From 1a4ea186ca0ef109a9acaba93f24e9dba4baf923 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 19 May 2013 23:00:40 +0200 Subject: [PATCH] Consistency fix --- lib/core/enums.py | 1 + lib/core/option.py | 18 +++++++++++------- lib/parse/cmdline.py | 2 +- sqlmap.conf | 2 +- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/lib/core/enums.py b/lib/core/enums.py index 8d9a201ee..52f0ed7df 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -320,3 +320,4 @@ class AUTH_TYPE: BASIC = "basic" DIGEST = "digest" NTLM = "ntlm" + CERT = "cert" diff --git a/lib/core/option.py b/lib/core/option.py index 53b7d82df..77a8bc138 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1095,7 +1095,7 @@ def _setHTTPAuthentication(): if not conf.aType and not conf.aCred and not conf.aCert: return - elif conf.aType and not conf.aCred: + elif conf.aType and not conf.aCred and not conf.aCert: errMsg = "you specified the HTTP authentication type, but " errMsg += "did not provide the credentials" raise SqlmapSyntaxException(errMsg) @@ -1111,18 +1111,22 @@ def _setHTTPAuthentication(): aTypeLower = conf.aType.lower() - if aTypeLower not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM): + if aTypeLower not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.CERT): errMsg = "HTTP authentication type value must be " - errMsg += "Basic, Digest or NTLM" + errMsg += "Basic, Digest, NTLM or Cert" raise SqlmapSyntaxException(errMsg) elif aTypeLower in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST): regExp = "^(.*?):(.*?)$" errMsg = "HTTP %s authentication credentials " % aTypeLower - errMsg += "value must be in format username:password" + errMsg += "value must be in format 'username:password'" elif aTypeLower == AUTH_TYPE.NTLM: regExp = "^(.*\\\\.*):(.*?)$" errMsg = "HTTP NTLM authentication credentials value must " - errMsg += "be in format DOMAIN\username:password" + errMsg += "be in format 'DOMAIN\username:password'" + elif aTypeLower == AUTH_TYPE.CERT: + errMsg = "HTTP Cert authentication require " + errMsg += "usage of option `--auth-cert`" + raise SqlmapSyntaxException(errMsg) aCredRegExp = re.search(regExp, conf.aCred) @@ -1160,7 +1164,7 @@ def _setHTTPAuthentication(): if not aCertRegExp: errMsg = "HTTP authentication certificate option " - errMsg += "must be in format key_file,cert_file" + errMsg += "must be in format 'key_file,cert_file'" raise SqlmapSyntaxException(errMsg) # os.path.expanduser for support of paths with ~ @@ -1169,7 +1173,7 @@ def _setHTTPAuthentication(): for ifile in (key_file, cert_file): if not os.path.exists(ifile): - errMsg = "File '%s' does not exist" % ifile + errMsg = "file '%s' does not exist" % ifile raise SqlmapSyntaxException(errMsg) authHandler = HTTPSCertAuthHandler(key_file, cert_file) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index c803ef261..86235ff48 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -107,7 +107,7 @@ def cmdLineParser(): request.add_option("--auth-type", dest="aType", help="HTTP authentication type " - "(Basic, Digest or NTLM)") + "(Basic, Digest, NTLM or Cert)") request.add_option("--auth-cred", dest="aCred", help="HTTP authentication credentials " diff --git a/sqlmap.conf b/sqlmap.conf index 904b3d22c..f88d4cb15 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -72,7 +72,7 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 # HTTP Authentication type. Useful only if the target URL requires # HTTP Basic, Digest or NTLM authentication and you have such data. -# Valid: Basic, Digest or NTLM +# Valid: Basic, Digest, NTLM or Cert aType = # HTTP authentication credentials. Useful only if the target URL requires