Re: [PATCH v20] GSSAPI encryption support

Greetings,

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> >> Well, if the caller thinks what is being passed back is an int,
> >> it will do a 32-to-64-bit widening, which is almost certainly
> >> going to result in a corrupted pointer.
>
> > Oh, good point. Interesting that it still works then.
>
> There must be something about the x86_64 ABI that allows this to
> accidentally work -- maybe integers are presumed to be sign-extended
> to 64 bits by callee not caller? I added some logging and verified
> that pgstat.c is seeing the correct string value, so it's working
> somehow.

Huh, I'm not sure. That's certainly interesting though.

> > I've got a fix for the missing prototypes, I hadn't noticed the issue
> > previously due to always building with SSL enabled as well.
>
> Yeah, I'd just come to the conclusion that it's because I didn't
> include --with-openssl, and libpq-be.h's #ifdef nest doesn't expect
> that.

Right, that should be fixed now with the commit I just pushed.

> BTW, the kerberos test suite takes nearly 4 minutes for me, is
> it supposed to be so slow?

Unfortunately, the kerberos test suite requires building a KDC to get
tickets from and that takes a bit of time. On my laptop it takes about
8s:

make -s check 4.67s user 0.85s system 70% cpu 7.819 total

So I'm a bit surprised that it's taking 4 minutes for you. I wonder if
there might be an issue related to the KDC wanting to get some amount of
random data and the system you're on isn't producing random bytes very
fast..?

Thanks!

Stephen