diff options
Diffstat (limited to '5.1')
| -rwxr-xr-x | 5.1/charon.rb | 16 | ||||
| -rwxr-xr-x | 5.1/get_mail.rb | 2 | ||||
| -rwxr-xr-x | 5.1/mail.rb | 16 |
3 files changed, 31 insertions, 3 deletions
diff --git a/5.1/charon.rb b/5.1/charon.rb index 7a69e39..0e4b03c 100755 --- a/5.1/charon.rb +++ b/5.1/charon.rb @@ -13,6 +13,17 @@ Services = { "Mail" => "{FvM<kgG}VpHxKJO;6Zo" } +ReplayCache = [] + +def update_replaycache!(new_auth) + ReplayCache.push(new_auth) + now = Time.now.to_i + ReplayCache.delete_if { |auth| + _, _, als, ats = auth.split(?,) + now > als.to_i + ats.to_i + } +end + def encrypt(obj, key) cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt cipher.key = Digest::SHA2.digest(key) @@ -65,7 +76,10 @@ post '/ticket' do next "Invalid ticket\n" unless Time.now.to_i >= ts next "Ticket expired\n" unless Time.now.to_i < (ts + ls) begin - aun, aws, als, ats = decrypt(data["authenticator"], sk).split(?,) + auth = decrypt(data["authenticator"], sk) + next "Replayed authenticator\n" if ReplayCache.include?(auth) + update_replaycache!(auth) + aun, aws, als, ats = auth.split(?,) als = als.to_i ats = ats.to_i rescue OpenSSL::Cipher::CipherError diff --git a/5.1/get_mail.rb b/5.1/get_mail.rb index 4df3024..fde3dd4 100755 --- a/5.1/get_mail.rb +++ b/5.1/get_mail.rb @@ -20,7 +20,7 @@ end def gen_auth(un, ws, sk) ts = Time.now.to_i - encrypt("#{un},#{ws},120,#{ts}", sk) + encrypt("#{un},#{ws},300,#{ts}", sk) end def get_ticket(un, wsa, tgt, sv, sk) diff --git a/5.1/mail.rb b/5.1/mail.rb index f0be986..6adf021 100755 --- a/5.1/mail.rb +++ b/5.1/mail.rb @@ -9,6 +9,17 @@ set :port, 4568 Service = "Mail" ServicePassword = "{FvM<kgG}VpHxKJO;6Zo" +ReplayCache = [] + +def update_replaycache!(new_auth) + ReplayCache.push(new_auth) + now = Time.now.to_i + ReplayCache.delete_if { |auth| + _, _, als, ats = auth.split(?,) + now > als.to_i + ats.to_i + } +end + def decrypt(obj, key) ticket = [obj].pack("H*").unpack("C*").pack("c*") cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt @@ -30,7 +41,10 @@ post '/login' do next "Ticket expired\n" unless Time.now.to_i < (ts + ls) begin - aun, aws, als, ats = decrypt(data["authenticator"], sk).split(?,) + auth = decrypt(data["authenticator"], sk) + next "Replayed authenticator\n" if ReplayCache.include?(auth) + update_replaycache!(auth) + aun, aws, als, ats = auth.split(?,) als = als.to_i ats = ats.to_i rescue OpenSSL::Cipher::CipherError |