnlineDSN))
+		return 1
+	}
 	return 0
 }


--- a/database/privilege.go
+++ b/database/privilege.go
+/*
+ * Copyright 2018 Xiaomi, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package database
+
+import (
+	"errors"
+	"strings"
+
+	"github.com/XiaoMi/soar/common"
+)
+
+// CurrentUser get current user with current_user() function
+func (db *Connector) CurrentUser() (string, string, error) {
+	res, err := db.Query("select current_user()")
+	if err != nil {
+		return "", "", err
+	}
+	if len(res.Rows) > 0 {
+		cols := strings.Split(res.Rows[0].Str(0), "@")
+		if len(cols) == 2 {
+			user := strings.Trim(cols[0], "'")
+			host := strings.Trim(cols[1], "'")
+			if strings.Contains(user, "'") || strings.Contains(host, "'") {
+				return "", "", errors.New("user or host contains irregular character")
+			}
+			return user, host, nil
+		}
+		return "", "", errors.New("user or host contains irregular character")
+	}
+	return "", "", errors.New("no privilege info")
+}
+
+// HasSelectPrivilege if user has select privilege
+func (db *Connector) HasSelectPrivilege() bool {
+	user, host, err := db.CurrentUser()
+	if err != nil {
+		common.Log.Error("User: %s, HasSelectPrivilege: %s", db.User, err.Error())
+		return false
+	}
+	res, err := db.Query("select Select_priv from mysql.user where user='%s' and host='%s'", user, host)
+	if err != nil {
+		common.Log.Error("HasSelectPrivilege, DSN: %s, Error: %s", db.Addr, err.Error())
+		return false
+	}
+	// Select_priv
+	if len(res.Rows) > 0 {
+		if res.Rows[0].Str(0) == "Y" {
+			return true
+		}
+	}
+	return false
+}
+
+// HasAllPrivilege if user has all privileges
+func (db *Connector) HasAllPrivilege() bool {
+	user, host, err := db.CurrentUser()
+	if err != nil {
+		common.Log.Error("User: %s, HasAllPrivilege: %s", db.User, err.Error())
+		return false
+	}
+
+	// concat privilege columns
+	res, err := db.Query("SELECT GROUP_CONCAT(COLUMN_NAME) from information_schema.COLUMNS where TABLE_SCHEMA='mysql' and TABLE_NAME='user' and COLUMN_NAME like '%_priv'")
+	if err != nil {
+		common.Log.Error("HasAllPrivilege, DSN: %s, Error: %s", db.Addr, err.Error())
+		return false
+	}
+	var priv string
+	if len(res.Rows) > 0 {
+		priv = res.Rows[0].Str(0)
+	} else {
+		common.Log.Error("HasAllPrivilege, DSN: %s, get privilege string error", db.Addr)
+		return false
+	}
+
+	// get all privilege status
+	res, err = db.Query("select concat("+priv+") from mysql.user where user='%s' and host='%s'", user, host)
+	if err != nil {
+		common.Log.Error("HasAllPrivilege, DSN: %s, Error: %s", db.Addr, err.Error())
+		return false
+	}
+
+	// %_priv
+	if len(res.Rows) > 0 {
+		if strings.Replace(res.Rows[0].Str(0), "Y", "", -1) == "" {
+			return true
+		}
+	}
+	return false
+}
--- a/database/privilege_test.go
+++ b/database/privilege_test.go
+/*
+ * Copyright 2018 Xiaomi, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package database
+
+import "testing"
+
+func TestHasSelectPrivilege(t *testing.T) {
+	if !connTest.HasSelectPrivilege() {
+		t.Errorf("DSN: %s, User: %s, should has select privilege", connTest.Addr, connTest.User)
+	}
+}
+
+func TestHasAllPrivilege(t *testing.T) {
+	if !connTest.HasAllPrivilege() {
+		t.Errorf("DSN: %s, User: %s, should has all privilege", connTest.Addr, connTest.User)
+	}
+}
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -1034,68 +1034,68 @@
 		{
 			"checksumSHA1": "q7Bd5YJHsxvzEpiOBaYn+wEpqyU=",
 			"path": "vitess.io/vitess",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		},
 		{
 			"checksumSHA1": "aKn1oKcY74N8TRLm3Ayt7Q4bbI4=",
 			"path": "vitess.io/vitess/go/bytes2",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		},
 		{
 			"checksumSHA1": "JVCEN4UGRmg3TofIBdzZMZ3G0Ww=",
 			"path": "vitess.io/vitess/go/hack",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		},
 		{
 			"checksumSHA1": "e1WJ7vCnVrlQQQlc6n/FewCDMso=",
 			"path": "vitess.io/vitess/go/sqltypes",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		},
 		{
 			"checksumSHA1": "ntFIQYkBS51G6y+FEkjFW40+HOU=",
 			"path": "vitess.io/vitess/go/vt/log",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		},
 		{
 			"checksumSHA1": "XozR8bmeSR5KTe/nlUJkpJY2HKI=",
 			"path": "vitess.io/vitess/go/vt/proto/query",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		},
 		{
 			"checksumSHA1": "OnWsUHLDKcO3spwH0jD55SvKD24=",
 			"path": "vitess.io/vitess/go/vt/proto/topodata",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		},
 		{
 			"checksumSHA1": "sBAuZ/itMR8U8qbK4yLHxkP6Cpc=",
 			"path": "vitess.io/vitess/go/vt/proto/vtgate",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		},
 		{
 			"checksumSHA1": "pLWM+SPGZs3k+IhjktE/cGUlpM0=",
 			"path": "vitess.io/vitess/go/vt/proto/vtrpc",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		},
 		{
 			"checksumSHA1": "2ZBC/pPjs13cocUf8PoMSvAO5u4=",
 			"path": "vitess.io/vitess/go/vt/sqlparser",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		},
 		{
 			"checksumSHA1": "oF4XzuOzwvj1iduX/lYqNSyY/HM=",
 			"path": "vitess.io/vitess/go/vt/vterrors",
-			"revision": "32dd398dd5459e5cf15904db35aba7460519b612",
-			"revisionTime": "2018-11-22T02:19:16Z"
+			"revision": "9d0594c50251a5167ac786408cea822ae994951c",
+			"revisionTime": "2018-11-25T05:49:41Z"
 		}
 	],
 	"rootPath": "github.com/XiaoMi/soar"