mysql通过udf生成keyring导致sqlexception

rhfm7lfc  于 2021-06-20  发布在  Mysql
关注(0)|答案(1)|浏览(444)

这是我在dba stackexchange中提出的一个问题。我将在这里逐字张贴:
我正在尝试使用mysql建议的keyring插件加密我的表。在my/etc/my.cnf文件中,我设置了早期插件标志以及密钥环文件的位置。它看起来像这样:

[mysqld]
early-plugin-load=keyring_file.so
keyring_file_data=/usr/local/mysql/mysql-keyring/keyring

作为root用户,我还安装了keyring\u udf.so并创建了一些自定义项,如下所示:

INSTALL PLUGIN keyring_udf SONAME 'keyring_udf.so';
CREATE FUNCTION keyring_key_generate RETURNS INTEGER SONAME 'keyring_udf.so';
CREATE FUNCTION keyring_key_fetch RETURNS STRING SONAME 'keyring_udf.so';
CREATE FUNCTION keyring_key_length_fetch RETURNS INTEGER SONAME 'keyring_udf.so';
CREATE FUNCTION keyring_key_type_fetch RETURNS STRING SONAME 'keyring_udf.so';
CREATE FUNCTION keyring_key_store RETURNS INTEGER SONAME 'keyring_udf.so';
CREATE FUNCTION keyring_key_remove RETURNS INTEGER SONAME 'keyring_udf.so';

从这里开始,我试图定义一个这样的键:

SELECT keyring_key_generate('MyKey', 'AES', 32);

这将导致控制台发出以下消息:

[2018-06-15 15:11:38] Streaming result set com.mysql.jdbc.RowDataDynamic@15d7e44 is still active. No statements may be issued when any streaming result sets are open and in use on a given connection. Ensure that you have called .close() on any active streaming result sets before attempting more queries.
[2018-06-15 15:11:38] java.sql.SQLException: Streaming result set com.mysql.jdbc.RowDataDynamic@15d7e44 is still active. No statements may be issued when any streaming result sets are open and in use on a given connection. Ensure that you have called .close() on any active streaming result sets before attempting more queries.
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:868)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:864)
    at com.mysql.jdbc.MysqlIO.checkForOutstandingStreamingData(MysqlIO.java:3211)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2443)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2677)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2545)
    at com.mysql.jdbc.ConnectionImpl.setSessionMaxRows(ConnectionImpl.java:5432)
    at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.java:1365)
    at com.mysql.jdbc.SQLError.convertShowWarningsToSQLWarnings(SQLError.java:704)
    at com.mysql.jdbc.SQLError.convertShowWarningsToSQLWarnings(SQLError.java:656)
    at com.mysql.jdbc.StatementImpl.getWarnings(StatementImpl.java:2145)
    at com.intellij.database.remote.jdbc.impl.RemoteStatementImpl.getWarnings(RemoteStatementImpl.java:86)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:324)
    at sun.rmi.transport.Transport$1.run(Transport.java:200)
    at sun.rmi.transport.Transport$1.run(Transport.java:197)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
    at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:276)
    at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:253)
    at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:162)
    at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:227)
    at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:179)
    at com.sun.proxy.$Proxy121.getWarnings(Unknown Source)
    at sun.reflect.GeneratedMethodAccessor360.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.execution.rmi.RemoteUtil.invokeRemote(RemoteUtil.java:169)
    at com.intellij.execution.rmi.RemoteUtil.access$300(RemoteUtil.java:36)
    at com.intellij.execution.rmi.RemoteUtil$RemoteInvocationHandler.invoke(RemoteUtil.java:274)
    at com.sun.proxy.$Proxy122.getWarnings(Unknown Source)
    at com.intellij.database.console.JdbcEngine.b(JdbcEngine.java:444)
    at com.intellij.database.console.JdbcEngine.a(JdbcEngine.java:397)
    at com.intellij.database.console.JdbcEngine.b(JdbcEngine.java:224)
    at com.intellij.database.console.AbstractEngine.a(AbstractEngine.java:171)
    at com.intellij.database.console.AbstractEngine.a(AbstractEngine.java:148)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

[2018-06-15 15:11:38] [HY000][3188] Function 'keyring_key_generate' failed because underlying keyring service returned an error. Please check if a keyring plugin is installed and that provided arguments are valid for the keyring you are using.

我也尝试过重置mysql服务器: systemctl restart mysqld .
环境是centos服务器。
经过几个小时的努力,我决定举起白旗,向你们寻求帮助。感谢阅读/帮助!
编辑:
我试着在windows下执行同样的命令。keyring\u udf.dll文件仍然存在相同的问题。我想知道这是不是插件中的一个bug?或者是有一个关键的mysql设置我可能会错过。

enyaitl3

enyaitl31#

我也有同样的错误,而且在我的错误日志中还有如下内容:

[ERROR] Plugin keyring_file reported: 'File '/usr/local/mysql/mysql-keyring/keyring' not found (Errcode: 13 - Permission denied)'

在我的例子中(我运行的是ubuntu),是apparmor限制了mysql的目录访问(不管目录或文件权限),因此mysql无法读取keyring目录或文件。
也许centos也在使用apparmor或者类似的东西。
mysql和ubuntu的apparmor配置文件已经允许访问 /var/lib/mysql-keyring/ . 所以你应该可以直接使用这个目录。我的工作配置:

[mysqld]
early-plugin-load=keyring_file.so
keyring_file_data=/var/lib/mysql-keyring/keyring

否则,您可以在中的apparmor中更改或添加目录 /etc/apparmor.d/usr.sbin.mysqld .
希望这有帮助。

相关问题