diff options
| author | Nat Lasseter <user@4574.co.uk> | 2025-02-18 15:25:49 +0000 |
|---|---|---|
| committer | Nat Lasseter <user@4574.co.uk> | 2025-02-18 15:25:49 +0000 |
| commit | b50766d496010bf2856dac88d97c236cf5944ae6 (patch) | |
| tree | d8db60dce038de43876ff5544828b92614315e9d /2.2/charon.rb | |
Restart git history without references to work email
Previous commits:
Author: Nat Lasseter <user@4574.co.uk>
Date: 2025-02-18 15:15:27 +0000
[3.2] Tickets have fixed 8-hour lifetimes now
Author: Nat Lasseter <user@4574.co.uk>
Date: 2025-02-18 15:15:27 +0000
[3.11] Added .keytab file, got rid of get_ticket.
Author: Nat Lasseter <user@4574.co.uk>
Date: 2025-02-18 15:15:27 +0000
[3.1] Added the TGS
Author: Nat Lasseter <user@4574.co.uk>
Date: 2025-02-18 15:15:27 +0000
Add readme
Author: Nat Lasseter <user@4574.co.uk>
Date: 2025-02-18 15:15:27 +0000
Up to end of scene 2
Diffstat (limited to '2.2/charon.rb')
| -rwxr-xr-x | 2.2/charon.rb | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/2.2/charon.rb b/2.2/charon.rb new file mode 100755 index 0000000..2210b6e --- /dev/null +++ b/2.2/charon.rb @@ -0,0 +1,41 @@ +#!/usr/bin/env ruby + +require 'openssl' +require 'securerandom' +require 'sinatra' + +Users = { + "Athena" => "Passw0rd!" +} + +Services = { + "Mail" => "{FvM<kgG}VpHxKJO;6Zo" +} + +def ticket(username, service, password, ws_address) + cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt + cipher.key = Digest::SHA2.digest(password) + + p = [username, ws_address, service].join(?\0) + s = cipher.update(p) + cipher.final + + s.unpack('H*')[0].upcase + ?\n +end + +def noleak(msg, ul, sl, ws) + puts "Error: #{msg}, returning nonsense to avoid leakage." + ticket(SecureRandom.alphanumeric(ul), SecureRandom.alphanumeric(sl), SecureRandom.alphanumeric(16), ws) +end + +post '/ticket' do + request.body.rewind + data = JSON.parse(request.body.read) + next "Invalid request\n" unless data.keys.sort == %w(password service username) + ul = data["username"].length + sl = data["service"].length + ws = request.ip + next noleak("Invalid service", ul, sl, ws) unless Services.keys.include?(data["service"]) + next noleak("Invalid username", ul, sl, ws) unless Users.keys.include?(data["username"]) + next noleak("Invalid password", ul, sl, ws) unless Users[data["username"]] == data["password"] + next ticket(data["username"], data["service"], Services[data["service"]], ws) +end |