Rename the local_subkey and remote_subkey fields in the auth_context

to send_subkey and recv_subkey, respectively.  Add new APIs to query
and set these fields.  Change the behavior of mk_req_ext, rd_req_dec,
and rd_rep to set both subkeys.  Applications wanting to set
unidirectional subkeys may still do so by saving the values of subkeys
and doing overrides.  Cause mk_cred, mk_priv, and mk_safe to never use
the recv_subkey.  Cause rd_cred, rd_priv, and rd_safe to never use the
send_subkey.

ticket: 1415
status: open
tags: pullup
target_version: 1.3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970

8 files changed, 33 insertions, 15 deletions

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index a6419495a..274d2bdfb 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,15 @@
+2003-05-09  Tom Yu  <tlyu@mit.edu>
+
+	* krcp.c (main): Rename getlocalsubkey -> getsendsubkey.
+
+	* krlogin.c (main): Rename getlocalsubkey -> getsendsubkey.
+
+	* krlogind.c (recvauth): Rename getremotesubkey -> getrecvsubkey.
+
+	* krsh.c (main): Rename getlocalsubkey -> getsendsubkey.
+
+	* krshd.c (recvauth): Rename getremotesubkey -> getrecvsubkey.
+
 2003-04-08  Ken Raeburn  <raeburn@mit.edu>
 
 	* krshd.c (main): Use LOG_AUTH syslog facility, not LOG_DAEMON,
diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c
index 5ad6a25a1..707985a5a 100644
--- a/src/appl/bsd/krcp.c
+++ b/src/appl/bsd/krcp.c
@@ -480,9 +480,9 @@ int main(argc, argv)
 			    try_normal(orig_argv); /* doesn't return */
 
 			if (!similar) {
-			    status = krb5_auth_con_getlocalsubkey (bsd_context,
-								   auth_context,
-								   &key);
+			    status = krb5_auth_con_getsendsubkey (bsd_context,
+								  auth_context,
+								  &key);
 			    if ((status || !key) && encryptflag)
 				try_normal(orig_argv);
 			}
@@ -599,9 +599,9 @@ int main(argc, argv)
 		    krb5_keyblock *key = &cred->keyblock;
 
 		    if (kcmd_proto == KCMD_NEW_PROTOCOL) {
-			status = krb5_auth_con_getlocalsubkey (bsd_context,
-							       auth_context,
-							       &key);
+			status = krb5_auth_con_getsendsubkey (bsd_context,
+							      auth_context,
+							      &key);
 			if (status) {
 			    com_err (argv[0], status,
 				     "determining subkey for session");
diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c
index c497dc2fb..a1e63a645 100644
--- a/src/appl/bsd/krlogin.c
+++ b/src/appl/bsd/krlogin.c
@@ -702,8 +702,8 @@ main(argc, argv)
 	if (kcmd_proto == KCMD_NEW_PROTOCOL) {
 	    do_inband = 1;
 
-	    status = krb5_auth_con_getlocalsubkey (bsd_context, auth_context,
-						   &key);
+	    status = krb5_auth_con_getsendsubkey (bsd_context, auth_context,
+						  &key);
 	    if ((status || !key) && encrypt_flag)
 		try_normal(orig_argv);
 	}
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index 82e560143..d2979e141 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -1537,7 +1537,7 @@ recvauth(valid_checksum)
 	return status;
 
     key = 0;
-    status = krb5_auth_con_getremotesubkey (bsd_context, auth_context, &key);
+    status = krb5_auth_con_getrecvsubkey (bsd_context, auth_context, &key);
     if (status)
 	fatal (netf, "Server can't get session subkey");
     if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL)
diff --git a/src/appl/bsd/krsh.c b/src/appl/bsd/krsh.c
index 3f8273ec0..bd9c20572 100644
--- a/src/appl/bsd/krsh.c
+++ b/src/appl/bsd/krsh.c
@@ -411,8 +411,8 @@ main(argc, argv0)
 	krb5_keyblock *key = &cred->keyblock;
 
 	if (kcmd_proto == KCMD_NEW_PROTOCOL) {
-	    status = krb5_auth_con_getlocalsubkey (bsd_context, auth_context,
-						   &key);
+	    status = krb5_auth_con_getsendsubkey (bsd_context, auth_context,
+						  &key);
 	    if (status) {
 		com_err (argv[0], status, "determining subkey for session");
 		exit (1);
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index adad7ea2f..d625d8bd9 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -1962,8 +1962,8 @@ recvauth(netfd, peersin, valid_checksum)
 
     {
 	krb5_keyblock *key;
-	status = krb5_auth_con_getremotesubkey (bsd_context, auth_context,
-						&key);
+	status = krb5_auth_con_getrecvsubkey (bsd_context, auth_context,
+					      &key);
 	if (status)
 	    fatal (netfd, "Server can't get session subkey");
 	if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL)
diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog
index ea46e4fb8..4f9de7ade 100644
--- a/src/appl/telnet/libtelnet/ChangeLog
+++ b/src/appl/telnet/libtelnet/ChangeLog
@@ -1,3 +1,9 @@
+2003-05-09  Tom Yu  <tlyu@mit.edu>
+
+	* kerberos5.c (kerberos5_send): Rename getlocalsubkey ->
+	getsendsubkey.
+	(kerberos5_is): Rename getremotesubkey -> getrecvsubkey.
+
 2003-04-10  Tom Yu  <tlyu@mit.edu>
 
 	* Makefile.in: Use library build framework.
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
index 59982d3bf..ad36aedda 100644
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -327,7 +327,7 @@ kerberos5_send(ap)
 				 &check_data, new_creds, &auth);
 
 #ifdef	ENCRYPTION
-	krb5_auth_con_getlocalsubkey(telnet_context, auth_context, &newkey);
+	krb5_auth_con_getsendsubkey(telnet_context, auth_context, &newkey);
 	if (session_key) {
 		krb5_free_keyblock(telnet_context, session_key);
 		session_key = 0;
@@ -552,7 +552,7 @@ kerberos5_is(ap, data, cnt)
 		
 		if (name)
 		    free(name);
-		krb5_auth_con_getremotesubkey(telnet_context, auth_context,
+		krb5_auth_con_getrecvsubkey(telnet_context, auth_context,
 					      &newkey);
 		if (session_key) {
 		    krb5_free_keyblock(telnet_context, session_key);