Sync ADO with GH#33
Merged
Merged
Conversation
… support Skip authenticated cargo configuration on PR builds so that PRs from external GitHub forks can build successfully without access to the Azure Artifacts feeds. ---- #### AI description (iteration 1) #### PR Classification Pipeline configuration change to enable external fork support by conditionally skipping authentication steps during pull request builds. #### PR Summary This pull request modifies the CI/CD pipeline to skip Cargo authentication steps when building pull requests from external forks, preventing authentication failures from contributors without access to internal package registries. - `.pipeline/templates/cargo-authenticate-template.yml`: Added conditions to skip CargoAuthenticate task and cargo configuration scripts when `Build.Reason` is `PullRequest` <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> Related work items: #44630
…ipeline secret Replaces the dependency on a pipeline-defined `SQL_PASSWORD` secret variable with a per-job generated password. ---- #### AI description (iteration 1) #### PR Classification Security improvement: removes dependency on pipeline-level secrets by generating a strong, random SQL Server password at job runtime for each pipeline job. #### PR Summary This PR introduces a new template that generates SQL_PASSWORD as a job-scoped runtime variable, eliminating the need for a pipeline-level secret. The password generation is idempotent within a job and automatically masked in logs. - `generate-sql-password-template.yml`: New template added with OS-specific implementations (Windows PowerShell and Linux/macOS bash) to generate cryptographically secure 26-character passwords meeting SQL Server policy requirements - All test and build templates (`build-template.yml`, `build-template-container.yml`, `sql-setup-template.yml`, `test-mssql-python-template.yml`, `test-longhaul-template.yml`, etc.): Integrated the password generation template at the start of each job - Password generation uses a marker variable `SQL_PASSWORD_GENERATED` to ensure idempotency when the template is included multiple times within the same job <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> Related work items: #44631
Sync of development to main branch. Before merging this PR, ensure that the CI has had a good run on the development branch.
…tegrated auth for named instances SSPI integrated authentication fix for SQL Server named instances reached via SSRP. ## What is being fixed Connecting to a local named instance (`localhost\INSTANCE` or `MACHINENAME\INSTANCE`) with Windows integrated auth failed during the SSPI handshake. Two interacting root causes: ### 1. Loopback was lost after SSRP resolution `ParsedDataSource` rewrote `localhost` to the actual computer name in the local-server path, originally so Named Pipes / Shared Memory could find the instance. After SSRP resolves the named instance to a TCP port, the connection is plain TCP and the rewrite is unhelpful: `is_loopback_address` then returned false, so: - The SPN was DNS-canonicalized to `MSSQLSvc/<fqdn>:<port>`. - Negotiate selected Kerberos against an unregistered SPN and failed. - The empty-SPN NTLM fallback was skipped because the connection no longer looked local. The parser now keeps `server_name = "localhost"` whenever an instance name is present (in addition to the existing `tcp` / `admin` protocol cases). This restores loopback detection for the SSRP-to-TCP path while leaving Named Pipes / Shared Memory behavior unchanged. ### 2. Loopback retry in `WindowsSspiContext::generate_token` was too narrow and broke Negotiate state The retry that re-issues `InitializeSecurityContext` with an empty SPN (so Negotiate can downgrade to NTLM) only fired on `SEC_E_TARGET_UNKNOWN`. Other failure codes such as `SEC_E_NO_CREDENTIALS` were not retried, even though ODBC's `sni_sspi.cpp` retries on any failure (`goto Retry`). Worse, the previous code called `DeleteSecurityContext` and dropped the handle before retrying. That destroyed the in-progress Negotiate session so the empty-SPN attempt started from scratch, which SSPI cannot use to renegotiate Kerberos to NTLM in one handshake. The retry now: - Triggers on any SSPI error when the connection is loopback and the empty-SPN attempt has not already been made. - Preserves the existing `CtxtHandle` across the retry so Negotiate can fall back to NTLM within the same session, matching the ODBC driver's behavior. ## Files changed - `mssql-tds/src/connection/datasource_parser.rs` — preserve `localhost` for instance datasources. - `mssql-tds/src/security/windows/sspi_context.rs` — broaden loopback retry trigger and keep the context handle. - `mssql-tds/tests/test_ssrp_local.rs` — new integration tests for SSRP + integrated auth via `localhost\INSTANCE` and `MACHINENAME\INSTANCE`. - `mssql-tds/tests/test_windows_sspi.rs` — additional SSPI tests for direct TCP SSPI auth and named-instance SSPI auth, gated on `SSPI_TEST=1`. - `docs/sspi-auth-named-instances.md` — design notes including before/after sequence diagrams and authentication flow. ---- #### AI description (iteration 8) #### PR Classification Bug fix to enable SSPI (Windows Integrated) authentication for named SQL Server instances resolved through SSRP (SQL Browser), addressing authentication failures caused by incorrect hostname resolution and incom...
… sync pipeline Adding manylinux_2_28 x64 and arm64 images to ACR sync pipeline ---- #### AI description (iteration 1) #### PR Classification Infrastructure enhancement to add support for manylinux_2_28 container images (both x64 and arm64 architectures) to the Azure Container Registry (ACR) sync pipeline. #### PR Summary This PR extends the container image synchronization pipeline to include manylinux_2_28 images for both x86_64 and aarch64 architectures, alongside the existing manylinux_2_34 images. - `.pipeline/sync-container-images.yml`: Added two new AzureCLI tasks to import `manylinux_2_28_x86_64` and `manylinux_2_28_aarch64` images from quay.io/pypa - `.pipeline/sync-container-images.yml`: Updated image listing and validation loops to include the new manylinux_2_28 variants - `.pipeline/sync-container-images.yml`: Clarified existing task display names by specifying version `manylinux_2_34` for x64 and arm64 import tasks - `.pipeline/sync-container-images.yml`: Fixed image path prefix in documentation output by adding missing `import/` prefix to all PyPA base image references <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> Related work items: #44770
…y and open connection retry ## Connection Resiliency for mssql-tds Adds idle connection resiliency (session recovery) and connection-open retry to the mssql-tds crate, matching the capabilities in ODBC, JDBC, and SqlClient drivers. ### Connection Open Retry - Wrap the connection sequence in a retry loop controlled by `ConnectRetryCount` and `ConnectRetryInterval` datasource properties - Retry on transient failures (I/O errors, timeouts, connection closed, specific SQL error codes) - Respect the overall `connect_timeout` deadline; abort early if insufficient time remains for the next interval wait - Default: 1 retry, 10-second interval (matching ODBC/JDBC/SqlClient defaults) ### Idle Connection Recovery - Detect dead TCP connections before command execution and automatically reconnect via `TdsClient::reconnect()` - Perform a full reconnection loop: snapshot session state, close the dead transport, attempt reconnection with `connect_retry_count` retries - Send LOGIN7 with recovery data (initial + delta session state) on reconnection - Validate that TDS version, server version, encryption level, and MARS setting match the original session; mismatches are fatal - Block recovery when unrecoverable state exists (e.g., open transactions) ### Session State Tracking - Add `SessionStateTable` maintaining initial and delta state arrays (256 entries each) - Track database, collation, language, and SET options via the SESSIONSTATE token (0xE4) - Track `unrecoverable_state_count` to block reconnection when the server marks state as non-recoverable - Serialize combined state for the reconnection LOGIN7 ### Feature Negotiation - Implement TDS Feature Extension ID 0x01 (`SessionRecoveryFeature`) - On initial login: send feature ID with zero-length data - On reconnection: send feature ID with serialized recovery state (initial + delta blocks) - Handle `FEATUREEXTACK` acknowledgment from the server - Enable the feature when `connect_retry_count > 0` ### Transport Layer - Add transport replacement support for swapping in a new transport on reconnection - Add `close_transport()` method for tearing down dead connections - Support SSL layer teardown and replacement during reconnection ### Error Handling - Add `is_transient_connect_error()` with 15 curated transient SQL error codes (matching SqlClient and JDBC) - Classify transport-level errors (I/O, connection closed, timeout) as always transient - Classify permanent errors (auth failures, TLS config, protocol violations) as never retried - Add `Error::SessionNotRecoverable` variant for non-recoverable session states ### Testing - Add 8 integration tests covering feature negotiation, session state tracking, transparent reconnection after SPID kill, multi-recovery, transaction blocking, and open-retry behavior - Add unit tests for transient error classification and the connection-open retry loop - Add unit tests for multi-subnet failover validation Related work items: #43308
Test_MacOS was duplicating work already performed by Build_MacOS, contributing to the 1 hour timeout on the shared macOS pool. Changes: - Add `enableRustBuild` parameter to `build-template.yml` (default true) to gate the standalone Rust Debug and Release build steps and their artifact copy steps. - Add `enableClippy` parameter to `build-template.yml` (default true) to gate the Clippy lint step (about 13 minutes on macOS). - Set both parameters to false on `Test_MacOS` so it skips the redundant builds and Clippy and goes directly to running tests, which already build everything via cargo nextest. - Build_MacOS continues to run Debug, Release, and Clippy as before. ---- #### AI description (iteration 2) #### PR Classification CI/CD optimization to reduce Test_MacOS pipeline duration by eliminating redundant build and lint steps that are already performed by the Build_MacOS job. #### PR Summary This change adds conditional parameters to the build template to skip unnecessary Rust build and Clippy lint steps in the Test_MacOS job, reducing CI execution time and preventing timeout issues. The test job will build only what's needed via cargo nextest during test execution. - `.pipeline/templates/build-template.yml`: Added `enableRustBuild` and `enableClippy` parameters (default true) to conditionally control Rust build steps, Clippy lint steps, and artifact copying tasks - `.pipeline/validation-pipeline.yml`: Disabled `enableRustBuild` and `enableClippy` for the Test_MacOS job to skip redundant build and lint operations <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> Related work items: #44814
…ulk copy Repros microsoft/mssql-python#547: cursor.bulkcopy() failed with SQL error 4804 (premature end of message) when any row contained an empty string destined for an NVARCHAR(MAX) or VARCHAR(MAX) column. Root cause: - In MS-TDS PLP encoding, a 4-byte zero-length chunk header is the PLP terminator. - The serializer was writing chunk_len=0 followed by an explicit PLP_TERMINATOR for empty values. - The server consumed the first 4 zeros as the terminator and interpreted the trailing 4 zeros as the start of the next column, desyncing the row buffer. Changes: - Skip the chunk-header write when data is empty across all PLP serialization paths in mssql-tds/src/datatypes/tds_value_serializer.rs: NVARCHAR/VARCHAR(MAX) string path, the direct CHAR/VARCHAR helper, the UTF-16 string helper, VARBINARY(MAX), JSON, and XML. - Empty PLP wire format is now PLP_UNKNOWN_LEN followed only by PLP_TERMINATOR. - Add Rust unit tests pinning the wire format for empty NVARCHAR(MAX), VARCHAR(MAX), and VARBINARY(MAX) PLP values. - Add Python integration regression test test_cursor_bulkcopy_nvarchar_max_empty_strings covering NVARCHAR(MAX) and VARCHAR(MAX) empty strings together with a BIT NOT NULL column, mirroring both repros from the issue. Validation: - All nvarchar bulkcopy Python tests pass and the original repro now succeeds. - New Rust unit tests pass. - cargo bfmt and cargo bclippy clean across workspace and mssql-py-core. ---- #### AI description (iteration 2) #### PR Classification Bug fix for PLP (Partially-Length-Prefixed) stream desynchronization when serializing empty values for NVARCHAR(MAX), VARCHAR(MAX), and VARBINARY(MAX) types in bulk copy and RPC operations. #### PR Summary Fixes a critical serialization bug where empty MAX-type values wrote both a zero-length chunk header (which IS the PLP terminator per MS-TDS specification) and an explicit terminator, causing stream desynchronization and SQL error 4804 ("premature end of message"). The fix ensures empty PLP values only write the PLP_UNKNOWN_LEN header followed directly by the PLP_TERMINATOR, skipping the chunk entirely. - `tds_value_serializer.rs`: Modified PLP serialization logic for all MAX types to skip writing chunk headers when data length is zero, preventing double-terminator bug - `test_bulk_copy_empty_plp.rs`: Added comprehensive regression test covering NVARCHAR(MAX), VARCHAR(MAX), and VARBINARY(MAX) with empty values in bulk copy operations - `test_rpc_datatypes.rs`: Added regression tests for RPC/sp_executesql path covering empty MAX-type parameters and multi-parameter stream alignment - `test_bulkcopy_nvarchar.py`: Added Python integration test verifying empty string bulk copy into NVARCHAR(MAX) and VARCHAR(MAX) columns <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> Related work items: #44655
…ters, and E2E tests and cleanup earlier tests ### What Changed? * **Removed Redundant Warnings**: Deleted the hardcoded warnings in the `mssql-py-core` Rust bridge (`connection.rs`) that previously emitted logs saying `ConnectRetryCount` and `ConnectRetryInterval` were "unimplemented". * **Cleaned Up Obsolete Tests**: Removed old Python test blocks (`TestConnectRetryParameters`) that were explicitly looking for these warning logs. * **Added E2E Tests**: Added new integration tests (`test_connect_retry_forwarded` and `test_connect_retry_does_not_break_connection` in `test_connstr_params_e2e.py`) using both a Spy wrapper and live connection execution. ### Why? * The driver actually passes these parameters through successfully now so removed the "unimplemented" warnings. * The new test validations ensure that `ConnectRetryCount` and `ConnectRetryInterval` propagate properly down to the connection string dictionary without getting dropped, and that initiating a live connection with them works perfectly without driver errors. Related work items: #44612
…nded lints Add workspace-level Clippy lint configuration following recommendations from https://emschwartz.me/your-clippy-config-should-be-stricter/ ## Changes - Add [workspace.lints.clippy] section to workspace Cargo.toml with all 38 recommended lints, organized by category and commented out for incremental enablement - Add [workspace.lints.rust] to workspace Cargo.toml, moving unexpected_cfgs from mssql-tds crate to workspace level - Add lints.workspace = true to all workspace members: mssql-tds, mssql-js, mssql-tds-cli, mssql-mock-tds ## Lint Categories (all commented out, to be enabled one at a time) - Don't Panic: string_slice, indexing_slicing, unwrap_used, panic, todo, unimplemented, unreachable, get_unwrap, unwrap_in_result, unchecked_time_subtraction, panic_in_result_fn - Don't Fail Silently: let_underscore_future, let_underscore_must_use, unused_result_ok, map_err_ignore, assertions_on_result_states - Don't Do Bad Async: await_holding_lock, await_holding_refcell_ref, large_futures - Unsafe Memory: mem_forget, undocumented_unsafe_blocks, multiple_unsafe_ops_per_block, unnecessary_safety_doc, unnecessary_safety_comment - Numeric Footguns: float_cmp, float_cmp_const, lossy_float_literal, cast_sign_loss, invalid_upcast_comparisons - Easy Wins: rc_mutex, debug_assert_with_mut_call, iter_not_returning_iterator, expl_impl_clone_on_copy, infallible_try_from, dbg_macro - Lint suppression enforcement: allow_attributes, allow_attributes_without_reason ---- #### AI description (iteration 1) #### PR Classification Infrastructure enhancement to establish workspace-level Clippy lint configuration for enforcing stricter code quality standards across all workspace members. #### PR Summary This PR sets up the foundation for workspace-wide Clippy linting by adding a comprehensive set of recommended lints (currently commented out) in the workspace `Cargo.toml` and enabling lint inheritance across all workspace packages. - `Cargo.toml`: Added `[workspace.lints.clippy]` section with 40+ commented-out recommended lints organized into categories (panic prevention, async safety, unsafe memory handling, numeric correctness, and lint suppression enforcement) - `Cargo.toml`: Added `[workspace.lints.rust]` with `unexpected_cfgs` warning for fuzzing and feature flags - `mssql-tds/Cargo.toml`, `mssql-mock-tds/Cargo.toml`, `mssql-tds-cli/Cargo.toml`, `mssql-js/Cargo.toml`: Replaced package-specific lint configuration with `[lints] workspace = true` to inherit workspace lints <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> Related work items: #44826
…-python CI steps - Drop the deadsnakes PPA bootstrap from both Docker steps in test-mssql-python-template.yml - Use the build image's preinstalled python3 (3.10) directly, matching the existing mssql-py-core test pattern in build-template-container.yml - mssql-python's setup.py declares python_requires='>=3.10' so no functional regression - Removes runtime dependency on api.launchpad.net and ppa.launchpadcontent.net, both of which were observed timing out on 2026-05-01 and broke every build with TimeoutError from add-apt-repository Verified locally in a clean ubuntu:22.04 container that python3 + venv + maturin/pytest/pybind11 install succeeds without Launchpad access. Related work item: 44853 Related work items: #44853
Enable the Don't Do Bad Async Stuff category of clippy lints to prevent deadlocks and concurrency bugs. ## Changes - Enable await_holding_lock lint to catch MutexGuard held across .await points - Enable await_holding_refcell_ref lint to catch RefCell borrows held across .await points - Enable large_futures lint to catch futures too large for the stack All three lints pass clean with zero warnings across the workspace. The if_let_mutex lint was intentionally omitted since the scoping bug it catches was fixed in the 2024 edition, which all workspace crates use. ---- #### AI description (iteration 1) #### PR Classification Code quality improvement to enable stricter Clippy lints for async code patterns in the workspace configuration. #### PR Summary This PR enables three async-related Clippy lints in the workspace configuration to prevent deadlocks and concurrency bugs as part of a broader effort to gradually enable stricter linting rules. - `Cargo.toml`: Enabled `await_holding_lock`, `await_holding_refcell_ref`, and `large_futures` Clippy lints under the "Don't Do Bad Async Stuff" category <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> Related work items: #44826
Replace all .unwrap() calls in the connection transport layer with proper error handling in preparation for enabling the unwrap_used clippy lint. ## Changes - extractable_stream.rs: Replace unwrap() with error propagation using ? and .ok_or_else() for stream extraction operations - network_transport.rs: Replace unwrap() with proper error handling for connection setup and stream operations - ssl_handler.rs: Replace unwrap() with error propagation for TLS handshake and certificate handling ---- #### AI description (iteration 1) #### PR Classification Code quality improvement to eliminate `unwrap()` calls in the connection transport layer, enabling stricter Clippy lints to prevent panic scenarios. #### PR Summary This PR systematically replaces all `unwrap()` calls in the TDS connection transport layer with proper error handling to prevent panics from mutex poisoning and missing internal state. Changes align with the linked work item to enable the `unwrap_used` Clippy lint. - `extractable_stream.rs`: Replaced `unwrap()` on mutex locks with explicit error handling, returning IO errors for poisoned mutexes and using `ok()` with `unwrap_or` patterns - `ssl_handler.rs`: Added error handling for TLS connector cache lock poisoning, returning `TdsResult` errors instead of panicking on RwLock operations - `ssl_handler.rs`: Replaced `unwrap()` on internal state (`write_state`, `packet_write_buffer`, `packet_header_receive_bytes`) with pattern matching that returns descriptive IO errors - `network_transport.rs`: Eliminated `unwrap()` calls by restructuring control flow with pattern matching and providing default fallback values <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> Related work items: #44826
Replace .unwrap() calls in the mock TDS server and CLI tool with proper error handling in preparation for enabling the unwrap_used clippy lint. ## Changes - mssql-mock-tds/main.rs: Replace unwrap() with proper error handling for server startup - mssql-mock-tds/protocol.rs: Replace unwrap() with error propagation for protocol parsing - mssql-mock-tds/query_response.rs: Replace unwrap() with safe alternative - mssql-mock-tds/server.rs: Replace unwrap() with error handling for server operations - mssql-tds-cli/main.rs: Replace unwrap() with proper error propagation Related work items: #44826
…odules Replace .unwrap() calls in the message, handler, and security modules with proper error handling in preparation for enabling the unwrap_used clippy lint. ## Changes - handler_factory.rs: Replace unwrap() with proper error propagation - bulk_load.rs: Replace unwrap() with error handling for bulk load operations - fedauth.rs: Replace unwrap() with safe alternative - login.rs: Replace unwrap() with error propagation for login message construction - security/mock.rs: Replace unwrap() with .expect() since this is test-only infrastructure ---- #### AI description (iteration 1) #### PR Classification Code cleanup to replace panic-prone `unwrap()` calls with explicit error handling in security, message, and handler modules to support stricter Clippy lints. #### PR Summary This pull request eliminates `unwrap()` calls across security, message, and handler modules by replacing them with `expect()` calls containing descriptive error messages or proper error handling logic. - `security/mock.rs`: Replaced all `unwrap()` calls with `expect()` containing context-specific error messages in tests and documentation examples - `message/login.rs`: Added proper error handling for routing information to return `ProtocolError` instead of panicking when redirection target is missing - `message/bulk_load.rs`: Replaced `unwrap()` with `ok_or_else()` to return `ImplementationError` when first row column count is unexpectedly missing - `handler/handler_factory.rs`: Refactored to use `unwrap_or(false)` for database instance validation and `if let Some()` pattern for TDS error handling - `message/features/fedauth.rs`: Changed `unwrap()` to `unwrap_or(i32::MAX)` for length conversion fallback <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> Related work items: #44826
Sync of development to main branch. Before merging this PR, ensure that the CI has had a good run on the development branch.
There was a problem hiding this comment.
Pull request overview
This PR extends the mssql-tds Rust TDS implementation with session recovery (idle connection resiliency) support, SESSIONSTATE token parsing, and connection retry logic, while also adding targeted regression coverage for PLP empty-value serialization and improving Windows SSPI + SSRP named-instance behavior. It also updates CI/pipeline templates and workspace lint configuration to support the new changes consistently across crates and bindings.
Changes:
- Add Session Recovery feature negotiation/serialization, SESSIONSTATE token type + parser, and client-side reconnection orchestration.
- Fix PLP serialization for empty MAX values (NVARCHAR/VARCHAR/VARBINARY/XML/etc.) and add Rust + Python regression tests (microsoft/mssql-python#547).
- Improve SSPI loopback retry behavior + SSRP/localhost handling for named instances, plus CI template and workspace-lints updates.
Reviewed changes
Copilot reviewed 66 out of 66 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| mssql-tds/tests/test_windows_sspi.rs | Adds SSPI localhost + named-instance smoke tests (gated by env var). |
| mssql-tds/tests/test_ssrp_local.rs | New Windows-only SSRP+SSPI localhost named-instance integration tests. |
| mssql-tds/tests/test_rpc_datatypes.rs | Adds RPC regression tests for empty MAX params (mssql-python#547). |
| mssql-tds/tests/test_bulk_copy_empty_plp.rs | New bulk-copy regression test ensuring empty PLP values don’t desync subsequent columns. |
| mssql-tds/tests/connectivity.rs | Adds session recovery integration tests (feature negotiation, reconnect-after-KILL, retry behavior). |
| mssql-tds/src/token/tokens.rs | Introduces SessionState token type + token structs/enum variants. |
| mssql-tds/src/token/parsers/session_state_parser.rs | New parser implementation + unit tests for SESSIONSTATE (0xE4). |
| mssql-tds/src/token/parsers/mod.rs | Registers the new session_state parser module/export. |
| mssql-tds/src/security/windows/sspi_context.rs | Adjusts loopback retry behavior (empty SPN retry) and preserves context handle; improves error mapping. |
| mssql-tds/src/security/mock.rs | Improves test/docs unwrap messaging for mock security context. |
| mssql-tds/src/message/prelogin.rs | Simplifies prelogin response fields (Option → bool) and updates tests accordingly. |
| mssql-tds/src/message/login.rs | Adds Session Recovery feature wiring into feature negotiation and captures SESSIONSTATE tokens during login parsing. |
| mssql-tds/src/message/features/session_recovery.rs | New Session Recovery feature extension serializer/deserializer + unit tests. |
| mssql-tds/src/message/features/fedauth.rs | Makes payload length computation fallible and threads errors through serialize path. |
| mssql-tds/src/message/features.rs | Exposes new session_recovery feature module. |
| mssql-tds/src/message/bulk_load.rs | Replaces unwrap with explicit error when first-row column count is unexpectedly missing. |
| mssql-tds/src/message.rs | Changes features module visibility to pub(crate). |
| mssql-tds/src/io/token_stream.rs | Adds dispatch/registry entry for SESSIONSTATE parser/token handling. |
| mssql-tds/src/handler/handler_factory.rs | Tracks LoginAck fields for recovery validation and exposes feature ack checks; test helper cfg widened. |
| mssql-tds/src/fuzz_support.rs | Updates mock transport and fuzz client creation to satisfy new transport/client APIs. |
| mssql-tds/src/error/mod.rs | Adds session recovery error variants and transient-connect error classification + tests. |
| mssql-tds/src/datatypes/tds_value_serializer.rs | Fixes PLP empty-chunk encoding across relevant types; adds serializer regression tests. |
| mssql-tds/src/core.rs | Makes Version Copy/Clone for easier propagation. |
| mssql-tds/src/connection/transport/tds_transport.rs | Adds is_connection_dead() to transport trait for non-blocking liveness checks. |
| mssql-tds/src/connection/transport/ssl_handler.rs | Improves poisoned-lock handling; adds is_connection_dead() delegation through TLS wrappers; avoids unwraps in async IO state. |
| mssql-tds/src/connection/transport/network_transport.rs | Implements TCP socket liveness poll; improves error handling; adds tests for is_connection_dead(). |
| mssql-tds/src/connection/transport/extractable_stream.rs | Makes extraction lock handling fallible and adds is_connection_dead() implementation; updates tests. |
| mssql-tds/src/connection/tds_client.rs | Adds recovery context, reconnect orchestration, pre-exec dead-connection check, and public recovery inspection APIs. |
| mssql-tds/src/connection/session_recovery.rs | New recovery/session-state tracking implementation and validation logic (but missing file header). |
| mssql-tds/src/connection/execution_context.rs | Adds test-only setter for transaction descriptor (used by recovery tests). |
| mssql-tds/src/connection/datasource_parser.rs | Preserves localhost for SSRP-bound local connections to improve SSPI loopback detection behavior. |
| mssql-tds/src/connection/client_context.rs | Changes default connect_retry_count from 0 → 1 (behavioral change). |
| mssql-tds/src/connection.rs | Exposes new internal session_recovery module. |
| mssql-tds/src/connection_provider/tds_connection_provider.rs | Implements connect retry loop (with deadline) and plumbs recovery data into connection establishment; adds tests. |
| mssql-tds/Cargo.toml | Switches crate lints config to inherit from workspace ([lints] workspace = true). |
| mssql-tds-cli/src/main.rs | Improves error propagation and session handling (removes unwraps). |
| mssql-tds-cli/Cargo.toml | Enables workspace lints. |
| mssql-py-core/tests/test_client_context.py | Removes tests asserting “retry params warn but ignored” (now implemented). |
| mssql-py-core/tests/test_bulkcopy_nvarchar.py | Adds integration regression test for empty NVARCHAR(MAX)/VARCHAR(MAX) bulkcopy. |
| mssql-py-core/tests/test_bulkcopy_binary.py | Adds integration regression test for empty VARBINARY(MAX) bulkcopy. |
| mssql-py-core/tests/mssql_python/test_connstr_params_e2e.py | Adds e2e coverage that connect retry params are forwarded and don’t break connectivity. |
| mssql-py-core/src/utils.rs | Removes unimplemented-feature warning helper. |
| mssql-py-core/src/connection.rs | Stops emitting “retry params ignored” warnings (feature now supported). |
| mssql-mock-tds/src/server.rs | Makes TLS acceptor creation/usage error-handled rather than unwrap-based. |
| mssql-mock-tds/src/query_response.rs | Replaces unwrap with expect in tests. |
| mssql-mock-tds/src/protocol.rs | Improves test unwrap messaging and clarifies expectations. |
| mssql-mock-tds/src/main.rs | Handles poisoned mutex for shutdown signaling more safely. |
| mssql-mock-tds/Cargo.toml | Enables workspace lints. |
| mssql-js/Cargo.toml | Enables workspace lints. |
| kerberos-test/run-kerberos-tests.sh | Ensures generated workspace includes [workspace.lints] to match member crate expectations. |
| docs/sspi-auth-named-instances.md | New design/behavior doc for SSRP + SSPI named-instance improvements (with diagrams). |
| Cargo.toml | Defines workspace lint configuration (rust + clippy) used by member crates. |
| .pipeline/validation-pipeline.yml | Disables Rust build/clippy for Mac validation stage (config changes). |
| .pipeline/templates/test-mssql-python-template.yml | Switches to image Python (3.10) and adds SQL_PASSWORD generation template usage. |
| .pipeline/templates/test-mssql-python-macos-template.yml | Adds SQL_PASSWORD generation template usage. |
| .pipeline/templates/test-matrix-template.yml | Adds SQL_PASSWORD generation template usage. |
| .pipeline/templates/test-matrix-template-arm64.yml | Adds SQL_PASSWORD generation template usage. |
| .pipeline/templates/test-matrix-template-alpine.yml | Adds SQL_PASSWORD generation template usage. |
| .pipeline/templates/test-matrix-template-alpine_arm64.yml | Adds SQL_PASSWORD generation template usage. |
| .pipeline/templates/test-longhaul-template.yml | Adds SQL_PASSWORD generation template usage. |
| .pipeline/templates/sql-setup-template.yml | Adds SQL_PASSWORD generation template usage. |
| .pipeline/templates/generate-sql-password-template.yml | New template generating job-scoped secret SQL_PASSWORD (idempotent). |
| .pipeline/templates/cargo-authenticate-template.yml | Skips cargo registry auth/config for PR builds. |
| .pipeline/templates/build-template.yml | Adds toggles for Rust build/clippy and uses SQL_PASSWORD generation template. |
| .pipeline/templates/build-template-container.yml | Uses SQL_PASSWORD generation template. |
| .pipeline/sync-container-images.yml | Adds import steps for manylinux_2_28 images and updates messaging. |
Comment on lines
+85
to
+100
| let mut recovery_context = RecoveryContext::new(); | ||
| recovery_context.initialize( | ||
| client_context, | ||
| negotiated_settings.login_ack_tds_version, | ||
| negotiated_settings.login_ack_server_version, | ||
| negotiated_settings | ||
| .session_settings | ||
| .negotiated_encryption_settings, | ||
| negotiated_settings.session_settings.mars_enabled, | ||
| ); | ||
|
|
||
| Self { | ||
| transport, | ||
| negotiated_settings, | ||
| execution_context, | ||
| recovery_context: Box::new(recovery_context), |
Comment on lines
+192
to
+196
| // Cap the per-attempt connect timeout to the remaining reconnect budget | ||
| let remaining_secs = | ||
| deadline.saturating_duration_since(Instant::now()).as_secs() as u32; | ||
| reconnect_ctx.connect_timeout = reconnect_ctx.connect_timeout.min(remaining_secs); | ||
|
|
Comment on lines
393
to
403
| pub(crate) struct LoginResponseModel { | ||
| pub change_properties: EnvChangeProperties, | ||
| pub features: FeaturesRequest, | ||
| pub tds_error: Option<TdsError>, | ||
| pub success_token: Option<LoginAckToken>, | ||
| pub fed_auth_info: Option<FedAuthInfoToken>, | ||
| /// SSPI challenge token from server for integrated authentication | ||
| pub sspi_token: Option<SspiToken>, | ||
| /// Session state tokens received during login, for transfer to RecoveryContext. | ||
| pub session_state_tokens: Vec<SessionStateToken>, | ||
| } |
Comment on lines
+1
to
+5
| use crate::connection::client_context::ClientContext; | ||
| use crate::connection::execution_context::ExecutionContext; | ||
| use crate::core::{NegotiatedEncryptionSetting, TdsResult, Version}; | ||
| use crate::message::login_options::TdsVersion; | ||
| use crate::token::tokens::{SessionStateToken, SqlCollation}; |
Comment on lines
310
to
318
| pub fn with_data_source(data_source: &str) -> ClientContext { | ||
| ClientContext { | ||
| application_intent: ApplicationIntent::ReadWrite, | ||
| application_name: "TDSX Rust Client".to_string(), | ||
| attach_db_file: "".to_string(), | ||
| change_password: "".to_string(), | ||
| connect_retry_count: 0, | ||
| connect_retry_count: 1, | ||
| connect_retry_interval: 10, | ||
| connect_timeout: 15, |
shiwanigupta0809
approved these changes
May 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sync ADO with GitHub
Description
Related Issues
Checklist
cargo bfmtpassescargo bclippypassescargo btestpasses