1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
#!/usr/bin/env ruby
require 'openssl'
require 'securerandom'
require 'sinatra'
Users = {
"Athena" => "Passw0rd!"
}
Services = {
"_TGS" => "eiqu@a5ahs8mooqu9Eng",
"Mail" => "{FvM<kgG}VpHxKJO;6Zo"
}
def encrypt(obj, key)
cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt
cipher.key = Digest::SHA2.digest(key)
s = cipher.update(obj) + cipher.final
s.unpack('H*')[0].upcase
end
def decrypt(obj, key)
ticket = [obj].pack("H*").unpack("C*").pack("c*")
cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
cipher.key = Digest::SHA2.digest(key)
cipher.update(ticket) + cipher.final
end
def ticket(username, ws_address, service)
ts = Time.now.to_i
p = [username, ws_address, service, 28800, ts].join(?\0)
s = encrypt(p, Services[service])
"28800:#{ts}:#{s}"
end
def noleak(msg, ul, ws)
puts "Error: #{msg}, returning nonsense to avoid leakage."
ticket(SecureRandom.alphanumeric(ul), ws, SecureRandom.alphanumeric(rand(24) + 8))
end
post '/login' do
request.body.rewind
data = JSON.parse(request.body.read)
next "Invalid request\n" unless data.keys == %w(username)
un = data["username"]
ul = un.length
ws = request.ip
next noleak("Invalid username", ul, ws) unless Users.keys.include?(un)
tgt = ticket(un, ws, "_TGS")
encrypt(tgt, Users[un])
end
post '/ticket' do
request.body.rewind
data = JSON.parse(request.body.read)
next "Invalid request\n" unless data.keys.sort == %w(service ticket username)
un, ws, sn, ls, ts = decrypt(data["ticket"], Services["_TGS"]).split(?\0)
ls = ls.to_i
ts = ts.to_i
next "Invalid ticket\n" unless sn == "_TGS"
next "Invalid ticket\n" unless un == data["username"]
next "Invalid ticket\n" unless ws == request.ip
next "Invalid ticket\n" unless Time.now.to_i >= ts
next "Ticket expired\n" unless Time.now.to_i < (ts + ls)
ticket(un, ws, data["service"])
end
|
