On Fri, Apr 01, 2016 at 10:12:12PM -0400, Stephen Frost wrote:
> * Noah Misch (noah@leadboat.com) wrote:
> > Refer to a TOKEN_USER payload as a "token user," not as a "user token".
> >
> > This corrects messages for can't-happen errors. The corresponding "user
> > token" appears in the HANDLE argument of GetTokenInformation().
>
> I'm not at all convinced that this is an improvement. I understand that
> it's a "can't happen" case, but we're calling out to a OS function and
> as much as things "can't happen" they do, in fact, occationally happen,
They do, yes. I mentioned that for the purpose of hinting that this commit
does not warrant release notes coverage.
> and there's no such thing as a "token user" concept. There's an enum,
> one value of which is "TokenUser" and that's what we're asking the OS to
> provide us info about, but I'd argue that if we're going to refer to the
> textual enum representation then we should spell it just exactly as the
> enum has it.
>
> If we don't want to use "TokenUser" then I'd suggest that "user token"
> is a more accurate term to use, as we had before this change. There is
> no such thing as a "token user", as far as I'm aware, in GSSAPI, SSPI,
> or general access token lingo.
"User token" has definitely been wrong. We already possess the user token at
the moments of these error messages, because we pass the user token as the
first GetTokenInformation() argument. We're retrieving information about the
"user" that pertains to a particular "token", hence "token user." A verbose
description is "could not get user associated with access token."
I see some advantages of writing "TokenUser", as you propose. However, our
error style guide says "Avoid mentioning called function names, either;
instead say what the code was trying to do." Mentioning an enumerator name is
morally similar to mentioning a function name.