MSSQL CLRProcedures и ошибка безопасности CLR (SQL Server 2017) - PullRequest
Новая
       31

MSSQL CLRProcedures и ошибка безопасности CLR (SQL Server 2017)

0 голосов
/ 23 сентября 2019

Я использую SQL Server 2017 для установки одной из программ, которые мы используем.Все это отлично работает с MSSQL 2008 r2, но не работает в 2017 году.

Информация о нашем сервере:

enter image description here

Программное обеспечение, которое у нас есть, имеет свой собственный набор SQL-запросов, которые мы не можем изменить, мы просто вводим информацию о сервере, и он подключается и настраивает базу данных.

Когда это происходит, он выдает мне следующую ошибку: 

 10342 Assembly 'CLRProcedures' cannot be loaded because this edition of SQL Server only supports SAFE assemblies.

и SQL-запрос: 

--Assembly clrprocedures, version=2019.2.0.0, culture=neutral, publickeytoken=2e56e3245276317a, processorarchitecture=msil
CREATE ASSEMBLY [CLRProcedures]
AUTHORIZATION [dbo]
FROM 0x4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a24000000000[BUNCH OF NUMBERS HERE...]

WITH PERMISSION_SET=UNSAFE

Log:
--script on: Data Source=167.71.149.66;Integrated Security=False;Persist Security Info=False;User ID=SA;
GO
DROP DATABASE [Slabsmith3]
GO
--script on: Data Source=167.71.149.66;Integrated Security=False;Persist Security Info=False;User ID=SA;
GO
CREATE DATABASE [Slabsmith3]
GO
ALTER DATABASE [Slabsmith3] SET TRUSTWORTHY ON
GO
SP_CONFIGURE 'clr enabled', 1
GO
RECONFIGURE
GO
USE [Slabsmith3]
GO
--script on: Data Source=167.71.149.66;Initial Catalog=Slabsmith3;Integrated Security=False;Persist Security Info=False;User ID=SA;
GO
SET NUMERIC_ROUNDABORT OFF
GO
SET ANSI_PADDING, ANSI_WARNINGS, CONCAT_NULL_YIELDS_NULL, ARITHABORT, QUOTED_IDENTIFIER, ANSI_NULLS ON
GO
SET XACT_ABORT ON
GO
SET TRANSACTION ISOLATION LEVEL Serializable
GO
CREATE USER [BackgroundTaskAcknowledger] WITHOUT LOGIN
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE USER [ExtendedPropertyGetter] WITHOUT LOGIN
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE USER [ExtendedPropertySetter] WITHOUT LOGIN
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE USER [RoleProbe] WITHOUT LOGIN
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating role InventoryLock'
GO
CREATE ROLE [InventoryLock]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating role SSBasicUser'
GO
CREATE ROLE [SSBasicUser]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating role SSInventoryManager'
GO
CREATE ROLE [SSInventoryManager]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating role SSJobCreator'
GO
CREATE ROLE [SSJobCreator]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating role SSJobViewer'
GO
CREATE ROLE [SSJobViewer]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating role SSPowerUser'
GO
CREATE ROLE [SSPowerUser]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating role SSSlabCreator'
GO
CREATE ROLE [SSSlabCreator]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating role SSSlabDeleter'
GO
CREATE ROLE [SSSlabDeleter]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating role SSSlabViewer'
GO
CREATE ROLE [SSSlabViewer]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Altering members of role SSJobCreator'
GO
EXEC sp_addrolemember N'SSJobCreator', N'SSPowerUser'
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Altering members of role SSSlabCreator'
GO
EXEC sp_addrolemember N'SSSlabCreator', N'SSPowerUser'
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
BEGIN TRANSACTION
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating schemas'
GO
CREATE SCHEMA [API]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE SCHEMA [Actions]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE SCHEMA [Attachments]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE SCHEMA [Audit]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE SCHEMA [Importer]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE SCHEMA [Inventory]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE SCHEMA [NWD]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE SCHEMA [SSAdmin]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE SCHEMA [SSSlabBrowser]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
CREATE SCHEMA [Utilities]
AUTHORIZATION [dbo]
GO
IF @@ERROR <> 0 SET NOEXEC ON
GO
PRINT N'Creating CLR assemblies'
GO
--Assembly clrprocedures, version=2019.2.0.0, culture=neutral, publickeytoken=2e56e3245276317a, processorarchitecture=msil
CREATE ASSEMBLY [CLRProcedures]
AUTHORIZATION [dbo]
FROM 0x4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a240000[BUNCH OF NUMBERS CONTINUING HERE..]

WITH PERMISSION_SET=UNSAFE
GO

Я использовал приведенный ниже sql-запрос для отключения CLR Security, но он не работал. 

EXEC sp_configure 'show advanced options', 1
RECONFIGURE;
EXEC sp_configure 'clr strict security', 0;
RECONFIGURE;

1 Ответ

0 голосов
/ 24 сентября 2019

Microsoft изменила игру, запущенную с SQL Server 2017.

Вы должны создать файл SNK с помощью SDK util SN.EXE.Затем выполните следующий сценарий T-SQL.Сценарий создает асимметричный ключ и соответствующий логин. 

--Only for SQL SERVER 2017+
IF SERVERPROPERTY('productversion') >= '14'
   AND SUBSTRING(CAST(SERVERPROPERTY('productversion') AS NVARCHAR(10)), 1, 1) != '9'
    BEGIN
        DECLARE @path NVARCHAR(260);
        DECLARE @password NVARCHAR(128);
        DECLARE @tsqlToEval AS NVARCHAR(MAX);
        SET @path = N'C:\TMP\akCLRProcedures.snk';
        SET @password = N'Se1Tal0k';
        SET @tsqlToEval = N'USE MASTER;' + CHAR(13) + 'CREATE ASYMMETRIC KEY [akCLRProcedures]' + CHAR(13) + 'FROM FILE = ''' + @path + '''
                    ENCRYPTION BY PASSWORD = ''' + @password + '''';

        --PRINT @tsqlToEval

        IF
        (
            SELECT COUNT(*)
            FROM master.sys.asymmetric_keys
            WHERE name LIKE 'akCLRProcedures%'
        ) = 0
            BEGIN
                EXEC sp_executesql 
                     @tsqlToEval;
        END;
        IF NOT EXISTS
        (
            SELECT loginname
            FROM master.dbo.syslogins
            WHERE name = 'loginakCLRProcedures'
        )
            BEGIN
                DECLARE @sqlStatement AS NVARCHAR(1000);
                SELECT @SqlStatement = 'CREATE LOGIN [loginakCLRProcedures] FROM ASYMMETRIC KEY akCLRProcedures';
                EXEC sp_executesql 
                     @SqlStatement;
                EXEC sp_executesql 
                     N'USE MASTER;
                      GRANT UNSAFE ASSEMBLY TO [loginakCLRProcedures];';
        END;
END;

---- обновление 26.9.2019.

Следующий фрагмент кода создает асимметричный ключ с использованием пароля 

CREATE ASYMMETRIC KEY akCLRProcedures
    WITH ALGORITHM = RSA_2048 
        /* 
            Other Algorithms Supported as follows

            RSA_512
            RSA_1024
            AES_256
        */
    ENCRYPTION BY PASSWORD = 'UseAReallyStrongPasswordHere'
...