rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values

I thought that these new auth_stat values had been agreed
upon by the IETF NFSv4 working group, but that no longer
is the case.  As such, delete them and use AUTH_TOOWEAK
instead.  Leave the code that uses these new auth_stat
values in the sources #ifdef notnow, in case they are
defined in the future.

MFC after:	1 week

sys/fs/nfsserver/nfs_nfsdport.c

@@ -4053,10 +4053,15 @@ nfsvno_testexp(struct nfsrv_descript *nd, struct nfsexstuff *exp)
 	      (nd->nd_flag & ND_TLSCERTUSER) == 0))) {
 		if ((nd->nd_flag & ND_NFSV4) != 0)
 			return (NFSERR_WRONGSEC);
+#ifdef notnow
+		/* There is currently no auth_stat for this. */
 		else if ((nd->nd_flag & ND_TLS) == 0)
 			return (NFSERR_AUTHERR | AUTH_NEEDS_TLS);
 		else
 			return (NFSERR_AUTHERR | AUTH_NEEDS_TLS_MUTUAL_HOST);
+#endif
+		else
+			return (NFSERR_AUTHERR | AUTH_TOOWEAK);
 	}
 
 	/*

sys/fs/nfsserver/nfs_nfsdsubs.c

@@ -2145,9 +2145,13 @@ nfsd_checkrootexp(struct nfsrv_descript *nd)
 	if ((nd->nd_flag & (ND_TLS | ND_EXTLSCERTUSER | ND_EXTLSCERT)) ==
 	    ND_TLS)
 		return (0);
+#ifdef notnow
+	/* There is currently no auth_stat for this. */
 	if ((nd->nd_flag & ND_TLS) == 0)
 		return (NFSERR_AUTHERR | AUTH_NEEDS_TLS);
 	return (NFSERR_AUTHERR | AUTH_NEEDS_TLS_MUTUAL_HOST);
+#endif
+	return (NFSERR_AUTHERR | AUTH_TOOWEAK);
 }
 
 /*

sys/rpc/auth.h

@@ -138,7 +138,6 @@ enum auth_stat {
 	/*
 	 * kerberos errors
 	 */
-	,
 	AUTH_KERB_GENERIC = 8,		/* kerberos generic error */
 	AUTH_TIMEEXPIRE = 9,		/* time of credential expired */
 	AUTH_TKT_FILE = 10,		/* something wrong with ticket file */
@@ -150,11 +149,6 @@ enum auth_stat {
 	 */
 	RPCSEC_GSS_CREDPROBLEM = 13,
 	RPCSEC_GSS_CTXPROBLEM = 14,
-	/*
-	 * RPC-over-TLS errors
-	 */
-	AUTH_NEEDS_TLS = 15,
-	AUTH_NEEDS_TLS_MUTUAL_HOST = 16,
 	/* Also used by RPCSEC_TLS for the same purpose */
 	RPCSEC_GSS_NODISPATCH = 0x8000000
 };