From 717ad8b04393353b51d9fd430c65e179fcdefb44 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 17 Nov 2021 20:23:12 +1300
Subject: [PATCH] kdc: Add support for explicit armoring from MS-KILE

Normally when FAST is used with a TGS-REQ, the armor key is implicitly
derived from the TGT rather than armor being explicitly present, as for
AS-REQs. However, Windows allows a TGS-REQ to be explicitly armored with
a computer's TGT, so that the armor key also depends on the ticket
session key.

This is used for compound identity, where the computer's group
membership and claims are added to the PAC of the resulting ticket.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---
 kdc/fast.c                      | 20 ++++++++++++++++++--
 lib/krb5/fast.c                 | 16 ++++++++++++++++
 lib/krb5/libkrb5-exports.def.in |  1 +
 lib/krb5/version-script.map     |  1 +
 4 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/kdc/fast.c b/kdc/fast.c
index b39016210..a9c95db0a 100644
--- a/kdc/fast.c
+++ b/kdc/fast.c
@@ -442,6 +442,8 @@ fast_unwrap_request(astgs_request_t r,
     krb5_flags ap_req_options;
     Key *armor_key = NULL;
     krb5_keyblock armorkey;
+    krb5_keyblock explicit_armorkey;
+    krb5_boolean explicit_armor;
     krb5_error_code ret;
     krb5_ap_req ap_req;
     KrbFastReq fastreq;
@@ -492,10 +494,12 @@ fast_unwrap_request(astgs_request_t r,
 	goto out;
     }
 
+    explicit_armor = fxreq.u.armored_data.armor != NULL && tgs_ac != NULL;
+
     /*
      *
      */
-    if (tgs_ac == NULL) {
+    if (fxreq.u.armored_data.armor != NULL) {
 	if (fxreq.u.armored_data.armor->armor_type != 1) {
 	    kdc_log(r->context, r->config, 4,
 		    "Incorrect AS-REQ armor type");
@@ -577,10 +581,22 @@ fast_unwrap_request(astgs_request_t r,
 			       ac->remote_subkey,
 			       &ticket->ticket.key,
 			       &armorkey,
-			       &r->armor_crypto);
+			       explicit_armor ? NULL : &r->armor_crypto);
     if (ret)
 	goto out;
 
+    if (explicit_armor) {
+	ret = _krb5_fast_explicit_armor_key(r->context,
+					    &armorkey,
+					    tgs_ac->remote_subkey,
+					    &explicit_armorkey,
+					    &r->armor_crypto);
+	if (ret)
+	    goto out;
+
+	krb5_free_keyblock_contents(r->context, &explicit_armorkey);
+    }
+
     krb5_free_keyblock_contents(r->context, &armorkey);
 
     ret = krb5_decrypt_EncryptedData(r->context, r->armor_crypto,
diff --git a/lib/krb5/fast.c b/lib/krb5/fast.c
index f52af3064..5b30f24df 100644
--- a/lib/krb5/fast.c
+++ b/lib/krb5/fast.c
@@ -96,6 +96,22 @@ _krb5_fast_armor_key(krb5_context context,
 			  armor_crypto);
 }
 
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+_krb5_fast_explicit_armor_key(krb5_context context,
+			      krb5_keyblock *armorkey,
+			      krb5_keyblock *subkey,
+			      krb5_keyblock *explicit_armorkey,
+			      krb5_crypto *explicit_armor_crypto)
+{
+    return _krb5_fast_cf2(context,
+			  armorkey,
+			  "explicitarmor",
+			  subkey,
+			  "tgsarmor",
+			  explicit_armorkey,
+			  explicit_armor_crypto);
+}
+
 static krb5_error_code
 check_fast(krb5_context context, struct krb5_fast_state *state)
 {
diff --git a/lib/krb5/libkrb5-exports.def.in b/lib/krb5/libkrb5-exports.def.in
index f99662bc4..df6fa7caa 100644
--- a/lib/krb5/libkrb5-exports.def.in
+++ b/lib/krb5/libkrb5-exports.def.in
@@ -875,6 +875,7 @@ EXPORTS
 	; FAST
 	_krb5_fast_cf2
 	_krb5_fast_armor_key
+	_krb5_fast_explicit_armor_key
 
 	; Recent additions
 	krb5_cc_type_dcc;
diff --git a/lib/krb5/version-script.map b/lib/krb5/version-script.map
index 195e8fe4d..26b53f6ed 100644
--- a/lib/krb5/version-script.map
+++ b/lib/krb5/version-script.map
@@ -865,6 +865,7 @@ HEIMDAL_KRB5_2.0 {
 		# FAST
 		_krb5_fast_cf2;
 		_krb5_fast_armor_key;
+		_krb5_fast_explicit_armor_key;
 
                 # TGS
                 _krb5_find_capath;