Rename krbtgt variable in KDC code

In a TGS request, the header ticket server is usually a local or
cross-realm TGS principal, but for ticket modification requests it
doesn't have to be.  Similarly, the server for an AS request is
usually a krbtgt principal, but in some cases it is not.  Since the
KDC code must consider all possibilities, avoid using the name
"krbtgt" for entries which aren't necessarily TGTs.

In process_tgs_req(), rename krbtgt to header_server and tgskey to
header_key.  In handle_authdata(), rename the parameters similarly and
pass NULL from process_as_req() for the header_server and header_key
parameters; the code which uses those parameters is adjusted to match.
In validate_transit_path(), rename krbtgt to header_srv.

Do not change the semantics of the sign_authdata DAL method at this
time, but more accurately document the krbtgt and krbtgt_key
parameters.

1 files changed, 3 insertions, 2 deletions

diff --git a/src/include/krb5/kdcauthdata_plugin.h b/src/include/krb5/kdcauthdata_plugin.h
index 9698566..53fe69c 100644
--- a/src/include/krb5/kdcauthdata_plugin.h
+++ b/src/include/krb5/kdcauthdata_plugin.h
@@ -107,9 +107,10 @@ typedef krb5_error_code
                               krb5_kdcauthdata_moddata moddata,
                               unsigned int flags,
                               krb5_db_entry *client, krb5_db_entry *server,
-                              krb5_db_entry *tgs, krb5_keyblock *client_key,
+                              krb5_db_entry *header_server,
+                              krb5_keyblock *client_key,
                               krb5_keyblock *server_key,
-                              krb5_keyblock *tgs_key,
+                              krb5_keyblock *header_key,
                               krb5_data *req_pkt, krb5_kdc_req *req,
                               krb5_const_principal for_user_princ,
                               krb5_enc_tkt_part *enc_tkt_req,