From nobody Thu Dec 30 01:26:55 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A5ECB1912457; Thu, 30 Dec 2021 01:26:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JPVxC2RVBz4bK7; Thu, 30 Dec 2021 01:26:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 33E5675F9; Thu, 30 Dec 2021 01:26:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BU1Qtav077000; Thu, 30 Dec 2021 01:26:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BU1QtV7076999; Thu, 30 Dec 2021 01:26:55 GMT (envelope-from git) Date: Thu, 30 Dec 2021 01:26:55 GMT Message-Id: <202112300126.1BU1QtV7076999@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 7aa23c7b59f7 - stable/13 - rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 7aa23c7b59f7c7ba1402175dcaafb65a44e10eab Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1640827615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fvlDg2kDfByFWqfM/68IHiWKUY/AULPObYXJ3bkAWCc=; b=C4/4pv5ZD7W7171GwqmUiLfNNyuLRcV1d9r4GoR4KPWL1Y/gbGOB563h4ZHtHHcUh0a3vV s7PKvcpT1bSsu5Pi6z9j/sLRILJJw7RWii9ayweFeFBK5PgSMaNyzAiywh+bxHpqs6kKaQ jzm3xN8rMvF1jKsbLqejuoZFwrJDnTZKiclDnlWe0MIXL5d4V6E/vAI164tbXokzt6hSW8 wDqm97+a+vgW9TtlLm12pl3ewCNnTcnQNZY7TsTYKKqwLWQMG4i+GiTyhSXdEm1zMrHOUK wZpYbRs4MZRL8xPH2EZNzb19BkMDah204YGsEH9O40A7XB5TA0XtIVSAVLQVYA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1640827615; a=rsa-sha256; cv=none; b=xyyD5fVFiHom4LdqvPX6W2Qdb1L+i/0IwMOMqAlScTEe11ckf5vy+/EQCcFjN+nIOAVzzm JbccoMXXkA5IWG0H1FQY5nLSsBSbVur7bUqv51mEC/d/INph+kU58lQWQz78VGWm+/K19e Kq75+Q6CJLuwH2gMA7YYEdYc5GCgJcApckkzbkfMvICID+I19PEzuTry2jpZ/Sp6MJcRjk ereZlc6CT3oGW/R4hd0M1Zlo6RTLdGbMsdvZ6f0rls0n5SC3b2l5YfID5y0t3HVc4hE8Lg 1hflBOVJOaX+EppJna9B/faMfsQ6Nmgo5wzx5p6OtQ+1MLM5aM5fjvpXlTXCcw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=7aa23c7b59f7c7ba1402175dcaafb65a44e10eab commit 7aa23c7b59f7c7ba1402175dcaafb65a44e10eab Author: Rick Macklem AuthorDate: 2021-12-23 22:31:53 +0000 Commit: Rick Macklem CommitDate: 2021-12-30 01:23:30 +0000 rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values I thought that these new auth_stat values had been agreed upon by the IETF NFSv4 working group, but that no longer is the case. As such, delete them and use AUTH_TOOWEAK instead. Leave the code that uses these new auth_stat values in the sources #ifdef notnow, in case they are defined in the future. (cherry picked from commit 744c2dc7dde4ee1e1efc9630439682ea0dc338db) --- sys/fs/nfsserver/nfs_nfsdport.c | 5 +++++ sys/fs/nfsserver/nfs_nfsdsubs.c | 4 ++++ sys/rpc/auth.h | 6 ------ 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index c63e24378ef5..f28d973a867a 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -4056,10 +4056,15 @@ nfsvno_testexp(struct nfsrv_descript *nd, struct nfsexstuff *exp) (nd->nd_flag & ND_TLSCERTUSER) == 0))) { if ((nd->nd_flag & ND_NFSV4) != 0) return (NFSERR_WRONGSEC); +#ifdef notnow + /* There is currently no auth_stat for this. */ else if ((nd->nd_flag & ND_TLS) == 0) return (NFSERR_AUTHERR | AUTH_NEEDS_TLS); else return (NFSERR_AUTHERR | AUTH_NEEDS_TLS_MUTUAL_HOST); +#endif + else + return (NFSERR_AUTHERR | AUTH_TOOWEAK); } /* diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c b/sys/fs/nfsserver/nfs_nfsdsubs.c index 8c3e748a290f..9e278dbab7e5 100644 --- a/sys/fs/nfsserver/nfs_nfsdsubs.c +++ b/sys/fs/nfsserver/nfs_nfsdsubs.c @@ -2145,9 +2145,13 @@ checktls: if ((nd->nd_flag & (ND_TLS | ND_EXTLSCERTUSER | ND_EXTLSCERT)) == ND_TLS) return (0); +#ifdef notnow + /* There is currently no auth_stat for this. */ if ((nd->nd_flag & ND_TLS) == 0) return (NFSERR_AUTHERR | AUTH_NEEDS_TLS); return (NFSERR_AUTHERR | AUTH_NEEDS_TLS_MUTUAL_HOST); +#endif + return (NFSERR_AUTHERR | AUTH_TOOWEAK); } /* diff --git a/sys/rpc/auth.h b/sys/rpc/auth.h index 5444f6180c5e..0752e72de95e 100644 --- a/sys/rpc/auth.h +++ b/sys/rpc/auth.h @@ -138,7 +138,6 @@ enum auth_stat { /* * kerberos errors */ - , AUTH_KERB_GENERIC = 8, /* kerberos generic error */ AUTH_TIMEEXPIRE = 9, /* time of credential expired */ AUTH_TKT_FILE = 10, /* something wrong with ticket file */ @@ -150,11 +149,6 @@ enum auth_stat { */ RPCSEC_GSS_CREDPROBLEM = 13, RPCSEC_GSS_CTXPROBLEM = 14, - /* - * RPC-over-TLS errors - */ - AUTH_NEEDS_TLS = 15, - AUTH_NEEDS_TLS_MUTUAL_HOST = 16, /* Also used by RPCSEC_TLS for the same purpose */ RPCSEC_GSS_NODISPATCH = 0x8000000 };