weird libpq GSSAPI comment
| От | Alvaro Herrera | 
|---|---|
| Тема | weird libpq GSSAPI comment | 
| Дата | |
| Msg-id | 20191224151520.GA16435@alvherre.pgsql обсуждение исходный текст | 
| Ответы | Re: weird libpq GSSAPI comment | 
| Список | pgsql-hackers | 
I found this comment in fe-connect.c:
                /*
                 * If GSSAPI is enabled and we have a credential cache, try to
                 * set it up before sending startup messages.  If it's already
                 * operating, don't try SSL and instead just build the startup
                 * packet.
                 */
I'm not sure I understand this correctly.  Why does it say "just build
the startup" packet about the SSL thing, when in reality the SSL block
below is unrelated to the GSS logic?  If I consider that SSL is just a
typo for GSS, then the comment doesn't seem to describe the logic
either, because what it does is go to CONNECTION_GSS_STARTUP state which
*doesn't* "build the startup packet" in the sense of pqBuildStartupPacket2/3,
but instead it just does pqPacketSend (which is what the SSL block below
calls "request SSL instead of sending the startup packet").
Also, it says "... and we have a credential cache, try to set it up..." but I
think it should say "if we *don't* have a credential cache".
Now that I've read this code half a dozen times, I think I'm starting to
vaguely understand how it works, but I would have expected the comment
to explain it so that I didn't have to do that.
Can we discuss a better wording for this comment?  I wrote this, but I
don't think it captures all the nuances in this code:
                /*
                 * If GSSAPI is enabled, we need a credential cache; we may
                 * already have it, or set it up if not.  Then, if we don't
                 * have a GSS context, request it and switch to
                 * CONNECTION_GSS_STARTUP to wait for the response.
                 *
                 * Fail altogether if GSS is required but cannot be had.
                 */
Thanks!
-- 
Álvaro Herrera                                http://www.twitter.com/alvherre
		
	В списке pgsql-hackers по дате отправления: