Add .NET 10 support#15
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| signature.CopyTo(authenticationResponse.AsSpan(clientScramble.Length)); | ||
|
|
||
| // "password hash" for parsec is the extended salt followed by the public key | ||
| passwordHash = [(byte) 'P', (byte) iterationCount, .. salt, .. publicKey]; |
There was a problem hiding this comment.
Iteration count byte truncation corrupts password hash
High Severity
(byte) iterationCount always evaluates to 0 because iterationCount is 1024 << extendedSalt[1], producing values 1024, 2048, 4096, or 8192 — all multiples of 256. The second byte of passwordHash will always be 0 regardless of the actual iteration exponent. The intent is to store the original exponent byte (extendedSalt[1]), not the computed iterationCount cast to byte.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit dfb6ad7. Configure here.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 501f031. Configure here.
| } | ||
|
|
||
| if (cs.AllowPublicKeyRetrieval) | ||
| if (cs.AllowPublicKeyRetrieval|| m_isLoopbackConnection) |
There was a problem hiding this comment.
so now we request RSA public key for all loopback connections, is this intentional?
There was a problem hiding this comment.
yes, this is intentional, but it is not for every loopback connection unconditionally. RSA public key is only requested in the auth fallback paths where the connection is not secure and the password is non-empty (caching_sha2_password fallback and sha256_password auth-switch fallback). in those cases we need either TLS, a configured ServerRsaPublicKeyFile, explicit AllowPublicKeyRetrieval, or a trusted local/loopback transport
2 participants
Note
Medium Risk
Medium risk: updates connection/authentication handshake logic (including
caching_sha2_password, TLS fingerprint validation inputs, and newparsecauth) and changes failure state semantics (ConnectionState.Broken), which can affect connectivity and recovery behavior across environments.Overview
Bumps the repo to Connector v1.4.0 with .NET 10 targeting, updating CI triggers/tooling (Ubuntu 24.04,
actions/*@v5, updated test frameworks) and refreshing key dependencies (e.g.,log4net,MySql.Data,System.Text.Json).Extends authentication support by introducing
IAuthenticationPlugin3, updating Ed25519 to implement it, and adding a newParsecAuthenticationPlugin; server handshake logic inServerSessionis reworked to better handlecaching_sha2_password, loopback/public-key retrieval, TLS fingerprint validation using stored password hashes, and to mark network failures asConnectionState.Broken.Improves metadata/type handling by threading
GuidFormatinto stored-procedure parameter caching and emitting GUID-typed casts for OUT params, plus adds tracing configurability (gating theread-result-set-headerevent) and a pool optimization to drop oversized payload caches on return. Docs and solution packaging are updated accordingly (new.slnx, regenerated API docs, version history).Reviewed by Cursor Bugbot for commit 9842511. Bugbot is set up for automated code reviews on this repo. Configure here.