From ad295c7885c17b38dc506be98832574489937e1c Mon Sep 17 00:00:00 2001 From: var4yn <2016slavyakinnikita@gmail.com> Date: Sat, 28 Mar 2026 20:49:14 +0800 Subject: [PATCH 1/4] Fix SCRAM password SASLprep --- sqlx-postgres/src/connection/sasl.rs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/sqlx-postgres/src/connection/sasl.rs b/sqlx-postgres/src/connection/sasl.rs index 94fdfc689f..9422d4f9f5 100644 --- a/sqlx-postgres/src/connection/sasl.rs +++ b/sqlx-postgres/src/connection/sasl.rs @@ -86,13 +86,17 @@ pub(crate) async fn authenticate( } }; + // Normalize(password): + let password = options.password.as_deref().unwrap_or_default(); + let password = match saslprep(password) { + Ok(v) => v, + // The behavior is similar to what was observed when using SASLprep for username. + // TODO: Remove panic when we have proper support for configuration errors + Err(_) => panic!("Failed to saslprep password"), + }; + // SaltedPassword := Hi(Normalize(password), salt, i) - let salted_password = hi( - options.password.as_deref().unwrap_or_default(), - &cont.salt, - cont.iterations, - ) - .await?; + let salted_password = hi(&password, &cont.salt, cont.iterations).await?; // ClientKey := HMAC(SaltedPassword, "Client Key") let mut mac = Hmac::::new_from_slice(&salted_password).map_err(Error::protocol)?; From f5ee8328596a18e17dbc3b6018d8f16e50df7c28 Mon Sep 17 00:00:00 2001 From: var4yn <2016slavyakinnikita@gmail.com> Date: Tue, 7 Apr 2026 10:41:11 +0800 Subject: [PATCH 2/4] remove panic!() --- sqlx-postgres/src/connection/sasl.rs | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/sqlx-postgres/src/connection/sasl.rs b/sqlx-postgres/src/connection/sasl.rs index 9422d4f9f5..d782097201 100644 --- a/sqlx-postgres/src/connection/sasl.rs +++ b/sqlx-postgres/src/connection/sasl.rs @@ -56,8 +56,9 @@ pub(crate) async fn authenticate( let username = format!("{}={}", USERNAME_ATTR, options.username); let username = match saslprep(&username) { Ok(v) => v, - // TODO(danielakhterov): Remove panic when we have proper support for configuration errors - Err(_) => panic!("Failed to saslprep username"), + Err(error) => { + return Err(Error::Configuration(Box::new(error))) + } }; // nonce = "r=" c-nonce [s-nonce] ;; Second part provided by server. @@ -90,9 +91,9 @@ pub(crate) async fn authenticate( let password = options.password.as_deref().unwrap_or_default(); let password = match saslprep(password) { Ok(v) => v, - // The behavior is similar to what was observed when using SASLprep for username. - // TODO: Remove panic when we have proper support for configuration errors - Err(_) => panic!("Failed to saslprep password"), + Err(error) => { + return Err(Error::Configuration(Box::new(error))) + } }; // SaltedPassword := Hi(Normalize(password), salt, i) From 9003a221ef577eeb255e6d2edf28e8c3e0b21049 Mon Sep 17 00:00:00 2001 From: var4yn <2016slavyakinnikita@gmail.com> Date: Tue, 7 Apr 2026 10:42:52 +0800 Subject: [PATCH 3/4] fmt --- sqlx-postgres/src/connection/sasl.rs | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/sqlx-postgres/src/connection/sasl.rs b/sqlx-postgres/src/connection/sasl.rs index d782097201..9ba9a19e72 100644 --- a/sqlx-postgres/src/connection/sasl.rs +++ b/sqlx-postgres/src/connection/sasl.rs @@ -56,9 +56,7 @@ pub(crate) async fn authenticate( let username = format!("{}={}", USERNAME_ATTR, options.username); let username = match saslprep(&username) { Ok(v) => v, - Err(error) => { - return Err(Error::Configuration(Box::new(error))) - } + Err(error) => return Err(Error::Configuration(Box::new(error))), }; // nonce = "r=" c-nonce [s-nonce] ;; Second part provided by server. @@ -91,9 +89,7 @@ pub(crate) async fn authenticate( let password = options.password.as_deref().unwrap_or_default(); let password = match saslprep(password) { Ok(v) => v, - Err(error) => { - return Err(Error::Configuration(Box::new(error))) - } + Err(error) => return Err(Error::Configuration(Box::new(error))), }; // SaltedPassword := Hi(Normalize(password), salt, i) From f8870d3595ef2e20e0a4648291c5ead066d49a09 Mon Sep 17 00:00:00 2001 From: var4yn <2016slavyakinnikita@gmail.com> Date: Tue, 7 Apr 2026 10:49:28 +0800 Subject: [PATCH 4/4] add error description --- sqlx-postgres/src/connection/sasl.rs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/sqlx-postgres/src/connection/sasl.rs b/sqlx-postgres/src/connection/sasl.rs index 9ba9a19e72..7245e8ee49 100644 --- a/sqlx-postgres/src/connection/sasl.rs +++ b/sqlx-postgres/src/connection/sasl.rs @@ -56,7 +56,11 @@ pub(crate) async fn authenticate( let username = format!("{}={}", USERNAME_ATTR, options.username); let username = match saslprep(&username) { Ok(v) => v, - Err(error) => return Err(Error::Configuration(Box::new(error))), + Err(error) => { + return Err(Error::Configuration( + format!("Failed to saslprep username: {:?}", error).into(), + )) + } }; // nonce = "r=" c-nonce [s-nonce] ;; Second part provided by server. @@ -89,7 +93,11 @@ pub(crate) async fn authenticate( let password = options.password.as_deref().unwrap_or_default(); let password = match saslprep(password) { Ok(v) => v, - Err(error) => return Err(Error::Configuration(Box::new(error))), + Err(error) => { + return Err(Error::Configuration( + format!("Failed to saslprep password: {:?}", error).into(), + )) + } }; // SaltedPassword := Hi(Normalize(password), salt, i)