From c296a63e974e04c3c31f531747594d9e82723f45 Mon Sep 17 00:00:00 2001
From: Nat Lasseter <user@4574.co.uk>
Date: Wed, 19 Feb 2025 23:14:40 +0000
Subject: [4.2] Authenticators have lifespans now. All done!

---
 4.2/charon.rb   |  80 ++++++++++++++++++++++++++++++++++++++
 4.2/get_mail.rb | 118 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 4.2/kinit.rb    |  36 +++++++++++++++++
 4.2/mail.rb     |  45 +++++++++++++++++++++
 4 files changed, 279 insertions(+)
 create mode 100755 4.2/charon.rb
 create mode 100755 4.2/get_mail.rb
 create mode 100755 4.2/kinit.rb
 create mode 100755 4.2/mail.rb

diff --git a/4.2/charon.rb b/4.2/charon.rb
new file mode 100755
index 0000000..f1940f6
--- /dev/null
+++ b/4.2/charon.rb
@@ -0,0 +1,80 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+require 'securerandom'
+require 'sinatra'
+
+Users = {
+  "Athena" => "Passw0rd!"
+}
+
+Services = {
+  "_TGS" => "eiqu@a5ahs8mooqu9Eng",
+  "Mail" => "{FvM<kgG}VpHxKJO;6Zo"
+}
+
+def encrypt(obj, key)
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt
+  cipher.key = Digest::SHA2.digest(key)
+  s = cipher.update(obj) + cipher.final
+  s.unpack('H*')[0].upcase
+end
+
+def decrypt(obj, key)
+  ticket = [obj].pack("H*").unpack("C*").pack("c*")
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
+  cipher.key = Digest::SHA2.digest(key)
+  cipher.update(ticket) + cipher.final
+end
+
+def ticket(username, ws_address, service)
+  ts = Time.now.to_i
+  sk = SecureRandom.hex.upcase
+  p = [sk, username, ws_address, service, 28800, ts].join(?\0)
+  s = encrypt(p, Services[service])
+  "#{sk},#{ws_address},28800,#{ts},#{s}"
+end
+
+def noleak(msg, ul, ws)
+  puts "Error: #{msg}, returning nonsense to avoid leakage."
+  ticket(SecureRandom.alphanumeric(ul), ws, SecureRandom.alphanumeric(rand(24) + 8))
+end
+
+post '/login' do
+  request.body.rewind
+  data = JSON.parse(request.body.read)
+  next "Invalid request\n" unless data.keys == %w(username)
+  un = data["username"]
+  ul = un.length
+  ws = request.ip
+  next noleak("Invalid username", ul, ws) unless Users.keys.include?(un)
+  tgt = ticket(un, ws, "_TGS")
+  encrypt(tgt, Users[un])
+end
+
+post '/ticket' do
+  request.body.rewind
+  data = JSON.parse(request.body.read)
+  next "Invalid request\n" unless data.keys.sort == %w(authenticator service ticket username)
+  sk, un, ws, sn, ls, ts = decrypt(data["ticket"], Services["_TGS"]).split(?\0)
+  ls = ls.to_i
+  ts = ts.to_i
+  next "Invalid ticket\n" unless sn == "_TGS"
+  next "Invalid ticket\n" unless un == data["username"]
+  next "Invalid ticket\n" unless ws == request.ip
+  next "Invalid ticket\n" unless Time.now.to_i >= ts
+  next "Ticket expired\n" unless Time.now.to_i < (ts + ls)
+  begin
+    aun, aws, als, ats = decrypt(data["authenticator"], sk).split(?,)
+    als = als.to_i
+    ats = ats.to_i
+  rescue OpenSSL::Cipher::CipherError
+    next "Invalid session key\n"
+  end
+  next "Invalid authenticator\n" unless aun == un
+  next "Invalid authenticator\n" unless aws == ws
+  next "Invalid authenticator\n" unless Time.now.to_i >= ats
+  next "Authenticator expired\n" unless Time.now.to_i < (ats + als)
+  svt = ticket(un, ws, data["service"])
+  encrypt(svt, sk)
+end
diff --git a/4.2/get_mail.rb b/4.2/get_mail.rb
new file mode 100755
index 0000000..88167bf
--- /dev/null
+++ b/4.2/get_mail.rb
@@ -0,0 +1,118 @@
+#!/usr/bin/env ruby
+
+require 'net/http'
+require 'uri'
+require 'json'
+
+def encrypt(obj, key)
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt
+  cipher.key = Digest::SHA2.digest(key)
+  s = cipher.update(obj) + cipher.final
+  s.unpack('H*')[0].upcase
+end
+
+def decrypt(obj, key)
+  ticket = [obj].pack("H*").unpack("C*").pack("c*")
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
+  cipher.key = Digest::SHA2.digest(key)
+  cipher.update(ticket) + cipher.final
+end
+
+def gen_auth(un, ws, sk)
+  ts = Time.now.to_i
+  encrypt("#{un},#{ws},120,#{ts}", sk)
+end
+
+def get_ticket(un, wsa, tgt, sv, sk)
+  uri = URI.parse("http://localhost:4567/ticket")
+  header = {'Content-Type': 'text/json'}
+
+  login = {
+    "username": un,
+    "ticket": tgt,
+    "authenticator": gen_auth(un, wsa, sk),
+    "service": sv
+  }
+
+  http = Net::HTTP.new(uri.host, uri.port)
+  request = Net::HTTP::Post.new(uri.request_uri, header)
+  request.body = login.to_json
+
+  response = http.request(request)
+  response.body
+end
+
+def ticket_valid?(ticket)
+  now = Time.now.to_i
+  timeStart = ticket["timestamp"]
+  timeEnd = ticket["timestamp"] + ticket["lifespan"]
+  now >= timeStart && now < timeEnd
+end
+
+def update_keytab!
+  File.open(".keytab", "w") do |f|
+    f.puts Tickets.map { |s, p| [
+      s,
+      p["sessionkey"],
+      p["ws_address"],
+      p["lifespan"],
+      p["timestamp"],
+      p["ticket"]
+    ].join(?,) }
+  end
+end
+
+print "Username: "; un = gets.strip
+print "Mailserver: "; ms = gets.strip
+
+unless File.exist?(".keytab")
+  puts "No keytab, please kinit"
+  exit 1
+end
+
+Tickets = File.readlines(".keytab").map { |l|
+  a = l.strip.split(?,)
+  [a[0], {
+    "sessionkey" => a[1],
+    "ws_address" => a[2],
+    "lifespan" => a[3].to_i,
+    "timestamp" => a[4].to_i,
+    "ticket" => a[5]
+  }]
+}.to_h
+
+unless Tickets.keys.include?(ms) && ticket_valid?(Tickets[ms])
+  if Tickets.keys.include?("_TGS") && ticket_valid?(Tickets["_TGS"])
+    packet = get_ticket(un, Tickets["_TGS"]["ws_address"],
+                        Tickets["_TGS"]["ticket"],
+                        ms, Tickets["_TGS"]["sessionkey"])
+    packet = decrypt(packet, Tickets["_TGS"]["sessionkey"]).split(?,)
+    Tickets[ms] = {
+      "sessionkey" => packet[0],
+      "ws_address" => packet[1],
+      "lifespan" => packet[2].to_i,
+      "timestamp" => packet[3].to_i,
+      "ticket" => packet[4]
+    }
+    update_keytab!
+  else
+    puts "No Ticket Granting Ticket, please kinit"
+    exit 1
+  end
+end
+
+uri = URI.parse("http://localhost:4568/login")
+header = {'Content-Type': 'text/json'}
+
+login = {
+  "username": un,
+  "ticket": Tickets[ms]["ticket"],
+  "authenticator": gen_auth(un, Tickets[ms]["ws_address"], Tickets[ms]["sessionkey"])
+}
+
+http = Net::HTTP.new(uri.host, uri.port)
+request = Net::HTTP::Post.new(uri.request_uri, header)
+request.body = login.to_json
+
+response = http.request(request)
+puts response.body
diff --git a/4.2/kinit.rb b/4.2/kinit.rb
new file mode 100755
index 0000000..aca0fa2
--- /dev/null
+++ b/4.2/kinit.rb
@@ -0,0 +1,36 @@
+#!/usr/bin/env ruby
+
+require 'io/console'
+require 'json'
+require 'net/http'
+require 'openssl'
+require 'uri'
+
+uri = URI.parse("http://localhost:4567/login")
+
+header = {'Content-Type': 'text/json'}
+
+print "Username: "; un = gets.strip
+print "Password: "; pw = STDIN.noecho(&:gets).strip; puts
+
+login = {
+  "username": un
+}
+
+http = Net::HTTP.new(uri.host, uri.port)
+request = Net::HTTP::Post.new(uri.request_uri, header)
+request.body = login.to_json
+
+response = http.request(request)
+eticket = [response.body].pack("H*").unpack("C*").pack("c*")
+
+cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
+cipher.key = Digest::SHA2.digest(pw)
+begin
+  ticket = cipher.update(eticket) + cipher.final
+  File.open(".keytab", ?w) do |f|
+    f.puts "_TGS,#{ticket}"
+  end
+rescue OpenSSL::Cipher::CipherError
+  puts "Invalid password?"
+end
diff --git a/4.2/mail.rb b/4.2/mail.rb
new file mode 100755
index 0000000..f0be986
--- /dev/null
+++ b/4.2/mail.rb
@@ -0,0 +1,45 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+require 'securerandom'
+require 'sinatra'
+
+set :port, 4568
+
+Service = "Mail"
+ServicePassword = "{FvM<kgG}VpHxKJO;6Zo"
+
+def decrypt(obj, key)
+  ticket = [obj].pack("H*").unpack("C*").pack("c*")
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
+  cipher.key = Digest::SHA2.digest(key)
+  cipher.update(ticket) + cipher.final
+end
+
+post '/login' do
+  request.body.rewind
+  data = JSON.parse(request.body.read)
+  next "Invalid request\n" unless data.keys.sort == %w(authenticator ticket username)
+  sk, un, ws, sn, ls, ts = decrypt(data["ticket"], ServicePassword).split(?\0)
+  ls = ls.to_i
+  ts = ts.to_i
+  next "Invalid ticket\n" unless sn == Service
+  next "Invalid ticket\n" unless un == data["username"]
+  next "Invalid ticket\n" unless ws == request.ip
+  next "Invalid ticket\n" unless Time.now.to_i >= ts
+  next "Ticket expired\n" unless Time.now.to_i < (ts + ls)
+
+  begin
+    aun, aws, als, ats = decrypt(data["authenticator"], sk).split(?,)
+    als = als.to_i
+    ats = ats.to_i
+  rescue OpenSSL::Cipher::CipherError
+    next "Invalid session key\n"
+  end
+  next "Invalid authenticator\n" unless aun == un
+  next "Invalid authenticator\n" unless aws == ws
+  next "Invalid authenticator\n" unless Time.now.to_i >= ats
+  next "Authenticator expired\n" unless Time.now.to_i < (ats + als)
+
+  "Login okay! You have no mail.\n"
+end
-- 
cgit v1.2.1