1 files changed, 45 insertions, 13 deletions
diff --git a/4.1/get_mail.rb b/4.1/get_mail.rb
index 8cbbb1f..79a8bc7 100755
--- a/4.1/get_mail.rb
+++ b/4.1/get_mail.rb
@@ -4,13 +4,32 @@ require 'net/http'
 require 'uri'
 require 'json'
 
-def get_ticket(un, tgt, sv)
+def encrypt(obj, key)
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt
+  cipher.key = Digest::SHA2.digest(key)
+  s = cipher.update(obj) + cipher.final
+  s.unpack('H*')[0].upcase
+end
+
+def decrypt(obj, key)
+  ticket = [obj].pack("H*").unpack("C*").pack("c*")
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
+  cipher.key = Digest::SHA2.digest(key)
+  cipher.update(ticket) + cipher.final
+end
+
+def gen_auth(un, ws, sk)
+  encrypt("#{un},#{ws}", sk)
+end
+
+def get_ticket(un, wsa, tgt, sv, sk)
   uri = URI.parse("http://localhost:4567/ticket")
   header = {'Content-Type': 'text/json'}
 
   login = {
     "username": un,
     "ticket": tgt,
+    "authenticator": gen_auth(un, wsa, sk),
     "service": sv
   }
 
@@ -31,7 +50,14 @@ end
 
 def update_keytab!
   File.open(".keytab", "w") do |f|
-    f.puts Tickets.map { |s, p| [s, *p.values].join(?:) }
+    f.puts Tickets.map { |s, p| [
+      s,
+      p["sessionkey"],
+      p["ws_address"],
+      p["lifespan"],
+      p["timestamp"],
+      p["ticket"]
+    ].join(?,) }
   end
 end
 
@@ -44,21 +70,28 @@ unless File.exist?(".keytab")
 end
 
 Tickets = File.readlines(".keytab").map { |l|
-  a = l.strip.split(?:)
+  a = l.strip.split(?,)
   [a[0], {
-    "lifespan" => a[1].to_i,
-    "timestamp" => a[2].to_i,
-    "ticket" => a[3]
+    "sessionkey" => a[1],
+    "ws_address" => a[2],
+    "lifespan" => a[3].to_i,
+    "timestamp" => a[4].to_i,
+    "ticket" => a[5]
   }]
 }.to_h
 
 unless Tickets.keys.include?(ms) && ticket_valid?(Tickets[ms])
   if Tickets.keys.include?("_TGS") && ticket_valid?(Tickets["_TGS"])
-    packet = get_ticket(un, Tickets["_TGS"]["ticket"], ms).split(?:)
+    packet = get_ticket(un, Tickets["_TGS"]["ws_address"],
+                        Tickets["_TGS"]["ticket"],
+                        ms, Tickets["_TGS"]["sessionkey"])
+    packet = decrypt(packet, Tickets["_TGS"]["sessionkey"]).split(?,)
     Tickets[ms] = {
-      "lifespan" => packet[0].to_i,
-      "timestamp" => packet[1].to_i,
-      "ticket" => packet[2]
+      "sessionkey" => packet[0],
+      "ws_address" => packet[1],
+      "lifespan" => packet[2].to_i,
+      "timestamp" => packet[3].to_i,
+      "ticket" => packet[4]
     }
     update_keytab!
   else
@@ -67,14 +100,13 @@ unless Tickets.keys.include?(ms) && ticket_valid?(Tickets[ms])
   end
 end
 
-ticket = Tickets[ms]["ticket"]
-
 uri = URI.parse("http://localhost:4568/login")
 header = {'Content-Type': 'text/json'}
 
 login = {
   "username": un,
-  "ticket": ticket
+  "ticket": Tickets[ms]["ticket"],
+  "authenticator": gen_auth(un, Tickets[ms]["ws_address"], Tickets[ms]["sessionkey"])
 }
 
 http = Net::HTTP.new(uri.host, uri.port)