Re: [PATCH v9] GSSAPI encryption support

Robbie Harwood wrote:
> Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:

> > + iov[0].iov_base = lenbuf;
> > + iov[0].iov_len = 4;
> > + iov[1].iov_base = output.value;
> > + iov[1].iov_len = output.length;
> > +
> > + ret = writev(port->sock, iov, 2);
> >
> > writev and iovec are not present on Windows, so this code would never
> > compile there, and it does not sound that this patch is a reason
> > sufficient enough to drop support of GSSAPI on Windows.
>
> Um. Okay. I guess on Windows I'll make two write calls then, since the
> only other option I see is to hit alloc again here.

Hmm, I wouldn't push my luck by using writev here at all. We don't use
writev/readv anywhere, and it's quite possible that they are not present
on older Unixen which we still support.
http://pubs.opengroup.org/onlinepubs/009695399/functions/writev.html
says writev was introduced in "issue 4 version 2", which AFAICT is the
2004 version, but our baseline is SUSv2 (1997). So it's definitely not
workable.

> > + {
> > + {"gss_encrypt", PGC_USERSET, CONN_AUTH_SECURITY,
> > + gettext_noop("Require encryption for all GSSAPI connections."),
> > + NULL,
> > + GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE
> > + },
> > + &gss_encrypt, false, check_gss_encrypt, assign_gss_encrypt, NULL
> > + },

Why is this marked NOT_IN_SAMPLE?

--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services