Date: Thu, 23 Dec 2021 22:35:59 GMT From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 744c2dc7dde4 - main - rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values Message-ID: <202112232235.1BNMZxeK018163@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=744c2dc7dde4ee1e1efc9630439682ea0dc338db commit 744c2dc7dde4ee1e1efc9630439682ea0dc338db Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2021-12-23 22:31:53 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2021-12-23 22:31:53 +0000 rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values I thought that these new auth_stat values had been agreed upon by the IETF NFSv4 working group, but that no longer is the case. As such, delete them and use AUTH_TOOWEAK instead. Leave the code that uses these new auth_stat values in the sources #ifdef notnow, in case they are defined in the future. MFC after: 1 week --- sys/fs/nfsserver/nfs_nfsdport.c | 5 +++++ sys/fs/nfsserver/nfs_nfsdsubs.c | 4 ++++ sys/rpc/auth.h | 6 ------ 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index 5c3280b55d7a..943523d2da14 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -4053,10 +4053,15 @@ nfsvno_testexp(struct nfsrv_descript *nd, struct nfsexstuff *exp) (nd->nd_flag & ND_TLSCERTUSER) == 0))) { if ((nd->nd_flag & ND_NFSV4) != 0) return (NFSERR_WRONGSEC); +#ifdef notnow + /* There is currently no auth_stat for this. */ else if ((nd->nd_flag & ND_TLS) == 0) return (NFSERR_AUTHERR | AUTH_NEEDS_TLS); else return (NFSERR_AUTHERR | AUTH_NEEDS_TLS_MUTUAL_HOST); +#endif + else + return (NFSERR_AUTHERR | AUTH_TOOWEAK); } /* diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c b/sys/fs/nfsserver/nfs_nfsdsubs.c index 8dc193a314e5..ca691941ed0d 100644 --- a/sys/fs/nfsserver/nfs_nfsdsubs.c +++ b/sys/fs/nfsserver/nfs_nfsdsubs.c @@ -2145,9 +2145,13 @@ checktls: if ((nd->nd_flag & (ND_TLS | ND_EXTLSCERTUSER | ND_EXTLSCERT)) == ND_TLS) return (0); +#ifdef notnow + /* There is currently no auth_stat for this. */ if ((nd->nd_flag & ND_TLS) == 0) return (NFSERR_AUTHERR | AUTH_NEEDS_TLS); return (NFSERR_AUTHERR | AUTH_NEEDS_TLS_MUTUAL_HOST); +#endif + return (NFSERR_AUTHERR | AUTH_TOOWEAK); } /* diff --git a/sys/rpc/auth.h b/sys/rpc/auth.h index 5444f6180c5e..0752e72de95e 100644 --- a/sys/rpc/auth.h +++ b/sys/rpc/auth.h @@ -138,7 +138,6 @@ enum auth_stat { /* * kerberos errors */ - , AUTH_KERB_GENERIC = 8, /* kerberos generic error */ AUTH_TIMEEXPIRE = 9, /* time of credential expired */ AUTH_TKT_FILE = 10, /* something wrong with ticket file */ @@ -150,11 +149,6 @@ enum auth_stat { */ RPCSEC_GSS_CREDPROBLEM = 13, RPCSEC_GSS_CTXPROBLEM = 14, - /* - * RPC-over-TLS errors - */ - AUTH_NEEDS_TLS = 15, - AUTH_NEEDS_TLS_MUTUAL_HOST = 16, /* Also used by RPCSEC_TLS for the same purpose */ RPCSEC_GSS_NODISPATCH = 0x8000000 };
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202112232235.1BNMZxeK018163>