git: 744c2dc7dde4 - main - rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values

Thu, 23 Dec 2021 14:36:12 -0800 

The branch main has been updated by rmacklem:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=744c2dc7dde4ee1e1efc9630439682ea0dc338db

commit 744c2dc7dde4ee1e1efc9630439682ea0dc338db
Author:     Rick Macklem <rmack...@freebsd.org>
AuthorDate: 2021-12-23 22:31:53 +0000
Commit:     Rick Macklem <rmack...@freebsd.org>
CommitDate: 2021-12-23 22:31:53 +0000

    rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values
    
    I thought that these new auth_stat values had been agreed
    upon by the IETF NFSv4 working group, but that no longer
    is the case.  As such, delete them and use AUTH_TOOWEAK
    instead.  Leave the code that uses these new auth_stat
    values in the sources #ifdef notnow, in case they are
    defined in the future.
    
    MFC after:      1 week
---
 sys/fs/nfsserver/nfs_nfsdport.c | 5 +++++
 sys/fs/nfsserver/nfs_nfsdsubs.c | 4 ++++
 sys/rpc/auth.h                  | 6 ------
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index 5c3280b55d7a..943523d2da14 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -4053,10 +4053,15 @@ nfsvno_testexp(struct nfsrv_descript *nd, struct 
nfsexstuff *exp)
              (nd->nd_flag & ND_TLSCERTUSER) == 0))) {
                if ((nd->nd_flag & ND_NFSV4) != 0)
                        return (NFSERR_WRONGSEC);
+#ifdef notnow
+               /* There is currently no auth_stat for this. */
                else if ((nd->nd_flag & ND_TLS) == 0)
                        return (NFSERR_AUTHERR | AUTH_NEEDS_TLS);
                else
                        return (NFSERR_AUTHERR | AUTH_NEEDS_TLS_MUTUAL_HOST);
+#endif
+               else
+                       return (NFSERR_AUTHERR | AUTH_TOOWEAK);
        }
 
        /*
diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c b/sys/fs/nfsserver/nfs_nfsdsubs.c
index 8dc193a314e5..ca691941ed0d 100644
--- a/sys/fs/nfsserver/nfs_nfsdsubs.c
+++ b/sys/fs/nfsserver/nfs_nfsdsubs.c
@@ -2145,9 +2145,13 @@ checktls:
        if ((nd->nd_flag & (ND_TLS | ND_EXTLSCERTUSER | ND_EXTLSCERT)) ==
            ND_TLS)
                return (0);
+#ifdef notnow
+       /* There is currently no auth_stat for this. */
        if ((nd->nd_flag & ND_TLS) == 0)
                return (NFSERR_AUTHERR | AUTH_NEEDS_TLS);
        return (NFSERR_AUTHERR | AUTH_NEEDS_TLS_MUTUAL_HOST);
+#endif
+       return (NFSERR_AUTHERR | AUTH_TOOWEAK);
 }
 
 /*
diff --git a/sys/rpc/auth.h b/sys/rpc/auth.h
index 5444f6180c5e..0752e72de95e 100644
--- a/sys/rpc/auth.h
+++ b/sys/rpc/auth.h
@@ -138,7 +138,6 @@ enum auth_stat {
        /*
         * kerberos errors
         */
-       ,
        AUTH_KERB_GENERIC = 8,          /* kerberos generic error */
        AUTH_TIMEEXPIRE = 9,            /* time of credential expired */
        AUTH_TKT_FILE = 10,             /* something wrong with ticket file */
@@ -150,11 +149,6 @@ enum auth_stat {
         */
        RPCSEC_GSS_CREDPROBLEM = 13,
        RPCSEC_GSS_CTXPROBLEM = 14,
-       /*
-        * RPC-over-TLS errors
-        */
-       AUTH_NEEDS_TLS = 15,
-       AUTH_NEEDS_TLS_MUTUAL_HOST = 16,
        /* Also used by RPCSEC_TLS for the same purpose */
        RPCSEC_GSS_NODISPATCH = 0x8000000
 };

Reply via email to