Re: Support waffle>1.7.4

* Christian Ullrich wrote:

> I thought about writing a few [SSPI tests], and I may yet get around
 > to that,

Attached is a proposed patch; I cannot send it as a PR because it is
dependent on Pavel Raiskup's as yet unmerged #546. The Waffle-free build
option is clearly coming, and there is little point in having SSPI tests
that then cannot be turned off.

Some explanations:

- Both successful and unsuccessful authentication is tested, the latter
   to ensure that a configuration mistake (such as a "trust" line left
   in pg_hba.conf) has not caused *both* tests to succeed when they
   should have failed.

- Setting up to run these tests is not entirely (or at all) trivial; it
   requires running the database server as an account that is capable of
   SSPI authentication (such as a virtual service account, e.g.
   "NT SERVICE\PostgreSQL") on both domain member and non-member
   systems, or a domain user account.

- Additionally, both pg_hba.conf and, in most cases, pg_ident.conf must
   be configured. In particular, the user account that runs the tests
   must be permitted to authenticate as the database role configured in
   build.properties.

- The tests are not run when Waffle is disabled. I would have preferred
   to have a separate option to turn them off even when building with
   Waffle because the setup is so difficult. I could not think of a way
   to make Maven do this, mostly because profiles cannot be chained, and
   profile activation cannot use two variables, for example
   (!enableWaffle || disableSSPITests).

- There is an intermittent problem where testUnauthorized() fails
   because it gets the wrong exception: It expects SQLSTATE 28000 from
   the server, but sometimes it gets 08001 generated internally in the
   driver. No idea what causes that. I did not want to blindly accept any
   error as proof of failed authentication.

--
Christian