Reorganize AUTH_* symbols

Separate numerically into protocol codes and internal codes.  This
makes room for protocol codes currently not supported.

diff --git a/include/bouncer.h b/include/bouncer.h
index 96eb66c1c3c31250e965558093b0c9f20851182d..8aba41f0000238356843bdece685664749482eb1 100644 (file)
--- a/include/bouncer.h
+++ b/include/bouncer.h
@@ -112,24 +112,37 @@ extern int cf_sbuf_len;
 #define MAX_USERNAME   64
 #define MAX_PASSWORD   128
 
+/*
+ * AUTH_* symbols are used for both protocol handling and
+ * configuration settings (auth_type, hba).  Some are only applicable
+ * to one or the other.
+ */
+
 /* no-auth modes */
 #define AUTH_ANY       -1 /* same as trust but without username check */
 #define AUTH_TRUST     AUTH_OK
 
-/* protocol codes */
+/* protocol codes in Authentication* 'R' messages from server */
 #define AUTH_OK                0
-#define AUTH_KRB       2
+#define AUTH_KRB4      1       /* not supported */
+#define AUTH_KRB5      2       /* not supported */
 #define AUTH_PLAIN     3
-#define AUTH_CRYPT     4
+#define AUTH_CRYPT     4       /* not supported */
 #define AUTH_MD5       5
-#define AUTH_CREDS     6
+#define AUTH_SCM_CREDS 6       /* not supported */
+#define AUTH_GSS       7       /* not supported */
+#define AUTH_GSS_CONT  8       /* not supported */
+#define AUTH_SSPI      9       /* not supported */
+#define AUTH_SASL      10      /* not supported */
+#define AUTH_SASL_CONT 11      /* not supported */
+#define AUTH_SASL_FIN  12      /* not supported */
 
 /* internal codes */
-#define AUTH_CERT      7
-#define AUTH_PEER      8
-#define AUTH_HBA       9
-#define AUTH_REJECT    10
-#define AUTH_PAM       11
+#define AUTH_CERT      107
+#define AUTH_PEER      108
+#define AUTH_HBA       109
+#define AUTH_REJECT    110
+#define AUTH_PAM       111
 
 /* type codes for weird pkts */
 #define PKT_STARTUP_V2  0x20000

diff --git a/test/hba_test.c b/test/hba_test.c
index 61f7b3ad3df63caa7d0cbed71bcde0f28f33cdb3..2b3394b57b708a478884b9fb6891152f9913b994 100644 (file)
--- a/test/hba_test.c
+++ b/test/hba_test.c
@@ -17,19 +17,31 @@ int cf_tcp_keepalive;
 int cf_tcp_socket_buffer;
 int cf_listen_port;
 
-static const char *method2string[] = {
-       "trust",
-       "x1",
-       "x2",
-       "password",
-       "crypt",
-       "md5",
-       "creds",
-       "cert",
-       "peer",
-       "hba",
-       "reject",
-};
+static const char *method2string(int method)
+{
+       switch (method) {
+       case AUTH_TRUST:
+               return "trust";
+       case AUTH_PLAIN:
+               return "password";
+       case AUTH_CRYPT:
+               return "crypt";
+       case AUTH_MD5:
+               return "md5";
+       case AUTH_CERT:
+               return "cert";
+       case AUTH_PEER:
+               return "peer";
+       case AUTH_HBA:
+               return "hba";
+       case AUTH_REJECT:
+               return "reject";
+       case AUTH_PAM:
+               return "pam";
+       default:
+               return "???";
+       }
+}
 
 static char *get_token(char **ln_p)
 {
@@ -70,11 +82,11 @@ static int hba_test_eval(struct HBA *hba, char *ln, int linenr)
                die("hbatest: invalid addr on line #%d", linenr);
 
        res = hba_eval(hba, &pgaddr, !!tls, db, user);
-       if (strcmp(method2string[res], exp) == 0) {
+       if (strcmp(method2string(res), exp) == 0) {
                res = 0;
        } else {
                log_warning("FAIL on line %d: expected '%s' got '%s' - user=%s db=%s addr=%s",
-                           linenr, exp, method2string[res], user, db, addr);
+                           linenr, exp, method2string(res), user, db, addr);
                res = 1;
        }
        return res;