1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
#!/usr/bin/env ruby
require 'net/http'
require 'uri'
require 'json'
def encrypt(obj, key)
cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt
cipher.key = Digest::SHA2.digest(key)
s = cipher.update(obj) + cipher.final
s.unpack('H*')[0].upcase
end
def decrypt(obj, key)
ticket = [obj].pack("H*").unpack("C*").pack("c*")
cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
cipher.key = Digest::SHA2.digest(key)
cipher.update(ticket) + cipher.final
end
def gen_auth(un, ws, sk)
ts = Time.now.to_i
encrypt("#{un},#{ws},120,#{ts}", sk)
end
def get_ticket(un, wsa, tgt, sv, sk)
uri = URI.parse("http://localhost:4567/ticket")
header = {'Content-Type': 'text/json'}
login = {
"username": un,
"ticket": tgt,
"authenticator": gen_auth(un, wsa, sk),
"service": sv
}
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Post.new(uri.request_uri, header)
request.body = login.to_json
response = http.request(request)
response.body
end
def ticket_valid?(ticket)
now = Time.now.to_i
timeStart = ticket["timestamp"]
timeEnd = ticket["timestamp"] + ticket["lifespan"]
now >= timeStart && now < timeEnd
end
def update_keytab!
File.open(".keytab", "w") do |f|
f.puts Tickets.map { |s, p| [
s,
p["sessionkey"],
p["ws_address"],
p["lifespan"],
p["timestamp"],
p["ticket"]
].join(?,) }
end
end
print "Username: "; un = gets.strip
print "Mailserver: "; ms = gets.strip
unless File.exist?(".keytab")
puts "No keytab, please kinit"
exit 1
end
Tickets = File.readlines(".keytab").map { |l|
a = l.strip.split(?,)
[a[0], {
"sessionkey" => a[1],
"ws_address" => a[2],
"lifespan" => a[3].to_i,
"timestamp" => a[4].to_i,
"ticket" => a[5]
}]
}.to_h
unless Tickets.keys.include?(ms) && ticket_valid?(Tickets[ms])
if Tickets.keys.include?("_TGS") && ticket_valid?(Tickets["_TGS"])
eanc, svt = get_ticket(un, Tickets["_TGS"]["ws_address"],
Tickets["_TGS"]["ticket"],
ms, Tickets["_TGS"]["sessionkey"]).split(?,)
anc = decrypt(eanc, Tickets["_TGS"]["sessionkey"]).split(?,)
Tickets[ms] = {
"sessionkey" => anc[0],
"ws_address" => anc[1],
"lifespan" => anc[2].to_i,
"timestamp" => anc[3].to_i,
"ticket" => svt
}
update_keytab!
else
puts "No Ticket Granting Ticket, please kinit"
exit 1
end
end
uri = URI.parse("http://localhost:4568/login")
header = {'Content-Type': 'text/json'}
login = {
"username": un,
"ticket": Tickets[ms]["ticket"],
"authenticator": gen_auth(un, Tickets[ms]["ws_address"], Tickets[ms]["sessionkey"])
}
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Post.new(uri.request_uri, header)
request.body = login.to_json
response = http.request(request)
puts response.body
|
